Google proposes changes to Chromium which would disable uBlock Origin
bugs.chromium.orgThe design doc — the part quoted in the note linked here even — explicitly notes that it will probably be required to retain some degree of the existing functionality slated for eventually removal until the new API and other replacements cover all use cases; the response linked here appears to (not improperly, in the context of making a case for why much of the functionality is needed) ignoring that and treating the planned intent as removing all of the existing WebRequest API functionality that is not observational for a hard cutover to the new API which does not immediately supports large swath of currently used functionality.
I think the response is appropriate, energetic advocacy, but the HN headline is hyperbolic.
The uBlock maintainer specifically says that uBlock Origin and uMatrix use a different matching algorithm than the declarativeNetRequest.
The title isn't at all hyperbolic. You don't deprecate such important functionality without laying out a full plan for replacement.
Unless there is no such plan and in reality you want to screw uBlock Origin, which I might say is the most aggressive ad blocker available, and isn't owned by a company in bed with the ads industry, like AdBlock Plus.
Oh, the Google fanboys. “Didn’t you read the article? This is purely for privacy reasons.” Nevermind that this makes it harder to actually keep your privacy. Nevermind that this is exactly what people warned would happen in a browser monoculture controlled by an ad company. That’s just a coincidence. It must be, because Google are the good guys, am I right?
Supporting privacy would allow browsers to block requests, full stop. There's no way to spin this specific action as pro-privacy.
The design as presented isn't for addressing privacy concerns.
It still allows extensions to get a list of URL's accessed
firefox isn't that good with privacy either
https://www.zdnet.com/article/firefox-tests-cliqz-engine-whi...
This was a terrible mistake by Mozilla, but a test pilot for a limited number of users doesn't seem permanently worse than what Google does in regards to privacy.
Moreover, this presumably didn't affect users who installed via a package manager, while with Chrome the installation method doesn't matter.
However I wish Mozilla was publicly funded, so that they don't have to constantly search for alternative revenue sources.
Irrelevant whataboutism. It doesn’t matter what Firefox does, the article is about Google Chrome/Chromium.
It also spells out that the new API can consist solely of static, known ahead-of-time rules[1]. The rules are json, so that kills any logic beyond pattern matching. We already know that approach severely limits the effectiveness and usability of an ad blocker. It's pretty much the same as ad blocking with a hosts file, other than being able to also statically provide path info. Imagine a list of "bad sites" and/or "bad uris". Limited to 30k entries to cover the entire internet.
The fact that the plan ends with extensions still able to see all web requests, record all web requests, forward a log of all web requests to any arbitrary endpoint, etc...means the "privacy" angle is pure bullshit. I suppose the "performance" angle is somewhat true, but the net performance gain of NOT downloading all the ads makes up for any performance loss of processing/filtering requests. Sites with ads are faster when you load an adblocker.
The only thing being taken away is the ability to dynamically observe a web request and cancel it. Who uses that functionality outside of ad-blockers? Not many. There's no hyperbole in the headline.
[1] https://developers.chrome.com/extensions/declarativeNetReque...
> It also spells out that the new API can consist solely of static, known ahead-of-time rules
If it ends up as effective as Safari/iOS's content blocking, I don't see the problem.
> The fact that the plan ends with extensions still able to see all web requests, record all web requests, forward a log of all web requests to any arbitrary endpoint, etc...means the "privacy" angle is pure bullshit.
Yes, if you grant permission to access everything, it has permission to access everything. The benefit of the rule based approach is that the extension doesn't have to have access to everything.
The privacy angle is being able to move most extensions away from accessing all data in all tabs.
Safari/iOS's content blocking has a 50k limit, not a 30k limit. I don't own anything that can run Safari. Is there a credible comparison of how well it works versus Ublock Origin on Chrome? I'm skeptical that a static list would match up to the ability to dynamically make decisions. If I were in the ad business, I'd immediately make use of ads from the same root domain as the content, or subdomains mixed in with lots of random/changing subdomains for content like images, etc. Voila, static ad blockers thwarted.
Edit: I assume "right click -> hide and don't ever load again" becomes "right click -> load but hide" ? Also, related: https://apple.stackexchange.com/questions/337094/safari-12-c...
> how well it works versus Ublock Origin on Chrome? I'm skeptical that a static list would match up to the ability to dynamically make decisions.
The Safari content blocker is better than nothing, but it's extremely simplistic compared to uBlock Origin. It can't even block YouTube ads properly.
Apples rules are a huge pain. Exception handling gets extremely complex (block all urls matching regex R, on domain B and C but not on subdomain D.B). I have not seen anyone yet able to handle the full breathe of the EasyList format.
To get around the 50k limit added by Apple, you must use multiple lists, however domain exceptions must be included in the same subset as the parent rules, since rules do not combine once compiled.
Also, dynamically whitelisting a domain is annoying since you must remove all of the lists form the webview before loading the page. HTTPS-Everywhere is even worse to get operational using Apple's content blocking lists.
(edited grammar mistakes)
But the design document only mentions retaining the old API for features that aren't possible with the new API, such as onAuthRequired. So it would still cripple uBlock
I really like the point the uBlock maintainer's make:
"Extensions act on behalf of users, they add capabilities to a user agent, and deprecating the blocking ability of the webRequest API will essentially decrease the level of user agency in Chromium, to the benefit of web sites which obviously would be happy to have the last word in what resources their pages can fetch/execute/render."
I'm just waiting for the time until websites won't load at all unless you have hardware DRM turned on that will take all of your control away.
>Extensions act on behalf of users, they add capabilities to a user agent, and deprecating the blocking ability of the webRequest API will essentially decrease the level of user agency in Chromium
This is off-topic, but I felt the same way about most data privacy problems. It was my own browser that was giving out the information and I would still like to see better control over it by default. Data privacy laws are simply a bandaid that don't help at all against malicious actors.
> I'm just waiting for the time until websites won't load at all unless you have hardware DRM turned on that will take all of your control away.
I already leave websites that become unusable with adblock on, or without it on. It will just trim down on the amount of sites I go on.
Same here.
If it's something I'm particularly interested in, I look for a cache, snapshot or whatever.
Edit: Or just read HN comments.
Ah yes, I used Firefox' reader mode, but some news sites now don't even properly support that. I may have to remind myself not to go on those sites anymore as well.
> Firefox' reader mode, but some news sites now don't even properly support that
All sites which are on Google Amp. Google, whenever it can, "helpfully" gives me the amp site and then I have to find and click the link to the actual site to get to the "readable" version.
Excuse me, but I believe using a google website to get to content negates the whole discussion over how to prevent webscale surveillance by advertising companies.
In other words, if your "solution" to the problem as outlined in the OP involves google, you already lost.
I'm just waiting for the time until websites won't load at all unless you have hardware DRM turned on that will take all of your control away.
My money is on news sites and other paywall sites doing that first. How long before they stop letting us "open in new private window"? Washington Post doesn't even allow that anymore -- a shame too, since I haven't read a single one of their articles since then.
Extensions should act on behalf of users but, like websites, some don't. A questionable or poorly-maintained extension can do more damage than any single website, and browsers can support user agency by replacing APIs with better ones: an effective declarative API for content blocking would majorly speed up extensions like uBlock Origin and make it harder for other extensions to follow users around the web.
That said, we should all fight for changes that let extensions like uBlock maintain feature parity.
Disclaimer: I'm both a Chromium developer and a uBlock Origin user and speak only for myself.
If you create a superior api (esp w/regards to speed) people will naturally move to extensions which use that api. Then once usage of the old api has dropped significantly, you can deprecate the old api.
It has been proven time and time again, that that's at best only partially true. There are two factors:
If they have something working with one API, they have to have a good reason to re-implement it with a new API. It may be 'fast enough' and reliable, so why go through all that pain?
Or, it's just the long tail of API consumers (e.g. site on the web). Some things aren't maintained and updated, but they don't go away.
I would gladly live in the universe which is a smoking bomb crater of questionable and poorly-maintained browser extensions, than be a wealthy rock star in any universe of amazingly performant extensions, but which are using a browser API which has denied my right to self-determination on my own computer, effectively taking away my ability to say "no" to actions which are then forced upon me. This is like a kind of information rape. And here the suggested "alternative" of static, declarative, JSON-only filters means no programmatic ability to veto requests before they happen. It is effectively forcing users to leap before they look. And this completely arbitrary limit on the number of filters -- and it is completely arbitrary -- is the same kind of neutering mechanism, forcing me to "prioritize" a small number of request vetoes. In other words, it's forcing me choose the manner in which the rape happens.
I think this is the core difference motivating this change: do extensions necessarily act on behalf of users? If that were true, there'd be no such thing as extension malware.
Google's business model is exactly the same.
Is it perhaps time to return to using external tools such as Privoxy, Pi-Hole and the like? Privoxy appears to still be around, and (I think) was originally at the forefront of user-managed web controls.
Once the browser reaches its natural Borg-self, transparent user-level tools will be all that provide a semblance of control. Well that, and Firefox.
If a website shows a popover ad, it might be a first-party script putting up a modal, then a third-party iframe with the ad inside that modal.
Blocking at the network layer will leave the iframe blank, but the modal will still be present. It's not such a good user experience, especially for less savvy users who might be confused by a mysterious blank modal.
Tools such as Pi-Hole cannot block YouTube ads effectively.
AFAIK Privoxy isn't actively maintained.
I think you are correct, and that may be an opportunity.
That's what the DNS-over-HTTPS is about - so your local DNS won't be consulted, instead it will be drowned in the HTTPS traffic. Remember, SNI is going to be encrypted too, so your router cannot distinguish DNS and regular traffic.
What if someone would create a pull request to implement unlock origin natively inside chromium, instead of an extension. If such a PR met all technical criteria, would Chromium project accept it?
No. Google would not include, as a built-in part of Chromium that is installed by default, a feature to lower their ad revenue.
Doesn't Chromium already lower their revenue from other lacks of integration that are included in Chrome?
Next to no one uses Chromium. The integrations usually start in Chrome, leaving Chromium pure, allowing Opera etc to forge their own path. This is a disturbing trend to change the course of the project, likely due to Edge being based on Chromium.
I bet a decent chunk of the MS engineers lobbied to adopt Gecko instead of Chromium when they decided to move away from EdgeHtml. I wonder what the reasoning was for not going that route, it seems like a huge miss and a total acceptance of a browser monoculture.
Gecko is deep in to a transitional phase. Once it comes out the other end it may be simple to embed but it's currently far too early for that.
On the other hand Chromium is relatively simple to adapt with many real world examples to learn from.
(Personally I think they should stick with EdgeHtml but it seems that ship has sailed).
I wish they would have thrown in with the Servo project, but Chromium is ready now and Servo isn't, so I'm sure that factored in.
I wonder how quickly servo could become feature if a major player decided to adopt it.
nodeJS uses Chromium and not Gecko. I suspect MS’s requirements basically necessitated the use of Chromium.
However, this does provide an opening for MS edge, if MS forks Chromium for Edge and excludes user hostile “features” such as this.
Sadly the only use of Chromium among regular non-tech people is in spyware/malware installations.
There is a quite a bit of adware which uses unsigned Chromium to push their wares.
That is the malware installs a modified Chromium with all the "extras".
So anecdotally, when I see Chromium on a users computer I assume the worst (that I have a cleanup task ahead).
Brave browser may be what you are looking for.
Isn't it also based on Chromium?
Sure, but this change might cause a hard fork. VC investment in browsers has been a long time coming.
Of course not.
I'd love Chromium feature that uses system password manager (macOS / iCloud).
On the flip side Chrome's profiles are nice and I wish macOS supported more of it.
If you want something like that, get Brave. It's Chromium-based that has privacy and ad-blocking built-in.
Is there a chance that Google's changes here might disrupt Brave's integration into Chromium? I mean, they might be using this WebRequest API to do their built-in blocking.
There are four listeners with blocking ability on the webRequest API.
The design document says "potentially removing blocking options from most events". There is one mention that the blocking ability of webRequest.onAuthRequired may still be required.
From this I deduce that the plan is to remove the blocking ability of the three remaining listeners with blocking ability
uBlock Origin uses two of these remaining blocking listeners, uMatrix uses three of them.
To interject with a potentially inconvenient fact, I think the premise that ad blocking (request blocking) is now obstructed, is incorrect. Therefore this response seems exaggerated to me.
This is because Chrome extensions can use the 'debugger' API to send remote debugging protocol commands to a page, to intercept and filter / block all requests.
There is no need to use the provided Chrome extension APIs for blocking. Google can remove all of them, I think, without effect.
This is because there are multiple ways to do the same thing. Authors/engineers complaining that now they are impeded, are in fact mistaken.
Disclosure: I know this because I have actually re-implemented the blocking from AdBlock Fast using CRDP Network domain.
I'm interested in this. What's the CRDB equivalent of onBeforeRequest()?
I don't know, you should have a look yourself. I know that you can intercept requests, and block, provide other payloads etc.
I'm interested in that even tho this is factually correct, it's ignored / downvoted because it goes against the prevailing narrative. Discourse here can be pretty 1 dimensional, it's more like a confirmation bias machine / echo chamber, than a discussion. Just like the rest of the net, no matter how 'smart' the people here are. The same behavior pattern occurs here as everywhere else.
It would be interesting if this can be solved in discussion forums of the future.
An alternative explanation is just that people assume if ad blockers move there, Google will deprecate that API for the same stated reasons.
I did find it, it's called setRequestInterception(). It's marked as experimental, and has a note that it disables caching, but there's some debate as to whether it actually does.
I think most of the meaning here isn't found in a design document
Google is an advertisement publishing company. All the things they do, they do to earn money, not to give people anything. When Chrome first appeared, I was wondering about the extremely huge cost of building the browser and how Google wants to earn from that. Then it started to be obvious: it's all to spy on people. Not from the beginning, but slowly... the google account integration... the forced logging into the account... adding custom adblock (which doesn't block most of the ads)... and now this: disabling adblockers.
I'm glad that I stopped using it.
I once read that Chrome was created by former Firefox developers. Google is infamous for its code reuse.
Many web commentators continually sound the alarm on Google's increasing leverage and control over a variety of "components" or "intrastructure" essential to the www.
But controlling the browser is, I think, the ultimate control over the web as users know it. Browsers seem to fall outside the purview of www standards. Are there RFCs that tell people what browsers must or should do? More likely, there are standards that focus on servers and seek to accomodate whatever browsers are doing at the time.
The browser can override anything. It can easily modify user intent in subtle, "hidden" ways. It can rewrite "default behaviour" overnight.
To give an example, users probably think little of something like the feature known as "Omnibox", if they even know what that is, but this sort of browser "feature" is of enormous value to a company trying to gather information on what users are looking for.
Imagine the number of DNS queries this bypasses, redirecting what is typed by the user to a default search engine, conveniently preset to point to a Google server.
Recall that Chrome was made when IE still had a dominant marketshare.
https://en.wikipedia.org/wiki/Usage_share_of_web_browsers#/m...
IE was stagnating, slow, and extremely vulnerable to malicious behaviors. The net result was that the web became a very hostile place, while Microsoft was pitching various "post web" strategies like WPF. Google had been a big financial supporter of Firefox but not to a degree where they could direct the project or push their own agenda. At the time many viewed Firefox as slow and bloated.
So Google made their own thing, and it worked admirably and we might be in a very different world if they didn't. They dramatically improved the state of the art for JavaScript, added intrinsic hostile activity and site blocking, started dramatically accelerating the adoption of technology improvements (by implementing very early proposals, often to much consternation), etc.
The web was less dangerous. Google's cash cow was protected because there was less of a draw to go to alternative platforms.
That, I think, was their primary intention and it was aligned interests with users. Everyone is happy with the web.
And honestly I do think this ad blocking thing is a bit of "fake news" (e.g. it is being grossly misreported). Google is proposing a solution that offers more privacy from the extension, and it seems very similar to what Safari has done (and which is very widely viewed as a great design).
"Google is proposing a solution that offers more privacy from the extension, and it seems very similar to what Safari has done (and which is very widely viewed as a great design)."
It would only provide more privacy if ad block extensions go solely with static lists of uris. If they want to retain features like right-click block, or allowing users to customize the list, static blocks don't work.
These changes do nothing to inhibit the ability to log/store/etc requests anywhere you want as an extension author. They are only removing the ability to cancel in flight requests.
What's your source that the Safari ad blocking approach is viewed as a great design? Everything I look at shows it was a regression in effectiveness. Certainly the various adblock authors weren't thrilled. How well, for example, does it work with YouTube ads?
IMNSHO, Google's obsession is artificial intelligence. They have build a search engine to prove they were better at understandanding content of web pages. To improve their AI, they need to spy on every aspects of our life. They spy on all our web activity, on our phone contacts, on our mails, on our documents and on our deplacements (waze). The fact that this search engine has generated so much money was an accident. Now, Google fights are: political lobbying to avoid being destroyed for monopolistic behaviour, protect and increase their spying means, improving their AI.
