Mozilla Reaffirms That Firefox Will Continue To Support Current Content Blockers

Martin Brinkmann writes via gHacks: From next year onward, extensions for Google Chrome and most other Chromium-based browsers, will have to rely on a new extension manifest. Manifest V3 defines the boundaries in which extensions may operate. Current Chromium extensions use Manifest V2 for the most part, even though the January 2023 deadline is looming over the heads of every extension developer. Google is using its might to push Manifest v3, and most Chromium-based browsers, including Microsoft Edge, will follow. [...]

Mozilla announced early on that it will support Manifest v3 as well, but that it would continue to support important APIs that Google limited in Manifest v3. Probably the most important of them all is the WebRequest API. Used by content blockers extensively to filter certain items, it has been replaced by a less powerful option in Manifest v3. While Manifest v3 does not mean the end for content blocking on Chrome, Edge and other Chromium-based browsers, it may limit abilities under certain circumstances. Users who install a single content blocker and no other extension that relies on the same relevant API may not notice much of a change, but those who like to add custom filter lists or use multiple extensions that rely on the API, may run into artificial limits set by Google.

Mozilla reaffirmed this week that its plan has not changed. In "These weeks in Firefox: issue 124," the organization confirms that it will support the WebRequst API of Manifest v2 alongside Manifest v3. Again, a reminder that Mozilla plans to continue support for the Manifest v2 blocking WebRequest API (this API powers, for example, uBlock Origin) while simultaneously supporting Manifest v3.

Competitive advantage

[peterww]

Mozilla has a chance to out-compete Chrome if they keep more backwards compatibility. Google is obsessed with upgrading and breaking changes, but users hate having to change their software constantly. Firefox could become the dominant browser again if it prioritizes the user's experience.

Re:Competitive advantage

[splutty]

Past experiences make me very doubtful they'll manage to not change a lot of crap for no reason other than change.

Re:Competitive advantage

[quonset]

There's no such thing as change for the sake of change. Behind ever change there's someone's opinion that it will achieve something. In the software world this usually manifests itself as "appearing fresh".

Making something appear "fresh" without doing anything to move the product forward is the literal definition of change for the sake of change. When a company changes the labeling on their box of goods, did that change the way the food tastes/product works/whatever? No. They changed the box for the sake of change because it makes it look "fresh".

Re:

[Rhipf]

That may be a bad example. When companies change the box without changing what is inside it is in hopes of enticing new customers to purchase the product. Established customers will still buy the product (for the most part) because they are familiar with the brand name and will purchase the product based on name alone. So there is a reason for the change and it really isn't change for change sake. You could probably extend that to most products that you think are making changes for change sake. You might no

Re:

[thegarbz]

Making something appear "fresh" without doing anything to move the product forward is the literal definition of change for the sake of change.

No it's not. The appearance of being fresh and modern has a direct correlation to user acceptance. People tend to move on or consider software stale (general people that is, not professionals who actually need to get actual work done) if it's unchanging, or not keeping up with trends.

If you think it's change for change sake then it's because you have a very superficial and skin deep view of software development. No one makes changes for change sake. They make these changes because they believe they are inve

Re:Competitive advantage

[ArchieBunker]

There's no such thing as change for the sake of change.

Sure there is. At some point something has reached peak usability. Since people are employed to write software they have to keep writing software. They don't keep changing the shape of a hammer every few years, hammers have had the same shape for centuries now.

Re:

[thegarbz]

Sure there is. At some point something has reached peak usability.

Usability is only one aspect of software. It's something that is cared about by professionals and those who use software as tools. That's not the general public. Change is made in an effort for software to look fresh and keep up with general trends. It is made in an attempt to stay relevant to consumers who see old software as stale and move on. Quite literally it's a visual change to retain users regardless of whether the underlying system has the same function.

They don't keep changing the shape of a hammer every few years, hammers have had the same shape for centuries now.

Wow. Like wow. No they haven't, not in the sl

SemVer requires these major version increases

[tepples]

Does anyone remember a world where major and minor version numbers meant something and only major version changes actually made a meaningful change to the users?

Yes. We still live in that world. The Semantic Versioning (SemVer) convention [semver.org] increases the major version when a release has one or more breaking changes. This is true of major versions of web browsers, which remove rarely used or security-hostile web platform features. See, for example, deprecations and removals in Chrome 106 [chrome.com].

Re:

[Waccoon]

Historically, Mozilla has changed the names of browser settings specifically to break backwards compatibility and try to force people to new defaults. My favorite was when one of the variables had a single underscore replaced with a double underscore. They also love to regularly change the pluralization of settings. I have to regularly rewrite my user.js file to ensure that my preferences aren't ignored, and it's obvious they do this nonsense on purpose.

