The Wayback Machine - https://web.archive.org/web/20200311050240/https://news.ycombinator.com/item?id=21025252
Hacker News new | past | comments | ask | show | jobs | submit login
Explanation of the state of uBlock Origin and other blockers for Safari (github.com)
645 points by n1000 5 months ago | hide | past | web | favorite | 431 comments



There is a lot of confusion around this issue. Some people are taking this to mean that Safari has completely banned ad blockers, which isn't the case. Instead they've switched to a model that matches what they've been doing on iOS which is content blocking[1]. Content blockers give Safari a list of triggers and actions to take when something matches a trigger.

For example; you can have a trigger which contains a regex that matches all images and stylesheets for a given domain. The action can be one of several options, one of which is to block that item.

One advantage this technique provides over ad blocking is that there's no data to be phoned back home. It is, in essence, a mask that is applied to a web page before rendering. Also, it's very lightweight. It's literally just a JSON document which means Safari can perform better.

Now, I'll admit it's not foolproof. Apple and the content blockers have some work to do on it. I'm noticing some issues with it myself after having upgraded to Safari 13. But from a privacy perspective, I personally much prefer this technique.

1: https://developer.apple.com/documentation/safariservices/cre...


> One advantage this technique provides over ad blocking is that there's no data to be phoned back home. […] But from a privacy perspective, I personally much prefer this technique.

Are you suggesting uBO is sending data “back home”? It doesn't, and this comment is borderline FUD.


If only everyone used uBlock instead of the countless other scammy adblockers with millions of active users, which do not take privacy nearly as seriously. OP also never mentioned uBlock specifically, so I wouldn't be so quick to call it FUD.

Whether or not this is a sufficient solution is one thing, but there are some legitimate problems with the current state of adblocking. Being able to provide a similar solution in a far more limited fashion would be a good thing for users.


Nah, uBO is fantastic. The problem is nearly all other purported adblockers. Some of them are ok/mediocre; most (like most browser extensions) are just outright crap or malware.

The moral dilemma here seems to be that Google is unwilling to privilege a good-citizen adblocker like uBO over other extensions; they're an ad company and any explicit step towards promoting an adblocker probably is hard to explain at shareholder meetings, even if the engineers want to.


They never suggested anything of the sort. That being said, for every uBO that doesn't send that data back home, there are 1000s of "ad-blockers" that do exactly that.


What are you saying is the privacy advantage exactly? Regular adblockers also block requests before they happen - there's no "phoning home."


Browser extensions are executable JS. That is a huge vector for security and privacy issues (you should be extremely selective about which browser extensions you install). This new method is basically a list of regexs that Safari itself runs against the contents of the page. No 3rd party code is executed, so it's not possible for an extension to, for instance, report back on your browsing habits or steal your login credentials.


Poor justification when just about any other extension API is still a gigantic gaping hole.


What "other extension API" is Apple still allowing, making this a poor justification? You might be thinking of Google, which is allowing other gigantic gaping hole APIs while nerfing their content blocking, but Apple is being pretty consistent and doesn't also derive most of their income from advertising.


You are correct, however until Apple relaxes the rule that “[a]pps that browse the web must use the iOS WebKit framework and WebKit Javascript”, they should be held to a higher standard.


Hang on a second, since when are we this paranoid about installing software? I'm capable of deciding whether I trust a browser extension with the privileges I'm giving it, just the same as I'm capable of trusting any of the daemons running as root which could just as easily steal my personal data.

Sure, if all else were equal I guess I would trust Apple slightly more than an open-source extension developer, but all else is not equal - Apple is taking away the flexibility of arbitrary code and dictating that if you want to block ads in the browser then you have to use their regex-based declarative adblock API. I'm surprised to see such a warm reception on HN to a classic Apple "we're taking this away for your own good" kind of move that has historically not been very popular with enthusiasts.


This is a really long-standing battle between user accessibility and user freedom. Any time a software system or platform or OS allows for people to do whatever they want without restriction, you end up with thousands of compromised systems out there. The alternative, in the past, has been to lock everything down unless users go into some kind of "Advanced" mode or "Developer" mode but then users just get tricked into turning that mode on anyways or more advanced users hand wave those restrictions away for less savvy users without explaining any of the implications.

This is the same pattern that happened with IE where users would install all kinds of toolbars accidentally and then get tons of data stolen or when the first iPhone was jailbroken and everyone wanted all the cool jailbreak features. People would jailbreak the phones of their parents, siblings, relatives, friends, etc. without really every explaining what was happening and what the potential pitfalls of that are.

Now, unfortunately, we're at the same impasse with browser extensions. They're super convenient for most people and are widely used but there's another vector of attack for people that aren't as savvy and don't understand the consequences. Especially when it comes to browsing history, payment data, and passwords, it's so easy to compromise a system now when you can hide it in something like a browser extensions.

The real answer is to do a better job educating people about what everything is but no one wants to do that. More skilled users just want to bitch about what gets taken away from them personally without acknowledging the giant elephant that is ignorance. There is so much advanced technology out there now that people don't even understand the consequences of the most mundane actions.

In my opinion, Apple's trying to do something about that even if it comes at the expense of a few power users losing some conveniences. If their past history is any indicator, they will bring back or improve up on this functionality so that power users get it back somehow but, in the meantime, the bigger and more pressing issue is what takes precedence.


There might be technical reasons why browser extensions are particularly problematic and it might make sense to phase them out in their current form, so, to be clear, that's not what I'm getting hung up on. But there seems to be a broader acceptance of Apple's vision for a nice walled garden where users are safe from everything, especially themselves, and criticisms of this are just "bitching" from people who need to see the bigger picture. I'm sorry but I don't accept that.

Mobile is the primary user environment for a whole generation of kids and millions of people coming online in developing countries around the world. What we're bequeathing them is worse than anything in early-2000s Slashdot's worst paranoid nightmares. Billions of iPhones only load OS images signed by Apple and jailbreaks are aggressively patched as urgent security issues, guaranteeing vendor lock-in. Third-party code is too dangerous so users have to get it from a vendor-controlled app store and sideloading is forbidden for security reasons. You can't have browser extensions because they can see too much, so now you have to hope that Apple implements an API for whatever you were trying to do. There's a weird double standard where the tech literati are fine with things on mobile that they would never accept on their desktop. I guess it's because we have the luxury of putting our phones away and retreating to our "real computers" to scratch our tinkering itch. Not everyone has that privilege, or inclination. If the freedom to tinker means anything to you then mobile shouldn't be an exception.

I don't think the walled garden is even necessarily good for the ill-informed or careless users we're trying to protect. Checking out the "Advanced" mode is how users learn. While it may be dangerous for a casual user to be able to run a command or make a tweak they found recommended on some website, it also can be incredibly helpful - software doesn't always work correctly or the way that you want it to, and there's not always a nice button that does exactly what you need. And there's a real danger of the browser and the other public API surfaces calcifying to only permit what Apple thinks about ahead of time, smothering innovation that could have genuinely benefited users. Imagine if computers followed this philosophy from the beginning. I doubt users would enjoy an app store where user input (text only, of course) is sent securely into the app's stdin and output is text fed securely from the app's stdout to the screen, with no interference permitted by potentially insecure code attempting to provide things like scrollback because it could see all of the user's activity.

So yes, protecting users from the worst malware can be a thing but it's not as obvious as you make it sound that this should necessarily entail removing agency from the user. By aiming for the lowest common denominator user, Apple is depriving everyone else of real advantages. And, I would argue, producing a sterile and stilted experience that's best for no-one.


Indeed, only Safari will have the right to report back on your browsing habits under the name of telemetry or steal login credentials or whatever fear you can imagine.

I don't really care, I don't use Apple products and I still have Firefox, which will happily let me shoot myself in the foot on this (for now). You know what else is a "huge vector for security and privacy issues"? Every program I install through my package manager, or other source. The solution isn't to cripple the OS so that only my distribution vendor can run certain kinds of software and no one else.


Browser extensions are becoming a notable security vulnerability, with many high profile extensions falling into the hands of (or being sold to!) bad actors. The arbitrary code execution method of ad blocking (e.g. uBlock) is very flexible but it means that without ongoing comprehensive code review using one puts you at risk if the extension ever changes hands or has a backdoor added.

Apple's method avoids this issue by never letting the extension see the page contents, it only provides match lists of what to block that the browser then enforces. Even if the extension became malicious it has no access to private data on the webpages it is ad blocking on.


What I think they're saying is that with Adblockers, they can phone home which ads they block, URLs they see, etc.

Content blockers impose rules at the outset and the rule generator won't see what the URLs/content actually is.

The way I would think of it would be like "let me see what you're seeing and I'll let you know what to let through" vs "here are a list of things you shouldn't let through but I don't need to know about what the hit rate actually is".

Although I could be misunderstanding the implementation.