> I was wondering about the extremely huge cost of building the browser
Chrome was originally based on WebKit and many other open source libraries, and some parts still are. The only major initial investment was V8.
>https://appleinsider.com/articles/13/02/11/apple-google-near...
And that was 6 years ago.
Chrome doesn't log you in automatically, it just shows your Google account in Chrome if you've already logged in to your account. There's no sync happening.
When a company tells me where it's going by increasingly "encouraging" certain behaviours as their product matures I take them at their word.
Profiles went from optional, to on-by-default but could be disabled via chrome://flags, to on-by-default but could be disabled via command line arg, to cannot be disabled, to logged in by default but not syncing. Where this progression is going and what it's trying to promote is not rocket science.
.png){kind=link}
Another reason to be glad that Firefox is still standing.
I really just don't understand the obsession with Chrome, especially in hacker communities. Sorry Google, I feel "icky & gross" when I use you.
> I really just don't understand the obsession with Chrome, especially in hacker communities.
Chrome used to be very lightweight, fast and basically unseated IE as the top browser. It got that love because at the time Firefox was bloated and IE had a stranglehold. Chrome was also safer with a process per tab. Chrome made web browsing/dev pleasant like Firefox/Firebug did and it really took off being based on Webkit like Safari which also worked well on mobile. Chrome (and Safari) or Webkit pushed HTML5/Canvas/WebGL/SVG into real world use which changed the landscape of browsers.
Nowadays Chrome is bloated like Firefox was, has a stranglehold like IE did, is now pushing its own market standards and breaking existing open/market standards and generally being a forceful, non respecting to standards, web browser. It sure is unfortunate and another sign that bizdev/marketing/executives rule over engineers at Google now.
This is bad history.
Firefox was top dog when chrome came out - it had unseated IE already for many users fed up with XP-era crapware.
Firefox was not simply 'bloated', but designed for classic HTML rendering at a time when javascript (aka 'web 2.0 ajax') dev was taking off and memory was not as abundant as it is now - though slow, it was more that the core architecture was out of date than it was 'bloated'. Indeed firefox was already a stripped down version of 'the mozilla suite' (see also seamonkey, thunderbird, etc - all of which predate chrome).
Chrome then came in, borrowed another project's browser engine, and decided to say 'screw memory, just fork processes' and avoided the whole multithreaded thing all together, oh yes, and open blank tabs faster with a little animation for perceptions sake.
This facilitated html5/javascript bloat, and by extension kept it in the lead as the only browser that could handle it.
of course I'm biased here (as is parent) - but chrome unseating firefox which unseated IE is born out by the facts.
> Firefox was top dog when chrome came out - it had unseated IE already for many users fed up with XP-era crapware.
Maybe in mindshare for devs but Chrome officially unseated IE browser saturation in 2012. Firefox didn't pass IE until 2015 [1].
Firefox was amazing on its resurgence in mid-2000s but did get into memory/bloat stages that opened it up for minimal/performant Chrome that was also more secure at the time primarily due to the process per tab. This possibly did lead to more js bloat later, initially it was lightning fast and also had a debug console and was based on Webkit which was better than Firefox rendering.
Firefox definitely saw Web 2.0 come in from 2006 on and was revolutionary in web development/debugging with Firebug and eventually that was part of the browser and is now industry standard to have a console/debugger on the browser.
Most developers were using Firefox by 2005-2006 and then Chrome a couple/few years later and it has been top for almost a decade now.
[1] https://en.wikipedia.org/wiki/Usage_share_of_web_browsers#/m...
> Chrome made web browsing/dev pleasant like Firefox/Firebug did and it really took off being based on Webkit like Safari which also worked well on mobile.
This is the big one for me. When I'm not developing I actually prefer to use Safari-- I like it's interface better and it feels more at home in macOS. It's "good enough" too.
What I'm really a user of is the Chrome Dev Tools. Firefox's are looking quite solid lately but I just haven't switched over.
What I'd love is to have Firefox dev tools functionality in Chrome.
Firefox highlights the edge lines of the selected element automatically, and in all directions (if I recall correctly). I have to use an extension – VisBug – to achieve that in Chrome.
There's also the fonts window, which lets you in on what fonts are used on the page, and lets you modify the selected element's font settings – size, weight, slant/italic etc.. I pay a lot of attention to typography, so that part is important to me.
Why not just use Firefox?
My liking one thing about Firefox needn't entail my wanting to use the whole browser.
