I still don't get why people who care about privacy (and ad-blocking) use Chrome. Firefox works really well these days, even if Mozilla's track record isn't the greatest of late. I haven't had a need to open a website in Chrome in... years? I can't even remember the last time.
I don't understand why Google counteracts indirectly. Why can't they just ban adblockers from the Chrome Web Store? If that's not possible, why not just remove specific adblockers one by one? Removing the big ones would probably stop most people from using them.
My assumption is that banning them outright will make it super obvious you can’t run adblock on chrome. With Manifest V3 limiting their capabilities but not getting rid of them, the layman user will still feel like they have adblock and aren’t likely to know it’s not as powerful as it was before.
This implies we are so stupid we won't realize we are seeing ads where we never saw them before.
> we won't realize we are seeing ads where we never saw them before.
Ads are the new content.
The killer app for LLMs is generating new and innovative ads that are entertaining and feel like content.
Imagine fun games like "Avoid the Noid" (https://www.mobygames.com/game/1095/avoid-the-noid/), "Cool Spot" (https://en.wikipedia.org/wiki/Cool_Spot), and "McKids" (https://en.wikipedia.org/wiki/M.C._Kids), but with modern graphics and sound and promoting the most annoying brands and products.
Help people save money on their insurance by playing as the Geico lizard! Find out the dirt on used cars as the CarFax fox! Yesterday's annoying mascots are today's folk heroes.
Ads will never be the 'new content'. If I want to read a news story, or find some key information, do you really suppose I will appreciate being confronted with "Avoid the Noid" or other fatuous games?
News stories are often straight ads too, just quickly paraphrased retelling of a propaganda piece from the companies public relations department.
Google might be trying to have their cake and eat it too - hamstring adblocking enough that their sites and ad networks can work around it but other sites and ad networks will remain blocked.
Keep your friends close, your enemies' closer kind of thing.
There is a baseline assumption that this is motivated by ads. I really don't think Google is coordinated enough for ads to exert pressure between orgs in that way. People in chrome really are just optimizing for security and safety.
Hard disagree, this is a play from the top
What do you base this belief on?
How is their anti-Adblock fight on YouTube not a clear sign?
because google is an ads company
And if you've ever worked for 'em, even in a department related to neither Chrome nor Ads, you'll soon know the influence of the Ads team. Prestige, high-pressure jobs, top people, and influence everywhere.
I am not sure if this is not a sarcastic take, but I will bite.
Google are generally not coordinated well on anything, but this current war on adblockers is a notable exception. Consider the following 3 things all happening in the same time frame:
1. Youtube's rollout of detecting adblockers and updating their code a couple times a day to prevent you from running an adblocker
2. The manifest v3 standard
3. The Privacy Sandbox trash
They are using the dominant position of Youtube as video content platform (point 1), chrome/chromium (point 2) as a browser engine and their current dominant position in the ads market (point 3) to achieve a couple of goals. With the privacy sandbox, they force ads to go through their ecosystem, with the manifest v3 they deliver a big kick to the adblockers, and with Toutube, they are using one of their most successful platforms to further push their ads agenda.
To me, unskippable ads are going to:
- make me hate the brand that's wasting my time by advertising crap I don't need and making me watch it
- make me hate the platform on which this ad is played, especially knowing the platform jumped through specific hoops to make the ads unskippable for even the power users
They benefit from people blocking ads, just not their ads. And they can't just build something into their browser to block everyone else's ads by default because that'll be uncompetitive.
Chrome already ships with ad blockers built in for ads which are disruptive or use too much resources.
https://blog.chromium.org/2018/02/how-chromes-ad-filtering-w...
https://source.chromium.org/chromium/chromium/src/+/main:com...
https://source.chromium.org/chromium/chromium/src/+/main:com...
https://source.chromium.org/chromium/chromium/src/+/main:com...
Note however that they get to decide this criteria, I as a user does not have any input as to which ads are "disruptive". And hey, it just so happens that their criteria allows for their own ads.
It’s not an add blocker. It is a competitive as blocker.
All ads are disruptive.
Yes, which is not "block everyone else's ads". Your own first link says that websites eventually fixed their ads to comply with their "Better Ads Standards" and thus became able to show them again.
Is it? I've seen ad blockers try that "privileged ads" model. It's hilariously unpopular and unprofitable due to product market mismatch.
Maybe I am cynical about the law, but I assume the only reason they don't block other networks is because it would be their same advertisers, and they would be furious enough to take action.
Ad blocker are legal, banning them could be illegal.
Porn is legal but you can't out a porn app in the Chrome or Google Play store. No rule says they have to allow everything legal.
If Google had their own porn app in the Chrome or Play stores, but banned all other porn apps, I guarantee they'd lose quite a few anti-trust related lawsuits, and quickly.
Not sure about the second part. Considering they have a dominant market position/gatekeeper/whatever, they probably have to actually make an argument for "why not" in the case of tracking blockers (age restricted content is another discussion entirely).
Otherwise, abusing dominance in the phone app store market to benefit their (also dominant) ad surveillance business sounds very, very much like something the DMA could and should punish.
Porn isn't legal for minors and Chrome extensions store doesn't have an age check.
I wish they'd just ban ad blockers from their store. It would instantly turn uBlock Origin into the Firefox killer app.
Perhaps that’s exactly why they don’t. They know there would be an exodus because they know what the install-base of ad blockers are in Chrome. Their market dominance is worth more than the marginal lost revenue from some ads being blocked.
and after manifest v3 is shipped, the updates for "selected" extensions get slower and slower which makes them less and less effective
and they will just look slow instead of actively targeting ad-blockers
They've done so in the past when they blocked the AdNauseam extension several years ago.
If only there was a headless version of AdNauseam, I would finally have a use for the many Raspberry Pi's sitting in my drawer.
Because they don't want to ban adblockers, obviously. They even implemented a whole new subsystem in the browser tailored for efficient adblocking.
Why can't they just ban adblockers from the Chrome Web Store?
The answer is legal antitrust lawsuits. Chrome has a near monopoly and Google is the largest advertising actor, banning ad blocking altogether risks giving ammunition to the inevitable antitrust lawsuits.
What they prefer to do instead is degrade their effectiveness step by step, it's way less risky for them.
That would also prevent lots of if not most people from using Chrome too. They have to pretend to care privacy & security so that they can put more into their pocket.
That would get them a lot of bad press and many people would leave. It might even get AGs attention. If they just do ambiguous annoying things, that's safer for them.
Google has of course considered doing this. We can't know their exact calculus, but whatever it was, they came to the conclusion that playing cat-and-mouse is financially advantageous to them. Maybe it's a legal concern, maybe it's a market share concern, maybe adblockers don't actually erode their overall ad profitability to the degree we think it does. But whatever the reason, Google decided they will profit more this way.
Banning them will invite antitrust regulation, because there's a conflict of interest between giving away the browser and crippling it to benefit their advertising business. I suspect that for the legal department, it's too close to the historical example of Microsoft leveraging its operating system dominance to benefit Internet Explorer and hurt competitors like Netscape. If they bury the anti-adblock strategy under layers of technicalities, they can plausibly deny that they're targeting particular vendors.
I like that Ars tries to defend ad blocking, but please, prepare better, maybe talk to actual developers and avoid false accusations.
It’s completely okay to criticize Google for doing really controversial (to say the least) stuff like getting rid of blocking webRequest, but criticizing them for prohibiting inclusion of remote JS in the extension is simply bad work.
They could do a minimal fact check, remote JS was never allowed in Mozilla Addons store. A bit more research and they’ll learn that cosmetic filters updates do not require an extension update. A little bit more research and one can learn about the no-review-fast-track that Chrome WebStore plans to implement next year.
This is the first time I've really looked into Manifest V3, and I'm confused as to how the "no remote JS" restriction is enforced.
What prevents a developer from using non-remote JS (code built into the extension) to tell the current web page to fetch remote JS from a server, and execute that? Obviously, web pages must be able to fetch remote JS, or the whole internet would break.
Google could delist such an extension from the Chrome Web Store. But Chrome (unlike Firefox, grr!) allows extension sideloading, so if I was UBlock Origin I would just say screw the Web Store, download from our website.
And then, once UBlock Origin can inject an unlimited amount of turing-complete Javascript onto the page, the sky is basically the limit... right?
If the server is yours it will probably be rejected. Definitely will be rejected by Mozilla.
Userscripts is a notable exception of this rule as in this case the user instructs the extension what JS to execute.
Yes, but Chrome allows users to sideload extensions.
