Yep! Unfortunately its main method (as far as I remember from when I first read the proposal at least, it may do more) is adding preflight requests and headers to opt-in, which works for most cases yet doesn't block behind-the-lines collaborating apps like mentioned in the main article. If there's a listening app (like Meta was caught doing) that's expecting the requests, this doesn't do much to protect you.

EDIT: Looks like it does mention integrating into the permissions system [0], I guess I missed that. Glad they covered that consideration, then!

0: https://wicg.github.io/private-network-access/#integration-p...

Both Firefox [0] and Chrome [1] are working on successors which rely on permissions prompts instead of preflight requests.

[0] https://groups.google.com/a/mozilla.org/g/dev-platform/c/B8o...

[1] https://groups.google.com/a/chromium.org/g/blink-dev/c/CDy8L...