The web browser has become the universal trusted client. That can be good: users can mostly rely on their browsers to isolate their banking site from the other web sites they visit. It can also be bad for users’ freedom: Facebook can encourage the world to add “Like” buttons everywhere, and suddenly users are being tracked across the web by Facebook IFRAMEs. Web browsers don’t have to send cookies to Facebook in those IFRAMEs, but if they don’t, they will appear to be broken, and so browsers tend to stick to existing standard behaviors.
Browser extensions, or add-ons, can help address this issue. They can modify the behavior of specific web sites by making the browser defend user control and privacy more aggressively: they can block ads, block flash, block cookies for certain domains, add extra links for convenience (i.e. direct links to Flickr’s original resolution), etc.. Browser extensions empower users to actively defend their freedom and privacy, to push back on the more egregious actions of certain web publishers.
Except in the mobile space. Think about the iPhone browser. Apple disallows web browsers other than Safari, and there is no way to create browser extensions for Safari mobile. When you use Safari on an iPhone, you are using a browser that behaves exactly like all other iPhone Safaris, without exception. And that means that, as web publishers discover improved ways to track you, you continue to lose privacy and control over your data as you surf the Web.
This situation is getting worse: the iPad has the same limitations as the iPhone. Technically, other browsers can be installed on Android, but for all intents and purposes, it seems the built-in browser is the dominant one. Simplified computing is the norm, with single isolated applications, never applications that can modify the behavior of other applications. Thus, no browser extensions, and only one way to surf the web.
Who needs trusted computing and remote software attestation when we’re all using curated devices that, by policy and/or convenience, run only one standard, unmodified web browser?
As computing moves to the web, the Web Browser becomes the operating system, and users need ways to tweak the operating system’s behavior, or web publishers will gain far too much power. We need browser extensions. We need them to be super easy to install, like Google Chrome extensions. We need them to have extensive power to modify browser behavior, like Firefox extensions. We need them to work on mobile platforms, now.
Browser extensions used to be fun little hacks. They’ll soon be necessary to maintain a balance of power between users and publishers on the Web.
(There’s a rumor going around that Apple is about to introduce an extension framework for Safari. Whether or not this extension framework is compatible with the iPhone/iPad will be a big deal, in my opinion.)