Chrome Will Now Silence Many of Those Annoying Notification Permission Prompts on the Web (techcrunch.com) 83
Google today announced a set of new and updated security features for Chrome, almost all of which rely on machine learning (ML) models, as well as a couple of nifty new ML-based features that aim to make browsing the web a bit easier, including a new feature that will suppress notification permission prompts when its algorithm thinks you're unlikely to accept them. From a report: Starting with the next version of Chrome, Google will introduce a new ML model that will silence many of these notification permission prompts. And the sooner the better. At this point, they have mostly become a nuisance. Even if there are some sites -- and those are mostly news sites -- that may offer some value in their notifications, I can't remember the last time I accepted one on purpose. Also, while legitimate sites love to push web notifications to remind readers of their existence, attackers can also use them to send phishing attacks or prompt users to download malware if they get users to give them permission. "On the one hand, page notifications help deliver updates from sites you care about; on the other hand, notification permission prompts can become a nuisance," Google admits in its blog post today. The company's new ML model will now look for prompts that users are likely to ignore and block them automatically. And as a bonus, all of that is happening on your local machine, so none of your browsing data makes it onto Google's servers.
autoplay video (Score:5, Insightful)
Re: (Score:3)
A huge bandwidth waster too. I'm on a limited data plan and I'm afraid to even open a news article. Multiple autoplaying videos starting at the same time. Some with fake "close" buttons or a delay after you click the button pretending it can't do it immediately.
Re: (Score:1, Insightful)
Re:autoplay video (Score:5, Informative)
The Brave web browser does this out of the box. https://brave.com/ [brave.com]
Firefox will do it too, though you have to find and enable the setting. https://www.alphr.com/stop-aut... [alphr.com]
Re:autoplay video (Score:5, Insightful)
Re: (Score:3)
Across the board video & sound autoplay blocking is the only reason I still use Firefox. And that feature is one of a scant few that are keeping me with Firefox instead of using Vivaldi, or maybe even de-googled Chrome.
Re: (Score:3, Informative)
I completely agree that currently I will never go back to chrome. FF with ublock, localcdn and containers is a killer combo. Especially containers.
Re: (Score:2)
Re: (Score:2)
Firefox by default blocks autoplay on background tabs (the ones you are not looking at), and you can set it to disable all autoplay via that option Tony Isaac mentioned.
I completely agree that currently I will never go back to chrome. FF with ublock, localcdn and containers is a killer combo. Especially containers.
Is the need to block autoplay in FF a Windows thing? Or perhaps all the condoms my FF in Mac uses? I have Privacy badger, Ghostery, NoScript and Adblock and DDG privacy turned on is doing it for me. And I'm not turning them off either.
As does Opera (Score:2)
... which is basically a better version of Chrome.
In fact, I didn't know other browsers didn't do it.
Re: (Score:3)
Re: (Score:2)
Why on Earth would you assume that they are affirmed by default? Anyway, it says quite clearly that they will be blocked and denied by default.
The default setting in Chrome is that sites have to ask permission to use things like webcams.
Re: (Score:2)
Re:autoplay video (Score:4, Insightful)
can they solve the absolutely obnoxious as all get-out 'cookie' requests that various sites continually display (stack overflow, stack exchange etc)?
Or barring that - how about the super helpful 'notification' regarding gchat/gmail replacement? I keep seeing it in gmail, and having tried it.. want absolutely no part of it. I get that tech companies like google or atlassian continually have to wreck their ui/ux experience, making it worse with each iteration for no apparent reason whatsoever -- but at this point that warning is just rubbing it in.
Re: (Score:1)
Blame Europe for the cookies thing (GDPR). I really wish these sites would follow the spirit of the legislation, and make the default to opt out so we can just click the X to close it and move on.
Re: (Score:2)
The very worst instance I have encountered was a site with a huge pop-up blocking a section of the screen and the only option offered was "yes to everything", to not be tracked it listed seven analytics websites to go to request no tracking. I am sure this is in actual violation, not just a violation in spirit of the European cookies thing.
Re: (Score:2)
The very worst instance I have encountered was a site with a huge pop-up blocking a section of the screen and the only option offered was "yes to everything", to not be tracked it listed seven analytics websites to go to request no tracking. I am sure this is in actual violation, not just a violation in spirit of the European cookies thing.
The thing about EU law is that it only applies to the European Union. So the websites based out of the US with no presence in the EU are completely safe from prosecution by the EU. Unlike the US, the EU doesn't assume it's laws do not apply outside of it's borders.
