My recent changes towards more privacy friendlier life

Well, it does by a large degree.

With Mv3, Libredirect would not see any URL at all. Libredirect provides a set of rules to the browser. The browser handles it. Similar to how Predirect works which is built on Mv3.

Currently, it monitors requests and manually does everything as I said earlier.

The extensive permissions is mostly for convenient features. If you are user who values strict security and has trust on permissionless model. Go for predirect.

Libredirect is meant for convenience of the users. So, it will need some permissions that allows delivery of those features.

Essentially it is based on trust placed by the users on the developer despite being open-source.

When moving to Mv3, for embeds, a tooltip will be placed for explanation and additional permission granted by the user, (i.e. Optional) and not declared as required permission on install itself.

It will still require “Access your data for all websites” because the extension will need to inject a script that replace the embed URL. Nothing much. So, when user loads a website embeds are redirected automatically.

If the user don’t like that permission. You can invoke a shortcut key that initiates the extension to replace embeds on a per-site + per-input basis without permission at all via permissionless model.

Same goes for Copy Raw which uses all_urls permission, it could be disabled if permission is declared optional and enabled by the user itself

What could be done to improve is having a better on-boarding experience that explains what is what and make the user configure as per their needs along with a default option where it is configured optimally for the majority of the users.

After porting, I or other plan to extensively document permission system and use cases. So the user understands.

But it will take a long time, some years for sure. Both Mv2 and Mv3 will co-exist like uBO and uBO lite. That is all. If Mv2 and Mv3 gets feature parity. Maybe then Mv2 will be sunsetted.

So basically, it will be trustless/permissionless system and permissions are requested via controls that user understands and allows as needed.

From a user standpoint of view, Mv3 is good as it creates a balance of permissions and revokes access an extension could have and gives user privacy & security. But from a developer point of view, it would be either nightmare or difficult. But not impossible.

Mv2 was like painting in the flat ground with no boundaries. Mv3 is like painting a sheet of paper you are given.

The FAQ about Mv3 was written before Mv3 was fully adopted. So it could be errors or true based on how the Mv3 port of the extension turns out to be.

Forget to say this, the reason embeds are disabled by default is that. Certain sites have strict CORS which block the replaced embeds from loading at all. That is also one of the main reasons that embeds are disabled. We don’t want users to have a negative experience while browsing.

Only YouTube embeds works fine that too if the site allows it. If it blocks other domains via CORS. That’s it. Nothing else works. Nitter can be replaced but the instance disabled it or the project didn’t fix it after X rebrand. There aren’t much embeds at all apart from these. Imgur, I don’t even know. Need to test.

Sorry for the long message.