Stuff like this is why I use a Firefox fork as my p

Re:Competitive advantage

[diffract]

Mozilla broke backwards compatibility multiple times in the past. They also were obsessed with upgrading and breaking changes, they had a logical release schedule then they accelerated version numbering just to match Chrome's because "it looks better." I use and support Mozilla Firefox, but the things you praised about them are unwarranted

Re:Competitive advantage

[AmiMoJo]

We've been over this. The old extension system was crap. Didn't support multi-threading, was the case of many memory and performance problems, and it had way too much access to the internals of the browser to be at all secure.

The other big problem that Mozilla had with the old extensions system was support. As users dwindled and developers moved to Chrome based browsers, extensions were discontinued or went unsupported. At least with the modern system it's trivial to port extensions designed for Chrome, so there is a good selection.

Not making those breaking changes would have been the end of Firefox. It would have continued to get slower and more unstable.

Re:

[drinkypoo]

We've been over this. The old extension system was crap. Didn't support multi-threading, was the case of many memory and performance problems, and it had way too much access to the internals of the browser to be at all secure.

Yes, we've been over it. They didn't bother to implement all of the same functionality because security is hard, waah fucking waah. If they needed to make changes, fine. Not even trying to provide the same functionality? Not fine. I was using that.

Not making those breaking changes would have been the end of Firefox. It would have continued to get slower and more unstable.

Not implementing the same functionality while ignoring long-running bugs and also changing shit just to look busy is going to be the end of Firefox.

Re:

[AmiMoJo]

Not because security is hard, because running Javascript in the main browser process with access to everything and interacting with some random webpage full of malware is insane.

Re:

[serviscope_minor]

They didn't bother to implement all of the same functionality because security is hard, waah fucking waah.

That could equally apply to both sides. If you were happy with an insecure, underperforming browser, the old one was still there and still is. It's called Palemoon. They haven't managed to improve the security model or the performance.

Thing is yes, security is hard, REALLY hard. And increasingly important especially in that era as it transitioned from "stuff is basically fine" to "attacks are running al

Re:

[dryeo]

SeaMonkey is perhaps a better choice for a browser that mostly still supports XUL. The problem is so many sites want to use the latest JS and don't want to support anything besides Chrome.

Re:

[blackomegax]

So use Chrome.

Who gives a fuck, really?

If you have something to hide, use Tails.

If you don't want google having your info, feed Chrome fake info, and use one of those extensions that launches/instacloses extremely random tabs all the time to fuzz the data to make it meaningless to marketing.

Nitpicking about browsers is the single most autistic thing nerds here love to do. Keep it up!

Re:

[dryeo]

Chrome doesn't do email or newsgroups.

Re:

[aegisqc]

No too sure where you live or if you work at all, but in the rest of 95% of the real world, we still use email.

Sound like more meat to populism and wokism.

Re:

[aegisqc]

What about simply having a decent web browsing experience ?

I recently had to re-install a computer, and just browsing a few webpages, I was getting like 25% of the content as ads. Checking news site and getting aggressively flooded with ads, trying to watch a youtube video but getting stopped by two more ads, trying to check the meteo but there an ads that must be closed before... etc....

Who give a fucks you asked ??? I do, I don't wanna to endure this nightmare bullshit. That plain abuse.

Sound like MS need

Re:

[blackomegax]

Edge may be a fork of chrome but it doesn't plan on stopping support for blocking plugins.

Re:

[drinkypoo]

Security is hard yes, but making the browser work is their whole job, so that's not a reason to just give up.

I used palemoon for a while, but it doesn't really function that well any more.

Re:

[serviscope_minor]

Security is hard yes, but making the browser work is their whole job, so that's not a reason to just give up.

But they couldn't do both (see below). "should", "ought" and so on doesn't actually make intractable problems tractable. In practice, they had the dichotomy between making it more secure and fast and keeping the extensions running.

They picked the correct choice. You can tell, because others picked the opposite choice and it doesn't really work:

I used palemoon for a while, but it doesn't really functi

Re:

[drinkypoo]

Security is hard yes, but making the browser work is their whole job, so that's not a reason to just give up.

But they couldn't do both (see below).

No, that's completely wrong.

Now you know why firefox went the other route.

No, you're talking past the truth, and ignoring what I said. I'm fine with them making a new plugin model. I'm not fine with them not providing the same functionality the old one had. It's fine if the API changes. It's not fine if it loses functionality.

Re:

[serviscope_minor]

No, that's completely wrong.

I'm taking this to be "not feasible", not "impossible with unlimited resources".

No, you're talking past the truth, and ignoring what I said.

No, I'm disagreeing with you. There's a difference. I think you are mistaken.

I'm not fine with them not providing the same functionality the old one had.

The old plugin model needed very deep access to the internals of a system that they also removed for security and performance reasons. In order to make the new plugin system to have feature

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Anonymous Coward]

And none of that precluded having a status bar at the bottom of the browser window. But one of my absolute favorite extensions of all time, Status4evar, no longer works, and instead of a status bar at the bottom of my browser window where it fucking well belongs, I've got nothing.

I've even got to go to a semi-hidden setting on a new install just to get a title bar back, and on everything but macOS (where fortunately the no-menu idiocy hasn't caught on) I've even got to turn the fucking menu bar back on. A

Re:

[vbdasc]

Oh, and I didn't care about "performance and memory problems" at all. Firefox was plenty fast enough back when XUL was a thing.

Ah, these were happier times, back when XUL was a thing. Firefox from when XUL was a thing was indeed fast, back then. I can remember it opening dozens of tabs, and still running great, on machines way slower and with less memory than what is common now. But times change. With the insane web pages of today, it would crawl like a snail, with luck. Else, it would halt and catch fire, crash and burn.

Re:

[Rexdude]

The old extension system was crap

It was not. It actually worked in extending the browser's functionality with powerful and popular extensions, instead of being a glorified userscript manager as is the case now. Pale Moon continues to support XUL while providing a secure browsing experience, but Mozilla fanboys keep shouting it down as 'old and insecure'. Ironic when the most amount of Firefox extension malware started showing up [arstechnica.com] after the decision to move to Web Extensions. It just increased the surface a

Re:

[OrangeTide]

shipping the same old thing doesn't get media attention. and that attention, positive or negative, drives a lot of new downloads. The era is over for user-centric software that sits into a comfortable workflow long term. If such an era even existed.

Re:

[Luckyo]

Mozilla are the ones who started nerfing blockers, google is simply following in its steps now that they've seen that it could be gotten away with.

Remember moving to "Quantum", which nuked XUL addons? A lot of advanced content blocking capability went the way of the dodo with that.

Re:

[Darinbob]

Google is obsessed with advertising. The most evil of all professions. And it's doing this by undermining content blockers while pretending not to.

Backwards compatibility isn't the issue

[rsilvergun]

And it's not really a problem for content blockers, or let's face it these are ad blockers.

What the article is talking about is that features required to write an ad blocker have been removed from chrome. The competitive edge isn't backwards compatibility it's keeping those features in one way or another. It's trivial for any ad blocker to update their code is needed.

And backwards compatibility has its downsides. Firefox didn't break the plugins because they wanted to back when they did it they, the

And extensions for Android ?

[greytree]

So why are the power-crazy wankers at Mozilla STILL blocking extensions on Android ?

"To protect even advanced users from themselves" does not wash.

https://discourse.mozilla.org/t/add-on-support-in-new-firefox-for-android/53488/179

Re:

[drinkypoo]

Having to jump through hoops to install an extension is stupid. It's just fuckery put in the user's way for no good reason. It offers me literally no benefit.

Re:

[AmiMoJo]

It offers the developers the benefit of not getting loads of bug reports from people who installed broken extensions and then blamed Firefox for the problems they encountered.

Re:And extensions for Android ?

[slack_justyb]

So why are the power-crazy wankers at Mozilla STILL blocking extensions on Android ?

That is absolutely NOT the case. How to Use Add-Ons in Firefox for Android [makeuseof.com].

And the entire thread that you've linked in here isn't about the inability to run add-ons, it's a matter of "how" one does so. And this particular person doesn't agree with the hoops that Mozilla has put in place.

The decisions by Mozilla talked about here explain why it was so hard to test on mobile, why I couldn’t find a way to simply load my extension locally, and why the docs are confusing.

Firefox requires that all add-ons come through their https://addons.mozilla.org/en-... [mozilla.org] website. You can use a nightly build or dev builds to use add-ons from a location other than the addons website.

I want to let Mozilla know that the inablity to meaningfully create and distribute add-ons has a negative effect on the community

This person more than likely wants to distribute their add-on via their own means, which with Firefox proper is no longer allowed. And the people the person wants to give their add-on to more than likely does not run dev browsers. Why the person has such an aversion to the addons website, that's never made clear, but whatever.

Anyway, I’m not going to start running a nightly build just to run my add-on. I don’t see that as a viable solution. I really wanted to make the add-on work for Tor Browser. I can see that’s not likely to happen.

Which I would say at this point is, take that up with the makers of the Tor browser. That's not really Mozilla's issue.

This is the same issue Chromium browsers will face eventually. Manifest v3 will ultimately make its way into Chromium and Brave, Opera, Edge, etc... Will all have to keep stripping it out and allowing v2 each new version of Chromium they build off of. If Edge let's slip v3 in a build, the users need to take it up with Microsoft, not Google.

But Firefox does indeed allow addons in Android. There's plenty of folks who don't agree with the terms Firefox has set in place and by all means they are free to implement their own. But this person is complaining about a requirement that Firefox has that Tor didn't strip out. That's up to Tor to deal with.

Re:And extensions for Android ?

[nicubunu]

So walled garden is bad when Apple is doing it and good when Mozilla is doing it? Is bad all the time, user should be in control.

Re:

[serviscope_minor]

What walled garden?

If it's a walled garden, then it's got a fucking great gate in the wall, the position of which is labelled on any map you care to find. You can leave the garden if you want, just flip the catch and stop bitchin'

Re:

[caseih]

Even with collections you still have to use extensions that are in the mozilla official add-on store. I can't go get the latest from github and install that, for example. I used to be able to. So no gate here really.

Re:

[phantomfive]

Apple's walled garden is bad because Apple won't let you out of it.
If they had an unlocked bootloader, open source code, and a way to enable side-loading apps, then it would be fine.

The "walled garden" isn't the bad part, it's that Apple owns the key. The customer should own the key.

Still an Android-specific allowlist

[tepples]

Firefox requires that all add-ons come through their https://addons.mozilla.org/ [mozilla.org]
This person more than likely wants to distribute their add-on via their own means, which with Firefox proper is no longer allowed.

Even if a developer makes an add-on available through https://addons.mozilla.org/ [mozilla.org] it won't be usable in versions of Firefox for Android other than Nightly.

But Firefox does indeed allow addons in Android.

You are correct. Firefox for Android is compatible with these sixteen (16) extensions [mozilla.org]. There is no documented way for other developers of extensions distributed through https://addons.mozilla.org/ [mozilla.org] to get their extensions on this allowlist.

Re:And extensions for Android ?

[Gravis Zero]

It's likely simple answer that you may not like. The Android browser is missing a lot of APIs that exist in Firefox which means when you try to use a certain API then it will fail entirely and therefore make the add-on incompatible. They may have plans to implement all the APIs then enable add-ons to work universally which would be a good way to avoid the use of stopgap APIs and having developers writing exceptions that will become incompatible.

The alternative is to setup an Android only add-on list which could easily lead to users harassing developers to port their add-on.

The only way to really know is to talk to the developers in control of the situation.

Re:

[JThundley]

I literally just allowed javascript via noscript and saw the rest of my privacy and security addons in order to read your incorrect statement.

Re:

[greytree]

Go and read the comments by people more intelligent than you to understand the problem.

Re:

[JThundley]

I did and they agree that you're still wrong. It sounds like you meant to say that Mozilla requires you to install the nightly build of Firefox to install unpublished extensions.

Re:

[Dwedit]

If you get the "Fennec" build of Firefox (you can get it from F-Droid), you can change the specific set of Addons that you can use. This will let you use extensions like "Bypass Paywalls Clean" that are otherwise not available.

Re:

[Carewolf]

What are you talking about? I have the same adblocker on Android Firefox as I have on my desktop. Are you just repeating outdated critique from 3 years ago?

Re:

[greytree]

No. Now go and Google before wasting everyone's time with any more useless comments.

Re:

[Carewolf]

Why would I waste your time in your nonsense. This was an issue several years ago, now the adblockers also exist on mobile Firefox if they want to be,

What other choice is there?

[timeOday]

Calling adblockers a competitive advantage is an understatement. Browsing the web without adblock is intolerable. Youtube in particular is simply not worth the aggravation without adblock.

Re:

[waspleg]

Completely agree. I take my DNS blacklists and ublock origin/privacy badger/etc for granted until I have work on someone else's shit that has nothing and it's an absolute fucking nightmare. How or WHY especially people can use WWW at all without ad blocking is a mystery to me.

uBlock Origin (Lite)

[Some Guy]

Potentially good news for uBlock Origin users. It looks like gorhill has managed to make a "lite" version for use with Manifest v3:

https://github.com/uBlockOrigin/uBlock-issues/issues/338#issuecomment-1253893421 [github.com]

Not going to be as powerful as uBlock Origin, but it's better than nothing at all.

