uBlock Origin will soon stop functioning in Chrome as Google transitions to new browser extension rules.
The ad company blocking an ad blocker is totally about security
- Google stans
deleted by creator
deleted by creator
With this change, extensions can “only” alter/inspect/redirect/block 30,000 domains if they use the webRequest API. That’s not enough to build uBlock Origin with, but at least there’s limit now.
That seems like an arbitrary number. Why not 20,000? Or 300,000? What the hell is this limit even for? Even malware can still target 10 domains and do some significant damage. So, what the hell is the point?
Remember, politicians don’t pass racist laws by directly saying they are excluding PoC into the law. They do it by targeting commonalities that happen to apply to PoC.
Google isn’t going to flat-out say they are blocking uBlock Origin. They are going to do it by implementing “security features” that just so happen to target only uBlock Origin.
Personally, I would’ve lowered the size of this was about security. Make it a nice, round number, like 1024.
I think it must’ve been based on something like “the declarative layout is x KB per entry so if we assume the file can be 10MB at most we get about 30k entries”. Maybe they documented it somewhere, I don’t know.
I think it’s clear that a security concern has been hijacked by the ad people. If it was just about security, some other content blocking API would’ve been set up. Safari on iOS has content blockers and that doesn’t even use web extensions, so clearly there are software design models that allow blocking without the “read any website data any time” risk that WebExtensions pose.
But these features don’t just target ad blockers. It also affects other extensions, like Stylus for user CSS, or TamperMonkey for user scripts. It also affects other content blockers, of course. The big difference is that most extensions that require permanent access to every resource on every page are either ad blockers, malware, or power user scripts.
“For the security” is starting to sound a lot like “for the children”. I hope this works out better than secure boot. When these new ideas emerge that have, let’s call them, “side effects” like disabling ad-blockers or preventing Linux from being installed I am suspicious.
Google clearly shows their intent by not providing an alternative API for content filtering, but that doesn’t mean there are no security concerns. Malicious extensions have become so prevalent that Mozilla had to switch to only permitting signed extensions (despite community outroar) because shitty companies were inserting their extensions into the users’ profile directory without permission and breaking websites and even Firefox itself in some cases.
Secure Boot requires the user to be able to turn it off, so if it gets in the way of anyone, it’s implemented wrong. Microsoft has a weird certification system for “super duper secure” laptops or whatever they call it where only their private key is loaded, but that’s a small amount of expensive business laptops.
If anything, Secure Boot is an example of the “just let me turn it off if I want to” crowd making computers less secure for the majority because Microsoft allows booting a whole bunch of Linux distros on supposedly locked-down systems, which has been proven to make other attacks possible (like that recent one on Lenovo laptops where a Linux boot disk could insert a fingerprint into the fingerprint reader that would unlock TPM-based encryption).
Nobody is preventing you from installing Linux through secure boot. In fact, you can take control of your secure boot settings and prevent anyone from installing Windows on your computer without your password.
if google cared, they’d vet ads and ad links, and guarantee their safety and security.
if google cared, they’d put a stop to seo ‘optimizers’ and scammers scoring top positions on serps.
but google doesn’t care about anything other than their profits and share price.
adblockers can affect both of those. they’re using the weak cover of ‘security’ enhancement to neuter them.
existing adblockers provide more safety and security than what can be realized by the shift to mv3.
This is the most succinct, unbiased explanation I’ve seen for this change. Thank you for this! It’s good to know there’s an unintended security improvement in their otherwise brazen attempt to kill ad blockers on Chrome.
Fuck Google.
