> our new declarativeNetRequest API is designed to be a privacy-preserving method for extensions to block network requests without needing access to sensitive data
This MV3-based AdGuard extension still requires a broad permission to "read or modify host data" on all sites[2]:
"host_permissions": [
"<all_urls>"
],
So what you have now is the same required permission to "read or modify host data" as with MV2, but with a network filtering engine capabilities gated by Google (an advertising company).We can't innovate anymore the filtering capabilities of our content blocker engines as we have been constantly doing over the years.
For a recent example, there has been discussions lately with filter list maintainers of whether uBO should support AdGuard's proposed capability of being able to support pattern-matching for `domain=` filtering option[3] (uBO supports AdGuard lists).
That sort of proposition is not possible to entertain with MV3 since only Google get to decide how the filtering engine will evolve, if at all. All content blocking issues will have to be resolved with the Google-controlled filtering engine, and left unaddressed if the solution can't be shoehorned in the declarativeNetRequest API.
* * *
[1] https://blog.chromium.org/2020/12/manifest-v3-now-available-...
[2] https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...
[3] https://github.com/AdguardTeam/CoreLibs/issues/1550
* * *
Edit: removed stray `[` character.
His past post[0] was reposted and generated quite a discussion on HN [1].
For further details on why uBO is conflict free, this is the README.md on github repo[2] says:
---
Free. Open source. For users by users. No donations sought.
---
0: https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...
The reason why I cannot do away with uBlock Origin is because its not just an Ad-blocker as its philosophy states, I need it to make websites usable by blocking elements like auto pop-up news video player, Blocking side bars to resize the websites to preferred width (When playing videos), Disable tracking and often just to load the websites faster.
[1] https://web.archive.org/web/20210924045611/https://github.co...
We'll now need to rely on Chrome team for implementing what we need. But they do it painfully slow or not do at all.
Also, where will we get the new ideas if every browser follows that path? Take Safari for example, every little improvement that we requested [1] was inspired by what we already did in other browsers long ago.
Anyways, a working content blocker on MV3 is possible. I even think a casual user won't feel much difference. But there is a big difference under the hood and to feel the consequences we have to wait a few years.
[1]: https://bugs.webkit.org/ (search for those reported by @adguard.com). Just a very small part of what we requested was implemented, content blocking is not a priority I guess, and it won't be a priority for Chrome.
To those who argue that chrome is faster and therefore you prefer using it. You should ask yourself, what is more important to you, to see a website a few ms faster or preventing Google to to dictate how the Internet of the future works (apart from the fact that in my experience browser's are so close in performance, that I don't think anyone can consistently pick which browser their on).
[1]: https://github.com/w3c/webextensions/blob/main/_minutes/2022... (CTRL-F for "mv4")
[2]: https://github.com/w3c/webextensions/blob/main/_minutes/2022... (CTRL-F for "mv4")
I haven't heard of this plan. Do you have more information?
The only option here it seems is to switch browsers.
Stop being at the whims of the Google-controlled browser monopoly --- by filtering content before it gets there.
I'd love to be proven wrong though! Right now I run DNS-based filtering because, no, it's not perfect, but I really like having network-wide blocking.
Maybe some sort of "remote browser" remote desktop or browser-in-browser type thing will work.
What's different is the classical permissions. Previously you could use the webRequest permission to execute custom JS functions in response to network activity. In MV3 you must now write a declarative rule instead using the declarativeNetRequest permission. By moving from an imperitive model to a declarative one, Google now has exacting control over what ad blockers can and can't do.
Gorhill's argument is that the stated reasons for MV3 do not align with the implementation. The example he gives is that Google claims the new API is more private. However you still need <all_urls> so the extension is as un-private as its MV2 equivalent. The only difference is that now Google controls what blocking you're allowed to declare and how much of it you're allowed to do.
There's a similar community discovery where MV3 implementation is provably counter to Google's claims of performance enhancement - MV3 extensions need to rehydrate state every 5 minutes as Chrome shuts down their service worker and for highly active extensions such as ad blockers this is actually less performant than the MV2 implementation with a long-lived background.
Basically, Google is full of shit.
Hah. The default is to reject changes from the community. I would not pin my hopes on Chromium accepting any adblocking community changes.
I've been postponing the migration of my extensions to v3 for as long as possible. One extension should be fine, but the other one... I'm afraid of what that's going to be like.
Analytics & Ad Blocker by Globemallow.io https://globemallow.io/ was the first Manifest v3 Ad Block extension.
I first published on 06/22/2022.
Last night actually I asked if AdGuard would want to license the software, and sent them a link to my extension. They are aware they weren't the first, and made this post after knowing it.
Then look in the Manifest.json for manifest_version.
Here's the Twitter showing the timeline: https://twitter.com/GlobeMallow_io
The best part is AdGuard is still running manifest v2.
Vivaldi? Killed, Chrome clone. Edge? Killed, Chrome clone. Brave? Killed, Chrome clone. Firefox? Technically a separate engine and in theory among the last hopes, but so sclerotic it follows Chrome in almost all of its decisions. (Can MV2 be kept as a stable basic-security-maintenance-only API? Probably not) Safari? Can be gone around on desktop (my grandparents use Chrome because of Google prompts), has a stranglehold on mobile, but that has its own problems, and likely once users can ~sideload~ install software (potentially from other app stores), there will be a Chrome surge on mobile, forcing manifest V3 over there too, and the ad trackers will win the war.
Or maybe they already have? More likely, I personally am tiring of the cat and mouse game between the spyware makers and devs that fight for the users.