While true with some, I believe uBO is a list implemented client-side, right? Other ad-blockers can and do phone home and let through ads that have paid, but uBO just has the EasyList filter installed locally and blocks those URLs. That was my impression at least, I never personally went through the source code.


I trust uBO and roughly zero others. In fact, uBO has to remind people at every opportunity to avoid certain others. It is all the others, now and in the future, that are prompting Apple to do this, and the one well-behaved extension is unfortunately suffering as a result.

I mourn the loss of uBO, but I'll take that tradeoff knowing that I can relax knowing that my family and friends aren't going to end up using some intrusive nightmare of an "ad-blocker" with Safari.


This is exactly it. Even if a malicious extension gets through, they have access to nothing on the user side. It's not a fair trade off but, in my opinion, it is a worthwhile one.


> That was my impression at least, I never personally went through the source code.

That's the rub though. There's nothing but trust preventing them from including some spyware in the next automatic update. Actually not even trust, whoever has account access to publish for uBlock could have their account hacked and someone malicious could inject spyware into a version of the extension.


Trust is everywhere in computer security. You trust Google to not deliver a backdoored version of Chrome to your machine when you download a binary instead of building from source. You trust them to not break the law and leak your personal data to third parties or discriminate against you based on the content of your emails.

I trust Raymond Hill more than I trust Google.


This isn't as much about what existing extensions do today but all about what potential extension could be doing tomorrow.

If an extension doesn't get full access to all the pages you are reading, it can't do bad things with that access when the extension's owner inevitably changes (see the fight between uBlock and uBlock Origin for example) and spyware features are added.


Even if it is, it doesn’t matter. The problem Apple faces is how to prevent the other bad actors from abusing their API. The answer they’ve settled on is remove those capabilities from the API. Another answer would be to leave the capabilities but somehow only grant access to them to “trusted” parties.

I’m sure that would have gone over really well, too. /s


In the later scenarios, what assurance does the Ablocker have that their requests are respected? I could easily see a scenario where an Adblocker says "Hey Chrome block all requests to ads.google.com" and Chrome saying "Sure thing buddy" then completely ignoring that request.


The same assurance you have that the browser wouldn’t simply inject its own ads into all pages.


There's really nothing at all preventing Chrome from doing that today if they wished... they can manipulate the page before and after the Adblocker sees it.


SHHH!!! That's for Chrome 100 ;P

I agree it's totally possible they would do that, but one could figure it out pretty easily with a touch of detective work.


And then what? Google will say that it's protecting critical functions from breaking and to piss off. Suddenly Google is a monopoly in the ad space because they have the predominant browser and let through only their ads.


they arguably are effectively a monopoly now. Them doing things like this isn't remotely new. They just got caught tracking everyone's smart TV usage. Nothing will happen to them until:

1) the Government decides to intervene.

2) Users give up and start using different services.

I'm pushing for #2, but then I switched off like a decade ago, when I saw the writing on the wall.


Were they tracking smart tv usage or were smart tv manufacturers using google apis to store their tracking data?


Both it seems:

"The most prevalent tracker, Google's doubleclick.net, showed up in 975 of the top 1,000 Roku channels, with Google analytics trackers showing up in 360, the researchers found." - https://arstechnica.com/tech-policy/2019/09/studies-google-n...


Adblocker apps/extensions don't require that assurance. The user requires this assurance, and if the browser ignores the user's wishes, the browser is the application that should be held accountable by users.


How is the user to know if it's the AdBlocker or the Browser though? It's a he-said-she-said kind of situation with the AdBlocker and the Browser potentially pointing the finger at each other.

This setup gives the Browser/Maker plausible deniability when they act badly.


Browsers and extensions aren't black boxes; it's easy to inspect them for this kind of behavior.


This model is also a big performance win. The content blocker rules are compiled to an [efficient byte code format](https://webkit.org/blog/3476/content-blockers-first-look/) which can be evaluated insanely fast (microseconds not milliseconds), compared to doing IPC and running JavaScript for each resource in a page.


Which is same as banning ad blockers. With the declarative API you can't know what domains this website connects to and you can't prevent it from connecting to bad domains. Moreover, trackers and ads can choose a random domain to completely avoid any blacklists.


The content block lists will get updated frequently just like the ad block lists. And, sure, it’s a cat and mouse game just like it is with the add blockers. But at least this way is more performant and secure.

In the end, as has been said by others, if you don’t like it then use Firefox. That’s what’s great about the browser ecosystem we have right now. There are some really great options in browsers.


It's one cat and millions of mice that multiply rapidly. Ads networks that use random unpredictable domains are intractable by the static blacklist approach. Not only that: ads networks can watch the public blacklist and adjust their domains accordingly. If declarative API was about security, Apple would rather block network access for adblockers.

Agreed about Firefox. My goal here is to call out the hypocrisy of the declarative API. So I want to repeat myself that the declarative API is about giving ads networks an easy way to not get blocked, while using performance and security as false arguments that impress only those who know nothing about performance and security.


You know; I just realized I should clarify some confusion I myself may have introduced here. My original comment suggests the trigger is always matching a domain regex but domain isn't the only trigger. Content blocker authors can make use of one or more of seven different triggers. For example:

    `load-type`: An array of strings that can include one of two mutually exclusive values. If not specified, the rule matches all load types. `first-party` is triggered only if the resource has the same scheme, domain, and port as the main page resource. `third-party` is triggered if the resource is not from the same domain as the main page resource.
So our concerns about the cat and mouse game is true, but only for domain triggers.


Actually, I've been using content blockers on iOS and I haven't noticed any ads coming through. That's not to say they won't/don't ever but my browsing experience is noticeably smooth on that platform.


As a happy Firefox and uBlock Origin user I wonder what is so fundamentally different about uBlock Origin that its filter list can't be converted/translated to the JSON format Safari's content blocking API expects.

Is it more difficult than I imagine?


OK any argument in favor of this technique shatters in front of the fact that in practice, Ad blocking on iOS is useless, and requires more resources, since some older devices still cant use it.


If they really care about privacy, they can just whitelist uBO/uMatrix and everyone will be happy.


Wouldn't you prefer if both options were available?

I certainly would. I had been using Safari on mac only because it was fine and I had no need to switch to firefox or chrome.

Now I will definitely not be using safari anymore.


What content blocker would you recommend?


Apple themselves recommended Ghostery Lite. I feel like that one had some trouble in the past but I can't recall why. Regardless, I installed it and Magic Lasso to see how they do. I used to use Wipr with some success but it appears to be no longer free. Still, if Ghostery Lite and Magic Lasso don't work out, I'll pony up for Wipr.


I gave Ghostery Lite and Ka-Block! a shot and they blocked ads on most sites except for reddit. Pretty good for free.

Wipr blocks the same ads as the above combo, but also blocks those on reddit.

YMMY


This is exactly what Chrome intends to do and everybody hates Google for it. Defending this when Apple does it is a double standard.


When Apple says "We're designing this API in a way that allows you to block ads without having full visibility to monitor everything that any user does every web page they visit" it's totally believable because it's in line with the last 10+ years of their product direction.

Yeah, it makes ad blockers less powerful. It also makes them less of an enormous security risk in that all of your web traffic is redirected through them, and a compromised extension could do whatever it wanted with that.

People are more skeptical of Google's motives because nearly all of their money comes from selling ads and for all we know they're more concerned about their very very very large piles of cash than they are about browser extension security. That's not a motivation that Apple would have for their Content Blocker limitations.


Adblockers don't redirect all traffic though them. If you think about it for a moment you will see how absurd that idea is. This would incur one of the most massive bandwidth bills on the internet for negligible financial gain.

Current ublock origin.

Your adblocker frequently updates lists of patterns to block via any of many user configurable lists.

When you load a site ON YOUR COMPUTER it consults all those lists including custom ones you create yourself for annoying elements on particular sites before loading content. It NEVER sends said content to the adblocker or leaks your information.

Ublock origin provides both the adblocking engine and the lists and can innovate on the former and iterate on the latter as fast as you please.

New chrome restrictions.

Google provides an adblocking engine substantially inferior to ublock. Extensions are able to provide only a list much smaller than current lists and can only update that list when the extension itself is updated. They cannot innovate on the adblocking engine as they are stuck with the crummy one an ad company provides. This basically ensures that ad providers win the arms race with adblockers.

Safari

Shares the same inherent flaw with chrome that Apple will be providing the adblocking engine with the possible benefit that apple isn't directly making money off ads and has less incentive to directly break adblocking.


I don't mean that it sends the actual web traffic through some uBlock server, I mean that the uBlock browser extension sees all of the requests to load a webpage and decides what to do. It can decide to block them or not. It could also decide to scoop up all of your personal information and do bad things with it.

If someone were able to compromise the developer account and get a malicious version distributed through the Chrome browser gallery, that would be a huge problem. The kind of thing that has been making headlines with compromised npm modules recently.

Google has reviews in place to prevent malicious extensions from being distributed, but they can't be perfect. We've seen that repeatedly with both Chrome extensions and Android apps.

