> They claim that the deprecation is about security
I mean, it kind of obviously is. Giving random extensions downloaded from the internet access to the URLs of every request ever made by the browser is a pretty insane security hole.
My impression is that other browsers (Safari) already removed this kind of API, or never had it in the first place.
As far as I can tell, they're not deprecating the API allowing extensions to snoop, only the piece that lets an extension say "don't process that request until I tell you it's okay". (In the design doc's terms, they're deprecating only the blocking version of webRequest.)
> Giving random extensions downloaded from the internet access to the URLs of every request ever made by the browser is a pretty insane security hole.
The observer APIs will still be enabled in V3 and extensions will still be able to access that list.
There is a valid case to be made that we should rethink the extension security model, but the V3 manifest doesn't address of any of its biggest problems. It's gimping the parts that enable you to block requests, but extensions will still be able to other spy on you the same way they already can today.
I mean, it kind of obviously is. Giving random extensions downloaded from the internet access to the URLs of every request ever made by the browser is a pretty insane security hole.
My impression is that other browsers (Safari) already removed this kind of API, or never had it in the first place.