The design doc — the part quoted in the note linked here even — explicitly notes that it will probably be required to retain some degree of the existing functionality slated for eventually removal until the new API and other replacements cover all use cases; the response linked here appears to (not improperly, in the context of making a case for why much of the functionality is needed) ignoring that and treating the planned intent as removing all of the existing WebRequest API functionality that is not observational for a hard cutover to the new API which does not immediately supports large swath of currently used functionality.
I think the response is appropriate, energetic advocacy, but the HN headline is hyperbolic.
The uBlock maintainer specifically says that uBlock Origin and uMatrix use a different matching algorithm than the declarativeNetRequest.
The title isn't at all hyperbolic. You don't deprecate such important functionality without laying out a full plan for replacement.
Unless there is no such plan and in reality you want to screw uBlock Origin, which I might say is the most aggressive ad blocker available, and isn't owned by a company in bed with the ads industry, like AdBlock Plus.
Oh, the Google fanboys. “Didn’t you read the article? This is purely for privacy reasons.” Nevermind that this makes it harder to actually keep your privacy. Nevermind that this is exactly what people warned would happen in a browser monoculture controlled by an ad company. That’s just a coincidence. It must be, because Google are the good guys, am I right?
This was a terrible mistake by Mozilla, but a test pilot for a limited number of users doesn't seem permanently worse than what Google does in regards to privacy.
Moreover, this presumably didn't affect users who installed via a package manager, while with Chrome the installation method doesn't matter.
However I wish Mozilla was publicly funded, so that they don't have to constantly search for alternative revenue sources.
It also spells out that the new API can consist solely of static, known ahead-of-time rules[1]. The rules are json, so that kills any logic beyond pattern matching. We already know that approach severely limits the effectiveness and usability of an ad blocker. It's pretty much the same as ad blocking with a hosts file, other than being able to also statically provide path info. Imagine a list of "bad sites" and/or "bad uris". Limited to 30k entries to cover the entire internet.
The fact that the plan ends with extensions still able to see all web requests, record all web requests, forward a log of all web requests to any arbitrary endpoint, etc...means the "privacy" angle is pure bullshit. I suppose the "performance" angle is somewhat true, but the net performance gain of NOT downloading all the ads makes up for any performance loss of processing/filtering requests. Sites with ads are faster when you load an adblocker.
The only thing being taken away is the ability to dynamically observe a web request and cancel it. Who uses that functionality outside of ad-blockers? Not many. There's no hyperbole in the headline.
> It also spells out that the new API can consist solely of static, known ahead-of-time rules
If it ends up as effective as Safari/iOS's content blocking, I don't see the problem.
> The fact that the plan ends with extensions still able to see all web requests, record all web requests, forward a log of all web requests to any arbitrary endpoint, etc...means the "privacy" angle is pure bullshit.
Yes, if you grant permission to access everything, it has permission to access everything. The benefit of the rule based approach is that the extension doesn't have to have access to everything.
The privacy angle is being able to move most extensions away from accessing all data in all tabs.
Safari/iOS's content blocking has a 50k limit, not a 30k limit. I don't own anything that can run Safari. Is there a credible comparison of how well it works versus Ublock Origin on Chrome? I'm skeptical that a static list would match up to the ability to dynamically make decisions. If I were in the ad business, I'd immediately make use of ads from the same root domain as the content, or subdomains mixed in with lots of random/changing subdomains for content like images, etc. Voila, static ad blockers thwarted.
Apples rules are a huge pain. Exception handling gets extremely complex (block all urls matching regex R, on domain B and C but not on subdomain D.B). I have not seen anyone yet able to handle the full breathe of the EasyList format.
To get around the 50k limit added by Apple, you must use multiple lists, however domain exceptions must be included in the same subset as the parent rules, since rules do not combine once compiled.
Also, dynamically whitelisting a domain is annoying since you must remove all of the lists form the webview before loading the page. HTTPS-Everywhere is even worse to get operational using Apple's content blocking lists.
But the design document only mentions retaining the old API for features that aren't possible with the new API, such as onAuthRequired. So it would still cripple uBlock
I really like the point the uBlock maintainer's make:
"Extensions act on behalf of users, they add capabilities to a user agent, and deprecating the blocking ability of the webRequest API will essentially decrease the level of user agency in Chromium, to the benefit of web sites which obviously would be happy to have the last word in what resources their pages can fetch/execute/render."
I'm just waiting for the time until websites won't load at all unless you have hardware DRM turned on that will take all of your control away.
>Extensions act on behalf of users, they add capabilities to a user agent, and deprecating the blocking ability of the webRequest API will essentially decrease the level of user agency in Chromium
This is off-topic, but I felt the same way about most data privacy problems. It was my own browser that was giving out the information and I would still like to see better control over it by default. Data privacy laws are simply a bandaid that don't help at all against malicious actors.
Ah yes, I used Firefox' reader mode, but some news sites now don't even properly support that. I may have to remind myself not to go on those sites anymore as well.
> Firefox' reader mode, but some news sites now don't even properly support that
All sites which are on Google Amp. Google, whenever it can, "helpfully" gives me the amp site and then I have to find and click the link to the actual site to get to the "readable" version.
Excuse me, but I believe using a google website to get to content negates the whole discussion over how to prevent webscale surveillance by advertising companies.
In other words, if your "solution" to the problem as outlined in the OP involves google, you already lost.
I'm just waiting for the time until websites won't load at all unless you have hardware DRM turned on that will take all of your control away.
My money is on news sites and other paywall sites doing that first. How long before they stop letting us "open in new private window"? Washington Post doesn't even allow that anymore -- a shame too, since I haven't read a single one of their articles since then.
Extensions should act on behalf of users but, like websites, some don't. A questionable or poorly-maintained extension can do more damage than any single website, and browsers can support user agency by replacing APIs with better ones: an effective declarative API for content blocking would majorly speed up extensions like uBlock Origin and make it harder for other extensions to follow users around the web.
That said, we should all fight for changes that let extensions like uBlock maintain feature parity.
Disclaimer: I'm both a Chromium developer and a uBlock Origin user and speak only for myself.
If you create a superior api (esp w/regards to speed) people will naturally move to extensions which use that api. Then once usage of the old api has dropped significantly, you can deprecate the old api.
It has been proven time and time again, that that's at best only partially true. There are two factors:
If they have something working with one API, they have to have a good reason to re-implement it with a new API. It may be 'fast enough' and reliable, so why go through all that pain?
Or, it's just the long tail of API consumers (e.g. site on the web). Some things aren't maintained and updated, but they don't go away.
I would gladly live in the universe which is a smoking bomb crater of questionable and poorly-maintained browser extensions, than be a wealthy rock star in any universe of amazingly performant extensions, but which are using a browser API which has denied my right to self-determination on my own computer, effectively taking away my ability to say "no" to actions which are then forced upon me. This is like a kind of information rape. And here the suggested "alternative" of static, declarative, JSON-only filters means no programmatic ability to veto requests before they happen. It is effectively forcing users to leap before they look. And this completely arbitrary limit on the number of filters -- and it is completely arbitrary -- is the same kind of neutering mechanism, forcing me to "prioritize" a small number of request vetoes. In other words, it's forcing me choose the manner in which the rape happens.
I think this is the core difference motivating this change: do extensions necessarily act on behalf of users? If that were true, there'd be no such thing as extension malware.
Is it perhaps time to return to using external tools such as Privoxy, Pi-Hole and the like? Privoxy appears to still be around, and (I think) was originally at the forefront of user-managed web controls.
Once the browser reaches its natural Borg-self, transparent user-level tools will be all that provide a semblance of control. Well that, and Firefox.
If a website shows a popover ad, it might be a first-party script putting up a modal, then a third-party iframe with the ad inside that modal.
Blocking at the network layer will leave the iframe blank, but the modal will still be present. It's not such a good user experience, especially for less savvy users who might be confused by a mysterious blank modal.
That's what the DNS-over-HTTPS is about - so your local DNS won't be consulted, instead it will be drowned in the HTTPS traffic. Remember, SNI is going to be encrypted too, so your router cannot distinguish DNS and regular traffic.
What if someone would create a pull request to implement unlock origin natively inside chromium, instead of an extension. If such a PR met all technical criteria, would Chromium project accept it?
Next to no one uses Chromium. The integrations usually start in Chrome, leaving Chromium pure, allowing Opera etc to forge their own path. This is a disturbing trend to change the course of the project, likely due to Edge being based on Chromium.
I bet a decent chunk of the MS engineers lobbied to adopt Gecko instead of Chromium when they decided to move away from EdgeHtml. I wonder what the reasoning was for not going that route, it seems like a huge miss and a total acceptance of a browser monoculture.
Is there a chance that Google's changes here might disrupt Brave's integration into Chromium? I mean, they might be using this WebRequest API to do their built-in blocking.
There are four listeners with blocking ability on the webRequest API.
The design document says "potentially removing blocking options from most events". There is one mention that the blocking ability of webRequest.onAuthRequired may still be required.
From this I deduce that the plan is to remove the blocking ability of the three remaining listeners with blocking ability
uBlock Origin uses two of these remaining blocking listeners, uMatrix uses three of them.
To interject with a potentially inconvenient fact, I think the premise that ad blocking (request blocking) is now obstructed, is incorrect. Therefore this response seems exaggerated to me.
This is because Chrome extensions can use the 'debugger' API to send remote debugging protocol commands to a page, to intercept and filter / block all requests.
There is no need to use the provided Chrome extension APIs for blocking. Google can remove all of them, I think, without effect.
This is because there are multiple ways to do the same thing. Authors/engineers complaining that now they are impeded, are in fact mistaken.
Disclosure: I know this because I have actually re-implemented the blocking from AdBlock Fast using CRDP Network domain.
I don't know, you should have a look yourself. I know that you can intercept requests, and block, provide other payloads etc.
I'm interested in that even tho this is factually correct, it's ignored / downvoted because it goes against the prevailing narrative. Discourse here can be pretty 1 dimensional, it's more like a confirmation bias machine / echo chamber, than a discussion. Just like the rest of the net, no matter how 'smart' the people here are. The same behavior pattern occurs here as everywhere else.
It would be interesting if this can be solved in discussion forums of the future.
An alternative explanation is just that people assume if ad blockers move there, Google will deprecate that API for the same stated reasons.
I did find it, it's called setRequestInterception(). It's marked as experimental, and has a note that it disables caching, but there's some debate as to whether it actually does.
Google is an advertisement publishing company. All the things they do, they do to earn money, not to give people anything. When Chrome first appeared, I was wondering about the extremely huge cost of building the browser and how Google wants to earn from that. Then it started to be obvious: it's all to spy on people. Not from the beginning, but slowly... the google account integration... the forced logging into the account... adding custom adblock (which doesn't block most of the ads)... and now this: disabling adblockers.
I once read that Chrome was created by former Firefox developers. Google is infamous for its code reuse.
Many web commentators continually sound the alarm on Google's increasing leverage and control over a variety of "components" or "intrastructure" essential to the www.
But controlling the browser is, I think, the ultimate control over the web as users know it. Browsers seem to fall outside the purview of www standards. Are there RFCs that tell people what browsers must or should do? More likely, there are standards that focus on servers and seek to accomodate whatever browsers are doing at the time.
The browser can override anything. It can easily modify user intent in subtle, "hidden" ways. It can rewrite "default behaviour" overnight.
To give an example, users probably think little of something like the feature known as "Omnibox", if they even know what that is, but this sort of browser "feature" is of enormous value to a company trying to gather information on what users are looking for.
Imagine the number of DNS queries this bypasses, redirecting what is typed by the user to a default search engine, conveniently preset to point to a Google server.
IE was stagnating, slow, and extremely vulnerable to malicious behaviors. The net result was that the web became a very hostile place, while Microsoft was pitching various "post web" strategies like WPF. Google had been a big financial supporter of Firefox but not to a degree where they could direct the project or push their own agenda. At the time many viewed Firefox as slow and bloated.
So Google made their own thing, and it worked admirably and we might be in a very different world if they didn't. They dramatically improved the state of the art for JavaScript, added intrinsic hostile activity and site blocking, started dramatically accelerating the adoption of technology improvements (by implementing very early proposals, often to much consternation), etc.
The web was less dangerous. Google's cash cow was protected because there was less of a draw to go to alternative platforms.
That, I think, was their primary intention and it was aligned interests with users. Everyone is happy with the web.
And honestly I do think this ad blocking thing is a bit of "fake news" (e.g. it is being grossly misreported). Google is proposing a solution that offers more privacy from the extension, and it seems very similar to what Safari has done (and which is very widely viewed as a great design).
"Google is proposing a solution that offers more privacy from the extension, and it seems very similar to what Safari has done (and which is very widely viewed as a great design)."
It would only provide more privacy if ad block extensions go solely with static lists of uris. If they want to retain features like right-click block, or allowing users to customize the list, static blocks don't work.
These changes do nothing to inhibit the ability to log/store/etc requests anywhere you want as an extension author. They are only removing the ability to cancel in flight requests.
What's your source that the Safari ad blocking approach is viewed as a great design? Everything I look at shows it was a regression in effectiveness. Certainly the various adblock authors weren't thrilled. How well, for example, does it work with YouTube ads?
IMNSHO, Google's obsession is artificial intelligence. They have build a search engine to prove they were better at understandanding content of web pages. To improve their AI, they need to spy on every aspects of our life. They spy on all our web activity, on our phone contacts, on our mails, on our documents and on our deplacements (waze). The fact that this search engine has generated so much money was an accident. Now, Google fights are: political lobbying to avoid being destroyed for monopolistic behaviour, protect and increase their spying means, improving their AI.
Yea, this is also quite terrifying that many companies trick people to install Chrome while installing their software. Trick - because the option is too often checked by default, and sometimes it's hidden in the text so it's hard to notice.
All the I-have-nothing-to-hide people, please publish your bank account, address, SSN, passwords and other information the bank can ask when trying to transfer the money.
Yea, I know... so they really have something to hide, right? So why not to start caring about the privacy and start thinking?
Not one of them, but I hope you realize that this 'example' is completely off mark.
I have nothing to hide if we are talking about that new hifi system I was looking on Amazon, I don't care if google knows what did I have for breakfast, I might even be ok with you knowing my address, but this is fundamentally different from you haveing keys from my apartment or my bank account.
I'm not necessarily of this opinion, but his view is that knowing what you had for breakfast and your address is the same as your bank account # or house keys; it's just that people haven't realized this yet.
Their argument is that the reason why people say house keys, or bank act # is different is because they are protecting something of value. His argument is what you do on a daily basis is just as valuable you just don't know it yet.
The other argument against is "yes my privacy/ daily activity may have 'value', but unlike my bank account or house keys people can't take something from me from knowing it. "
That's more up to opinion, but the argument is knowing you so well, someone can take your independence. A bit dystopian, but imagine n years from now, ML is good enough to predict your responses and behaviors to 80+% of things. Companies now use it to effectively get you to make decisions they want. Combinations of timing, placement, location, repetition, persuasion, counter-argument all to produce a desired result, but unlike present day extremely effective and possibly without your awareness. If there is a way to get our wet ware to do it, ML will figure it out.
Advertising/Marketing/Sales become a game of Go, where you're the Go board. Best ML wins.
We like to think we're fully in control of our decision making facilities, but study after study shows that's mostly an illusion. Our sub-conscience mostly decides for us, and then our brains rationalize this away after the fact.
The fear is that by giving away your emotions, your responses, your ocean 5 factor model, your preferences, your habits, and a playground to test all of this in you are potentially giving up your independence at a future time.
It's all dystopian, it's not guaranteed, but it pans out as all likely directions and very probable tech.