[1] UPDATE: https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-fi... PREVIOUSLY: https://blog.mozilla.org/addons/2022/06/08/manifest-v3-firef...
* In the sense that one browser implementation, and not W3C or WHATWG web standards, drives the web browser market. Chrome is much more evergreen than IE.
I've just switched to Firefox. I hope they don't go off the rails here, but I fear they will with bribes from Google.
Firefox still supports Manifest V2, which allows for more efficient and accurate blocking of advertising. (Among other things.)
Just look at this very thread, every other comment is just about Firefox and not the content of the post itself.
The article mentioned Safari a couple of times, I don't see why the fact that Firefox will support both V2 and V3 indefinitely doesn't deserve a single mention.
Moreover, manifest V3 was essentially a massive middle finger from Google to everyone else (except advertisers), and it feels almost dishonest to discuss it wothout mentioning that there are better options out there.
I have a feeling that Edge will become mainstream in the near future because it is the default browser on Windows (getting IE monopolistic vibes again!) and people is using and even loving it. I think both Edge and Chrome will decide the future for the web. Firefox and Brave, unfortunately, are not mainstream enough to make their decisions count.
[1] https://twitter.com/brendaneich/status/1134141335881912320
People often forget the US underwent an administrative change between the judgement and enforcement. Microsoft spent a lot of "think tank" money on influencing the new regimes enforcement mentality, not only on their own issue, but on monopolies in general.
It was, from my recollection, definitely not for show.
https://docs.microsoft.com/en-us/microsoft-edge/extensions-c...
Also, I am not entirely sure other Chromium-based browsers will be able to maintain MV2 compatibility in the long run.
https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...
Does anyone has stats of adguard vs ublock by chance?
AdGuard are just doing this to capture the upcoming hole in the market as uBlock Origin stops working in Chrome.
Everyone should switch to Firefox.
The only bugs I find belong to websites, which I don't count against Firefox. I used to have to support IE8... if the site broke it was my responsibility, not the browser.
They announced a Brave Extensions Store years ago and there are no news as of today.
I'm actually thinking to go back to Firefox because of this.
I said we'd support uBO and uMatrix at least, and we're discussing that with their maintainers now.
You see, now extensions are supposed to do background work in an ephemeral service worker. This service worker lifetime is very short (up to 5 minutes, then it's getting killed forcibly). So it's constantly getting killed and waked back up. Waking up includes doing some initialization which consumes additional cpu cycles.
The situation will improve when Google implements the alternative to service worker (so-called "Offscreen documents"), but no one knows when exactly this will happen.
They shouldn't do this IMHO.
Manifest V3 is a horrible attempt to kill adblocking (under the banner of "security", as always). But, the web is completely unusable without adblocking.
If there are no more (effective) adblockers for Chrome, users will frantically begin to search for an alternative; there are many: Firefox and Brave to mention just two.
Giving a boost to alternative browsers can only be a good thing; and it may also, eventually, make Google rethink this policy.
There's been some work done on fixing this issue (https://github.com/uBlockOrigin/uBlock-issues/issues/338) but the architecture of content blocking extensions will need to change to facilitate Google's new requirements.
If web devs want to make web experiences worse in Firefox by issuing warnings everywhere, then Firefox can even the score by having a useable ad-free experience.
It sounds like it is the extension API and process manager for Chrome. In what ways would an end user or website owner notice or care about this change, other than their extensions not working? How does it change default behavior?
The upside is some poorly behaved extensions will have less impact on browser performance.
On one of the occasions I flipped from mostly Firefox to mostly Chrome/Chromium¹ was due to significant changes to add-ons – and an add-on that was one of my significant points for friction stopping me move over more was one that didn't get updated immediately².
But I think many people will blame the add-ons, and just stick around & complain instead of moving away from the source of the problem. The many dozens of us who will move, not matter how loudly we do so, simply won't be important enough in the grand scheme of things for Google to care.
----
[1] this happens every few years² as one or the other irritates me in various ways
[2] I'm currently long overdue a move towards Firefox, maybe V3 will be the final push this time around
[3] in fact, for some time IIRC, by the time a new version appeared I no longer needed it
This is so true. It is often overlooked, but the root problem of Manifest V3 is not declarativeNetRequest, but this service worker move.
Firefox and Safari implemented an alternative to them so there's a chance.
Google proposed a different solution (called "Offscreen documents") which is also not too bad, but I doubt they'll implement it by the January deadline.
Can you replace an image URL fetched remotely with an image stored in the extension itself (via rewriting the URL from a remote fetch to a file fetch)? Maybe? No, because redirection from remote URLs to file URLs trips the resource fetch security model independent of anything else, except a developer has no reason to believe that security model applies also to extensions?
Testing against the declarative model feels very wild west and since it isn't just JavaScript, I can't just slap the debugger on it and introspect all the data going back and forth.
[1] https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-fi...
https://github.com/violentmonkey/violentmonkey/issues/1555
https://github.com/Tampermonkey/tampermonkey/issues/644
The only thing we have so far is a google rep stating that they'll "reaffirm that we plan to support userscript managers in Maniest V3 before the Manifest V2 deprecation"[0] back in May, which fills me with no hope at all that they won't simply be killed.
0: https://github.com/Tampermonkey/tampermonkey/issues/644#issu...
https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-fi...
