The point is that under offering users the ability to have all network requests altered is not secure. The user needs to authorize it and there are valid reasons to do so, but there are also bad actors, that will misuse that. I am pretty security conscious, but I can’t tell you which extensions have which permissions on which devices I use, between Firefox, chrome, safari on windows 10,11, android, iOS and opensuse. Placing all the responsibility on the user just removes it from where it should be, which is privacy focused code.
The point is that under offering users the ability to have all network requests altered is not secure. The user needs to authorize it and there are valid reasons to do so, but there are also bad actors, that will misuse that. I am pretty security conscious, but I can’t tell you which extensions have which permissions on which devices I use, between Firefox, chrome, safari on windows 10,11, android, iOS and opensuse. Placing all the responsibility on the user just removes it from where it should be, which is privacy focused code.