Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Google Begins Testing Extension Manifest V3 in Chrome Canary (bleepingcomputer.com)
521 points by rahuldottech on Nov 11, 2019 | hide | past | favorite | 436 comments


This is not as terrifying to me as the other news brought to my attention by a post in today's Reddit's r/YSK, that if you use Adblock, your gmail can be closed.

In the new TOS of Youtube [1], it states that if your account is not deemed commercially viable, your Google account (i.e. your Gmail, your Google Photos, your Google Drive, etc.) can be closed down:

    YouTube may terminate your access, or your Google 
    account’s access to all or part of the Service if YouTube
    believes, in its sole discretion, that provision of the 
    Service to you is no longer commercially viable. 

Makes sense they would make this decision, as Youtube is a big money-loser for Google and they want to do something about this. Still, this is more of a wake-up call to me than anything else that I need to get off Google.

[1]: https://www.youtube.com/t/terms?preview=20191210#main&


> Terminations and Suspensions by YouTube for Cause

> YouTube may suspend or terminate your access, your Google account, or your Google account’s access to all or part of the Service if (a) you materially or repeatedly breach this Agreement; (b) we are required to do so to comply with a legal requirement or a court order; or (c) we believe there has been conduct that creates (or could create) liability or harm to any user, other third party, YouTube or our Affiliates

https://www.youtube.com/t/terms?preview=20191210

Edit: just to be cristal clear, yes, YouTube can terminate your Google account


> YouTube may terminate your access, or your Google account’s access to all or part of the Service if YouTube believes, in its sole discretion, that provision of the Service to you is no longer commercially viable.


just one more reason i continue to recommend that youtube is greatly improved by signing out. none of the signin-walled "features" are worth it anyway. comments are a banal wasteland, votes mean nothing for creator visibility, subscribing doesn't mean you'll see new videos when they're released, algorithm-driven recommendations actively harm diverse content discoverability...


I don't even visit the YouTube site that often anymore. I've set up a script to use youtube-dl to download new videos from channels I like on a daily basis.


that's an excellent option, but make sure you aren't logged into your gmail on that same computer. Your script shouldn't access the cookies of the browser, but if somehow they are able to, they will disable your gmail account when they realize you are watching from the same IP with a headless script that can't watch ads.


Youtube-dl saved my youtube experience, as I have many playlists that have actually gotten entries deleted somehow, and I had then no recourse into recovering my playlist (often the uploader or another youtube denizen just re-uploads it, but I lost all information about the video).


Can you share any more information or the source of your script? Sounds like a pretty cool idea.


It's actually really simple! Here's an example:

youtube-dl --dateafter now-7days --playlist-end 10 --download-archive '/path/to/folder/downloaded.txt' -o '/path/to/folder/%(title)s.%(ext)s' -- 'https://www.youtube.com/channel/UCYO_jab_esuFRV4b17AJtAw'

You can play around with the parameters to get the behavior you want (there are tons more than I don't use), I kept it pretty simple. In my case it checks the channel page for videos that are newer than 7 days (it runs daily but this gives me a buffer). If there are more than 10 videos newer than 7 days it only checks the first 10. It stores previously downloaded video information in downloaded.txt so it doesn't download duplicate videos, and outputs the video in the format videoName.ext.

Then throw that into a shell script along with any other channels you want and set up a cron job to run it as often as you'd like. You'll also probably want to put 'youtube-dl -U' into a cron job to keep it up to date, YouTube frequently changes things that breaks functionality of youtube-dl.


Your comment inspired a quick and dirty implementation of this.

It's on my github[1] if anyone wants to take a look. I don't use bash often, so if anyone sees better ways to do things I'm all ears.

[1] https://github.com/kiddico/Fight_the_Man


I never thought to set up something like this, but it's a fantastic idea!

Now... this may seem like a silly question: What does the '--' do before the channel url? I know '--' is normally used for parameters longer than one character, but that one is kinda just floating about haha.


Putting "--" as an argument means that future arguments starting with "-" will not be parsed as arguments (imagine trying to rm a file called "-rf" or grep for "-"). But it just so happens that it's not necessary in this case.


Ohhhhh okay, that makes sense. Thanks!


Looks like a mistake on my part, I was probably playing around with another parameter and forgot to remove it completely. It runs fine with it there so I never noticed it but it isn't needed.


Curious, why not just use invidio.us?


Where does it say your gmail can be closed. The terms listed only say they can terminate your account access to the service, aka Youtube.


When they close your YouTube account, they close the associated account on the Google side of things


I actually found it mentioned in a different paragraph. It explicitly states your Google account.

You can have your YouTube account shut down and still have an email account


The thing with markiplier a few days ago says otherwise


I don't know what a markiplier is, I am just reading the actual changes on the YouTube terms website.

  Terminations and Suspensions by YouTube for Cause

  YouTube may suspend or terminate your access, _your Google account_ , or your Google account’s access to all or part of the Service if 
  (a) you materially or repeatedly breach this Agreement; 
  (b) we are required to do so to comply with a legal requirement or a court order; or 
  (c) we believe there has been conduct that creates (or could create) liability or harm to any user, other third party, YouTube or our Affiliates.
I tend to believe YouTube wouldn't put it in if they didn't mean it.



Just because they can terminate a Google account doesn't mean they have too... I do not understand what point you are trying to make


Your original comment asks where it says they can terminate your Gmail account. I was responding to that. There are dozens (hundreds?) of documented cases of Google banning the associated Google account when they ban the YouTube account.

Yes, just because they can, doesn’t mean they have to, but they do it anyways.


I think we agree and one of us just got confused on the way? I know they have done that for youtube accounts; developer accounts too.

They are now at least making it much more obvious


I find that very worryingly vague. In my reading though, that only applies to YouTube itself ("the Service"). It seems to be saying that your Google account can lose access to YouTube, not that you can lose access to your Google account.


It's recently been proven that the two are one in the same (look up the "Markplier YouTube Ban").


Wow. That is some heavy-handed, misguided "justice" there. Banning people's Google (including GMail) accounts, even rejecting appeals, only for using emotes the way it was requested and encouraged by the streamer they were commenting on.

The thing that was apparently against unspoken Youtube policy here was this kind of interactive, emote-driven streaming. But I get the impression Markiplier didn't get banned, only their fans.

It's bizarre and alarming.


*Markiplier


Maybe, but maybe not. There was another recent YouTube controversy where dozens of people were banned from all google services (including Gmail) for spamming on a gaming livestream chat (which is considered perfectly acceptable behavior by most streamers).


Losing access to ALL Google services happens because of abuse signals. I don't know of any other instances where global bans happen.


Abuse signals, as determined by a machine learning system that is a complete mystery to even its creators.

But that's beside the point. Losing the ability to receive email is not something that should ever happen under any circumstances.


I think it depends on how "the Service" is defined. As "Service" is capitalized, it is likely defined in the TOS, and may only apply to Youtube (not Google as a whole). So I believe you (and the redditor) are reading that passage incorrectly.

(IANAL, and I have no clue if what I said is right).


I've been struggling with this myself. But extrapolating from news that some Youtubers who got banned also found their Google accounts (i.e. Gmail, Drive, etc.) closed, (someone up above just commented on this), I feel I must err on the side of caution. I mean, what do you then make of this haphazard interpretation of 'Service'?

p.s., not to be snarky, but you ought to add a disclaimer that you're a Googler in your comment!


Yup,thanks for calling it out. I'm Googler, opinions are my own (and I have no idea about how youtube operates).


There's the theoretical legal interpretation, and then there's the precedent for how google have traditionally enforced their rules. And they have been absolutely ruthless. Banning your family and everyone who ever logged in from the same IP as you. Deleting corporate Play Store accounts if one of the developers was banned in the past. It's all done automatically, and there is no way to appeal.


I don’t sign in to any of their web properties ever. I do have a Google account for Gmail, but I only use it from my various mail clients.

They probably know who I am though when I browse “anonymously”. Am I at risk?


> YouTube is a big money-loser for Google

Source?


I have AdBlocker for YouTube in Firefox on desktop, but I use the app on mobile, which shows me ads normally, so I guess I’m fine?


Unfortunately nobody knows, and you have little to no recourse if they ban you :(

It's insane to me that Google has gotten so hostile, they place little to no value on individual accounts, meanwhile those accounts are the lifeline of so many individuals and businesses.


This makes me want to ditch gmail to prevent accidentally getting my account closed, say for using Youtube while I have Adblock installed in my browser. I do have personal email on a domain I own, but it will be a lot of work to update my e-mail address with each service.


I want to ditch Gmail/Google as well but I am so entrenched into Android that I'm torn. I don't want to rely on third party ROMs that I need to root and install on my phone. I want the latest AOSP security updates, that's why I choose to buy the Pixel line of phones (looking into Android One phones as well). Also how do I keep my contacts synced between devices. What's a good replacement for Google Photos that gives me the same features. I'm sure people have figured this out already somewhere


This is exactly my problem as well. I think the best bet is to partially move off. Setup backups with other systems. For email, have all emails forward to a backup Yahoo account or something. You don't have to check it, but just have it in case Google screws you.


Yeah that's what I'm going to have to do as well. I think the most important (for me) is changing my email to another service (looking at Fastmail) and then slowly changing all my logins to that one. Backing up my contacts on a regular basis and importing them to the new service. And moving any important stuff off Google Drive. I'll probably still use docs and sheets but for things that I don't care if I lose. And finally, Google Photos will be the hardest one to leave. I have so much in there


And that's how it works. If you want to be able to use all the cool stuff that Google creates, you have to submit to their business model and play by their rules.


It took me about a year before I stopped getting any legitimate email at my gmail address. Start changing everything you can to your new email address at a domain that you own, and start forwarding your gmail to it. Every time a legitimate message comes in to your old gmail address, tell that person about your new email address, or update your email address with that service.


Fortunately, for privacy-conscious people this is not a huge problem as we're usually running Google apps in a separate workspace already. It sure is a problem for mobile users though as ads in general are a huge battery drain.


My confession as a privacy-conscious person: yeah, YouTube is the only Google service that I (reluctantly) use. I even pay cash money for it in exchange for no advertising.

However, I only use it on a single tablet that is devoted exclusively to that purpose. As with all Google services, I wouldn't dare to actually use it on a machine that I use for anything else.


So if you want to use ad-blockers, I guess it's important to use Youtube only while not logged in. Keep your GMail and Youtube use independent from each other.


Hopefully that's just saying they have the right to shut down YouTube altogether, rather than denying specific individuals. But I'm not fluent enough in Legalese to be sure about that.


The biggest advertising company in history tries to kill blocking advertisements in their browser? How am I not surprised.

I bet this move is also to kill the workings of extensions like DecentralEyes and others that try to protect users from being tracked. The whole changing of the API into a "sure we'll block that URL for ya, sometimes maybe" model reeks of increasing user tracking. They'll work out the kinks to let AdBlockers function again. But they'll have their tracking back.


Would anyone like to make a bet on whether ad blocking will still work in Chrome in two years? Something like "if you visit the top ten publishers in the US in Chrome Desktop with the best ad blocker will you see more ads than if you use Firefox Desktop with the best ad blocker"?

(Disclosure: I work at Google, not on Chrome, and don't have any inside information on this)


Vanilla ad blocking will continue to work because companies that participate in Acceptable Ads [1] will be happy to implement restricted ad blocking, such as Eyeo with Adblock Plus, while advanced and effective ad blocking that is not funded by advertising companies, like what uBlock Origin offers, will become impossible in Chrome.

Meanwhile a bunch of unrelated extensions will be killed, the ones that rely on modifying requests and which have nothing to do with ad blocking. Innovation around extensions that involves modifying requests will be halted, and everyone will suffer as a result, except Google.

Crooks will have continued and easy access to user data, since Manifest v3 is not focused on protecting user privacy.

I can bet on that.

[1] https://acceptableads.com/en/


The "acceptable ad" program is pointless, as it doesn't consider tracking to be "unacceptable".


Sure, I've been trying to make more tangible predictions about the future lately. I don't bet money, but if I'm wrong, you can come find me online and publicly tell me I'm wrong.

I will make a public prediction that after one year of Manifest V3 actually shipping to users in mainline Chrome:

- Assuming that Manifest V3's declarative API is not significantly changed from its current implementation.

- If you visit each of the top 10 publishers in the US (including open publishing platforms like Twitter/Facebook/Youtube)

- If you compare Chrome and Firefox, each with the most-recommended ad-blocking/tracker-blocking extensions on their equivalent web stores installed (currently Ublock Origin, but we'll leave it open. "Most recommended" means that among technical users, this extension is the most commonly recommended. There's a little ambiguity here, but not sure how to narrow it.).