Every extension with permissions set for "This can read and change site data on all sites" has a huge target on it, and the fewer things using that level of access the better. Ad blocking extensions are an obvious place to look for improvement because they're so popular.

I hope that Google can put a blocking system together that will be able to perform as well as existing solutions without adding any huge security risks, but I also agree that it's problematic that their incentives are to do the exact opposite.


The latest version of Chrome allows for "read on a write site data" on a per-site basis. Not so useful for ad-blocking extensions, but a boon to any extensions I don't really want to give full access to.


So enforce human reviews for any update to extension with "read all requests" permission and over X users.


Nah. If they feel inclined to do something more powerful than the Content Blocker API then they should build the ad blocker themselves into Safari. It can be off by default and configurable by users.

It'd make the Content Blocker API kind of pointless but that'd be safer than letting third parties in.


I don't see much value in ecosystems that where only one party can build powerful tools


I don't think "ecosystems" are a priority in and of themselves for Apple.


Thank you for clearly elucidating the difference between what we had and what we're going to have moving forward.

I'm so tired of this trend where folk keep pitching significant reductions of technical capability as some kind of "win" for the consumers and developers of a platform.

This is about exploiting platform owner privilege, no more and no less.


This should be the top comments, thanks for taking the time to write it out


Plus, Chrome only plans to disable the blocking functionality of webrequest, not the monitoring part.


As you say it makes ad blockers less powerful. Ad companies are scummy, and will most definitely exploit this, making it either painful or impossible to block their ads using the API. And then the API will be playing catch-up forever.

And trusting a company based almost exclusively on ad revenue to build an ad blocking API is just bonkers. No, the only way to effectively block ads for the foreseeable future is to give ad blockers all the information. Unfortunately.


> totally believable because it's in line with the last 10+ years of their product direction.

yet they have shitware called uBlock that's there intended to confuse them with ublock origin, just sitting there in app store...


How is that related to Apple’s product vision at all?


It flies in the face of the "curation" and "privacy" arguments.


> Yeah, it makes ad blockers less powerful. It also makes them less of an enormous security risk in that all of your web traffic is redirected through them, and a compromised extension could do whatever it wanted with that.

This presumes I trust Apple significantly more than authors of any conceivable blocking plugin — by large enough margin that it would be worthwhile to lose functionality over it. That isn't really the case — I only trust Apple marginally more and, if anything, making such decisions on my behalf erodes that trust.


Using theit browser, you are already trusting them. If they wanted to spy on you in Safari, they would regardless of content blocking.


"Trust" isn't something binary. I trust them to do something and not something else; they may just be the ones I distrust the least as well. And assuming I _distrust_ someone just because I trusted someone is obnoxious.


No, it's not. Chrome says its for privacy but still allows plugins to snoop on all network traffic (just not midy the requests). So it doesn't improve privacy.

That's why everybody is hating on google - it's a reduction in functionality without an increase of privacy even though that's "why" they did it.


My understanding is that Manifest v3 pushes ad blockers from chrome.webRequest to chrome.declarativeNetRequest, and they do not have the ability to see what requests are made with declarativeNetRequest. They can define rules to block or modify requests, and the browser executes them without letting the extension see any specific requests. Is that not correct?

The complaints from blocker developers have been that Google isn't allowing enough rules (Google has agreed to increase that), and that their existing blocking lists are defined in a way that needs more logic than declarativeNetRequest's matching system.

https://twitter.com/gorhill/status/1134127701583904770


The two complaints are valid.

The point I was making is that chrome.webRequest is still around (as I understand it - if I'm wrong, please correct, because that's my whole point!), it's just for observation only now. Plugins can still request that permission... which means plugins can capture just as much data as before this change.

That doesn't seem like a good trade off, given the two complaints you listed.


Yes, but those plugins will now require more expansive permissions requests when enabling them, correct? It used to be that when you installed an ad blocker, you'd have to agree to allow the plugin to "view and modify all content from all pages" (can't remember the exact wording), now, you don't.


> Yes, but those plugins will now require more expansive permissions requests when enabling them, correct?

If history has taught us anything it's that forcing users to agree to allow access in order to get what they want doesn't stop them from doing it. Especially when programs apps and extensions are required to ask for broad access to accomplish even the smallest tasks that the warnings become meaningless noise. If I want ads blocked and I trust a company enough to install their blocker I'm not going to uninstall it just because it needs access to the content I want it to check over for the presence of ads. No matter how many warnings I get or how scary they sound I still want ads blocked.


webRequest is still around for now, but Manifest v2 as a whole will be deprecated sooner or later and I think webRequest goes away with it. I don't know if Google has specified dates for this, but for historical context here's the timeline from Manifest v1:

https://developer.chrome.com/extensions/manifestVersion#mani...

Deprecated in March 2012, stopped accepting updates to Manifest v1 extensions in March 2013, and existing extensions stopped working in January 2014.

EDIT: Google's blog post talks a lot about removing the "blocking version of webRequest", so perhaps the monitoring one still exists? But their goal would be to make these into separate permissions - the very popular blocking extensions can work blindly, while monitoring extensions can still function? It's not very explicit about it, but that's how I'm reading it https://blog.chromium.org/2018/10/trustworthy-chrome-extensi...


Not "everybody" hates Google for it. People who don't understand the security implications inherent in allowing browser extensions that have nearly-unrestricted access to the user's behavior -- even if well-intended -- may hate the Chrome team for it.

But there are those of us who understand why the Chrome team made the decision it did, and are sympathetic. And we're happy that the Chrome team and Apple are of the same mind about this.


> People who don't understand the security implications inherent in allowing browser extensions that have nearly-unrestricted access to the user's behavior -- even if well-intended -- may hate the Chrome team for it.

> But there are those of us who understand why the Chrome team made the decision it did, and are sympathetic. And we're happy that the Chrome team and Apple are of the same mind about this.

Hey, you probably didn't mean it this way, but your comment kinda sounds like you're saying everyone who opposes Google's decision is a simpleton who doesn't understand the security implications of browser extensions. That's not true, and more importantly, not especially charitable.


> People who don't understand the security implications inherent in allowing browser extensions that have nearly-unrestricted access to the user's behavior

You can say the exact same thing about any code we run on our devices. We accept that risk or we wouldn't run any software at all. Google isn't worried about our privacy. They take our privacy. They are worried about their profits because that's all any corporation cares about.


We definitely do not represent the vast majority of users.

Many have no idea these risks even exist, or mostly wrong notions about them.

Pretty sure my parents and grand parents don't even want to know their (probably randomly picked) ad blocker could pick up their credit card number every time they type it in their browser.

How could we hold it against them? Computers to them merely are (sometimes cumbersome and annoying) tools.


If your parents are consistently using ad-blockers they're doing better than most of my family. My mother wouldn't know what a browser extension was let alone how to begin installing one. The totally computer illiterate are at least protected in that sense.


The question is, whom do you trust, and who bears the greatest consequence of failure? I'll bet my money on Apple over some third-party extension vendor to protect my privacy.

Besides, in the end, it's all about minimization of threats. The existence of one threat is better than the existence of two. Don't let perfection be the enemy of the "good enough."


> The question is, whom do you trust, and who bears the greatest consequence of failure?

I'm going to trust uBlock Origin because it is free open source software and I can see everything they are doing with my data. Apple on the other hand forbids reverse engineering safari (trying to understand what it does and how it works).

Once you're a part of the apple eco-system apple could theoretically (and to be clear we're talking about purely theoretical privacy risks in all cases) access your browsing history and also tie that directly to your name, address, credit card/bank account, GPS coordinates, etc.

Putting your privacy in the hands of a company that has so much of your data already is naturally more risky than compartmentalizing. If hackers somehow compromise my browser extension they get access to my browsing history on one device until I notice and correct the problem. If a hacker somehow compromises Apple they could get access to much much more. For all their care and resources Apple is not immune from attacks either. Safari has had a ton of vulnerabilities exposed just this year so far.


It's not uBlock Origin they're concerned about, though - it's all the other random extensions out there that could use the same capabilities for evil instead of good.


Ultimately the freedom to decide what code a person runs on their own hardware has to be left up to the user. The users who install every random extension they see are the same ones who download every app and click on every link in the spam they get. You can't protect users from themselves, but you can empower them to better protect themselves.

Downloading a sketchy browser extension takes deliberate action on the part of the user. Just loading CNN.com can (and has) caused computers to become infected automatically because of ads. Limiting the ability to block ads is not protecting anyone.


That argument was lost 11 years ago when the iPhone came out, and yet, people still can't get enough of them.


> Not "everybody" hates Google for it. People who don't understand the security implications inherent in allowing browser extensions that have nearly-unrestricted access to the user's behavior -- even if well-intended -- may hate the Chrome team for it.

...this is a fantastic argument for disallowing installation of custom browsers. I do hope y'all like IE and/or Safari.