Re:

[AmiMoJo]

Looking at that it's not clear what his long term goal is. The "lite" version seems to be an experiment, to get a feel for the new APIs and find ways to implement existing features in them.

Reading his notes it seems that Google has been responsive to issues raised by himself and other extension developers, so there is a chance that they will be able to resolve the outstanding issues. As he notes, in some ways Manifest V3 is superior to V2, particularly when it comes to performance.

Re:uBlock Origin (Lite)

[Some Guy]

As he notes, in some ways Manifest V3 is superior to V2, particularly when it comes to performance.

Yes, that is interesting. I actually feel slightly less doom-and-gloom after reading his write up.

Looking at that it's not clear what his long term goal is.

I had the impression he is going forward with it as a parallel release. He already has it on the store [google.com] and he says in the final paragraph:

Many users of uBO will dislike the limitations of uBOL when compared to uBO. There is no point complaining about it, it's just not for you, it's meant for another kind of users -- you do not have to use it. For the record, it's not for me either (I want/need the full control uBO allows me), but I want to offer an option for those who use uBO as an install-and-forget blocker without ever interacting with it.

Google doesn't like ad blockers, news at 11

[sinij]

The only reason Google doesn't outright ban ad blockers is that they know they will lose market share. As such, if ad blockers succeed in adapting to Manifest V3 there will always be Manifest V4 and so on.

Well, well, well...

[Miles_O'Toole]

Finally...a solid reason to return to Firefox.

Oh, also, when can we get a meaningful Class Actio

[waspleg]

n suit against Google? They're basically changing web standards around their ability to fleece people. You know, like M$ still does on Windows but can't do with IE anymore; but used to do.

Obviously. They do not want to commit suicide.

[gweihir]

Fast suicide that is. Their slow suicide is well underway and started with hiring an SJW moron to run things...

Time for a network-level adblock

[devslash0]

With all the browsers developers taking the adblocking powers away from us, it's time someone developed a network-level adblock which uses a Man-in-the-Middle approach cut out ads from any responses before they reach the browser. Chrome literally woouldn't know what hit it.

This kind of a filter would be even better than current adblocks because much of the time ad content is actually fetched and loaded into a page, just not visible. Cutting all the crap out before it's rendered would theoretically speed up page loads (a lot).

I may even start writing such a thing myself during my upcoming annual leave.

Re:

[Dwedit]

Proxy-based solutions used to be popular. There was WebWasher way way back in the day (which blocked specific image sizes used by banner ads), then there was Proxomitron. Then there's Privoxy.

You can do a proxy-based man-in-the-middle attack if you install a certificate for your proxy.

Re:

[evanism]

https://adguard-dns.io/en/publ... [adguard-dns.io]

This is very good.

Re:

[devslash0]

This is only DNS-level blocking, not content-level.

Re:

[Carewolf]

Doesn't work for some sites. Youtube for instance requires the adblocker to script the site into thinking that ads don't need to be loaded for the current video, and if they were loaded, that skip was legally pressed immediately.

Re:

[Dwedit]

A proxy-based solution can override any code, so it could theoretically block ads on youtube, if it can get the correct JS code in there.

Ad block extensions lol

[The Muses]

Do people really use those ad blocking extensions in their web browsers, like uBlock Origin? All they do is block the display of the content (ads) in your web browser they do nothing to prevent your device from communicating back and forth with the ad servers. A web browser is an application, it resides on the 7th and very last networking layer. If you are really serious about blocking content (ads), preventing tracking, utilize your "hosts" file which resides on the 4th "Transport" layer.

Re:

[bsolar]

Blocking through the hosts file is certainly viable but much less fine-grained than what an extension can do as it's limited to block at the hostname level whereas an extension can filter based on URL paths, query parameters etc...

Re: Ad block extensions lol

[karlandtanya]

pi-hole & a vpn on openwrt for the whole house, hosts & vpn on the laptop, brave + ublock on desktop OSs, and waterfox + ublock on android. And don't use social media at all unless you consider /. and Fark social media.

Still some noise gets through, but a whole lot less.

One thing I noticed doing all this ad blocking in software is that the ad blocking ability of the wetware tends to atrophy.

Re: Ad block extensions lol

[The Muses]

A web browser is an application, an extension is part of that application. As such the extension like the browser doesn't have permissions to block network traffic. The hosts file is the only place you can block connections on any device as it resides within the transport layer and root permissions are needed to access that layer.