Brave and Vivaldi have always been built on Chromium, because that was the easiest way for them to get started as new browsers. There wasn't some pre-Chromium version of either that was killed.*
Not true. Brave was initially based on Gecko https://brave.com/the-road-to-brave-one-dot-zero/
> Chromium got its webRequest API at a time it was trying to gain market share against Firefox (Sep 2011), where Adblock Plus, Ghostery, Disconnect, NoScript, and other such extensions were the most or among the most popular extensions on Firefox.
So the only reason they even implemented this browser standard was to gain market share and now that they are in the dominant position they yank it, getting rid of ad blockers. Straight out of the Microsoft playbook.
Browser builders, this is your cue: if advertising is not your business, offer an ad blocker. Firefox became popular (in my personal experience) because it came with a popup blocker by default.
Yeah. Firefox should ship with uBlock Origin by default too. They're almost doing that on mobile since uBlock Origin is one of few allowed extensions.
Their track record speaks against them.
XPCOM extensions? Killed, but don't worry, we will re-implement all the needed APIs as WebExtensions (didn't happen).
Fennec to Fenix mobile extensions? Killed, you get these 10 blessed ones, don't worry, we will eventually re-enable all of the webextensions on mobile, any day now, (didn't happen, you have to do hacky hacks involving nightly version to do un-blessed extensions).
This will likely be their third strike.
UPDATE: Or it's not nearly as bad as I expected. Per [1], while Firefox will be eventually deprecating MV2, the Firefox MV3 is much less 'evil' than the Chrome MV3, in that Firefox will continue to enable the WebRequest API without all the lock-down restrictions.
This makes a competitive advantage for Firefox in terms of adblocking power, if anything.
In both transitions, Mozilla made sure to support the needs of both uBlock origin and NoScript, extending the webextension API (such that uBlock origin on Firefox is more capable than on current Chromium) and working with uBlock to make its interface more mobile-friendly.
They also extended the webextension API to allow for extensions such as Treestyle tabs and Panorama-reimplementations (so not remotely all XUL use-cases, but still most of the popular ones).
Hence, they've proven that they will go considerably beyond what Google/Chromium are doing, and that they won't harm "content-blockers", which is what we care about in this case.
What do you think is the future (+2 years) for people with hatred for ads? For now I am using Firefox on computer + Kiwi in Android, but I also expect those two to go awry in the mid term.
* I see that after the edit, it doesn't look as bleak for Firefox PC. But what about Android?
I harbor the (conspiracy?) theory is that Google told Mozilla based on their "No arbitrary code"-rule that they are not allowed to run arbitrary extensions anymore. And made Mozilla promise to never tell anyone.
Yep:
Unless Firefox is released from the clutches of Mozilla, Firefox will never be a serious competitor in the browser wars.
Especially on mobile Brave is a game changer.
So just Firefox and then all the Chromes?
There really aren't "many" alternatives, there isn't even /an/ alternative because Firefox suffers from Mozilla Misguidance(tm).
Presumably the same people who bitched about the IE6 monopoly brought on and fully embraced the Chrome monopoly. We now all get to sleep in the Chrome bed.
I know Google hates the same user group, but Google also likes their money (or their money-value).
Go woke, go broke. If your trying to compete uphill, shooting yourself in the foot isn't going to make it any easier.
Also, most people care much more about "it simply works", and that is Chrome. Firefox is neither preinstalled nor as compatible as Chrome (nor as fast or user friendly). There's already a lot of popups like "this site works best in Chrome".
Let's say you have a brand new computer, and want to download nVidia drivers. Fire up your brand new computer, search for "nvidia drivers" using Bing.... and the first results are all ads for extremely scummy adware. (It's also hilarious when you search for "chrome download" when Edge begs you not to, and including when you click through, but that's a story for another time :)).
Compatible against what? The web standards or Google Chrome?
User-agent sniffing[1] and it is a webdev smell. I acknowledge that this is true, but I admit being bummed that we didn't win the war to use web standards.
I got a full screen cookie consent popup, a location permission popup, and ads were everywhere on the screen. Must have been 50% of screen space for the top part of the page. It's absurd!
AdGuard is a business, and Chrome is the world's most popular web browser. They don't have much of a choice. uBlock Origin can pass because it's not a business.
More likelier scenario: Most Chrome users do not even know what an ad-blocker is, let alone difference between Manifest v3 and v2. The franatical run, if one was ever a thing, already happened when Google announced V3, long time ago. The few people (relatively speaking) that cared about it already switched browsers.
I really don't understand the push of MV3.
I don't believe they're just for security as Google claimed but at the same time I feel thinking it's "just" to ruin ad blocking is equally baffling. Could someone who is more involved elaborate the nuance of (intent of) MV3?
It really is the case that the same mechanisms that enable adblockers ("this extension may affect your traffic on every website") are also the mechanisms that enable malware in extensions, which are not at all rare.
Google makes no money off the Chrome Web Store and their initial attempts to restrict MV2 failed. The goal was for automated approval to suffice. Still, there was certain APIs that required human review.
Google could have continued restricting MV2 until they didn't need human review but they must have got the idea for MV3 at that point. They could also hamstring ad blockers and get some promo packet material.
Google ads revenue 2021: 209 billion out of 256 billion, 80%
Apple ads revenue 2021: $3.7 billion of 365 billion, 1%
We further need to understand the difference between operating an ad exchange:
https://www.eff.org/deeplinks/2020/03/google-says-it-doesnt-...
And allowing first party and purchased ads for products within a marketplace the user is already visiting:
https://searchads.apple.com/help/get-started/0001-compare-ap...