Firefox kinda also does. In both cases side loading is rather painful experience, thanks to all the malware that is exploiting the extensions feature.
Firefox extensions don't need to be listed in the web store, but they must be signed by Mozilla, no exceptions.
I have used both browsers, and I find sideloading in Chrome to be completely painless. I use many sideloaded extensions in Chrome (mostly because I wanted to make small edits to existing extensions).
I guess I'm trying to figure out whether all this fuss is really a limitation of Manifest v3, or merely Chrome Web Store policy. If the latter, I don't see a problem as long as sideloading is possible, and I really hope UBlock Origin will just go that route.
Sideloading is the real freedom which everyone should rally around and protect. (I am extremely unhappy with Mozilla's approach to this, if you can't tell.)
The most problematic part of MV3 (removing part of the webRequest API functionality) is a part of the platform.
This remote JS stuff is a CWS policy.
So what can the webRequest API do that couldn't just be accomplished via Javascript injection? From my perspective—admittedly not really understanding how UBlock Origin works—Javascript is basically all-powerful on a web page. Once you have that, I'm surprised that anything else could be a meaningful restriction.
(I appreciate you answering my questions!)
Javascript is very powerful, but simple injected Javascript can't e.g. undo requests (from other scripts or just normal resources like third-party images) that have already happened. An injected script is not guaranteed to run before the site's own scripts, I believe.
Other than that, you can probably really do everything you could do with the webRequest API, but the complexity of doing it essentially reduces to the halting problem: You'd have to statically analyze all Javascript loaded by the page and figure out if it's going to do any requests you don't want to happen and then rewrite these parts. Maybe there's clever things you could do by shimming all web APIs that can issue HTTP or other requests, but that also doesn't sound fun.
On the other hand, with an API that just gets to veto every outgoing request, you can trivially achieve the same goal.
Another area where in-page Javascript is limited compared to an extension is the same origin policy. A very fancy ad-blocking extension could e.g. run an image classification AI on third-party image resources and hide the ones that look like visually distracting, flashing etc. ads by default – in-page Javascript can't.
Thank you! I guess the main problem is figuring out which elements are ads. Blocking certain requests is a handy way to do that, at least for as long as external ad servers are the norm.
Simple injected Javascript can't e.g. undo requests (from other scripts or just normal resources like third-party images)
But could you detect the request, see what element it loaded in, and then hide that element? Or is that much more complicated than I'm imagining?
If you only care about visual annoyances I believe that should generally be possible (although I also don't know the details!), but many people also use content filters to stop third-party tracking.
JS is important, but it’s only a part of what’s required. webRequest allows the extension to manipulate web requests: blocking or redirecting them. MV3 tries to replace the old webRequest with a declarative alternative and it’s almost impossible to provide a declarative rule for every possible use case.
On Firefox for Android all extensions must be present in the AMO store at the time of installation, no sideloading - even of signed addons.
Mozilla banned non-store extensions in their last Firefox for Android overhaul a few years ago and afaik does not plan to allow them again.
This is the reason why the anti-paywall extensions are all gone/DMCAed.
It's a massive power shift away from the user. No idea why Mozilla did that.
How do you develop extensions then? Surely it must be possible somehow.
Opera and MS Edge for Android don't support extensions as well. So my guess is, the Playstore rules won't allow it.
Firefox extensions don't need to be listed in the web store, but they must be signed by Mozilla, no exceptions.
There is. But you must be running firefox on Linux, on specific distribution (i.e. Debian or Fedora), built by that distribution and the extension has to be installed system-wide by root. Then the signature won't be enforced.
So in a sense you're not running Firefox anymore, you're running a derivative from your distro which modified the source code. (I do appreciate that they do this, however.)
Getting non-technical users used to regularly sideloading extensions sounds like a recipe for disaster in terms of security.
I'm also not sure if sideloaded extensions can receive automatic updates, but the much bigger problem is getting people used to sideloading unsigned extensions with full web site access: Tech support scammers will have a field day with that.
It wouldn't be good for security. But I fundamentally believe that user freedom—the ability to do what big tech would rather they did not, such as adblocking—fundamentally depends on sideloading. You simply can't have one without the other. You're trusting the vendor to decide which software is safe, but that vendor will inevitably also consider which software makes them money.
On platforms where sideloading is either impossible (iOS) or usual (Android), adblockers are completely inaffective. The gatekeepers simply don't allow them to exist. This is true even though the maker of iOS ostensibly (!) isn't ad supported.
I'm also not sure if sideloaded extensions can receive automatic updates
They can't (at least without some external software), which is why the ability to load remote Javascript would be important. For less frequent updates, they could prompt the user.
Ad blockers work fine on iOS. Yes, compared to ublock some things get through but not many. I have had good success with 1Blocker and AdGuard. Apple has allowed those apps for years.
I have 1Blocker and I find it does very little.
As a developer not only can I be trusted to not install extensions from unknown sources, but there’s a much easier vector via NPM :)
There’s a legal avenue for this kind of thing too: pass laws that enforce clear and transparent rules around what the gatekeeper can do and give legal recourse to participants to hold said gatekeeper accountable if they break them.
I'm also not sure if sideloaded extensions can receive automatic updates
They can't update the entire extension automatically, but should be able to get updated blocklists no problem.
I used to run a homebrew'd extension to change my new tab page. Chrome makes it so annoying to use a sideloaded extension. Every time you start the browser, and every couple of hours when you open a new tab it will have a big popup warning you that an unsigned extension is running, and give you a big button to remove the extension that fires when you hit space or enter, and a tiny little subtext button to continue using the extension. After the 3rd time accidentally uninstalling the extension because I was typing in a search too quickly and not paying attention, I gave up on using it.
You must be able to turn this off, because I've been running many homebrewed extensions for years and never encountered these popups.
Why are people so eager to look away from the clear agenda that's playing out?
It's not the time to be sticking one's head in the sand. Google is dead to me once they push Manifest v3.
My point is that reporting must be accurate and factually correct.
Google's showing their hand. You're here nitpicking. If something CAN be done, it usually WILL be done, especially if the actor is a business and the reward is power, influence, or profit.
Will you be one of the ones 'giving Google a chance' once they play their hand next year?
Because that agenda is hypothesis based on outsiders' observation of what Google is doing. It needs to be based on facts. Without facts, such an "agenda" is really just speculation and fear-mongering, not much better than the likes of Breitbart News.
Speculation like this is easy. I can also just speculate that the Ars has an agenda to slander Google. Expand that to a couple hundred words and you have an article. Now get people to read it and become angry. That's basically the sorry state of online journalism.
I have unsubscribed from Ars.
one can learn about the no-review-fast-track that Chrome WebStore plans to implement next year.
My understanding is that no-review-fast-track is only for extensions which changes in DNR rulesets are only about block/allow/allowAllRequests rules.
I don't see how comprehensive content blockers can push meaningful updates with only changes to block/allow/allowAllRequests rules and nothing else.
It isn’t “nothing else”, cosmetic rules can still be updated independently “over-the-air”. One more approach (a bit “hacky”) is to distribute cosmetic rules inside static rulesets (hide them in a separate “metadata” field).
I personally like the fast track idea as we can use the CWS infra to distribute updates quickly, but this is not the only way.
Differential updates are also possible and if they’re implemented, you can keep a normal release cycle (6 weeks for instance).
It isn’t “nothing else”, cosmetic rules can still be updated independently “over-the-air”.
It's not just about cosmetic rules, it's also about DNR rules other than block/allow/allowAllRequest: redirect=, removeparam=, csp=, etc.
If the idea is that these DNR rules require non-fast-trackable thorough reviews, but dynamically updating them will bypass those thorough reviews, than I am at a lost to understand the logic of treating them as requiring thorough review.
If these DNR rules are considered potentially harmful thus requiring thorough reviews, why would they be allowed to be downloaded from a remote server and dynamically created in the first place?
There is also the content scripts-based filters, which is something that change every day. This is where we diverge, I chose to go fully declarative because this way these content scripts are injected reliably in a timely manner by the MV3 API.
This is not the case when injecting in a event-driven manner since the extension's service worker may need to wake up, fully restore its current state, then by the time it's ready to inject the content scripts programmatically, it might be too late as the target webpage has already started to load.
The “safe rules” concept is a little strange indeed, not very consistent.
I actually agree that for an MV3 ad blocker I’d better have a fully declarative default (emphasis on default), but I’d like to provide an option to grant more permissions and allow more rules. I’ll wait until declarative cosmetic rules become a thing before going this way though.
What I don’t like about your way is that it’s very difficult to use the MV3 version for filters development, filter list authors will have to re-build the extension every time they make any change to the underlying filters.
