Chrome disabling uBlock Origin is a serious security threat(nuage.quimerch.com) |
Chrome disabling uBlock Origin is a serious security threat(nuage.quimerch.com) |
The world has gone crazy. So this relative has casually used the most bloated spyware disguised as a browser for literally a decade, but she can't switch to firefox because 'Mozilla’s recent behavior'.
TBH I added the sentence about recent Mozilla behaviour because it pisses me off but it shouldn't be an argument, you're right.
I have both browsers icons next to each other and sometimes I launch the other by mistake. For normal browsing I only spot the difference due to various pages having different logins ie from my wife or not being logged in.
If somebody is able to use internet (god forbid even do some payments on it) then I am pretty sure they could understand the concept of another, very similar app with same behavior. Sometimes new releases change UI at least as much as those browsers differ between each other.
This is such an unfair comparison, where Google made billions on your user data and Mozilla is barely living off the scraps.
Clearly we should support Mozilla and not Google here.
Edit: Chromium forks/derivatives
Recently, I've noticed a "this SaaS only works in Chrome" trend again. Usually that means "only works in Blink" but it still sucks if you need to use SaaS (for work) that has this silly limitation. I've noticed cheaper restaurant web ordering software tends to have problems in Firefox.
For technical or even semi-technical folks those aren't an issue. For non-technical folks, those issues above can easily lead to a poorer web experience without them understanding why. On the other hand, the author didn't actually call out technical issues
We just don't want to see ads. Isn't that enough?
Seeing: seeing https://github.com/uBlockOrigin/uBlock-issues/wiki/About-Goo...
And asking: What are the diff between manifest 2 and manifest 3 ext?
Answer: https://chat.mistral.ai/chat/9e66fbc8-0df2-4248-a252-5acb6fb...
What is the problem to move to M3? And why is this a ban?
To address this, I bought her a Fairphone with a de-googled Android operating system installed out of the box. This solution works well, especially for those who prefer not to use Apple products.
For enhanced ad-blocking and security, I set up an OpenWRT router in front of the provider's router. This includes features like Adblock, DNS over HTTPS (DoH), DNS over TLS (DoT), and DNSCrypt. This setup has been running smoothly in my parents' house for over three years without any issues.
An http proxy in Python is just a few lines of code. It could simply drop the requests to known ad servers.
And in Chrome, there is a setting to use a proxy.
So all one had to do is run ./my_ad_blocking_proxy.py and set the proxy in Chrome to something like 127.0.0.1:8080?
Think of those "click here to OPTIMIZE YOUR PC" adware junk you'd prefer anyone you provide tech support for to never see
Years ago when I had one of those Intel Atom netbooks you could tell a pretty big difference since it was pretty RAM constrained.
- tiny phone screen
- objectively worse mobile-site
- far worse touch-screen-based UI
- the entire iOS side of things has far fewer choices for any sort of effective ad blocking
Is it possible for a savvy technologist to overcome these problems? Yes, but it's like disabling junk in Windows: you're playing a game of cat and mouse and slowly losing the battle over time.
Dude there are ads on every browsers. And the goal here is to protect her from malwares, not trackers (well at least that's not a priority).
Given how intransparent the programmatic advertising industry is and how often malicious actors have abused such advertising networks to spread malware... there is no distinction to make.
Good ad blocking requires you to be able to look at decrypted HTTPS traffic and remove content from the DOM, including stuff added after the fact by Javascript. That's why uBlock Origin works better than Adguard (which is a https MITM ad blocker) and why Adguard works better than Pihole (which doesn't usually MITM HTTPS).
Simple hosts blocking used to work OK two decades ago but these days so many ads are served directly from the same servers within the same HTTPS connection that it's just not enough.
ironically this also sounds like a security nightmare.
This would give the same flexibility without the need for a browser plugin.
Just yesterday I noticed it managed to block self hosted Snowplow (clickstream analytics) JS library without blocking other scripts on the same CDN/domain.
Much easier solution, which everyone should made years ago, STOP using Chrome crapbrowser.
But the web is unusable without ad blocking, IMO. Necessary risk.
Afaik uBlock benefits from some browser APIs that can do things like prevent content from loading before the add-on is injected into the page so you'd lose some coverage there. I imagine it'd also be fairly difficult to intercept all outgoing web requests (to selectively block them) which a browser is fairly well positioned to provide an API for.
