The only filter list provider is the extension maintainer, so this information should be safe to share. I have not had the time to set up a PoC, but I'm confident that the filter rules are way too powerful.
At the very minimum, the current filter list should be included in the extension package rather than periodically updated from a remote URL. That way the filter list can be audited and must pass a review, without having a negative impact on the effectiveness of the extension, since the filter list does not appear to frequently change.
It has the idea that you can audit a website and only list the allowed parameters there, so that a website search or sorting order or filters can still work.
I built my browser on an allowlist based concept because it seemed too impossible to maintain all bad urls, domains, parameters on the web. Most websites have more tracking than content in them, so I decided on maintaining lists to select the content rather than the ads and trackers.
Of the defaults, I only override "cid, mbid" as blocking those on every site has ended up breaking some.
Not that Google are great at their jobs in that case, but it's something.
So it's not paranoia in this case, it's "we can't have nice things" because of real bad actors.
We do need to decentralize the decision making but the progress toward making the web safer for average folks is good.
Any vulnerability-prone system, will either fade away or end up with a centralized arbiter quite inevitably.
Stop the helicopter computing. People keep saying they want the old Internet back, this is why.
Suppose our single maintainer decided to finally sell the extension, and the person who bought it made it so that all those links hijacked information or exposed you to malware. This would happen in one day without warning. How many people would be saying that was Google's fault for allowing this to happen?
You say people should determine for themselves based on risk, but most users of Chrome extensions are naive when it comes to understanding risk.
They wouldn't be making it about the description being too detailed.
While this may be bad, I think it is merely incidental.
You can probably do this in under 30 seconds, but it's enough of a barrier to keep naive users from doing it.
If Google wants to act like a platform, it should have some form of escalation with the developer to fix issues instead of complete removal without warning.