uBlock Origin will soon stop functioning in Chrome as Google transitions to new browser extension rules.
The ad company blocking an ad blocker is totally about security
- Google stans
But they’re not blocking ad blockers. They’re restricting a huge attack surface which has the side effect of making it harder to build ad blockers. With this change, extensions can “only” alter/inspect/redirect/block 30,000 domains if they use the webRequest API. That’s not enough to build uBlock Origin with, but at least there’s limit now.
Google should add a specific ad blocking API (though I suppose that name would run afoul of market competition laws, so maybe they’d need to workshop that stuff info “content enhancers” or whatever) before removing the ability for extensions to hide/block/redirect/alter arbitrary requests, but the way extension’s currently work is pretty terrible.
It’s all fun and games if uBlock Origin uses this API, but if one of your other extensions get bought out by a Chinese malware company, you’d be wondering why “save downloads to Nextcloud” and “remove Google search bar from the browser home page” were able to steal all the money out of your checking account and open several credit cards in your name.
Google’s approach sucks, but in my opinion other browsers should show stronger warnings when installing extensions with access to everything you do in a browser (and outside it, if you screen share).
I don’t really care about Chrome, Chrome users can just download another browser if they don’t like ads. I do care about the risks in other browsers, and browsers need to do a lot better communicating and compartmentalising this risk to end users.
With this change, extensions can “only” alter/inspect/redirect/block 30,000 domains if they use the webRequest API. That’s not enough to build uBlock Origin with, but at least there’s limit now.
That seems like an arbitrary number. Why not 20,000? Or 300,000? What the hell is this limit even for? Even malware can still target 10 domains and do some significant damage. So, what the hell is the point?
Remember, politicians don’t pass racist laws by directly saying they are excluding PoC into the law. They do it by targeting commonalities that happen to apply to PoC.
Google isn’t going to flat-out say they are blocking uBlock Origin. They are going to do it by implementing “security features” that just so happen to target only uBlock Origin.
Personally, I would’ve lowered the size of this was about security. Make it a nice, round number, like 1024.
I think it must’ve been based on something like “the declarative layout is x KB per entry so if we assume the file can be 10MB at most we get about 30k entries”. Maybe they documented it somewhere, I don’t know.
I think it’s clear that a security concern has been hijacked by the ad people. If it was just about security, some other content blocking API would’ve been set up. Safari on iOS has content blockers and that doesn’t even use web extensions, so clearly there are software design models that allow blocking without the “read any website data any time” risk that WebExtensions pose.
But these features don’t just target ad blockers. It also affects other extensions, like Stylus for user CSS, or TamperMonkey for user scripts. It also affects other content blockers, of course. The big difference is that most extensions that require permanent access to every resource on every page are either ad blockers, malware, or power user scripts.
“For the security” is starting to sound a lot like “for the children”. I hope this works out better than secure boot. When these new ideas emerge that have, let’s call them, “side effects” like disabling ad-blockers or preventing Linux from being installed I am suspicious.
Google clearly shows their intent by not providing an alternative API for content filtering, but that doesn’t mean there are no security concerns. Malicious extensions have become so prevalent that Mozilla had to switch to only permitting signed extensions (despite community outroar) because shitty companies were inserting their extensions into the users’ profile directory without permission and breaking websites and even Firefox itself in some cases.
Secure Boot requires the user to be able to turn it off, so if it gets in the way of anyone, it’s implemented wrong. Microsoft has a weird certification system for “super duper secure” laptops or whatever they call it where only their private key is loaded, but that’s a small amount of expensive business laptops.
If anything, Secure Boot is an example of the “just let me turn it off if I want to” crowd making computers less secure for the majority because Microsoft allows booting a whole bunch of Linux distros on supposedly locked-down systems, which has been proven to make other attacks possible (like that recent one on Lenovo laptops where a Linux boot disk could insert a fingerprint into the fingerprint reader that would unlock TPM-based encryption).