Sounds like Google hasn't communicated these technical changes nor their intentions very clearly at all. Just judging how there's multiple people saying different things in this thread for both.


It's clickbait fodder. Construing the manifest privacy changes as Google is blocking ad blockers is better clickbait than saying Apple safari is doing the same thing.

It's similar to when the internet blew up about Google's project dragonfly, which was cancelled, while Apple quietly did the same thing by sharing iCloud user data with the Chinese government.


Well, they're not exactly of the same mind.

Apple blocks not only the content, but the ability to even monitor as well. So there is a little extra with the Apple way.

You'd hope google would follow suit, but given their business model it's understandable if they don't. (Not that I'm a supporter of Google's business model, just that I understand why the ability to monitor is still there.)


I can't follow your reasoning. How does Google's business model justify allowing 3rd party Chrome extensions to snoop on user traffic?


Chrome has not proposed any change that would prevent extensions from monitoring all traffic. You are ascribing a good motivation to Google, but Google’s actions are inconsistent with your hypothetical motivation.

Specifically, Google proposes to continue allowing extensions to observe all requests, but extensions can’t block requests based on these observations.


> extensions can’t block requests based on these observations

The new API is called "declarativeNetRequest" and allows extensions to block requests: https://developer.chrome.com/extensions/declarativeNetReques...

"There are the following kinds of rules:

* Rules that block a network request.

* Rules that prevent a request from getting blocked by negating any matching blocked rules.

* Rules that redirect a network request.

* Rules that remove headers from a network request."

> Google proposes to continue allowing extensions to observe all requests

Their expressed intention is to disallow such behavior in the future:

"The declarativeNetRequest API is an alternative to the webRequest API. At its core, this API allows extensions to tell Chrome what to do with a given request, rather than have Chrome forward the request to the extension. Thus, instead of the above flow where Chrome receives the request, asks the extension, and then eventually gets the result, the flow is that the extension tells Chrome how to handle a request and Chrome can handle it synchronously. This allows us to ensure efficiency since a) we have control over the algorithm determining the result and b) we can prevent or disable inefficient rules. This is also better for user privacy, as the details of the network request are never exposed to the extension."

(Source: https://docs.google.com/document/d/1nPu6Wy4LWR66EFLeYInl3Nzz...)


Quoting from the same page, one paragraph up from your big quote:

> In Manifest V3, this API will be discouraged (and likely limited) in its blocking form. The non-blocking implementation of the webRequest API, which allows extensions to observe network requests, but not modify, redirect, or block them (and thus doesn't prevent Chrome from continuing to process the request) will not be discouraged.

I rest my case.


Well, yes. There’s a transition in progress. I would expect the older API to be deprecated or removed in a future version, probably within a couple of years.


I'm sorry, are we seriously pretending that the "inefficient rules" aren't going to just happen to be the ones that affect Google ads?


AFAIK, Safari supports longer lists than Chrome to the point that you can produce an usable ad-blocker for Safari but not for Chrome because you will hit the limit too quickly.


It's easy to verify that this is completely not the case. Safari allows 50,000 rules [1]. Chrome allows 150,000 [2].

[1] https://help.getadblock.com/support/solutions/articles/60000... [2] https://blog.chromium.org/2019/06/web-request-and-declarativ...


Safari allows 50k per list, Chrome is planning to move from 30k per extension (!= list) to 150k global max per your links. That's quite a difference. On iOS, some blocks use multiple lists -- AdGuard has six and 1Blocker X has seven, for example.

An ad blocker that would be limited to 30k rules, as originally suggested by the Chromium folks, would be severely neutered. And even with the 150k max, I currently have ~240k rules in uBlock Origin. That's way above Chrome's planned max. But easy enough to implement with Safari's model, even if it requires using at least five lists.


"Exactly." "Everybody." "Hates." Bonus: "You are an ethic-less hypocrite."

Look no further for why our society is having such trouble coming to any sort of agreement on issues that matter.

I read the GitHub post yesterday, immediately bought 1Blocker, and moved on! (And it's been great!)


Why are you happy for having to pay for an inferior product? If you believe 1Blocker is superior or extensions shouldn't use the now disallowed API, why didn't you use it before? Or if you don't care about this at all, why are you even commenting about this thing which people express their feelings about? Your apathy doesn't make their arguments invalid.


And you've illustrated another problem with online discussions, particularly since the ubiquity of social media. You assumed that my call to moderation in this debate is because of apathy, and presumed to read my mind. I'm hardly apathetic, or happy about it. 1Blocker doesn't work at all on Youtube, so I'm using Firefox for that now, where I can still use uBlock Origin. I'm disappointed, to be sure, but no amount of whinging, no matter how vociferous, is going to change this, so I'm pragmatic about it.


> You assumed that my call to moderation in this debate is because of

Did you read the same comment I did? They're baffled and they asked you about several different possibilities to figure you out. That's the opposite of assuming. "Your apathy" was conditional, based on the previous question.

> I'm disappointed, to be sure, but no amount of whinging, no matter how vociferous, is going to change this, so I'm pragmatic about it.

Losing money and being disappointed doesn't sound 'great' to me!


It's also good for performance. The blocking can happen immediately in the browser/network process, instead of waiting for the extension code to run in its own process and tell the network service what to do.


In principle yes. But in practice, we are talking about nanoseconds; and I would very much like to see benchmarks/measurements showing anything that can be perceived by users. Also, this blocking cost is still orders of magnitude lower than network latency and blocking requests (even with a slow adblocker) will result in a noticeable performance boost while browsing the web.


It certainly does not take merely nanoseconds to wait for JS to run in another process.


This comparison is only apples to apples if exact same content can be filtered. If you lose some filtering due to the added restrictions on blockers, the page may load more resources (in particular, javascript), easily negating any CPU performance benefit.


The situation with Chrome is actually even more misconstrued than that, since ad-blocking performance isn't the only, or even the most important, issue Chromium is dealing with in Manifest v3. Chrome extension security has become one of the biggest time sucks in corpsec/IT security, and that team had been planning for years to address it. But people have a rooting interest in uBO, so none of that gets out.


Google are between a rock and hard place, for sure!

As someone who isn't a corpsec/IT practitioner, though, breaking uBO is literally the most important impact of Chrome's Manifest v3 for me.

I wouldn't mind if Google incorporated uBO as a first-party component in Chromium while applying the restricted policy to all other extensions! Most purported adblockers are crap, if not malware. Pick the best one and restrict the rest.

Unfortunately, I doubt an advertising company is going to incorporate uBO in the browser they provide for free.

I totally buy that breaking uBO isn't Google's goal for Manifest v3! It just happens as a beneficial side effect.


The actual right fix here is for Google to give a blanket exemption to uBO and to nothing else. That's what security people want them to do. Because the underappreciated problem here is that while uBO is fine, ad blockers in general are security tire fires.


Totally agree that's the right engineering fix! I just don't see it happening for dollar and cent reasons:

> The moral dilemma here seems to be that Google is unwilling to privilege a good-citizen adblocker like uBO over other extensions; they're an ad company and any explicit step towards promoting an adblocker probably is hard to explain at shareholder meetings

https://news.ycombinator.com/item?id=21032698


Or they could apply some level of moderation to the web store, like Mozilla has done.


It might not be the most important issue in the whole Manifest v3, but it's the only issue mentioned for deprecating the particular API that uBO uses to block requests.


It's not exactly a double standard because...

Like many things in technology, there are few write ups explaining this, including the pros and cons, in simple terms that most people can understand. So, people are not well informed.

When they are not well informed they will tend to make decisions based on other things, like their business model. We know that Google makes money displaying ads and has generally soaked up information on people to use for their benefit. Apple has been advocating privacy and makes money selling hardware and services.

If there was an "explain it to me like I'm 5" write up on how the changes to Safari and proposed changes to Chrome would work I could imagine it would help people see something other than the business model.

This isn't a double standard. It's people making judgements on something other than the technology.


From OP's argument, it seems likely they'd support Chrome doing the same thing.

A double standard requires the same person or population to hold logically contradictory viewpoints. That isn't what is happening here.


Maybe, but Apple has less of an incentive to deliberately misimplement it since they don't earn huge amounts of revenue from ads.


Not through lack of trying. It's just that iAds was unsuccessful.


Apple isn’t anti-advertising or pro-advertising, but it is pro-privacy. iAds failed because Apple refused to allow invasive tracking.


Google is an Adtech company.


Chrome was going to allow only a very small list - that's what people were complaining about. The idea of having a built-in way to specify blocks is fine, it's more efficient anyway.


Google makes almost all of their money through ads...


But then even Mozilla makes most of their money through Google.


There’s no double standard. Everyone hates Safari for this too… all the 500 users of it.

Of course you’ll hear a lot more noise from the users of the browser with the larger share by a wide margin.


Estimates for Safari marketshare range from 15.15 - 24.9% across all platforms [0]

[0] https://en.m.wikipedia.org/wiki/Usage_share_of_web_browsers


A better sentence: the median estimate for Safari's desktop market share is 5.12%


>desktop

Why does narrowing it to desktop devices matter?


HMU when you install uBlock Origin on your iOS version of Chrome


I don't have iOS so i'll take your word for it.


Because Apple doesn't allow any other browser engines on iOS. iOS users are shackled to Webkit, and are unable to make a choice.


I think they're talking about Desktop market share where Safari has very small usage.


Interesting. I see about the same on the web sites that I build.

I assumed it was just a fluke because I'm in the healthcare space, and that means lots of iPads and doctors rocking the latest iOS gear. I guess not.


That includes mobile users.

I’d expect there are about 500 hardcore safari fanbois on Mac but everyone else uses it to download a different browser.

Microsoft Edge is coming to Mac, obviously that’s the future.


Safari is by far the best browser on Mac IMO, I’m glad Edge is coming but it has its work cut out to beat Safari on performance, energy efficiency and integration.


Exactly. The whole point of this HN post is that people are annoyed and upset about Safari doing this. Ultimately this and Chrome's potential upcoming changes have driven me back to using Firefox almost exclusively.


Mozilla's statement regarding Manifest V3 hints that Mozilla is likely to follow the same path at a later date. They face the same security and privacy issues surrounding plugins that have driven Apple and Google to make the changes they have.


> We have no immediate plans to remove blocking webRequest and are working with add-on developers to gain a better understanding of how they use the APIs in question to help determine how to best support them.

I don't take from that they will apply it in the future, just they don't want to rule anything out.

source: https://www.ghacks.net/2019/09/03/mozilla-wont-follow-google...


Well i have no complains about Safari but their Extension system is really costing them users. At this point I uBlock Origin is by far the most reliable AdBlocker you can find and my having the developers explaining that in the future maybe only Firefox will support it it's kinda of sad.

Of course we know that Google has to make money from Ads so its understandable but what about Apple ? They are putting heavy focus in privacy, would it be good if they open their browser to make sure their users will not move to Chrome/Firefox or other browser ?


The day ublock origin doesn't work on chrome is the day users will flock to firefox. We have seen time and time again that users aren't afraid of switching browsers. This is because since their core functionality is so similar, small advantages will tip the scales.


You'd be surprised how many people don't use adblockers. There will be a few people switching but I don't think anymore than 1% of total Chrome users


> You'd be surprised how many people don't use adblockers.

Most studies[1] done in the last 2 years report between 20-40%, depending on the population and device type (laptop, desktop, phone, tablet) studied.

While I can't say what % you or GP would estimate or whether you'd be surprised that it's 20-40%, I think 20-40% is a lot.

[1]: Choose any study or summary of one: https://www.google.com/search?q=what+percentage+of+internet+...


But how many are actually using uBlock Origin? Nearly every person I come across is using AdBlock, AdBlock Plus, or some other adblocker, no matter how many times I recommend they switch to uBlock Origin. Most people are not aware of what Chrome’s changes mean (or of the changes at all) and for those that do use uBlock Origin, my guess is most people will simply switch to a different adblocker rather than switch to a different browser.

I doubt uBlock Origin being removed from Chrome will change the status quo. Maybe in a few years when enough powerusers convince enough casual users. If you just look at software out in the world, it's clear that powerusers have next to zero influence. It's why desktop Linux use, for example, is still just a blip after all of these years.


> my guess is most people will simply switch to a different adblocker rather than switch to a different browser.

the moment they can't find ad blocker that actually works they will stop switching ad blockers and switch browsers.

What's holding back linux isn't the lack of influence power users have, it's that it's still lacking in gaming, hardware compatibility, and ease of use (although those are improving all the time)


Yes but power users do. And power users are the ones who set up and influence their friends and families browser choices.

At least that is my theory on it.


This is correct. I remember showing friends Chrome after hearing their complaints about how slow IE was. Some had to get over the hurdle of downloading and installing chrome (whereas IE just came with the laptop) but once they used it they never looked back.


Thanks, I just realized I have to switch my mother from Safari to Firefox now that Apple decided to forbid uBlock.


It’s less Apple forbidding uBlock, and more uBlock deciding to not turn itself into a content blocker for the newer version.


That's just wrong. It's impossible for uBlock Origin to turn itself into a content blocker while retaining its current functionality.

Content blockers in Safari are limited to 50k filters. uBlock Origin's default filters have more than that. Therefore, the choice is between a new, but much less useful extension, or no extension at all. uBlock Origin decided on the latter.



To be fair, multiple extensions is a huge hack and has complexities of its own.


Firefox on iPhone doesn't support addons either unfortunately


Doubt it. I imagine most people use the browser that came pre-installed on their phone.


If you’re using iOS - you’re always using the rendering engine that came with your phone.


People always downplay the power that technical users have on regular people.

Who do you think the moms and friends all listen to? Their technical friends. This of course won't hit 90% of users but it's enough to have a large influence well beyond just power users.

Few companies survive pissing off the nerds when there is legitimate competition available in consumer products.


> Few companies survive pissing off the nerds

I wish this sage advice was part of every business executive's education. :-)


Tell that to Oracle...


B2B enterprise sales is a totally different beast than free consumer software. That type of boardroom decision making is inherently disconnected from the technical capabilities and even integration success rates.


Especially when the method of content blocking that is supported will probably still block a significant bunch of them.


It's a rapidly shrinking majority. There's a network effect here where people learn about things and share with their friends.

You're probably not wrong that there will not be a rapid initial migration. Maybe more over a longer time period. Maybe not.


I think if it was that small, Google wouldn’t take an aggressive stance against ad blocking. They would likely retain more users overall by appealing to that small power user minority that converts others.


You'd be surprised how not many people need to change trend

And for small browser like safari it will be fast death

And for chrome

On mobile chrome is already (for me) dead coz it not allow extensions


This is true. Being on a third-world country, the internet for the people here is the social media.


"The day ublock origin doesn't work on chrome..."

The manifest v3 proposal takes chrome down to roughly the same level as Safari for ad blocking plugins. https://github.com/uBlockOrigin/uBlock-issues/issues/338#iss...

So, that day isn't far off. It was supposed to be in canary last month, I haven't checked.


This was true during an intermediate period where all browsers were more-or-less equivalent. It wasn't true before then, when many sites were designed with Internet Explorer in mind, and tended to work less well on other browsers. I don't think it will be true now, either, now that most sites are designed with Chrome in mind, and tend to work less well on other browsers.

The big difference is that the functionality problems 20 years ago were easier to explain, and therefore easier to get people upset about. It's a lot easier to weave a compelling political story about straight-up incompatibility than it is to weave one about degraded performance due to differing just-in-time compiler optimization behavior.

Also, we seem to be stuck in a situation where people are still so fixated on a monarch that hasn't been in power for over a decade that they maybe haven't been so concerned that the old monarch's overthrower has consolidated power to become a new monarch.


There seems to be this idea that some sites work worse with FF but in all the time Chrome has existed, I've never found any sites that didn't work with FF.


I've never found any that don't work, but Firefox supports fewer "standards", so you can end up with a somewhat degraded experience on some sites. My own company's product, for example, has some janky bits on browsers other than Chrome. The performance is only a little bit behind on most benchmarks, but isn't anywhere near as fast for certain kinds of animation. It can be noticeable on sites that run a lot of animation. Like, say, sites with ads. Possibly only if you're using an older or less powerful computer. Which isn't how we of the orange header bar like to roll, but also isn't a terribly uncommon thing to do out there in the wider world.

(Scare quotes around "standards" because calling Chrome-only things standard nowadays seems a bit like calling AcitveX a standard 20 years ago.)


I use Chrome almost exclusively at work, Firefox on my gaming computer, and Safari on my personal MacBook. Other than extensions on Safari and minor differences in keyboard shortcuts, I don't really notice the differences.


I agree. I've never encountered a site that didn't work in FF.

But I have seen sites that don't work in Safari.


zoom web client doesn't do audio on ff. It's a bit of a special case and they do have a dedicated app, so it's not the end of the world.


Since Mozilla has switched to Zoom internally as of recent, I'd be surprised if this compatibility issue stays unfixed for long.


I was planning to switch back to Firefox; this would actually be a dealbreaker for me.


I have chromium for that one site. Everything else is in ff. You can switch for a single site, it's not painful.


Maybe it's ublock, but I've had plenty of sites that just don't work on firefox. barclaycard, blackboard, and the schools web print system (dts) are my recent examples.


I have issues with Google properties on Firefox.


> I've never found any sites that didn't work with FF.

Twitter doesn't work very well on Firefox for Android.


coda.io. https://community.coda.io/t/firefox-support/8395/3

That's the only one I remember encountering.


People keep repeating this on HN but I've been on Firefox for about a year no and everything just works.