Maybe this is not a big problem though, we’ll only see it when MV3 becomes the only option and there will be more issue reports from its users.
The article is claiming that lists won't be able to self-update at all. That goes far beyond a ban on remote JS.
cosmetic filters updates do not require an extension update
Cosmetic meaning what exactly?
remote JS was never allowed in Mozilla Addons store
I don't see any issues with ublock in firefox, so what's going on there?
A little bit more research and one can learn about the no-review-fast-track that Chrome WebStore plans to implement next year.
That sounds like something that can and will randomly stop approving ad blocker updates more than once.
The article’s claim is factually incorrect, self-update will also still be possible to implement even without the fast track. It will be more complicated than it is now as we’ll need to do that via differential updates, but nevertheless.
Cosmetic meaning what exactly?
Filter lists are composed of two types of rules: “cosmetic” and “network”. Network rules define what needs to be done with web requests (block or redirect). In MV3 these rules should now be implemented via new declarative API.
Cosmetic rules is a very wide subset of ad blocking rules that define how a web page needs to be changed. These are implemented the old way.
I don't see any issues with ublock in firefox, so what's going on there?
uBlock Origin does not use remote JS so yeah, what’s going on with the article is a good question.
Now, right now, this is the moment for Mozilla to pull their heads out of their asses and really push to improve Firefox. Google is cranking up the user hostility, but if there's no viable alterative, people are gonna be stuck being spied on and tracked everywhere by chrome.
If we had an alternative, this would be the time for an organized push to get people on it. But Mozilla has either become complacent or been quietly bought out behind the scenes and Firefox isn't really competitive anymore.
Sure, you can still use Firefox. I do, begrudgingly. But it's not good enough to convince people to switch. It hasn't been for a very long time which is why we're in this mess in the first place.
I expect nothing will change and everyone will suffer for it.
Maybe people will get offline more. The internet as a whole is becoming exponentially shittier as time goes on. How much longer before it's completely intolerable?
What exactly do you think is substandard about Firefox?
There are several web apis that Mozilla refuses to support, for example webhid or webusb, which all chromium browsers have had for years at this point. Same for little css features and some bits in the webaudio and webrtc implementations.
Mozilla refusing to support webhid in any way: https://mozilla.github.io/standards-positions/#webhid
Chrome adding it to stable in 2021: https://developer.chrome.com/blog/new-in-chrome-89/
This, they refuse to implement it claiming privacy reasons.
The sad thing is, if FirefoxOS would still be a thing they wouldn't bat an eye.
Can you defend the proposition that Firefox isn't a viable browser for lack of these APIs by listing popular websites that won't work without them?
Serious question, because I can't think of any.
Trezor is... a crypto hardware wallet? I can't imagine this sort of thing is popular enough to block firefox from mainstream adoption.
The pixel repair site is an interesting example, but AFAIK, Pixel phones have about 2% of the US market share and this website is only useful to a small number of those users (those who encounter a serious error) and isn't something even those users would be using often. If I had to use this website and couldn't get my phone fixed another way, I could install and use Chrome (or I presume another Chromium browser) and use it for this single purpose. It would take me only a few minutes/hours(?) and then I'd be done with it. Why would a site like this keep me using Chrome permanently? I just can't imagine that.
I think this is pretty typical of these niche web features. Like most users have no need for web midi and most likely don't even own a midi device that it would work with. But niche websites can find great value in the api being available and offer sites to users which bring them value without having them install a native app. Also I'm not sure if it's a good idea to give people a reason to install and use a competitors browser.
I don't think either of these are examples of websites that might plausibly be holding Firefox back from mainstream adoption. I was expecting something like "[popular feature] of facebook or youtube doesn't work"
Never heard of those and I doubt 99% of the population have either.
Not being compatible with those sites is definitely not the barrier to widespread adoption of Firefox.
You really do not want to enable WebHIB, WebUSB, WebGL, WebRTC, canvas, `blob:` nor any of Google's 8 APIs for privacy and security reasons.
This is Google's attempt at our privacy thru Embrace, Engulf, and Extinguish strategy.
The second E is usually Extend. Where'd you see one about Engulf?
I doubt your average user cares about whether WebHID or WebUSB are implemented. What popular sites (popular enough to cause significant browser market share disruption) use those APIs? (For the record, though, I fully agree with Mozilla's rationale behind not implementing them.)
Not sure what little CSS features you mean, but I haven't found any mainstream websites that don't render properly in Firefox. It's possible that the website maintainers have to do extra work to get them working in Firefox, but regular users don't care about that.
I do recall some things missing from WebAudio and WebRTC, but in practice I'm not sure I've run into any issues with Firefox's implementations. And, again, if website maintainers are doing extra work to make things behave properly with Firefox, regular users aren't going to notice or care.
https://github.com/webcompat/web-bugs/issues?q=is%3Aopen+is%...
Microsoft Teams (which I don't think many people use voluntarily) in particular breaks in stupid ways - and then in others if you spoof your user agent.
I use Microsoft Edge - have added their apt repository so updates are automagical. Edge, though based on Chrome's engine, still supports manifest V2 so adblockers such as UO still work fine. Even better, Edge let's you "appify" sites like Teams and Outlook - perfect for work. I use Edge for all my WFH needs, turning off UO for most MS sites (to avoid any subtle issues), and Firefox for all personal needs. Works for me. Oh, and Teams on Linux using Edge works a treat.
Absolutely not. I've gone great lengths about my attempt at using Edge here.
https://news.ycombinator.com/item?id=38430102
In short: It has zero respect for the user, so little that it regularly gaslit me into thinking I had agreed to things I did not.
They also signaled intent to simply merge the ripping out of MV2, so as soon as Chrome drops it, Edge will too.
Nothing is substandard in Firefox. Manifest 3 in Chrome is actually giving Google the ability to make Chrome substandard. I know it annoying to hear but I really think its better if people switch to Firefox.
Sorry but lots of things are substandard in Firefox. On the rare occasion that I do use it the first thing I'm always promted with is "there's an update available - click here to restart" like it's 2003 again. Numerous pages have rendering problems with Firefox. Performance is not good enough. Dev tools have fallen behind. It aggressively pushes shitty "value-adds" like that lame bookmarking service (Pocket Mark or something). And the never ending UI refreshes are exhausting.
Show me these pages that Firefox doesn't render well.
Show me pages that tank Firefox performance.
How many of them will have -webkit-* and other engine-exclusive markup/CSS?
Firefox updates every 6 weeks, just like Chrome.
What do you want in the devtools that Chrome has and Firefox doesn't?
I've been using Firefox for nearly two decades and aside from the WebExtensions and some UI changes, it's been solid.
I find most criticisms of Firefox on websites are lacking links and profiling data.
Show me these pages that Firefox doesn't render well.
I'm not doing homework for you. Lots of pages don't render well in Firefox, it's a well known issue which is why it comes up in every thread about Firefox.
Show me pages that tank Firefox performance.
Firefox in general performs poorly. Again, known long-term ongoing issue. Look at this thread where almost every top-level comment is sceptical that Firefox is even close to Chrome in performance: https://news.ycombinator.com/item?id=36770883
You can find ongoing performance benchmarks between Chrome and Firefox here, and it's not flattering for FF: https://arewefastyet.com
How many of them will have -webkit-* and other engine-exclusive markup/CSS?
I don't care, at all. It's not my job, as a user, to debug performance problems.
Firefox updates every 6 weeks, just like Chrome.
Ok? I didn't say anything about update cadence.
Check the y axis labels on arewefastyet. When FF is winning, it is often by a large multiple. When chrome wins it is usually by under a factor of two. It wins by a factor of three on one benchmark that I could find.
I don’t think many users will notice a factor of 2-3 in page render time, even if the benchmarks where firefox wins are all somehow not representative of real world use, but the chrome ones are.
As for pages that don’t render, I simply don’t see this problem at all. One bank I use refuses to let you log in if Linux appears in the user agent string, but that hits Chrome too. Do you have a single example?
Chrome is the standard. Any feature in Firefox that is not 1:1 with chrome is by definition substandard.
And I didn't say it was substandard, I said it wasn't good.
I find the UI to be bad. When you ask for customization, like disabling excess tabs from scrolling off the edge of the screen, forum users treat you like an idiot. Performance has always been worse, particularly on mobile. Session state is less reliable. WebUSB is missing. Microphone support is unreliable. Updates under Linux cause any link you click to softlock the browser with an error page until you manually restart. Linux support in general is very poor. Firefox recently fixed a bug with tooltip rendering that's been reported for what, 15 years?
Chrome has been better than Firefox for a very long time. That's why we all switched to chrome in the first place.
Now that chrome is the scourge of the internet, there's really just one alternative. Unless you count safari, but that's a different story.
We're in a bad situation and Mozilla isn't doing enough to make it better. They haven't been for a long, long time.
Is there any possibility of forking Visual Code and adding extension and profile support?
VS Code, the IDE? It may use Electron but that doesn't make it a browser.
A majority of Firefox's funding comes from Google. I doubt they're willing to aggressively market their browser as "the one to use to get around Google's ads". I'm not sure of the exact figures but as I recall, losing Google's funding would be a company-ending event.
Firefox is perfectly usable, and in fact already superior to Chrome. It is a very viable alternative. Best browser I've ever had.
The fact that they choose not to implement some apis because they're harmful to privacy doesn't seem to hurt me in any way.
What about MV3 requires going through the Chrome Web Store to update block lists? A quick look at the declarativeNetRequest docs (https://developer.chrome.com/docs/extensions/reference/decla...) shows that there are indeed static rulesets which need to be declared in the extension's manifest, but also dynamic rulesets which can be updated via JavaScript (and so presumably can be fetched and updated dynamically). I can't seem to find any specific limitation of dynamic rulesets vs. static rulesets.
This was unclear to me as well.
I think the article is talking specifically about downloading and running scripts for working around a particular site dynamically, such as Youtube ad blockers.
That said, I don't know if this really is a technical block from e.g. adding a script tag to a YouTube page to pull in a third party resource. My impression was that it was blocking arbitrary scripts specifically within the extension context, and not in the browser context.
https://developer.chrome.com/docs/extensions/migrating/impro...
To me, this seems pretty clear: don't inject anything "executable" into a webpage except CSS.
It does look like you could maybe use a sandboxed iframe and ask it about page features and whether they should be blocked, and that this might be permitted.
CSS3 is turing complete: https://accodeing.com/blog/2015/css3-proven-to-be-turing-com...
Arithmetic + iteration is enough to be Turing complete.
CSS has arithmetic. It does not have iteration.
And even if it had full compute capabilities, the output is still just choosing CSS rules to apply.
Can you explain how the blog post/other results people have on CSS being turing complete are wrong?
Edit - would it be considered cheating to use: <meta http-equiv="refresh" content="10">
A far as I know you can still execute your code in any context, but the code can't be fetched, modified or built during runtime.
I think the article is talking specifically about downloading and running scripts for working around a particular site dynamically
The article specifically mentions "filter lists" being subject to review time.
All updates, even to benign things like a filtering list, will need to happen through full extension updates through the Chrome Web Store.
Is a filtering list update, which is essentially just a list of websites, really something that needs to be limited by the "no remotely hosted code" policy?
So since all filter list updates now need to go through the Chrome Web Store, how long does a review take?
https://developer.chrome.com/docs/extensions/migrating/impro...
Chrome explicitly recommends downloading remote configuration.
uBOL's FAQ entry: https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-as...
Edit: Chrome docs on the matter explaining the limitations (from sibling mlyle) https://developer.chrome.com/docs/extensions/migrating/impro...
That doesn't really state if that's a self-imposed limitation or limitation of Mv3.
I've edited my comment to also include a link to the Chrome docs, but that FAQ entry also has the link to an issue in the webextensions repository indicating it's a limitation of MV3: https://github.com/w3c/webextensions/issues/112
But that issue has nothing to do with the question of whether the "filter lists" could be updated dynamically without store review. It's asking for a way of programatically triggering the update to the latest version of the extension in the store.
That feature request being fixed would do nothing to enable updates without store review. And likewise the feature for doing updates of the ruleset without a store review already exists but is not used by UBOL.
So the link doesn't actually support your claim of it being a limitation of MV3. The link is just irrelevant.
The FAQ hints at why UBOL doens't make use of that feature, but doesn't actually state it outright.
So the link doesn't actually support your claim of it being a limitation of MV3.
From the issue: "In Manifest V3 remotely hosted code is no longer allowed."
Altought the parent was talking specifically about network requests, in which case you may be right and I missed it, but that's not the general problem. Blocking network requests is not sufficient for modern ad/tracking blocking and to be able to run effectively they need to inject scripts into the page, thus "remotely hosted code" is necessary, and the Chrome docs above says that it's not allowed.
For an extension to be entirely declarative, it must package all the scripts to inject anywhere, the scripting.registerContentScript API doesn't allow injecting code as string[1], the content scripts must be part of the package.[2]
There is userScripts API which allows injecting code as string, but it's impractical as in Chromium-based browsers this requires extra steps by the user to enable the API.[3] In Firefox, the documentation for this API has the following note[4]:
When using Manifest V3 or higher, use scripting.registerContentScripts() to register scripts
* * *
[1] https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...
[2] https://github.com/uBlockOrigin/uBOL-home/tree/main/chromium...
[3] https://developer.chrome.com/docs/extensions/reference/userS... ("Availability Pending")
[4] https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...
They can claim dynamic fetch is "phoning home" and a user privacy danger.
Now there’s something Google Chrome would never do, phoning home.
Not even Brave would do that. Wait..
You're just making stuff up at this point with no evidence or source. If the intention was to forbid dynamic fetching of declarativeNetRequest filter lists, Google could also just... not have dynamic filter lists.
Google's playing the long EEE game. They do small things like this so people like you go around telling us it's not a big deal.
Will you say the same things 5 years from now? Google needs to be kicked out of consideration for web standards. They keep treating it like they own it.
Is there anything in MV3 that enforces signed code? Could a separate client that fetches block lists itself and then side loads them be the answer?
Filter lists are data, not code.
Using a browser made by an ad company. Just don’t. Other browsers are fine and in fact Chrome is becoming increasingly user hostile anyway.
What "other browsers"? I know there's Firefox (it's my main browser, in fact), but where is the rest? Edge is Chrome, Safari is only available for iThings, so it's not like there's a big selection...
but where is the rest?
There won't be any anytime soon. As per HN folk, whenever this discussion comes up there's always an massive angst outcry of "its impossible to create a new browser".
The Serenity OS guy is making one:
But if anyone else tries to mentions some of the sort it becomes a slag off fest.
Example here: https://news.ycombinator.com/context?id=38394995
So more wood: https://nyxt.atlas.engineer/
And he's been applauded a few times on HN, too.
I suggest watch this:
Looks interesting, but it's almost 40 minutes of video. Can I read that somewhere?
Here's a kagi summary
The video ranks different web browsers on a tier list from spyware tier to base tier based on privacy, usability, and other factors. Brave is placed in excellent tier for its good default privacy settings and built-in ad blocking, though some dislike its use of cryptocurrency. Firefox is only decent tier due to its many annoying default features, but can be excellent with the right privacy-focused user.js file. Icecat is decent tier for free software purists due to its use of LibreJS blocking non-free scripts, though this breaks many sites. Librewolf is excellent tier as an easy to use private version of Firefox without much configuration needed. Chromium-based browsers like Vivaldi can be good but have limitations from not being fully open source. Closed source browsers like Chrome, Edge and Opera are automatically placed in spyware tier due to privacy concerns. Qutebrowser is decent tier for power users due to its keyboard-focused design but has issues with advanced ad blocking. Waterfox is excellent tier as a lightweight Firefox fork, though its ownership by an ad company concerns some. Overall, Brave, Librewolf and hardened Firefox are recommended as having the best balance of privacy, usability and customizability.
Is the standpoint "everything is spyware until proven otherwise"? I really dislike how commonly spyware is used, it really dilutes the word's meaning.
Brave is chromium and seems okay. There's some Web3 nonsense, but it's unobtrusive.
Brave is an ad company with weird crypto stuff sprinkled in. Not to mention that their past actions have shown that privacy to them is a marketing thing, not something that is at the core of how they operate. There have been a few too many new things they introduced that run counter to a user centric privacy minded approach where they only did backpedal after enough negative publicity.
I generally agree. It's not a great situation. As a browser to use when something's broken in Safari, it works, and to my knowledge doesn't send history directly to Google.
Firefox is basically funded by the same ad company.
Yes but “takes money from” is fundamentally different from “shares the ideology of”. Do you think Google agrees with everything their advertising customers promote there and on YouTube?
Excellent. I hope they continue making Chrome worse on purpose. More reasons for users to switch to Firefox is always good.
Firefox is not immune.
Changes in the extensions must be reviewed so advertisers can break blockers for some days until the blockers are fixed and then some more days until Mozilla reviews the changes. Then they'll have another trick ready to break blockers again.