Nobody is preventing you from installing Linux through secure boot. In fact, you can take control of your secure boot settings and prevent anyone from installing Windows on your computer without your password.
if google cared, they’d vet ads and ad links, and guarantee their safety and security.
if google cared, they’d put a stop to seo ‘optimizers’ and scammers scoring top positions on serps.
but google doesn’t care about anything other than their profits and share price.
adblockers can affect both of those. they’re using the weak cover of ‘security’ enhancement to neuter them.
existing adblockers provide more safety and security than what can be realized by the shift to mv3.
This is the most succinct, unbiased explanation I’ve seen for this change. Thank you for this! It’s good to know there’s an unintended security improvement in their otherwise brazen attempt to kill ad blockers on Chrome.
Fuck Google.
deleted by creator
At this point, using Firefox and an ad blocker does more for the climate than paper straws or recycling.
Even with ad blocking, half of consumer internet traffic is ads. Google is contributing to increasing this ratio, where most traffic on the internet will be stuff the client did not request, contributing more to climate change than Bitcoin - not that this makes crypto look better, they are just a useful milestone to compare to with the press they get.
And this doesn’t include the idiotic AI shit they do.
I’m pretty sure the traffic for the ads still gets sent to your device over the Internet, it’s just that the ad blocker keeps it from rendering in your browser.
No, the adblocker usually blocks the request before the data gets sent to the device. It’s why pages load faster with an adblocker
It’s a mixed bag. Some ads (like some Youtube stuff I guess) are bundled and filtered, but most actually rely on external requests to ad exchanges. What happens mostly is that when there is an ad spot in the page you downloaded, that is in fact a generic request to an ad broker to send an ad instead of a specific ad. That then starts a real time bidding process inside multiple broker networks to find the most expensive (for the advertiser) ad they can show you based on your tracking information and demographics.
And that’s for every ad spot. It’s insanely intricate and frankly wasteful.
More people should use Firefox. Anyone who does not want Google to control the web browser space with a single base. Firefox will continue support uBlock Origin in its full strength. Notice, Google does not “kill” uBlock Origin, but rather weaken it substantially with a new protocol.
But I get it. With such headlines more people will read it. At least it has a good effect of getting attention of people, who would otherwise ignore it.
They do kill uBlock Origin. The Lite version is a different extension.
Its still the same extension, same source code, same logic, just less capable; hence the addition of “Lite” to the name. Originally they wanted release the Lite version with same name, but changed it Lite, so people don’t get confused why its not longer blocking everything it blocked before.
same logic
That’s the point, it isn’t. The good old version was built on logic where the browser would send the downloaded webpage to the extension, and uBO could weed out ads and trackers, and give you the sanitized version. uBOL works completely differently, as it has to ask the browser to clean it out, but the browser will ultimately decide what to actually do, and there are already limitations that impact ad blocking, as the browser won’t accept enough changes to block all the different kinds of shit that comes through.
The other big difference in logic is distribution, uBO relies on outside blocklists to keep up with Google changing Youtube several times a day to keep sending you malware, in the new system, this is not allowed, so it’s on Google to approve a new blocklist as fast as they do their changes - they won’t.
It’s going to be less capable, it’s going to be exactly as capable as Google wants. It might as well be named the Google Ad Blocker if only that didn’t discount the insane work the uBO team does to keep up with Google’s shit.
@[email protected] @[email protected] @[email protected] Apologies. I think you guys are right about this, its actually killing the old plugin (in Chrome). Thanks all for explanation, now I understand why that is.
Its still the same extension, same source code, same logic, just less capable
the same… but not the same… ??
I think the technologies are quite different.
uBOL is entirely declarative, meaning there is no need for a permanent uBOL process for the filtering to occur, and CSS/JS injection-based content filtering is performed reliably by the browser itself rather than by the extension. This means that uBOL itself does not consume CPU/memory resources while content blocking is ongoing – uBOL’s service worker process is required only when you interact with the popup panel or the option pages.