That said, if you build such a product (something that can MITM HTTPS and then inject ad blocking JS on every page or video, or simply rewrite traffic to strip out ads like a packet shaping firewall, etc.) and that can make use of existing filter lists, I'd be very happy (eager, actually) to pay for it.
That is similar to how Adguard works, but that can't run on a router like Pihole does. I don't know how you'd get past the HTTPS cert issue. I think you'd first have to install that custom cert on every device connected to the router, or else have the router completely proxy every HTTPS connection and re-serve it from own domain and cert. Might run into dnssec issues too? Not really sure but sounds messy. Browser extensions don't have to worry about HTTPS and can (or could before manifest V3) directly manipulate the DOM.
That the market hasn't created one yet suggests it might be difficult. But I'd love to see one.
Speaking for me, but this might be because while your points are valid:
> Every single aspect of the experience is worse
this is wrong (I can tell you that when my SO falls asleep hugging me in the bed, the mobile is a far better experience than a laptop to browse the web for instance - the tiny screen is a feature in this case), and it seems you are missing the elephants in the room that explain why people are using mobile despite those issues, and you are not addressing the use cases.
This makes your comment read like you are disconnected from reality. You might not be wrong, and it might just be a matter of changing the perspective a bit. In the new perspective, you would show that you understand why people actually browse the web on mobile and address the issues from there.
"You should not browse the web from a mobile" doesn't help at all. Most people do it, and although it's imperfect, people seem to go on on their lives anyway.
You probably need to motivate your view a bit more (so we can go from "is it indeed the case that we should stop browsing the web from a mobile?" to "this person is right, we should definitely stop doing this, what now?"), and address the specific use cases where people use the mobile and provide alternatives.
Alternatives like "just don't browse at the bus stop, allow your mind to be bored / to relax a bit" are perfectly valid. One can disagree with the proposal, but that's one solution.
iOS has many different ad blockers, including system wide ones that are VPN based. I use a good one that even blocks Youtube ads.
That might be true in theory but I haven't seen many ads in practice. What type of sites are you going to that's laden with unblockable ads?
While you might be right, it's a pointless advice given most internet users since the last decade or more only owns a single internet capable device, which is their mobile.
Using a fork to work around Google marking addons are malicious seems like a middle ground between "living with ads" and "using a whole new browser the author has political issues with"
Maybe you consider those just as bad, though
If you do, you acknowledge that "Chrome disabling uBlock Origin is a serious security threat."
If you don't, then "Chrome disabling uBlock Origin is a serious security threat" seems even more true.
Either way, I'm curious on the size of your bet here. Talk is cheap, and you've only given OP the laziest and most obvious solution. Do you believe what you said is profound and/or an interesting argument?
I’ve had both experiences myself. Sometimes the older folks manage just fine. Sometimes they don’t. Sometimes it’s an aversion to change, sometimes it’s to cope with cognitive decline, and sometimes they just like one thing or the other, just like anyone.
Pro tip - don't try and spread 200k arguments into a function!
Chromium is pretty good about suspending pages when it's left sitting for long periods of time
Firefox engineers are trying, and you cannot blame them (like you would blame Mozilla) because it has not seen the kind of commitment from industry talent that Chromium. There have been multiple re-writes of major components in Chromium, and they tried really hard to keep the codebase somewhat up-to-date. Firefox is comparatively dated, it's not at all sexy; had people understood this, they wouldn't be so quick with jumping to conclusions, & all. There are many objective, engineering reasons why Firefox is lagging behind the gigantic Chromium+V8 ecosystem of browsers and JS backend industry. For some champagne-socialist reason, it's really vogue to call for Firefox adoption, donating to Mozilla, etc. However, it's rarely an argument made on merit. I think, they just hate to admit that Google has largely succeeded in elevating Chromium to the likes of Linux. If you're making a browser in 2025, unless you're making an artistic point a-la privacy, or contra Chromium specifically, you would rather pick it up at upstream like you would pick up Linux, instead of re-inventing the kernel because Linux bad. That is not to say that OpenBSD, or whatever, Plan9—is without merit, just that it wouldn't surprise anybody had you picked Linux for the job. If you hate Google's SWE people, or its leadership that ostensibly could sway the course of Chromium development, then this is probably really painful! If you don't hate them, you just carry on about your business. And so everyone complies. Because why the hell wouldn't you? There's battles to fight, and there's the other kind.
It doesn't help that Mozilla is cutting the branch from underneath itself.
LadyBird and Servo are both interesting projects however I imagine still many years out of their succeed