- Firefox will block more web trackers (65% likelyhood).

- Firefox will block more visible ads and popups (55% likelyhood).

There are a couple of reasons why I feel comfortable making those two predictions:

- Twitter and Facebook both try really hard to get around adblockers, and Firefox will be more likely to be able to combat their strategies in the future.

- Extensions like Privacy Badger will already have a more difficult time working in Manifest V3, so there's potential for new adblocking strategies to develop in Firefox that can't be ported.

- Safari made similar changes, and it's already less effective than Firefox at adblocking, so it seems reasonable to guess that Chrome will follow the same path.

- Properly configured, Firefox is already better than Chrome at blocking web-trackers, and I think Firefox will roll those changes out by default to ordinary users before Chrome does.

There are a few reasons why I'm hedging my bets:

- The advertising market is volatile, and might change significantly in the next year (privacy laws, etc...) This is unlikely, but not so unlikely that I can completely discount it.

- Chrome has research teams working on some interesting privacy strategies. I think it's mostly just talk and they won't do much of significance in a year, but I can't completely discount it.

- A mass exodus to Firefox could force Chrome to adapt Manifest V3 to be more open. This is also unlikely, but again, I can't completely discount it.

- And just general uncertainty, because the longer out you predict the more uncertainty you should introduce.

55% and 65% seem like very low numbers, but I think they're a relatively bold prediction. If Firefox and Chrome are blocking basically identical numbers of trackers/ads, that doesn't count as a successful prediction. I'm not going to be pedantic about, "Chrome randomly saw one more ad on exactly one website." Right now, I consider Chrome and Firefox to be equal in terms of adblocking capabilities. So even a 50% guess would be saying, "there's a one-in-two chance that something changes and Firefox will just be an objectively better browser for adblocking."


Thanks for giving so much detail about what you expect! This seems pretty hard to formalize a bet about, though, since the core disagreement is over "Firefox will block more visible ads and popups" which you'd put at 55% and I'd put at ~50%.


I want to stress that I think 50% is high here, because the default state is that most browsers do basically the same amount of stuff.

If you asked me to make a bet on whether Firefox would be meaningfully better than Chrome on, like, SSL support, I would give that a pretty low probability -- maybe 10% off the top of my head. Because I expect that a year from now nothing drastic is going to happen that would magically make either browser be different from each other on that front.

It's not 50% "one of the two things will happen, flip a coin", it's 50% "we will see a meaningful change from the status quo."


They are not trying to kill advertisements. They want to replace API to provide better performance. That's about it. ad blocking extensions won't disappear. May be some will, and new extensions emerge.


> They want to replace API to provide better performance.

The replacement API is incompatible with what it is replacing. The supposed gain in performance is not without loss in ability to block ads.

> ad blocking extensions won't disappear. May be some will, and new extensions emerge.

Some kinds of ad-blocking is simply impossible in the new API, without replacement or workaround. No extension can implement those methods.


Incidentally these new declarative rulesets are useless against some very simple tricks. I know people who are working full time on defeating ad blockers and the new Manifest v3 seems to have made their lives so much easier.


this change is intended to move control over the blocking process from the extension author to Google

once they're in total control of how the blockers can operate: I doubt they'll be responsive to what the developers of the blocking extensions want...


If performance was the criteria by which they made decisions then they would probably bake ad-blocking directly into chrome, since ads/tracking is one of the leading reasons for poor performance


By that reasoning Microsoft didn't prevent others from writing .doc-compatible word processors either - they just defined the format as basically a memory dump of Word :)

This is how a company implements measures that could be a legal problem: By formally making a technical decision and having the actual goal as a by-product of that decision.


> By that reasoning Microsoft didn't prevent others from writing .doc-compatible word processors either - they just defined the format as basically a memory dump of Word :)

It's funny because for years MS kept officially supported, feature complete, portable format for use in interchange, while DOC being shared was kinda unintended consequence that just wasn't fought against.

The very requirements of the original DOC spec required it to be a memory dump.


They didn't need to replace the current API, adding a new API would have sufficed. If it was truly better, the major addons would have transitioned it voluntarily. No need to force it.


> They are not trying to kill advertisements. They want to replace API to provide better performance.

So they say. I see literally no reason to believe that claim, though.


Apple did similar move with Safari. And they are not ad company. So probably it is the valid reason.


Apple has a bit more credibility than Google, too.


They are killing the functionality that has supported robust adblocking for a long, long time. Any extensions that replace the current model will be less effective.


This of course. Why is anyone in the least surprised that Google doesn't want the ads that fund Chrome (and everything else they do) to be blocked by the users of Chrome. Shall Google fund our nice things (like Firefox, Chrome, gmail, google maps, etc etc) with hopes and dreams in place of cold hard cash? The audacity.

Clearly an unpopular opinion here, but anyway: I'm happy to let a few ads slip through (which I will happily ignore anyhow) in exchange for the possibility of a future where I dont have to drive a car to get places.


It's not either/or, just like you can have a factory making cheap widgets without letting that factory pollute the local river with industrial waste.

Ads are funding the Internet only because it's the easiest legal business model to pull off, so everyone gravitated to it. But it's not like there wouldn't be money for self-driving cars without adtech, and in reality, them being tied with advertising companies only ensures that the future will be shitty.


To add to this, ads are currently the best way to collect micropayments from users online without requiring you (the website maintainer) to have a database or profile on each customer, or to handle complicated return processes, or to deal with merchant accounts. You just make an adwords account, serve content to people, and that's it.

I'm convinced that in a world where collecting anonymous micropayments was as easy as serving ads, the web would look at lot different.

People look at this as a choice between paying $5 a month for every website they visit, or getting it "free" with ads. But in a world with good micropayments, most websites wouldn't cost $5. Outside of the biggest players, most sites aren't currently making $5 a month per user via ads.


> I'm happy to let a few ads slip through ...

But should that mean letting the fox guard the henhouse though? The problem here is that the largest ad provider also controls the largest ad display platform (i.e., Chrome), and is using the latter to benefit the former.


Ironically, developers helped create the henhouse they’re now worried the fox might get, by only using Chrome.


I'm in the process of switching as much as possible to Firefox. I now use Firefox Mobile on my smartphone, and my new laptop doesn't even get Chrome. And in many ways, it's been a breath of fresh air. Firefox gives my much more control over my privacy, and even recommends some extensions to improve it further. A couple of websites are sadly broken on my Firefox setup, but I can live without them.

I want to get back to the content-driven web rather than this ad-driven web we have now. I want to read what people want to share, not what people think will get them ad clicks.


> I want to read what people want to share, not what people think will get them ad clicks.

Interesting thought.


Why not something like Brave which has the performance of Chromium (still better than Firefox imo) because it's a fork but probably won't make similar business decisions to Google?


Isn't Google introducing this change upstream in Chromium? This means that it will affect downstream browsers, including Chrome, Edge, Brave, Vivaldi, Opera, and a number of others[1]. The only way they will keep the old functionality is if they fork it and maintain it themselves going forward, which could potentially be made more difficult by further upstream changes made by Google. A few have vowed to do so[2], but Google has too much power controlling the upstream to guarantee they can continue it long-term.

Google has a stranglehold on the entire browser market through Chromium right now. Switching to non-Chromium-based browsers is a must.

1: https://en.wikipedia.org/wiki/Chromium_(web_browser)#Browser... 2: https://www.zdnet.com/article/opera-brave-vivaldi-to-ignore-...


What I want to know is whether Microsoft plans to continue to support Ublock Origin, etc, in Edge Chromium.


All Chromium "based" browsers are forks already -- how is this any different?


They’re less so forks than re-builds. They rely heavily on upstream and Google can certainly make it more difficult for them to maintain a “fork” that diverges too much from Chromium proper. Manifest V3 may be something they can easily keep out of their builds while maintaining the old method, but I’m no expert so I won’t comment on that.

A fork implies maintaining most or all of the code base themselves, when in reality, most Chromium derivatives simply change the “front-end” or the UI while keeping everything else upstream, except for a few tweaks here and there. To maintain an entire fork themselves would be a massive undertaking, especially since Google now has a practical stronghold on the development of the open web. “Forks” would have to ensure they work with the standards (and non-standards) that are being pushed by Chromium and there’s no easy way to do that besides using Chromium and “re-building” it with their broswer’s specific features and UI. Google could make Manifest V3 harder to exclude from those re-builds.

It’s this very reason that Microsoft moved to Chromium as they could not keep up with the changes Chromium were pushing to the open web. They have also made it very clear that they’re not “forking” Chromium for the new Edge, but rather using it as their “back-end” so they can focus on their “front-end” while contributing back upstream to improve the back-end. Too much of a divergence would land them back to square one with the issues they had keeping up with old Edge.

If a company the size of Microsoft are unable to maintain a “fork” of Chromium, it doesn’t leave much hope for the smaller companies like Brave, Vivaldi, Opera, etc. However, that does not mean that they are unable to exclude the Manifest V3 from their builds, just that they’re still beholden to the changes made to Chromium to some degree.


> If a company the size of Microsoft are unable to maintain a “fork” of Chromium

Microsoft is entirely able to maintain a fork of Chromium, or even their own proprietary browser.

What Microsoft has done is a cost/benefit calculation and decided that the benefit for maintaining their own stuff is not sufficient to justify the costs.

The thing about those types of analyses is that they are very company-dependent. That the C/B ratio is not good enough for Microsoft doesn't imply that it can't be good enough for other companies.


That was a poor choice of words on my part. Rather I meant, they themselves stated it was not feasible for them to keep up using EdgeHTML and they could not. The same may be true if they were to completely fork Chromium and maintain their own version (ala Blink from WebKit) while keeping up with the changes made by Chromium that in turn propagate to the entire open web due to its dominance. It’s the reason they moved to Chromium and contribute back upstream rather than “fork” it.


It doesn't have to be a complete fork. In git terms, it can be a branch that pulls from Google, but reverts the commits that disable this functionality. Write some extra unit tests to ensure this functionality is still active, and after that, every time Google pushes something that breaks it, tests will fail and you can fix what they broke. Other than that, you can just keep pulling all the changes from Google.


>have also made it very clear that they’re not “forking” Chromium for the new Edge, but rather using it as their “back-end”

I would love a citation for that.


Not including Manifest V3 in their builds hardly seems like a change that makes maintaining a fork untenable. That's what, a one-line change?


Because they will probably follow Chromium and remove ad blocking once the pain of forking is too great.


It's one of their central features, so probably not.


We will support webRequest for uBO and uMatrix at least, I've already said so on Twitter and Reddit. The API is available to enterprise Chrome customers, it's being hidden not removed.



In case anyone cares about the facts that can be confirmed from our github: our enabling tips to unverified creators mistake was corrected quickly, and the tokens in question were ours, not the users who directed their flow (this matters because we do not intermediate in token flows; our partner Uphold, a licensed MSB, does).


I like how Peter Thiel, the guy who scorched earth Gawker for outing him as gay, can look past Eich supporting prop 8, but HN can't.


By the same logic you could use Microsoft Edge, which is now chromium based and effectively a chrome shell.


Very true, but I think I trust Brave more than I trust Microsoft to try to keep the internet neutral as such.


> I want to get back to the content-driven web rather than this ad-driven web we have now.

Are you prepared to pay for it?


As much as I did back when we had it.

Many people love sharing stuff. The move to this ad-driven web happened because companies saw they could make money here. I'm totally fine with companies not making money and the web being driven by scientists and hobbyists.


Are you under the impression that the people creating the web content of the 90s and 00s were being paid for it?


> Are you prepared to pay for it?

Sure. We're all paying for it anyway -- the only question is what currency we're paying with. I'd much prefer the currency be cash rather than data.


I have no ads or tracking on my website and provide code and projects, I just enjoy sharing things so other people can learn or get benefit out of what I've created.

I remember early 2000's, late 1990's internet...it was truly better times. Simplicity ruled, content ruled, not design solely around selling clicks.


Back in the IE 6 days I was in charge of fixing my families computers, and my family's friends computers. I was dealing with a few things a week, some requiring a full re-install. This was back in the early 2000's. Eventually I snapped and started charging hourly unless people switched to Gmail and Firefox. I started getting a lot less calls since Gmail was pretty good about filtering out malicious attachments and IE was, IE. I probably got around 40 households to switch to Firefox. The people that refused to switch financed a lot of my undergrad, I charged 100 a hour. I don't like fixing computers and the goal was to make things as painful as possible for them so they would stop using IE.