As a chrome-user: this. Firefox lost me years ago due to performance differences, and since chrome works fine for me, there was no ux-related reason to switch back. The day I'll see ads everywhere will be the day I'm back to firefox, and without second thoughts at that. If I really like your service, I'll happily pay for it. I hate ads, the psychological strats behind them are completely unacceptable. I'd happily pay google a subscription-rate, if that's what it takes tbh. Take my money, not my attention.


I think Firefox is faster than Chrome these days. Unfortunately I prefer the web developer tools in Chrome, so I use Chromium as I wasn't a fan of every URL I type going to Google.


Likewise. Unfortunately, some services such as YouTube TV don't work on chromium. Also if you're not on linux, updating is a pain (you must do it manually iirc)


Opera was my other workaround.


Have you tried the Edge[0] preview dev tools? I have not but I know it also has an extension[1] for VSCode that seems interesting.

[0]https://www.microsoftedgeinsider.com/

[1]https://marketplace.visualstudio.com/items?itemName=ms-edged...


I use Linux.


Edge is macOS/Windows only but VSCode is available over there. Worth keeping an eye out because I wouldn't be surprised if Edge lands on desktop Linux[0] someday. I'm not a web developer and a Firefox diehard for almost 20 years now, but the Edge beta has become my fulltime Chrome alternative when I feel I need to try something on a Chromium-based browser.

[0]https://www.omgubuntu.co.uk/2019/04/microsoft-edge-may-come-...


Just a general warning. A few days ago I noticed Chromium from Chocolatey did not receive any updates in quite a while.


Is unlimited system resource usage ok for you? If not, you should really re-evaluate your premise of performance differences. Fire up sys mon, activity mon, top, or what have you, open both browsers. Firefox wins on every metric by substantial amounts (memory for example wins by an order of magnitude).


Since I never max out my resources (mbp 2016, 16 gigs, entire workload happens on servers and not on my local machine) that doesn't really affect me - and with 50+ tabs open frequently, just go ahead and take my ram to keep them available, sure. Unused resources are wasted resources - and again, I'm never above 10gigs, maybe 12-13 if I have a local vm running.

Like I said: ux-wise, I'm not impacted negatively by using chrome, at all. If my laptops resources were more limited or my local workload was bigger, I'd probably check out Firefox, but since I'm not bottlenecked, why bother?


Chrome uses more memory than Firefox. Just try opening 50 tabs in each - chrome will eat your RAM.


I've never understood this argument. What's the purpose of having RAM if it's not utilized?


That logic works if you're not bounded on RAM, but it's not an inexhaustible resource; personally I'd rather keep it free for VMs or other high cost operations.


Firefox is fast again


Firefox always was fast. You were using it wrong.


>The day ublock origin doesn't work on chrome is the day users will flock to firefox.

>This is because since their core functionality is so similar, small advantages will tip the scales.

It is a a bold assertion, which is not backed up by the data. Despite Mozilla repositioning Firefox recently and reclaiming some lost ground, it is to a larger extent, still only maintaining a steady set of core users. To make an assumption that small advantages will tip the scales in favour of FF is wishful thinking, as demonstrated by some of the conversations. Furthermore, it is inherently not in the best interests of Google to actively promote ad-blocking policy unless it serves it's own purpose, coupled with the acute awareness of why power users and developers pick Chrome ─ they are well positioned to throttle any competition.

https://data.firefox.com/dashboard/user-activity

https://news.ycombinator.com/item?id=20850135

https://news.ycombinator.com/item?id=20052623


I have started moving my friends and family from Chrome to FF. Biggest piece is the privacy angle, but the multi-site containers is also pretty important. It's nice to be able to block facebook API calls from other sites, etc. etc.


You say that (and I agree - I use Firefox everywhere because there's no Chrome plugin support on Android) but I'm genuinely curious to see what happens if/when Chrome stops supporting ublock origin. I suspect - sadly - that there won't be the "flocking to firefox" we might be hoping for. Just enough ads will get blocked with a new, gimped ublock origin, or built-in ad blocking of some flavour, to prevent any meaningful exodus.


Counter-example: Firefox on Android is pretty much the only thing that supports UBO there, and its market share is negligible. I find that baffling.


Firefox on Android is a usability shitshow compared to Chrome on Android. And I say that as someone who doesn't like Google products.

I think most people who wanted adblocking on Android switched to Brave instead, which is essentially a Chrome fork without the Google stuff and with better tracking protection.


Firefox on Android is a usability shitshow compared to Chrome on Android.

What makes you say that? Firefox has been my primary mobile browser for over 5 years, am I missing something?


FFAndroid (Fennec?) does strange things. A few examples:

1. You are on this web page in Fennec[1], and you want to do a web search. Click the address bar, type in your query, hit go. Sometimes, Fennec will start the progress bar and act like it is searching, but will draw another tab in the main viewport before resetting the progress bar and changing the url to the SERP you want. If you don't know its going to do that, it looks like Fennec completely ignored your search and loaded another tab.

2. Fennec will sometimes lose its cool and stop rendering pages. The UI layers will respond, you can open hamburger menus, tab listings and thumbnails, but no matter what tab you select, it no longer renders anything but a blank canvas in the viewport. You have to force close Fennec to restore normal behaviors.

3. Fennec will after a long time of being active lose its extensions like noscript et al, you have to force close and re-open to get them to show up in the hamburger menu again.

Stated as a die-hard Firefox for Android fan.

[1] %s/Fennec/<whateverItActuallyIs/g


A good list, but it won't matter for much longer. Fennec is dying, Firefox Preview is coming.

As in, the core browser is available and seems to work fine, but for many people there's not much point in switching until it supports extensions. It won't replace Fennec until it does.

https://github.com/mozilla-mobile/fenix/issues/574


I've never encountered these problems.


I personally never liked the nav bar and everything at the top. It loads sites much better than Brave and feels more precise for things like dismissing cookie/signup notifications, but navigating the interface always felt tedious. If they just had options for interface layout or nav bar contents it would be great.


Firefox Preview is a lot better. But it doesn't support UBO yet, so I'm still on the old one.


I only use Firefox on desktop, but I stopped using it on Android because for a period of time it needed something like one minute to show a web page. Since I don't mobile browse much I just uninstalled it and use Chrome. Privacy is a lost cause on Android anyway. Maybe one day I'll be able to afford an iPhone + the Mac needed to make apps for it.


Exactly, especially for people who don't do web development the difference is hardly there. Actually I recently started to prefer Safari, despite its less smoother Tab UX but this was enough reason to make me switch to Firefox (Nightly). I'm also surprised that it seems to start faster than Safari.


Or they will flock to Brave browser.

https://twitter.com/brave/status/1088914000379731970


That will be a good thing.


Apple is making this move indeed to protect the privacy of its users more. They allow implementing content blockers rather than ad-blockers.

See the difference here: https://github.com/el1t/uBlock-Safari/issues/158#issuecommen...


> Apple is making this move indeed to protect the privacy of its users more.

I'd give Apple's claim here as much credence as I give Google's claim that webRequest caused performance problems when extensions used it.


What do you doubt about their claim? Adblockers are an significant privacy vulnerability in the traditional model. Apple has no vested interest in ads. It seems entirely consistent with their privacy focus why they'd do this.


The problem is that websites are also currently a significant privacy vulnerability.

I'd love an adblock system that allowed me to block trackers with a purely declarative API. I do not trust Apple (or Google) when they say that their API will be as effective as current extensions.

Ublock Origin and UMatrix are hands-down the gold standard for blocking right now. I'm very, very cautious about ignoring the advice of the person who made them, and that person is saying that declarative APIs don't offer enough flexibility for the blocking they want to do.

Of course extensions are a privacy risk. But I only need to vet two extensions, and without them I need to vet hundreds of websites. If the current extensions do a better job without a declarative API, then I'd rather risk installing them. You have to look at the risk of extensions in the context of the risks of the broader ad ecosystem on the web.


I think you underestimate the threat potential of extensions.

Yes, ad networks can track you across participating networks. But an ad network can only attack the sites that use it.

An extension can access everything.

And how do you "vet" an extension? By checking if the author looks like a trustable person on their Github photo?


The same way you vet desktop apps. Install as few of them as possible, because the sandboxing is currently quite bad. Do research on the people who are developing them. Read the source code.

If you're worried about malicious transfers of power, turn off auto-updating in Firefox. If you're worried about being able to audit the actual installed code, use Firefox Developer Edition and audit and compile your own version to run.

In practice, I trust UMatrix and Ublock Origin because I'm familiar with Gorhil's work and comment history around Github and HN. I also extend a similar amount of trust to Decentraleyes for similar reasons. Those are the only big 3 you need to get the biggest impact on your privacy. Arguably, you don't even need Decentraleyes if you only want to trust one person.


Why not just run all desktop apps in sandboxed virtual machines then?

There's a tradeoff between default privacy settings and user simplicity. As a power user you're still free to run whatever complicated scheme/browser you want to.


> Why not just run all desktop apps in sandboxed virtual machines then?

