So is Manifest v2 ad blocking and plenty of people are screaming about killing that one.
For a proper HN technical-solutions-only response, have the rewrite functionality reside in a WASM module cached locally and run in the browser, with a transparency ledger proving everyone sees the same WASM modules. This way any MitM attempts by the service are reproducible and undeniable.
v2 is not a MitM concern (but it is a malicious code concern). Before quibbling about this consider that if v2 qualifies as a MitM concern then pretty much every other piece of software also does. That isn't in keeping with the spirit of the term.
The outrage is threefold, because there is no viable alternative, because it infantilizes users, trampling their agency, and because it clearly serves corporate interests at the expense of the user.
As to your proposed solution - the rewriting needs to happen on a separate device in order to avoid pushing extra data across the network. If you're already self hosting that service then there's no need for a transparency ledger.
So is Manifest v2 ad blocking and plenty of people are screaming about killing that one.
For a proper HN technical-solutions-only response, have the rewrite functionality reside in a WASM module cached locally and run in the browser, with a transparency ledger proving everyone sees the same WASM modules. This way any MitM attempts by the service are reproducible and undeniable.
v2 is not a MitM concern (but it is a malicious code concern). Before quibbling about this consider that if v2 qualifies as a MitM concern then pretty much every other piece of software also does. That isn't in keeping with the spirit of the term.
The outrage is threefold, because there is no viable alternative, because it infantilizes users, trampling their agency, and because it clearly serves corporate interests at the expense of the user.
As to your proposed solution - the rewriting needs to happen on a separate device in order to avoid pushing extra data across the network. If you're already self hosting that service then there's no need for a transparency ledger.
It's auto updating JavaScript maintained by some unknown that can rewrite html on any page, how is that not an MitM risk?
The html itself is rarely a lot of data, most things in this space remove or resize images etc.