Are you claiming non-lite does the same, plus more?
You say it’s the same source code, but it’s a different source code repository. non-lite, lite.
The developer specifically released the light version because they acknowledged that it is not the same and you need to make the explicit choice of what you want to keep using
At this point if you use Chrome I think there is something wrong with you.
Every now and then a website doesn’t work on Firefox.
For me, my default browser is LibreWolf with several privacy hardening extensions, but if I do come across a website that fails, my usual route goes LibreWolf > Firefox > Ungoogled Chromium
If it doesn’t work beyond that then I just won’t use the website.
I have that problem too but I find using a Chromium-based browser is the solution. I doubt you actually need to use Chrome for these websites you’re having problems with.
i mostly use a vivaldi or opera portable for those. unzip, run, use the temperamental site, close, delete directory. it’s not very often that i have to do this.
but for a couple of pesky sites i do frequent a bit more often, i keep their portable browsers to reuse and have them configured (including addons) specifically for them.
well, there’s a lot wrong with me. but the only reason I use chrome is because when my last windows machine took a shit, I couldn’t afford a new PC so I grabbed a chromebook for $130CAD and I was seriously impressed with how easy and fast it was to use. that was 4 years ago, and now I’m just waiting for google’s hammer to drop so I can switch back to windows.
a chromebook isn’t without its charms, there are features that just make sense to me that are non-existent on windows: for example, you can increase the size of everything on your screen with two fingers on your touchpad. expand to make larger, pinch to shrink it down. seems like a no-brainer for any OS, but windows lacks this feature. and when you’re old af and your eyesight is for shit, this is an extremely useful tool to have available.
but if I can’t block ads then it’s meaningless. there are no redeeming features that could ever outweigh adblock capabilities. once that happens, I’m gone and I’ll never go back to chrome. they can go fuck themselves to death if they’re gonna take away UO
I’m (unfortunately for reasons) running Win11 on a Surface Pro 7 with keyboard, and pinch/pull to zoom works fine in Firefox and Vivaldi, which are the only apps I use the feature on. It produces funky behavior in Explorer and usually does nothing elsewhere.
Is it universally functional in Windows? No. Is it implemented at the OS level? Absolutely.
Fuck chrome, FF ftw.
Enshittification goes brrrr.
Google was declared a monopoly. Next step: Let the monopoly keep doing the monopoly stuff.
The judge has yet to rule on how this should be addressed. Even after he makes a decision on that, there will be appeals. So long as the orange shitbag isn’t reelected, things look better for the industry than they have in a long time: at least something is finally happening.
Declared a monopoly only in the search engine space AFAIK. Browsers don’t have anything to do with that other than maybe setting Google as the default search engine.
Perhaps this will bug people who currently use Chrome and uBO to switch browsers.
This coming down the line finally got me off of my incredibly lazy ass and forced me to switch a few months ago. It was easy, and I don’t know why I didn’t do it sooner.
I wish I could for work. But stupid corporate policy demands otherwise, Google workspace is so shit.
Google workspace
Dystopia is real
Only a few more steps until “Google Government”
If I were an exec at Google, I’d have already made a move to buy out a small country. Tuvalu, Nauru or something with a minuscule GDP. Then proclaim the Google Republic, move HQ functions over, and be free of taxes and outside influences forever.
And being their own country, they could even have a full fledged military…
I don’t think you can cancel an entire country with a couple months notice after you get bored of it.
Doubt it, because we have ″Microsoft Government″
Oh no judgment at all, I’m also using Chrome at work and somewhat outside of work.
They’ll switch from Chrome to Cryptocurrency flavored Chrome and think all is well in the world.