They can only be validly compared once this is true of both ad services:
> [Ad service] doesn’t buy or share users’ personal information with other companies. We don’t track people by linking user or device data collected from [first party] apps with user or device data collected from third parties for advertising targeting or measurement. And we don’t share user or device data with data brokers.
https://searchads.apple.com/privacy
Not saying they’re “all good”, just “least worst”.
Scroll down in the second link to see what Apple do gather and use for targeting. Unhappily, the user consent more about personalization than about aggregation in the first place. Note also the missing word “sell” in “doesn’t buy or share”, perhaps they think sell is implied by share, but also perhaps not.
It is also possible for the above, and collusion to all simultaneously happen, and or Apple advancing their own ad business.
If you optimize the rules engine - which you can definitely do - you can skip evaluating most of those regexes, you can evaluate them in parallel, etc. You could start preparing the request and only gate the actual tcp packets on approval from the ad blocker. You could cache the approve/deny state for each URL so that the ad blocker overhead is only paid on first visit to a site. There are lots of ways to make this stuff super fast without breaking it, but Google and Apple don't want to do the work.
People like the uBlock Origin author have already demonstrated in the past that their ad blockers are fast despite the severe limitations of current browser extension APIs. If browser vendors actually supported extension developers ad blockers could probably become faster. Instead they're attacking them and forcing people to move over to intentionally sabotaged APIs with limited feature sets and arguing that now things will be "faster" even though you're going to be wasting resources downloading a bunch of ads.
It won't be more private if ads slip through, or if the whole web experience is degraded and users prefer native apps.
On WebKit, you can still use WebRequest to intercept and log all traffic, you just can't block it. I don't think that intercepting/recording all traffic and selectively blocking it would have a meaningful difference compared to just intercepting it all and letting it through.
Not being able to look at scripts is another issue, although at least for some purposes you may be able to inject scripts which change the JavaScript objects in order to disable or change some features.
Obviously for this audience. But two of my buddies didn't even know such things existed and were truly grateful when I introduced uBO/Privacy Badger to them.
I can guarantee you that the people that need to be converter won't be reading this article, any more than they will be visiting HN.
> The article mentioned Safari a couple of times
Hmm, I only see it mentioned once, and it makes sense in context, because Safari suffers from the same Declarative API issue (they actually did it long before chrome did).
> it feels almost dishonest to discuss it wothout mentioning that there are better options out there
Again, that discussion has been had ad nauseum, nothings being contributed by mentioning it again.
So this might work for some (and in that case why not just change browsers?) but I wouldn't assume that Google will allow this to be a valid and widespread tactic.
OK, but IMHO that makes the situation worse, not better
(and by the way, some of your employees did say publicly that work was being done towards it)
https://bugs.webkit.org/buglist.cgi?bug_status=UNCONFIRMED&b...
It seems like I'm having to disable something or other with every major update of firefox lately, and as long as they continue to let me disable risky features I'll keep using it. Nothing strikes a better balance between useful and secure like hardened a firefox install, but it takes a lot of vigilance and a willingness to add or modify hundreds of about:config options (after installing https://github.com/earthlng/aboutconfig)
https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-fi...
Unless someone pays me to open them (read: I need them to do work), then I do keep an instance of Chrome around. But only if there is no other choice.
I do not claim to know what motivates gorhill, but so far none of his motivations in building uBO seem to be against my own motivation to use it, so it is fine.
No, he has to be able to support himself somehow. Food costs money. Plenty of people have great motives, few have the means to execute on them.
Sure. Not plenty, but still a lot of people have the means, and few of them choose to execute. Larse Ingebrigsten was a CTO of startup that got acquired and now maintains GNU Emacs. Bram Moolenaar has had consistent job since forever (not sure what % of paid time is dedicated to Vim maintenance). Richard Stallman quit and made his first money selling Emacs tapes. Some open source devs rely on consulting work. Some (Like Drew DeVault) have actual sustainable business model that are not donations (and still give away their services when it makes sense). I do not know of gorhill, but my first guess would be that he has a stable job that pays well enough and doesn't encroach on his private life and hobbies, which I believe uBO is one of.
Oh, and to add to it, it becomes incredibly easier if you find likeminded people to join in. Linus Torvalds is able to take weeks off because GKH is more than capable to handle the work in his absence. Andreas Kling has Linus Groh as co-maintainer to review PRs even considering ginormous scope of SerenityOS. As with everything, more capable minds share the load.
On top of that, uBlock Origin is still just an engine. A large bulk of work (as admitted on uBO README.md) is done in the lists like fanboy's. They are also largely contributor driven (and sometimes donations).
the ublock origin repo actually has a video linked how it works: https://youtu.be/2lisQQmWQkY?t=294
Exactly. I use uBlock to "detoxify" websites and rid them of such nonsense elements.
In order to compete with Chrome most of XUL extensions had to go.
Hyrum's law in practice.
Isn't that the same concerns used in pushing Mv3?
It's a headache early-era iOS developers are familiar with, but this move is basically Chrome team saying "We've watched the community try to implement responsible resource handling, and they suck at it, so we're taking some of their choices away so that the browser can manage resources for the user." Because battery matters.
Mostly this boils down to one thing: there needs to be an alternative to service workers and there are tons of legitimate use cases for long-living background pages or workers. I think by this point everyone agrees on that, the question is when this alternative will be made available to developers. It’s only 3 months until the deadline after all.
> Free. Open source. For users by users. No donations sought.
The only piece of reliable information is this: I once asked Google engineer whether they plan to support declarative cosmetic rules (that's what we do ourselves in MV3 and that's why the extension still requires wide permissions) and the answer was that they definitely do plan to do that in the future.
