Browser Privacy Controls and the Effectiveness of Ad Blocking Under Chrome Manifest v3
Mozilla is preparing to ship new AI privacy controls in Firefox 148, including a dedicated settings section and a global “kill switch” (Block AI enhancements) intended to disable all current and future browser AI features at once. The change is positioned as a way to reduce unwanted AI prompts and to prevent AI-related data sharing via external processing/API calls; the controls are being tested in Firefox Nightly with feedback solicited via Mozilla’s community channels.
Separately, academic researchers reported that Google Chrome’s Manifest v3 (MV3) extension architecture does not materially degrade ad-blocking and anti-tracking effectiveness compared with Manifest v2 (MV2), based on a study published in Proceedings on Privacy Enhancing Technologies (PoPETs). The work evaluates the practical impact of MV3’s shift away from the blocking (synchronous) chrome.webRequest API toward the more constrained chrome.declarativeNetRequest model, concluding there was no statistically significant reduction in blocking performance and, in some cases, slight improvements in tracker blocking.
Sources
Related Stories
Firefox Adds Centralized Controls and a Kill Switch for Built-in GenAI Features
Mozilla is adding new desktop-browser controls in *Firefox 148* that let users **manage or fully disable built-in generative AI features**, including a single “**Block AI enhancements**” toggle designed to turn off current and future AI capabilities in one action. When enabled, the toggle is intended to suppress AI-related prompts and notifications and prevent exposure of AI features in the UI, addressing privacy and security concerns from users and organizations that want to reduce potential attack surface introduced by AI-driven functionality. The per-feature controls allow users to independently enable/disable specific AI functions, including **page translation**, **automatic alt-text generation for images in PDFs**, **AI-assisted tab grouping**, and **link previews** that summarize destination pages before navigation. Firefox also includes an **AI chatbot sidebar** that can integrate with multiple third-party models/services (e.g., **Anthropic Claude**, **ChatGPT**, **Microsoft Copilot**, **Google Gemini**, and others), with the centralized kill switch providing an organization-friendly way to opt out of these capabilities entirely.
1 months ago
AI Feature Rollouts and Data-Handling Risks in Consumer and Developer Tools
Mozilla said an upcoming *Firefox* release will add centralized controls to disable generative-AI capabilities, including a single **“Block AI enhancements”** toggle intended to prevent current and future AI features (and related prompts) from being enabled in the desktop browser. The controls are expected to allow per-feature management of AI functions such as translations, PDF image alt-text generation, AI-assisted tab grouping, link previews, and sidebar chatbot access. Separately, OpenAI announced product changes around its developer and ChatGPT ecosystems, including a Mac-only *Codex* app positioned as a multi-agent “command center” with sandboxing intended to limit file writes and network access, and plans to retire **GPT-4o** and several other ChatGPT models as usage shifts to **GPT-5.2**. In parallel, a security warning highlighted a report alleging two widely used AI coding assistants were **exfiltrating all ingested code to China**, underscoring the need for enterprise controls over AI developer tools, data residency, and code/IP handling.
1 months ago
Malicious and Privacy-Invasive Chrome Extensions Abusing Permissions for Data Collection and Affiliate Hijacking
New reporting and research highlighted escalating risk from **Chrome browser extensions** that present as AI productivity or shopping tools while collecting excessive data or performing hidden monetization. An Incogni analysis of 442 “AI-branded” Chrome extensions found **more than half** collected user data and nearly a third collected **personally identifiable information (PII)**, based on requested permissions, developer disclosures, and risk scoring; the study flagged widely used tools as among the most invasive. Separately, Socket researchers identified a Chrome extension marketed as *Amazon Ads Blocker* that silently **hijacked affiliate links**, injecting the developer’s tag `10xprofit-20` into Amazon product URLs and replacing existing creator affiliate codes without user awareness. Socket assessed the affiliate-hijacking behavior as part of a broader, likely coordinated ecosystem: at least **29 related extensions** were observed targeting major e-commerce sites (including Amazon, AliExpress, Best Buy, Shopify, and Shein) using shared infrastructure and repeated policy-violating patterns, indicating intentional abuse rather than accidental noncompliance. In contrast, other contemporaneous items focused on broader consumer privacy guidance (e.g., smart TV tracking mitigations) or regulatory investigations into AI image generation on X/*Grok*; while privacy-adjacent, they do not describe the same **Chrome extension abuse** activity and are not directly actionable for extension-risk response beyond general awareness.
1 months ago