I'm being serious. It's been a long time since I've developed a Chrome extension so I don't follow them, but it seems to be me that is a good start but there are many areas where Chrome (and other browsers) could go even more fine-grained.
I'm not sure why it's unpopular here (perhaps its implementation vs concept?), but it seems to me that with the realities of malware constantly being distributed through extensions in addition to the obvious privacy issues, that many reasonable people would wish to see this evolution.
Personally I use almost zero browser extensions because of these issues.
So if that’s true, then they’re not doing as I suggested: take a fine-grained approach to the top 500 extensions (including adblocking) to make it possible to create them without having full read/write dom + networking. I believe the content blocking APIs in Safari are a great start and could be taken so much further.
Not at all! Webpages can still do as they like. That’s general purpose!
We’re talking about extensions distributed on a store that often end up with malware. I’m not even necessarily advocating for them to remove the ability to anything they wish (yet)... but let the browser catch up to already do what these extensions want in a more secure way. What’s wrong with that?
> Webpages can still do as they like. That’s general purpose!
That's general-purpose for the third party. Not for the user! This is the whole thing the "war on general-purpose computing" is about - whether the software serves the user, or whether it serves its creator and third parties it trusts.
> let the browser catch up to already do what these extensions want in a more secure way. What’s wrong with that?
There's nothing wrong with that per se. I have the problem with the part involving removing user's ability to arbitrarily alter the behavior of a website.
It instead proposed a very hobbled alternative.