I use Firefox everywhere except work where my only options are Chrome or Edge (both chromium). Apparently uBlock lite is supposed to work on the new version of Chrome and hopefully still functions roughly the same. Apart from block web ads, I rely on it to block YouTube ads.
i did read somewhere that affected chrome users are being presented with alternatives from the chrome extension ‘store’ that are mv3-ready.
whether or not they’re capable of clicking the right buttons on the right screens and windows to do it is another story.
ubo, abp and adguard all have mv3 variants. there are others, but i think those are the ‘big three’. ublock origin lite is what i’ve been moving people to here, if not to firefox. so far, so good.
I think the lite versions don’t allow scripted blocking, only static or something. So a whole lot of the adaptive blocks for persistent ads you encounter on facebook, instagram and other shitty socials that behave like viruses will be hard to impossible to kill.
I’m glad I never had to deal with that as I have never used Chrome on desktop, but I’m pretty sure there will be many folks out there who don’t know how to switch.
Block Chrome and use anything not Chrome based. In other words use Firefox.
But Firefox is about to loose it’s funding because google is a monopoly lol
Firefox is open source. It’s not going anywhere; even if Mozilla Co. goes broke and closes down the Mozilla Foundation.
Sure. But loosing the money to fund development surely won’t help, will it? My point is that there is a real danger here. There are other forces at play which is why you have the chrome dominance already. Long term firefox will fall behind if not maintained. There really needs to be a push to finance firefox or alternatives.
Or imagine if more and more websites “require” some new web protocol to prevent ad blocking, or use of DMCA against browsers or addons altering websites as “web apps”. This is another problem that cannot be solved through individual responsibility.
So Google is a monopoly and removing funding to Firefox will help them not to be a monopoly? That does not sound right. Rather the opposite.
Nothing has been decided or done yet. Most likely they will just be forced to not abuse their position, for example make ads for it on www.google.com, don’t bundle Chrome with Android and such things.
I believe there will always be an alternative to Chrome available as the Open Source community will find a way together.
Google has been telegraphing this for months. Either switch browsers now or enjoy your ads.
They’ve literally said ad blockers are a threat to their revenue https://www.sec.gov/Archives/edgar/data/1652044/000165204419000004/goog10-kq42018.htm
Risks Related to Our Businesses and Industries
[…]
New and existing technologies could affect our ability to customize ads and/or could block ads online, which would harm our business.
Technologies have been developed to make customizable ads more difficult or to block the display of ads altogether and some providers of online services have integrated technologies that could potentially impair the core functionality of third-party digital advertising. Most of our Google revenues are derived from fees paid to us in connection with the display of ads online. As a result, such technologies and tools could adversely affect our operating results.
It’s not exactly super helpful to just link to an 86 page SEC filing. Maybe you could provide a quote?
Ctrl F for “block”. There were only 5 usages of the word and that led me to the section.
That’s nice. A quote still would have been more approachable for most, while those that were more curious could have followed the link to the document.
I have some time now, I’ll grab it and edit it in
With this from chrome, and Reddit going paywalls do you think we’ll see another spike in Lemmy traffic…i think it’s a safe bet.
They have already been coming in over the last week since the announcement.
Well, they’re only doing what they announced already like 1-2 years ago. So we knew it was coming. This is also accompanied by Google making YouTube more restrictive when viewed with adblockers. Google is (somewhat late, to be honest) showing its teeth against users who block ads. I always expected it to happen but it took them quite some time. Probably they wanted to play the good guys for long enough until most users are dependent on their services, and now their proprietary trap is very effective.
On the desktop, you should switch to a good Firefox fork right now. Firefox can also be used but needs configuring before it’s good. The forks LibreWolf or Mullvad Browser are already very good out of the box. There’s the potential issue of the forks not being updated fast enough, but so far these two have been fast. Mullvad shares a lot of configuration with the Tor Browser, so using it may break some sites. LibreWolf might be “better” for the average user because of that, but otherwise I think Mullvad is the best Firefox fork overall.