At a certain point, is that necessarily a bad thing?
If the AI knows me so well, it's probably something I would buy/want anyway. If my house starts cooking bacon and eggs in the morning based on it's analysis of me, and there's a 90% chance that's what I want, awesome.
A lot of people already do it with driving. On my commute to work every day, I go the way google maps tells me to. Google is effectively controlling traffic patterns, but it's made driving to work faster.
I realize it could possibly be used for evil, but by the time we get there, most if not all, of the people reading this will be dead by that point, so we'll never know.
Because to a company using ML to impart control over your behavior, you are a $. They want to extract value from you, just like every other company, government, etc... If they become really, really good at this, you are going to have a low standard of living (because you are being mined for value), and make noncoherent decisions constantly (you will no longer be rational, nor have a functional personality).
To some degree, this has already been happening for decades, since psychologists began formalising advertising into a science. Look at the increasing percentage of lower class families and how diminished their average value is. This isn't caused by time localized events, like a 5 year recession or a housing market bubble. This is the result of extremely fine-tuned and effective advertising, that has caused cultural shifts towards greater and more irrational consumerism.
ML allows the advertisers to be much much more effective; they no longer even have to manually understand their market to manipulate it. Again, look at the growing disparity between the richest 1% and the rest of the schmucks. That 1% is soaking up the profits of extremely effective advertising, which the rest of us are paying for.
It's not that they know what you want, it's that they make you want it. And that destroys individuality, creativity and the last bit of freedom we still have.
To add to what @neuralRiot, the mistake in your thinking is that you're imagining AI as your assistant. But it won't necessarily be your assistant, since you don't actually own it and especially if you're not paying money, you're not the customer.
To give an example, imagine if Google Maps took you on an alternative route, not because you'd arrive faster, but because on that route there are ads you need to watch, or because GMaps wants to free the road for some high profile travelers and you're just getting in the way.
Waze is already serving commercials while you're driving. And given the weird routes it has taken me on, I now have no idea if Waze's algorithm chooses certain routes because it would be faster, or because it wants me to watch ads, or because it wants to take me off the main road to clear it for others.
Companies are already doing evil shit with real consequences. Facebook for example did experiments on manipulating people's feelings. Target figured out a girl is pregnant before her father. Plenty of other examples. It's just that people aren't paying attention.
I find the attitude of "I go wherever Google maps tell me to go" problematic. We should be asking more questions. When we don't, we are basically complying to what the government/corporations are asking us to do. That's not freedom.
It needs regulation. In other areas there is also, e.g. cigarettes, alcohol. 'We' don't allow people to e.g. freely consume drugs. The pressure is not (only) on the individual (your: 'start thinking'), The society as a whole has made rules what goes and what not.
There are comparable issues with Google and Facebook. Let economic instruments fix the problems. Tax advertisement. Heavily if necessary.
If I want to drink a Whisky there is a lot of tax (to 'help with my thinking'..;). The same needs to be done with advertisement, imho.
"Cliqz does not build browsing profiles for individual users and discards the user's IP address once the data is collected," the firm added."
[...]
"Consequently, aggregation of user's data in the server-side (on Cliqz premises) is not technically feasible, as we have no means to know who is the original owner of the data," Cliqz says. "This is a strong departure from the industry standard of data collection."
jqt, any chance you work for Google? Because, not to be rude, but this is something someone from Google would say to try to, oh idk, demonize Mozilla so everyone will forget that Google has marketing profiles for ALL OF US. So if you do work for Google, you should probably give a disclaimer, or just not comment at all.
Nope, I intended it in response to the comment you were responding to, but it went dead before I could submit it. So I just addressed it to that poster, and used your comment as a surrogate. Sorry for the confusion!
I do use Chrome. I know my data stays with Google and won't be siphoned to a third party that I don't know. I don't trust Google much but I trust them more than I trust a random third party, "better the devil you know than the devil you don't"
I think it is more a "better the mobster with a vacation home in town" essentially - while a bad actor's interests are aligned. They may still screw you over but if they are greedy ironically on your side.
You can't. But Google is an ad company and an ad company does not just give away their most valuable resource, the data. So it's more about the devil you know then the devil you don't know.
An ad company can sold your data in various forms and formats. Maybe it won't sell your raw data, but will sell you nevertheless.
Even if it doesn't sell your data, it can use your data to make their ads more efficient for you and people similar to you. While that's their business model, they are borderline abusing you in the process. This not something I'm comfortable with.
They sell recordings of your activity for money, and you don't even get a cut. No royalties, no nothing. So they are profiting from your actions, without paying you. Bit unethical right? I generally consider my time valuable enough to sell it, and my actions even more so.
> and an ad company does not just give away their most valuable resource
Correct. They sell it for money. How exactly is that better at keeping your private data private? Google's power doesn't reside in the fact that it keeps your data private but in the fact that they have a constant flow of up to date data. When you hand over data to a company whose revenue (also) officially comes from monetizing it your privacy is forfeited.
The point you made is (simplified) "Chrome is better than Firefox for privacy". Yet you brought nothing to support this beyond "the devil you know is better". Especially since Google is heavily relying on marketing your data to the point where they gather it covertly or force users into privacy breaking situations.
Common sense would lead anyone to assume they don't collect it just to flip bits on a storage device. Just when you thought you knew the devil. Knowing this guess you'll drop Chrome now, right?
[0]-[over 9000]
So tell me about this devil you know and how exactly knowing all that still pushes you to believe it's the better option?
Ok... I'd read it for you but that's not how it works. So here it is in nuggets:
> "Both Android and Chrome send data to Google even in the absence of any user interaction," the study finds. "Our experiments show that a dormant, stationary Android phone (with Chrome active in the background) communicated location information to Google 340 times during a 24-hour period, or at an average of 14 data communications per hour."
> So yes, fuck Mozilla, they can burn.
Ah, ok, I was waiting for you to change the narrative from "Mozilla bad, Google good" to "I have no argument, I just don't like Mozilla".
And don't get me wrong, you have every right to like whatever you want. Just don't pretend you have valid objective arguments.
Sure, if you disregard the entirety of my post it looks like Mozilla is full of saints. The truth is that they've backstabbed me several times and I won't allow them to do it anymore. Take from that what you will. Maybe, if the Mozilla Corporation changes hands, I will trust them again, but as it stands now, no way.
Wait, I thought you are are using Chrome because unlike Firefox they (Google) never backstabbed you. Except they actually did so your argument turns into "Mozilla sometimes employs the same tactics as Google but I'll pretend Google doesn't do it to justify my personal taste".
I have 0 interest in telling you what you should like or use, or pretending that Mozilla always plays fair. I just felt compelled to point out that the justification you presented here is horse manure. You use Chrome because you want to. Don't try to sell it as an objective conclusion even if it's written in the same sentence as a related objective argument. One is not based on the other.
Objectively both Mozilla and Google resort to trickery, only the scale is vastly different for the company that lives on monetizing your privacy. And mind you, I use Chrome 90% of the time. But I'm not fooling myself with explanations like "Google will protect my privacy" and "the devil I know must be good".
Here's a short list of other horse manure conclusions that can be extraneously drawn from accurate and objective arguments:
-I drive a VW car because GM was once caught cheating on emission tests
-I use an Intel CPUs because AMD CPUs once had a bug
-I use Windows because Linux had a vulnerability once
-I use Chrome because Mozilla once gave/sold my private data to some 3rd party
>people who dont care about their privacy will keep on using Chrome.
Which browser are you using?
I think some people who care about privacy have just been worn down to the point where they've given up and don't necessarily believe they gain much from the inconvenience of avoiding things that work for them. I'm not sure that's totally irrational.
Once upon a time, you could tweak your HOSTS file and/or install some basic software, and adopt a few behaviors to get reasonably strong privacy.
Now, between all of the data breaches, tracking at the device/ISP/carrier level, nefarious privacy policies (including IRL), business models that depend on collecting, selling, and protecting data, app glut, sophisticated malware and fraud, etc. ad nauseum: it's like a multi-front war to keep your PII. Truth be told, most of us have shockingly less knowledge than we think WRT how much of our data is "out there" and who has access to it.
Through this lens, it's understandable that some might care but think it doesn't make a tremendous difference whether they use Chrome or some other thing.
Not to say it's hopeless, but at some point certain "precautions" inconvenience us more than they provide any marked improvement in our overall privacy. I'm not even sure which browser to trust more than Chrome anymore. So, I use Chrome for its features, active maintenance, and standards compatibility.
EDIT: I'd be curious to know what others are using.
Chrome doesn't log you in automatically, it just shows your Google account in Chrome if you've already logged in to your account. There's no sync happening.
When a company tells me where it's going by increasingly "encouraging" certain behaviours as their product matures I take them at their word.
Profiles went from optional, to on-by-default but could be disabled via chrome://flags, to on-by-default but could be disabled via command line arg, to cannot be disabled, to logged in by default but not syncing. Where this progression is going and what it's trying to promote is not rocket science.
> I really just don't understand the obsession with Chrome, especially in hacker communities.
Chrome used to be very lightweight, fast and basically unseated IE as the top browser. It got that love because at the time Firefox was bloated and IE had a stranglehold. Chrome was also safer with a process per tab. Chrome made web browsing/dev pleasant like Firefox/Firebug did and it really took off being based on Webkit like Safari which also worked well on mobile. Chrome (and Safari) or Webkit pushed HTML5/Canvas/WebGL/SVG into real world use which changed the landscape of browsers.
Nowadays Chrome is bloated like Firefox was, has a stranglehold like IE did, is now pushing its own market standards and breaking existing open/market standards and generally being a forceful, non respecting to standards, web browser. It sure is unfortunate and another sign that bizdev/marketing/executives rule over engineers at Google now.
Firefox was top dog when chrome came out - it had unseated IE already for many users fed up with XP-era crapware.
Firefox was not simply 'bloated', but designed for classic HTML rendering at a time when javascript (aka 'web 2.0 ajax') dev was taking off and memory was not as abundant as it is now - though slow, it was more that the core architecture was out of date than it was 'bloated'. Indeed firefox was already a stripped down version of 'the mozilla suite' (see also seamonkey, thunderbird, etc - all of which predate chrome).
Chrome then came in, borrowed another project's browser engine, and decided to say 'screw memory, just fork processes' and avoided the whole multithreaded thing all together, oh yes, and open blank tabs faster with a little animation for perceptions sake.
This facilitated html5/javascript bloat, and by extension kept it in the lead as the only browser that could handle it.
of course I'm biased here (as is parent) - but chrome unseating firefox which unseated IE is born out by the facts.
> Firefox was top dog when chrome came out - it had unseated IE already for many users fed up with XP-era crapware.
Maybe in mindshare for devs but Chrome officially unseated IE browser saturation in 2012. Firefox didn't pass IE until 2015 [1].
Firefox was amazing on its resurgence in mid-2000s but did get into memory/bloat stages that opened it up for minimal/performant Chrome that was also more secure at the time primarily due to the process per tab. This possibly did lead to more js bloat later, initially it was lightning fast and also had a debug console and was based on Webkit which was better than Firefox rendering.
Firefox definitely saw Web 2.0 come in from 2006 on and was revolutionary in web development/debugging with Firebug and eventually that was part of the browser and is now industry standard to have a console/debugger on the browser.
Most developers were using Firefox by 2005-2006 and then Chrome a couple/few years later and it has been top for almost a decade now.
> Chrome made web browsing/dev pleasant like Firefox/Firebug did and it really took off being based on Webkit like Safari which also worked well on mobile.
This is the big one for me. When I'm not developing I actually prefer to use Safari-- I like it's interface better and it feels more at home in macOS. It's "good enough" too.
What I'm really a user of is the Chrome Dev Tools. Firefox's are looking quite solid lately but I just haven't switched over.
What I'd love is to have Firefox dev tools functionality in Chrome.
Firefox highlights the edge lines of the selected element automatically, and in all directions (if I recall correctly). I have to use an extension – VisBug – to achieve that in Chrome.
There's also the fonts window, which lets you in on what fonts are used on the page, and lets you modify the selected element's font settings – size, weight, slant/italic etc.. I pay a lot of attention to typography, so that part is important to me.
There's plenty to like about Firefox, like the Awesome Bar, has better bookmarking, is able to handle a huge number of tabs, has the "Multi-Account Containers" extension (with its offspring, e.g. "Facebook Container"), or the "Tree Style Tab" extension, just to name a few.
Also that it's not Chrome or based on Chromium is reason alone to like Firefox, because we need diversity for healthy web standards. That Chromium is open source is a red herring and open standards are more important.
I know developers have been preferring Chrome and for good reasons, but I've switched back to Firefox for the last 3 years and personally I find it hard to use Chrome these days, because Firefox has a better UI.
The only downside is that Chrome's dev tools still has some capabilities that Firefox lacks, but Firefox has been improving a lot, as you have seen.
1. I never asked for any of that response, nor did the situation imply that I needed to learn about the points stated to make a better decision.
2. There's a general passive-combative conversation about browsers going on ("I like Firefox, I don't get why people like Chrome" and vice versa) that I never wanted to be a part of, mostly because of how disrespectful and counterproductive it is.
3. In a thread about ad-blocking, I got what is effectively an ad for Firefox.
I don't want any of this nonsense on my side of the table. "Use my product because I value it!" No, go away, I don't need this.
My choices are rarely uninformed. I spend time considering what to pick where I'm able to. I'd like my choices to be respected as such – not have my face plastered with someone else's unprompted opinion.
Here's an example of a better conversation:
– I liked this part of Firefox, and I wish it was in Chrome too.
– Do you not like Firefox whole, then? If so, why?
– Because of X, Y, and Z. I used it intensely for a month or so, so I got a good look at the way it behaves. I know X is solvable, but not Y or Z (I tried), and they're critical to my browsing experience.
– Okay, I see. I hope you consider (browser diversity, or whatever issues using Firefox's supposed to solve), because they're important.
– Oh yeah? Can you tell me why?
...and so on. A respectful conversation that sparks curiosity and provides context, without annoying any of the parties in the process.
Otherwise, you get what you give. Seems a fair approach to me.
Nobody here is nearly as combative as you. Look up projection.
You'd like your choices to be respected, but you are incapable of offering civility. Is that also a choice we should respect, or is it beyond your control?
And didn't get to this spot on any kind of technical or feature merits, but essentially by relentless nagging on the Google search page to have users install it. Sure, devs/geeks etc were eager early adopters, but the bulk of users were steered this way by Google.
I got the "love", because it was (and still is) advertised on google.com. Most non-technical people readily install malware when prompted. If malware is advertised on google.com, they will install it more quickly.
Microsoft have been stalling IE development for years, which allowed Mozilla to gain huge marketshare. This resulted in a lot of people learning, how to install a third party web browser. By the time Chrome was unveiled, Mozilla have coincidentally slowed Firefox development to a crawl. I remember the point, when the stable Firefox version was close to unusable, while everyone technologically proficient used a development release. It have been so bad, that some addons simply recommended not using the stable Firefox version. Btw, things have only gotten worse since then.
Chrome's dazzling success is result of it's aggressive advertising as well as sabotage and mismanagement, that killed off alternatives.
I feel the same. I keep Chrome around, though, because it seems to be the new IE in the sense that I frequently encounter sites that simply don't work properly in either WebKit- or Gecko-based browsers. It's also the new IE in the sense that I get incessant reminders about how I should be using Chrome when I access Google-administrated services, which feels like a surprisingly blatant if still implicit admission on their part that an open web simply isn't a concern or interest of theirs. I never really believed otherwise, but still.
Firefox just doesn’t have enough advantages yet that would convince someone comfortable with Chrome to switch over. While privacy is an ever growing concern, it isn’t a strong enough feature for most people.
> While privacy is an ever growing concern, it isn’t a strong enough feature for most people.
At the end of the day, this is the end-all-be-all argument to the Facebook and Google duopoly. People just don't give a goddamn (excuse the language) about their data - they simply do.not.care.
I believe my generation (Y), and possibly a few after us (X, etc), will be known as the generation(s) who didn't think privacy/data was that big of a deal - until one day it was.
The Temporary Containers was a nice add-on built on top of that.[0] While it's a pain in the aspect of cookie-use across domains (like logging into Azure), it's other features out-weigh the initial nuissance - like automatic deletion of the container, as soon as the last one for that particular domain is closed. All of this is, of course, configurable.
This wasn't meant to be a plug, just a happenstance of "if you like 'x', have you seen 'y' based on it?". =]
They're a nice feature, although after a long while of trying, I ended up using just the Facebook container. The main container extension felt like too much work in regular browsing, and the tracking protection seems otherwise adequate when combined with uBlock.
Sadly, Mozilla also seem to promote containers as an alternative to user profiles, while they're nowhere near as full-featured - sharing saved logins and bookmarks between my "personal" and "work" containers is almost never desireable. Managing and switching profiles, on the other hand, is virtually unchanged since the Netscape Communicator days.
That's because you weren't properly setup with containers. I have 4 sessions going on right now, without any manual intervention. Facebook, work, Google and default. All interacting as intended with their assigned domains as isolated sessions.
They do have some parts that are Firefox-exclusive. This is an easy advantage to have over your competition practically for free. I hope they see that.
A major problem is also that google websites run like crap in firefox. Gmail takes 20 seconds to load and don't get me started on youtube studio. Even the "feedback" button is broken in firefox so I can't even report the bugs I find.
I'm at the point of installing chromium just to be able to manage my videos, but I refuse to give in.
Plus Chrome just works better for a lot of sites. That might be because the site isn't properly coded, but users don't care. They just want something that works and more often than not, that's Chrome.
My main browser is Firefox, but I have to switch over to Chrome more often than I would like. Electron is also based on Chromium, isn't it? IMHO, the rise of Electron just reinforces Chromium's status and I think Microsoft is going to accelerate that trend (I'm guessing MS adopted Chromium because of Electron).
In a couple of projects I'm currently working on, the CSS for them was causing me problems between the 2 browsers. Willing to admit that I don't have an intimate familiarity with CSS best practices. I look up what I think I'm trying to do, and then implement what I've found. I primarily use Firefox while I'm coding, and then only check with Chrome and Safari periodically. I've had to circle back to fix CSS issues specifically for WebKit not rendering as expected. Eventually, I can get to something that works across all the browsers I have access (no Android devices anywhere).
It's the same for Gmail, but this isn't Firefox at fault. It's Google doing this on purpose by using the old, experimental, non-standard ShadowDOM V0 API, which only Chrome supports, and then using that across its products to break non-Chrome based browsers. Please don't reward them by using Chrome just because of this. That only shows them that such abusive behavior works.
That is very interesting, thanks for sharing that information. I never did use Chrome other than testing it out for less than a day, finding issues with various sites and uninstalling it. Firefox instead since it was in beta (Phoenix) and never left. Never had a real problem with it.
I do use Gmail, and don't have any but have long planned to move to Outlook.com.. perhaps knowing about this ShadowDOM issue will spur me on to make the move.
Google only has one product that's truly best-of-breed (Maps) and I don't mind using it, but don't want to be entirely in any one vendor's ecosystem. I would say Youtube is the best of its kind, but it's really held up by its community, not functionality as Maps is. Outlook may not be the absolute best for privacy either (it's also no-charge), but it at least gets me to a place where I'm well diversified.
Google Maps, Youtube, InoReader, Outlook, DuckDuckGo all on Firefox with containers is a good enough of a spread for me.
Enough people use Gmail and YouTube that maybe it would make sense for Firefox to add support for ShadowDOM V0 API? It might not be a W3C standard, but if Google uses it heavily then it's a defacto standard.
They could, except that would effectively show Google that it can dictate what other browsers implement, alter its products on rapid basis to regularly break them etc. and at that point there's almost no point to an alternative, since we'd we're fully back in the IE era again, which is why I don't think it's a good idea.
If one cannot avoid it, I think it's a better idea to create Chrome desktop shortcuts for Gmail/YouTube and use Chrome exclusively for that, if you cannot use a desktop email client for Gmail and VLC/mpv/youtube-dl for some reason.
Firefox doesn't have the market share to push back on Google. The best way for Firefox to grow is to make the best browser from the user's perspective.
I get that, but this seems like controlled opposition.
Moreover, once you give in on this, what's Google going to do next? Use APIs only in Chrome that Mozilla needs to implement only after they're made public in Chrome by literally looking at the source code? There's always going to be a lag if that's the dynamic, so there's always going to be the perception that Firefox is behind.
Moreover if Firefox adopts it, it makes it more likely to be adopted by Apple too, since Google's now not the only kid on the block to support it and now you turned it into a de-facto standard.
Mozilla already partially caved to Google in pursuit of the "best browser" as perceived by the average user. That was on DRM. Now I say partially because at least they made it opt-in, but so they caved and next Google came up with this thing.
If you going to keep paying ransom, you're going to have a lot of hostages.
> IMHO, the rise of Electron just reinforces Chromium's status
+1. I'm hopeful of Servo. So far it (ServoShell) also a good 50MB smaller than Electron which would be a very good reason for developers to switch. It'll all depend on API compatibility at the time of release I guess.
Interestingly, this is the opposite of my experience. I browse solely on Firefox and don't encounter sites which only work on Chrome at all (at least as far as I can remember right now). I wonder what's different between our browsing habits that's causing this.
I was doing some work with very large data sets in Google Sheets last week. I started hitting row and cell limits. Personally, I think a database is more appropriate for what I was doing, but spreadsheets are more grokable by non-techies.
In Firefox, macOS was showing 4+GB of memory usage and formulas would take hours to run. I switched to Safari where memory usage was closer to 1-2GB, but it had this habit of refreshing the page as soon as you switched away (before a formula would finish running). I finally switched to Chrome and memory usage was about 1-2GB and heavy formulas behaved in a way more predictable manner.
Is that really relevant? I'd be happy if you could point me to a more capable tool. Zoho and Excel Online have never really made it onto my radar, but if they perform better in this situation I'd check them out. A lot of people are tied to the constraints they have.
Using both for years, Chrome has just been faster and more reliable. I don't do web dev professionally, but I use multiple browsers in tandem and often try to use one full time every once in awhile. On my old laptop, I'm pretty sure Chrome was the only one to support webGL for whatever reason. At work we're stuck with Firefox 38.3.0 ESR (Cent6/7) and Prometheus Alert Manager (and I also believe Prometheus graphing interface) has broken widgets, but Chrome works. Chrome has always seemed to better support the very few websites that require crazy performance. This was even the case when we would have an ancient version of Chrome and a new version of Firefox. It sucked when Firefox switched plugin architecture and Google Hangouts never added support. Now Google Meet does not support Safari.
I'm not saying any of these comparisons are "fair" but its what I deal with day-to-day.
Apparently they're WEBP images and my version of Firefox (version 64) doesn't support them, but searching online I read that the upcoming Firefox version 65 is suppose to fix that issue.
Strangely enough, the images were working fine a few weeks ago on the Adidas website, but I had a different Firefox issue. When I clicked the images to see the fullscreen view and zoomed in, they wouldn't pan or drag correctly, so 80% of the image was hidden off the screen. In Chrome, they worked as expected.
That's one example, but as I said, I get these kind of issues almost daily from companies that should know better. I still primarily use Firefox because I have no trust in Google, but I'm forced to open Chrome on a regular basis to resolve random quirks.
> Apparently they're WEBP images and my version of Firefox (version 64) doesn't support them
I loaded the page with Firefox 65 beta and all the images worked for me. The site doesn't seem to be serving WebP images to Firefox. When I checked all the image types via Page Info they were mostly JPEGs with some PNGs and one SVG image.
There's probably some other reason why the site is broken for you. Have you perhaps changed your browser's user agent string and so the site is giving you WebP images because it thinks they will work?
It's a pretty standard Firefox installation (I also tried disabling uBlock and resetting my privacy settings), and I just confirmed the user agent looks normal, Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0. I think it broke when I moved last week from one EU country to another. Why that would make a difference, I don't know, but Adidas is now serving me WEBP images in Firefox 64 regardless of my browser settings, whether I clear cookies, use a private window, or choose different regional versions of the website.
So, I'm left scratching my head and using Chrome to browse the site.
I was working on my taxes last weekend and I hit a bunch of them. ADP, the 401K and FSA provider sites, Aetna, and a 529 saving plan site are all ones I can think of off the top of my head.
Firefox does not stack tabs like Chrome does and does not load all the restored session tabs at once either. Aren't these dumb design decisions enough to switch to a product where people actually think about how it's going to be used?
also, if you use Autodiscard plugin, you will find that FF use less RAM and Ru. more faster. Essentially discard and suspend tabs that you aren't using.
Laying all the trans at one cripples my core i8 system for some time. Firefox's lazy tab loading is a much better user experience. Together with TreeStyle Tabs and the recent multi-container add-on, Firefox is just a better experience.
I used to be a fanatic about tree style tabs, but due to the new api, it's unusable with containers. I recently switched over to vertical tabs for that reason. I miss the tree layout, but at least now my tabs maintain their ordering.
I'm sure you're aware that not every user will have the same experience with a piece of software. There are a couple of bugs referenced in the Github issues for TST relevant to containers. There is a workaround, but I experience the issue again within a half hour. Not worth it to me.
Alright, it's just that the phrasing - blaming it on the new API - made it sound like an inherent flaw that would affect everyone, which definitely isn't right.
I use Chromium on linux because Firefox doesn't have touch-screen support and smooth-scrolling feels a little rough. I wont hesitate to switch over if these changes are made though.
+100 This is the first setting I change on a new Linux laptop install.
You can also disable smooth scrolling only for the touchpad in about:config to keep the animation for scrolling with the keyboard. Search for "smooth"; I think it's the mouseWheel one, but I'm not at home to verify.
I find the touchscreen support to be pretty good with Fedora's patches running on Wayland. I think these patches are slated for upstreaming, so get excited!
Disclaimer: I contribute to Firefox and enjoy it quite a bit.
Chrome is still the best performing browser (even if it's a resource hog).
I tried using Firefox for Linux for about 6 months last year, but had to give up. I got frustrated with the random UI pauses/latency, random crashes, and broken web rendering (not its fault). On the other hand, Chrome just works, and provides a very smooth, low latency experience on Linux. I don't like that I have to give up my privacy for a decent browsing experience on Linux, but that's the state of things.
Yeah, it's totally anecdotal and just my experience. I would really like to use Firefox. I may try it again. Quantum made such a big improvement on Linux which is why I gave it a shot and stuck with it so long. But it still had issues for me.
Hmm...that is super strange then. Intel has definitely been the most solid for me when it comes to GPU stability, including in Firefox. I primarily use a workstation with an AMD GPU, but have a secondary laptop with Intel and had no issues with Firefox there whatsoever. I am also on Arch. The only time I ever experienced frequent crashes was when I was testing the Wayland build early on, (they still happen sometimes on Wayland, which is still experimental in Firefox, but on X things have been solid for me).
I am honestly perplexed what the issue could be then, I was sure you were using an NVidia with the proprietary drivers or something like that, as such setups have caused me trouble in the past.
The only thing is I wouldn't recommend turning on WebRender for everything yet, but it's not on by default so I doubt you had it on.
I'm currently running the experimental branch of Firefox on Linux and IMO things have improved a lot since then. I had similar issues, especially with tabs that crashes / get stuck when watching 3 or 4 twitch streams. With the latest releases almost all has gone away (cant remember any crashed tabs in the last few months).
The dev console is better than Firefox one. It's faster. Minimalistic interface is great. HOWEVER - Firefox console is catching up. Firefox is fast enough. Chrome is getting more and more bloated and interface is starting to suck compared to initial version of Chrome. Now they're trying to do stupid things and promote ads more and more. It gets worse every day and hopefully, they'll screw up to the point it dies. I loved Google before, now I'm disliking them as much as I do Facebook. I root for Firefox, but it's still not there yet.
Guys who maintain Firefox - thank you. I hope I'll join the FF users once more in the near future.
It's still slower than other platforms but it's much faster than it used to be. I've been using Firefox exclusively on OS X / macOS for a year. The only problem I've seen is that it sometimes uses more CPU than is reasonable, which often appears to be due to Gmail's terrible implementation.
I've always wondered how Chrome and Firefox password storage fare in safety. Are they both equality trustworthy? Are the encryption technologies comparable?
Firefox has this in nightly too (possibly only in US). It's been there a while and works well, I don't know why it hasn't moved on from nightly, to be honest...
I've been using 1Password for years now, and it has extensions for both browsers. Now I'm portable and not locked into a single browser. I had a friend nag me for a long time because I was too lazy to try it out. Once I did, I have never regretted it.
That's really how I feel about all browsers since Opera did a U-turn and re-made their product into a Chrome clone. Firefox can get quite close with a bunch of add-ons, but not enough.
I'm invested in the Google ecosystem, and have recently got myself a Pixel Slate that I carry everywhere as my primary computing/ media device (no more separate laptop and tablet). It would now be silly of me to use Firefox in place of Chrome. Moreover I have got nothing to hide, so all these privacy-fears don't concern me; in fact I often feel like they are being overblown.
I'm sure you believe that's true, but I suggest that your belief is based on a certain confidence that the people pouring through your data are fundamentally acting in good, or at worse neutral faith.
However, if this data ever gets into the hands of someone acting in bad faith, even the most innocent behaviour can be weaponized against you. Let's say, for example, that you are wrongly suspected of committing a crime, and the investigating police are more interested in cooking up a conviction than determining if you actually did it.
All sorts of details about your life can be leaked and "spun" to make you look very, very bad. You went to a bar on a certain evening? So did these known crime figures. Were you meeting them?
You spend time on Hacker News. HACKER NEWS. You could find yourself the target of a smear campaign designed to turn public sentiment against you.
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."—Cardinal Richelieu
If you hand over your data without hesitation to a nation-state or to powerful and unscrupulous corporations, I believe you will discover that there is no such thing as "nothing to hide."
People who feel that they have “nothing to hide” don’t quite understand the extent to which they’re being mined for personal data. Google offers all of this amazingly polished software for free so naive people like you will feed them your browsing history, email, location and search queries. They will then monetize that data by targeting ads to you, which generates over 80% of their revenue.
If you are ok with that and still think you have nothing to hide, ask yourself if you’d be ok with this trove of data ever being exposed publicly.
Ever googled something embarrassing? Perhaps a medical condition or symptom?
Sent a very personal email?
Visited a less than savory location, or lied to an employer about your whereabouts?
I’d be willing to bet most people have some data that could be weaponized for blackmail.
Surely many people (especially the ignorant) will find Google’s products and services “worth using” but privacy concerns are anything but overblown.
I did a factory reset on my Android phone today and was depressed when I realized the vast number of settings I have to change in order to get even a small semblance of privacy. App permissions, location history, disabling of default apps; the list goes on.
> ask yourself if you’d be ok with [your browsing history, email, location and search queries] ever being exposed publicly.
I already did, and the answer was "Yes, I'd be okay" (although the likelihood of that happening is extremely rare).
> Ever googled something embarrassing?
Use incognito mode.
> Perhaps a medical condition or symptom?
I have only one medical condition, which I'm not embarassed to talk about publicly (I already do it).
> Sent a very personal email?
I rarely send "very personal"/ intimate information over email in lieu of just talking over phone.
> Visited a less than savory location,
Never in my life.
> or lied to an employer about your whereabouts?
I never had to do it (why would I?).
> I’d be willing to bet most people have some data that could be weaponized for blackmail.
If--note "if"--I were to engage in an activity that could potentially be used to blackmail or harm me in any way, I would of course be doing it in as private manner as possible. However it would be silly to spend the rest of my normal life cowering and being phobic to technological advances.
> Surely many people (especially the ignorant) will find Google’s products and services “worth using” but privacy concerns are anything but overblown.
You confuse being naive (in its original sense of the word) with being ignorant. But I guess that's what fear does to one.
Yes, they are likely tracking users in incognito mode. You're still loading google analytics or doubleclick resources on many, many sites. Merely making that request (or any request to a google property) gives them your IP which is static enough to identify a household or corporate complex based on previously gathered data. From there these javascript libs phone home every bit of data they can from your browser, including UA string/browser minor version, plugins, resolution (fingerprinting). This can further narrow things down to an individual device you have used before, especially if you're just popping in and out of incognito.
Google also operates some of the most popular DNS services 8.8.8.8,8.8.4.4 which can capture domains you query from your IP.
There are various measures you can go through to stop this to some degree, like DNS blocking, client-side ad/tracker blocking, VPNs etc. but to go all-out is very cumbersome and I'm not convinced that it would even be 100% effective. Google's business DEPENDS on collecting your data and tracking you, and they are very, very good at it. I highly recommend reading "The Age Of Surveillance Capitalism".
This is a flawed study by a Google's competitor (the for-profit organization called DuckDuckGo). FTA:
> Following the study’s publication this morning, Google told The Verge in a statement that it found the methodology flawed and the findings misleading. “This study’s methodology and conclusions are flawed since they are based on the assumption that any difference in search results are based on personalization. That is simply not true,” a Google spokesperson said. “In fact, there are a number of factors that can lead to slight differences, including time and location, which this study doesn’t appear to have controlled for effectively.”
It is a shame that you are being downvoted. I (like a lot of people here) disagree with you, but you have a point of view shared by a lot of people. It's an important point of view to consider and engage with because my impression is that it's the majority view from the population - based on their actions, they don't care about their data privacy if it gets them gmail for free.
For a lot of people they possibly hold that view due to a lack of understanding about the situation, but some people like you understand the situation and still are OK with it. That's an entirely reasonable point of view which should be eagerly debated with.
> It is a shame that you are being downvoted. I (like a lot of people here) disagree with you, but you have a point of view shared by a lot of people.
People are notoriously bad at acting in their own best interest. I recall reading a forum, where a guy asked for medical advice, because he was diagnosed with fibrosis (his lungs basically got scarred all over). His work required him to continuously inhale toxic exhaust, and he wanted a way to avoid further health complications (but keep a work!) because "the pay was good".
Fibrosis causes you to cough non-stop and significantly increases probability of dying from lung infection. Compared to that, using Google's products does not result in any visible long-term effects on health. Therefore, it is natural to conclude, that using Google's sites and services is safe, healthy and should be widely encouraged. It does not matter, that Google uses anti-competitive practices to monopolize market, restrict user freedom and lead us to future, when we won't be able to refuse shoehorned "services", shoved in our face, right?
Please stop with those creepy "understanding" antics. Encouraging self-harm is bad, and wishing to view advertisements is definitely a form of self-harm.
You are essentially deciding for me that what I choose to do with my technological choices is "a form of self-harm" (when in fact I only experience total pleasure).
Is it really that hard to comprehend that, when one does not share the alarmist feelings of the crowd, they will make intelligent choices based on personal preferences?
Don't mean to insult you, and some people just have an easier time opening up about everything, but a life with nothing whatsoever to hide sounds limited, uninventive and uninteresting.
> a life with nothing whatsoever to hide sounds limited, uninventive and uninteresting.
Ever familiar with the phrase "un unexamined life is not worth living"? Here, of course, the thing to be examined is your belief that a life with nothing whatsover to hide is limited, uninventive and uninteresting.
What about his address, and his family and friends' addresses, as well? What about his income, where he works, the time he leaves for work and the time that he gets back? And the street he grew up on and his mother's maiden name?
Chrome is deeply integrated in ChromeOS devices (should be obvious from the naming), of which the Pixel Slate is what I own. A bunch of PWAs (arguably the future of android apps) also require Chrome.
Moreover I use Chrome to sync my Google account, including passwords (which I can't live without) and browsing history.
This is an excellent point. There is absolutely no way a browser which loads and executes ad-loading and tracking script can be possibly be faster than one that doesn't.
Yeah, even with all the speed increases from the rewrite, Firefox still feels awkward and slow at times when compared to Safari and Chrome. Every time I decide to try and switch over from Safari, I get pages where scroll performance is a lot slower than what I'm used to and then I get bothered by it and switch back.
It annoys me because I really want to use it. I'm very happy that we have it and I hope that the wider community will hold Mozilla to account every time they try something shady to protect the best free and open browser we have. If we lose Firefox, we lose the Internet to corporations.
Note that the WebRender can only be enabled in the Firefox Nightly channel. To confirm that it's working, flip the pref, restart Firefox Nightly, and then search for "WebRender" in about:support.
WebRender does work on macOS (and Android and maybe Linux), but Mozilla is prioritizing a Windows MVP first (because something like 90% of Firefox users are on Windows). Work on macOS, Linux, and Android will then resume.
> I'm very happy that we have it and I hope that the wider community will hold Mozilla to account every time they try something shady to protect the best free and open browser we have. If we lose Firefox, we lose the Internet to corporations.
Yet how long will we have it if everyone keeps using excuses to continue using Chrome?
I find it rather odd that Googling "uBlock Origin" from Firefox does not return links to addons.mozilla.org - at all. The top result is of course the Chrome addon. The third result is the website for "uBlock" which is the unmaintained fork. Three pages in and you're getting dubious-looking repackaging sites, but no official addon.
>Can we finally say that DDG is better for some searches than Google?
I think we're close. For some things, it's still not the best but instead of going to <insert another search engine here>, I try to modify my query to scope to what I'm looking for.
In a crude example, if I'm looking for the "LoadCrashDump" method,, which is specific to ClrMD[0], I can simply construct my query as "ClrMD: LoadCrashDump".
I had to go to the last page and click "repeat the search with the omitted results included" to make it show up at all. After doing that it was the third result.
Yep, made the switch to Firefox with DuckDuckGo little less than a year ago. It was surprisingly fast to get used to and I haven't been more at ease since. I highly recommend trying this out for at least 1 week for everyone out here!
With the news that Edge would switch to chromium, Firefox is really the only thing preventing a complete web browser monoculture. Support Firefox if you can!
Thanks for the reminder. I try to give a little to Mozilla and Wikipedia on a regular basis. So far they are living proof that there is a way to make this whole mess work at a high standard of quality without resorting to the advertising model, which seems to become more heinous by the day.
Please everyone help the other options survive, even if you don't personally like them or use them. There is no way legislators are ever going to catch up on their technical knowledge enough to manage even the most blatant monopoly. Who am I kidding, they wouldn't care anyway. Somebody has to get in there to offer competition and keep things honest. Having options improves all of the options.
I use Safari as my preferred browser and I'm really happy with it, it's become a lot faster with each update, noticeably so. But I don't trust Apple any more than I trust Google to fight for a free Internet. We need an open browser.
Yes, they have to comply with NSLs. Difference though is the level of data they harvest on you. Google's business model requires they harvest as much as possible and in a way they ensure they can read it. Further, the bigger risk to most users is not NSL's, it's having some dodgy ad-corp buy your data and sell it to even dodgier companies.
And banks and insurances for credit ratings. And for screening companies, that are contracted to evaluate your job application on basis of your purchases, locations and so on
Safari will survive since Apple is their patron. Obviously Internet Explorer is only a lumbering undead husk at this point, and it's pretty shameful that it's still outgunning Firefox by a small amount. Even more sad that it's got over twice as many users as Edge, lol.
I work for a website with around 1.2 billion annual pageviews. Mobile Safari is about 55%, Chrome (mobile & desktop) 35% and everything else gets the leftovers. Samsung browser is growing fast while IE, Edge, macOS Safari and Firefox are rounding errors.
Kindle browser does better than IE. It’s amazing how far and hard it's fallen.
These numbers do not appear to include mobile browsers. Mobile browsers are just as important as desktop browsers these days, because a lot of people use them as much or more than they use desktop browsers.
If you include mobile browsers, Safari's market share is closer to 17%, which makes it the #2 most popular:
This is fantastic, actually. It flies in the face of end users, and there will be blow back.
Power users won't stand for this sort of thing and will switch to Firefox. Firefox, in turn, will gain greater development mindshare.
In aggregate, these privacy and "ads above all" stories will continue to taint the Google brand. Many of my layperson friends are starting to worry about their privacy when using Google products--it's a good thing!
I use FireFox full time, but I think it's inferior to Chrome. It's uglier, slower and clunkier. I use it because although I'm more than happy to hand a lot of my digital life over to Google (and I'm really not a zealot about this), the ability to observe every single web site I visit ever and every interaction I have with those sites is just a bridge too far.
Prior to 60x I would agree, but nowadays I personally prefer the look and feel of FireFox. I haven't noticed any real clunkiness outside of Google sites like Gmail either. Chrome might still be smoother, but I haven't used it in over a year now, and I don't miss it. That's the key part for me, FF works well enough that I don't feel like I'm settling.
And I completely agree with you regarding ideological reasons to use FF. You don't have to be a zealot to value your privacy.
You can block the network calls to ad networks on the OS level by intercepting the DNS requests. That's a lot cruder and less flexible than the fine grained control over the DOM provided by a browser-based ad blocker though. If DNS level ad blockers became prevalent websites would also move to circumvent them, which would be a lot easier than with browser-based ad blockers.
It's better to just not let a browser that's user hostile enough to prevent ad blocking win a browser war.
That doesn't get you close to what umatrix offers.
I can throw facebook's servers into my hosts file, but what if I want to permit connections to facebook servers if and only if I am on facebook.com? uMatrix makes that trivial.
That can only do blocking at a coarse dns level. The browser extensions do a lot more. If you want to do everything at the OS layer without browser extensions, you'll have to MITM your ssl connections by trusting your CA and set up a parallel engine that does what extensions do right now.
I worry that Mozilla will copy the API changes ("for compatibility!") and disable ublock on Firefox too, as Mozilla gets most of their funding from advertising companies too.
If the new API get's ported (which is likely to happen), it does not mean the existing API will get crippled. After all, they are different implementations and it's Mozilla who's behind that. I trust them to not deprecate the old API until all use cases, especially concerning privacy, are taken care of in the appropriate way.
I really want to like Firefox, but it has basic bugs that make it unusable for me. E.g. waking up macOS from sleep, or switching between two active users in macOS stalls Firefox regularly and requires restarting it.
To defend Google a bit, it looks like the change is being put in place so that users would have more privacy – by stopping extensions accessing all active URLs.
In essence they are copying what Apple did with Safari and their content blocking APIs. In this model, content blockers provide the browser with a set of blocking rules and the browser executes them against pages during render & load. Ad blocking can occur and privacy of what the user is viewing is retained.
Sure it's more restrictive and yes will likely break existing adblockers, but it's probably a better model for the future.
There will be arguments that you "can't do what is necessary" to create effective adblockers. That's incorrect.... I've created such an adblocker [1] using the Safari methods and its efficient, effective and high performance – including loading some sites 2x faster.
So Google is going to help me have more privacy by preventing me from letting extensions I want to run from having access to data I want that extension to have, so it can do a job I want it to do. Meanwhile, Google's software will of course have full access to everything I do online, and most of my data will live on Google servers. And the extension that I want to have access is also downloaded from Google servers. And the extension is open source, so I can totally check it for problems, or believe people I trust who vouch for it. Of course, I can't do that with any of the code on Google's servers, where basically everything I do all day, everything I read, everything I search for, and all my emails and documents are.
I used to vouch for AdBlockPlus, sometimes extensions change for the worse. They can he hijacked too. HN readers are a small subset of Chrome users. There are many malicious pages out there that attempt to get you to install malicious extensions and the average user will blindly listen. Most people will not check the source, or even reviews.
Yep, when chrome started forcing "logins" to the browser whenever you log in to their services, I knew it was time for me to stop relying on Google's browser.
I used to like 'other thing', and one time 'other thing' changed.
It went bad so therefore 'thing you are talking about' could go bad too.
Other unrelated grouping is a small part of bigger, more important grouping.
There are many bad places that try to do many bad things and bigger, more important grouping will listen.
Therefore, existing and functional solution that is currently being broken here is irrelevant.
Do you even hear the completely irrelevant cynicism? let's all go jump off a building.
Gmail users let third parties access their data, i.e., their e-mails. We should not blame Google if Gmail users can decide whether a third party can access their e-mails.
Well too bad, because there were news articles shared all over the place and crazy outrage. People were calling for fines or for Google to be broken up.
Or look at flashlight apps that steal your text messages. People shout and scream that Android shouldn't permit this or that Google shouldn't have them on the Play store. But pull a lever to make these things harder and suddenly it is about freedom and how Fdroid is the only good store.
While we're at it, we should require every $20 bill a person has to be attached to their belt with a long rubber band. That way they can pull the rubber band and get their $20 back, since apparently it's necessary to protect people from randomly handing out their $20 bills.
Do you need to shill your product every gosh darn time this comes up?
NO, your product is not a good replacement.
You do not have custom rules, you can not block annoying elements, no it is not faster than Ublock and no, it is not even close to the feature set of Umatrix.
And you can not do these things, because your product basically ships an ad-blocking list, and is not a fully featured ad blocker that gives control to the user over what to block.
You have just added white lists of websites. As Beta. For Pro subscribers.
That doesn't even remotely compare to the permission feature set - in the hand of the USER - of UMatrix or Ublock.
Your Adblocker would not even be functional for someone visiting non-English pages.
YOUR extension will be caught by anti-adblocking scripts all the time.
Please stop. Every time this comes up you post the same thing.
Stop deceiving people.
You CAN NOT build an equivalent product with the Apple API, and you have certainly not done. No Matter how often you claim this!
By the way, Ublock, a product vastly superior to yours, is free.
It doesn't actually provide any privacy at all, it simply removes the possiblity to block and leaves the events to be observable.
> In Manifest V3, we will strive to limit the blocking version
> of webRequest, potentially removing blocking options from most
> events (**making them observational only**)
This change is clearly targeting aggressive ad-blockers that are too dangerous, too capable to circumvent via anti-adblocking technologies.
And Safari's content blocking is a piece of shit that's too limited and that's easily circumvented. It's in fact the weakest adblocking capability around and doesn't pose a threat to publishers.
If I want privacy from an extension, I don't install it. I can't do that realistically with a website as I need to visit it to determine whether it violates my privacy.
Running an extension is running code I trust (mostly). Visiting a website is running code I (inherently) don't trust. Many websites even have no idea which code they run on my machine (advertizing networks).
How do you respond to the comment (#23) from the author of uBlock Origin & uMatrix describing the filtering capabilities that will be lost under the proposed declarativeNetRequest API?
Many similar concerns were raised when the Safari API changed, in this case some of the specific limitations and concerns re the declarativeNetRequest approach may be valid – if so, I'd hope that the Chromium team take them on board and improve.
I think the concern re the 30,000 rule limit is misguided. Many of these adblock rule lists are extremely inefficient and should probably be pruned to have less rules.
Extremely good and effective adblocking across most websites can be achieved with significantly less rules.
I personally use an adblocker not only to block ads, but also to block literally everything I don't like. In most websites, this means the social buttons, the comments section, all search functionality, anything in the header or navigation I won't click, related articles, top articles, other recommended articles, footers, links to privacy policies, parts of bylines that I don't care about, header images when I don't like them, posts in certain categories that I don't like, etc. I use filters to, for instance, block Slack links containing domains I know I'm not going to click. I have over 3,000 rules. I wrote the rules myself to be maximally specific and I am not confident that I could prune the list significantly, although I guess it's possible.
It would not surprise me if ad lists are substantially longer, because they have to incorporate the entire internet, not just the 0.001% of it that I visit.
I support the goals of efficiency and performance, and think developers should take those goals seriously, but I object when a browser places a hard cap on anything, because the number that cap should be at differs by use case and by user.
That’s actually not possible on iOS. The content blocking framework only allows a third party ad blocker to submit a JSON file to the system and the rules are processed by Safari.
If you are referring to the quote below, that applies to the Mac version. The iOS version uses a share sheet extension that uses an out of process extension where you have to explicitly share the link you want to block.
Safari warns me that 1Blocker Menu has access to webpage content, why?
We use this permission in order to get information about current tab's domain when you select whitelist option. Sadly, there's no technical way to request just this functionality from the system, so we have to request full access to webpage content (which may include your sensitive information). However, we understand how important this data is and only use the domain. We do not transmit or process your data in any other way. Feel free to disable 1Blocker Menu if you don't like this (you'll still be able to block content).
> Sadly, there's no technical way to request just this functionality from the system, so we have to request full access to webpage content (which may include your sensitive information)
is incorrect. They could use a share extension on the Mac as well (which we do for our adblocker app) which would give them access to the URL when the share extension is accessed but not give full access to the web page content.
> Extremely good and effective adblocking across most websites can be achieved with significantly less rules
Both uBlock and uMatrix can be used without any filter lists, simply using a default-deny ruleset approach, optional in uBO[1], main feature of uMatrix.
However, this approach requires a entirely different matching algorithm than the one matching algorithm picked by the declarativeNetRequest API.
So is your proposal to impose an arbitrary rule on the maximum number of rules and simply have less efficient blocking (with regards to privacy and actual blocking, not performance) until some indefinite point in the future when someone will have potentially produced an equally efficient set of rules satisfying the arbitrary rule?
If you are planning on providing the functionality in the future please refrain from deprecating the existing mechanism until your replacement is fully complete.
Early access may fly on Steam but in the real world your careless management of the refactoring process is wasting the time of your peers.
Your definition of privacy is misplaced, one extension can get more information about an user from having access to facebook.com, google.com, gmail.com and twitter.com than all the other sites combined; and I'm pretty sure Google know this so this change -and whatever Apple is doing- has clearly other goals in mind.
A question: Would this proposed change mean all Chrome extensions can no longer know what URL I am currently visiting? if so, I guess one company (whose name starts with a S) is gonna be dreading this.
In this case it's clear google doesn't give a damn about the bathwater, it just wants that baby dead. Anybody claiming that google is doing this to protect privacy is either uninformed or deluded.
>Sure it's more restrictive and yes will likely break existing adblockers, but it's probably a better model for the future.
A good example why "secure system" is, in a longer run, a system with low usability, and little control by the user/owner.
Right now we have ability to block URLs according to any rules, without being limited to whatever the browser author conceived. Perhaps we want to block some URLs based on context, or on content of previous communication, or whatever. Or perhaps pseudo-randomly, to emulate certain problems with the network.
Switching to "more secure" approach limits us to "one true way", and precludes any smart hack we may come up in the future.
It doesn't help that the change feels like attempt to squeeze out grassroots adblockers, and force people to, at best, use the ABP, which allows ad publishers to buy their way around blocks, and onto users' screens.
If uBlock becomes ineffective, I fully expect ABP to be even more aggressive with monetizing access to users' screens.
Which is why I'm all the more disappointed that Mozilla is unable to resist the siren's call either, what with the Looking Glass decision and their tendency to deprecate UX functionality with no replacement (like custom keyboard shortcuts).
Super Metroid in 1992 had customizable keys. Mozilla gets $500 million a year and can't even keep a feature it had 3 years ago. I shouldn't be disappointed about failure to get basic things right, when they're suppose to be the great bulwark against those who wish to control your machine?
In Firefox I really miss the ability to tab-search from the address bar in site-specific search engines. I.e. in order to search for something on Amazon: type "amaz", tab, then type a search term. I didn't find any extensions for Firefox that would provide this feature.
The "system wide adblock" on iOS has the same restrictions as this new Chrome extension system. It does not support the extension API that uBlock Origin uses.
Not versed in the technical details but 1Blocker X for iOS Safari has prevented practically 99.9% of all ads I used to see in an unmodded Android Chrome before. I've only seen 2 websites have some form of ads in the last 14 months.
There's still a feature of Chrome that keeps me from switching - Chrome will show a lot more tabs open. I tend to leave a lot of inactive tabs to come back to later, but that means I need to see them all.
Install Tree Style Tab on Firefox. Moves tabs to a tree on the left. You can see a lot more, and better organized too. In the era of landscape screens, I think it's a must.
I am curious, what do you not like about the Firefox UI? I honestly could go back to like Firefox 3.5 and still be fine with it. I prefer the UI of the debug tools in Firefox over Chrome as well.
That's an interesting comment considering how Chrome has recently changed its UI to look more like Firefox to the point I often mistake people for running Firefox when they are actually running Chrome.
What about the UI don't you like? I've heard this complaint before, but the two appear pretty similar to me, at least to the point that I never considered one more appealing than the other.
I just opened both browsers and it's pretty hard to really see much of difference in UI. If anything, Chrome's UI is slightly more basic. But the icons, positions of menus, etc are almost identical.
Not the person you're responding to, but no. Until uMatrix actually breaks for me, I'm not switching to Firefox.
Switching is a pain, and I don't like Firefox's UI/UX. I'd switch if they did this because I value the extension very highly, but I wouldn't be happy about it.
Maybe I'm not as critical about the UI, but I have both browsers open at the same time so I took a second to compare them.
Both browsers have a row of tabs. Below that is a second row. The left most set of buttons is navigation (back, forward, refresh, etc), then the address bar, then on the very right of the row is a set of buttons for extensions, settings, etc. The remaining portion of the window is the webpage. I'm just not seeing many differences. The view of recently downloads is different, but nothing that bothers me from either one.
I also just compared how both browsers displayed HN main page. Slight differences in color of orange and font weight, but only noticeable if comparing both directly (and besides devs, who does that?).
So I guess I'm asking what about the UI/UX is bothering you. I'm almost hesitant to ask because I'm sure if you point something out that bugs me, I'll never un-see it.
Firefox doesn't deal with touchscreen and touchpad gestures very well. Take, for instance, the two-finger pinch-zoom-in gesture. Chrom(ium), Opera, Edge, Safari etc. all smoothly and instantaneously magnify the area where the mouse is. Firefox, on the other hand, reflows the entire page with each zoom (as the other browsers do when you do a ctrl +/- zoom), which is inconsistent with how we're used to interacting with touchscreen devices, in addition to being quite laggy on a reasonably modern laptop and tending to undershoot or overshoot the desired zoom level. This zoom behavior is also a lot less useful for looking at a particular item on the page, since the reflow-zoom doesn't seem to depend on mouse position on any way (so any element not at the center of the screen will no longer be visible past a certain zoom level, no matter where you put the mouse pointer when zooming in), which makes using it a lot more frustrating on smaller monitors.
I do not own a touch screen device that is not a mobile device, so I have not experienced that. I also realize that my comments only related to the UI portion, not taking into account how responsiveness (or lack of) affects the UX portion.
I am a firefox user but will switch to chrome when using google maps. Simply because using maps on firefox on my windows tablet sucks, but its a breeze in chrome.
Otherwise I completely avoid chrome because of the privacy issues, and because firefox has 'containers' and is a little snappier.
On the surface they're quite similar, I agree. I won't pretend that Firefox has some whole separate UX decision process that's ruining it for me. It is, like all decisions between similar products, a matter of my own pet nit.
I dislike Firefox's zooming behavior. I have to zoom into websites because I have poor vision. Chrome's zoom behavior has been extremely natural for me, and easy to adjust to. When I used Firefox I attempted to use 'vanilla' as well as an extension that aimed to improve the zooming behavior by separating scale of text from scale of other elements, etc.
I was unable to find a solution that worked for me. I hated using the extension, which itself had a pretty bad UX, and I couldn't get preferences to save properly for individual webpages.
I can't use a browser with poor zooming behavior, I rely on it too much. As I write this I am zoomed in 250% in Chrome, for example.
Those pet-bugs or pet-nits are, in my opinion, the huge thing that keeps people from moving (alongside the perceived friction of moving data over). I wouldn't read too much into mine.
> When I used Firefox I attempted to use 'vanilla' as well as an extension that aimed to improve the zooming behavior by separating scale of text from scale of other elements, etc.
Your reply resounded with me a little. I agree with the person you replied to, I don't like the UI/UX.
I think it's the 'second level' of UI stuff - menu's behind buttons, settings pages, things like that. I think Chrome does a good job balancing 'advanced user' and 'basic user' stuff. Firefox feels a little too 'dumbed down' for me.
I'm honestly trying hard to put a fine point on it, but it a lot of it just feels 'off'. I'd love a very minimal-design, maximum function look into it.
I was going to add a stipulation about the about:settings type stuff being different and what not, but chose not to originally. My thinking was how often are you in settings that it's a problem? I'm not a browser power user, so I only go in to the settings usually after reading something here. I set it, and forget it. Maybe 30 seconds?
As far as dev stuff, I'm really only familiar with Firefox after Firebug was rolled into the browser so that it is similar to Chrome with a Cmd-Option-i key press. I hear people stating that the dev tools are still very different. All I really ever use it for is seeing how the DOM is changing in the inspector, looking for output in the console, and see what files are doing (404,200,500, params/response, and CSS values type of stuff. Both browsers do what I need in a way that I can't tell the difference.
It's almost entirely the more in-depth stuff. For example, differences I find annoying include seeing raw ajax values, re-runnning those queries, and how Chrome can't select individual log levels to view in the console.
On top of that, various parts of Firebug's console UI was better than either one's current console, mainly in how it displayed data.
I felt like this as well when I was still using Chrome for everything (I switched when Firefox launched Quantum). For me it simply turned out that after getting used to Firefox (again) I had no problems at all with the UI. Chrome felt better before the switch because I was used to it.
> I also just compared how both browsers displayed HN main page. Slight differences in color of orange and font weight, but only noticeable if comparing both directly (and besides devs, who does that?).
So on the color thing, one of our designers noticed and I looked into it. Turned out to be an open bug report for Chrome(ium? I forget) where it's using the wrong color profile for css, and resulted in images not matching borders and backgrounds.
I found that I actually like the UI in firefox after customizing it. For me it may have been easy because I use sway (i3 clone on wayland -- clone is the best, it is actually more / better than i3). But it really ended up looking nice[0]. I found I could customize more things that I could on chrome, including the start page.
In any case, if you don't switch, I urge you to give it 15 mins and tinker with the ui config and a home page config. You can rid your self of alot of weird chrome bits that I think most find ugly and make it look smooth.
Further more, you can set up your own sync server and sync all your stuff to a safe spot.
I actually don't switch to Firefox because I'm on i3. I fell in love with surf-like browsing, and am able to somewhat get the same result with chrome in --app mode. There is however no way (to my knowledge) to get tab-less full-window browsing in Firefox.
edit: I just installed the tab-less extension, edited my userChrome.css, and I'm really happy with the results. I'm going to give Firefox a go from now on!
I don't have a screenshot right now, but it's just as you might expect, the whole tab line is removed (the nav bar line with menus comes to the top instead). [This post](https://www.reddit.com/r/firefox/comments/736cji/how_to_hide...) talks about doing the same thing in the context of tree-style tabs. Good luck!
There's also Brave and Kiwi browser if they disable/limit this api in their extensions there's no stopping Chromium-based browsers from implementing them natively outside of extensions.
On the Mac, Safari is far more power efficient. With each update I notice Firefox is using more and more ram too. Also good luck finding out which tab is causing problems.
Last time I did a DOM benchmark Chrome still beat it by a significant margin. Also, only personal experience, but Chrome seems way more responsive with multiple tabs open than Firefox.
One annoying thing is that current versions of Firefox seem to rely on disk I/O too much, so if it's busy, you can't really do anything (switching or creating new tabs is greeted by spinning loading circle that takes a long time to happen).
IIRC, the complaints I've read online are along the lines of: Mozilla ran a Mr Robot ad campaign with browser integration, partnered with an ad company for some research in a seemingly-sneaky way, made their CEO resign (now the CEO of Brave) because he donated personal money to an anti-gay marriage lobby effort, forced pocket integration for ad revenue purposes, and they deprecated their extension api which broke most extensions that did not get updated.
I'm not saying anything in favour of or against these decisions, they're just what I remember reading people complain about over the last year.
Firefox UI feels like it was left behind. When I open up Firefox I feel like I've stepped into last decade. I realize this is just a personal opinion but it's strong enough to keep me from using FF. I was also super irritated with their default tab that shows all of the links you visited. I prefer my porn not showing every time I open a new tab. Features like this one, even if easy to disable should be opt in, not opt out. Any company that enables an opt out feature by default will get the boot unless no alternative exists. I know, it's harsh, but I vote with my usage and with my money.
I'd recommend giving Brave a try if you haven't already.
It's built on top of Chromium so has the same UI/UX as Chrome, including dev tools. And it does ad blocking out of the box, no need for an extension even.
Threats are useful for shaping behavior. Disengaging with someone because they suggested something you disagree with can be good for shaping behavior, but it's really pretty extremist.
Other browsers won't prevent you from any of these things. Some browsers are on par with Chrome when it comes to speed and extensibility (plugins and such).
I have written this a few times here already, I can repeat it again: Firefox wiped their extension store semi-recently and the long tail didn't recover yet. I actually just checked my usual roster and it is better than last time but not yet.
Nope, not as long as Firefox randomly paints text boxes black (a bug report that is now old enough to vote) and hard refresh doesn't work. I expect to be able to do work on my browser, and Firefox just gets in the way.
Linux, when you have a dark desktop theme, Firefox changes the default and background colors of websites to match, often resulting in black text on black background.
It's infuriating, and the devs say they wont fix it because they expect websites to stop using custom color schemes and respect user desktop themes instead.
Yes, but also less so every day. Google has already figured out that they should serve Youtube ads and content from the same servers to limit the ability of DNS based ad filtering.
DNS filtering is a cat-and-mouse game that DNS filtering tools will eventually lose. Don't get me wrong, I love Pihole and have used it for a while, but I know that I'm on the losing side of this battle.
DNS filtering has been on the "losing side" for a few decades now. As long as more than 0.1% of people don't use it, it's not worth solving for most ad companies. Even if places like YouTube DO find ways to stuff ads into my face (likely at great technical and operational expense to them), I make it a point to NEVER EVER buy anything advertised, search for any of it, etc. Because they know so little about me (I go out of my way to block as much telemetry and data sharing as possible), their ads aren't very relevant to me anyway, so they're literally just wasting money serving me an ad, trying to pressure me into paying for their premium service. Instead, I just get annoyed if there are too many ads and find something else to do. It would probably serve them better to just realize that some users won't ever convert, and stop wasting time serving them ads.
So you're getting down voted, but I totally agree. I too used to disable javascript using NoScript every where until it was a site that I was okay with. I played the game of only allowing javascript from the same domain, and then looking at the remaining scripts the site wanted to request. CDNs for jQuery, FontAwesome, etc, started to get whitelisted. Anything else, nope. If the site didn't work after that, then the tab was closed. After allowing NoScript to run javascript, I would then lean on uBlock to block the trackers etc that were loaded by anything I missed. It's amazing how difficult surfing the web like this was.
They're not a charity, but their business model is based on ads and they rely on the network effect to support that model. People who can't see anything at all will immediately defect. No revenue at all from the moment that policy is implemented, plus significant risk that enough will leave to weaken the network effect. People who are forced to watch ads with their content will grumble, some of them might eventually defect, but for the most part they will stay and continue generating revenue. Less immediate impact to the bottom line, and hardly any risk of undermining the network effect.
The "just go away" approach is proving suicidal for online newspapers and magazines. It would be no less so for YouTube. Their content is neither compelling enough nor exclusive enough for that to work.
How could YouTube know you won't ever convert beforehand, and at scale? If they started blocking users for suspicion of not buying anything from ads they would have to block a sizeable portion of their traffic and that would have a negative impact on their company.
Privoxy (and Proxomitron before it) were doing it 20 years ago, but never caught on because they're a PITA to setup and can't handle inline adverts. Pi-hole is new, but it's even more work to setup, and suffers the same limitations.
And as ad-blocking has become more popular the problems only gotten worse. It's unusual that I see any ads any more, but when I do it's always in an inline div or span with a "random" id or class name, essentially invisible to pi-hole.
I still use Proxomitron. It's as powerful as the filters you write for it, works across all browsers (including the "hidden" ones embedded in apps and such), and the community has made patches that let you MITM TLS as well using OpenSSL (although the certificate setup needs a bit of planning and understanding.)
The only downside is that its filtering language is regex-like, so basically the equivalent of "two netcats and a sed". I've contemplated writing a filter proxy that would parse HTML into a DOM, run filtering on that tree-structured representation using something XPath or XSLT-ish, and then reserialise the modified HTML to send to browsers, but never had the time to. I suspect performance wouldn't be great with such a setup, although with MITM TLS it's already doing a double-encrypt-decrypt and I don't find that slowing me down noticeably.
Why doesn't it? (Not a leading question, I just don't understand why it doesn't) Isn't the way uBlock and the like work is that they see network requests from a blacklist and not load those resources? Isn't network level blocking just moving that from the local device up a level?
They do (well partly), but with network level blocking you end up with broken DOM elements (like images, videos, etc.) The good think about the browser extensions is that they clean up the DOM and in many cases you wouldn't even know if the pages had ads.
Then there's also Javascript trickery loaded with the page that do hostile things if ad servers aren't reachable, and extensions know how to detect and replace them.
I think the closer the blocker is to the user, the higher the fidelity of the blocking.
A browser extension has access to the actual requests, while all a network level blocker has is the Server header of a TLS packet at best, just an IP with SNI encryption at worst. That's why PiHole works as a DNS proxy by only properly responding to non-blacklisted hosts with a proper DNS response, but even this might be useless in some cases due to "domain fronting".
A PiHole only sees the DNS request, which works fine if ads are served from a separate hostname like ads.mydomain.com. But if they're served from the same sub-domain and simply have a different URL (ie, mydomain.com/ads/[...]), then the PiHole won't block it. uBlock/ABP will, because they can filter on entire URLs, not just the domain.
uBlock (and AdBlock Plus) can access and prune/block individual DOM elements, and even has a built-in tool (the eye dropper icon) to select and block them. I think they call it "cosmetic filters". It's also available in the right-click context menu under "Block element".
I don't know exactly how it works under the hood, though. If I block a div with text in it, I know the div is still downloaded, just not displayed. I don't know what happens in more complicated cases, like if I block a div that contains an img tag. I think it's smart enough to prune the img tag before the browser downloads it, but IDK for sure.
I vaguely recall Privoxy having some kind of content filtering, but when I tried it, it wasn't html/css/javascript aware, and only did regex based replacement.
I guess I am missing something. I have a Pi-Hole setup at both home and office that serve as the only DNS for the entire network at both locations. I don't see ads, affiliate links don't resolve, and tracking/monitoring services don't capture my traffic.
My experience has been that it took about 30 minutes to setup and I don't see ads on the internet, nor do my family or team.
I can’t speak for pi-hole, but Diversion on Asuswrt-Merlin works fantastic for me. No ads ever except for YouTube ads lately due to google’s changes to how they serve ads from the same servers they provide services on.
There's a huge difference between "doesn't work very well" and "works perfectly except for one really sneaky ad company, sometimes". How does ublock origin cover scripts and ads for my entire network? Did you even look at what I'm talking about before making such general statements? My router blocks hundreds of thousands of incidents per week, and there are only two people in my household. One can't use a browser plugin on android tv, Apple TV, smart tv, and a million other devices. By your own logic, ublock origin doesn't work very well. See what I mean?
Pi-hole and similar solutions are crude compared to uMatrix. I wish that weren't the case. If we didn't have to rely on browser extensions for fine-grained control then alternative browsers like qutebrowser could become more than just toys.
One of my concerns is that DNS over HTTP(s) is really just a way to obfuscate DNS queries from the oversight of network level ad blockers like Pi Hole, AdBloka et al.
You might've noticed most of the new Internet protocols Google is championing move to pushing things through HTTPS where they cannot be intercepted and provide a guaranteed tunnel between the servers (statistically speaking, Google), and the browser (also, statistically speaking, Google). I would never go so far as to speculate why, but it does appear Google is heavily focused on this.
Of course, but my concern is that DoH makes it easier for apps (Chrome, etc) to handle their own DNS queries internally rather than relying on the device's network libraries.
MiTM intercepting HTTP(s) traffic on my Android devices is really difficult due to certificate pinning. The only way to quantify how many unexpected requests apps are making was to watch DNS traffic. If, one day, these apps just make a single DNS request to Google's DoH host then encrypt all their traffic from there onwards, I'd have no insight into what's going on in my own device.
I have a Pi-hole and use uBlock; when I turn off uBlock and use the Pi-hole alone, a ton of ads still seem to come through. This is with the default blocklists (StevenBlack, MalwareDomains, sysctl.org, zeustracker.abuse.ch; about 8 total). Maybe I'm not adding enough lists, but "out of the box" it doesn't seem to cut it.
You may have a secondary DNS. Sometimes that isn't even intentional as ISP modems automatically upstream failed DNS regardless of the local DHCP settings (I'm looking at you AT&T Fiber)
The new trend to slip through is hiding behind cloudflare. I see cloudflare urls being loaded within cloudflare URLs to obfuscate the source of ads and scripts
So this only blocks/matches known domains? That isn't nearly as useful as to what uMatrix/uBlock allow, such as filtering by resource type. E.g. you may want to disable all JS by default, which uBlock allows.
Using uBlock in Chrome is like asking a bank robber to guard an open vault. Sure, they’re smart enough not to steal anything, but they’ll case the joint the entire time and you’ll never sleep well again.
I highly suggest looking into Opera. It is also based on Chromium and therefore backwards compatible with extensions, bookmarks, etc. I switched around 6 months ago and haven't looked back since! They have built in VPN, adblocker, Turbo, screenshot, news, and more! Been really happy with it so far.
Opera is now owned by a Chinese consortium and quite possibly embeds spyware. Check out Brave, instead, which is founded by the inventor of Javascript and extremely privacy-focused.
Saying something quite possibly embeds spyware can be true for almost any company or software. Is there anything specific about the companies that purchased Opera that leaves you with doubts?
I feel like "open source" has become a cheap way to earn trust. Very few people are able to understand code, even fewer actually comb through all the code and fewer still are able to find and decrypt obfuscated code, especially on large repositories. If someone really wants to hide something, publishing under open source isn't going to make a difference. Essentially, whatever you use, there's going to be some degree of trust you must instill to the company and its developers that they will protect and respect your data.
"In Manifest V3, we want activeTab-style host permissions to be the default, with a number of extra options. Instead of being granted access to all URLs on installation, extensions will be unable to request <all_urls>, and instead the user can choose to invoke the extension on certain websites, like they would with activeTab. Additional settings will be available to the user post-installation, to allow them to tweak behavior if they so desire."
--- https://docs.google.com/document/d/1nPu6Wy4LWR66EFLeYInl3Nzz...
Yikes! I'm one of the maintainers of the Remote Browser open source project [1]. It's a cross-browser compatible automation framework which heavily leverages the power of vanilla JavaScript and the Web Extensions API to offer features comparable to those of Selenium (without the legacy cruft). Removing the ability for extensions to interact with arbitrary pages would effectively break Remote Browser's compatibility with Chromium/Chrome overnight. I have a feeling that there are a staggering number of interesting extensions that will break due to the various V3 manifest changes. Hopefully the outrage over uBlock Origin will push Google to reevaluate this decision.
I don't understand the technical details of this - could someone explain it to an idiot?
- Is the change specifically to block ad blockers, or uBlock specifically? Or is it just a new extension API?
- Could ad blockers adapt to the new version to work again?
I am reminded of the new version of (Mac) Safari, which features a new extensions API. It took a while for them to appear but there are now good ad blocking extensions again, like AdGuard for Safari.
From what I understand, there are currently events which gave you the ability to inspect, and also cancel a request if you want. This allows you to do things like cancel a request if it's trying to download a big video file.
But Google wants to remove the ability to cancel a request through the events, and they want to replace that with declarativeNetRequest[1]. If you look at the link, in the Rules section, it seems to be simple, kinda hardcoded (but configurable) filters.
You can also see there's a limit of only 30,000 rules[2], which is not enough for EasyList[3] (example used in the tracker), which seems to have ~74,000 rules.
This is not targeted to ad blockers specifically. It's a change that makes blocking requests less flexible. For example, uBlock and uMatrix rules can be overridden by more specific rules, something that declarativeNetRequest can't do.
>This is not targeted to ad blockers specifically.
At superficial inspection it's not obviously targeted at ad blockers. It might still be. Most of google's revenue comes from advertising, fighting against ad blockers wouldn't be unexpected for them.
The fact that they are leaving in the functionality to view/record/forward anything you visit makes it clear to me that the target is adblockers. Removing solely the ability to cancel a preflight request is, er, pretty specific.
I would defer to someone more knowledgeable, but here's my take:
1. Google is proposing to limit the API uBlock Origin uses, and replace it with a less capable one.
2. Google also plans to put artificial limits on the new API (30,000 rules or something), which will make it even more difficult to make an effective ad blocker. That's not even enough to implement current blocklists.
3. The new API is inflexible, so it will be difficult to impossible to create innovative ad blockers in the future.
Not to mention, once adtech gets the carrot dangling in front of them they will all overload their code with a ton more variations to escape the broad net of the top 30,000 rules. Which means the worst actors would be the ones most likely to escape filtering.
ghacks does a great job of explaining this (saw it first here).
Paraphrasing the article: Basically, they are limiting filters (used by ad-blockers) to 30k. Lots of blocking lists use more than 30k.
This is part of (possible) removal of blocking options from the webRequest API and the (possible) move to declarativeNetRequest to handle blocking requests.
The problem is with the limit on the number of filters. On desktop Firefox I have ~120,000 network filters active on uBlock. Safari on iOS limits the number of filters an adblocker can have active to 50,000 and Google are proposing limiting it to 30,000 on Chrome.
On iOS and macOS, blockers can have more filters than this "limit" by simply exposing more than one list, since the quota is per-list. I think AdGuard exposes four, for example.
Is there something special that needs to be done to configure it? Every time I go over 50,000 I get a red warning at the bottom of the AdGuard filters setting screen telling me that I'm over the limit.
1Blocker for iOS and Mac works around this limitation by segmenting it's blocker list into categories, and each category is a separate blocker extension but they are all shipped together in the same app.
This way they can have pretty much as many multiples of 50,000 rules as they need.
Used to love google, for many many years. Slowly starting to despise them, though.
It's different for everyone, but for me it started with this gmail redesign that made the product so slow it's almost worthless to me. And worst of all is I feel like there isn't even a good competing service to switch to.
I think for most people, their image of Google was formed when gmail was released. Most mail providers offered mailboxes 10MB in size and Google upends all of that offering "free" mailboxes 1000MB. Respect for their command of technology formed with every product.
Then people started to realize Google only introduces products that collect data in a new way from its other products. If it can't survive that test then it doesn't exist. Ugh.
I blame the CEO. Is it a coincidence that all the best Google products peaked in 2012-2016?
They literally removed the don't be evil motto as the reason for their conduct.
People will say that they still have, but that's just a stupid line at the end. They used to have a whole preface dedicated to it and have the code of conduct based around it.
I switched to protonmail a few months back, and have been very happy with the service. They focus on privacy and security as a core value. They have a limited free account (limited in terms of storage space and message volume), so not a direct replacement for gmail. I use the paid service for more storage and a custom domain.
Yes, love it. The paid service is $5/m and you can use a custom domain and create 5 email aliases. Also, I think, ProtonVPN comes with that package (not using that yet, but will)
The comments in the linked thread don't really go into why this change was made, but I think Google deserves the benefit of the doubt that the proposal was made in an effort to improve other aspects of the browser (speed or maintainability, for example)
Quad core, sixteen gigs of RAM, and it takes several seconds of "Loading" to delete an email. It's comical. If you're using Chrome you might not have the issue, Google uses a lot of proprietary Chrome only tricks to make their websites even borderline usable.
So we have a browser with nearly 70% market share, made by an advertising company that's arguably the most powerful business on the internet, interfering with ad blocking. And of course there is no regulatory body that is able or willing to step in.
I'd say at least several hundred worldwide (because many of them can simply claim jurisdiction over whatever they want that enters the lives of their citizens). There are probably about a dozen that have the teeth to actually change Google's behaviour if they chose to.
Indeed it is! We have a wonderful mechanism that handles this situation: a free market.
We've already seen far greater market share from a browser. That browser lost it's market share when it stopped serving consumers. It lost it so thoroughly that decades and billions later it still can't recoup it.
Why would you want the government to hurt Firefox and the other competitors who would be happy to compete with Google on this front?
You appear to be forgetting that a huge part of the story was government action to limit the power of the company that made that browser, both in the US and especially in the EU.
Browser choice is most certainly a free market. Microsoft, Mozilla, and Apple all develop their own, and their browsers are not beholden to the same pressures as Google (i.e. to not block ads).
You, like so many others, are conflating "ideal" market and "free" market. Free markets do not always behave ideally, and ideal markets is really what we should be aiming for.
Why should a regulatory body step in? People were saying for years about how evil Google is, along with how limited and how much of a spyware Chrome is. There are alternatives that people can switch to, if they decide to keep using Chrome they should just suffer the consequences.
It's tempting to fall into the trap of feeling smug that you've made the right decision so no action should be taken against a company abusing their market position in a manner that's harmful to the public. Try to resist that temptation, like I have. I too have been using Firefox this entire time, but I don't let that tempt me into apathy towards the state of the industry.
You may as well question the purpose of the FDA regulating slaughterhouses since vegetarians have been found a way to avoid doing business with them. That's a nonsense position. A vegetarian should demand that the FDA regulate the meat industry, and a firefox user should demand regulation for corporations they've avoided.
>abusing their market position in a manner that's harmful to the public.
Why is it abuse? No one is being forced to use chromium. Are you abusing your market position when you buy the cheapest toothbrush in a manner that's harmful to other toothbrush companies?
However, due to marketshare, the other browsers do tend to be forced to implement the same features as Chromium/Chrome.
Google can easily force the other browsers to lose the Web Request API, because maintaining it when they're the only ones using it is a net loss of productivity, which will probably be needed elsewhere.
Relying on Internet ads for their livelihood is a tenuous position to start with, and always has been.
The (bad actors within the) advertising industry are the enemy of people whose livelihoods depend on Internet advertising because they're the ones making ads either bandwidth-hogging, epilepsy-inducing, website-avoidingly annoying, privacy-invasive, or an actual virus/malware vector.
This is, directly, what has caused the popularity of ad blockers to skyrocket. Tech-savvy folks protecting their family from these dangers by installing ad-blocking software so they don't get regular family-tech-support calls about the various issues potentially arising from "bad" advertising.
Follow-up questions:
How many user ad clicks / views does it take for the revenue to be critical to one's livelihood?
Could you consider donations through any of the various options like Patreon?
Then you should aim regulators at the advertising industry.
Chrome has a responsibility not just to the end user but also to the website. The cost of the getting the web page's info was viewing the ads. Why should the browser help the user to commit virtual theft?
Simply blanket dismissing ads as "tenuous position" is nonsense. Lots of people make a living via web ads. Google makes billions on ads. It's a real source of real money. Alternatives could, and should!, be considered. But simply cutting off a revenue stream while arguing that the ability to cut off that revenue stream should be protected by regulators is weak at best.
> Chrome has a responsibility not just to the end user but also to the website.
Chrome is the user agent. It acts purely on behalf of the user. Browsers aren't trojans built to exploit my eyeballs. This "virtual theft" talk is as silly as claiming that spam filters should be illegal - your server sent me some markup, and I'm free to preprocess it in any way I want.
> Simply blanket dismissing ads as "tenuous position" is nonsense.
Not really. Advertising has always been about manipulating people into doing things they otherwise wouldn't do - if all ads were purely informative it'd hardly be a multibillion dollar industry.
Then you should aim regulators at the advertising industry
Yes, yes, yes, and more yes. That's the cause that needs treating. Apologies if I wasn't clear, that's definitely where I think the regulation should be looking towards.
Aaah, the Homer Simpson position: Can't win, don't try.
Regulate what's within your jurisdiction. That's all any government can do in any circumstance. If regulation results in more friendly advertising that's less likely to have users reaching for the blockers, then those advertisers are going to be more successful, and so even those in unregulated countries will need to conform in order to compete.
That's assuming that the number of users that have already reached for the blockers are of a significant enough percentage to make a difference to website ad revenue.
Correct me if I'm misrepresenting your position, but I vaguely recall a discussion some time ago in which you compared adblocking to theft. If I'm remembering that correctly, you and I have no common ground upon which to have a civil discussion.
His primary website is still online. Me might not be allowed on YouTube anymore, but his primary platform still exists.
Additionally, I thought his removal from YouTube was as a result of pressure from the Government on hate speech and fake news etc. All the stuff Facebook is also attempting to crack down on.
Comparing using Chrome to eating meat is stupid. You can avoid Chrome by a 2 minute process of changing browsers. You can’t avoid the meat industry without vastly changing your dietary lifestyle and traditions.
Because the state is responsible for the well-being of its constituents. It's the reason Australia had a Royal Commission into the banking and finance sectors - they were screwing over people who weren't well-versed in finance, people who took the word of a financial advisor (because financial advisor's are sought out by people who need help with finance) were being screwed over with loans they couldn't actually afford.
It's not possible for people to be well educated in everything and, as hard as it is to swallow for us techy types, a fair percentage of people don't have the time or inclination to even realise the potential down sides of using the Internet. They're too busy with whatever their own areas of expertise are.
Maintaining this shit is hard for a pro. The amateurs don't deserve to get shafted.
Depending on the country, dominant market share as a search engine, online advertising platform, web browser, and operating system. And they’ve been claiming to be adding their own ad blocking to that web browser for sites that have “too many” ads. I’m not saying regulators should or shouldn’t do specific things, but one should anticipate significant anti-trust actions if Google’s lobbying influence wanes.
On the other hand, Google is getting bigger, expanding and hiring more people as the list of their failed projects increase. The chances of them screwing up their core products seems to be increasing, from my point of view. If they manage to do that, that would negate an inevitable future collision with anti-trust regulators. As for the EU and the GDPR I’m sure we are seeing the earliest warning shots and it’s going to be a big mess for them.
> It takes me all of 10 seconds to type duckduckgo.com, and maybe 30 to switch default search engines for the browser. [1][2]
But an equivalent, i can just download FF in 10 seconds is not acceptable in this context. why? Infact, Google browser is way less dominant that the search engine.
> I suspect a reply to your comment isn't going to change your stance on whether Google is dancing around in the anti-trust/monopoly area.
"President Donald Trump’s nominee for U.S. attorney general, William Barr, told lawmakers on Tuesday that he would focus attention on the “huge behemoths” in Silicon Valley at the center of a debate over antitrust enforcement. "
https://www.reuters.com/article/us-usa-trump-barr-antitrust/...
Google (and the Silicon Valley behemoths): Currently know a lot of personal information about the citizenry
The US Government: Wants to know this information
Neither are necessarily deserving of or entitled to this information, so we shouldn't be cheering for either side.
Antitrust is less the issue than personal information / privacy / data tracking regulation. Antitrust enforcement is treating the symptoms, not the cause.
Is there any reason to think the NSA doesn't have access to most of what US corporations have? Either legally through classified programs or illegally through various methods.
It's been confirmed they've had lots of forms of access many times in the past. Seems naive to believe anything would be different today.
You raise a very good point, and I can't even start to guess at the answer or implications.
I think any data the NSA has would be stringently guarded and only used for high-profile / high-impact cases. If the NSA was constantly feeding data to other agencies about trivialities, then it would raise red flags about where "all this incriminating evidence" came from.
Cases involving StingRay interceptions have been dropped so as to protect the details of such interceptions.
There's also the relationship between the agency and the Government to consider. The CIA don't seem to get along very well with various members of the US Government, and with "good" members such as Ron Wyden, if the NSA was feeding ill-gotten data to the US Govt, then someone like him would probably raise some kind of stink.
This doesn't answer the fundamental question of whether the NSA has this data, it's more about the potential mitigation of the likelihood of the data being actually used against someone.
Much like we don't know where the line is on the potential for Huawei kit to be a threat to national security.
Something. Not nothing.
Edited to add:
There's also the very likely situation where Government policy / regulation is put in place to cover all parties, and the NSA ignores this anyway because they're above the law. Everyone else must play by the rules, the US Govt looks to be doing the right thing.
(this isn't a bitter statement, merely that I think this is how things actually work, whether for the US or any other country; realpolitik)
This is just a dog whistle for the political claim that search results, curated content, or algorithmic feeds are "biased" against a particular viewpoint of the world that they would prefer. Their intent is to use enforcement and investigative powers to make that case publicly and intimidate. The worst case, in their view, is to raise uncertainty about information sources; or, in the best case, to coerce more favorable rankings for their favored information sources. It's a furtherance of our state of domestic information warfare, while they remain in power.
A fish rots from the head down, and Trump's avowed preference would be to attack companies for spite if they haven't been nice to him personally. Those kind of regulations are probably not productive.
Because that's what they're for. They take actions on behalf of society, because direct action by the masses on every single issue is extraordinarily inefficient.
ruthless pursuit of profit risks alienation of its customers? good point though. I'd be shocked if >10% of Chrome users use uBlock Origin, in which case it's probably worth it (for their shareholders). Remember that advertisers are Google's customers, not us
Same for me. There is no real reason that I use Chrome rather than any other browser. I switched to it like 10 years ago for whatever reason and I had no reason to switch away from it since then.
I use Firefox on mobile, despite all the issues I encounter with it, because its the only browser that allows me to use uBlock origin. I will no doubt switch for that reason to Firefox on Desktop too.
Those are hollow threats. If you really care, you all really ought to stop using Chrome now, regardless of whether they go through with this. Bitching on forums aren’t going to register on their metrics. Only actually stopping use will.
And that message is "Oh well, it would cost too much to revert that feature. We'll just shove some more ads into the search product telling people to 'upgrade' to Chrome."
I've been a double user of Chrome and Firefox for the last several months. Firefox irks me in some ways still but I've gradually grown accustomed to it. It's also much more customizable.
Indeed, if Chrome breaks uBlock Origin and uMatrix, I am just ditching it and will only use it for testing.
Silly me, did I just say "me"? That'll be me and my customers (probably not enough to make much of a dent in the stats but rather more than a few users)
Google has shown some Chutzpah to sell their own ad blocker when they are the #1 advertising vendor.
If feel they have enough impunity to get away with that, then it is no surprise that they will try to put other ad blockers out of business too.
Other ad networks might be big enough to bring an antitrust lawsuit against Google (although they probably won't last long enough) but Ad Blocking is such a niche market that they couldn't possibly sue.
Ouch, I understand why they want to not have a blocking webRequest API but I consider uBlock Origin to be a must-have extension. Hopefully this is relaxed somehow.
I personally still use Firefox at home despite recent issues, but I honestly would prefer having both as an option, plus I always recommend uBlock Origin to everyone.
(Disclaimer: I work at Google but not on Chrome, opinions are mine and not my employer's.)
It's quite memory hungry. Not saying leaking per-se, but my 16GB machine at work started swapping heavily mostly due to Firefox today.
Only had about 15 active tabs (though a number of dormant ones since last FF restart). Between the various processes, FF was using about 6-7GB of memory. Closing almost all of the tabs reclaimed about 2GB, so still a lot left over.
That said I'm not too bothered, I can restart FF every other week or so.
My main concern is the questionable use of Studies and other experimental paths to test things like advertising in Firefox. I don't like this. I would prefer my browser to be more neutral.
Of course I can disable it if I want. But, I wish I could simply trust my browser vendor to do the right thing.
The browser itself seems solid, I've been happy since Quantum and look forward to seeing WebRender rollout.
A lot of usability issues, for example: You can't disable Ctrl-Q on Linux due to a bug that they do not seem to be willing to fix. In the past I used to depend on the "are you sure you want to close N tabs?" confirmation dialog thing but now they have removed it.
Why would Google be given any benefit of a doubt in the case of ad/resource blocking?
They are a behemoth ad-based corporation that is becoming a monopoly in many areas of computing. In yet more areas, they are becoming an effective monopoly through size: they may not be the only company offering a type of service, but they are the only one able to offer it at scale and/or with a certain level of sophistication, given their resources are orders of magnitude larger than almost any other company's.
All this taken into account, it's obvious how much is at stake for them. Why wouldn't they try crippling blockers? Their revenue depends on it and the only counter-incentive is that there may be a massive exodus of users to Firefox, while it still exists. Do it slowly enough, though...
A design that happens to cripple modern ad blocking and is not nearly close to being a full replacement of the existing API. Improving performance by removing features is easy. I don't think it's misrepresentation to call it crippling of said features.
The fact is that modern ads and crapware/malware web resources are a large problem that users choose to deal with by installing modern ad blockers. Even if that makes the browser somewhat slower overall, it is the ads that are the culprit, not the ad blockers. Also, anecdotally, but I find the web's performance to be vastly improved by installing uBlock Origin, as has also been noted in another comment.
It is also a fact that Google's whole business revolves around ads. Again, why wouldn't Google be mindful of ad blocking and try to prevent it from happening, with all the resources it has at its disposal? It would be bad business not to try.
Even if this particular situation isn't an example of this, I think it is irrational to think it does not and will not happen.
I don't think I can go back to the internet without uBO+uMatrix.
On a related note, why doesn't Chrome for Android have extensions? I get the sense it's because it was more strategic to ban extensions entirely than to allow ad blocking on mobile.
serious question - what sites are you visiting that you run into these issues? I use chrome without any adblock and have for as long as chrome has been around. I have NEVER once ran into this situation.
That's not the correct quip (Embrace, Extend, Extinguish); and even if it were, it doesn't make any more sense in this context than your version does.
Even in the most skeptical reading of the situation, Google never "embraced" adblockers, they allowed them. You'll note there's no extensions on Chrome for Android for example.
Embrace: Google shipped its own ad blocker in Chrome last year. It blocks all ads on sites that violate ad standards set forth by the Coalition for Better Ads. If Chrome's basic ad blocker can encourage the publishers to clean up their most annoying ads, then Chrome users might be less likely to install a full-featured ad blocker like uBlock Origin.
It is funny to think that company that makes money by showing you ads based on information that it harvests by various mechanisms would let you browse the web without watching ads.
The current webRequest API allows extensions to intercept network requests in order to modify, redirect, or block them. It is frequently used by content blockers. Currently, with the webRequest permission, an extension can delay a request for an arbitrary amount of time, since Chrome needs to wait for the result from the extension in order to continue processing the request. The basic flow is that when a network request begins, Chrome sends information about it to interested extensions, and the extensions respond with which action to take. This begins in the browser process, involves a process hop to the extension's renderer process, where the extension then performs arbitrary (and potentially very slow) JavaScript, and returns the result back to the browser process. This can have a significant effect on every single network request, even those that are not modified, redirected, or blocked by the extension (since Chrome needs to dispatch the event to the extension to determine the result).
Google has noticed (as have I) that a typical chrome instance is significantly slowed down by things like adblock plus, because it turns out running every URL through a million regex's uses a massive amount of CPU and really slows down loading. As web pages get bigger and have more resources, it isn't going to scale.
This has been going on a long time, and there are totally ways to improve performance, but typically ad-blocker authors don't have a commercial incentive to make their software super performant, so as far as I know, none have even implemented basic performance features like prefix trees, bloom filters or hashed lookups.
In my tests (albeit a few years ago), the actual text content on web pages was slowed down slightly by adblock plus. I measured with a video recording of the screen, and considered a page complete when the title and main body text of a page were loaded.
It became a dramatic slowdown with a slow CPU. I made a performance patch which saved 40% CPU time (by making a new css selector matcher). I even tried to submit the patch upstream, but my employer blocked it with bureaucracy.
I started using uMatrix full-time about a year ago. At first, I was shocked by how much traffic it would block - sometimes dozens of tracking domains. I didn't understand the sheer scale of the tracking industry.
Losing the full efficacy of uBlock and uMatrix is a deal-breaker - not just for Chrome, but many other Google services. That such a proposal is even being considered is stunning and causes me to reconsider Google's reputation.
The comment author provides these notable examples which would no longer be possible:
> the blocking of media element which are larger than a set size, the disabling of JavaScript execution through the injection of CSP directives, the removal of outgoing Cookie headers, etc.
Seems like pretty fundamental stuff for any user-side content filtering, especially for the use of bandwidth and privacy considerations, ad-blocking aside.
Or perhaps it's because people are spamming their bug tracker from sites like Hacker News, preventing the necessary technical discussion from taking place.
This isn't just traffic. This is interrupting someone else's conversation to complain after reading an editorialized headline.
Having dozens of people post "I'm moving to Firefox!!" doesn't contribute anything. It detracts from discussion.
For exactly those reasons the thread has now been locked.
This is already happening. The new Gmail redesign is borderline unusable and uses up 60% CPU just to display a plain text email, and YouTube's latest update is slower in Firefox because they use a Chrome specific API.
If they go through with this, they would lose a fair portion of their users, even non-fossy ones. I've seen memes on popular reddit subreddits like /r/me_irl and /r/teenagers about adblockers (e.g. "you can't stop me" "I know, but he can") and I would hope that this would maybe be a breaking point for those people - they'd google "adblock not working chrome", find an article that prescribes switching browsers (probably or hopefully firefox or some non-chromium browser), and chrome would lose around 5-10% of its share. Hopefully it will at least wake people up to the monopoly google has by exclusively controlling the most popular browser.
I'm all for getting out the pitchforks when Google does something anticompetitive, but this seems to me to be very similar to WebKit's content blocking API. How does this differ from that, and are extensions that run JavaScript no longer allowed?
Firefox exists, it works well, and it doesn't fuck its users to help advertisers. If Google manages to push it out of the market we'll be stuck with a garbage browser built by an ads company.
The current title ("Google proposes changes to Chromium which would disable uBlock Origin") is more reflective of linked comment.
The essential quote from the linked comment is this: "If this ...[change to chromium is implemented]... [it] essentially means that two content blockers I have maintained for years, uBlock Origin ("uBO") and uMatrix, can no longer exist."
"can no longer exist" is much closer to "disable" than "break".
The problem is I see a ton of people in the comments assuming this is a change made with the intent of disabling/breaking ublock. Clearly it's not, and it will affect more extensions than just that.
We should demand a LOT more evidence before claiming that Google intends to break adblockers before accusing them of that. If they are doing that, I want to be the first one raging against them, and I don't feel comfortable raging on something that deserves the benefit of the doubt.
I don't think companies should ever get the benefit of the doubt. If they are doing something people think it's bad, they are bad until they have their defense. That's why big companies have PR people. People may have the benefit, but companies shouldn't.
But I'm not advocating people treat this as any less important/urgent. The consequences of this change are clear: uBlock/uMatrix would break, this is bad, and it needs to be fixed. However at this point in time, it's an open issue, on an open bug tracker, and Google should be given space to adjust before we can actually declare they're doing this on purpose.
If the change goes through despite the issue being known, that is bad, and that will be a clear sign they don't care that adblockers are getting shut out. Still won't be proof it was intended to do that, but at least there's a different level of outrage you can apply to it.
This is not about who does or doesn't deserve the benefit of the doubt. It's about not having knee-jerk reactions to headlines. In the current political climate, that should be given some serious thought.
Edit: In fact, so far the only thing this thread has achieved is having people go in the issue tracker and leave their comment. You can guess what will happen next: Outrage and abuse in the comment section, followed by a lock, because of fucking course they should lock when there's abuse. This happens every damn time there's a github issue being linked on HN.
What this behaviour does is it prevents an actual discussion from happening.
It's still very suspicious though that such changes happen right after Google implemented their own native adblocker. If tomorrow 3rd party adblockers stop working, Google can now point out that people can rely on their own solution.
Paranoid? Probably. But Google's revenues are from ads, so this kind of attitude is very much warranted in this case.
I am not an expert on this topic, but Gorhill is and has a demonstrated history of technical/privacy judgement.
Gorhill's comment makes it clear that impacting the functionality of blockers is an intentional change, as the proposal not only removes previous functionality, but also enshrines one particular and limited approach to blocking.
Edit: I would also note that "break" may suggest the possibility of altering blocking extensions such that they could keep working and maintain their present functionality. Gorhill's comment makes it clear that this is not the case.
This seems very similar to the changes Safari made a while ago for their content blocking API, so there may be more to it than "Google wants to break adblockers".
I've explained the logic in the post you're replying to. I'll rephrase it:
There is no evidence the change is being made with the intent of getting rid of adblockers; it is so far only a side-effect. We should demand such evidence before implying that this is the intended outcome.
If such is the goal, have at it with the headlines. They write themselves. "Advertising Giant Google Forcefully Breaks Ad-blockers in Chrome Update".
But until the evidence is there, we should be responsible about this.
I've reviewed the design doc and and the spec for the new API. I agree that there doesn't seem to be an intent to "[get] rid of adblockers". Nonetheless, the proposed changes will disable core functionality in uBlock and uMatrix, which is what the title states.
>There is no evidence the change is being made with the intent of getting rid of adblockers; it is so far only a side-effect.
Yes, but what's the point of this change, if it is only a side effect? I've read this thread and I haven't seen clear explanation what this change strives to achieve, other than breaking some popular anti-tracking/ad-blocking extensions.
> There is no evidence the change is being made with the intent of getting rid of adblockers
So far there is only one rationale that could describe the motivation to make this change. Can you propose another possible motive? I am personally struggling.
My understanding of the changes is that they make sense for most extensions, but gorhill's addons are being negatively impacted by them because of the way they were implemented. You'll note it's still possible to implement content blocking in the new system.
As others have pointed out the blacklist capabilities are severely inhibited in the new system. Could you elaborate on how the changes make sense? It feels like their messaging behind this is off if their intent truly is benign.
I always found it strange that the most popular ad blocking method is one that is internal to and relies on the browser itself.
Companies can change their browsers anytime and for whatever reasons they want. As far as I can tell, users have little control over the organizations/companies that write browsers, not to mention that the most popular browsers are written by companies that benefit from sale of the online ads. This make the ad-blocking browser extension brittle.
I also find it peculiar that the preferred approach to ad blocking has been blacklisting rather than whitelisting. In other words, users prefer to let a third party pick a list of servers to block. Everything else is allowed by default.
Besides issues of delegation and having to trust a third a party, this of course is a very large, constantly growing list that includes many, many servers most users will never, ever encounter in their entire lifetime online. Though it may be unnoticeable for now, an enormous block list is inefficient.
The alternative, which I have found easier to manage, is for users to determine what servers they need to access, "whitelist" them (e.g. by placing them in localhost authoritative DNS or /etc/hosts), and then block everything else by default. This is similar to a firewall ruleset.
The number of servers any user will use in their lifetime is relatively small compared to the total number of ad server addresses in existence now or in the future. It is manageable.
If you are a non-technical Chrome user, and you have no idea of what servers you are actually using repeatedly day-to-day, there is a built-in feature that can help you make your own "whitelist".
* GitHub - StevenBlack/hosts: Extending and consolidating hosts files from several well-curated sources like adaway.org, mvps.org, malwaredomainlist.com, someonewhocares.org, and potentially others. You can optionally invoke extensions to block additional sites by category. || https://github.com/StevenBlack/hosts
Someone will make money selling an ad blocker device that's just a configured Raspberry Pi with a consumer-friendly way to install it on a home network.
Not sure if they're purposefully blocking uBO. Those who are effected will either move to Firefox (and encourage their friends to), or just use another content-blocking technique (eg, DNS).
For the few extra ad clicks they'll gain, it's just not worth the upset.
Their captcha is deliberately vindictive against users who don't have google accounts, use firefox and use uBO. For instance, the tile "fade in" lasting several seconds that plays absolutely no role in making the captcha difficult for ML to solve, existing only to punish real humans who don't comply with Google's surveillance system.
So in light of that, I see no reason to not assume malice in this case too.
Could someone please help explain the technical details of this?
From what I can gather from the chrome.webRequest and chrome.declarativeNetRequest documentation, it looks like this change would make it difficult to have long lists of blocked hosts, or perhaps to update such lists automatically. Obviously there is a conflict of interest here for Google, but it looks like there are at least a few non-bogus justifications for the proposed change.
There's a couple of different issues with the proposed API:
* There's a limit of 30k blocked rules, which isn't enough to fully block every ad (for example, EasyList alone is 87k filters right now).
* The declarativeNetRequest API only supports a limited set of filter options. Currently, uBlock supports a bunch of additional options that give you more fine-grained control over what is blocked [0]; most of that wouldn't be possible in the new API.
* AFAICT, the ruleset can't be updated dynamically, which would prevent uBlock's dynamic filtering [1] mode from working.
Google's argument is that doing this improves performance (because it doesn't require communicating with the extension), and that it improves privacy. The privacy issue does have some merit - uBlock's author seems to be trustworthy, but other extensions might not be - but the performance argument in particular seems really shaky. uBlock's benchmarks [2] show that it takes around 0.1ms to decide whether to allow a network request. The only way it could noticeably impact performance is if the overhead of communicating with the extension process is really high, and that sounds like something Google should fix rather than eliminating it.
I’m more concerned that the http/3 Connection Migration ID, proposed by Google via the QUIC spec and operating at a lower level, will create a persistent tracking mechanism, regardless of the application in use.
Anybody knows what "Hotlist-ConOps" means? I'm guessing "ConOps" is the name of the project. Even looking at the issues like[1], I still have no idea what it means.
> There are other features (which I understand are appreciated by many users) which can't be implemented with the declarativeNetRequest API, for examples, ... the disabling of JavaScript execution through the injection of CSP directives, the removal of outgoing Cookie headers, etc.
This is also incredibly important.
It's my HTML, don't restrict me. Let me mangle the web pages I request.
I recently set up pi-hole in a couple of hours on a raspberry pi I have at home. Works fairly well - it can't block as many things as ublock origin can, but it gets the job mostly done while still providing some sort of revenue to content creators.
I changed last year? ( whenever the quantum beta came out )
now I live between the two browsers. For the most, there is no real difference and for both browsers, holes can be plugged with plugins. ( One nice thing I like out of the box for FF is that it supports column selection which makes my life easier on some web pages I have to use regularly )
I like the web development tools on firefox, and usually use them over chromes
The only few things I've really had an issue with is a particular wiki page in my works confluence system that seems to go incredibly slowly on firefox and I end up using chrome to edit that page. The other is sometimes firefox doesn't open a new tab in a new tab if the tab bar has a lot of tabs if I'm using the UI ( I use vimium on both chrome and FF and it can open tabs no matter what )
Other than that, I have this very subjective "feeling" that chrome feels just a wee bit nicer than FF.
Was no one but me outraged about them turning the 'stop autoplay' of video feature off within Chrome on desktop? This happened in the last year or two - I don't remember since I switched to Firefox.
Chrome I only use for business / G-Suite purposes and for dumbo sites that only work in Chrome. Admittedly I'll use IE before I use Chrome.
Just use Firefox, disable all content blocking addons and enable resistFingerprinting and container tabs. There you go you are virtually impossible to track, and as thus will only generate useless traffic for advertisers/trackers and actually cost them money in a legal way.
It would actually go hand in hand with "hide but load element"
This was bound to happen. Google has always treated Chromium as their toy and a way to protect their advertising monopoly. That is why we released the new PrivacyWall today which includes the most advanced host level ad blocker built by Stanford engineers. It's free and we will never sell out.
I'm surprised at the lack of support (hacker news) for Safari. It's a fantastic browser, made by people who have a track record of not being evil with data. I know that might seem like a big statement, but in the face of Google I will happily trust Apple.
A few years ago they were considered the new IE when it came to html5 compat (which was lagging behind other browsers). I'm not sure what the status is now.
Bug reports are for technical discussion, not filing grievances. Please don't be "that guy" who uses this space to complain. Especially if you haven't bothered to read the new spec and are simply mad at the title.
The spec makes this a bit ambiguous, and I have experienced nothing but frustration in my continual attempts to move to FF (last time was two months ago, spare me the argument), but if uBlock is over then so is my relationship with chrome.
They are blocking Ad-blockers and improving Ads. Blocking Ads that are scam like popups and such so ux should be good with content and Ads side by side.
It's actually Google wants to rule by blocking other platforms that provide Ads.
Well, look at the bright side: People will (hopefully) remember that there's an open source browser from a non-advertiser company (and therefore with not many incentives to break your adblocks)
I wonder what this means for browsers like Brave. They are on Chromium engine but AFAIK they are using their own blocking, different from uBO (not sure what exactly they're using).
The day I see google ads on my chrome I will switch, they can do whatever they want.
I will also advocate switching to every person I know, so disable ublock origin with that in mind.
Because by moving to Chromium, Microsoft increased Google's control of the browser ecosystem by killing one of the last remaining competitors to it. Now only Firefox is left.
Before they dropped Edge, a move like this would have been a great marketing opportunity for Microsoft: "Come to Edge, where your ad blocker still works."
Because Firefox doesn't offer any extra security controls over Chromium, in fact I would say they are way worse than vanilla Chromium on Arch. Therefore it makes sense to go with the browser that performs well, rather than one consuming a bunch of resources unnecessarily.
what security controls are you referring to? Also, I think we were talking about performance. How is performance relevant to security controls? And again, how does that imply that Mozilla is better/not better than Google?
I'm referring to the security controls that Mozilla and their Apple-like fan group claims give it an advantage over Chromium. I am saying that I do not believe that it has any security or privacy advantage to Chromium, and the performance is worse, so there is no reason to be in the Mozilla cult-like fan club.
I'd like to use Chrome or be on the ecosystem for the developer tools and website compatibility but not have to...well...suffer through this. Maybe Brave or another maintained fork of Chromium fits the bill.
I've been using Brave for a few months now and they have come a long way -- with many bumps along the road. When sync is finally released (its in beta now), I really think it will be a contender.
The nice thing about the mobile version is that you can add uBlock there too. I switched to Firefox a couple years ago and haven't looked back. Also have been DuckDuckGo for about a year and last year I switched my email over to Fastmail. Funny because I used to be the biggest Google Fanboy a few years back.
I assume people with much more data than me have ran the numbers and concluded this is a good move, but with the rise in people using ad-blockers [0], this seems myopic from the outside.
The GDPR situation and this week's 'fine' for Google certainly suggests that the current model of surreptitiously harvesting outrageous amounts of data from unsuspecting service-users is untenable (as well it should be), so I'll be fascinated to observe the next stages of the data collection vs privacy skirmish.
The "blocking version of webRequest" means that page loading stalls until the extension decides whether to allow, deny or modify each request. This gives extensions enormous power, which can easily ruin user experience if the extension is slow about handling requests.
I agree that ads aren't a great solution, but the entire reason Mozilla is doing things like that is to avoid having all their revenue (and thus their existence) dependent on Google. How else do you think they should make money?
If you prefer chrome but don't want to deal with the privacy issues, definitely try out brave-browser. It's a custom build of chromium with privacy and ad blocking enabled by default, and is fully open source.
I’m not so sure about that. From a nontechnical users’s point of view, they aren’t entirely shutting down adblockers outright, but merely slightly inconveniencing them - most users will probably migrate to a different, less powerful ad blocker and just keep using Chrome. We’re all frogs in water while Google keeps raising the temperature just ever so slightly higher.
Another reason why it was an enormous mistake for Microsoft to adopt Chromium as the engine.
Now Microsoft has a choice for Edge:
A. Fork here and pay the maintenance price and extension compat issues, with potentially unlimited downside of technical debt in reconciling the two.
B. Adopt these changes and kill ad blocking in Edge, preventing them from differentiating themselves from Chrome and reinforcing Google's position as an advertising giant.
Both are bad. What would have been less bad is if Microsoft switched Edge to say, Gecko, or maintained EdgeHTML and continued to support a multi-platform, multi-implementation web.
Ad-supported businesses are an example of tragedy of the commons. They cause users to be product rather than customers. They make it harder for any other monetization strategy to take off the ground (it is hard to compete with "free"). Ads, and marketing in general, is a zero sum game with your resources being spent simply not to fall behind, just because your competitors are spending them (they are like lawyers and military in that regard). Ads enable and encourage parasitic businesses, like content farms and the like.
For the marks, I mean, users, ads pollute visual field, occupy mental space, create and encourage unhealthy habits.
Sure, but the plague of dark patterns and intrusive ads far far outweigh the few legitimately non intrusive ad supported websites. I agree there needs to be some way for sites to make money, but there is just too much stuff out there that should be blocked.
I'm sympathetic to this argument, but browsing on my mobile device (where I don't have a good ad blocker) is regularly interrupted by redirects to malicious sites ("you're a winner!") that are clearly injected by ads.
I'll happily whitelist any ads from a network that bans scripting in the ads they accept.
If they are explicitly making these changes to support ads, that's not a good thing. Google is the Internet's largest advertiser. If that business is driving decisions in Chromium, then the project (and the Internet) is in big trouble.
The ad industry has had decades to get its collective shit together and stop taking the piss out of users. I have no more sympathy or patience, I'm just blocking the lot.
.png){kind=link}
I think the response is appropriate, energetic advocacy, but the HN headline is hyperbolic.