The browser itself might be pretty much okay, but the extensions are where the terrible code is.

More: https://lcamtuf.substack.com/p/the-asymmetry-of-nudges

> In reality, Manifest V3 was meant to solve a real problem — and to do so for the right reasons. I know this because about eight years ago, we set out to conduct a survey of the privacy practices of popular browsers extensions. We were appalled by what we uncovered. From antivirus to “privacy” tools, a considerable number of extensions hoovered up data for no discernible reason. Some went as far as sending all the URLs visited by the user — including encrypted traffic — to endpoints served over plain text. Even for well-behaved extensions, their popularity, coupled with excessive permissions, opened the doors for abuse. The compromise of a single consumer account could have given the bad guys access to the digital lives of untold millions of users — exposing their banking, email, and more.

Maybe they could have avoided controversy by grandfathering in a few popular extensions and watching them closely?

Every bad thing has to have some nominal selling point as the way to get everyone to take it.

mv3 sales pitch is to remove the ability for plugins to harm users.

It does do that, but:

1: Only by also removing plugins ability to help users

2: and giving google themselves and anyone else google approves of (entities who pay google or who have other influence like government) the very same ability to work against the user that they took away from anyone else. ie they control the entire browser let alone a plugin. They literally control what you can even see at all. You search and they choose whether something is in the results. You search with not-google and they still control if the dns resolves anything. You use other dns and they still control if the ssl is valid, which it doesn't matter if 11 techies know how to overcome all that, they still controlled what 7 billion people saw, and thus what they were allowed to even think, minus a handful of impervious super geniuses like you and me.

3: There are infinite possible ways to address the supposed problem of harmful plugins, just as there are infinite possible ways to attack any problem. Even if one decides to agree that it was necessary to do something about the problem, it was not necessary to do this about the problem.

There used to be a theory that apparently doesn't exist any more, about the appearance of impropriety. The idea goes that in any situation where someone has power over another, especially over the public at large, like a judge or a politician etc, where everyone has to simply trust that they are acting with integrity, that in fact no they don't have to simply trust. The appearance of impropriety is damning enough all by itself. Since no one can prove what someone was thinking, and the position carries enough responsibility and consequence, then the office holder doesn't get to say "it just looks like I awarded this contract to my brother because he's my brother, that's just a coincidense" That might be true in the absolute term like in physics where technically anything is literally possible. But since there is no way to disprove it, and the bad effects are bad enough, we don't have to prove it. The appearance of impropriety is enough, because anyone holding a position like that also already knows that they have a responsibility to act with integrity and not allow any possible question about that. They already know that they can't just give a contract to a family member. And so doing it anyway and expecting to be able to excuse it, is it's own form of impropriety regardless what quality work the brother will do or what the alternatives were.

Google removing utility from the user and granting it to themselves is way way more than merely "the appearance of impropriety".

It doesn't matter what harms some plugins have done.