This only applies to changes to extension code and not merely changes to blocklists.
Chrome's manifest v3 requires extensions to ship static blocklists.
What do you mean requires?
How can they enforce that? Are they also disabling manual install of extensions from outside the extension “store”?
What about me just pasting in a new filter list myself?
Are they also disabling manual install of extensions from outside the extension “store”?
This has already been the case for years unless you enable developer mode and load the extension as an unpacked extension (directory full of files rather than normal extension file) in which case chrome will complain every time you start it.
There's no API to intercept web requests in a blocking fashion in MV3, so extensions can no longer offer the ability to do custom request blocking. The entire list is static.
Mozilla allows for direct update of blocker lists instead of requiring that they are included in the extension and updated with it.
You're right. But the anti-blockers code needs to be addressed with more code, not just lists. That's not a hypothetical situation, it's happening right now with YouTube.
You're missing other players watching what happens with YouTube and amend their plans accordingly. If there's no effective way to block ad blockers, others will let Google do the fighting and move on when the conclusion comes out.
Google is punching WAY above its class. It does not own the Web, or the Internet, and there's a huge number of people willing to prove it.
It seems we agree that in the long run, it's unsustainable. My point is more modest: that in the specific topic of this post, using response time against the blockers, Firefox is also vulnerable.
The mechanism is actually very simple if the content is served using JavaScript, as is the case with videos: make the code that shows the ads create some token and then the media player will check if it's present, refusing to play otherwise.
You can circumvent it with code, but new code triggers new review and, when it's approved, the token is changed and back to square one. In the case of Firefox it might be faster, but I don't think extension maintainers and reviewers can be 24x7 available to play that cat & mouse game.
In Firefox you need to sign extensions to install them or go through the debug menu. Both methods are not easy for the regular user. At the end of the day, either blocking turns to be only for power users/programmers, or a new trust model for browsers is adopted.
Chromium and Firefox are both open source but how many % of their users have actually compiled them from sources? I haven't. Last time I checked, Chromium recommended a minimum 0.5 TB free space. And Firefox now requires two programming languages.
There is much offer in the browser world, i don't understand what's the point of keep using google shit suite
As a Firefox user since its beta, there is? Last I checked there remain 3 browser engines left. Mozilla’s Gecko, Google’s Blink, and Apple’s Webkit. Everything else is just variants using those engines, and the vast majority of those variants (Opera, Brave, Edge, etc) are Chromium-based/using Blink. That’s not a lot of difference. If you really want to get away from chrome, your mainstream option is just Firefox. Unless you’re on a Mac, or iPhone. Where you can choose between Firefox and safari.
Calling Firefox "mainstream" is being very generous at this point, I recall its marketshare is in the single digit percentage points.
How many hundreds of millions of users would you say it needs to have until you can call it mainstream non-generously?
Maybe above single digit market share percentage?
Doesn't Firefox use Quantum now? Gecko is what used XUL and it was buried when they switched to WebExtensions.
Pale Moon uses a fork of Gecko called Goanna.
SerenityOS has an independent browser in the works, and netsurf is still around.
There are options, but people have put most of their eggs into two baskets and now we're stuck with things looking mostly the same but some have antifeatures.
I want a browser with uBO's functionality simply built in. Fuck your extensions or other attempts to endrun, Google. Stop it at the source and build request filtering into browsers directly.
> Unless you’re on a Mac, or iPhone. Where you can choose between Firefox and Safari.
On iPhone it's all WebKit. Apple doesn't (yet!) allow Firefox to use Gecko.
Unless you’re on a Mac, or iPhone. Where you can choose between Firefox and safari.
AFAIK, you cannot, on iPhone you're forced to use Safari (all other browsers forced by Apple to be reskins of Safari).
I like (in no specific order) Orion (MacOS), Kiwi (Android), Fennec (Android), Thorium (desktop, Android), and I'm going to give Iceraven (Android) a try soon. What's everyone's favorite non-mainstream browser?
Manifest V3 will stop this by limiting what Google describes "remotely hosted code." All updates, even to benign things like a filtering list, will need to happen through full extension updates through the Chrome Web Store. They will all be subject to Chrome Web Store reviews process, and that comes with a significant time delay.
So the author can't think of any other reason for this change other than to "slow down ad blocker updates"
Well how about stuff like this: https://github.com/extesy/hoverzoom/discussions/670
Where an extension dev details offers to "monetize" his extension and basically perform a bait and switch and make it malicious.
Pretending that V3 is all about ad blockers is more than a little disingenuous.
MV3 does not stop those monetization offers. I don’t understand why you think they would stop.
Source: I have two open-source extensions with almost 1,000,000 active daily users combined, and the MV3 versions still elicit offers for me to sell them
It might not stop the offers coming but it might stop you from taking up one or more of them.
How ?
If you are offered 2 meals, it's YOUR choice to take 1 or 2, it's all about yourself.
MV3 won't even prevent this one bit.
Malicious extensions are less likely to make it passed the review process.
That in turn should deter bad actors from monkeying with their extensions but more importantly it makes it less likely that malicious extensions make their way to users browsers.
The review process is the same for MV2 and MV3 extensions.
For now.
Yes, there seem to be really valid security concerns about the current extension interface. Perhaps Google is making the wrong tradeoffs here. I don't know, it's very complicated, but the article is not really engaging with those tradeoffs.
Except that it doesn't seem MV3 actually solves any of those security problems.
Is there a way to backup current Chrome version + settings + extensions, preferrably in a portable app/container. I'm pretty content with my setup and wouldn't mind running it for as long as possible. Hopefully in a few years we can have AI convert currently chrome exclusive extentions onto another browser. But right now it's still hard to swtich.
Imo it's dangerous for security reasons. Better start switching to ff from now
I actually tried to do the switch this week, still too many essential plugins/addons missing. I have some basic technical skills to rewrite some functions into userscripts. But it's still a fairly subpar experience.
I just kinda don't get this. I don't really think there are "essential" addons, aside from ad-blocking/privacy-related things (and Firefox is at least as good, and possibly better, than Chrome on those).
Like... sure, web browser UX isn't always the best, but by rejecting Firefox on the merits of optional addons, you're just saying that the convenience of how you prefer to interact with a browser is more important than your privacy and ability to block ads. Which is fair, I suppose, but let's call it what it is.
Meanwhile, we're back in the IE days: alternative browsers don't have enough market share to do much but accept whatever Google wants to do with the web.
Frankly I'm just tired of people making excuses for using a browser made by a company that is actively making the web worse and eroding our privacy, bit by bit.
Without getting into details there's a few niche extentions for my daily productivity that saves me a few hours every week. It's not critical, but it automates a bunch of things that would make switching cost for those tasks too high. Most of the missing things I can probably do without an adapt. I actually firefox UI more.
we're back in the IE days
Reminds me of when Asian banks still required IE activex well into 2010s and one had to keep IE around, which was easy since it comes with Windows. I can probably use get used to firefox for most of my use case, but have to keep chrome around for some sites.
there's a few niche extensions for my daily productivity that saves me a few hours every week
I'm curious. Would you share which niche extensions?
One example of one is Auto Copy, where chrome has version with indispensable features.
https://chromewebstore.google.com/detail/auto-copy/bijpdibkl...
My use case, primarily for research/keeping up to date in my domain is auto copying 100s of articles curated through feedly/other sources that gets automatically appended to daily text document by clipboard watch from balabolka (text to speech program), with meta data comment of url/title and visible confirmation dialogue confirming successful text copy (no firefox addon does this after search), which balabolka also automatically read to me at 3x speed. Basically, everything I'm interesting in reading gets converted into a reasonably labelled/chaptered podcast and digest with searchable transcript. Chrome with combined with tab groups and extensions that sort/order/dedupes tabs by domain also streamlines the process. Combination of tab groups sorting behavior and ability auto label auto copied text cuts daily chore from to a fraction of the time it use to, which saves hours each week.
Google lens also very useful for OCRing text, or translating images of foreign language. I can also do that with powertoys, but it's more finicky and add extra steps, require hot keys to do efficiently vs on Chrome I can do most of it with just a mouse.
FUD
Firefox rennaissance anyone?
The numbers are pretty grim though. Apple is taking market share in desktop and mobile, so I'd put my money on Safari.
How are you expecting them to gain market share on Windows, Linux and Android?
I use Brave, Safari, Arc and Firefox, basically in that order. I never even installed Chrome once Apple introduced their own chips. Brave has always felt just like Chrome once you turn off their rewards stuff. Arc is doing some really thoughtful integration of Chat-GPT, including cleaning up tab titles, that is worth paying attention to. I actually look forward to their ~weekly YouTube updates.
Arc
You have to enter an email address to get a download link??? Also the homepage was laggy on firefox nightly for Android.
I wish. Likely most people just won't notice this happening, and won't realize their experience could be better with a different browser. Only people like us will. And if you read a lot of the comments here, seems like a lot of people who should know better still use Chrome.
People who start seeing ads will know the difference. People don't like ads and will ask their local geek why ads are back and how to avoid them.
Absolutely clickbait. Nothing in the article suggests that review times are increasing, they’ve always been “from a few minutes to a few days”.
Also filters do not depend on extension updates at all, they are plain text files that can be updated at any time. Not to mention that they can contain “scriptlets”, which make them quite literally “remotely hosted code” and still allowed by MV3 (because they’re not raw JavaScript)
From TFA:
We've covered this already. But we haven't talked about the other side of the equation: Ad block rules can't be updated quickly anymore. Today, ad blockers and privacy apps can ship filter list updates themselves, often using giant open-source community lists. Manifest V3 will stop this by limiting what Google describes "remotely hosted code." All updates, even to benign things like a filtering list, will need to happen through full extension updates through the Chrome Web Store. They will all be subject to Chrome Web Store reviews process, and that comes with a significant time delay.
If this is factually incorrect, it would absolutely warrant a correction to the article.
If this is factually incorrect, it would absolutely warrant a correction to the article.
It is incorrect. MV3 definition updates go through an automated fast-track process for safe rules. See the presentation[1] and Q&A[2] at the recent Ad Blocking Summit.
I wouldn't hold my breath on a correction. Ron never corrects his articles, like when he confused the Privacy Sandbox with the Topics API a couple months ago[3].
[1] https://youtu.be/Vw1eIaRuy7w?t=24745
MV3 definition updates go through an automated fast-track process for safe rules.
For now. Sounds like it would be to Google's advantage to play funny buggers with that though.
Then it would make sense to write such articles if and when that happens. Until that point, the claims being made in this article are simply incorrect.
https://developer.chrome.com/docs/extensions/migrating/impro...
Looks factually correct-- though exactly how Google interprets rules will affect how limiting this is.
The only real part is that MV3 does not allow actual remote JS to be run on web pages. However you could still run it in a sandboxed iframe (not super helpful to adblockers though)
https://developer.chrome.com/docs/extensions/migrating/impro...
If this won’t lead to people ditching Chrome, I am afraid nothing ever will…
It won't. But not because this is desirable. All these anti-user measures are small and gradual steps that regular folks won't immediately recognize. Something about a frog and boiling water.
The frog boiling analogy doesn't work long-term though, because humans don't live forever, and new ones keep replacing the old ones. A new crop of college kids is going to look at Chrome and say "nope"
Or they look at Chrome and not realize it could ever have been better, as they never experienced such.
Hard to imagine someone would switch from Edge/Safari to Chrome without investigating other alternatives like Brave/Firefox.
Or the college kids are acclimated to the Google ecosystem because they been using Google Classroom on the Google Chromebooks in their K-12 classes for years.
Beyond that, how many ordinary non-techie people are ever checking the actual changes of their app? I'd bet basically never unless a changelog page opens immediately after the update. And that's not exactly going to be worded in an understandable way like "we're doing this to screw over your ability to do what you want on the web".
Weirdly, earlier today I had a bunch of problems loading Google web properties on Firefox - GMail hung completely (wouldn't even load all the way! no more basic HTML option!) and Sheets was showing half-rendered documents (even after several refresh attempts). All the other sites were fine.
It's probably just a coincidence...
This happens periodically, where google services act funny with a Firefox user agent. Just use edge or chromes user agent string, and Google sites will work again.
This is such an annoying approach for Google to force people to using Chrome... I get that they're not testing stuff on Firefox, so much is obvious. But there are so many times things don't work properly in Firefox (YouTube loading slower, lag in Gmail, Drive having weird UI<>backend synchronization bugs) at a first glance, but as soon as you set the user-agent to Chrome, things just magically work perfectly fine, and all issues disappear.
Someone should really be doing a deep dive into this issue, because it's been going on for a long time, and is clearly anti-competitive. My guess is that they're really good at hiding this/making it look accidental rather than on purpose.
Maybe Firefox should just start using the Chrome useragent. Making those metrics unusable.
Gmail’s always very nearly unusable on mobile safari, mostly due to their user-hating decision to use custom scrolling. Constant accidental touch events when trying to scroll, and it breaks in weird ways that require reloads to fix. And that’s aside from the scrolling itself working poorly to begin with, but short of outright breakage.
IDK if it’s better in iOS Chrome, but it’d be pretty damning if it is, since they necessarily use the same engine on that platform.
I use Chrome for Google websites and Firefox for everything else. I like keeping everything else separated from my Google account.
Continued enshitification of Chrome will result in exodus of tech savvy users.
Well, it hasn't happened yet. Judging by many comments here, a lot of HNers still use Chrome. If people here still use Chrome, I see little hope of regular users ditching it for these sorts of reasons.
That's because Google so far has only been dancing around and preparing to make ad blocking difficult. Until they actually do it, Chrome is fine.
"Yeah there's a lot of smoke, but I'm not going to evacuate until I see flames"
The writing is on the wall, why are you so keen to wait til the last minute?
Because many tech people who are sticks in the mud like this don't actually care about the browser, or the implications of what's happening in real time.
They'll eventually leave and wonder why nobody told them sooner.
It’s convenient for me to use Chromium (in the guise of Brave), because that’s the most important browser for web dev.
However, the day that MV2 is removed in Brave I will switch to Firefox.
Not sure why anyone would use Chrome over Brave though.
That's cute. Seems like a classic case of "you can't make someone understand something when their job depends on not understanding it", but in case anyone at Google reads this, here's a hint: People won't use Chrome if adblock is ineffective. They will use Edge, or Safari, or (in case you think you can make backroom deals with Microsoft and Apple to implement this in their browsers too), they'll use Brave. It's not a winnable game, save your money and play something else.
People won't use Chrome if adblock is ineffective
Look how long the most of humanity stuck to Internet Explorer, even with Chrome literally stickied on the Google front page and IE's more dramatic drawbacks.
Edge in particular is kind of a bloated mess now. I used to prefer it over the Chromium fork of the week (Currently Thorium and Cromite), but now its just too spammy and slow. No one is switching to that.
Also I have extremely mixed feelings about Brave. Maybe even net negative.
Look how long the most of humanity stuck to Internet Explorer
Chrome surpassed IE usage within 4 years, so the answer is "not particularly long".
IE's more dramatic drawbacks
Such as?
its just too spammy and slow
Spammy yes, slow no.
I have extremely mixed feelings about Brave. Maybe even net negative
Why?
People won't use Chrome if adblock is ineffective.
post remote attestation they will if they want to use google services
they want to use google services
If they have to view ads to use them, that becomes significantly less of a sure thing
Just use Edge? It is better at this point anyway
Edge uses the Chrome web store. It's just Chrome playing dress-up.
Not exactly. Edge is fork of Chrome and diverged a lot from actual Chrome. You can load Manifest v2 extensions in Edge while it's not feasible in Chrome
I just tested loading a manifest v2 extension on Chrome (stable) and it works fine.
There is also an Edge extension store, which could conceivably keep MV2 extensions alive, and allow for a smoother update experience.
However, as someone who manages a couple extension, I rarely update the Edge version for one and didn't bother ever uploading the other.
Firefoxer here, HN folk are one of the most if not the most tech savvy communities in the whole planet. I don't understand why, in the name of an open internet for ours and the future, you don't refuse to use an actively hostile Chrome in your personal devices. Someone please explain this to me
1. Google employees
2. People who "bought in" to the Google/Android ecosystem
3. Web developers who won't use inferior dev tools
4. Stockholm Syndrome
5. Too much ego to admit they've been wrong for years when they told Firefox advocates that there was nothing wrong with using Chrome, that the advertising corporation with monopoly power was actually benevolent and wouldn't abuse their market position.
Being savvy in a field does not correlate to making good decisions in said field, especially if rewards and incentives are not aligned.
Lots of tech people got their start on Google tech and don't mind ads. They're a strange breed of people who I guess just give into anything being pushed on them in tech.
Chromebooks are really nice and you get great touchpad gesture input in Chrome. And obviously Chrome has better performance and power efficiency, etc. there.
I didn't use Chrome before I bought this Chromebook.