The reason they keep doing it is to intimidate you into being too scared to implement a similar law in your own country (fair, I'm assuming you aren't European).
You're quite right that a pop up saying "all your base are belong to us" with a
Re: (Score:1)
The thing about EU law is that it only applies to the European Union. So the websites based out of the US with no presence in the EU are completely safe from prosecution by the EU. Unlike the US, the EU doesn't assume it's laws do not apply outside of it's borders.
Wrong. It's not about a business presence, it's about the target audience. Any website targeting EU residents (i.e. they list prices in EUR or offer pages translated to an EU language) must comply, even if the website is based outside of the EU.
For example: if I have a website for my USA widgets business, but I only sell to US customers, I do not have to comply with GDPR. If some rando European stumbles upon my website and I do a one-off sale, that's fine too. But as soon as I open up sales to the EU and be
Re: (Score:3)
Blame Europe for the cookies thing (GDPR). I really wish these sites would follow the spirit of the legislation, and make the default to opt out so we can just click the X to close it and move on.
No, the blame lies on the websites pushing cookies to harvest your personal data. If you don't like that, get behind a GDPR for your country. If you truly wish for websites to follow the spirit of the legislation, not try to get around it with an annoying popup, then supporting GDPR like laws are the best (and only workable) way.
Now there are loads of extensions that will dismiss the cookie popups from options in Ublock Origin to I Don't Care About Cookies. IDCAC doesn't stop the cookies, just the popups
Re: (Score:2)
uBlock Origin can remove a lot of those cookie requests. Very handy when you have AutoCookieDelete anyway.
I've been working on clearing those up a bit. The GDPR recital 32 clearly states that the request should not coerce agreement and should not impede use of the site, so anything that is annoying or which doesn't make rejecting the offer a single click is not compliant. If you are in a GDPR country you can make a complaint.
Chrome has also started deleting cookies for sites you have not visited for a while
Re: (Score:2)
> can they solve the absolutely obnoxious as all get-out 'cookie' requests
Try the "I don't care about cookies" browser plugin: https://www.i-dont-care-about-... [i-dont-car...cookies.eu]
Re: (Score:3)
2022.... (Score:5, Insightful)
When you have to have an 'AI' to implement - default deny.
Re:2022.... (Score:4, Interesting)
Heuristic:
Do I have an old persistent cookie and/or a login for this site?
Did I just click on a button deep in the site?
If no, suppress.
Maybe there's more to it but a probabilistic Bayesian classifier or tensorflow model sure seems like overkill.
Re: (Score:1)
there are way more factors it needs to analyze,
is this being asked by another alphabet inc subsidiary?
Does this company pay google for advertising?
Does it display google advertisements?
is this in anyway going to benefit google, if yes show popup
does this benefit anyone other than google? if yes supress
Re: (Score:2)
Chrome has started deleting old cookies for sites you haven't visited for a long time. I removes any permissions you granted them too.
Re: (Score:2)
While I can see some security upsides to that - domains changing hands without your knowledge etc. I really don't see that as desirable behavior either.
There are a lot of sites/software/activities I do with my computer but very infrequently. Figuring out why the tax planning tools I have not used since last year suddenly don't work because my browser 'decided' I don't use the site often and removed the 'local storage' permission I explicitly granted is annoying.
The computer should not change its configurati
Re: (Score:2)
All that happens is you have to log in again. If the website is relying on your browser to store stuff then it's broken, all browser storage is explicitly temporary.
Machine learning? (Score:5, Interesting)
They need machine learning to block all of them automatically? Because that's how many sites need it.
Re:Machine learning? (Score:4, Insightful)
You are not a user, you are a product. The product blindly clicking "block" is a less valuable product.
Popups (Score:3)
When will Chrome finally figure out how to block popups? I can't even count how many times over the years it's been declared that browsers had figured out how to block popup windows, yet I still see them occasionally.
Re: (Score:3)
Privacy Badger and uBlock Origin should be standard equipment in all browsers. Between that and the browser's built-in options for dealing with popups, I haven't seen any popups in many years.
Re:Popups (Score:4, Interesting)
This is an easy one. So-called "pop under" windows are long gone, as a "blanket ban" was possible for those. There was never any legitimate use for them, so nothing was lost when they were blocked.
Implementing a rule like "never make any popup windows" is just as trivial, but it's not a good solution. You see, a lot of websites still use popups. More that just old government websites, Gmail also makes use of popups.
Smart browsers still try to block popups by looking for good and bad behavior. A popup because a user clicked something is probably okay, where a popup that happened because a certain amount of time elapsed is probably bad. I guess the point is that the problem isn't as easy as you'd think.