On mobile, Firefox-based browsers aren’t recommended, because on Android, the sandboxing mechanism of Firefox is inferior to that of the Chromium-based browsers. And on iOS, all browsers (have to) run on Apple’s proprietary Webkit engine anyway, but well this is Apple we’re talking about so of course it’s all locked-down and restricted. It’s one of the reasons I don’t even like talking about Apple that much, just be aware that as an iOS user, your choice doesn’t mean as much when it comes to browsers, and your browser might not behave like you think it does on other platforms.
So on mobile, I’d suggest things like Brave, Cromite or Mull. Or Vanadium (GrapheneOS). If the browser doesn’t have built-in adblocking capability which sidesteps the MV3 restrictions, make sure to use an ad-blocking DNS server, so your browser doesn’t have to do it. But you still need it. Adblocking not only helps you retain your sanity when browsing the web in 2024, but it also proactively secures you against known and unknown security threats coming from ads. So adblocking is a security plus, a privacy plus, and a sanity plus. It’s absolutely mandatory. As long as the ad industry is as terrible as it is, you should continue using adblocks. All the time. On every device and on every browser.
The ad industry is itself to blame for this. There could in theory be such a thing like acceptable ads, but that would require ads to be static images/text, not fed by personal data, and not dynamically generated by random scripts which could compromise your security, and not overly annoying. Since that is probably never going to happen, you should never give up using adblockers. Since they basically fight you by reducing your security and privacy, you have a right to defend yourself via technical means.
There are no issues with the main Firefox branches for desktop and mobile, for the average user, not sure why you’re so against them.
Reasons are the data transmissions happening by default and Mozilla’s questionable inclusion of add-on things like Pocket. See for example:
https://www.kuketz-blog.de/mozilla-firefox-datensendeverhalten-desktop-version-browser-check-teil20/
vs.
https://www.kuketz-blog.de/librewolf-datensendeverhalten-desktop-version-browser-check-teil8/ and https://www.kuketz-blog.de/mullvad-browser-datensendeverhalten-desktop-version-browser-check-teil22/
You might need to translate the site to English. If you compare that, you can see why it’s easy to recommend the forks over the original. That said, you CAN configure Firefox to also behave well, but that takes an extra effort. It is far from there by default.
And why should the average user care? They use Alexa and have the Facebook app installed anyway, this is just a drop in the bucket for all the other crap that tracks every movement anyway
Yes, but my post is for the people who DO care about privacy issues. I also don’t like the defeatist’s attitude. You can always start making things better. My post is for those who want to make a better informed decision, that’s all.
Use DNS filtering. I use NextDNS which has a free tier that meets my needs. You can add popular filter lists and your browser will never even see those ads, trackers etc. Or you can use Vivaldi and Firefox of course. But DNS cuts it off before it even gets to your machine.
dns blocking methods do not, and literally cannot, block them all.
DNS filtering only gets you so far. An adblocker is still a very good addition
a free tier
Alternatively, you can just host this stuff yourself and never pay. A Pihole is just DNS-filtering. There’s a million guides to do this on the internet already. You can also do it more directly with some routers, I run DNS filtering on an ASUS router with the merlin third-party firmware. It’s possibly the simplest thing you can host yourself. Like others have pointed out though, it isn’t a replacement for uBO. They both complement each other and I would recommend both to people who are able. The one major advantage it has is being able to block some ads in mobile apps. But it cannot block as many in a browser.
The garbage is taking itself out
i use firefox (and you should too) but they’re blocking ubo, which as not updated to mv2 - ubo lite still works.
Yes but that’s not the same. Because of Chrome limitation it can’t update it’s blocklist directly. You have to update the whole extension to update the blocklist and that goes through Google validation in the Chrome store. It adds delay and Google could even refuse some updates. The blocklist is also shorter because not all filter rules are supported.
Sounds like ubo lite could end up blocking everything else than Google, unless of course the ad companies pay Google to force ubo lite to remove them from the list.