Using a ad-blocker in Firefox was the #1 thing I suggested for safe computing. And don't open unexpected email attachments. This killed 95% of peoples computer woes.

So good job Google, you did it, from here on out whenever I see Chrome on families computers I will strong-arm them into switching to Firefox. I did it in 2005 and was wildly successful. I can do it again. And I think my Christmas gifts this year will be domain names and three year subscriptions to Fastmail for my immediate family.


I did it like this

Install FF

Set it as default

Change path on desktop shortcut for "Internet" to FF

And ofc do not forget to say that is new IE version


I always found that it was best not to lie to users for their own good, at least if you want them to continue considering you a trusted source of computing information.

You don't have to explain what firefox is, or what IE is, just that "this isn't IE but it does the same thing and will keep you safe".

Maybe they'll have follow up questions, and you can answer those, but lying is just a good way for them to go back to IE and not tell you because they don't to be treated condescendingly.


If you’re on Windows, you need to set up edge-deflector too, which is a fairly advanced piece of idiocy.


There is a way to get rid of Edge by renaming its install folder or something like that. I did it, and I love it.


Change the icon of the FF shortcut to look like the IE icon ;)


> And ofc do not forget to say that is new IE version

That's just plain dumb. Explain to your users what you are doing. You seem to think they are stupid, well they are not.


Oh no, he doesn't think they are stupid, just that they don't know the difference between browsers. If my mechanic mounted a new transmission or something that wasn't the same brand as the one mounted before, and told me "it's the new version", I couldn't care less as long as it worked as intended. I don't know anything about transmissions, so from my point of view I have no way of knowing if what he's telling me is the truth or not, I just trust him to make my car work again.


This reminds me that such people also think that the visual experience of browsing the internet is somehow "fixed". My impression of social media is that one of its draws (pitfalls actually) is that it gives the impression of different people experiencing the same thing, e.g.: a 100 people like this or 500 people retweeted that.

However, as programmers, we should see the internet not as a browser at all. We should see it as a list of protocols and implementations thereof.

I think a big part of the oh-so-common emotional social media battles is anticipation of the other person's experience. Hopefully for you, as a programmer reading this, your view of the internet is protected by automated command line scripts that fight your internet battles for you...


>social media ...gives the impression of different people experiencing the same thing

Brilliant!


If my mechanic mounted a new transmission from another brand without telling me beforehand that he intended to do so, and I found out later, then I would immediately lose all trust in such a mechanic.


Why did he mount a different brand? Was it because he thinks it's better? Maybe it's cheaper, but otherwise equivalent? I have no way of knowing, and I trust his judgement entirely. On the other hand, if I went to my mechanic and said "Look Bob, I want an ACME Turboencabulator v2 mounted" I believe he would be happy to do so. The point is, most users don't even know what a browser is and just want to get back to facebook ASAP, and don't care if you tell them you installed an ACME Turboencabulator or a Stark Industries Turboelectroencabulator.

Of course, we all know the original Turboencabulator is GE and all the others are knockoffs, but I've tried other brands and they work just as well, if not even better.


Same here, and I understand cars. This is repair fraud, actually, and a criminal offense in the US. If I paid for and was told I would receive an OEM part and instead I got some aftermarket part off RockAuto, I'd be beyond pissed off and I'd get my recompense somehow.

I understand the grandparent point, but their analogy is terrible. When you are paying for a specific brand of item and you get an alternative brand without being informed and giving consent, that is fraud. It is a crime, and it is effectively stealing from you the difference in price/value/cost of the two items, since you're paying for the other brand.


Never did I mention I had specified a model/brand. I just went to the mechanic and asked him "fix my transmission". Whatever the way he does it, if it works it's good to me.


In automotive, there's a rich third-party ecosystem of replacement parts manufacturers.

Even the original vehicle manufacturer might purchase the parts from several of them.

You, as an typical end-user, have practically no chance to find out, whether the replacement part is "original" or not.


Yes, the most ignorant among us will never find out, unless they have a problem and go to a different mechanic that tells them. But it is very very obvious when you actually receive parts whether or not it's an OEM part, or an aftermarket part. Both may be identical and made in the same factory, but if I request a repair with OEM parts, am charged for OEM parts, and am provided with non-OEM parts that is repair fraud and a crime.


Good sir, I did not have 10h+ for lecture per client

And by the way, smart ones already had FF and Opera installed


No they are not, they just frequently devoted their intelligence to being a lawyer, doctor or whatever rather than caring about tech. Any more than they cared about the finer points of their microwave or VHS recorder.

The first Google scam - yes scam - was Adsense and adwords. The search "sponsored" box was a yellow designed to be near indistinguishable from white, and was invisible on many LCD monitors. Adsense and adword links were the same blue IE used for links - because people had been conditioned to believe blue links simply traversed the web.

With hindsight, that's the moment everyone should have lost all trust in Google.


A ton of people are stupid. You don't know his users.


yeah back then there was a theme for firefox 3 that mimiked explorer icon and ux, all my relatives had that, very few questioned the different download menu.


thanks satan In all seriousness, "And ofc do not forget to say that is new IE version", that is the key, let them think they are still using their old software.


Nowaways I put a pihole in every home of my family members. Together with unchecky (windows) my calls dropped by 95% or so.


I use a pihole at home too. It is funny since I have gotten a few texts from my roommates about their phones being infected when they aren't connected to the wifi here. They think it is a virus and I have to tell them that is what the internet normally looks like.


I wouldn't rule out an infection in that case. I have a friend who has phone malware that shows ads about every minute or so. I offered to help factory reset it (last I checked everything she wants to keep is automatically backed up to the cloud) but we just haven't gotten around to it. And yes she really does use her phone regularly.


DNS adblockers like Pihole are markedly _less_ effective than the declarative content blocking proposed for Chrome and currently in-use by Safari.

They do have the advantage of covering your entire LAN and working inside apps, so they are definitely useful. But they don't replace real adblockers, or even the castrated ones Google is pushing on its users.


It won't work for long. With eSNI and DoH you won't be able to use DNS for blocking, and IP is very easy to switch around, especially in IPv6 but even in IPv4 (ad networks have money, shortage is not a problem for them).


What lists are you using, which avoiding? My use of pihole constantly disrupted basic services such as Sonos. I can certainly find the URL culprits and resolve it, but I got tired of constantly doing so...


I have Sonos kit and a pi-hole. I use the default lists plus the ticked lists from this site: https://firebog.net/

I have no issues with my Sonos equipment - I use a local MP3 library, a Spotify subscription and TuneIn Radio all without any issues.

What problems did you have?


In case of Sonos - the speakers disconnected all the time. Taking off pihole completely solved the issue. I did not check for possible problematic URLs on the blacklists though.


What were you using for DHCP? I'm no Sonos engineer but that sounds like it might been network level rather than DNS. I have pi-hole doing DHCP as well and created DHCP reservations for my Sonos speakers just to be safe (although it isn't necessary and I never had issues when they were regular DHCP clients of my ISPs router).


I just use the default. We have Sonos stuff too and it works without doing anything special.


Back then, that was pretty good advice. IE was so insecure your entire system was at risk if you were exposed to the wrong content. Google made their browser quite secure and fast, which negates some of the reasons why people used ad blockers. There are other reasons people might use them, but these days you're much, much safer on Chrome than you ever were on IE.


Maybe the attacks were less sophisticated back then. I've seen so many windows computers completely owned by people using chrome to stream tv shows or perhaps visiting the wrong site while looking for discounts on shopping.


Meanwhile me laughing in Firefox.

I hope no one here is surprised by this G was more and more anti ad-blocking for years now.

This is only natural conclusion after u are a de-facto browser monopoly.


You won't be laughing for long, I believe.

See this FAQ:

https://blog.mozilla.org/addons/2019/09/03/mozillas-manifest...

Note how they say: "We have no immediate plans to remove blocking webRequest and are working with add-on developers to gain a better understanding of how they use the APIs in question to help determine how to best support them."

"No immediate plans" is weasel-speak, as is "[we] are working with add-on developers".

If Mozilla was dead sure that they weren't going ahead with it, they would say so, unequivocally. And I remind you that Mozilla "worked with add-on developers" when they unilaterally decided to drop XUL and go ahead with web extensions, while failing to include support for APIs that developers said they needed to support functionality that their add-ons provided.

IMHO, adoption of manifest v3 is not a matter of "if" but rather "when".


While I would agree that this might be just a overt way of saying "when", that statement came from Mozilla, and so far I don't think I could accuse them of misleading newspeak. If that was any other big corpo, then you are absolutely right.

As far as organization Mozilla have my trust and I don't look for false bottoms in their statements.

I would point out the previous statement they made there:

> Firefox is not, however, obligated to implement every part of v3, and our WebExtensions API already departs in several areas under v2 where we think it makes sense.

I trust Mozilla to be on my side as customer than ad industry. Well, we will see what future brings.


Mozilla is free to implement Manifest v3, while preserving the webRequest API in its current state. Maintaining the blocking abilities of the webRequest API would not introduce any incompatibilities with Chrome extensions, because they simply would not use that part of the API.


I think the concern is they might also be "free" to find alternative sources of funding if that were the case not whether or not it's technically feasible to support an API that exists today.


Of course, I'm mainly pointing out that if Mozilla retorts to use compatibility as a reason for deprecating parts of the webRequest API, they'll most likely be dishonest.


I don’t understand why you are downvoted because Firefox is a Google funded browser. One day they’ll have to compromise or find a real business model.


"Google wants to drop support for blocking WebRequests, which will cripple certain extensions, others might not even work at all. Mozilla is not going to follow this destructive path. Instead, they will keep allowing the use of blocking WebRequests and investigate how to address the issue differently."

https://gist.github.com/Lusito/dd6b76b93f83267903619103745cc...


That isn't an official communication from Mozilla. That is "someone's" recollection of something "someone" said (or not) at some workshop:

"Fair warning: I don't speak for Mozilla. Everything I say here is a recording of my memories from that event. Nothing more. Nothing less."

(and yes, I noticed that the second "someone" is Mozilla's "Add-ons Policy Policer, Thunderbird Council Chair", but my point still stands: this is something "someone" said, not Mozilla's official position)


Mozilla will certainly support manifest v3 to maintain Chrome compatibility. That was never in question.

The question is whether Mozilla _removes_ support for webRequest like Google did. And you're right, they weaseled their way out of answering that question.


You just have to look at how they don't support addons in their new mobile browser to see their true intentions.


Addon support will be available in Firefox Preview. This has been clarified.


Google captcha makes some sites almost unusable on firefox if you dare to resist fingerprinting for full traceability.

https://news.ycombinator.com/item?id=20147015


I see recaptcha, I walk. There's nothing else I can do. BTW if I turn on 1st party isolation in FF, I keep feeding the fire hydrant monster for hours.


Sites with recaptcha should be boycotted as much as possible. It's a stupid, annoying test.


They're getting garbage in with the service too - about the last dozen (at least) or more times I've had to do it you can clearly see that one of the options is what the AI thinks should be the answer, but isn't. But if you don't select it before clicking 'verify' it gives you a little 'please select all taxis' or whatever.

No AI, that's just a car, not a taxi.

But who cares, I just click anyway and feed bullshit in and in a few years it'll think everything is a taxi.


Can you surpass it by faking user-agent and pretend to be Chrome?


It is not about Chrome vs Firefox. It is about how much information they can get about you.

The idea behind the "I am not a robot" captcha is that if you act like a human, then you don't need to be shown pictures for further confirmation. The more you allow tracking, the more info they have to figure it out.

A big one is being logged in to your Google account. Having access to all your history really helps. And because Chrome heavily encourage you to setup a Google account, Chrome users are more likely to be logged in than Firefox (or other) users.

Spoofing your user-agent is likely to be worse. If you have a Chrome user-agent but your browser don't act like Chrome, that's a big red flag. Bots often spoof their user agents.


> This is only natural conclusion after u are a de-facto browser monopoly.

... and (probably?) the world's largest ad broker.


Just tried updating to the latest firefox on MacOS Catalina and I get:

>“Firefox Software Update.app” can’t be opened because Apple cannot check it for malicious software.


First we started telling everyone about Firefox Then we told them about Chrome Now we tell them about Firefox again

Google has officially reached 90s MS levels


I've been adding #chromeIsTheNewIE to related posts for a while. As someone who worked at the end of IEs dominance that feels spot on:

- lots of developers not caring at all

- businesses being businesses caring that we don't spend time on it

- ordinary people not caring even when the alternative is in another league

We got some work ahead. Hopefully Mozilla won't mess up too much during the next few months/years and then we might pull it off again.

And feel free to reuse the hashtag above : )


Only far worse


This is the point in the dominance cycle where the dominant player decides they no longer need to be the fastest or the most secure and that their dominance will allow them to coast along doing their thing.

There’s nothing particularly inevitable about what happens next, but let’s hope they get an IE6-sized kick in the teeth.


has anyone else noticed a marked decline in the quality of Google search results over the last 12 months? I swear, around about 2011 I thought Google was going to become self aware but it's declined from that high-point to a point where duckduckgo has become a viable alternative for more than just reasons of privacy. Which is a great thing!

Turns out "Don't be Evil" was more than just a feel-good marketing slogan. It may have actually been good for business as well.

Bye bye Google. It really has been great!


The one that I've noticed getting much worse over the last couple of years is Google (and to a smaller extent DuckDuckGo) removing the least common search term if there aren't thousands of hits. Precise search terms are very valuable for hitting the right results in a pile of unrelated slop and Google is even doing things like returning all Windows results when I search for linux and some CLI app that isn't available for Windows and never was. I can put in full paths out of /sys and Google will happily remove linux and the entry name because I'm only getting 5000 hits. The only thing I can think of is that they're trying to increase the number of ad impressions by having you need to do more searches to find what you're looking for.


I think that summarises what I have been seeing quite nicely. Its like it has lost all sense!


> over the last 12 months

More like since 2014.

I use google search for one thing only these days: product search, when I'm trying to find a local dealer for a product.

For everything else, duckduckgo, which, to be completely honest, is a lot more like the old google from the early 2000s, than the current google.


> More like since 2014

I do remember remarking to somebody around this time that google search had become something of a glorified grep.

You could still get things though. What I meant in this comment is that it has gotten even worse to the point that its almost unusable. It really does remind me of Microsoft of the 00’s.


I think 2014 was the big change into "AI first" for Google. I remember Translate working fine in 2014 in China with the offline pack, and the offline pack was ~220MB. In 2016, the offline pack was ~30MB and nobody understood the translations over there.


I don't know about overall quality of search, but did stack overflow do something to fall out of Google's good graces? I swear unless I specifically include stack overflow in my search query it's either near the bottom or not include at all. Instead it's a whole bunch of articles from independent websites. This is for questions I know fit the bill for stack overflow too. It's almost like Google is artificial lowering their ranking to decentralize the source of knowledge. That or stack overflow lost 70% of readership in 4 months


No repro here.

Google knows I land on StackOverflow results so often that SO results appear near the top, if not the #1 result, for terms that often have nothing to do with programming or computers. I was recently looking for an online thesaurus service and Google showed me an SO post about building linguistic/semantic search algorithms. Hmmm.


This is my experience too, and also in other areas. I have to include "stack overflow" or "forum" keywords to actually find something useful on the first or second page. Example: drone racing discussions.


I've noticed that for far longer than 12 months. Google search results are frequently crap. DuckDuckGo is often better.

But sometimes I dream about building my own search engine. It would avoid the big ad-driven sites as much as possible, and give preferential treatment to obscure blog posts about topics nobody else has written about. I want a search result to show the many different ways it could be interpreted, rather than assume one of them based on whatever heuristic, and show me tons of identical results that aren't what I want.


That’s Google c. 2011


Yes. When I started using DuckDuckGo it was despite Google's search results often being better and every few weeks I used Google for some queries because I simply couldn't find what I was looking for.

Now my last visit to Google is more than a year ago because DDG got better while Google got worse.


> has anyone else noticed a marked decline in the quality of Google search results over the last 12 months?

I noticed this since around 3-4 years ago.

It seems to be based on region.

Quotes get ignored. Even very specific queries about X prioritize clickbait junk like "TOP 10 X!!"

I THINK they might be anti-competitive too; searching for particular Apple APIs is sometimes more miss than hit, though that might be because of Apple's own poor documentation.

However, most Apple-related searches used to show me Samsung crap, and that's definitely not benign. Like searching for "iPhone" literally presented an ad for the Samsung Galaxy at the top, for a while.


> Like searching for "iPhone" literally presented an ad for the Samsung Galaxy at the top, for a while.

That's how ads work. If Samsung pays more money than Apple to show ads to people searching for "iPhone", then people will see Samsung ads.


I'm curious then; would Google list Firefox and other competing services before their own?


Theyd kind of have to if they were being paid to ... whether what they charge FF etc is reasonable would be the question


Would this be considered acceptable if it was a large company doing it to a much smaller company?

i.e. if Samsung was shoving itself into the searches for all non-Apple phones?


well like I say, that depends ... but big players squashing little players is fairly normal in my experience ...


I think this is a combination of SEO exploiting the methods Google used to use to provide good results and personal data based result optimization only being good at certain types of queries...


> they get an IE6-sized kick in the teeth.

as in: people will continue to suffer for about a decade while good alternatives readily spring up but suffer slow adoption?


Yeah, let’s hope that it’s IE6-sized, but not IE6-speed. Although I’m not ruling out a lost decade of web tech happening again.


Why does an alternative have to be widely adopted to be seen as good? Tech has an obsession with "popular or bust" and that's the ultimate cause of the lack of choices IMO.


Firefox is already here.


Since Firefox is already dependent on Google for a great deal of their funding, I’d say the next phase in Google’s strategy will be scaling that back.


They still need to keep Firefox alive, because it allows them to control market concentration and avoid the antitrust issues that MS had to fight.


[flagged]


Betting protection from antitrust issues on getting cozy with a political party is a risky strategy; political landscape shifts on quite regular basis. It's safer to keep a competitor alive so that if and when the power goes to people who don't like you, it won't be easy for them to go after you.


That would be why they're (allegedly -- I haven't checked) buying up those lovely Republicans.

I think it's likely to be a while before any political party other than the Democrats and the Republicans holds a lot of power in the US.


It’s been ongoing since Trump’s win. I can’t find the link right now, but they’ve also been bankrolling and having speakers at those weird, right wing DC conferences. And they’ve been supporting ALEC for years.

https://fortune.com/2016/12/14/google-conservative-outreach-...


The US isn't the only country in the world, and I'm surprised the EU wasn't your first thought here given what they did to Microsoft and IE.


And other projects will apear, all the people that visit sites like this one here, will switch, and slowly transition their families. Majority will conitniue "suffering" since they already don't have adblocks installed.


That doesn't make any sense. Firefox already is open source and forked already. New features can easily be cherrypicked even.


Firefox is a great alternative for many. But it is not great for everybody.


Many many people use adblockers now. The amount of users they will alienate would be very high.


Nope, mostly tech-savvy people use adblockers, it's astonishing how many people still see ads on a daily basis.


It is true and I wonder if the tech people aren't becoming the privileged class who knows ways of not feeding the big corporations.

For example, it takes a lot of effort and energy for me to explain to non-technical people that comparing Apple and Google in terms of their mobile devices is non-sense. Just look at their regular financial reports, I usually say, and understand that one is an online advertisement business, while the other is a purely software + device business. One wants you to use their devices at all costs, while the other wants you to buy them. Those are very different core business models, different mentality and approaches. Etc etc. And so the choice between them comes down not even to taste or quality or price; it comes down to which business model you sell your soul to.

And then there's ad blockers and understanding how modern internet works etc. It worries me that the disconnect between those who understand the inner workings of tech and those who don't becomes bigger and bigger by the day. As the tech business itself becomes more and more sophisticated (and monopolist/authoritarian).


According to stats I’ve seen, around 30% of people use ad blockers. And that’s growing. Nobody stops using an ad blocker.

It’s not just tech savvy people. I imagine plenty of people here have set one up for their family members.


I operate a website visited primarily by both unsophisticated users and non-expert but savvy users (the former group being the demographic that exchange emoji-laden meme images on Facebook, and the latter group as the type of people comfortable getting around a phpBB board in the mid-2000s). I've seen a steady decline in AdSense/AdWords ad-revenue from visitors based on ad-impressions despite increasing visitor counts from those two main demographics - the evidence suggests they're using some form of ad-blocker.


Makes sense for them to kill it now before the majority gets a taste of what it could be like.


But there will still be adblockers. Safari still has them, manifest v3 Chrome will too. They work great and the user doesn't need to hand over all of their browsing information to the adblocker for it to work.


And we definitely have to help speed up this process


> IE6-sized kick in the teeth Sorry to distract, but I'd like this on a T-shirt.


They still are the fastest and the most secure, and Manifest v3 is faster than uBlock Origin since no javascript code needs to run.

I won't be using Chrome anymore once they implement this since I like my element-hiding rules which I wrote myself, but for the common rabble, Manifest v3 will be an improvement.


The speed difference is only noticeable in benchmarks. It's completely meaningless for humans. Manifest v3 will not be an improvement for anyone previously using uBlock Origin.


Disagree. Chrome feels snappier. Firefox stalls sometimes when rendering and can't achieve 60 fps on some websites I use. (Not Google properties)


That difference is very unlikely to be due to the nature of support provided for ad-blockers, though.


They could support declarative rulesets without disabling request blocking. And the request inspection API is still live, it seems; I wonder if this means SimilarWeb and other spyware peddlers can stay in business for now.


Classic cat and mouse moves. Adblockers will move to OS level so google cant do anything about it. Pi-hole and Network level blockers should also see a rise.


Pi-hole can't filter out ads that are embedded into the page though. I think adblockers have to be a browser extension to work conprehensively.


I generally don't mind ads that are embedded into the page (at the moment). It would solve a lot of the big problems people have with ads right now. Anyway, this change only prevents extensions from blanket blocking web requests, and will make no difference to adblockers which manipulate DOM content.

I think the same thing that happened with popup blockers will happen again. Advertisers will be forced to listen to the consumers and the internet will be better for it.

Have you turned off your popup blocker recently? You can surf around even to fairly sketchy sites, and I bet you won't see a pop up. The consumer won. With tracking, we'll win again.


Pi-hole can switch from magicking the DNS to being a proxy that rewrites HTML.


Then you need to manage custom certificates and embedded browsers and updaters may not handle proxied connections well. (And what about your tv where you can't provide custom CA certs?) This way of handling things never ends well. Both in enterprise solutions and consumer ones.


A lot of ads and sites use complex JS as well, so an extension can lean on the browser's rendering engine to JIT block that stuff..

A proxy that wants to do this before the browser will need to do a lot more work I think?


TLS makes that tricky as you need a MITM proxy.


And cert pinning in the browsers blows this out of the water, which is why I'm of two minds about it as a security feature. It seems that a lot of security these days is really about removing people's control over their own devices.


Certificate Key Pinning is in the process of being removed from browsers. https://developers.google.com/web/updates/2018/04/chrome-67-...


You can import an own root cert which will be honored. I work in a company where all internal servers have a certificate a non-public root has signed. Works both on Chrome and FF.


Really? I thought recent dns improvements would prevent this sort of thing.


it's much, much easier to just switch browsers. Firefox is great.


It's worth doing both.


DNS-based blocking schemes lack fine grained control. They're simply less capable than uBlock Origin/uMatrix.


in-application DoH will bypass DNS-based adblockers. this will also expand to electron-based apps.


I've already done this on my phone with Blokada. Don't have to worry about any ads regardless of the app, couldn't be happier with it.


You cant move to OS level and do not compromise security aka https, dnssec, etc


Cosmetic filters will still be needed on the browser.


Dumb question but could you do DLL injections à la video game hacks for the cosmetic filters?


Interesting question, honestly I don't know.

BTW I can see that you are French ^^


They are being very stupid. Switching primary browser isn't trivial, but it's easier than wading through an ad-laden web. Goodbye Chrome, hello Firefox.


You're not their target. It's the less technical people they have in mind here.


Except we are the ones that usually decide what to put on end users computers.

And we are the ones that makes suggestions. And end users then make same suggestions to other people.

Word of mouth I believe is a VERY important marketing tool.

Basically if Chrome looses people that brought them market share in the first place... I think market can shift. Not that it happens fast enough. But having some market share for Firefox is important.


Those people managed to switch from IE.

Chrome used to be the underdog.


Fortunately, a lot of less technical people have technical people in their immediate families and circles of friends.


The big question is, how many of those less technical people switched to Chrome because of technical friends or family and how many switched because of Google abusing its monopoly by displaying deceptive ads for their browser on all web real estate they own?


Ads don't make people switch browser, it's enough of a fuss that only pain will do that.


> Switching primary browser isn't trivial

It isn't? It seems trivial to me -- what are the friction points?


If you're not technical, switching browser means losing your entire navigation map of bookmarks and default start page, along with learning a different program's ways of doing the same things.

If you are technical, it's still a pain to get everything imported and set back up, and the extensions you're used to may be absent or done in different ways, and the subtleties of eg: incognito mode and reader mode may be different. You may have to re-construct your personal adblock rules. And so on.


Like so many others on this thread, this is my push to go entirely back onto Firefox. I'll keep Chrome for the diminishing number of sites that don't like Firefox.


You can use Brave as your Chromium-based browser. It blocks ads natively, and I've not yet run into a site that required Chrome that didn't work on Brave.


Suggesting a browser because it has adblock preinstalled is like recommending a specific Linux distribution because it comes with LibreOffice out of the box: it doesn't matter for anyone who can click 2-3 buttons.

What matters to me is the part I can't influence that easily, and I simply prefer Firefox because it's not based on Chrome. Not something many browser developers can say nowadays.


But if you need Chrome for certain sites that only support Chrome, then giving Chrome the middle finger by using a non-Chrome Chrome seems like the best of two evils. I realize that sites only supporting Chrome is terrible and shouldn't be a thing, but sometimes it really can't be avoided.

I say this as someone who uses 99% Firefox, 1% Chrome... I had never thought about this point I'm making before.


How sure are we that Brave will not break also with these new changes? And also, how sure are we that Chromium isn't secretly tracking users already? I don't have time to read the source, and don't trust that many people that say it's all a-okay.


It's also worth mentioning that Brave's adblock engine is native (written in Rust), not a Javascript-based engine like uBlock [0]

[0] https://github.com/brave/adblock-rust


Thanks for the tip. I've seen some FUD around Brave and their browser but even if true they are still better than where Google is going.


Whut? Sites require chrome?


For the entire history of the internet, there have been sites that only work properly with the dominate browser, starting with Netscape and then, famously, IE6.

I'm always confused when people imply this isn't the case or start demanding evidence. I'm bemused when they are surprised.


I intellectually know this to be true, but I have to take it on faith.

I've never been a Chrome user, and I honestly don't remember ever hitting a website in the last 10 years or so that didn't work for me.


So you do not show us site with "this site working only with chrome"

In Netscape/ie times WWW was other than nowadays, so your analogy is not correct


Sadly, there are a number of websites that assume that Chrome is the only web browser and do not work properly in other browsers.


The web version of T-Mobile Digits is one I can think of off the top of my head.


Welp, I've been putting this off for a few years, but this is as good as moment as any to do it. Took me 10 minutes to import all bookmarks, set up extensions, and customize one or two details but it is done. So long Chrome, it was good while it lasted!


Moved back to Firefox this weekend. It feels so much snappier than Chrome. So far I only miss SuperSorter (https://chrome.google.com/webstore/detail/supersorter/hjebfg...).


Is the current fold at Google too young to remember what happened when Microsoft tried this type of crap with IE6? History truly repeats itself..


are we in the farce stage already?


A couple years ago my mac started to not go to sleep... I checked and it was Chrome saying “webrtc has active peer connections”. No, you can’t disable webrtc in chrome.

So I’ve been a bit ahead of the crowd and gave up on Chrome long ago.

This ad block scandal made me give up on Safari too though. Firefox seems to be the only reasonable option left.


> No, you can’t disable webrtc in chrome.

Is this true? That's a complete showstopper for me.


Was when I checked. Don't know now, haven't used Chrome in a while.

In any case, how do they dare disable my power management for something I didn't start myself?


I don’t care about Chrome (having ditched it long ago). On the other hand, I do care about whatever Chrome implements having an adverse impact on Firefox.

Mozilla has said before that Manifest V3 is up for consideration in Firefox and that “there are no immediate plans to remove” the existing APIs (mainly webRequest). [1] If Mozilla makes the power of uBlock Origin untenable on Firefox [2], that’d be a sad day for me, and I’d probably switch to Brave (assuming it’s still able to support uBlock Origin, even though it has a built-in as blocker).

If anyone from Mozilla or the Firefox team is reading this, please lead the way on these changes in a way that improves security (one of the goals of Manifest V3) while allowing extensions to remain powerful. Letting Google dictate the terms or just following Chrome will likely make Firefox worse in the eyes of power users and those who influence others to use it.

[1]: https://blog.mozilla.org/addons/2019/09/03/mozillas-manifest...

[2]: like it did with the XUL obsolescence (for good reasons) and the removal of great extensions like Tab Mix Plus and Session Manager (without providing a way forward for them to work; session saving extensions on Firefox are still not as good as the mozdev Session Manager was).


Mozilla is full of either cowards or sellouts. When the page visibility API was added to Firefox for Android and used to automatically pause nonvisible YouTube pages they ignored user arguments for blocking it.


And this is prime example number one why something as important as your Browser shouldn‘t be the free thing you get from an ad company.


hasn't Apple done the same with Safari?

https://www.google.co.uk/amp/s/www.zdnet.com/google-amp/arti...

curiously i haven't noticed any changes on my day to day browsing habits.


Yep, the hysteria has no substance. I'm using Safari both on mobile and on desktop and use adblocker even though the evil Apple should have had them killed.

If Anything, I am nervious of installing any ad-on that can access the web pages I visit and send god knows what who knows were. It's almost as an accident waiting to happen. The web is only secure when your browser is secure.

I like the natively handled content blocking approach much better.


I'm not deep in the ecosystem and certainly no expert but I got one of those small iPads for free and tried using it as a device for browsing the web.

AFAIK there is no way to make Safari execute any cosmetic filters at all. (My uBlock Origin setup lists ~50k network filters and 150k cosmetic filters)

There are cookie notices, social media buttons, premium newspaper article headlines, comment sections, fixed elements and content "suggestions" everywhere. Unusable.

I use css filters in ublock origin to increase the font size of the HN comment titles because I often miss the collapse or vote links. ...or to block the food suggestions in Googles shoppinglist that, by appearing as an overlay, always hide the first list entry to suggest me to buy "hamburger". (I'm not joking.)

I still do have the device somewhere and I am open for suggestions on how to get control over the content (or at least remove ads) on an ipad, but I don't think there is currently any full content-blocking solution for iOS.

Which is a shame because (in my case unbearable software aside) the device does not appear bad from a hardware perspective.


Safari's marketshare is insignificant.

You've also included an /amp/ link, which is another part of the problem of becoming too dependent on Google.


yes, and that is also bad.


I guess the argument is "is it worth it to save some people the privacy issue of extensions phoning home the pages you visit by requiring the ad-blocking to be a rule list and not rely on synchronous webRequest blocking". Safari's webRequest change also blocked even monitoring webRequest URLs, so the current adblocking solution is to only provide a list of blocked patterns, and it seems to work for me.


The easy solution is to measure the performance of this declarative API and inform the user if it causes slowdowns. But don't limit it to 30k entries.


Yeah. I also switched to Firefox as a longtime Safari user after this.


another point: isn't this what every firefox/others fan wished for? a way to balance things out in the browser market?


That another player turn evil? I don't think so.

Firefox fans want it to become a great browser. No shits given to Chrome either way.


I had already switched my mobile browser to Firefox explicitly so I could use ublock. And now it's time to move to Firefox in the desktop. I appreciate Google helping with the decision.


And then you'll be able to sync your bookmarks and settings etc.


Unfortunately the Touchpad experience is non native and horrible on a Windows Laptop.


Well hello my dear Firefox

ms thought that ie will be at the top forever too


Couldn't some kind of graph compression algorithm preprocess the subscribed rulesets into what fits 30k rules?

I have no idea about the domain but 30k rules seems more than sufficient to map from a 150k set of uncompressed wildcard patterns.


The 30k rules limit is not final.

> we are currently planning to change the rule limit from maximum of 30k rules per extension to a global maximum of 150k rules.

(https://blog.chromium.org/2019/06/web-request-and-declarativ...)


I currently have 135k network rules active in uBlock Origin without having all of their lists active. Your 150k proposal is nowhere near enough.


You seem to be assuming that the people maintaining the rules have been somewhat lazy so far. uBlock origin has the reputation of being pretty performant though, so I'd assume the engine and rules are already well optimized.

That aside, I wouldn't want to bend backwards just to comply with how Google wants the world to work. I'd rather use Firefox.


It would be hard but I think it might be possible, provided some time is put into coalescing rules in an efficient way. (I have done something similar and couldn’t quite manage to get it to fit, but I didn’t look at it for too long.) One issue that still remains relevant is that adblocking lists usually grow with time and require more features as ads evolve, so it’s not clear that the new API will continue to support this.


"Nice ad blocker you still have working there. Would be a shame if this arbitrarily chosen limit of 30k would be reduced to 15k"


What a needlessly hostile title that editorializes and doesn't match the linked article.

@dang can you change it to match the site? I think this submission violates the site guidelines on titles. The original title is "Google Begins Testing Extension Manifest V3 in Chrome Canary" and doesn't include the ad blocker flame bait.

"Otherwise please use the original title, unless it is misleading or linkbait; don't editorialize"


The bit about adblockers provides context on why this article is worth my attention. I'm not an extension developer, so "Extension Manifest V3 in Chrome Canary" means nothing to me.

But this:

>The most controversial aspect of the extension manifest v3 is the upcoming changes to the webRequest API. In v3, Google has changed the API so that extensions can only monitor browser connections, but not modify any of the content before it's displayed.

>Instead Google wants developers to use the declarativeNetRequest API, which has the browser, not the extension, strip content or resources from a visited web sites. This API, though, has a limit of 30,000 rules that can be created.

>Unfortunately, this change will break popular ad blockers such as uBlock Origin, which rely on the original functionality of the webRequest API and need more rules than are available in the declarativeNetRequest API.

Is very worrying. So thanks to the submitter.


It's also completely misleading and perhaps willfully so.

The limit's been raised. The removed API is used by half of all detected malicious extensions to spy on users. Ad blockers will continue to work fine with the new API, just like they do on Safari now.


> The limit's been raised.

I thought the worrying thing isn't whether it's a 30k or 300k limit but that Google itself chooses the amount of filters users can apply.

It feels to me that this is just asking for the abuse of power.

I don't think the specific number itself is anyones primary concern.


> The removed API is used by half of all detected malicious extensions to spy on users.

The API wasn't completely removed. You can add still use it to monitor requests, you can't block them anymore.


I didn't use an adblocker until every single site began competing on how much of my screen can be a billboard telling me that I won't last two minutes playing their game. If the new changes make it past testing and there's no strict anti-ad abuse policy put in place, I'm jumping ship.


I'm the one who switched my whole family to Chrome back in the day to get them off IE. I have no problem doing it again this holiday season. Firefox for everyone.

No idea what Google is thinking. In one short decade they've become the new villains of the internet.


This was the nail in the coffin for me, as of last night. Writing this on Firefox :)


time to move to firefox


Way ahead of you...


I moved earlier this year, it's been a good experience overall. The dev tools, which were what was holding me back, are _excellent_ and improving all the time.

Only thing I'd really love to see are container-specific windows, so 'Work' tabs would open by default in my 'Work' window.


Perhaps something along the lines of this? https://addons.mozilla.org/en-GB/firefox/addon/multi-account...

Full disclosure: I love this extension.


That's how you make people switch to Firefox, Brave, Opera, etc.


The last two are chromium-based and thus will likely follow chrome's extension system too.


Both of them have already said they will not implement these changes in their Chromium branches.

Unfortunately for Google, Chrome is open source, and Google will no longer be the dominant Chromium branch if they keep making mistakes like this.



Can't comment for opera, brave however won't follow manifest v3 https://twitter.com/brave/status/1088914000379731970


Brave has built in ad blocking.


I use brave but some brave allowed ads seep through. I have no issue with ads; I just don't like tracking and insane JavaScript pop ups taking over the browser without the user invoking a deliberate action.


Might encourage more users back over to Firefox, which would make this good news on balance.


On mobile i use brave, and when things break I switch to chrome. I tried Firefox multiple times, but I can't help but miss the swipe the address bar to go from tab to tab. I always revert back to chrome. So it's more of a convenience for me.

But if I had to choose between adblock or swipe to switch tab, then they made the decision for me. There is no way I can ever browse the web without an adblocker


...But mobile chrome doesn't support extensions anyway?

I use Blokada for adblocking on Android btw, and this change wouldn't affect that. Works fine.


Brave blocks ads natively, even on mobile. It's a pretty nifty browser for when you want chromium. Firefox mobile is slower in comparison, but their extension support is killer tbh.


> swipe the address bar to go from tab to tab

I never knew you could do that! How did you discover this feature?


In my case, by accident...


I've given up on Chrome a long time ago (using Firefox now), but I think the best way to block ads for good is to use Pi Hole as DNS. I've set it up a couple months ago at my home, plus a Wireguard tunnel so that all connections from my laptop and phones go through that DNS (with the added benefit of encrypting all my traffic over unsecured networks).


DNS blockers are nuclear option

Sometimes they are useful but in most cases you need more flexible solution


Why should it? Most ads are toxic. Even if the site is well-intended and doesn't put too many of them, the few ads are still going to track you and disregard your privacy.


This is tech limitation

If site has ads served from main domain you can't block them

You can block ads with some static files on subdomains/domains, and this drastically change content (like how is image sites looks like without images?)

So, using DNS filtering for big ads providers is OK

For small and smart ads providers will not work

And I mean ads and tracking the same thing. While you can block all kind of "analytics", at the same time you can't block web-server logs with your IP (cookies, etc)


That's why I use it in conjunction with Firefox (set to the strictest anti-tracking level) and uBlock Origin


And this is right way to use it


They don't realise how easy is to swtich, and ads already started to anoy almost all. Searching for Subscription model or other model is the key here. Apple with their lower price iPhone 11 sensed it, and acted to increase their service revenue while Google yet to have streamlined payment gateway let alone reliable subscription service product wide.


Now that they're pushing forward with the artificial limits, I'm looking forward to moving back to the days when large software was deployed on floppy/discs. I can see it now: "ublock origin part 1", "ublock origin part 2", ...


Does it really kill adblockers though?


In current form, yes. The article pretty clearly states:

>Instead Google wants developers to use the declarativeNetRequest API, which has the browser, not the extension, strip content or resources from a visited web sites. This API, though, has a limit of 30,000 rules that can be created.

>Unfortunately, this change will break popular ad blockers such as uBlock Origin, which rely on the original functionality of the webRequest API and need more rules than are available in the declarativeNetRequest API.

Looking at an old picture of ublock origin block lists: https://www.bleepstatic.com/images/news/u/1100723/uBlockOrig... we can see 150,000 rules. The whole point of a rules list (easylist/easyprivacy) is that they're easy to maintain, since it should be a surprise to no one that adding new ad domains is trivially trivial. EasyList alone is 30,000 rules and it alone is woefully insufficient for a modern-day browser. The declarativeNetRequest only allows for ONE type of filter to work. The static kind, i.e. the old, deprecated, bad, insufficient kind.

Recommended reading: uBlock Origin developer's comments on this change (unanswered by google ofc) https://bugs.chromium.org/p/chromium/issues/detail?id=896897...


The way ad-blockers work at the moment is that the authors of ad-blockers work hard to not break the websites they block adverts on. This is good for users. This change means ad-blockers will need a different, simpler approach that probably will break far more websites. For example, you could write a very simple ad-blocking script that just denied requests to load JS from any third-party domain. That would break a lot of websites, but you wouldn't see many adverts.

I'd rather have lots of broken websites than websites with adverts. I suspect a lot of web users feel the same way.


Hmmm, I wonder if you could globally block 3rd party javascript, then use the 30,000 rule limit for your whitelist of places to allow js from?

I seriously doubt I'd be left with any "broken sites" I care much about by the time I've whitelisted 30k 3rd party javascript domain/paths?


> we are currently planning to change the rule limit from maximum of 30k rules per extension to a global maximum of 150k rules.

(https://blog.chromium.org/2019/06/web-request-and-declarativ...)


That's from June this year. If it was important for them, it would be done already.


> In current form, yes.

It does not; actually, I’d argue that the adblocker I’m using right now works just fine. I cannot see how it will do in the future, but it’s just incorrect to say that this change kills all adblocking.



It does kill the really effective ones like uBlock Origin by removing any ability to do heuristics, "right click to block", "IAB sized divs" and similar dynamic detection. The 30k limit is also too low. So, a bit of hyperbole, but it DOES kill the best blockers.


Everybody saying declarativeNetRequest is sufficient and Apple's Safari content blocking works perfectly fine is entirely missing the point. Both of those statements are true enough, _for right now_.

Losing the ability to modify content in this manner means adblockers can't compete in the arms race against advertisers. Anti-adblock scripts running locally with randomly-generated names will render this sort of declarative content blocking ineffective.


I am so glad that it's a while I have started migrating off Google, Gmail and Android and I am Chrome-free for almost two years now (Syncthing and DecSync helped a lot).

However, I think Google will exploit their browser-market-dominance to bend web tech to make escaping from ads impossible, same as what they did with DRM.


All the more reason to use a DNS level ad-blocker and clear all cookies on browser exit, I guess...


Sooner we move off ad renvenue based products the better. Surely there's a way to get people to pay a tiny bit to get great quality products that don't fuck them in the arse.

We need some benevolent dictatorship in tech to sponsor this ecosystem.


We have seen that floated many times but I am afraid it is a non-starter. It has the same exact issues as Clickbait but calls for a large infastructural change. Just having a convenient pay mechanism would be an in practice security vulnerability from scareware. Plus like subscriptions the owner practice often will be "do both at once"!


You'd need a convenient, anonymous payment system. Tough luck.


Half of all detected malicious extensions used the web request API to spy on users.

The rule limit has already been raised to 150,000.

Plenty of ad blockers will still work in Chrome.

This thread is chock full of motivated reasoning and deliberate misinformation.


> Half of all detected malicious extensions used the web request API to spy on users.

And they can continue doing so because spying is passive and the passive (just eavesdropping, no modifications) webRequest API still will be there.

>The rule limit has already been raised to 150,000.

And it could be 10 billion rules. The point isn't so much the actual number, but that you cannot programmatically judge and block request anymore.

>Plenty of ad blockers will still work in Chrome.

Of course, those ad-blocker crippling changes aren't in the Stable yet, and even in Canary they are only "preview" and the old APIs still work.

>This thread is chock full of motivated reasoning and deliberate misinformation.

Yes, that's more or less what you did here.


Can you spell out what you are implying here?

Is it that the people posting in this thread are.. authors or stakeholders of malicious extensions? Do they all work for Mozilla? Are they a part of some rival industry which stands to benefit from the fall of adtech? Have they shorted GOOG?

Surely it would be strange to class arguments from users who want to continue to block ads in their browsers the same, effective way that they have been for years as motivated reasoning. What sinister motivation am I missing?


For whatever reason they all seem determined to put Google in the worst possible light and ignore any arguments to the contrary. I can't speak to the motivation other than "hate Google".


If you consider your own reasons (which only you are privy to) for supporting Google's actions in this case, you might find that you're stretching to meet a narrative. And sure, they might be too, but we can't really claim that fairly without peeking inside their minds.

All we really know is that they are annoyed that Google is neutering an extension which they like to use, which makes enough sense that speculation on their motivations isn't really justified.


Afaik they can do this still. This can't be the motivation.


I use Firefox as my main browser and have Vivaldi, Brave, Edge, Installed for testing purposes. I just need to migrate my email away from Gmail hmmmmmm. Any good suggestion?


> Simeon Vincent, a Google Developer Advocate for Chrome Extensions

One has to love and admire the use of Newspeak by big companies... How is this Mr Vincent an "advocate"? He's in charge of destroying extensions!

On his Twitter bio [1] he also says he likes "helping people" and "the open web". The cognitive dissonance must be hard to bear.

[1] https://twitter.com/dotproto


And once asked a clear question, the developer advocate deflects and stops answering: https://github.com/uBlockOrigin/uBlock-issues/issues/745#iss...


Did you link to the right thing? That isn't a deflection, they're asking permission to sideline the issue on uBlock's issue tracker into a discussion about Chrome/Chromium's extension policies, which incidentally they didn't get a clear answer to.

> I also don't want to hijack this without the project's permission. @gorhill & contributors, do you mind having this discussion here or would you prefer if we moved it elsewhere?

I haven't really been following this issue, but I did read the linked reply, so I may be missing some bigger context.


That's the correct link, and it is deflection. When developers tell you that the extension review process is so unfair that it feels like bullying [1], and ask you what changes do you plan to introduce to prevent this, the least you can do as a developer advocate is to briefly answer the question, then open a thread on Google Groups and invite people there to continue the discussion.

What they did was to introduce a break in the discussion. Most people subscribing to that GitHub issue, which was trending on HN [2], will not start monitoring Google Groups for any new discussion that may take place, which reduces the likelihood that there will be enough people pressuring them to give clear answers.

[1] https://github.com/uBlockOrigin/uBlock-issues/issues/745#iss...

[2] https://news.ycombinator.com/item?id=21233041


Would be nice if any hn-reader mediates between the two sides.


Mediation is for two sides having a reasonable difference of opinion.

In Google's corporate opinion, Google's ads must not be blocked. In everyone else's opinion, all ads must be blockable at a user's option.

That's not a difference that can be mediated.


This is classic modern Google. "Advocate" probably means he is advocating for the Chrome Extensions Team and not the Chrome extensions. That would allow him to have an internally consistent world model and is probably how greater corporate Google interprets the title.

So communicating what the team is doing to the outside world, not defending the utility of the extensions.


Even if you don't share their opinion, you have to accept that some people honestly believe that advertising is necessary for funding the open Web and keep it open for people who either can't afford tons of subscriptions or hate them for privacy reasons.

Realistically, Mr Vincent is not in charge of being an advocate for anything other than Google's corporate interests. But he is not in charge of destroying extensions either. He may well be in charge of destroying ad blockers though.


I don’t accept that these people think they are helping create an open web. I think they’re trying to make their stock options worth more and appease their bosses.


I don't know Mr Vincent or anyone else at Google, but it seems unrealistic to assume that no one at Google could possibly believe that advertising is helping not hurting the open Web.

Stock options and bosses with different incentives are available at other employers as well.


I don’t think anyone could be naive enough to believe ads help the open web.

> Stock options and bosses with different incentives are available at other employers as well.

Most other employers don’t have a near monopoly on the web browser market.


>I don’t think anyone could be naive enough to believe ads help the open web

I don't think assuming bad faith with absolute certainty is a productive form of debate.

[Edit]: As a matter of fact, I don't believe that advertising is entirely replaceable as a funding mechanism for the open web at this point in time. That doesn't mean we have to accept all its excesses without resistance.

>Most other employers don’t have a near monopoly on the web browser market.

A near monopoly is not a prerequisite for an employee to make a lot of money somewhere else, especially not for someone in a PR role like "advocate".


> I don't think assuming bad faith with absolute certainty is a productive form of debate.

It’s not a debate though, Google is removing these user friendly features and sprinkling some marketing speak over their actions. It’s right to call them out on that. Also, if your job is to be the face of that marketing speak, you should expect people to question what you say.

[edit] Funding and openness are tangential. A system need not be profitable to be open. Look at open source.


>Funding and openness are tangential

I don't think open source is a viable solution for all currently ad funded services. Some services cost a lot of money to run and many indirect funding sources come with their own downsides. Open source projects are often leveraged by some of the largest corporations for their own strategic purposes that don't necessarily help openness.

But my original point was simply that this is a non-trivial debate in which all sorts of opinions can be honestly held.


> ...advertising is necessary for funding the open Web and keep it open for people who either can't afford tons of subscriptions or hate them for privacy reasons

That's a minor issue. The bigger issue is the fact that, if adblockers become truly popular, websites will go back to serving opaque binary blobs instead of HTML+CSS+JS.

Remember Flash and 'Flash pages' back in the day? That, except worse.


I'm not sure that is worse. A vast majority of the primary source web has no in page ads as it is things like orgs talking about their own products. If I could reliably filter the entire ad funded web from my search results on the basis of their using a blobs/DRM feature, I'm not sure how often I would do a search on the derivative web.


I don't think sites will bake ads into the blob. It's too much server-side hassle. The equivalent today is just serving the ads from your own domain, and precious few people do that. The other option is a binary blob making a network request to an ad server, which can be blocked.


I know people who are building this as a service. It renders this new adblocking API completely helpless. Since it's just a proxy with relatively low CPU load, it's feasible e.g. Cloudflare could also build something like this.


> websites will go back to serving opaque binary blobs instead of HTML+CSS+JS.

they will just serve web assembly


> The cognitive dissonance must be hard to bear.

While not wishing to speculate on specifics, there is medication in common circulation that can help with such inconvenient emotions.


Regardless of your opinion of his actions, attacking him here for being non-genuine doesn’t really help :/


his actions show he is disingenuous. you don't need to make any value judgements because his actions are inconsistent with his rhetoric.


I have found that picking at people for a decision that you don’t agree with is rarely useful; we already have people going through GitHub to find instances of other “disingenuous” behavior. Like the decision or not, the change is the product of an entire team at Google, and it’s not productive to harass the one person mentioned here because they’re an easy target.


> it’s not productive to harass

True. They won't change their mind. The only signal they will listen to is to stop using Chrome.


They are literally the face of this decision - if you find yourself put in a position to make hard decisions you dont agree with, there's an easy out.

Get a new job.


Google has been perfecting this language over the past few years, with press releases/blog posts of fame such as: "We're evolving Google Fiber" (read: We're killing it) or "We're releasing the End-to-End email encryption extension to the community" (read: We're abandoning developing and supporting it for Gmail), etc


War is Peace.

Freedom is Slavery.

Ignorance is Strength.


“Hello, fellow developers! I myself am a developer, just like you! How’s everyone developing today? By the way <insert marketing spiel here>”

It’s so transparent, I boggle at how anyone falls for it, or that companies still think it is a viable strategy.


They do that because it works.

I remember clearly an interview of a very famous IT billionaire going this way:

- What's the most annoying myth about you? - A myth migh be that I'm the most generous philantropist of all time. [...But] I havent' sacrified my time or economic well being the same way lots of unamed, amazing people do. So they're the worlds best philantropists.

This is the least subtle humble-brag of all time. "People says I'm so incredibly amazing. But they are wrong. There are out there more amazing people." is gotta be next to the job interview answer "my biggest weakness is that I work too much" in the BS book.

But the reactions to the interview are still, to this day, "this person is so humble", "he is such a good man", etc.


Except that people do, in fact, say things not so far from "Bill Gates is the most generous philanthropist of all time". If you put "most generous philanthropist of all time" into your favourite search engine, I bet you will get a lot of top-N lists and I bet Bill Gates will be in all of them. (Unless they're things like "most generous philanthropists you've never heard of", "most generous female philanthropists", etc.) If I put that exact phrase, in quotation marks, into Google, the result I get up at the top is an article from 2007 (so, well before that interview) making that exact claim. [EDITED to add:] More precisely, it calls him "perhaps the most generous philanthropist of all time".

I don't think it really counts as a humblebrag to say "it's a myth that I'm X" when there are in fact a lot of people saying you're X.

He could, for sure, have gone further out of his way to avoid humblebragging: he could have said something like "I think a lot of people overstate how generous a philanthropist I am". But he was asked, specifically, what the most annoying myth about him was, and all the anti-humblebrag tactics I can think of right now avoid humblebragging by not stating a specific proposition at all -- so they fail to answer the question he was actually asked.

And he could, for sure, have picked something else, maybe something about his time at Microsoft. But these days he's much better known as a philanthropist than as a Microsoft founder or executive, and I bet the things people (truly or falsely) believe about his Microsoft career aren't the things he considers the most annoying myths.


Google Chrome is the new Internet Explorer


That's an unfair comparison. IE wasn't a good browser but at least it wasn't designed to make people suffer from ads.


I found Brave more trustworthy than Chrome and better usability than Firefox. Just made a switch to it.


I find it interesting that Google thinks they are going to get away with this. I'm afraid they might be right.

I've been on Firefox since they launched their quantum version a few years ago after a few years of using Chrome. I like Firefox but I notice a lot of people around me seem to default to Chrome. Things work well enough on Firefox that I don't consider compatibility a problem. But I do get a lot of raised eyebrows from people who consider this an extreme thing to do. Just like back in the day where I was doing most of my browsing with alpha builds of Mozilla Phoenix instead of just using IE like world + dog.

But what matters is that the market has changed. 15 years ago when MS made their anti competitive moves with IE and in the process helped Mozilla survive their Netscape implosion through reinventing themselves through their Phoenix -> Firebird -> Firefox reinvention (I used all of those). However since then, the market has consolidated around just 3 browser engines: Chromium, Webkit/Safari, and Firefox. Of those Chromium essentially powers all of the Chrome alternatives that aren't Firefox or Safari (Edge, Brave, Opera, etc.). Another change is that the web has imploded to just a handful of websites gobbling up most of the traffic. Yes there are a lot of websites but mostly the way to them leads via Google, Facebook, Apple, or MS owned properties.

Finally the ad market has changed. GDPR and related efforts in other markets (including the US) are pushing the market towards more responsible behavior with respect to getting users to opt in and to ad experiences that are increasing harder to block because they don't necessarily come via separate websites and domains.


There's also the giant shift to mobile. Google and apple would like you to use phones and tablets to the expense of desktops because they can control those platforms better. So they are building their platforms with those in mind, unintentionally-or-not crippling desktops


You know, IE6 and especially 7 was very good, but...


How impossible is it to fork Chromium and maintain a privacy friendly branch?



The only feature keeping me on Chrome is web bluetooth.


I can't use firefox since they decided I need to enter 6 char code to verify my password. Oh... this code never arrives to my google mailbox.


ublock origin is non-negotiable

so long, chrome!


Off-topic: because of this, I was thinking of moving to Vivaldi and it's really sad how unpolished and slow their UI is... it's almost as if it was a beta, still. I wonder if they use it themselves...

It seems to me that they want to reinvent the entire Chrome UI but they don't have the necessary manpower to do it properly.


[flagged]


Please don't take HN threads on off-topic ideological tangents.

https://news.ycombinator.com/newsguidelines.html

We detached this subthread from https://news.ycombinator.com/item?id=21503824 and marked it off-topic.


Really? That's funny, I always thought businesses hated the idea of communism.


Internally, businesses run whatever system they want, but it is almost always an authoritarian hierarchy. (Do what you're told or leave. Various amounts of arguing or grumbling before you do may or may not be tolerated.)

The language used in bad times is telling. You'll hear managers talking about how it sucks, but is needed to save the company ("individuals must suffer for the greater good").

Externally, businesses reflect the political preferences of those who control them, but they tend to prefer weak states they can influence or control. Democracies are harder to control this way because the stakeholders are diffuse. Centralization, strongmen and corruption make things easier.


Not sure if this is tongue-in-cheek, but the key consideration here is that of authoritarianism (which is capable of being used in conjunction with plenty of other -isms, including socialism and capitalism). Corporations tend to be largely authoritarian as well (i.e., you are expected to respect your boss because they are your boss (and if they deign to respect you, this is regarded as magnanimity); possession of authority in authoritarian contexts is circularly self-justfiying).


The comment to which I replied specifically named Stalinism, of which communism is a core tenet. I have difficulty thinking of a Stalinist company.


I wonder how much of this is actually about Adblockers... vs Googlers just wanting to make some performance numbers go up in aggregate to make their own internal company stats better.

Cos sure as hell no user is waiting for this.


> Cos sure as hell no user is waiting for this.

Why do you assume Google implements features that users want? They implement features that their clients want: the ones paying for ads.


As someone who's used digital advertising in the past I wouldn't really care about forcing my content upon all customers. It's a self selected opt-out for someone who won't ever click anyway.

The real problem is news websites don't show restraint and shovel (so, many) ads to customers, making impressions go up and clicks go down. IMO ads won't go away and adblockers won't kill them completely as too many market forces (privacy, performance, revenue) is making the industry adapt.

Disclaimer: Personal opinion, Googler, not in ads or Chrome.


This is absolutely the real thing hurting online advertising right now. Nobody wants their eyes molested by that many ads, and it makes the user's eyes glaze over. Fewer, better quality, better placed, and less obnoxious ads have consistently worked out better for my clients in terms of clicks.


Given that they added an arbitrary limit to the number of rules that is high but not quite high enough for modern adblockers I'm gonna assume this was intentional.


Apple/Safari adopted pretty much the same architecture on Ad Blockers. Maybe just maybe the conspiracy theories are all wrong, and there was actually a legitimate, technical reason for choosing a restricted API.


If there was, they could've communicated it clearly already a year ago. There is no reason to give Google the benefit of the doubt, since it's clear they're not trying to get it.

If this rolls out, I'm going to very loudly tell my friends to use Fox, and not stop.


They have, https://docs.google.com/document/d/1nPu6Wy4LWR66EFLeYInl3Nzz..., and reading it I have always thought it makes sense, as much sense as why Safari decided to do it. However, I don't think I have ever thoughtful discussion why their intended goal (security and privacy) is wrong or could be done in other ways.

I feel sad that each time this comes up even on HN it's always "Google, ad company, bad". There's a mention elsewhere about 30k limit being limiting. Why aren't we discussing alternative enforcement metrics, and request for inclusion?


> maybe [...] there was actually a legitimate, technical reason for choosing a restricted API

Without any further explanation that sounds rather unlikely.

The change is very publicly criticized and keeping legitimate reasons that could've increased support secret is a really counter intuitive strategy.

Apart from that I think it's not far-fetched or particularly conspiratorial to assume that an ad-company might have an interest in restricting ad-blocking.

"When you hear hoofbeats, think of horses not zebras."


Safari's limit is significantly higher, and bluntly nobody is using Safari because they think it gives them user freedom.


I use Safari because it gives me freedom. I paid Apple for their product, now I own the product. It works well except for some Chrome demo apps(which gives me the chills "For the best experience use Internet Explorer" == "Your browser is not supported, use Chrome 46 or newer")

What kind of freedom do Chrome users get?


Safari has a much larger limit for blocking list entries though.


It’s not all that much larger; the limit is a combination of a hard cap of 50,000 rules and what Jetsam will let you get away with.


You can bundle many rule lists inside one extension. It's how 1Blocker works, and I did it myself for my own adblocking extension.

I'm not sure if this is possible in Chrome's proposal though.

Maybe this change will finally get people to prune Easylist which had 30% outdated cosmetic-filter cruft when I last sampled it along with hobby horse websites <0.00001% people would ever visit. Right now it's basically like an append-only legacy CSS file.


+ the limit there is per-extension, not global


And the limit is easily circumvented by having multiple extensions. I've seen Safari extensions that split themselves up to one extension per block list.


Google is an advertisement company there is nothing conspiratorial about them using their market share to force ads on people. After all whats the point of supporting chrome if it sells no adds.


The point would be

1) avoid being locked out of platforms by not controlling the default search. Apple and Microsoft could either extract a high toll, or crush search engines by controlling what search engines people see by default. On iOS, Apple does extract a toll to be the default, but MS was denied this, by Chrome beating out Windows Mobile and Edge/IE. If your company is wholly a web company, and someone else controls the key onramps to the web, you're potentially in trouble.

2) If the Web becomes a toxic wasteland (which was happening prior to Chrome when IE6 ruled), users flee more towards silo'ed platforms and apps. A healthy web is as beneficial to Google as a healthy forest is to a timber company.

It's like saying "The New York times is an advertising company, not a news company, so why would they invest in journalism schools if the point is to sell classified ads?"

And then there's just plain old interest in technology. Lots of projects at Google start from 20% engineers time, and grow to large successful projects, without any business model, they're just costs. You've got more than a thousand open source projects I bet being run by Google engineers, the majority of which exist because someone wanted to scratch an itch. Go, Angular, Tensorflow, Guava, et al, don't make money and aren't intended to.


(You need a standard disclaimer for your employer in this particular thread.)

I disagree that Google is a web company proper. It might have been years ago, but nowadays Google is capable of bending the very rules of the web and internet at their liking. As a result it can now essentially define what the web (okay, the modernish web) is, and that makes your points moot. Also Google's open-source projects are irrelevant to this discussion, much like that using React doesn't void your rights to criticize Facebook.


With Google's new API, all ads can still be blocked. There will be a limit for network request blocking rules, but it's very high so that normal users don't reach it. And for those that reach it, only network requests are affected, so adblockers can still use other APIs to hide the ads.


This is the first time I’ve heard the suggestion that there are ways around this by using other API’s. Can you elaborate?


You can use other APIs to hide ads (i.e. prevent them from being displayed), but they would still be downloaded so you lose the privacy, performance and security benefits of the ad blocker.


It makes sense to me that a company that is heavily invested in an ad-driven internet economy would limit the use of ad-blockers in their very popular browser. They surely weighed the risks of losing some users to better browsers, and probably found that they were by now acceptable.


I don't know if this actually helps Google show more ads. With a 30k rule limit, I'm imagining most adblockers will prioritize the most common ad domains, and I'm pretty sure Google would be at the top of that list. This may really be a win for the long tail of smaller ad networks rather than the bigger players.


> Cos sure as hell no user is waiting for this.

Most of the web browsing happens on mobile devices where Chrome has a staggering 5B+ installs (though possibly not all active) vs Firefox's 100M+. Chrome on mobile never did support extensions let alone content blockers.

The manifest v3 offensive is meek compared to their hegemony already on display in the Android world which has 2B+ active users that almost exclusively use Chrome.

I see an anti-trust case in here somewhere or for Mozilla to simply buckle up and sign deals with OEMs that makes them the default browser and webview on Android.


As the browser is made by an ad company I'd probably go with "actually about adblockers" and not performance metrics.


Google's internal motivation doesn't really matter.


Wow, the amount of negativity here is awful. I looks like most commenters have not even read the article...

First of all, the HN title is not the title of the article. HN mods, please change it to reflect the actual title of the article.

Second, to me this does not seem as some attempt by Google to actively block Adblocker extensions. They are proposing a change to the API (Manifest) to no longer allow manipulation of content, which I think is a good thing from a security standpoint. They also propose reducing the number of content stripping rules to 30k. Now, I'm not familiar with add-on development, but this sounds like a constraint that was implemented for performance reasons. This constraint will break add-blockers in their current form, but there is no reason for me to believe that this will make content filtering impossible.

It is also clearly stated that the V3 manifest is in early testing phase. Nothing here is set in stone.


As 'yipbub says, the amount of negativity here is appropriate. The topic of Manifest V3 has been discussed to death over the past months, and the conclusion is, it does cripple ad and tracking blockers. The security benefits of this change are at best dubious[0], the performance argument is nonsense, and it really does look like the primary goal of this proposal is to make it impossible for browser extensions to effectively prevent users from being tracked. In the months since the initial proposal, Google has done nothing to suggest this is not their goal.

--

[0] https://www.eff.org/deeplinks/2019/07/googles-plans-chrome-e...


They announced this back in May/June - the whole 30k rules things.

Current rules list easily exceed that number. They said back in May/June that they would consider looking increasing the number of rules - they clearly haven't chosen to increase the number in the intervening time. Maybe they are waiting for more actual testing, but they're not setting themselves up for an easy time.

It's also honestly a little rich to worry about the performance impact of ad blocking given the performance impact of ads themselves.


The amount of negativity here is appropriate.


Mods, can we have this title changed to match the article? It’s not accurate, as Manifest v3 does not “kill” adblockers. (Whether it cripples them or not is still subjective and does not belong in the title.)


Thank you for giving an insight from the other side.


Did anyone actually read the submission? The title is clickbait that doesn't reflect the content.

The change here moves modifying content of the webRequest to the browser from the extension. This is fundamentally more secure. Allowing third-party extensions to inspect and _modify_ arbitrary HTTP requests is nothing short of dangerous.

The new declarative API (from the article) limits such extensions to 30,000 rules. I honestly don't know what impact this will have on ad blockers. At worst it seems like ad blockers will become less effective as simple logic tells you that some rules matter more than others and the least used rules will simply be dropped.

So rather than be alarmist and use this to feed into the tired narrative that "Google is killing ad blockers because it's an advertising company" (paraphrased) we should be pushing for changes that make this workable, such as:

1. Having a higher limit than 30,000; and

2. Working on ways to condense N rules into <N rules. There must be ways we can be more expressive so that we don't require as many rules, no?

I honestly don't like the fact that I have to give a third party developer so much privileged access to run an ad blocker and I'm surprised anyone else is. Extensions can be compromised.


> So rather than be alarmist and use this to feed into the tired narrative that "Google is killing ad blockers because it's an advertising company"

That’s not alarmist, it’s the obvious truth. As a user I should have complete control over what runs on my machine. I don’t need Google “protecting” me (by breaking ad blockers). Google is the single most destructive force in the tech industry today. Very much like Microsoft in the 90s. We should resist their attempts to embrace, extend, extinguish and we should be insulted that they couch these changes in marketing speak that pretends to be pro-user when it’s the exact opposite.


> As a user I should have complete control over what runs on my machine.

You do. By running Firefox. This level of control might be useful to you but it's not to most users. As much as power users chafe against things like the App Store, for example, this is clearly a win for most users. Limiting what a malicious extension could do is very much the same because I can guarantee you there are scams to get users to install malicious extensions.

How Firefox should respond here is to make ad-blocking a first party solution. In that Firefox itself is responsible for the blocking and all extension writers are responsible for are the rules.

At that point you will have a solid story that FF is putting the user first.


So it’s safe to say that people are not being alarmist about Google and should switch to Firefox.

I don’t think it’s “clear” at all that most users benefit from monopolistic app store practices. I think the giant tech companies do though.


"Should"? I wouldn't go that far. I will say however that people are the uproar is somewhat overblown for three simple reasons:

1. Google wants people to use Chrome. It's clearly of benefit to them (and, for the most part, to users, at least for now);

2. Alternatives exist; and

3. Switching to an alternative is essentially trivial.

This just isn't a Microsoft Windows monopoly situation.


Beacon.enabled default is true, and the password manager defaults to sending passwords to a remote server. MozCo is not user friendly. Their main focus is on keeping the Google money flowing.


> How Firefox should respond here is to make ad-blocking a first party solution.

Okay, yes -- that would be an interesting move. Not sure they can afford it but it would be great.


Agreed - if you support a user base on chrome folks DO install bogus extensions DESPITE all the guard rails


> it’s the obvious truth.

Only to those who are woefully ignorant of how any large company work and are unable or unwilling to see passed their own desires. But let me ask you this, even if we stipulate it's 100% true, how does that help? What does that accomplish? You've simply stated an opinion that those who agree with you will cheer for (changing nothing) and those who disagree with you won't change (also changing nothing).

People have this overly simplistic view of how large companies work and ascribe malice to Google in particular for what's essentially just chaos. And I say this as a Xoogler.

There are conflicting forces in Google that include, but are not limited to:

1. Protecting the ad revenue business Google is utterly dependent on; and

2. Promoting user privacy and benefits because that's what gets users to keep using your products.

Even (1) comes from a wide variety of motivations such as:

- Making more money;

- The belief that ad-supported models are the only model that works so advertising is an absolute necessity to providing services on the Web.

> I don’t need Google “protecting” me

And again, you seem to be deliberately missing the point here because you say "I" a lot. What about your parents? Or grandparents? Do they need "complete control" over their machines? And consider for a second the scenario where you're not giving them tech support.

This "complete control" is exactly what enables botnets (many of them anyway), fraud, theft, DDoS attacks and so on.


> So rather than be alarmist [..] we should be pushing for changes that make this workable

If, as the author suspects, the intent is to break popular adblockers, I have no interest in trying to make this workable.

Personally, I think this is a typical half-legit move: there's a good intention (security) but it's also hard to believe they did not realize that by pushing these changes, they were going to break several of the most popular extensions available. And, that the direct impact of this would be that for a short moment (at best) many more ads were going to be displayed on Chrome.

I think we've seen a lot of these half legit moves recently (apple battery scandal?). So I'm starting to be more and more suspicious.


There's no security involved whatsoever: Extensions can still read page content. They're only not allowed to block.


Not just page content. They can read your cookies, they can see all requests (just not modify them on the fly). The extensions tracking you acting as spyware will see no change, the other kind of malicious extensions that want to modify your requests will still do so by modifying the DOM of pages for example.

So the "security" reasons google gave have long been debunked as non-sense.

The other half is the performance reasons. What's the performance burden of calling a (chain) blocking webRequest listeners? Last time I checked it was single digit milliseconds per request. So a very ad-laden worst-case website with 100 requests will spent maybe 500ms in the webRequest listeners, but will still load faster thanks to all the cruft being blocked away. So what's the win for performance exactly?


How hard exactly is it to use Firefox instead of Chrome? It literally takes 2 minutes to switch. This isn't a Microsoft situation where, at the time, there was no alternative to Windows. It is the easiest thing in the world to change browsers. Google knows this too.

Not every surface is a slippery slope.


> How hard exactly is it to use Firefox instead of Chrome?

I don't understand, you're saying these discussions are useless because anyone can switch to Firefox anytime? But why would anyone decide to switch to Firefox if it weren't for these discussions. This is not something users can experience directly (like bad UX), clearly they need some level of understanding.

And Google taking full control on yet another thing on the web, does sound like a slippery slope to me.


Extensions can still inject arbitrary JavaScript into any page, so this isn't about safety and security.

Removing the dynamic capability kills heuristics, so it definitely makes ad blocking worse. There's a reason uBlock Origin is popular.

See: https://twitter.com/gorhill/status/1134127701583904770


> Allowing third-party extensions to inspect and _modify_ arbitrary HTTP requests is nothing short of dangerous.

On the contrary, I think google removing this ability actively removes user choice. A choice that I think users should be able to make.

Slippery slope argument: I run a PiHole on my network. Perhaps Google should also absolutely require DNS over HTTPS in Chrome, too, because it's nothing short of dangerous to allow third-party DNS servers to inspect and modify arbitrary DNS requests.

> Extensions can be compromised.

It's also Google's decision to make extensions auto-update by default.


30K is just not enough. Intercepting requests is still possible, just not blocking. Extensions have been already abusing this, of course. It's fiendishly difficult to prevent e.g. corporate users from leaking the whole intranet to SimilarWeb unless you completely disable browser extensions.


> Intercepting requests is still possible, just not blocking

False: https://developer.chrome.com/extensions/declarativeNetReques...

"There are the following kinds of rules:

- Rules that block a network request.

- Rules that prevent a request from getting blocked by negating any matching blocked rules.

- Rules that redirect a network request.

- Rules that remove headers from a network request."


I mean the current request inspection API, not the new ruleset-based one.


> I honestly don't know what impact this will have on ad blockers

But adblockers authors do know. Instead of accusing people of not reading the article, feel free to read what uBlock origin author has to say about this change.


This isn't just the rule limit, and the most powerful part of extensions imo is to be able to block/modify elements at the dom level. Both for ad blocking and for customizations (reflow pages, modify css, etc). If you don't feel comfortable giving access to blockers, it's not that hard to roll your own. Just read the format of easylist.

> extensions can only monitor browser connections, but not modify any of the content before it's displayed


And if requests are blocked then content publishers can very easily detect ad-blockers and intentionally degrade the user-experience or add nag screens that aren't part of the usual ad network code. If it's an SPA then it'd be almost impossible to untangle easily when the site's developers can add their "is-adblock-detected?" checks anywhere in their SPA codebase and mess with the UX at-will.


Ok, so of all the replies here, this is the first I've read that's actually raised a really good point. Simply blocking requests will make ad block detection easier for Websites. Then again, this seems to be pretty prevalent already (as in lots of sites I visit already detect this).


Most adblocking scripts I’ve seen work by detecting if an ad loaded into its ad-placeholder. If you disable JavaScript completely then you don’t get the nag-screen. Some variants use CSS to show the nag screen by default and only removes it if it sees the ad loaded fine.

But server-side connection-blocking or request-blocking detection works even when JS is disabled, but it requires a lot of infrastructure and cooperation between publishers, ad-networks, and more - both technical and political/business cooperation.

Eventually in the future, web-browsers will render a page twice: one fully-loaded page, hidden from the user, that the ad code will think is what the user sees, while a network-sandboxed version is shown to the user with the already-loaded ad images replaced with white boxes or so. The client scripts can’t tell the ads haven’t loaded and even if they did they can’t phone-home to snitch on the user, while the browser still made those HTTP requests for the ads so the ad-network is satisfied it made an impression.

Perhaps we could get fake ad-loading working without wasting downstream bandwidth by spoofing the IP source address field?


Google is the worst actor to push for this. I have 0 trust in them that they are doing this for the right reasons, and that I will benefit as a user.


If you have 0 trust in Google, why would you ever use Chrome?


So, some handwaving and all concerns go away because they are 'tired narratives'. Why not just block all extensions? That's clearly the most secure solution.

> I honestly don't like the fact that I have to give a third party developer so much privileged access to run an ad blocker

Then don't, install another one that works the way you want. Or don't, because the limited blocking abilities you appear to find sufficient can be gained just as well using an external proxy.

> Extensions can be compromised.

So can browsers, devices and operating systems.


> Why not just block all extensions? That's clearly the most secure solution.

That's pretty much what phones do. Both iOS and Android take a white list approach for third-party add ons.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: