Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Advertising Chrome Chromium Google Network The Internet

Google Proposes Changes To Chromium Browser That Will Break Content-Blocking Extensions, Including Various Ad Blockers 334

"Google engineers have proposed changes to the open-source Chromium browser that will break content-blocking extensions, including various ad blockers," reports The Register. "The drafted changes will also limit the capabilities available to extension developers, ostensibly for the sake of speed and safety. Chromium forms the central core of Google Chrome, and, soon, Microsoft Edge." From the report: In a note posted Tuesday to the Chromium bug tracker, Raymond Hill, the developer behind uBlock Origin and uMatrix, said the changes contemplated by the Manifest v3 proposal will ruin his ad and content blocking extensions, and take control of content away from users. Manifest v3 refers to the specification for browser extension manifest files, which enumerate the resources and capabilities available to browser extensions. Google's stated rationale for making the proposed changes is to improve security, privacy and performance, and supposedly to enhance user control.

But one way Google would like to achieve these goals involves replacing the webRequest API with a new one, declarativeNetRequest. The webRequest API allows extensions to intercept network requests, so they can be blocked, modified, or redirected. This can cause delays in web page loading because Chrome has to wait for the extension. In the future, webRequest will only be able to read network requests, not modify them. The declarativeNetRequest allows Chrome (rather than the extension itself) to decide how to handle network requests, thereby removing a possible source of bottlenecks and a potentially useful mechanism for changing browser behavior.
The report notes that Adblock Plus "should still be available" since "Google and other internet advertising networks apparently pay Adblock Plus to whitelist their online adverts."
This discussion has been archived. No new comments can be posted.

Google Proposes Changes To Chromium Browser That Will Break Content-Blocking Extensions, Including Various Ad Blockers

Comments Filter:
  • Calling the DOJ... (Score:5, Insightful)

    by Etcetera ( 14711 ) on Tuesday January 22, 2019 @08:03PM (#58004978) Homepage

    If the DOJ (no particular friend of Big Tech in this Administration) wanted an excuse to probe Google with the FTC for some anti-trust discovery, this would be a quick ticket.

    The world's dominant browser requiring that the world's dominant ad network always be displayed would be a wonderful reason to force a divestiture of one or the other (or, preferably, split everything up into components).

    • Comment removed based on user account deletion
    • by AmiMoJo ( 196126 )

      Problem is that Apple already did it a while back, so they would have to include Safari in their complaint and Google would just say they are adopting a proven, popular standard.

      In fact Google appears to be trying to bring ad-blocking to Android. They are implementing a new API that allows for AdBlock style filtering but done by the browser itself, which means it would work on Android where Chrome doesn't support extensions.

      The problem is that the new API is similar to the Apple one, which is quite limited.

    • Please the DOJ would do nothing here. The USA never does. The EU on the other hand are incredibly friendly with Google and will welcome yet another donation.

    • By pro corporate anti regulation folks. There's no shortage of alternative browsers either so you'll have a tough time arguing anti competitive is a thing here.
  • by locater16 ( 2326718 ) on Tuesday January 22, 2019 @08:06PM (#58004992)
    Wow, the company that makes 90% of the its profits from advertising is trying to use the open source projects it near controls, that has a near monopoly on web browsers now... to stop adblockers from existing...

    It's a coincidence surely. *Hugs Firefox*
    • by Desler ( 1608317 ) on Tuesday January 22, 2019 @08:08PM (#58005002)

      Yeah, and plenty of people pointed that out years ago but mosr Slashdorks wouldn't listen because Google open sourced some token projects that were never money makers and they used Linux.

      • by RonVNX ( 55322 )

        Them: "BUT FREE STUFF!"
        Me: It's not really free.
        Them: "FREE. STUFF."

      • by mentil ( 1748130 )

        Chromium is itself open-source, and some forks will likely retain the webRequest API.

      • by Solandri ( 704621 ) on Wednesday January 23, 2019 @04:42AM (#58006716)
        It's open source. If enough people don't like it, they'll just fork Chromium and create a new ad-block-friendly browser without this "feature.".

        Need I point out that Firefox is based on a version of Netscape that was made open source?
      • Yeah, and plenty of people pointed that out years ago but mosr Slashdorks wouldn't listen

        There's a big difference between not listening and not caring. Functionality wasn't broken, people weren't affected. Someone made some prediction which happened to be right, big deal.

        Now if they go through with this it will be quite different, and hell Firefox may even get some market share back.

    • by phantomfive ( 622387 ) on Tuesday January 22, 2019 @10:04PM (#58005632) Journal
      It is a moral imperative to use ad blocking. Ads incentivize the wrong kinds of content to be created: things like click-bait and fake news.

      Even if you don't think ads are immoral, you should still use ad block as a practical matter: malware can be served to you from all the major ad networks, so if you don't want to be hacked, use ad-block.
      • by rtb61 ( 674572 )

        More accurately and fairly, you as the end user should be able to choose who can serve you ads and who can not, this based around ads served and the manner in which they are served.

        Google is not a search engine, it is an advertising and manipulation engine. The right move now, block gmail addresses, use gmail and you mail bounces, let them try to fucking block that the raging pack of ass hats.

        Personally I think Google played the corrupt had too early, first in corrupting democracy, then in corporate based

      • A couple more reasons ad blocking is a moral imperative :
        * (Most) ads promote materialism and the myth that accumulating will lead to happiness
        * (Most) ads use psychologically manipulative methods that an uninformed person is completely unequipped to fight (and even well informed people would have trouble doing so)
    • Re: (Score:3, Interesting)

      by DeVilla ( 4563 )
      Firefox had a more function API for extensions to do content blocking. They dumped it so they could use the same crippled extension API as Chrome. I can't imagine Mozilla won't follow suit again. They are used to crippling Firefox to be like Chrome.
      • by DrYak ( 748999 ) on Tuesday January 22, 2019 @11:59PM (#58006040) Homepage

        You might have missed the bits where Mozilla took time to collaborate with extension authors (such as NoScript) in order to add extra functionality, so that critical things which were possible in XUL extensions could be ported to FireFox' flavour of Web Extension.

        The only extensions that didn't make the jump were either abandoned, or those whose authors preferred to loudly complain and join sone "anti-WebExtensions resistance" instead of trying to work out a solution.

        • by Artem S. Tashkinov ( 764309 ) on Wednesday January 23, 2019 @05:21AM (#58006858) Homepage

          The only extensions that didn't make the jump were either abandoned, or those whose authors preferred to loudly complain and join sone "anti-WebExtensions resistance" instead of trying to work out a solution.

          ORLY?? Mozilla really "collaborated" (more like decided to make concessions) with only the most popular add-ons to save their face and they couldn't care less about less popular add-ons like DownThemAll, Hide Caption Titlebar Plus, Status-4-Evar, UnMHT, Tab Mix Plus and hundreds of others which integrate(d) deeply with the browser.

          • No work for free (Score:2, Informative)

            by DrYak ( 748999 )

            hundreds of others which integrate(d) deeply with the browser.

            If an extension is deeply integrated into the interface of the browser, you might expect that when this interface change, there'll be some work involved.

            Tab Mix Plus

            is in the process of being re-written (but still isn't on par with the classic on)

            Hide Caption Titlebar Plus

            ...is a function that is now directly supported into Firefox with client-side decoration [omgubuntu.co.uk]. No need for extensions.

            Status-4-Evar

            The interface of Quantum is based on Servo, it's not using XUL anymore, it's written in HTML/CSS. You don't control it the same way any more.
            It's like complaining t

        • by Luckyo ( 1726890 ) on Wednesday January 23, 2019 @08:02AM (#58007204)

          You might have missed the way that collaboration ended. Noscript on modern firefox is much closer to chromium version than original FF version, because capabilities needed by noscript of all were intentionally removed by FF team. Which was their part of the "collaboration" in question, to provide nice PR while destroying the add on in question, alongside many others that bothered them, such as classicthemerestorer.

          Because there is no "solution" to webextensions problem. They are intentionally crippled compared to XUL. That's the entire point of having them. And as noscript debacle proved, there is no "working out a solution", because the capability needed for functionality is simply not available in webextensions.

        • by nmb3000 ( 741169 )

          The only extensions that didn't make the jump were either abandoned, or those whose authors preferred to loudly complain and join sone "anti-WebExtensions resistance" instead of trying to work out a solution.

          This is a blatant lie.

          There are plenty of extensions that are still waiting on updates to the WebExtensions framework so that they can be ported over. There are dozens or hundreds of bugs in bugzilla with requests for this. Just a couple that come to mind are around session management [mozilla.org] (there are no decent session managers for Nu-Firefox, and Michael Kraft's excellent Session Manager [mozdev.org] which was maintained and worked perfectly for years was left in the ditch) and tab management [mozilla.org] (Tab Mix Plus is only "dead"

    • by AmiMoJo ( 196126 )

      The problem with this theory is that they are still supporting ad-blocking, just with a different and more limited API.

      Currently each extension implements its own filtering engine. They propose to replace this with a fixed filtering engine in the browser itself, similar to the one in AdBlock Plus, and with a limit of 30,000 filter entries. So it will still be possible to block Google advertising, just not with the flexibility that many users want. It also breaks a bunch of other privacy related extensions t

  • by Fly Swatter ( 30498 ) on Tuesday January 22, 2019 @08:07PM (#58004996) Homepage

    The report notes that Adblock Plus "should still be available" since "Google and other internet advertising networks apparently pay Adblock Plus to whitelist their online adverts."

    So there will still be an API that works, if you play their game..

    • by dmt0 ( 1295725 )

      So there will still be an API that works, if you play their game..

      Ofcourse, you need to let people block the non-google ads somehow to take care of the competition.

    • TFA actually suggests Adblock Plus would still work because it uses more primitive blocking that would still be possible under the new API, not because of some secret API.

  • In the future, webRequest will only be able to read network requests, not modify them.

    They're doing it to increase browser speed. How wonderful of them. It's not like you *have* to install extensions that use this feature or anything. And most/all of their clones will follow suit.

    In The Future, I guess I won't be using Chrome-ish. Lynx, here I come! (Or maybe not [hanselman.com].)

  • Since Mozilla recently also adopted the same plug-in interface for Firefox I'm guessing this is going to affect Firefox as well.

    Would Mozilla and developers be willing to split from Google's way?

  • Host files? (Score:3, Funny)

    by 110010001000 ( 697113 ) on Tuesday January 22, 2019 @08:18PM (#58005058) Homepage Journal
    I wonder if there is a way to still block ads based on somehow modifying your host files? Does anyone make software like that, that will let us manage our host files?
    • by Cederic ( 9623 )

      Oh, you bastard. You deserve what you're going to get, oh yes.

    • I'd rather you'd call beetlejuice than apk.

  • I use a proxy auto-config file to filter out ads. It used to work perfectly, but thanks to one change, it's little better than a hosts file now: They decided that passing the full URL to the PAC file was a security issue for https sites. Now I can't filter out ads from the same server as real content since almost everything is https now. Fortunately, most ads are on separate servers, so it still works. In a pinch, there is a browser setting that will tell it to send the full URLs, and I might switch th

  • Wow there are a lot of browsers that use Chrome, RIP them. This probably has something to do with the fact that Edge adopted Chrome. Google really wants to exploit those 3rd party browsers. These days Google is more of a marketing company than a tech company. RIP Chrome.
  • Why does an ad-blocker need to be an extension or add on program? Nortons years ago had a built in ad-blocker, worked great so so we really need to be tied to what the browser makers do and just add a filter before it gets to the browser? I am not a coder,so..
    • The browser has to do it because you can direct it using an extension to block html classes, ids, maybe even tags and domains. Blocking just domains (aka hosts blocking) doesn't work in the long run if the site is coded well enough that it uses the same origin for ads and regular files, so the extra power is partially up to the browser to handle everything else.

    • There are plenty of reasons but here is the simplest: because when you're dealing with HTTPS traffic, if you want to inspect or modify it, you MUST be listening at one of the endpoints, which here means inside the browser.

  • Shocking (Score:4, Interesting)

    by Actually, I do RTFA ( 1058596 ) on Tuesday January 22, 2019 @08:36PM (#58005188)

    Google introduces a quasi-ad-blocker. . Shocking that they want all other ad blockers to die by breaking compatibility. Then, figure that 90% of users never seek out another blocker, and Google's ads get back through.

  • What goes around, comes around? Why does this not surprise me? Perhaps it's because the W3C has had fingers in corporate pockets and pants legs for as long as it's existed, and serves the corporate presences on the Web and not the "useless eaters" who consume it? The HTML spec has long been saddled with additions that benefit that corporate control of the Web. Why should it surprise anyone that one of the biggest corporate presences wants to take further control through use of its own browser?

    So the Resistance is now back to using HTTP filtering proxies like the dead Proxomitron and Privoxy to try to take back the Web from corporate control. Good luck with that. Nobody really gives a shit any more. Instead of more such independent proxies and more refinements to them to make them truly user-friendly, we got the horrifically bad idea of BROWSER EXTENSIONS... and those extension developers got pwned even by Mozilla after the trap was sprung.

    • by Actually, I do RTFA ( 1058596 ) on Tuesday January 22, 2019 @09:23PM (#58005424)

      Back to Privoxy/Promoiyton? Why do you think Google spent 5 years convincing everyone HTTPS was necessary, even for static, low-risk pages?

      • by bytestorm ( 1296659 ) on Tuesday January 22, 2019 @10:32PM (#58005772)
        Local proxies are still allowed. And likely always will be if they want the corporate market share (this is the reason tls 1.3 got blocked for a year). Add your proxy's CA to your trusted certs and it can mogrify all the pages you send its way, regardless of security or origin. Granted, you can no longer see the original certificate from the origin webserver, but block ads it will.
    • by mattb47 ( 85083 ) on Tuesday January 22, 2019 @09:24PM (#58005436)

      Run Pi-Hole instead and point your DNS to your Pi-Hole system?

      https://pi-hole.net/ [pi-hole.net]

      Pi-Hole doesn't have to run on a Raspberry Pi. Run a small VM, another Linux box, etc.

      I have a home server running a Ubuntu VM alongside a bunch of Windows systems, so Pi-Hole would work for me.

      Still, way more overhead and complexity than uBlock Origin.

      • by macraig ( 621737 ) <mark.a.craig@gmail . c om> on Wednesday January 23, 2019 @03:14AM (#58006528)

        You don't seem to grasp how much flexible Proxomitron and Privoxy are than something as simplistic as Pi-Hole. They don't just block advertising: they can REWORK PAGES to display information in a fashion that is effective for you, and NOT display page elements that distract from your goal, regardless whether those elements are advertising, site self-promotion, sidebars you don't need, and far more.

        Don't you get sick of having a widescreen monitor yet so many Web pages are imprisoned by their designer in a narrow column that only benefits that designer's "vision"? Don't you ever find yourself wanting to overrule the stupid or selfish decisions that Web designers make? You could do that are more with Proxomitron, because it was designed specifically to be more generalized than just an ad-blocker. Before Proxomitron's sole author died and the software lapsed into obsolescence, I used it for all of the above, and my Web experience was dramatically improved, because it was MY OWN.

        Instead of promoting Pi-Hole, you should be promoting a revived open-source community edition of Proxomitron.

      • by AmiMoJo ( 196126 )

        PiHole is better than nothing, but DNS based blocking is very limited these days compared to what an in-browser ad blocker can do.

        For example, it can't do much about ads served from the same host as the content. It can't do pattern matching based on the URL. It can't selectively disable Javascript, e.g. to disable 3rd party scripts. It can't stop auto-play videos.

        It doesn't work with YouTube either. Currently PiHole can't block YouTube ads, much to my annoyance.

  • by dkman ( 863999 )

    Right now it intercepts the request and says "don't make that one".

    Is it possible that the browser makes the request and gets the file, but you tell it "don't load that one"?

    So, essentially, the network traffic still happens, but the file isn't active/usable.

    • That is still bad. A lot of tracking data is then still sent to servers that the user does not agree with. Every bit sent to a digital stalker is way too many.
  • by GameboyRMH ( 1153867 ) <gameboyrmh@@@gmail...com> on Tuesday January 22, 2019 @09:05PM (#58005338) Journal

    This should help get Firefox user numbers back up.

    • This should help get Firefox user numbers back up.

      Yes, let's have Chrome without adblockers and Firefox with adblockers. It's the best way to reestablish some competition in the marketplace.

      Google's secret plan to avoid FTC scrutiny? ;)

    • by AmiMoJo ( 196126 )

      It would definitely make me switch. The slightly annoying Firefox UI isn't bad enough to live without uBlock Origin.

  • by koavf ( 1099649 ) on Tuesday January 22, 2019 @09:06PM (#58005340) Homepage
    And the second best time is today.
  • by spywhere ( 824072 ) on Tuesday January 22, 2019 @09:20PM (#58005402)
    I use Firefox with uBlock Origin, and I also use the MVPS Hosts file... both on my home and work computers.
    I stopped trusting Google when they were bundling Google Desktop with new computers.
  • by NerdENerd ( 660369 ) on Tuesday January 22, 2019 @09:27PM (#58005450)
    Firefox time.
  • by AJWM ( 19027 ) on Tuesday January 22, 2019 @10:02PM (#58005622) Homepage

    While not perfect, it seems to me that a filtering proxy would take care of a lot of ads, at least those from 3rd party ad-servers.

  • What did users expect?
    To get a service and block approved ads?
    Find a real OS and a real browser that lets the user block ads.
  • by Anonymous Coward on Tuesday January 22, 2019 @10:37PM (#58005796)

    Google is making this change because filtering malicious javascript and advertizing from web pages by the "web client" (ie, the browser) is ruining their business model which is completely and entirely based on the "web client" executing malicious javascript and displaying advertizing contrary to the interest of the owner of the device on which that malicious javascript is running and on which the advertizing is being displayed, at the expense of that owner (who is paying to transport that unwanted malicious javascript and advertizing).

    Therefore, Google has two choices: Make is so that people using "Chrome" based crap cannot protect themselves from malicious javascript and advertizing (99% of which is promulgated by Google) or just close up shop and go out of business.

    Because they are a bunch of greedy fucks who do not actually have a product any non-sleezebag would want to actually spend money on (and therefore no actual business model other than being a shitbag), the have decided to pursue the former course rather than the latter.

    Of course, it also helps that 99.999999% of the people who use their products do not give a shit anyway and are too stupid to only use products which are not inherently malicious.

    In other words -- follow the money.

  • If they do this, then, someone is just going to fork it and take restrictions right back out.
    • > ... someone is just going to fork it ...

      Forking Chrome?

      It's a huge project. That someone needs lots of devoted developers and resources.

  • Clearly "Don't be evil" went out riding the coattails of the previous government administration and its anointed successor.

    • Re: (Score:2, Insightful)

      by Desler ( 1608317 )

      Hey look, another naive Slashdork that still thinks that motto ever had any teeth to it.

  • by nadass ( 3963991 ) on Wednesday January 23, 2019 @03:04AM (#58006498)
    I fully respect the disdain for all things Alphabet Soup (formerly known as Google Inc) but the specs to chrome.declarativeNetRequest appear to suggest a different extension programming model to accomplish the same thing.

    Instead of loading a separate web document (as webRequest API does) the new API allows an extension to run through its rules at the onBeforeRequest stage -- in other words, instead of intercepting a separate network request mid-stream the API provides the means to evaluate the network request BEFORE going all the way through.

    Another way to look at it is like a (network routing) proxy service. The proxy runs through client-side rules first (whereby the rules.json may have "block" and "allow" and "redirect" action types) and reacts accordingly all BEFORE dropping mid-stream packets.

    As I ponder this a bit more, it seems that an ad-blocking extension that utilizes the new declarativeNetRequest API would actually DECREASE the amount of hits an ad-server would experience since the browser would never initiate a connection to the ad-server. To this end, the specs say that iframes and images blocked by the declarativeNetRequest API would collapse at the DOM (thus killing the html content within the iframe from ever being loaded).

    Question: Did I understand the SPECS correctly? (Yes, I am ignoring the brouhaha otherwise as well as the claim that [oh no] ad blockers have a new API at their disposal...)
    • You might very well be right. IIRC the first releases of Chrome didn't have any way for and adblocker to stop network traffic. They had to let everything load and then selectively hide elements from the display.

      Google opened up the framework a bit to make adblocking's job easier. It seems unlikely that they'd do a complete about face here.

      Granted, Google does change directions faster than a confused crack head.

  • by xack ( 5304745 ) on Wednesday January 23, 2019 @03:08AM (#58006510)
    Since websites will assume if you are using firefox, you must be blocking ads. This will be a fom of drm and more websites will be going chrome only to ensure thir ads will be seen. Chrome has acheived the browser monopoly after we fought so hard to get rid of Internet Explorer.
  • Browsers have started to implement DNS-over-HTTPS and it's only a matter of time before Google enforces it in the future.
  • Seems like Google's gone off the deep end lately. Their search results have gone to shit, to the point where I'm getting more relevant results with bing or duckduckgo, they're pissing off all the YouTube content creators, they seem to be focusing on making the Android Platform useless and annoying and they're shutting down Google Plus after jamming it down our throats just a couple years ago. If I didn't know any better, I'd say they're trying to drive their customers away. And they're alienating a large ch
  • pi-hole or pfSense+pfBlockerNG can block nearly every ad at the network level, making all devices on your network nearly ad free with zero client configuration.

"Hello again, Peabody here..." -- Mister Peabody

Working...