Re:Popups (Score:4, Informative)
>where a popup that happened because a certain amount of time elapsed is probably bad.
I see this all the time on banking, credit card, and other high security sites that want to log you out after inactivity. They often have a popup that asks if you are still there. So there is one good use for this specific case.
Re: (Score:2)
I see those as well, and agree that that's a perfectly legitimate use, but that's a different kind of popup. I was talking about new windows, not the new-fangled things that are part of the page. I probably should have specified "popup windows".
Re: (Score:2)
I haven't seen websites use popups for login purposes in years. Modals, yes, but actual popup windows? No.
Re: (Score:2)
It seems simple enough to solve to me. Any and all popups should be blocked, a subtle notification show near the url bar, and require active user consent to show. If the user has unblocked popups for a specific site than that site is allowed to show popups in the future. This does two things- it deters web designers from using this crappy paradigm in the first place, and in the rare case where it's really necessary for some reason, it gives the user a way to see them.
This is what Chrome and others were supp
Re: (Score:2)
This is an easy one. So-called "pop under" windows are long gone, as a "blanket ban" was possible for those. There was never any legitimate use for them, so nothing was lost when they were blocked.
Implementing a rule like "never make any popup windows" is just as trivial, but it's not a good solution. You see, a lot of websites still use popups. More that just old government websites, Gmail also makes use of popups.
Smart browsers still try to block popups by looking for good and bad behavior. A popup because a user clicked something is probably okay, where a popup that happened because a certain amount of time elapsed is probably bad. I guess the point is that the problem isn't as easy as you'd think.
This. Popups still have a place, I.E. when filling out a form if you need to search a database for another item like an Address, serial no. and what not without losing what you've entered, you can use a popup or new tab. Especially if you're dealing with information you could potentially need to keep separate for legal reasons.
OTOH, popups get used for evil a lot.
The problem is, how do you tell the good popups from the bad ones?
Re: (Score:2)
I.E. when filling out a form if you need to search a database for another item like an Address, serial no. and what not without losing what you've entered, you can use a popup or new tab.
You're conflating two completely separate notions.
Popups are pushed by the server party and not initiated by you. You do not open a popup screen. And a popup is not the same as a new tab.
So fuck no, popups don't have a place. Anything that can be done in a popup can be done in the main window. Except for when trickery is in play. Then popups become a tool.
The problem is, how do you tell the good popups from the bad ones?
First you will need to tell us what 'good' popups there actually are. In my entire life i have barely encountered ones that aren't there for dubious reaso
Unintended consequences (Score:2)
Look, I appreciate that the EU is trying to make things better and safer for everyone. I'm generally in favour of regulation to keep companies from getting too big and powerful. But being *so specific* in your regulations just leads to crap like this. It's one of the reasons why I don't like their legislations mandating side-loading, or changing all connectors to USB-C. It just means that at some point someone will have to hack a workaround to an idea that was only marginally useful in the first place.
Put i
Re:Unintended consequences (Score:4, Informative)
This is not about cookie consent, but about notification permission requests.
Re: (Score:2)
This is not about cookie consent, but about notification permission requests.
TBH, I see those cookie consent pop-ups far more often than the "this site wants to send you a notification" prompt. But this article was finally my motivation to figure out where the setting is located in Chrome to be rid of the notification prompt for good.
Three dots -> Settings -> Privacy and security -> Site Settings -> Notifications
Now if they could do something about those damned robot tests. Oh right, Google's the one behind those. Argh.
Re: (Score:2)
You can thank the EU for that.
Re: (Score:1)
You can thank the EU for that.
I'm still mad about the exploding refrigerators, too. Let's save the environment by using highly flammable isobutane as refrigerant. What could possibly go wrong? Thanks, EU.
Everyone getting skin cancer was so much better (Score:2)
I found one (1) case of an exploding refridgerator, out of hundreds of millions sold.
Oh and the EU don't mandate isobutane at all.
Why are all Leavers so gullible?
Re: (Score:2)
I'm still mad about the exploding refrigerators, too. Let's save the environment by using highly flammable isobutane as refrigerant. What could possibly go wrong?
Very little. Compared to Ozone depletion causing a strong increase in UV and associated increase in skin cancer deaths, a few people's fridges blowing up are a minor issue.
Re: (Score:1)
Very little. Compared to Ozone depletion causing a strong increase in UV and associated increase in skin cancer deaths, a few people's fridges blowing up are a minor issue.
