[rapind]

I think it's better to implement content blocking outside of the browser (especially considering it's not in the interest of the most popular browser's backing company) and eliminate these types of permissions completely! I.e. Wireguard + DNS adblocker (or w/e you want to block). Not only does it perform better but you aren't leaking data to third-parties, who even if they are noble could be acquired by a less noble entity down the road.

[oefrha]

DNS filtering is a very crude form of content blocking. It’s a supplement, not a replacement. Have a look at uMatrix for an example of heavy machinery. See also CSS-based blockers like Shut Up (or mixed blockers like ABP that include CSS-based rules), which are completely impossible on the network layer.

Also, content blocking is just one example. There are other legit use cases of the all sites permission: Tampermonkey, Stylus, password managers, any kind of web clipper, trivial things like Don’t Fuck with Paste, auto refresh, user agent switcher, etc. The list is endless.

[tyingq]

It's not unlike malware analysis. Heuristics make it better, and you need to be in the DOM for that. There's also handy things like "right click to block".