And then people use and rely on information like this to further ignite their cognitive biases. Seems more like promoting misinformation than anything.
The difference between that and the traffic modification API is the threat model. The third party were to compromise uBlock Origin's servers, they would have a frightening amount of power over millions of machines because uBlock Origin essentially self-modifies; it downloads new rules for what should be blocked. So that breaks the security guarantees Chrome wants to provide; they can't say that the lock icon on a website means anything if a Chrome extension is allowed to arbitrarily modify traffic back and forth as a man in the middle on the last mile and Chrome web store maintainers haven't looked at the source code it's running.
I don't think there's a similar security threat for cosmetic changes.
AdGuard does have an option for users to allow inline search results ads and sites’ “self promotion” ads. More here:
https://kb.adguard.com/en/general/search-ads-and-self-promot...
Not completely full of shit. Declarative rules are a good idea in the general case. Random browser extensions really should not have unrestricted access to the network requests. This is how we get malware.
It's just that uBlock Origin is so important and trusted that these limitations should not apply to it. I'd even say ad blockers should be a built in browser feature but the conflicts of interest prevent that.
They left alone other imperative-but-dangerous aspects of extensions, such as the ability for any extension to watch what you type into password or credit card fields on any website. Actually that sort of extension is even easier to write in MV3 and Google will still need JS-reviewing wizards to give a guarantee an extension isn't snooping your passwords.
I don't think there's a consistent position from Google if the claim is they want to improve security via declarative syntax. I think Google is full of shit.
The heavily depends and I would disagree here. Yes, JS execution is unpopular, but it enables you to make your app behave like you want to. Otherwise it behaves like Google wants to. Google is no scammer at least, but the end result is suboptimal.
If you could implement a declarative language as powerful as an imperative one you could solve the halting problem.
So the switch from imperative to declarative is not free to make and Google has thrown the baby out with the bathwater. They just so happen to lose money every second that baby is alive. On the one hand, the decision to implement this specific declarative language is a malicious exertion of market force. On the other hand it's a stunning display of implementation incompetence. The language can't even reimplement the most popular existing extensions.
Firefox is vastly better in terms of rendering quality for scaled and/or transformed raster images. Chrome always sacrifices quality for performance, with no way to choose.
Firefox's SVG support is also miles ahead, both in rendering quality and features.
Security? Website isolation? Performance? And many other things are just simply better in chromium.
https://madaidans-insecurities.github.io/firefox-chromium.ht...
Yes Google is abusing its influence on chromium, but one must admit, its simply the best engine out there.
So no, one must not admit it is "simply the best engine out there". Not by a long shot.
The number of irritating little performance regressions we'd hit when doing anything interesting with the DOM in Firefox was notable (as in, we noted it in the bug-tracker ;) ). Broadly speaking, I began to assume Mozilla didn't have enough real-world integration tests back-stopping changes to their rendering engine.
I haven't tested in a few years so that information is stale.
Especially when talking about security.
https://madaidans-insecurities.github.io/firefox-chromium.ht...
Does Mv2 really hold Chrome back?
A lot of people even conflate Google Chrome, Google Search and other Google services (understandable, as Chrome's home page is a big Google logo with a search box), so they think that they cannot use Google anymore if they install Firefox.
The stats [1] speak for themselves: only 3.3% of users use Firefox. Even Edge has more users.
I don't know how to solve that problem, since those two outcomes are at odds with one another, but wanted to raise awareness
I can't understand why we have not seen strong regulatory/antitrust action on this front considering the precedent with MS.
The real danger to having a single codebase for the whole web is spec validation. Most web standards rely on two independent implementations. For newer technologies we could technically count WebKit and Blink as separate, but Gecko was providing an entirely separate codebase that isn't a fork of anything.
Remember how WebSQL was basically put out to pasture because it was just SQLite, warts and all, shoved inside the web sandbox? That's the sort of problem we'd rather avoid. Single-implementation standards tend to pick up bugs and misbehaviors from their implementation, since everyone winds up depending on implementation bugs rather than getting them fixed to match spec.
Yes. But adding back in Manifest v2 isn't. Even MSFT claims that it's too much work for them.
Also how much more reliable long-term extension/browser compatibility has improved: I’ve used Firefox Nightly as my daily driver for about ten of the last twelve years, and until 2017 I’d spot at least one or two breakages each year, mostly fairly minor, but the occasional major (a couple of which accounted for maybe six months of going back to stable—and the lead-up to the killing of XUL extensions was another few months on stable because not all that I wanted was ready on WebExtensions yet). The extensions were typically patched before the change hit stable Firefox, so normal users wouldn’t notice most. But since WebExtensions, I don’t recall a single breakage. I acknowledge that the biggest breakages were in functionality that cannot be replicated any more, like Pentadactyl (and I ended up not even trying to replace it), but still, the minor and subtle breakages are just gone.
It will make it less programmable by the end user.
Chrome was definitely a wake-up call, and the Firefox 4 cycle in 2010 achieved a lot. I recall doing audio stuff with the new Audio Data API (sadly since discontinued in favour of the much-more-complex-generally-for-no-good-reason Web Audio API) with a sine waves stress test (adding random sine waves together until underrun occurs) in Nightly, and watching the number it could cope with increase, week after week, due to JIT engine improvements. It went from handling a dozen to handling a couple of hundred over the course of two or three months.
IMHO, practically speaking, the final result of WebExt isn't that bad, especially taking into consideration of the added APIs you mentioned.
It is the shear difference bwtween promise and reality that really hurts lots of power users and addon developers to this day.
Also you mentioned Treestyle as "most of the popular ones", but left out the elephant in the room, Tab Mix Plus, which even has its own Bugzilla ticket: https://bugzilla.mozilla.org/show_bug.cgi?id=1226546 Gesture extensions nowadays are also pretty limited compared to its heyday due to the nature of WebExt.
In hindsight, these promises were just too good to be true, but people were believing.
And the story of extension support on Firefox on Android is way too similar to the last time in the Fennec to Fenix transition. At least this time, users just didn't have much faith in it to begin with.
> In both transitions, Mozilla made sure [to keep top popular addons mostly happy and ensure adblockers are happy]
Those are all fair points, and yes, I was probably too harsh with my language overall, that post written before I was corrected that Mozilla was not developing MV3 the same as Google was.
I stand by my strikes that Mozilla did kill XPCOM, and failed to deliver their promise to release all addons to Fenix on shipping stable versions. They don't even enable about:config on stable Fenix to enable power users to workaround that limitation.
In short, I believe I was 60% fair in my opinion.
So to the extent Mozilla failed to deliver here it's on the replacement APIs. But how much is enough?
I would like lots of things to have APIs that don't. For example I'd like a way to do some basic queries on the built-in Public Suffix List for Firefox instead of needing to either bake the PSL into each plugin (and keep it up to date) or call out to a web API (ugh) or just guess that TLDs are "enough" and make everybody who needs other suffixes mad.
But in that particular case there are two reasons we don't have such APIs. #1 Nobody did the work. I didn't do the work, you didn't do the work, the work didn't get done. #2 In many cases (I think not mine but it's always arguable) the PSL is the Wrong Thing™ and so encouraging more use of the PSL makes things worse.
They used to have an official goal like "supporting top X addons' transitions", so it's not so random about which API they needed to add.
The Emacs OS is still doing well! :)
> "Mozilla did kill XPCOM" isn't a deviation from their stated intent.
The issue is that their stated intent changed over time, and their communication about their precise intentions was often pretty poor.
It didn't help that the Webextension transition came on the heels of the e10s transition (5 firefox versions separated deprecating non-e10s add-ons and disabling e10s add-ons), but with relatively little warning, which meant that:
1. Many people implicitly believed that once they adapted their addons for e10s, they'd be safe.
2. Many people put in a huge amount of work to adapt for e10s and then had to redo a large part of it to convert their add-on into a webextension.
3. Some people put in a huge amount of work to adapt for e10s and found out that their work was pointless because their add-ons couldn't be converted into webextensions.
From a technical point of view, much of Firefox's XPCOM/internals were actually sufficiently stable post-webextension (57) that old e10s extensions could have continued to work with little changes. (e.g. VimFx continued to work with minimal changes for ~30 Firefox versions, on Nightly, with very slight hacking. AFAICT it still continues to work, with slight changes, but now with major hacking to get it to actually install.)
The features, the speed, the security, are all better on chromium.
- Wallet = has to be removed from the toolbar manually
- Crypto background ads = has to be deactivated
- Crypto Exchange ads = has to be deactivated
- Decentralized domain resolving = has to be deactivated
- BAT = Not enabled by default but has to be removed from the toolbar manually
I get your complaint, you want nothing visible to do with our opt-in, off by default crypto stuff. But calling that stuff "out-out" is misusing the phrase. It's off by default.
The New Tab Page sponsored images are non-tracking and not crypto related unless you opt into rewards, so I wouldn't lump them in here. Turn off in slider-widget control at bottom of NTP.
The browser is getting more bloated by the year, they've added some Brave News service now and integrated their paid VPN with their browser instead of making it a separate product like Mozilla VPN
And obviously they started using affiliate marketing, parasite behaviour.
Have you also consulted the actual decision-makers at the world's largest advertising corporation who sign those real engineers' paychecks?
But of course, that would require Google actually take some responsibility and do some legwork and neither of those things are in their core competency.
If Google actually had any goals of improving security, they'd literally just delete the Chrome Web Store and start over and manually reviewing and approving extensions one by one.
The results have not garnered much acclaim.
I suppose you could argue they simply haven't budgeted enough $$$$ to get skilled reviewers taking enough time on each review.
Bear in mind browser extensions completely defeat all the benefits of HTTPS. If we aren't putting them through significant scrutiny there really is no reason for anyone at Google to claim to work on security at all. Extensions need to be treated as incredibly privileged code and vetted accordingly.
I very much doubt the upper management is stupid enough to tell the grunts that they're doing this to kill off adblockers
they know there will be intense regulatory scrutiny on this at some point in the future
the true factors that went into this decision will have been discussed verbally and in-person only
uBO covers most of uMatrix (and more).
Some of that uMatrix coverage is a hell of a lot harder/more awkward in uBO.
Basically every uMatrix user always also ran uBO too, for the more DOM/'content blocking' aspects (primarly 'cosmetic filtering' as it calls it iirc).
uMatrix lets me block all third-party, allow only first-party scripts/XHR/iframes by default, and then in two clicks (including opening the extension's popover menu) allow some specific host's scripts or whatever, while still blocking its cookies/frames/XHR/media/et al.
uMatrix is more advanced than uBO 'advanced mode', and just as easy to use; i.e. easier to use than 'dynamic filtering' or whatever people suggest that's buried in the full-page settings and not something I'm going to be doing 'on the fly' while visiting a site.
I still use uMatrix (and uBO!) and remain thankful for it - I just hope it lasts, not obsoleted by browser API changes or whatever. (nuTensor was forked to take on that burden, but itself now archived. Apparently - I read in another HN topic on this recently - because uMatrix actually did receive some maintenance update.)
However it's not equivalent, because in uMatrix you have even more fine-grained control which content a certain domain in a certain context can load (i.e. scripts, images, css and xhr requests).
with uBlock origins UI you can block by content type and then whitelist the domains which are still allowed and that feels less granular then the uMatrix configuration dialog.
But if you check the generated dynamic rules in the settings you'll see that it supports the same granular controls as uMatrix
For now, because I don't want to be hit by security vulns in the browser itself, I'm holding my nose and doing plain old Firefox mobile, leaving some of the tracking stuff blocked on my Pi-Hole, then letting my wireguard VPN ensure that even when I'm off Wi-Fi, my signal gets routed to my home connection so the Pi-Hole can stop some of the telemetry (but not all! some gets through no doubt).
Why am I holding my nose there? Because my planned next browser, Iceraven [1], is not yet out of alpha and published to F-Droid. I check every 3 months or so, once it is, that's where I'm going, because it's as close as I can get to Firefox Desktop, but runs on Android.
Only caveat I've really found is that it gets stuck on the Guardian's website (after a few clicks).
https://blog.mozilla.org/addons/2020/09/29/expanded-extensio...
It's not a clean experience and I wouldn't recommend it to anyone non-technical but I use this approach and it works fine, at least for the extensions I care about. There's also the caveat that you're running Firefox Nightly which usually is fine but has had big functionality bugs. I'd keep another browser installed as backup.
DNS-based blocking
The good edge is keeping ISPs etc. from messing with your DNS requests, but that sword cuts both ways as it also can lock your own home network out.
DNS-based blocking is as much a "future-proof" technology as "just don't look at the adverts". DNS-based blocking is old, easily workaroundable by anyone (just use the same domain name for everything, or interchangeable domain names, or just don't rely on system DNS), and significantly less featureful than even the simplest DOM/JS-based blocking (e.g. good luck collapsing ad elements from the view, getting Youtube not to play ads, etc.).
Google cracks down on VPN based adblockers https://news.ycombinator.com/item?id=32636412
Newer versions of iOS, Android and Windows support it already.
Old Reddit Redirect
User Agent Switcher
Click to find out what HN says (heh)
Fakespot
Absolute Enable Force Right Click and copy
Page Screenshot
SponsorBlock
[1] https://blog.mozilla.org/addons/2020/09/29/expanded-extensio...
But as a web developer I semi-regularly butt up against bugs in it that have languished in Bugzilla since like, 2014, with absolutely no progress on them.
I have dealt with two (maybe three?) bugs in Chrome ever and one of them was a pretty clear fuckup they rolled back within days.
Maybe you are confusing it with de-googled-chromium et al?
Looking at you Google search results [1] (but I understand their motivation), however I do have one local company site that refuses to move beyond their loading splash in Firefox.
I guess I should be thankful it's no where near as bad as the IE6 days where HTML standards were completely disrespected in the quest for more market share.
[1]: https://addons.mozilla.org/en-US/android/addon/google-search...
Problems would begin once we'll eventually get Chrome-specific functionality or something that Mozilla won't implement due to a variety of concerns, thus simply breaking sites: https://mozilla.github.io/standards-positions/
Then we'll basically be back in the days of IE, except that this time Google will be the ones with the browser monopoly, if we're not already there somewhat - the majority of folks haven't even heard of Firefox.
If Firefox won’t work, edge almost always will. I’m really trying not to download chrome again. I forgot chromium is an option. Is that not maintained by Google?
Firefox has been my daily driver for close to a decade, and I've not run into something that didn't work on it, but worked on Chrome.
But people recommended Firefox anyway for most browsing since it was a better experience on the open web. Eventually it up ended the dominance by giving a better browsing experience except when forced to use IE through bad code, which eventually forced more developers to improve the experience outside of IE.
I personally never stopped using Firefox for Chrome, since there was always some extension that just didn't work quite as well on Firefox for the longest time. I've always found it worked it well.
A popular opinion of a vocal contingent of users on this site always say that Chrome is so fast, without any benchmarks other than their personal feelings for the most part. If Google is going to be openly hostile to extensions like UBlock working as intended I really wonder if they would feel Chrome is much faster if the developers of such extensions stopped looking for work arounds in an actively hostile environment and simply let them experience the garbage that is the current state of the web. They've already shown their hand as being a terrible steward of the web by blocking extensions like AdNauseum that try to destroy all the tracking and privacy violations they've created.
I personally believe all the people who don't have their jobs tied to creating ad garbage would do another exodus. Although I'm sure a vocal minority would create noise on sites like this since their jobs are tied to making the world a worse place.
Only to people like us. The amount of tech-savvy people I see not using an ad blocker is surprising. As a user of an ad blocker, I definitely feel like I’m in a small minority in the real world.
> Without us chrome would likely not be in the position it is today and google could not dictate the terms like they do.
I kind of disagree with this. Google Chrome's current popularity stands on two things:
1. It is a great browser and it does its job very well.
2. Google in the first years was very active with its distribution. And this is not only about the link on their homepage. I remember how 10 years ago every piece of software you were trying to install was bringing Chrome alongside.
Engineers recommending Chrome to their friends and relatives shouldn't be discounted, but I tend to think that it's less important that the two other points above.
Good ad blocking is an essential part of a browser. Even Google who is actively slow boiling the frog knows they can't just hard cut it off because the users will jump ship immediately.
Why should we let Google get away with this? I feel the right move is to proactively take steps that make Chrome very obviously noncompetitive. By not providing ad blocking at all or at least making it a much inferior experience. It needs to be obvious to the users, not just to tech folks.
Consider checking for the Chrome user agent on your personal website. When you detect it, either:
1. Display a screen that encourages to use a browser that respects their privacy, such as Firefox.
2. Show a popup explaining that "for an ad-free experience, try Firefox + uBlock" and add a bunch of fake (or real) ads to a special Chrome-exclusive piece of the site.
If enough of us do this with personal websites, more and more people will stop using Chrome and start using Firefox. You don't even have to cut Chrome users off from the content -- just annoy them a little, and suggest Firefox.
After all, if Google refuses to fix bugs introduced by Google developers who don't test software in browsers other than Chrome (https://support.mozilla.org/en-US/questions/1069227), the least that the rest of us can do is fight back in some small way.
Devs of adblockers should all, suddenly, stop supporting Chrome. Make it a specific date (Jan. 1st 2023?) and make it known.
The web is unusable without strong, efficient adblocking. All power users would stop using Chrome in an instant. Even if they are a minority, the move would become visible on usage charts.
(posted from Firefox on Android)
MV3 will slowly make adblocking more and more useless, like boiling the frog
at which point most people who formerly used adblockers will become accustomed to the ad-infested web again
so.... Utopic best case scenario, 30% of the users? and that's if 100% of People using AdBlocking across the entire Planet were to make a move. and those are the users that don't provide any Revenue back to the Owner, anyways. the average user is using official Chrome, with very few Plugins, maybe like Reddit Enhancement, extra Twitch Emotes, Et Cetera.
I switched back to Firefox a few years ago. Firefox has improved a lot and the overall experience is just far better.
One of the nicest small things is that I've got the full URL back in the URL bar, including http/https!
If Google says, that they value speed of their browser as the main attribute, that mindset if adopted by the fanboys. If Google says you don't need more powerful ad blocking, then that idea is adopted by the fanboys. Google says it, so it cannot be wrong. Anyone saying something different is just being jealous, that they are not as good a developer to work at Google. Google! Oh please! Tell us what to think!
This kind of thinking also proliferates into non-developer communities and people, who look at it from the financial success side of things. Google, one of the biggest tech companies evaaar! Surely they must be doing something right! This developer friend, what do they know, compared to the knowledge of Google employees?! Better listen to Google.
Google has managed to twist the minds of many, who are too open for authority arguments and developers are no exception to that.
As long as we still in some way think, that Google has our wellbeing at heart, I think things will not change. However, I support not supporting Chormium-based browsers any longer. People only learn the hard way, which is, when they have to fight through jungle of ads to use even the simplest websites. Some learn not even then.
Those comparisons never take into account the runtime costs of ads. Yay, code runs 10% faster. It runs 3x as much code and has to wait on a dozen ad servers, but yay!
I just switched to Firefox. I'm typing this on Firefox.
I used to use Ungoogled Chromium.
No doubt it would. Google essentially advertised Chrome at the very top of the search results page. No amount of personal boycotting is ever going to win against that.
Just one example of how it is not safer, that I thought I should mention, on the background of such a blanket statement as "Chrome is safer" : )
Everything works fine on Chrome.
That's obviously done maliciously by Google, of course.
The chromium bugtracker too is full of ancient unresolved bugs, just like gecko's bugzilla: https://bugs.chromium.org/p/chromium/issues/list?sort=id, and I'm sure that if you wanted to you could find a ton of decade old bugs that leave you wondering how those weren't fixed by now.
This just seems to be a fact of life with various browser engines. There are surely all kinds of more or less reasonable motivations to ignore those old bugs, but whatever the cause it's certainly the status quo.
I also managed to find another case where of all things Internet Explorer (!) was the only one (possibly EdgeHTML, too, but I don't remember that any more and now it's been replaced by Blink-based Edge, I can't easily check it, either) that got things right.
Fixed that for you.
I have two issues with this, 1. Chrome is so much worse in respecting its users, it is completely hypocritical to say not to trust Firefox but use chrome. 2. All these posts are actually painting the impression that there is no valid alternative, in fact that chrome is the less bad (freer) choice compared to chrome. This creates exactly the narrative that Google wants, that their choices are really just minor inconveniences and there is no valid alternative to chrome. I mean just in this thread we have seen many posts that state that Mozilla is essentially doing the same just slower and cant be trusted, despite statements and actions to the contrary.
If it sounds like I'm holding Firefox to a higher standard, I am. Their own positioning in their own marketing is based on a moral stance on privacy and "empowering the user". They have demonstrated that this stance is held out of marketing convenience rather than sincerity.
Chrome is the devil you know, you know it is made by an ad company, is filled with tracking, and will always act to support that. Firefox is… Not who they make themselves out to be. That's almost worse in a way.
You do you.
It's a nice idea, but your personal website doesn't matter. Most people go to a Google website at least a few times a day, and they already tell you to switch to Chrome for the best experience. And almost all of the top non-Google websites also have a vested interest in less adblockers, so none are going to riot over this.
Anyway, it doesn't really matter what percentage of all users, just what percentage of techie word-of-mouth types use ad blockers. And that is a very significant percentage.
Maybe your mom can't change it herself but come Thanksgiving she's going to complain about it to you and you are going to fix it so she has an ad free experience again.