Ideally, we would like sandboxing on the desktop to be at least as good as sandboxing on the web (preferably better). People don't run sandboxed desktop apps right now because the ecosystem currently makes it inconvenient. Wayland and Flatpack are both good steps in the right direction. Apple's making some progress as well there, but it's all pretty early-stage stuff.

Until the sandboxing gets better, you should be cautious about installing unvetted desktop and phone apps. You should also be cautious about installing unvetted browser extensions. But browser extensions are complicated because while keeping a minimal system isn't that hard, you're probably not going to stop visiting unvetted websites, even if you know it's dangerous. It's a much higher priority for experienced users to make the browser sandbox good than it is to make the extension sandbox good.

People take a long-term view on this, and while I agree with them in theory, I don't think it's always particularly helpful to think about what technology will look like. With browsers, it's not a question of whether or not theoretically it would be good in the future to make extensions entirely declarative. Of course it would be good. It's a question of, 'is it possible to do that right now?' At the moment, Safari's declarative API is significantly less powerful than the blocking API that Firefox has. In the future, that could definitely change, but people have to use computers today.

So for the moment, the browser advice I give to non-power users is to install UBlock Origin and Decentraleyes on Firefox and nothing else. I think that's a safer, more private environment than anything they'll be able to set up on Safari. I advise power users to add uMatrix to that list, and for people who are really paranoid, I advise them to run Firefox Developer edition, which will let them compile extensions from source.

If you're just handing someone a computer and you don't trust them not to go off and install random extensions, then sure, give them Safari. In that context, it's not confusing why Apple would do this -- they're optimizing for the largest number of users; people they can't trust not to install random extensions. It just means that more experienced/responsible users will be safer using Firefox.


Of course Apple has an interest in ads given their competition with Google, which is an ad company. Harder to make money off of ads is bad for their competitors and in a zero sum view of the world good for Apple.


Because ads and trackers are as great a threat to privacy. All ads are malicious, while only some extensions that misuse powerful extensions are. I'm aware ads are not Apple's business model, yet I'm incredibly skeptical whenever an API that is open and powerful gets shrunk down to 'protect' users.


Apple has gone to great extents to enable ad and tracker blocking, making it a first-class feature in iOS, and pushing the envelope on the blocking of tracking cookies and other technologies. I use AdGuard on my iPhone and it might be the most effective browsing experience I enjoy.

For that matter, on macOS I don't have anything in Safari, and regularly go between Safari, Chrome and Firefox (the latter two with uBlock Origin). Somehow just the native anti-aggravation technology in Safari is more than sufficient to give me a great experience. If it has a list solution like the iOS Safari, then I'll partake of that.

Apple should enable classic-style blocking as an admin override kind of thing, but remarkably their list-based regex approach has been remarkable effective.


And how exactly app outside browser \wo api for filtering can filter page content?

MitM like "antiviruses" do? Nice


Local code execution is also a significant privacy vulnerability. Should Apple take away the ability of their users to install non-app-store programs?

Some security vulnerabilities are acceptable in some situations in exchange for user freedom and/or other benefits, such as blocking ads, which are essentially malware for your brain.


>I must admit the the terminology isn't very clear. A Safari "content-blocker" app sends a list to Safari, and Safari blocks it. A regular blocker (like uBO) blocks content itself. Safari content blockers aren't all bad, they are more secure in that they can't possibly collect your browsing history (not that uBO does), but lack the level of customisation and power that a regular blocker like uBO can provide.

It's nice that random extensions can't peek at your browsing history, but on the other hand, you have to trust that Apple won't decide to ignore any block rules. What if one day they make a deal with Disney and now all Disney ads are on the permanent do-not-block list?


The current situation does not change this.


" they are more secure in that they can't possibly collect your browsing history (not that uBO does), but lack the level of customisation and power that a regular blocker like uBO can provide."

Quite the spin to make a negative a positive.

"Privacy" is the new buzzword.


Not a spin.

Normal extensions can potentially monitor everything you do inside your browser, even in incognito mode. They could even impersonate you.

That's a huge gaping security hole, and I think Apple is doing the right thing by preventing that.

They've spent a lot of effort with sandboxing to limit the attack surface of native apps -- it's logical that they do the same inside the browser.


It's absolute spin. If the extension can't inspect the traffic it can't meaningfully filter content.

Now there is a security hole, yes, but closing it comes at a huge cost: the removal of useful ad blocking.

I suspect more and more uBO users will be forced to move to Firefox and/or install a pihole.


There is no spin. Apple is pretty open about restricting freedom to increase security.

Many people don’t have time or inclination to check which extension is doing what. Proof is the fact that ublock and adblock are bad, but ublock origin is good.

Whose non-techy friends and family are going to spend time to figure that one out? In that case, the macOS and iOS content blocking system is better for those users.


> If the extension can't inspect the traffic it can't meaningfully filter content.

Have you ever used a content blocker? For all their restrictions, they’re still quite effective.


> If the extension can't inspect the traffic it can't meaningfully filter content.

I’m sorry, but does uBlock Origin detects & filter ads based on contents?

I thought they maintained a database of URLs that serve ads & page elements... and Safari content blockers also have the same capability to block content based on URLs (hence can block YouTube ads).

BTW, PiHole blocks ads based on hostname... and is more incapable than Safari content blockers.


uBlock Origin can be configured to do much more than a simple list based filter (like EasyList, etc). [1] It's not quite the same as detecting, but it's incredibly configurable, and that functionality can't be used when list based filtering is all that's allowed.

And I'm aware PiHole is just DNS filtering, but an extra layer of blocking is useful.

1. https://github.com/gorhill/uBlock/wiki/Dynamic-filtering


I prefer content blockers iOS style vs the alternate.


Why would Apple care if Mac users used a none Safari browser? Apple doesn’t lose a penny from users switching browsers. As far as iOS, no matter which “browser” you use, you’re still using WebKit.


>Why would Apple care if Mac users used a [non-]Safari browser?

Apple doesn't care individually what users use. However, Apple (and everyone else for that matter) does have reason to be concerned about Google's Chrome completely dominating the web in the way IE once did. iOS is certainly their biggest bulwark, but that doesn't mean they'd be delighted if Mac users felt required to use Chrome. Further, they also have made being able to avoid the anti-privacy ad-driven ecosystem to some extent an important differentiating factor. Even with Firefox existing, having a purely Mac focused and maximally optimized browser (FF is only barely catching up this/next version on basic power efficiency for example) that has strong privacy protections with no conflicts of interest is a sales point.

That doesn't mean it's a total core focus of course, but neither is there no pressure at all.


If every single Mac user used Chrome, it wouldn’t matter. The market cares about Safari compatibility because of iOS.

Just like most printer manufacturers don’t focus on AirPrint compatibility because of the Mac. That’s just a byproduct of iOS compatibility - which they do care about.


It's quite important that developers actually test their desktop layout and functionality (hover states, etc which don't work on a touch screen) with Safari's engine.


If a site doesn’t work with desktop Safari well, you can tell them to just use Chrome.


No, that would be precisely the problem!

We don't want websites to be written for compatibility with a single browser engine. That means developers are writing to Chrome's quirks, not to actual web standards. Over the long term, that gives Google complete control over how the web is run.

There are currently between 3 and 2.5 browser engines that matter, depending on how you count webkit vs blink. I'd really rather that not fall down to only 2 on desktop.


I’m not saying what we want I’m saying that whether we want it or not, it doesn’t matter whether Safari’s desktop market share drops from the current 3.6% (https://netmarketshare.com/browser-market-share.aspx?options...) to 1.8%, it won’t change the calculus on whether web designers care about desktop safari when they can just tell people who are complaining - use Chrome.


It makes a big difference for me, at my job. 3.6% is enough users that I can justify spending (some) time to test and fix bugs. As that number approaches 1%, however, it gets much harder.


and the total usage of safari across all device types allows for a certain percentage of users in the wild which acts as the size of the lever apple wields for changes they want (or don't) in the specs.


Last time they posted numbers, they were selling around 200 million iPhones a year, 45 million iPads and maybe 20 million Macs. The Mac market share is insignificant even to Apple in the grand scheme of things.

Any web standard is useless without Apple being on board. Developers either won’t implement it or create an app for iOS to use a feature they need.


Even with your numbers, 1/10th the sales for a more expensive product isn't insignificant. It's especially important for their brand value as a tech company.


I don’t see any ads with Firefox focus/1 blocker as my content blocker.


[flagged]


You're probably most happy on Edge.


This is not good!

I thought Apple were way out in front when it came to tracking and whatnot...

My wife uses a MAC at home and was complaining about how slow our internet was (70Mb down... not slow) a while back.

She mainly looks at news sites and when I saw what she was looking at I knew the problem wasn't the internet connection.

The entire page, apart from a tiny bit in the middle, was cluttered with moving shit!

I installed uBlock Origin and... the result was fantastic: pages loaded in a fraction of the time.

When she realised that the articles were a tiny proportion of the downloaded crap she realised she'd been missing out for so long.

Once, when the MAC went back for repair, it was replaced with a new one and OMG the horror when she fired up Safari and it had no blocker... UBlock Origin to the rescue.

I agree with one of the other comments on here: The web is utterly unusable without it.


Apple is trying to thread the needle. They want to allow content blocking, but they do not want to allow content blocking plugins to see and potentially report on what sites you visit.

Personally, I’m totally cool with the trade-off of having less capable ad blocking functionality, if I can be sure my web plugins aren’t a security or privacy risk.


uBlock Origin is completely free and open source.

https://github.com/gorhill/uBlock/

It's a very popular project on GitHub with many developers scrutinizing any changes to the codebase. Fears of uBlock Origin being a "security or privacy risk" based on code in the extension are unfounded.


It's not whether uBlock Origin is a security risk, it's whether the APIs it's using are a security risk, lest they fall into the hands of a less benign actor.

(I also wish they'd kept the APIs open, just stating the other case.)


You're complaining that a general purpose computer can be used for... general purposes.

Computers should do what their users tell them to.

I wouldn't appreciate a smartknife with a blade that only extended when something I was authorized to cut was in range. "Unrecognized cultivar".

Tools do the work their possessors wish. Why would you let someone limit your tools? It's everywhere now. It's in the coffee pods.

Why does everyone else know better than the user what the user should be doing?


>Why does everyone else know better than the user what the user should be doing?

See windows and the malware infested ecosystem. People obviously don’t know what they’re doing, and/or don’t have the time vet every little action they do on their computer.


But uBlock Origin keeps me safe online.

I'm sympathetic to concerns about people who don't know what they're doing, but if I'm a Safari user, I have to value keeping myself safe first. This change makes ordinary users safer, but makes power users less safe.

I understand why Apple is doing it. But I'm still going to advise responsible owners to ditch Safari and pick a browser that will do a better job of blocking trackers.


> But uBlock Origin keeps me safe online.

The problem is that all of the spyware says exactly the same thing. If the API exists, ordinary users are going to be asked to make huge security decisions with no effective way to tell whether the vendor (or the new owner who just bought it) is being honest.


Sure, but:

> I'm sympathetic to concerns about people who don't know what they're doing, but if I'm a Safari user, I have to value keeping myself safe first.

This change still means that Firefox will have better adblocking and privacy tools than Safari. It's a tradeoff -- and if I'm a user that's already conservative about granting extensions permissions, I don't see how I get any benefits from this. I only get the downsides in the form of less effective blockers.


> But I'm still going to advise responsible owners to ditch Safari and pick a browser that will do a better job of blocking trackers.

Are the uBO alternatives like ka-block so bad?


They're not really comparable.

Ka-Block actually advertises itself as being less effective than uBO. It's selling point is that it's a simpler extension that blocks fewer ads and trackers, under the assumption that this is good enough and on it'll on average be faster because of the reduced overhead.

> Some ads will get through this filter, and that's ok. We already have extensions that block every ad that's ever appeared on the web with a completionist zeal that must be admired.[0]

If you're blocking ads just to make pages load faster, Ka-Block is probably fine. If your primary goal is to protect your privacy, you shouldn't be using Ka-Block.

[0]: https://github.com/dgraham/Ka-Block


For privacy concerns, I would imagine that preventing the methods of tracking is much safer and more effective in the long-run than blocking the trackers themselves. Apple seems to be pushing pretty heavily on that front.


Definitely agreed. But nobody (including Apple) is going to pull that off for a pretty long while.

In the meantime, it's useful to be able to do things like block all third-party AJAX requests and whitelist them on the fly on a per-site basis, or intercept CDN requests for common libraries and redirect them to locally hosted versions.

Extensions like UBlock Origin may be a band-aide, but sometimes band-aides are useful if you're waiting for an open wound to heal. In the same way, when I give people privacy advice, I'm optimizing for things they can do right now.


To be clear, I agree, I just didn't think GP was fairly stating the alternate case.

As an aside, no one is stopping you from binary patching Safari on macOS, provided you don't mind turning off SIP. The nice API just isn't there anymore.


Injecting code into Safari is works just as well and is much less brittle. You'll have to disable Library Validation for the bundle, though.


...excuse me, that’s what I was actually thinking of. Actually patching the binary would be stupid, I meant to say code injection. Thank you.


I suspect that from Apple's (and Google's, and to some extent Mozilla's) point of view this is all about the computer doing what its user tells it to do — 'its user,' unfortunately, being Apple, Google or Mozilla. We the people using the computers aren't adults capable of making our own decisions and being responsible for the consequences, but rather livestock farmed either directly (Apple) or indirectly (Google & Mozilla( for money.


...

Your computer is a desk weight without the (or an) OS and software that runs on it. Each os/or software package down to libraries make trade offs that restrict their usage from general purpose to a specific set of functionality. It is impossible to write a line of functioning code without constraining the concept of "general purposes" as you have implied above -- each line of code does "something" not "Everything" by its very nature.


So long as it’s not sold. It’s happened before - a popular ad blocker is bought up for millions of dollars by an ad agency, and turned into an already installed vehicle for new ads.

I see nothing about “free and open source” which prevents this.


In fact, isn't that why uBlock is not uBO?


It can be forked?


The last fork of uBlock Origin didn’t do so well: https://ublock.org/


Didn't do so well how? It's very popular, used by many people who don't realize how terrible it is!


Ok, let's say it didn't do good :)


So what? How does that protect the end user?


...

One malicious push/release effectively enables every user on browsers that have not transitioned to the passive list/filter model of blocking to be completely owned.

It is not about intent, it is about the many many extensions out there that use this feature set for good intent, but inherently open the risk of a full on traffic funnel should they be exploited * the number of users for each of them.


I don’t see why Safari can’t block extensions from sending data to remote servers. Seems like a pretty basic thing, so we have more powerful tools and not the privacy risks


Preventing exfiltration by a tool that's by definition allowed to affect outgoing network traffic via blocking is an impossible problem.


They are already familiar with how to run a comprehensive review of apps. They could just replicate that for extensions.


They can do that for apps because apps are compiled and submitted. The expressly do not allow for dynamic code execution within apps to keep functionality from changing after their review.

That cannot be "just replicate"d for javascript extensions.


> That cannot be "just replicate"d for javascript extensions.

This is false too. If extensions aren't allowed to communicate with the internet and can't auto-update themselves, then they also can't run arbitrary code without the user's consent.


> The expressly do not allow for dynamic code execution within apps to keep functionality from changing after their review.

This is false. You can deploy a react native app with dynamic code downloading and execution to the apple app store.


Apple is doing reviews for extensions, and also tightening up the APIs at the same time. At least on the Mac you've got alternatives if you're willing to make a different trade off. iPhone users and ChromeOS users are stuck.


Count me as another one who really doesn't understand how others can stand the unfiltered "Modern Web", although I use a combination of JS whitelisting, HOSTS file, and a filtering proxy, so I might be on the extreme end.

I've had to help others, whose computers did not have such blocking software (and they might not want to), and had to physically put my hand over parts of pages "cluttered with moving shit" in order that it would not distract me and allow focusing on the content itself. These people are also the ones who tend to miss details in instructions and seem to blindly ignore things like (actually important) notifications and warning messages, which leads me to wonder if their natural state of mind while reading pages is so distracted that they have trouble focusing.


It’s not like Safari is blocking all ad blockers like Google Chrome did... its more of deprecating & removing APIs that can be abused to track users browsing history by disguising itself into a browser extension. Safari provides an alternative API that allows content blocking, that IMHO is better considering that

* it doesn’t allow leaking browsing history

* it runs in native code (not js like alternative ad blockers) so much fast

In a way, Apple is doing this to protect user privacy.


Apple is doing pretty much exactly the same thing Google is.


Last time I checked, Google Chrome doesn’t offer an alternative API that allows efficient ad blocking.

In contrast, Apple has introduced & provided the API for a few years, and popularized the idea of mobile win ad blockers.

I can’t see how Apple is doing ‘pretty much the same as Google’. Can you clarify?


Google is adding essentially the same thing with Manifestv3 and has been raked over the coals for it.


Can you even begin to imagine how much of the Internet's total bandwidth is used on adware/shovelware/crapware? And crazier still, how much of the world finds most of the web completely unusable as a result?

Imagine trying to browse modern web pages on a dial-up speed connection. Many sites now completely refuse to load until you load their JS, which calls some external JS, which then renders the page. I run almost every web page without JS and Cloudflare is the number 1 reason for not being able to access a page.


I remember a while ago I had to use the internet on my girlfriend’s laptop. I have been using adblockers for a long time and I had no idea how bad the internet really is. All the ads and other stuff are unbearable to me.


Apple isn't ending ad blockers. They're ending the specific API that uBlock Origin uses. For instance, I use 1Blocker on Mac and iOS and it does a great job of blocking ads using the still-supported APIs.


Applications are open for YC Summer 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact