Google proposes changes to Chromium which would disable uBlock Origin(bugs.chromium.org) |
Google proposes changes to Chromium which would disable uBlock Origin(bugs.chromium.org) |
Installing Firefox on mobile today. Time to prep.
The GDPR situation and this week's 'fine' for Google certainly suggests that the current model of surreptitiously harvesting outrageous amounts of data from unsuspecting service-users is untenable (as well it should be), so I'll be fascinated to observe the next stages of the data collection vs privacy skirmish.
[0] - https://marketingland.com/survey-shows-us-ad-blocking-usage-...
> the 30,000 limit is not sufficient to enforce the famous EasyList alone).
It's actually Google wants to rule by blocking other platforms that provide Ads.
Oh well, they'll just give me a reason to accelerate my full migration to Safari and Firefox and to only touch Chrome when testing a website.
then they'd be able to sell their browser as having ad blocking when chrome doesn't
the market would take care of the rest
Before they dropped Edge, a move like this would have been a great marketing opportunity for Microsoft: "Come to Edge, where your ad blocker still works."
I'm starting to believe I'm talking to a bot.
Chrome extensions have access to the 'debugger' API.
Debugger API provides access to remote debugging protocol.
Remote debugging protocol provides commands to intercept, filter and block requests.
Please see: https://chromedevtools.github.io/devtools-protocol/ and specifically the "Network" domain.
Is there any rationale why?
It’s funny when you think of it, now both browsers want to shove ads down my throat. I hate the modern internet.
The attempt to force users into a system they don't want when there are other options available results in a loss of users.
I will focus on Firefox for compatibility, if it works on chrome that's great but I will consider it ie6, I don't care about crippled browsers.
Depending on the project and leeway I might even block it outright. I did that with ie6 on one system.
Now Microsoft has a choice for Edge:
A. Fork here and pay the maintenance price and extension compat issues, with potentially unlimited downside of technical debt in reconciling the two.
B. Adopt these changes and kill ad blocking in Edge, preventing them from differentiating themselves from Chrome and reinforcing Google's position as an advertising giant.
Both are bad. What would have been less bad is if Microsoft switched Edge to say, Gecko, or maintained EdgeHTML and continued to support a multi-platform, multi-implementation web.
For the marks, I mean, users, ads pollute visual field, occupy mental space, create and encourage unhealthy habits.
Ad industry can't go out of business fast enough.
I'll happily whitelist any ads from a network that bans scripting in the ads they accept.
It's also worth pointing out that the included ads are targeted locally on your computer, and none of your browsing data gets sent to Mozilla (https://help.getpocket.com/article/1142-firefox-new-tab-reco...).
And it's also really easy to turn them off (preferences > home > "sponsored stories").
I have my Firefox homepage set to a blank page and see nothing of the sort.
Because of your comment, I temporarily set my homepage back to "Firefox Home," but didn't see any ads. Just a a few recommended news articles.
Yes, google never shows you ads.
You see? Power corrupts.
Suggested title: Chromium Extension Manifest v3 change would break uMatrix/uBlock
Mods?
The essential quote from the linked comment is this: "If this ...[change to chromium is implemented]... [it] essentially means that two content blockers I have maintained for years, uBlock Origin ("uBO") and uMatrix, can no longer exist."
"can no longer exist" is much closer to "disable" than "break".
We should demand a LOT more evidence before claiming that Google intends to break adblockers before accusing them of that. If they are doing that, I want to be the first one raging against them, and I don't feel comfortable raging on something that deserves the benefit of the doubt.
Companies can change their browsers anytime and for whatever reasons they want. As far as I can tell, users have little control over the organizations/companies that write browsers, not to mention that the most popular browsers are written by companies that benefit from sale of the online ads. This make the ad-blocking browser extension brittle.
I also find it peculiar that the preferred approach to ad blocking has been blacklisting rather than whitelisting. In other words, users prefer to let a third party pick a list of servers to block. Everything else is allowed by default.
Besides issues of delegation and having to trust a third a party, this of course is a very large, constantly growing list that includes many, many servers most users will never, ever encounter in their entire lifetime online. Though it may be unnoticeable for now, an enormous block list is inefficient.
The alternative, which I have found easier to manage, is for users to determine what servers they need to access, "whitelist" them (e.g. by placing them in localhost authoritative DNS or /etc/hosts), and then block everything else by default. This is similar to a firewall ruleset.
The number of servers any user will use in their lifetime is relatively small compared to the total number of ad server addresses in existence now or in the future. It is manageable.
If you are a non-technical Chrome user, and you have no idea of what servers you are actually using repeatedly day-to-day, there is a built-in feature that can help you make your own "whitelist".
Here's the URL:
chrome://site-engagementhttps://www.reddit.com/r/ublock/comments/32mos6/ublock_vs_ub...
* Pi-hole®: A black hole for Internet advertisements – curl -sSL https://install.pi-hole.net | bash || https://pi-hole.net/
* GitHub - StevenBlack/hosts: Extending and consolidating hosts files from several well-curated sources like adaway.org, mvps.org, malwaredomainlist.com, someonewhocares.org, and potentially others. You can optionally invoke extensions to block additional sites by category. || https://github.com/StevenBlack/hosts
Someone will make money selling an ad blocker device that's just a configured Raspberry Pi with a consumer-friendly way to install it on a home network.
For the few extra ad clicks they'll gain, it's just not worth the upset.
So in light of that, I see no reason to not assume malice in this case too.
From what I can gather from the chrome.webRequest and chrome.declarativeNetRequest documentation, it looks like this change would make it difficult to have long lists of blocked hosts, or perhaps to update such lists automatically. Obviously there is a conflict of interest here for Google, but it looks like there are at least a few non-bogus justifications for the proposed change.
See also (especially the section "Comparison with the webRequest API): https://developers.chrome.com/extensions/declarativeNetReque...
* There's a limit of 30k blocked rules, which isn't enough to fully block every ad (for example, EasyList alone is 87k filters right now).
* The declarativeNetRequest API only supports a limited set of filter options. Currently, uBlock supports a bunch of additional options that give you more fine-grained control over what is blocked [0]; most of that wouldn't be possible in the new API.
* AFAICT, the ruleset can't be updated dynamically, which would prevent uBlock's dynamic filtering [1] mode from working.
Google's argument is that doing this improves performance (because it doesn't require communicating with the extension), and that it improves privacy. The privacy issue does have some merit - uBlock's author seems to be trustworthy, but other extensions might not be - but the performance argument in particular seems really shaky. uBlock's benchmarks [2] show that it takes around 0.1ms to decide whether to allow a network request. The only way it could noticeably impact performance is if the overhead of communicating with the extension process is really high, and that sounds like something Google should fix rather than eliminating it.
[0] https://github.com/gorhill/uBlock/wiki/Static-filter-syntax [1] https://github.com/gorhill/uBlock/wiki/Dynamic-filtering [2] https://github.com/gorhill/uBlock/wiki/uBlock-vs.-ABP:-effic...
[1]: https://bugs.chromium.org/p/chromium/issues/list?q=label:Hot...
This is also incredibly important.
It's my HTML, don't restrict me. Let me mangle the web pages I request.
curl -sSL https://install.pi-hole.net | bash
now I live between the two browsers. For the most, there is no real difference and for both browsers, holes can be plugged with plugins. ( One nice thing I like out of the box for FF is that it supports column selection which makes my life easier on some web pages I have to use regularly )
I like the web development tools on firefox, and usually use them over chromes
The only few things I've really had an issue with is a particular wiki page in my works confluence system that seems to go incredibly slowly on firefox and I end up using chrome to edit that page. The other is sometimes firefox doesn't open a new tab in a new tab if the tab bar has a lot of tabs if I'm using the UI ( I use vimium on both chrome and FF and it can open tabs no matter what )
Other than that, I have this very subjective "feeling" that chrome feels just a wee bit nicer than FF.
Was no one but me outraged about them turning the 'stop autoplay' of video feature off within Chrome on desktop? This happened in the last year or two - I don't remember since I switched to Firefox.
Chrome I only use for business / G-Suite purposes and for dumbo sites that only work in Chrome. Admittedly I'll use IE before I use Chrome.
It would actually go hand in hand with "hide but load element"
https://robert.ocallahan.org/2014/08/choose-firefox-now-or-l...
If the change goes through despite the issue being known, that is bad, and that will be a clear sign they don't care that adblockers are getting shut out. Still won't be proof it was intended to do that, but at least there's a different level of outrage you can apply to it.
This is not about who does or doesn't deserve the benefit of the doubt. It's about not having knee-jerk reactions to headlines. In the current political climate, that should be given some serious thought.
Edit: In fact, so far the only thing this thread has achieved is having people go in the issue tracker and leave their comment. You can guess what will happen next: Outrage and abuse in the comment section, followed by a lock, because of fucking course they should lock when there's abuse. This happens every damn time there's a github issue being linked on HN.
What this behaviour does is it prevents an actual discussion from happening.
Paranoid? Probably. But Google's revenues are from ads, so this kind of attitude is very much warranted in this case.
What is your basis for this claim?
I am not an expert on this topic, but Gorhill is and has a demonstrated history of technical/privacy judgement.
Gorhill's comment makes it clear that impacting the functionality of blockers is an intentional change, as the proposal not only removes previous functionality, but also enshrines one particular and limited approach to blocking.
Edit: I would also note that "break" may suggest the possibility of altering blocking extensions such that they could keep working and maintain their present functionality. Gorhill's comment makes it clear that this is not the case.
There is no evidence the change is being made with the intent of getting rid of adblockers; it is so far only a side-effect. We should demand such evidence before implying that this is the intended outcome.
If such is the goal, have at it with the headlines. They write themselves. "Advertising Giant Google Forcefully Breaks Ad-blockers in Chrome Update".
But until the evidence is there, we should be responsible about this.
Yes, but what's the point of this change, if it is only a side effect? I've read this thread and I haven't seen clear explanation what this change strives to achieve, other than breaking some popular anti-tracking/ad-blocking extensions.
So far there is only one rationale that could describe the motivation to make this change. Can you propose another possible motive? I am personally struggling.
I think the response is appropriate, energetic advocacy, but the HN headline is hyperbolic.
The title isn't at all hyperbolic. You don't deprecate such important functionality without laying out a full plan for replacement.
Unless there is no such plan and in reality you want to screw uBlock Origin, which I might say is the most aggressive ad blocker available, and isn't owned by a company in bed with the ads industry, like AdBlock Plus.
The fact that the plan ends with extensions still able to see all web requests, record all web requests, forward a log of all web requests to any arbitrary endpoint, etc...means the "privacy" angle is pure bullshit. I suppose the "performance" angle is somewhat true, but the net performance gain of NOT downloading all the ads makes up for any performance loss of processing/filtering requests. Sites with ads are faster when you load an adblocker.
The only thing being taken away is the ability to dynamically observe a web request and cancel it. Who uses that functionality outside of ad-blockers? Not many. There's no hyperbole in the headline.
[1] https://developers.chrome.com/extensions/declarativeNetReque...
If it ends up as effective as Safari/iOS's content blocking, I don't see the problem.
> The fact that the plan ends with extensions still able to see all web requests, record all web requests, forward a log of all web requests to any arbitrary endpoint, etc...means the "privacy" angle is pure bullshit.
Yes, if you grant permission to access everything, it has permission to access everything. The benefit of the rule based approach is that the extension doesn't have to have access to everything.
The privacy angle is being able to move most extensions away from accessing all data in all tabs.
"Extensions act on behalf of users, they add capabilities to a user agent, and deprecating the blocking ability of the webRequest API will essentially decrease the level of user agency in Chromium, to the benefit of web sites which obviously would be happy to have the last word in what resources their pages can fetch/execute/render."
The design document says "potentially removing blocking options from most events". There is one mention that the blocking ability of webRequest.onAuthRequired may still be required.
From this I deduce that the plan is to remove the blocking ability of the three remaining listeners with blocking ability
uBlock Origin uses two of these remaining blocking listeners, uMatrix uses three of them.
This is because Chrome extensions can use the 'debugger' API to send remote debugging protocol commands to a page, to intercept and filter / block all requests.
There is no need to use the provided Chrome extension APIs for blocking. Google can remove all of them, I think, without effect.
This is because there are multiple ways to do the same thing. Authors/engineers complaining that now they are impeded, are in fact mistaken.
Disclosure: I know this because I have actually re-implemented the blocking from AdBlock Fast using CRDP Network domain.
I'm glad that I stopped using it.
In essence they are copying what Apple did with Safari and their content blocking APIs. In this model, content blockers provide the browser with a set of blocking rules and the browser executes them against pages during render & load. Ad blocking can occur and privacy of what the user is viewing is retained.
Sure it's more restrictive and yes will likely break existing adblockers, but it's probably a better model for the future.
There will be arguments that you "can't do what is necessary" to create effective adblockers. That's incorrect.... I've created such an adblocker [1] using the Safari methods and its efficient, effective and high performance – including loading some sites 2x faster.
It bothers me that iOS doesn’t support addons to Firefox mobile. But on Android you can even install ublock origin
"In Manifest V3, we want activeTab-style host permissions to be the default, with a number of extra options. Instead of being granted access to all URLs on installation, extensions will be unable to request <all_urls>, and instead the user can choose to invoke the extension on certain websites, like they would with activeTab. Additional settings will be available to the user post-installation, to allow them to tweak behavior if they so desire." --- https://docs.google.com/document/d/1nPu6Wy4LWR66EFLeYInl3Nzz...
yup it looks bad.
- Is the change specifically to block ad blockers, or uBlock specifically? Or is it just a new extension API?
- Could ad blockers adapt to the new version to work again?
I am reminded of the new version of (Mac) Safari, which features a new extensions API. It took a while for them to appear but there are now good ad blocking extensions again, like AdGuard for Safari.
It's different for everyone, but for me it started with this gmail redesign that made the product so slow it's almost worthless to me. And worst of all is I feel like there isn't even a good competing service to switch to.
And now Chrome...
Great.
If feel they have enough impunity to get away with that, then it is no surprise that they will try to put other ad blockers out of business too.
Other ad networks might be big enough to bring an antitrust lawsuit against Google (although they probably won't last long enough) but Ad Blocking is such a niche market that they couldn't possibly sue.
I personally still use Firefox at home despite recent issues, but I honestly would prefer having both as an option, plus I always recommend uBlock Origin to everyone.
(Disclaimer: I work at Google but not on Chrome, opinions are mine and not my employer's.)
Only had about 15 active tabs (though a number of dormant ones since last FF restart). Between the various processes, FF was using about 6-7GB of memory. Closing almost all of the tabs reclaimed about 2GB, so still a lot left over.
That said I'm not too bothered, I can restart FF every other week or so.
Of course I can disable it if I want. But, I wish I could simply trust my browser vendor to do the right thing.
The browser itself seems solid, I've been happy since Quantum and look forward to seeing WebRender rollout.
They are a behemoth ad-based corporation that is becoming a monopoly in many areas of computing. In yet more areas, they are becoming an effective monopoly through size: they may not be the only company offering a type of service, but they are the only one able to offer it at scale and/or with a certain level of sophistication, given their resources are orders of magnitude larger than almost any other company's.
All this taken into account, it's obvious how much is at stake for them. Why wouldn't they try crippling blockers? Their revenue depends on it and the only counter-incentive is that there may be a massive exodus of users to Firefox, while it still exists. Do it slowly enough, though...
This is simply an engineer spotting a performance bottleneck in Chrome and posting a design to resolve it.
There is zero chance that Google's top brass told the engineer to deliberately cripple ublock.
The fact is that modern ads and crapware/malware web resources are a large problem that users choose to deal with by installing modern ad blockers. Even if that makes the browser somewhat slower overall, it is the ads that are the culprit, not the ad blockers. Also, anecdotally, but I find the web's performance to be vastly improved by installing uBlock Origin, as has also been noted in another comment.
It is also a fact that Google's whole business revolves around ads. Again, why wouldn't Google be mindful of ad blocking and try to prevent it from happening, with all the resources it has at its disposal? It would be bad business not to try.
Even if this particular situation isn't an example of this, I think it is irrational to think it does not and will not happen.
The #1 way to improve web browsing performance is with aggressive and comprehensive ad blocking.
On a related note, why doesn't Chrome for Android have extensions? I get the sense it's because it was more strategic to ban extensions entirely than to allow ad blocking on mobile.
I think we're at Stage 3.
Even in the most skeptical reading of the situation, Google never "embraced" adblockers, they allowed them. You'll note there's no extensions on Chrome for Android for example.
https://www.theverge.com/2018/2/14/17011266/google-chrome-ad...
Interesting changes to Chrome seem to have become more often. A recent one was the forced login policy. https://blog.cryptographyengineering.com/2018/09/23/why-im-l...
The current webRequest API allows extensions to intercept network requests in order to modify, redirect, or block them. It is frequently used by content blockers. Currently, with the webRequest permission, an extension can delay a request for an arbitrary amount of time, since Chrome needs to wait for the result from the extension in order to continue processing the request. The basic flow is that when a network request begins, Chrome sends information about it to interested extensions, and the extensions respond with which action to take. This begins in the browser process, involves a process hop to the extension's renderer process, where the extension then performs arbitrary (and potentially very slow) JavaScript, and returns the result back to the browser process. This can have a significant effect on every single network request, even those that are not modified, redirected, or blocked by the extension (since Chrome needs to dispatch the event to the extension to determine the result).
Google has noticed (as have I) that a typical chrome instance is significantly slowed down by things like adblock plus, because it turns out running every URL through a million regex's uses a massive amount of CPU and really slows down loading. As web pages get bigger and have more resources, it isn't going to scale.
This has been going on a long time, and there are totally ways to improve performance, but typically ad-blocker authors don't have a commercial incentive to make their software super performant, so as far as I know, none have even implemented basic performance features like prefix trees, bloom filters or hashed lookups.
It became a dramatic slowdown with a slow CPU. I made a performance patch which saved 40% CPU time (by making a new css selector matcher). I even tried to submit the patch upstream, but my employer blocked it with bureaucracy.
Losing the full efficacy of uBlock and uMatrix is a deal-breaker - not just for Chrome, but many other Google services. That such a proposal is even being considered is stunning and causes me to reconsider Google's reputation.
epic burn
> the blocking of media element which are larger than a set size, the disabling of JavaScript execution through the injection of CSP directives, the removal of outgoing Cookie headers, etc.
Seems like pretty fundamental stuff for any user-side content filtering, especially for the use of bandwidth and privacy considerations, ad-blocking aside.
So glad I’m not a google user. How much more does google have to do before people stop seeing them as the freedom option?
Sounds like Google devs to me!
Negative != Disrespectful
Unexpected != Illegitimate
Many web commentators continually sound the alarm on Google's increasing leverage and control over a variety of "components" or "intrastructure" essential to the www.
But controlling the browser is, I think, the ultimate control over the web as users know it. Browsers seem to fall outside the purview of www standards. Are there RFCs that tell people what browsers must or should do? More likely, there are standards that focus on servers and seek to accomodate whatever browsers are doing at the time.
The browser can override anything. It can easily modify user intent in subtle, "hidden" ways. It can rewrite "default behaviour" overnight.
To give an example, users probably think little of something like the feature known as "Omnibox", if they even know what that is, but this sort of browser "feature" is of enormous value to a company trying to gather information on what users are looking for.
Imagine the number of DNS queries this bypasses, redirecting what is typed by the user to a default search engine, conveniently preset to point to a Google server.
https://en.wikipedia.org/wiki/Usage_share_of_web_browsers#/m...
IE was stagnating, slow, and extremely vulnerable to malicious behaviors. The net result was that the web became a very hostile place, while Microsoft was pitching various "post web" strategies like WPF. Google had been a big financial supporter of Firefox but not to a degree where they could direct the project or push their own agenda. At the time many viewed Firefox as slow and bloated.
So Google made their own thing, and it worked admirably and we might be in a very different world if they didn't. They dramatically improved the state of the art for JavaScript, added intrinsic hostile activity and site blocking, started dramatically accelerating the adoption of technology improvements (by implementing very early proposals, often to much consternation), etc.
The web was less dangerous. Google's cash cow was protected because there was less of a draw to go to alternative platforms.
That, I think, was their primary intention and it was aligned interests with users. Everyone is happy with the web.
And honestly I do think this ad blocking thing is a bit of "fake news" (e.g. it is being grossly misreported). Google is proposing a solution that offers more privacy from the extension, and it seems very similar to what Safari has done (and which is very widely viewed as a great design).
It would only provide more privacy if ad block extensions go solely with static lists of uris. If they want to retain features like right-click block, or allowing users to customize the list, static blocks don't work.
These changes do nothing to inhibit the ability to log/store/etc requests anywhere you want as an extension author. They are only removing the ability to cancel in flight requests.
What's your source that the Safari ad blocking approach is viewed as a great design? Everything I look at shows it was a regression in effectiveness. Certainly the various adblock authors weren't thrilled. How well, for example, does it work with YouTube ads?
Chrome was originally based on WebKit and many other open source libraries, and some parts still are. The only major initial investment was V8.
And that was 6 years ago.
Profiles went from optional, to on-by-default but could be disabled via chrome://flags, to on-by-default but could be disabled via command line arg, to cannot be disabled, to logged in by default but not syncing. Where this progression is going and what it's trying to promote is not rocket science.
Chrome used to be very lightweight, fast and basically unseated IE as the top browser. It got that love because at the time Firefox was bloated and IE had a stranglehold. Chrome was also safer with a process per tab. Chrome made web browsing/dev pleasant like Firefox/Firebug did and it really took off being based on Webkit like Safari which also worked well on mobile. Chrome (and Safari) or Webkit pushed HTML5/Canvas/WebGL/SVG into real world use which changed the landscape of browsers.
Nowadays Chrome is bloated like Firefox was, has a stranglehold like IE did, is now pushing its own market standards and breaking existing open/market standards and generally being a forceful, non respecting to standards, web browser. It sure is unfortunate and another sign that bizdev/marketing/executives rule over engineers at Google now.
I tried using Firefox for Linux for about 6 months last year, but had to give up. I got frustrated with the random UI pauses/latency, random crashes, and broken web rendering (not its fault). On the other hand, Chrome just works, and provides a very smooth, low latency experience on Linux. I don't like that I have to give up my privacy for a decent browsing experience on Linux, but that's the state of things.
Guys who maintain Firefox - thank you. I hope I'll join the FF users once more in the near future.
Check their dev blog, they add cool features every couple of weeks:
How on Earth does "Comorbidities Associated with Plaque Psoriasis | Dermatology Times" on page 10 have a higher PageRank and relevance for the search query "uBlock Origin" than https://addons.mozilla.org/en-US/firefox/addon/ublock-origin... ?
1. Chrome web store
2. ublock.org
3. Microsoft store
4. Wikipedia
5. Mozilla addon, and finally
6. Gorhill's github for ublock origin.
Can we finally say that DDG is better for some searches than Google?
Power users won't stand for this sort of thing and will switch to Firefox. Firefox, in turn, will gain greater development mindshare.
In aggregate, these privacy and "ads above all" stories will continue to taint the Google brand. Many of my layperson friends are starting to worry about their privacy when using Google products--it's a good thing!
I recall this is what I had to do for Safari since there wasn’t a supported extension for the new browser yet.
This would lessen our dependency on a browser for ad blocking in this ongoing browser war.
It's better to just not let a browser that's user hostile enough to prevent ad blocking win a browser war.
I can throw facebook's servers into my hosts file, but what if I want to permit connections to facebook servers if and only if I am on facebook.com? uMatrix makes that trivial.
Let's hope I'm right. :)
Got it.
If you let users do whatever they want, they will often shoot themselves in the foot. It's a tough balance.
NO, your product is not a good replacement. You do not have custom rules, you can not block annoying elements, no it is not faster than Ublock and no, it is not even close to the feature set of Umatrix. And you can not do these things, because your product basically ships an ad-blocking list, and is not a fully featured ad blocker that gives control to the user over what to block.
You have just added white lists of websites. As Beta. For Pro subscribers. That doesn't even remotely compare to the permission feature set - in the hand of the USER - of UMatrix or Ublock. Your Adblocker would not even be functional for someone visiting non-English pages.
YOUR extension will be caught by anti-adblocking scripts all the time.
Please stop. Every time this comes up you post the same thing. Stop deceiving people.
You CAN NOT build an equivalent product with the Apple API, and you have certainly not done. No Matter how often you claim this!
By the way, Ublock, a product vastly superior to yours, is free.
.png){kind=link}
> In Manifest V3, we will strive to limit the blocking version
> of webRequest, potentially removing blocking options from most
> events (**making them observational only**)This change is clearly targeting aggressive ad-blockers that are too dangerous, too capable to circumvent via anti-adblocking technologies.
And Safari's content blocking is a piece of shit that's too limited and that's easily circumvented. It's in fact the weakest adblocking capability around and doesn't pose a threat to publishers.
Running an extension is running code I trust (mostly). Visiting a website is running code I (inherently) don't trust. Many websites even have no idea which code they run on my machine (advertizing networks).
I think the concern re the 30,000 rule limit is misguided. Many of these adblock rule lists are extremely inefficient and should probably be pruned to have less rules.
Extremely good and effective adblocking across most websites can be achieved with significantly less rules.
If you are planning on providing the functionality in the future please refrain from deprecating the existing mechanism until your replacement is fully complete.
Early access may fly on Steam but in the real world your careless management of the refactoring process is wasting the time of your peers.
A good example why "secure system" is, in a longer run, a system with low usability, and little control by the user/owner.
Right now we have ability to block URLs according to any rules, without being limited to whatever the browser author conceived. Perhaps we want to block some URLs based on context, or on content of previous communication, or whatever. Or perhaps pseudo-randomly, to emulate certain problems with the network.
Switching to "more secure" approach limits us to "one true way", and precludes any smart hack we may come up in the future.
It doesn't help that the change feels like attempt to squeeze out grassroots adblockers, and force people to, at best, use the ABP, which allows ad publishers to buy their way around blocks, and onto users' screens.
If uBlock becomes ineffective, I fully expect ABP to be even more aggressive with monetizing access to users' screens.
Why does this always happen? Why is it when google commits murder, someone mentions that firefox was caught jaywalking?
https://developer.apple.com/library/archive/documentation/Ge...
https://addons.mozilla.org/en-US/firefox/addon/tree-style-ta...
Switching is a pain, and I don't like Firefox's UI/UX. I'd switch if they did this because I value the extension very highly, but I wouldn't be happy about it.
DNS filtering is a cat-and-mouse game that DNS filtering tools will eventually lose. Don't get me wrong, I love Pihole and have used it for a while, but I know that I'm on the losing side of this battle.
Privoxy (and Proxomitron before it) were doing it 20 years ago, but never caught on because they're a PITA to setup and can't handle inline adverts. Pi-hole is new, but it's even more work to setup, and suffers the same limitations.
And as ad-blocking has become more popular the problems only gotten worse. It's unusual that I see any ads any more, but when I do it's always in an inline div or span with a "random" id or class name, essentially invisible to pi-hole.
EDIT: The bank robber is Chrome.
But Google wants to remove the ability to cancel a request through the events, and they want to replace that with declarativeNetRequest[1]. If you look at the link, in the Rules section, it seems to be simple, kinda hardcoded (but configurable) filters.
You can also see there's a limit of only 30,000 rules[2], which is not enough for EasyList[3] (example used in the tracker), which seems to have ~74,000 rules.
This is not targeted to ad blockers specifically. It's a change that makes blocking requests less flexible. For example, uBlock and uMatrix rules can be overridden by more specific rules, something that declarativeNetRequest can't do.
1. https://developers.chrome.com/extensions/declarativeNetReque...
2. https://developers.chrome.com/extensions/declarativeNetReque...
At superficial inspection it's not obviously targeted at ad blockers. It might still be. Most of google's revenue comes from advertising, fighting against ad blockers wouldn't be unexpected for them.
1. Google is proposing to limit the API uBlock Origin uses, and replace it with a less capable one.
2. Google also plans to put artificial limits on the new API (30,000 rules or something), which will make it even more difficult to make an effective ad blocker. That's not even enough to implement current blocklists.
3. The new API is inflexible, so it will be difficult to impossible to create innovative ad blockers in the future.
ghacks does a great job of explaining this (saw it first here).
Paraphrasing the article: Basically, they are limiting filters (used by ad-blockers) to 30k. Lots of blocking lists use more than 30k.
This is part of (possible) removal of blocking options from the webRequest API and the (possible) move to declarativeNetRequest to handle blocking requests.
This way they can have pretty much as many multiples of 50,000 rules as they need.
Then people started to realize Google only introduces products that collect data in a new way from its other products. If it can't survive that test then it doesn't exist. Ugh.
They literally removed the don't be evil motto as the reason for their conduct.
People will say that they still have, but that's just a stupid line at the end. They used to have a whole preface dedicated to it and have the code of conduct based around it.
there is no regulatory body that is able or willing to step in
We've already seen far greater market share from a browser. That browser lost it's market share when it stopped serving consumers. It lost it so thoroughly that decades and billions later it still can't recoup it.
Why would you want the government to hurt Firefox and the other competitors who would be happy to compete with Google on this front?
You may as well question the purpose of the FDA regulating slaughterhouses since vegetarians have been found a way to avoid doing business with them. That's a nonsense position. A vegetarian should demand that the FDA regulate the meat industry, and a firefox user should demand regulation for corporations they've avoided.
It's not possible for people to be well educated in everything and, as hard as it is to swallow for us techy types, a fair percentage of people don't have the time or inclination to even realise the potential down sides of using the Internet. They're too busy with whatever their own areas of expertise are.
Maintaining this shit is hard for a pro. The amateurs don't deserve to get shafted.
On the other hand, Google is getting bigger, expanding and hiring more people as the list of their failed projects increase. The chances of them screwing up their core products seems to be increasing, from my point of view. If they manage to do that, that would negate an inevitable future collision with anti-trust regulators. As for the EU and the GDPR I’m sure we are seeing the earliest warning shots and it’s going to be a big mess for them.
On basis of what exactly? What is google doing wrong?
I am curious to hear. Don't downvote me.
Maybe you would concede that some reasonable people think they have in the past?
Like FTC investigators (albeit overruled by their bosses): http://graphics.wsj.com/google-ftc-report/
Or Eric Schmidt: https://www.businessinsider.com/is-google-a-monopoly-were-in...
We can only hope.
Google (and the Silicon Valley behemoths): Currently know a lot of personal information about the citizenry
The US Government: Wants to know this information
Neither are necessarily deserving of or entitled to this information, so we shouldn't be cheering for either side.
Antitrust is less the issue than personal information / privacy / data tracking regulation. Antitrust enforcement is treating the symptoms, not the cause.
Having dozens of people post "I'm moving to Firefox!!" doesn't contribute anything. It detracts from discussion. For exactly those reasons the thread has now been locked.
We screwed it up, like we always do.
Indeed, if Chrome breaks uBlock Origin and uMatrix, I am just ditching it and will only use it for testing.
And I completely agree with you regarding ideological reasons to use FF. You don't have to be a zealot to value your privacy.
They also disabled user-provided unsigned addons, even when you authorize them: https://www.youtube.com/watch?v=taGARf8K5J8
Super Metroid in 1992 had customizable keys. Mozilla gets $500 million a year and can't even keep a feature it had 3 years ago. I shouldn't be disappointed about failure to get basic things right, when they're suppose to be the great bulwark against those who wish to control your machine?
Exactly, we are the product they are selling
It still allows extensions to get a list of URL's accessed
https://www.zdnet.com/article/firefox-tests-cliqz-engine-whi...
Moreover, this presumably didn't affect users who installed via a package manager, while with Chrome the installation method doesn't matter.
However I wish Mozilla was publicly funded, so that they don't have to constantly search for alternative revenue sources.
Edit: I assume "right click -> hide and don't ever load again" becomes "right click -> load but hide" ? Also, related: https://apple.stackexchange.com/questions/337094/safari-12-c...
The Safari content blocker is better than nothing, but it's extremely simplistic compared to uBlock Origin. It can't even block YouTube ads properly.
To get around the 50k limit added by Apple, you must use multiple lists, however domain exceptions must be included in the same subset as the parent rules, since rules do not combine once compiled.
Also, dynamically whitelisting a domain is annoying since you must remove all of the lists form the webview before loading the page. HTTPS-Everywhere is even worse to get operational using Apple's content blocking lists.
(edited grammar mistakes)
You can also disable smooth scrolling only for the touchpad in about:config to keep the animation for scrolling with the keyboard. Search for "smooth"; I think it's the mouseWheel one, but I'm not at home to verify.
Disclaimer: I contribute to Firefox and enjoy it quite a bit.
On Ubuntu and Kali (both debian-based), it most certainly does.
I think we're close. For some things, it's still not the best but instead of going to <insert another search engine here>, I try to modify my query to scope to what I'm looking for.
In a crude example, if I'm looking for the "LoadCrashDump" method,, which is specific to ClrMD[0], I can simply construct my query as "ClrMD: LoadCrashDump".
[0] - https://github.com/Microsoft/clrmd/blob/ac36603e37ef7c8ba05d...
I used to like 'other thing', and one time 'other thing' changed.
It went bad so therefore 'thing you are talking about' could go bad too.
Other unrelated grouping is a small part of bigger, more important grouping.
There are many bad places that try to do many bad things and bigger, more important grouping will listen.
Therefore, existing and functional solution that is currently being broken here is irrelevant.
It doesn't work on reddit, which makes up a lot of page visits for most people. Also, they can't defuse/bypass anti-adblock scripts.
It's infuriating, and the devs say they wont fix it because they expect websites to stop using custom color schemes and respect user desktop themes instead.
I have a hard time understanding why, with widescreen so common nowadays, it isn't a standard native feature in all browsers.
https://github.com/piroor/treestyletab/wiki/Code-snippets-fo...
Or look at flashlight apps that steal your text messages. People shout and scream that Android shouldn't permit this or that Google shouldn't have them on the Play store. But pull a lever to make these things harder and suddenly it is about freedom and how Fdroid is the only good store.
MiTM intercepting HTTP(s) traffic on my Android devices is really difficult due to certificate pinning. The only way to quantify how many unexpected requests apps are making was to watch DNS traffic. If, one day, these apps just make a single DNS request to Google's DoH host then encrypt all their traffic from there onwards, I'd have no insight into what's going on in my own device.
It would not surprise me if ad lists are substantially longer, because they have to incorporate the entire internet, not just the 0.001% of it that I visit.
I support the goals of efficiency and performance, and think developers should take those goals seriously, but I object when a browser places a hard cap on anything, because the number that cap should be at differs by use case and by user.
Both uBlock and uMatrix can be used without any filter lists, simply using a default-deny ruleset approach, optional in uBO[1], main feature of uMatrix.
However, this approach requires a entirely different matching algorithm than the one matching algorithm picked by the declarativeNetRequest API.
---
[1] https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium...
"30000 rules is enough for everybody"
The "just go away" approach is proving suicidal for online newspapers and magazines. It would be no less so for YouTube. Their content is neither compelling enough nor exclusive enough for that to work.
I assume that Chrome has a similar design, but I'm not familiar with it.
Firefox was top dog when chrome came out - it had unseated IE already for many users fed up with XP-era crapware.
Firefox was not simply 'bloated', but designed for classic HTML rendering at a time when javascript (aka 'web 2.0 ajax') dev was taking off and memory was not as abundant as it is now - though slow, it was more that the core architecture was out of date than it was 'bloated'. Indeed firefox was already a stripped down version of 'the mozilla suite' (see also seamonkey, thunderbird, etc - all of which predate chrome).
Chrome then came in, borrowed another project's browser engine, and decided to say 'screw memory, just fork processes' and avoided the whole multithreaded thing all together, oh yes, and open blank tabs faster with a little animation for perceptions sake.
This facilitated html5/javascript bloat, and by extension kept it in the lead as the only browser that could handle it.
of course I'm biased here (as is parent) - but chrome unseating firefox which unseated IE is born out by the facts.
Maybe in mindshare for devs but Chrome officially unseated IE browser saturation in 2012. Firefox didn't pass IE until 2015 [1].
Firefox was amazing on its resurgence in mid-2000s but did get into memory/bloat stages that opened it up for minimal/performant Chrome that was also more secure at the time primarily due to the process per tab. This possibly did lead to more js bloat later, initially it was lightning fast and also had a debug console and was based on Webkit which was better than Firefox rendering.
Firefox definitely saw Web 2.0 come in from 2006 on and was revolutionary in web development/debugging with Firebug and eventually that was part of the browser and is now industry standard to have a console/debugger on the browser.
Most developers were using Firefox by 2005-2006 and then Chrome a couple/few years later and it has been top for almost a decade now.
[1] https://en.wikipedia.org/wiki/Usage_share_of_web_browsers#/m...
This is the big one for me. When I'm not developing I actually prefer to use Safari-- I like it's interface better and it feels more at home in macOS. It's "good enough" too.
What I'm really a user of is the Chrome Dev Tools. Firefox's are looking quite solid lately but I just haven't switched over.
Firefox highlights the edge lines of the selected element automatically, and in all directions (if I recall correctly). I have to use an extension – VisBug – to achieve that in Chrome.
There's also the fonts window, which lets you in on what fonts are used on the page, and lets you modify the selected element's font settings – size, weight, slant/italic etc.. I pay a lot of attention to typography, so that part is important to me.
And didn't get to this spot on any kind of technical or feature merits, but essentially by relentless nagging on the Google search page to have users install it. Sure, devs/geeks etc were eager early adopters, but the bulk of users were steered this way by Google.
Microsoft have been stalling IE development for years, which allowed Mozilla to gain huge marketshare. This resulted in a lot of people learning, how to install a third party web browser. By the time Chrome was unveiled, Mozilla have coincidentally slowed Firefox development to a crawl. I remember the point, when the stable Firefox version was close to unusable, while everyone technologically proficient used a development release. It have been so bad, that some addons simply recommended not using the stable Firefox version. Btw, things have only gotten worse since then.
Chrome's dazzling success is result of it's aggressive advertising as well as sabotage and mismanagement, that killed off alternatives.
Please everyone help the other options survive, even if you don't personally like them or use them. There is no way legislators are ever going to catch up on their technical knowledge enough to manage even the most blatant monopoly. Who am I kidding, they wouldn't care anyway. Somebody has to get in there to offer competition and keep things honest. Having options improves all of the options.
WebKit?
I feel like "open source" has become a cheap way to earn trust. Very few people are able to understand code, even fewer actually comb through all the code and fewer still are able to find and decrypt obfuscated code, especially on large repositories. If someone really wants to hide something, publishing under open source isn't going to make a difference. Essentially, whatever you use, there's going to be some degree of trust you must instill to the company and its developers that they will protect and respect your data.
I'm interested in that even tho this is factually correct, it's ignored / downvoted because it goes against the prevailing narrative. Discourse here can be pretty 1 dimensional, it's more like a confirmation bias machine / echo chamber, than a discussion. Just like the rest of the net, no matter how 'smart' the people here are. The same behavior pattern occurs here as everywhere else.
It would be interesting if this can be solved in discussion forums of the future.
I did find it, it's called setRequestInterception(). It's marked as experimental, and has a note that it disables caching, but there's some debate as to whether it actually does.
Winning argument was
> It takes me all of 10 seconds to type duckduckgo.com, and maybe 30 to switch default search engines for the browser. [1][2]
But an equivalent, i can just download FF in 10 seconds is not acceptable in this context. why? Infact, Google browser is way less dominant that the search engine.
> I suspect a reply to your comment isn't going to change your stance on whether Google is dancing around in the anti-trust/monopoly area.
Why is that? Sounds a bit patronising.
If you are referring to the quote below, that applies to the Mac version. The iOS version uses a share sheet extension that uses an out of process extension where you have to explicitly share the link you want to block.
Safari warns me that 1Blocker Menu has access to webpage content, why? We use this permission in order to get information about current tab's domain when you select whitelist option. Sadly, there's no technical way to request just this functionality from the system, so we have to request full access to webpage content (which may include your sensitive information). However, we understand how important this data is and only use the domain. We do not transmit or process your data in any other way. Feel free to disable 1Blocker Menu if you don't like this (you'll still be able to block content).
> Sadly, there's no technical way to request just this functionality from the system, so we have to request full access to webpage content (which may include your sensitive information)
is incorrect. They could use a share extension on the Mac as well (which we do for our adblocker app) which would give them access to the URL when the share extension is accessed but not give full access to the web page content.
I am honestly perplexed what the issue could be then, I was sure you were using an NVidia with the proprietary drivers or something like that, as such setups have caused me trouble in the past.
The only thing is I wouldn't recommend turning on WebRender for everything yet, but it's not on by default so I doubt you had it on.
On the flip side Chrome's profiles are nice and I wish macOS supported more of it.
It's been confirmed they've had lots of forms of access many times in the past. Seems naive to believe anything would be different today.
I think any data the NSA has would be stringently guarded and only used for high-profile / high-impact cases. If the NSA was constantly feeding data to other agencies about trivialities, then it would raise red flags about where "all this incriminating evidence" came from.
Cases involving StingRay interceptions have been dropped so as to protect the details of such interceptions.
There's also the relationship between the agency and the Government to consider. The CIA don't seem to get along very well with various members of the US Government, and with "good" members such as Ron Wyden, if the NSA was feeding ill-gotten data to the US Govt, then someone like him would probably raise some kind of stink.
This doesn't answer the fundamental question of whether the NSA has this data, it's more about the potential mitigation of the likelihood of the data being actually used against someone.
Much like we don't know where the line is on the potential for Huawei kit to be a threat to national security.
Something. Not nothing.
Edited to add: There's also the very likely situation where Government policy / regulation is put in place to cover all parties, and the NSA ignores this anyway because they're above the law. Everyone else must play by the rules, the US Govt looks to be doing the right thing.
(this isn't a bitter statement, merely that I think this is how things actually work, whether for the US or any other country; realpolitik)
Didn't Snowden attest in an interview to NSA officers using webcam intercepts to get their rocks off?
And why does trump picking him make him automatically a disaster?
I feel like this is being completely dismissive of any kind of progress that could be made because orange man is bad.
Because President Trump doesn't have a great record in picking nor retaining people.
https://www.brookings.edu/research/tracking-turnover-in-the-...
It annoys me because I really want to use it. I'm very happy that we have it and I hope that the wider community will hold Mozilla to account every time they try something shady to protect the best free and open browser we have. If we lose Firefox, we lose the Internet to corporations.
1: https://support.mozilla.org/en-US/kb/profile-manager-create-...
Yet how long will we have it if everyone keeps using excuses to continue using Chrome?
Firefox on Mac is noticeably slower.
The only downside is that its filtering language is regex-like, so basically the equivalent of "two netcats and a sed". I've contemplated writing a filter proxy that would parse HTML into a DOM, run filtering on that tree-structured representation using something XPath or XSLT-ish, and then reserialise the modified HTML to send to browsers, but never had the time to. I suspect performance wouldn't be great with such a setup, although with MITM TLS it's already doing a double-encrypt-decrypt and I don't find that slowing me down noticeably.
Then there's also Javascript trickery loaded with the page that do hostile things if ad servers aren't reachable, and extensions know how to detect and replace them.
I think the closer the blocker is to the user, the higher the fidelity of the blocking.
I don't know exactly how it works under the hood, though. If I block a div with text in it, I know the div is still downloaded, just not displayed. I don't know what happens in more complicated cases, like if I block a div that contains an img tag. I think it's smart enough to prune the img tag before the browser downloads it, but IDK for sure.
I vaguely recall Privoxy having some kind of content filtering, but when I tried it, it wasn't html/css/javascript aware, and only did regex based replacement.
My experience has been that it took about 30 minutes to setup and I don't see ads on the internet, nor do my family or team.
Thats what I meant by network level blocking doesn't work very well. Using uBlock Origin, I don't see YouTube ads.
It's fairly likely that's just PR. They're a US headquartered place, so would have to comply with NSL's (etc) just like every other US company.
And banks and insurances for credit ratings. And for screening companies, that are contracted to evaluate your job application on basis of your purchases, locations and so on
>Extensions act on behalf of users, they add capabilities to a user agent, and deprecating the blocking ability of the webRequest API will essentially decrease the level of user agency in Chromium
This is off-topic, but I felt the same way about most data privacy problems. It was my own browser that was giving out the information and I would still like to see better control over it by default. Data privacy laws are simply a bandaid that don't help at all against malicious actors.
I already leave websites that become unusable with adblock on, or without it on. It will just trim down on the amount of sites I go on.
If it's something I'm particularly interested in, I look for a cache, snapshot or whatever.
Edit: Or just read HN comments.
My money is on news sites and other paywall sites doing that first. How long before they stop letting us "open in new private window"? Washington Post doesn't even allow that anymore -- a shame too, since I haven't read a single one of their articles since then.
That said, we should all fight for changes that let extensions like uBlock maintain feature parity.
Disclaimer: I'm both a Chromium developer and a uBlock Origin user and speak only for myself.
If they have something working with one API, they have to have a good reason to re-implement it with a new API. It may be 'fast enough' and reliable, so why go through all that pain?
Or, it's just the long tail of API consumers (e.g. site on the web). Some things aren't maintained and updated, but they don't go away.
Once the browser reaches its natural Borg-self, transparent user-level tools will be all that provide a semblance of control. Well that, and Firefox.
Blocking at the network layer will leave the iframe blank, but the modal will still be present. It's not such a good user experience, especially for less savvy users who might be confused by a mysterious blank modal.
Why is it abuse? No one is being forced to use chromium. Are you abusing your market position when you buy the cheapest toothbrush in a manner that's harmful to other toothbrush companies?
Google can easily force the other browsers to lose the Web Request API, because maintaining it when they're the only ones using it is a net loss of productivity, which will probably be needed elsewhere.
How do you measure this? Does the public include content creators who rely on ads for their livelihood?
Internet Explorer--------10.83%
Firefox-------------------9.89%
Edge---------------------4.30%
Safari--------------------3.80%
Opera--------------------1.58%
Safari will survive since Apple is their patron. Obviously Internet Explorer is only a lumbering undead husk at this point, and it's pretty shameful that it's still outgunning Firefox by a small amount. Even more sad that it's got over twice as many users as Edge, lol.
I work for a website with around 1.2 billion annual pageviews. Mobile Safari is about 55%, Chrome (mobile & desktop) 35% and everything else gets the leftovers. Samsung browser is growing fast while IE, Edge, macOS Safari and Firefox are rounding errors.
Kindle browser does better than IE. It’s amazing how far and hard it's fallen.
If you include mobile browsers, Safari's market share is closer to 17%, which makes it the #2 most popular:
https://netmarketshare.com/browser-market-share.aspx?options...
The (bad actors within the) advertising industry are the enemy of people whose livelihoods depend on Internet advertising because they're the ones making ads either bandwidth-hogging, epilepsy-inducing, website-avoidingly annoying, privacy-invasive, or an actual virus/malware vector.
This is, directly, what has caused the popularity of ad blockers to skyrocket. Tech-savvy folks protecting their family from these dangers by installing ad-blocking software so they don't get regular family-tech-support calls about the various issues potentially arising from "bad" advertising.
Follow-up questions:
How many user ad clicks / views does it take for the revenue to be critical to one's livelihood?
Could you consider donations through any of the various options like Patreon?
Chrome has a responsibility not just to the end user but also to the website. The cost of the getting the web page's info was viewing the ads. Why should the browser help the user to commit virtual theft?
Simply blanket dismissing ads as "tenuous position" is nonsense. Lots of people make a living via web ads. Google makes billions on ads. It's a real source of real money. Alternatives could, and should!, be considered. But simply cutting off a revenue stream while arguing that the ability to cut off that revenue stream should be protected by regulators is weak at best.
Correct me if I'm misrepresenting your position, but I vaguely recall a discussion some time ago in which you compared adblocking to theft. If I'm remembering that correctly, you and I have no common ground upon which to have a civil discussion.
So you disagree with google deplatforming alex jones?
Also that it's not Chrome or based on Chromium is reason alone to like Firefox, because we need diversity for healthy web standards. That Chromium is open source is a red herring and open standards are more important.
I know developers have been preferring Chrome and for good reasons, but I've switched back to Firefox for the last 3 years and personally I find it hard to use Chrome these days, because Firefox has a better UI.
The only downside is that Chrome's dev tools still has some capabilities that Firefox lacks, but Firefox has been improving a lot, as you have seen.
It works well on windows, I don't know how far the mac support is.
WebRender does work on macOS (and Android and maybe Linux), but Mozilla is prioritizing a Windows MVP first (because something like 90% of Firefox users are on Windows). Work on macOS, Linux, and Android will then resume.
On the other hand Chromium is relatively simple to adapt with many real world examples to learn from.
(Personally I think they should stick with EdgeHtml but it seems that ship has sailed).
However, this does provide an opening for MS edge, if MS forks Chromium for Edge and excludes user hostile “features” such as this.
There is a quite a bit of adware which uses unsigned Chromium to push their wares.
That is the malware installs a modified Chromium with all the "extras".
So anecdotally, when I see Chromium on a users computer I assume the worst (that I have a cleanup task ahead).
Additionally, I thought his removal from YouTube was as a result of pressure from the Government on hate speech and fake news etc. All the stuff Facebook is also attempting to crack down on.
> I've got nothing to hide.
However, if this data ever gets into the hands of someone acting in bad faith, even the most innocent behaviour can be weaponized against you. Let's say, for example, that you are wrongly suspected of committing a crime, and the investigating police are more interested in cooking up a conviction than determining if you actually did it.
All sorts of details about your life can be leaked and "spun" to make you look very, very bad. You went to a bar on a certain evening? So did these known crime figures. Were you meeting them?
You spend time on Hacker News. HACKER NEWS. You could find yourself the target of a smear campaign designed to turn public sentiment against you.
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."—Cardinal Richelieu
If you hand over your data without hesitation to a nation-state or to powerful and unscrupulous corporations, I believe you will discover that there is no such thing as "nothing to hide."
Someone could be alarmed about the state of privacy in society and not want to take an extreme action.
It seems entirely reasonable to want to remain a part of civilization and advocate for change on a topic you are passionate about.
If you are ok with that and still think you have nothing to hide, ask yourself if you’d be ok with this trove of data ever being exposed publicly.
Ever googled something embarrassing? Perhaps a medical condition or symptom? Sent a very personal email? Visited a less than savory location, or lied to an employer about your whereabouts?
I’d be willing to bet most people have some data that could be weaponized for blackmail.
Surely many people (especially the ignorant) will find Google’s products and services “worth using” but privacy concerns are anything but overblown.
I already did, and the answer was "Yes, I'd be okay" (although the likelihood of that happening is extremely rare).
> Ever googled something embarrassing?
Use incognito mode.
> Perhaps a medical condition or symptom?
I have only one medical condition, which I'm not embarassed to talk about publicly (I already do it).
> Sent a very personal email?
I rarely send "very personal"/ intimate information over email in lieu of just talking over phone.
> Visited a less than savory location,
Never in my life.
> or lied to an employer about your whereabouts?
I never had to do it (why would I?).
> I’d be willing to bet most people have some data that could be weaponized for blackmail.
If--note "if"--I were to engage in an activity that could potentially be used to blackmail or harm me in any way, I would of course be doing it in as private manner as possible. However it would be silly to spend the rest of my normal life cowering and being phobic to technological advances.
> Surely many people (especially the ignorant) will find Google’s products and services “worth using” but privacy concerns are anything but overblown.
You confuse being naive (in its original sense of the word) with being ignorant. But I guess that's what fear does to one.
All this means is that it's not stored on your computer/history. This doesn't mean Google doesn't still have everything from those periods.
For a lot of people they possibly hold that view due to a lack of understanding about the situation, but some people like you understand the situation and still are OK with it. That's an entirely reasonable point of view which should be eagerly debated with.
Don't mean to insult you, and some people just have an easier time opening up about everything, but a life with nothing whatsoever to hide sounds limited, uninventive and uninteresting.
> a life with nothing whatsoever to hide sounds limited, uninventive and uninteresting.
Ever familiar with the phrase "un unexamined life is not worth living"? Here, of course, the thing to be examined is your belief that a life with nothing whatsover to hide is limited, uninventive and uninteresting.
So if you don't mind would you share some nudes, your CC numbers and your medical history with us?
Why? In what ways is Chrome more useful than Firefox on Chrome OS?
Moreover I use Chrome to sync my Google account, including passwords (which I can't live without) and browsing history.
That's not your call to make.
All sites which are on Google Amp. Google, whenever it can, "helpfully" gives me the amp site and then I have to find and click the link to the actual site to get to the "readable" version.
In other words, if your "solution" to the problem as outlined in the OP involves google, you already lost.
Chrome is the user agent. It acts purely on behalf of the user. Browsers aren't trojans built to exploit my eyeballs. This "virtual theft" talk is as silly as claiming that spam filters should be illegal - your server sent me some markup, and I'm free to preprocess it in any way I want.
> Simply blanket dismissing ads as "tenuous position" is nonsense.
Not really. Advertising has always been about manipulating people into doing things they otherwise wouldn't do - if all ads were purely informative it'd hardly be a multibillion dollar industry.
Yes, yes, yes, and more yes. That's the cause that needs treating. Apologies if I wasn't clear, that's definitely where I think the regulation should be looking towards.
Regulate what's within your jurisdiction. That's all any government can do in any circumstance. If regulation results in more friendly advertising that's less likely to have users reaching for the blockers, then those advertisers are going to be more successful, and so even those in unregulated countries will need to conform in order to compete.
That's assuming that the number of users that have already reached for the blockers are of a significant enough percentage to make a difference to website ad revenue.
Start somewhere or stay nowhere.
Maybe I'm not as critical about the UI, but I have both browsers open at the same time so I took a second to compare them.
Both browsers have a row of tabs. Below that is a second row. The left most set of buttons is navigation (back, forward, refresh, etc), then the address bar, then on the very right of the row is a set of buttons for extensions, settings, etc. The remaining portion of the window is the webpage. I'm just not seeing many differences. The view of recently downloads is different, but nothing that bothers me from either one.
I also just compared how both browsers displayed HN main page. Slight differences in color of orange and font weight, but only noticeable if comparing both directly (and besides devs, who does that?).
So I guess I'm asking what about the UI/UX is bothering you. I'm almost hesitant to ask because I'm sure if you point something out that bugs me, I'll never un-see it.
The lack of smooth zoom support has been a known deficiency in FF for the last seven years (https://bugzilla.mozilla.org/show_bug.cgi?id=789906) and has yet to be addressed.
Otherwise I completely avoid chrome because of the privacy issues, and because firefox has 'containers' and is a little snappier.
I dislike Firefox's zooming behavior. I have to zoom into websites because I have poor vision. Chrome's zoom behavior has been extremely natural for me, and easy to adjust to. When I used Firefox I attempted to use 'vanilla' as well as an extension that aimed to improve the zooming behavior by separating scale of text from scale of other elements, etc.
I was unable to find a solution that worked for me. I hated using the extension, which itself had a pretty bad UX, and I couldn't get preferences to save properly for individual webpages.
I can't use a browser with poor zooming behavior, I rely on it too much. As I write this I am zoomed in 250% in Chrome, for example.
Those pet-bugs or pet-nits are, in my opinion, the huge thing that keeps people from moving (alongside the perceived friction of moving data over). I wouldn't read too much into mine.
I don't know how Chrome does it, but needing an extension sounds like you didn't try the built-in text zoom: https://support.mozilla.org/en-US/kb/font-size-and-zoom-incr...
I think it's the 'second level' of UI stuff - menu's behind buttons, settings pages, things like that. I think Chrome does a good job balancing 'advanced user' and 'basic user' stuff. Firefox feels a little too 'dumbed down' for me.
I'm honestly trying hard to put a fine point on it, but it a lot of it just feels 'off'. I'd love a very minimal-design, maximum function look into it.
As far as dev stuff, I'm really only familiar with Firefox after Firebug was rolled into the browser so that it is similar to Chrome with a Cmd-Option-i key press. I hear people stating that the dev tools are still very different. All I really ever use it for is seeing how the DOM is changing in the inspector, looking for output in the console, and see what files are doing (404,200,500, params/response, and CSS values type of stuff. Both browsers do what I need in a way that I can't tell the difference.
So on the color thing, one of our designers noticed and I looked into it. Turned out to be an open bug report for Chrome(ium? I forget) where it's using the wrong color profile for css, and resulted in images not matching borders and backgrounds.
I found that I actually like the UI in firefox after customizing it. For me it may have been easy because I use sway (i3 clone on wayland -- clone is the best, it is actually more / better than i3). But it really ended up looking nice[0]. I found I could customize more things that I could on chrome, including the start page.
In any case, if you don't switch, I urge you to give it 15 mins and tinker with the ui config and a home page config. You can rid your self of alot of weird chrome bits that I think most find ugly and make it look smooth.
Further more, you can set up your own sync server and sync all your stuff to a safe spot.
One annoying thing is that current versions of Firefox seem to rely on disk I/O too much, so if it's busy, you can't really do anything (switching or creating new tabs is greeted by spinning loading circle that takes a long time to happen).
I'm not saying anything in favour of or against these decisions, they're just what I remember reading people complain about over the last year.
edit: typo and clarification
It's built on top of Chromium so has the same UI/UX as Chrome, including dev tools. And it does ad blocking out of the box, no need for an extension even.
People are notoriously bad at acting in their own best interest. I recall reading a forum, where a guy asked for medical advice, because he was diagnosed with fibrosis (his lungs basically got scarred all over). His work required him to continuously inhale toxic exhaust, and he wanted a way to avoid further health complications (but keep a work!) because "the pay was good".
Fibrosis causes you to cough non-stop and significantly increases probability of dying from lung infection. Compared to that, using Google's products does not result in any visible long-term effects on health. Therefore, it is natural to conclude, that using Google's sites and services is safe, healthy and should be widely encouraged. It does not matter, that Google uses anti-competitive practices to monopolize market, restrict user freedom and lead us to future, when we won't be able to refuse shoehorned "services", shoved in our face, right?
Please stop with those creepy "understanding" antics. Encouraging self-harm is bad, and wishing to view advertisements is definitely a form of self-harm.
You are essentially deciding for me that what I choose to do with my technological choices is "a form of self-harm" (when in fact I only experience total pleasure).
Is it really that hard to comprehend that, when one does not share the alarmist feelings of the crowd, they will make intelligent choices based on personal preferences?
Google also operates some of the most popular DNS services 8.8.8.8,8.8.4.4 which can capture domains you query from your IP.
There are various measures you can go through to stop this to some degree, like DNS blocking, client-side ad/tracker blocking, VPNs etc. but to go all-out is very cumbersome and I'm not convinced that it would even be 100% effective. Google's business DEPENDS on collecting your data and tracking you, and they are very, very good at it. I highly recommend reading "The Age Of Surveillance Capitalism".
On top of that, various parts of Firebug's console UI was better than either one's current console, mainly in how it displayed data.
At the end of the day, this is the end-all-be-all argument to the Facebook and Google duopoly. People just don't give a goddamn (excuse the language) about their data - they simply do.not.care.
I believe my generation (Y), and possibly a few after us (X, etc), will be known as the generation(s) who didn't think privacy/data was that big of a deal - until one day it was.
We are the guinea pig.
This wasn't meant to be a plug, just a happenstance of "if you like 'x', have you seen 'y' based on it?". =]
[0] - https://addons.mozilla.org/en-US/firefox/addon/temporary-con...
Sadly, Mozilla also seem to promote containers as an alternative to user profiles, while they're nowhere near as full-featured - sharing saved logins and bookmarks between my "personal" and "work" containers is almost never desireable. Managing and switching profiles, on the other hand, is virtually unchanged since the Netscape Communicator days.
Firefox has mostly strived, in the Quantum era, to stay mostly-ish compatible with Google's interpretation of WebExtensions, from what I can tell.
I'm at the point of installing chromium just to be able to manage my videos, but I refuse to give in.
My main browser is Firefox, but I have to switch over to Chrome more often than I would like. Electron is also based on Chromium, isn't it? IMHO, the rise of Electron just reinforces Chromium's status and I think Microsoft is going to accelerate that trend (I'm guessing MS adopted Chromium because of Electron).
As someone who always has too many tabs open, I consider this a plus.
I do however think you can disable this in about:config : browser.sessionstore.restore_on_demand
For what it's worth, Chrome stopped doing this for me in a recent update (I think version 71).
Other web developers may want to chime in but I rarely have cross-browser problems between Firefox and Chrome. I can't recall the last one.
The only time I encounter a problem with Firefox is looking at people's codepens where they're using webkit only prefixes or a draft API.
+1. I'm hopeful of Servo. So far it (ServoShell) also a good 50MB smaller than Electron which would be a very good reason for developers to switch. It'll all depend on API compatibility at the time of release I guess.
In Firefox, macOS was showing 4+GB of memory usage and formulas would take hours to run. I switched to Safari where memory usage was closer to 1-2GB, but it had this habit of refreshing the page as soon as you switched away (before a formula would finish running). I finally switched to Chrome and memory usage was about 1-2GB and heavy formulas behaved in a way more predictable manner.
I don't have a screenshot right now, but it's just as you might expect, the whole tab line is removed (the nav bar line with menus comes to the top instead). [This post](https://www.reddit.com/r/firefox/comments/736cji/how_to_hide...) talks about doing the same thing in the context of tree-style tabs. Good luck!
https://www.theverge.com/2018/12/4/18124718/google-search-re...
This is a flawed study by a Google's competitor (the for-profit organization called DuckDuckGo). FTA:
> Following the study’s publication this morning, Google told The Verge in a statement that it found the methodology flawed and the findings misleading. “This study’s methodology and conclusions are flawed since they are based on the assumption that any difference in search results are based on personalization. That is simply not true,” a Google spokesperson said. “In fact, there are a number of factors that can lead to slight differences, including time and location, which this study doesn’t appear to have controlled for effectively.”
and:
https://twitter.com/searchliaison/status/1070027261376491520
Facts won't change being facts no matter how many times you downvote them. :-P
I do use Gmail, and don't have any but have long planned to move to Outlook.com.. perhaps knowing about this ShadowDOM issue will spur me on to make the move.
Google only has one product that's truly best-of-breed (Maps) and I don't mind using it, but don't want to be entirely in any one vendor's ecosystem. I would say Youtube is the best of its kind, but it's really held up by its community, not functionality as Maps is. Outlook may not be the absolute best for privacy either (it's also no-charge), but it at least gets me to a place where I'm well diversified.
Google Maps, Youtube, InoReader, Outlook, DuckDuckGo all on Firefox with containers is a good enough of a spread for me.
If one cannot avoid it, I think it's a better idea to create Chrome desktop shortcuts for Gmail/YouTube and use Chrome exclusively for that, if you cannot use a desktop email client for Gmail and VLC/mpv/youtube-dl for some reason.
Using both for years, Chrome has just been faster and more reliable. I don't do web dev professionally, but I use multiple browsers in tandem and often try to use one full time every once in awhile. On my old laptop, I'm pretty sure Chrome was the only one to support webGL for whatever reason. At work we're stuck with Firefox 38.3.0 ESR (Cent6/7) and Prometheus Alert Manager (and I also believe Prometheus graphing interface) has broken widgets, but Chrome works. Chrome has always seemed to better support the very few websites that require crazy performance. This was even the case when we would have an ancient version of Chrome and a new version of Firefox. It sucked when Firefox switched plugin architecture and Google Hangouts never added support. Now Google Meet does not support Safari.
I'm not saying any of these comparisons are "fair" but its what I deal with day-to-day.
Kind of, only because Google uses the ShadowDOM API to break its product on competing browsers and playing into it will only reinforce this behavior.
Today I'm browsing the Adidas website, and the images don't load for any of the products in Firefox.
https://www.adidas.com/us/ultraboost-all-terrain-ltd-shoes/B...
Apparently they're WEBP images and my version of Firefox (version 64) doesn't support them, but searching online I read that the upcoming Firefox version 65 is suppose to fix that issue.
Strangely enough, the images were working fine a few weeks ago on the Adidas website, but I had a different Firefox issue. When I clicked the images to see the fullscreen view and zoomed in, they wouldn't pan or drag correctly, so 80% of the image was hidden off the screen. In Chrome, they worked as expected.
That's one example, but as I said, I get these kind of issues almost daily from companies that should know better. I still primarily use Firefox because I have no trust in Google, but I'm forced to open Chrome on a regular basis to resolve random quirks.
I loaded the page with Firefox 65 beta and all the images worked for me. The site doesn't seem to be serving WebP images to Firefox. When I checked all the image types via Page Info they were mostly JPEGs with some PNGs and one SVG image.
There's probably some other reason why the site is broken for you. Have you perhaps changed your browser's user agent string and so the site is giving you WebP images because it thinks they will work?
Moreover, once you give in on this, what's Google going to do next? Use APIs only in Chrome that Mozilla needs to implement only after they're made public in Chrome by literally looking at the source code? There's always going to be a lag if that's the dynamic, so there's always going to be the perception that Firefox is behind.
Moreover if Firefox adopts it, it makes it more likely to be adopted by Apple too, since Google's now not the only kid on the block to support it and now you turned it into a de-facto standard.
Mozilla already partially caved to Google in pursuit of the "best browser" as perceived by the average user. That was on DRM. Now I say partially because at least they made it opt-in, but so they caved and next Google came up with this thing.
If you going to keep paying ransom, you're going to have a lot of hostages.
So, I'm left scratching my head and using Chrome to browse the site.