Not really? One of the design goals of MV3 is to reduce the ubiquity of the "Read and change all your data on all websites" permission which shady apps like Refoorest and Karma pretty much always require. The article makes hay of the fact that Karma has pathways available to exfiltrate your data and you have to trust they're handling it responsibly, but in Manifest v2 that was true of basically all ad blockers as well.

In a world where ad blockers and other responsibly written extensions don't expect to proxy all web requests, I think a lot fewer people will grant this permission to a "plant trees for free" extension.

I'm not talking about a fantasy future world but the world we have today.

Chrome Web Store reviewers have been letting malicious extensions slide for years, and Manifest V3 did nothing to change that.

What it changed for me personally is that I'm no longer exposed to such extensions because I don't grant any extension permissions which would allow malicious activity. I'm sure Raymond Hill is right that some functionality couldn't make it to his MV3 adblocker, but whatever it is I'm not missing it.

>some functionality couldn't make it to his MV3 adblocker

One of the things that didn't make it is the entire request control dashboard. No more granular reporting or controls, at all. No more "medium mode" or "hard mode" (blocking unknown domains by default and making exceptions as you go). Sure, if you didn't use it before, you won't miss it.

Yeah I get it, but I think we're talking past each other. You're a knowledgeable user and the new APIs made it possible not to worry about uBlock getting hijacked. I'm an extension developer, and I see an appalling disconnect between what Google says and the reality of Chrome extensions and Chrome Web Store for regular (non-technical) users.