I long ago stopped using chrome under linux, it's like malware inviting themselves to my home.
Chrome is the new IE6.
I quit using Chrome and recently quit using Google as the default search. It is so hard to get away from them but I am making progress.
what search engine you use as default now?
DDG for the time being but honestly I am tempted by Kagi as well. Ad tech is cancer on the internet. I decided to quit Google after the trusted devices bullshit, but if I could remove junk listicles from my results that would be a big improvement.
Check out Kagi. It's paid but has subjectively higher quality search results and lacks BS that Google is full of these days.
Looks like Chrome is digging a hole they'll not get out of.
I run Chrome as little as possible. Sadly, there are a few places where it is the best still.
I went through the process installing googleless Chromium and that‘s fine to work with.
Since the Keystone saga I‘m not using Chrome anymore. Google Chrome can go the way of the dodo.
As we see from this topic, even googleless Chrome is constrained by Google's business needs.
I only use Chrome on Google websites. It keeps my Google account separated from all my other web browsing.
I really want to keep http but replace html and js with something more strict, lighter, secure and safe by design, that would prevent the use of targeted ads like it's possible in HTML.
I understand that companies might probably not use something else if it's harder to put ads because they could not make money, but there are still a lot of use cases where companies will prefer having a technology that's safe.
The law is evolving which means targeted ads will not be viable anymore.
Also, maybe a lot of internet media companies, including reddit, instagram, etc need to rethink their business model, why don't they try to sell news article through a platform like netflix?
I still don't understand why media companies are able to make money over content they never make on internet infrastructure they did not build, this baffles logic.
HTML is way too permissive.
[...] replace html and js with something more strict, lighter, secure and safe by design, that would prevent the use of targeted ads like it's possible in HTML.
You can't do that and still have a useful system. You'd have to start by neutering basic functionality like inline images, and when that turns out to not be enough (because ads can also be just text), you'd have to go down the path of censorship.
You can't do that because the ability to fingerprint (and thus track) user-agents is not an oversight in the design of the web (although third-party cookies did help kickstart the current trends), but a fundamental property of the universe - every existing "thing" radiates information, and our means to collect and process it are developing faster than our understanding of what needs to be done to conceal it.
I understand that companies might probably not use something else if it's harder to put ads because they could not make money, but there are still a lot of use cases where companies will prefer having a technology that's safe.
You can try measuring commercial support for Gemini[1] to get an indicator of how valuable your proposed technology would be for companies. The current network effect of well... the network, is way too strong.
[1]: https://geminiprotocol.net/
Also, maybe a lot of internet media companies, including reddit, instagram, etc need to rethink their business model [...]
They don't need to rethink anything at all while what they're doing right now is 1. profitable, 2. legal, and 3. even when not exactly legal, the fines continue to be smaller than the profits.
The law is evolving which means targeted ads will not be viable anymore.
Pretty much this, you can't solve social/political problems with technology. We could use a simpler/safer web, but the cost of switching outweighs the benefits. We could build better privacy protections into the core of our technology, but we will keep finding ways to leak information and fingerprint behavior.
The problem with Manifest v3 is not what Manifest v3 allows and what it doesn't, the problem is that Google are in a position to unilaterally force it, and antitrust no longer seems to be a thing.
The only real change we can hope for is a social/political change.
What's stopping some influential websites from blocking Google IPs or even Chrome browsers?
Technology can be used to insulate just as well as it can to exert undue influence.
Furthermore, individuals and communities are not beholden to shareholders or business law, because they aren't businesses.
The thing about networking is, if you piss off the network, you can be isolated.
What's stopping some influential websites from blocking Google IPs or even Chrome browsers
Block Chrome? You can just save money and shut down.
You're advocating isolationism. That aint gonna be a popular move.
Manifest v3 offers free performance and increased security & privacy. Gone are the days where any/every extension had access to every website you visited.
It would be a damn shame to throw this baby out with all the water.
Cool. Then you can use Firefox which will support Mv3 extensions without castrating ad blocking.
uBlock in Firefox will not be updated to use Manifest v3, it will remain as is i.e MV2. Of course, there is an MV3 version of uBlock but that's castrated too going with your definition.
And it's sad that hackers are still using MV3 to write malware extensions, then what is the point of improving non-existence security ?
https://adguard.com/en/blog/chrome-manifest-v3-where-we-stan...
Is it true that Manifest V3 will increase privacy and security of the browser?
Honestly, I wouldn’t say so. I see the advantages of MV3 in terms of unification, cross-platform compatibility, and performance, but *I don’t see any advantages in terms of increasing user security, unfortunately*. *The amount of scam extensions in the Chrome Web Store remains high despite the fact that it has been a long time since the store stopped accepting non-MV3 extensions.*
And what, people are more likely to get virus from Google Ads or Ads overall than those improved security:
https://old.reddit.com/r/Buttcoin/comments/10fi01q/nft_gods_...
https://old.reddit.com/r/firefox/comments/17p68i7/set_networ...
I think you just do get it that it has nothing to do with security.
It's about the security of Google's revenue stream.
This might be a stupid question but will this affect Edge as well?
Right now it's unclear to me how much Edge extensions are tied to the Chrome Store policies.
Edge still supports Manifest v2 extensions and they are trying to keep it open.
For now. The docs [1] indicate they might follow along with what Chrome does, though they haven't been updated since January.
[1]: https://learn.microsoft.com/en-us/microsoft-edge/extensions-...
Are there any decent alternatives for the Chrome Web store? Are there unified extension hubs for chromium/firefox with version history similar to how android has apk websites
Mozilla's first-party marketplace has version history. Click "See all versions" in the left sidebar.
As for third-party marketplaces, I couldn't say, but I'm aware of some work in that direction for Nixpkgs.
Doesn't this just ignore the fact you can install the updates outwith of the Chrome store?
I assume they are betting on most users not side loading them.
All this seems like a complete waste of time, if you want to "war on ad blockers" the why not just ban them from the store?
Why have a "war" at all?
Perhaps they are worried about the antitrust implications of banning adblockers and would prefer to hide behind a technical change that nerfs adblockers but with ostensibly reasonable and unrelated logic.
Been using Firefox again. Was a great breath of fresh air for me.
AMO also takes several days for plugins to update. I recently wanted to update Bitwarden addon, which took well over two weeks for it to land on AMO.
Addon sideloading is only possible on Firefox Developer edition (which I use, so it didn't bother me much).
Time to hold Google liable for any damage by malware, phishing, scams etc. served by ads.
I've gotten malware twice from ads on reputable websites. I've never gotten malware via piracy or while using adblock.
To me it seems like Google would rather break all other extensions than give up war against ad blockers.
Not sure about the larger impacts of V3. But, we have gone with V3 since the beginning, and now there is a better turn around time for reviews, typically in an hour and sometimes 24hrs max. Its been a much smoother process rather than having to wait for couple of days or even weeks sometimes earlier. I've heard it being much worse on V2.
Use FF. best decision I made years ago.
Cut them some slack. What about their clients?
Only the hypocrite is really rotten to the core
Fuck Google. They do evil.
You don't need Chrome. You have Firefox.
Download Firefox now: https://www.mozilla.org
Addons for Firefox: https://addons.mozilla.org
Hey Google, it's a User Agent, not a Corporate Agent.
Not only does Google take a long time to review extension updates, but Chrome pulls extension updates infrequently. So even if you manage to get an update pushed to the store in 24 hours, it may take another day or more before your users actually get the update.
All of this put together means you really shouldn't trust Chrome extensions for anything important. If there's a security vulnerability in something like your password manager, the update is going to take days to reach your system.
Why can't adblockers fetch updated filter lists and adblock strategies from a server and execute them dynamically? This would allow not having to update extension source every time to fix updated website adblocking.
In principle, if they need ads to keep the lights on, then it is reasonable that they would block ad blockers on, e.g., YouTube, no?
(What upsets me more is purposefully degrading the experience of FF users.)
Google might as well skip all this dancing around and build their ads straight into Chrome. Good luck doing some work while you have to watch a video ad every hour or so, and every page has ads literally in browsers "chrome".
Dunno, but it seems ublock origin's version in Chrome Web Store is 1.53.0, was last updated on 8-th of November. As of yesterday, that version can't get around Youtube's adblocking detection.
I built Ublock latest 1.54.2 from source, and so far (apart from being manifest v2), it can easily go around Youtube's adblock detection with no problem.
I wonder if the delay in the 1.54.x release in Chrome Web Store has something to do with Google purposefully delaying updates.
Countdown to brave extension store begins...
Is Google shooting itself in the foot by taking an adversarial approach toward the user's desire to avoid invasive surveillance? I think so.
I feel like at this point, Google could just officially disallow extensions blocking ads (or just Google ads?).
What's happening here is just stupid, IMO.
Chrome is going full Internet Explorer.
MS Teams doesn't support Firefox: https://learn.microsoft.com/en-us/microsoftteams/unsupported...
Or the VMware console: https://bugzilla.mozilla.org/show_bug.cgi?id=1769175
There's probably a bunch of other web apps that exclusively support Chromium-based browsers, unfortunately.
Chrome really has become the new IE. That's sad.
It's even worse than IE was in it's day. At least IE back then was just a monopoly and not also a giant spy machine for an ad empire.
No, it's objectively not worse, you can compile Chromium yourself and remove any features you don't want, something you were never able to do with IE.
I don't think not having enough versions of IE was ever a problem. The problem starts when everyone builds their app to a platform that is very dominant and controlled by people who's interest are not always aligned with the user's interests.
You don't have to compile Chromium to have a browser incompatible with the websites that people build for Chrome, you can just use Firefox or Safari or write your own browser if you want to have a web browser that won't be able to run Microsoft Teams.
Chrome != Chromium. The vast majority of the planet is using Chrome, not Chromium. Most average joes have no idea about Chromium.
Either way, whether you're using Chromium or Chrome, you're still entrenching Google's monopoly over the web.
Like the sibling said, the problem was IE's monopoly itself not the lack of more IE-based variants which wouldn't have helped at all, the same way how Chromium isn't helping counter Google's monopoly.
IE held back the development of the WWW. That would be the spot Safari has today. What Chrome is doing is much worse, since it is strangling the web, not just holding back new features.
Not true at all, IE what is the most innovative browser until it wasn’t. For example They invented Ajax, One of the core technologies that made the web what it is today.
They invented ActiveX object and the accompanying XmlHttpRequest that AJAX would later morph into, and then change the X part (XML) to JSON.
While it was innovative, I would argue it's made the Web worse, given the impact of Javascript and surveillance on the Web.
i mean just because they arent supported doesnt mean they dont work just fine. the vmware bug is 2 years old.
honestly slowing down updates for adblockers sounds like a dangerous idea. sooner or later, someone will send you to court for an appstore monopoly, and sooner or later youll lose that case. in the meantime people lose interest in your ecosystem because of the increasingly predatory chicanery that makes their browsing experience suck. sending more eyes to firefox makes firefox better. eventually, better than even you.
This all smacks of "we've tried nothing and we're all out of ideas." Manifest V3 is dead on arrival if youre going to bury the average google user in an avalanche of unskippable ads and full screen GPU testers. nobody wants this modern hell, and you've everything in your power to reform or amend it to dial back the surveillance capitalism and hyper consumption.
Yeah, I only use Chrome once in a blue moon and have had a few dozen interviews through teams on web. Haven't had a problem yet (or, no more problems than Google meet/Zoom). My last role used teams on the day to day and Chrome wasn't even installed on my work machine.
The Teams doc from Feb 2023 is a bit out of date, or is just legal cya.
Still limitations, but I joined a Teams meeting the day before this comment with my microphone and external cam, and participated fully, using Firefox on MacOS.
Yes, some client functionality is still missing (I didn't share a screen, for example), but both sides (MS and FF) appear to be making improvements.
I use Teams fairly regularly in Firefox on Linux. Everything seems to work completely fine, with the exception of 1-on-1 calls. You can't send them, you can't receive them, and you can't even see when someone is calling you until the missed notification pops up. I have no idea why group calls work fine but those don't, but that's how it is.
Unsupported browsers in 2023? Shame on them.
They only did this in the last 6 months or so. I used to use Firefox with Teams meetings until recently.
I mean, it's not that bad to jump into chromium once in a while
You can still use Chrom* for those crappy sites and Firefox for everything else.
Slack calls and "huddles" still do not work in Firefox, either.
Way back before huddles were implemented it used to work. Then they broke it and now it's Chromelike-only.
Why would anyone want to use ms teams? I understand employers stuck in the fax age might demand it but it’s their problem if they want their data leaked. For personal and outside work no one should use ms teams.
I can use Teams perfectly on Firefox by switching my User Agent to Chrome. It's a weird decision MS have made.
not supporting a particular browser just means that if a bug report comes up about your product with that browser then nothing gets done, but since everyone develops towards standards bugs in FF will probably be minimal, especially if they do support Safari (because unlikely something does not work in both Safari and Chrome)
also the Teams link describes ways to work around limitations with teams on a particular browser that does not support the teams web app, which is what the article says FF etc. does not support.
I used Teams in Firefox for a couple of years. It was shit, but I'm pretty sure it would have been just as shit in Chrome.
Mock me, or teach me.. but.. I use it still because it's very easy, quick, and good.. to use the translate page functionality.
Yes, I am also aware that Firefox has some technology (in the works?) that will do offline translation even. Cool.. except I still have yet to find a good, easy, fast, accurate translation feature for Firefox. There are some extensions, but none are as good.
The Mozilla translation extension works fine for me when I've used it. It may even be enabled by default now.
Firefox has translation built in now (Menu -> Translate Page), but it's really not up to the same standard as Chrome.
- It's slow.
- Automatic language detection rarely works.
- It only supports a few languages.
- For many sites it breaks the page.
I assume Chrome just hooks into Google Translate. Firefox translation works locally apparently. Hopefully the can improve it.
Translation is the only reason I still break out Chrome now and then.
Firefox finally sort of has it, but it's not that good. Often it won't believe you that the page is in another language, so you can't translate at all, even by trying to force it. The translations can be weird and miss parts of the page.
I'm sure it'll get better, though, and once it does, I can delete Chrome entirely.
Offline translation has landed for a while now. It's built in now.
It has about 10 non-beta languages, and even amongst beta and non, the language is not available. Unfortunately. I would use it if it were. Thank you for taking the time to reply though.
Convenience - that’s how they get you to give up stuff.
Same. The built in translation feature is super valuable once you move country.
I don't bother because Mozilla is just controlled opposition at this point, I'll stick to Chromium based ones like Brave for now as I don't consider there to be a meaningful difference.
Also Firefox mobile doesn't seem to have tab groups and is the only browser I've tried which doesn't have a proper Android tablet UI.
But FF mobile has ublock.
Brave mobile and Vivaldi mobile have it built in. Hell, Vivaldi even has its super useful two layer tab bar available on Android.
Firefox mobile's plugin support doesn't make up for it missing other basic usability features.
Similarly, Vivaldi mobile doesn't allow custom search engines, so Brave is the only one with the minimum feature set I need (tab grouping, vertical tab bar or two layer tab bar, ad block, custom search engine, android tablet UI), and since I want to be able to sync between all my devices, I use Brave on everything.
Never tried Brave. I rarely browse on mobile so with FF I'm fine.
Firefox doesn't have support for AppleScript and this is crucial to my browser habits/workflow. Both Safari and Chrome/Chromium-based browsers have it. Once/if Firefox adopts it, which I doubt but hope so, I'll consider using it.
Here is the 22 years old ticket: https://bugzilla.mozilla.org/show_bug.cgi?id=125419
There are probably hundreds of macOS specific bugs that Mozilla will never fix.
Firefox is probably the worst browser in the terms of feeling native to macOS.
These aren’t minor, cosmetic issues but glaring omissions in functionality.
Here’s one on the missing support for the macOS password autofill api. https://bugzilla.mozilla.org/show_bug.cgi?id=1650212
Safari and Orion are much better options.
That was 3 whole CPU architectures ago, damn.
Firefox autofill is really bad, while chrome's works most of the time, be it passwords/credit card info/ addresses.
Have you tried the Bitwarden extension for Firefox? https://bitwarden.com/
Firefox does not support WebUSB. I need it.
There's some friction in moving my passwords, which are stored in my Chrome profile. Before you say "just use Bitwarden to sync passwords", I can't, because they block me from logging in based on "unusual network activity". I don't want to spend $3/mo for 1Password. I _could_ spend the first day after migrating resetting all of my passwords as I use different sites and probably will once ad blocking stops working for good on Chrome, but until then it's simple inertia.
Same question for Firefox. Because Firefox is both not privacy respecting (has telemetry by default) and not privacy protecting by default (does not block ads). Both are paid by the world's largest advertising company, not their users.
A browser that cares about privacy would be both zero telemetry and ship with an ad/tracking blocker by default. Ideally you would also be able to pay for it to align incentives (vs a third party paying for your browser on your behalf).