Dear Chrome Devs
Please do not remove the functionality required for TamperMonkey to operate.
While I am fully in favour of making web browsing more secure in its default state, TamperMonkey is an important and easy to use tool for those looking to modify and automate websites to fit their needs, and this ability to extend the web should not be removed.
As an example, I play a game developed by Niantic, called Ingress (the precursor to Pokemon Go). Niantic puts very little resource into the Ingress 'Intel' website (a realtime global map of the game board), so over 5+ years, the community has built up hundreds of TamperMonkey scripts, both public and private, dedicated to improving the Intel website experience. These scripts transform the stock website into an something powerful enough to manage real-time competitive events (
https://ingress.com/events), with dozens of Intel 'operators' coordinating in excess of 2000 players on the ground. All of this is 100% community driven, and without TamperMonkey as a platform for these scripts, these events would likely cease to be viable.
It is not feasible to package every script as an individual extension, due to the cost involved, the rapid timescale for changes to be pushed out, the interdependency and data sharing between scripts, the numerous script authors, and the requirement for some scripts to be private (script source dynamically loaded after a bootstrapper checks credentials etc).
What would be a reasonable compromise, in my view, would be to add a new permission that extensions such as TamperMonkey can require, eg 'Allows remotely hosted code'.
At install time, it should displayed prominently, with enough info to dissuade users who aren't specifically after such functionality, while allowing users who do require it, to continue to having it.
Regards
Kris