You're thinking of chlorinated refrigerants, which were banned in 1987 by The Montreal Protocol. More recently [europa.eu], the EU initiated a phase-out of otherwise perfectly ozone-safe non-flammable refrigerants, because their release contributes in some infinitesimal way to climate change.
As to how this relates to those damn cookie pop-ups, we've been getting exploding fridges here in the USA too, because the damned Chinese manufacturers refuse to build separate models which still use the non-flammable R-134a refri
Re: (Score:2)
TBH, I see those cookie consent pop-ups far more often than the "this site wants to send you a notification" prompt.
You browse on desktop then? I can't remember the last time I visited a website on a mobile phone that didn't want to send me a notification.
Re: (Score:3)
Everyone hates those cookie popups, they only serve to annoy us and take up space, they're sometimes used as a way to attack visitors to the site, etc.
The reason you cannot waive your GDPR rights generically is because too many people have zero understanding what they actually mean and do.
Re: (Score:2)
companies have to meet certain criteria so that they're not packaging and selling too much crap.
Good luck actually being able to write such a vague law.
How about just delete the feature entirely? (Score:2)
Who needs pop-up prompts from any web page? If you want that, install an app.
Re:How about just delete the feature entirely? (Score:5, Interesting)
Who needs pop-up prompts from any web page? If you want that, install an app.
Google Does.
While Gmail is technically compatible with Thunderbird and Outlook and KMail and Apple Mail, Google would much rather you use 1.) use Gmail instead of other mail providers, and 2.) use Google software instead of other mail clients.
To accomplish this, Google must be able to alert users when new e-mails arrive. They *could* write a mail client of their own, but that would be too much work AND they'd probably have to make it compatible with other e-mail services AND they'd have to make it for Windows and OSX and ChromeOS while also making it distinct from Chrome. ...but it's far easier to make a notification API they design, incorporate it into standards they largely control, and integrate it into the browser that they write.
Personally, I'm with you, but Google's answer to pretty much every function worth having a separate application is "add it to Chrome".
Re: (Score:3)
Re:How about just delete the feature entirely? (Score:5, Insightful)
I never want to install an app. Apps are a pain in the ass. More than just clutter, they all seem to think that they're the most important thing on my device. Preload on startup, update windows that force themselves to always be on top, endless nagging/notifications that I don't care about, an uninstaller that want you to reboot ... ugh... No thanks.
The web won because it was convenient. I don't need to install a website to use it. When I close a website, that's it. It doesn't bother me again from that point forward.
This app trend on mobile is irritating as well, mostly because every damn website really wants you to use their app instead so that they can more vigorously violate your privacy. No, I don't want to download your app, stop asking me.
Using Firefox on mobile, I get access to useful extensions, like uBlock origin. That means I'm not bombarded by data-gobbling ads every few seconds. I can use a dark mode addon if I want, or change the font size, whatever works best for me. The web empowers the user, apps take that away.
Why can't I just say no once and for all? (Score:3)
I will not accept any notification requests, or any autoplay, or any tracking, or anything at all. I'm using the web to get to the information I want to get to, not to open up yet another torrent of stress inducing notifications.
Why can't I just choose "always say don't allow", and forget the notification even exist?
If they really cared about us who are using their browser, this would already be in place.
Re:Why can't I just say no once and for all? (Score:4, Informative)
Why can't I just choose "always say don't allow", and forget the notification even exist?
Three dots -> Settings -> Privacy and security -> Site Settings -> Notifications
You're welcome.
Re:Why can't I just say no once and for all? (Score:5, Interesting)
I've turned that off. Then I upgraded Chrome.
And now it's back on.
I thought it simply ignored them.
Seems I need to have a checklist for each upgrade.
Re: (Score:2)
You've been able to turn off notification requests globally for many years. Just go to chrome://settings/content/notifications [chrome]
Re: (Score:2)
Why can't I just choose "always say don't allow", and forget the notification even exist?
You're talking about the wrong problem. You can disable permanently the Chrome notification question. That's not an issue. The issue they are trying to solve here is websites asking users by means of the website interface itself if they can even request the permission from Chrome before the Chrome pop-up ever even comes up.
There's no standard template, no standard implementation, nothing that can conceivably be blocked reliably without affecting the ability for a website to function.
Soooo many easier solutions... (Score:2)
This is little more than new technology in search of a problem to solve. To me, a far better solution would be to simply make the Notification requests themselves less intrusive -- ideally just put the icon in the toolbar, but suppress the pop-up request until the user actually clicks on that icon. This isn't even a new concept, honestly... it's well trodden and would serve this "need" perfectly.
I mean, come on... there was never a good reason for the forced pop-ups; if people actually want notifications fr
Re:Soooo many easier solutions... (Score:4, Insightful)
Let's start at the beginning - a site I've never visited before *immediately* pops up asking to me to accept notifications. As if I have any idea if I will ever be back top this site. Immediately.
I didn't read to see where I can choose to reject all browser notification popups. And maybe allow them to be tucked up out of the way in case I ever wanna. And just between you and me, I have stopped accepting browser notifications from sites since around 2004. All. I'm killing off android app notifications also, and tracking those apps that magically re-enable notifications. Almost all default app notifications are like browser popups, pure presumptive marketing of something I never indicated anything but perfunctory interest in. Like thanking me for buying movie tickets (thank you for seeing %^#@%$) and recommending crap I will never go see, or me following a search link to a home renovation site and being prompted to accept notifications - when the link I went to is a three-year-old article, and I am not even seeing current content, when I wanted specific info. Gawd.
Grain of salt (Score:2)
Expect it to fall foul of EU law quickly. (Score:1)
how about just killing service workers (Score:3)
detect there's a service worker, and let me decide to install the page as an 'app'. if i do, you can keep the service-worker running.
if i don't, then you don't even need to register it. it doesn't exist.
sick and tired of having painful browser performance issues and it turns out it is partly because there's like 156 service workers running from a whole bunch of websites that i didn't even visit.
If i say yes to notifications, turn on the service worker. if i install the PWA, turn on the service worker.
if i just visit a page once, because a friend shared a link, don't put that shit on my box.
Re: (Score:2)
detect there's a service worker, and let me decide to install the page as an 'app'.
"Popup: Do you want to install the page as an 'app'? Yes / No"
I think you just made the problem even worse.
Re: (Score:2)
I have found you can generally block all service workers with no ill-effects, although sometimes recaptcha fails without them.
Re: (Score:2)
So basically an artificial filter bubble? (Score:2)
Or at least a preliminary stage of one. Yeah, that will go well.
Better UI can solve this without ML (Score:2)
Instead of popping up over the page, just make it a button that lights up on the address bar. You can click it if you want. Otherwise ignore it, no need to dismiss it every time.
Just an off-switch (Score:2)
How about just a simple off-switch? I don't know anyone who has *ever* intentionally said "yes".
Copy-and-paste for autoplaying HTML/5 Videos with microscopic close buttons. Who wants that? Seriously?
And, finally, cookie pop-ups. If they would just not use 3rd party trackers, they wouldn't have to ask.
I know, I know...
Newsletter popup = 'we hate you' (Score:4, Insightful)
Why do so many sites do this?
There are so many times I'll click on an email newsletter I'm subscribed to, and the first thing that comes up on their site is a request TO SIGN UP TO THE NEWSLETTER.
I avoid sites like this now, and don't recommend them to friends either.
I feel this is a way to say 'we hate you'. For a lot of sites with newsletters, how many visitors are returning?
Probably a lot.
So you're forcing a large number of your supporters to click that stupid thing every visit. Over and over and over.
I've concluded that websites with newsletter popups actually hate people.
Google is annoying themselves. (Score:3)
That's the same Google that doesn't hesitate to put overlays and such when you access any of their services with another browser than their chrome, and keeps asking it at least twice a week. And is now blocking competition doing similar? Can't wait for the EU to notice.
Re: (Score:2)
And is now blocking competition doing similar?
It's not, not even in the slightest. Google isn't blocking popups, they are blocking specifically a certain request to the user (request for notification permission). Google doesn't even ask permission, it just sends the request and lets the browser handle the confirmation... the way it was fucking supposed to work before very fucking websites shat on their on UI with fucking nag-screens. (Yes I'm angry about it, mobile browsing is a miserable experience).
Can't wait for the EU to notice.
Yes you literally can't since there's nothing to no
Re: (Score:2)
From a user perspective, there is no difference between a javascripted overlay and a message from the browser.
They both block access to the content, they both are a nuisance, they both use methods like delays or waiting for interaction to trick the user into clicking.
Push notification might indeed be useful, but indeed the implementation leads to abuse, so i'm glad they fixed it. And the EU themselves are direct cause of one of the biggest nuisances (the cookie confirmation dialogs) and the fact that overla
Just put that request in some little flag-icon ... (Score:2)
... I can click on if I want to allow or revoke notifications for a domain. No need to suppress it entirely IMHO.
Re: (Score:2)
no more girls nearby wanting to play sudoku (Score:2)
or with some other indecent proposal.
AI just made my life even more boring
Memory (Score:2)
Chrome will now use 14 TB of RAM.