There's plenty to like about Firefox, like the Awesome Bar, has better bookmarking, is able to handle a huge number of tabs, has the "Multi-Account Containers" extension (with its offspring, e.g. "Facebook Container"), or the "Tree Style Tab" extension, just to name a few.
Also that it's not Chrome or based on Chromium is reason alone to like Firefox, because we need diversity for healthy web standards. That Chromium is open source is a red herring and open standards are more important.
I know developers have been preferring Chrome and for good reasons, but I've switched back to Firefox for the last 3 years and personally I find it hard to use Chrome these days, because Firefox has a better UI.
The only downside is that Chrome's dev tools still has some capabilities that Firefox lacks, but Firefox has been improving a lot, as you have seen.
you should try it again.
and basically unseated IE as the top browser
And didn't get to this spot on any kind of technical or feature merits, but essentially by relentless nagging on the Google search page to have users install it. Sure, devs/geeks etc were eager early adopters, but the bulk of users were steered this way by Google.
I got the "love", because it was (and still is) advertised on google.com. Most non-technical people readily install malware when prompted. If malware is advertised on google.com, they will install it more quickly.
Microsoft have been stalling IE development for years, which allowed Mozilla to gain huge marketshare. This resulted in a lot of people learning, how to install a third party web browser. By the time Chrome was unveiled, Mozilla have coincidentally slowed Firefox development to a crawl. I remember the point, when the stable Firefox version was close to unusable, while everyone technologically proficient used a development release. It have been so bad, that some addons simply recommended not using the stable Firefox version. Btw, things have only gotten worse since then.
Chrome's dazzling success is result of it's aggressive advertising as well as sabotage and mismanagement, that killed off alternatives.
I feel the same. I keep Chrome around, though, because it seems to be the new IE in the sense that I frequently encounter sites that simply don't work properly in either WebKit- or Gecko-based browsers. It's also the new IE in the sense that I get incessant reminders about how I should be using Chrome when I access Google-administrated services, which feels like a surprisingly blatant if still implicit admission on their part that an open web simply isn't a concern or interest of theirs. I never really believed otherwise, but still.
Latest breakage I noticed is spacebar not pausing YouTube videos on Firefox but works fine on Chrome.
Firefox just doesn’t have enough advantages yet that would convince someone comfortable with Chrome to switch over. While privacy is an ever growing concern, it isn’t a strong enough feature for most people.
> While privacy is an ever growing concern, it isn’t a strong enough feature for most people.
At the end of the day, this is the end-all-be-all argument to the Facebook and Google duopoly. People just don't give a goddamn (excuse the language) about their data - they simply do.not.care.
I believe my generation (Y), and possibly a few after us (X, etc), will be known as the generation(s) who didn't think privacy/data was that big of a deal - until one day it was.
We are the guinea pig.
I don't think fatalism is the philosophy to adopt here.
I switched because Firefox has Multi-Account Containers, which was extremely compelling.
The Temporary Containers was a nice add-on built on top of that.[0] While it's a pain in the aspect of cookie-use across domains (like logging into Azure), it's other features out-weigh the initial nuissance - like automatic deletion of the container, as soon as the last one for that particular domain is closed. All of this is, of course, configurable.
This wasn't meant to be a plug, just a happenstance of "if you like 'x', have you seen 'y' based on it?". =]
[0] - https://addons.mozilla.org/en-US/firefox/addon/temporary-con...
They're a nice feature, although after a long while of trying, I ended up using just the Facebook container. The main container extension felt like too much work in regular browsing, and the tracking protection seems otherwise adequate when combined with uBlock.
Sadly, Mozilla also seem to promote containers as an alternative to user profiles, while they're nowhere near as full-featured - sharing saved logins and bookmarks between my "personal" and "work" containers is almost never desireable. Managing and switching profiles, on the other hand, is virtually unchanged since the Netscape Communicator days.
That's because you weren't properly setup with containers. I have 4 sessions going on right now, without any manual intervention. Facebook, work, Google and default. All interacting as intended with their assigned domains as isolated sessions.
Well now Firefox will have ad blocking plugins that works and Chrome will not.
We'll see how long it lasts.
Firefox has mostly strived, in the Quantum era, to stay mostly-ish compatible with Google's interpretation of WebExtensions, from what I can tell.
They do have some parts that are Firefox-exclusive. This is an easy advantage to have over your competition practically for free. I hope they see that.
Judging by how mindlessly mozilla has been copying chrome anti-features, expect this in firefox too.
A major problem is also that google websites run like crap in firefox. Gmail takes 20 seconds to load and don't get me started on youtube studio. Even the "feedback" button is broken in firefox so I can't even report the bugs I find.
I'm at the point of installing chromium just to be able to manage my videos, but I refuse to give in.
I find Google websites run like shit in Chrome too, just slightly less shit than in FF.
Plus Chrome just works better for a lot of sites. That might be because the site isn't properly coded, but users don't care. They just want something that works and more often than not, that's Chrome.
My main browser is Firefox, but I have to switch over to Chrome more often than I would like. Electron is also based on Chromium, isn't it? IMHO, the rise of Electron just reinforces Chromium's status and I think Microsoft is going to accelerate that trend (I'm guessing MS adopted Chromium because of Electron).
I don't know about "a lot of sites". Very few, I'd say.
Other web developers may want to chime in but I rarely have cross-browser problems between Firefox and Chrome. I can't recall the last one.
The only time I encounter a problem with Firefox is looking at people's codepens where they're using webkit only prefixes or a draft API.
In a couple of projects I'm currently working on, the CSS for them was causing me problems between the 2 browsers. Willing to admit that I don't have an intimate familiarity with CSS best practices. I look up what I think I'm trying to do, and then implement what I've found. I primarily use Firefox while I'm coding, and then only check with Chrome and Safari periodically. I've had to circle back to fix CSS issues specifically for WebKit not rendering as expected. Eventually, I can get to something that works across all the browsers I have access (no Android devices anywhere).
Youtube runs noticably slower on Firefox for me, regularly climbing up to 30-40% cpu and activating the fan, while Chrome handles it with 15-20 cpu.
It's the same for Gmail, but this isn't Firefox at fault. It's Google doing this on purpose by using the old, experimental, non-standard ShadowDOM V0 API, which only Chrome supports, and then using that across its products to break non-Chrome based browsers. Please don't reward them by using Chrome just because of this. That only shows them that such abusive behavior works.
That is very interesting, thanks for sharing that information. I never did use Chrome other than testing it out for less than a day, finding issues with various sites and uninstalling it. Firefox instead since it was in beta (Phoenix) and never left. Never had a real problem with it.
I do use Gmail, and don't have any but have long planned to move to Outlook.com.. perhaps knowing about this ShadowDOM issue will spur me on to make the move.
Google only has one product that's truly best-of-breed (Maps) and I don't mind using it, but don't want to be entirely in any one vendor's ecosystem. I would say Youtube is the best of its kind, but it's really held up by its community, not functionality as Maps is. Outlook may not be the absolute best for privacy either (it's also no-charge), but it at least gets me to a place where I'm well diversified.
Google Maps, Youtube, InoReader, Outlook, DuckDuckGo all on Firefox with containers is a good enough of a spread for me.
Enough people use Gmail and YouTube that maybe it would make sense for Firefox to add support for ShadowDOM V0 API? It might not be a W3C standard, but if Google uses it heavily then it's a defacto standard.
They could, except that would effectively show Google that it can dictate what other browsers implement, alter its products on rapid basis to regularly break them etc. and at that point there's almost no point to an alternative, since we'd we're fully back in the IE era again, which is why I don't think it's a good idea.
If one cannot avoid it, I think it's a better idea to create Chrome desktop shortcuts for Gmail/YouTube and use Chrome exclusively for that, if you cannot use a desktop email client for Gmail and VLC/mpv/youtube-dl for some reason.
Firefox doesn't have the market share to push back on Google. The best way for Firefox to grow is to make the best browser from the user's perspective.
I get that, but this seems like controlled opposition.
Moreover, once you give in on this, what's Google going to do next? Use APIs only in Chrome that Mozilla needs to implement only after they're made public in Chrome by literally looking at the source code? There's always going to be a lag if that's the dynamic, so there's always going to be the perception that Firefox is behind.
Moreover if Firefox adopts it, it makes it more likely to be adopted by Apple too, since Google's now not the only kid on the block to support it and now you turned it into a de-facto standard.
Mozilla already partially caved to Google in pursuit of the "best browser" as perceived by the average user. That was on DRM. Now I say partially because at least they made it opt-in, but so they caved and next Google came up with this thing.
If you going to keep paying ransom, you're going to have a lot of hostages.
> IMHO, the rise of Electron just reinforces Chromium's status
+1. I'm hopeful of Servo. So far it (ServoShell) also a good 50MB smaller than Electron which would be a very good reason for developers to switch. It'll all depend on API compatibility at the time of release I guess.
Interestingly, this is the opposite of my experience. I browse solely on Firefox and don't encounter sites which only work on Chrome at all (at least as far as I can remember right now). I wonder what's different between our browsing habits that's causing this.
What sites?
I was doing some work with very large data sets in Google Sheets last week. I started hitting row and cell limits. Personally, I think a database is more appropriate for what I was doing, but spreadsheets are more grokable by non-techies.
In Firefox, macOS was showing 4+GB of memory usage and formulas would take hours to run. I switched to Safari where memory usage was closer to 1-2GB, but it had this habit of refreshing the page as soon as you switched away (before a formula would finish running). I finally switched to Chrome and memory usage was about 1-2GB and heavy formulas behaved in a way more predictable manner.
Do you have examples which aren't Google sites?
Is that really relevant? I'd be happy if you could point me to a more capable tool. Zoho and Excel Online have never really made it onto my radar, but if they perform better in this situation I'd check them out. A lot of people are tied to the constraints they have.
Using both for years, Chrome has just been faster and more reliable. I don't do web dev professionally, but I use multiple browsers in tandem and often try to use one full time every once in awhile. On my old laptop, I'm pretty sure Chrome was the only one to support webGL for whatever reason. At work we're stuck with Firefox 38.3.0 ESR (Cent6/7) and Prometheus Alert Manager (and I also believe Prometheus graphing interface) has broken widgets, but Chrome works. Chrome has always seemed to better support the very few websites that require crazy performance. This was even the case when we would have an ancient version of Chrome and a new version of Firefox. It sucked when Firefox switched plugin architecture and Google Hangouts never added support. Now Google Meet does not support Safari.
I'm not saying any of these comparisons are "fair" but its what I deal with day-to-day.
> Is that really relevant?
Kind of, only because Google uses the ShadowDOM API to break its product on competing browsers and playing into it will only reinforce this behavior.
I get issues almost daily with well respected sites not working in Firefox.
Today I'm browsing the Adidas website, and the images don't load for any of the products in Firefox.
https://www.adidas.com/us/ultraboost-all-terrain-ltd-shoes/B...
Apparently they're WEBP images and my version of Firefox (version 64) doesn't support them, but searching online I read that the upcoming Firefox version 65 is suppose to fix that issue.
Strangely enough, the images were working fine a few weeks ago on the Adidas website, but I had a different Firefox issue. When I clicked the images to see the fullscreen view and zoomed in, they wouldn't pan or drag correctly, so 80% of the image was hidden off the screen. In Chrome, they worked as expected.
That's one example, but as I said, I get these kind of issues almost daily from companies that should know better. I still primarily use Firefox because I have no trust in Google, but I'm forced to open Chrome on a regular basis to resolve random quirks.
> Apparently they're WEBP images and my version of Firefox (version 64) doesn't support them
I loaded the page with Firefox 65 beta and all the images worked for me. The site doesn't seem to be serving WebP images to Firefox. When I checked all the image types via Page Info they were mostly JPEGs with some PNGs and one SVG image.
There's probably some other reason why the site is broken for you. Have you perhaps changed your browser's user agent string and so the site is giving you WebP images because it thinks they will work?
It's a pretty standard Firefox installation (I also tried disabling uBlock and resetting my privacy settings), and I just confirmed the user agent looks normal, Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0. I think it broke when I moved last week from one EU country to another. Why that would make a difference, I don't know, but Adidas is now serving me WEBP images in Firefox 64 regardless of my browser settings, whether I clear cookies, use a private window, or choose different regional versions of the website.
So, I'm left scratching my head and using Chrome to browse the site.
I'm on Firefox 64 and all the images load for me.
I'm using Firefox 60 in this Debian VM, and that site is definitely serving WEBP, which I can't view (on anything).
I am able to access the website just fine. All the images show up for me (Firefox 64.0.2).
My own personal anecdote is that Firefox spins my laptop fans audibly, while Chrome does not.
I was working on my taxes last weekend and I hit a bunch of them. ADP, the 401K and FSA provider sites, Aetna, and a 529 saving plan site are all ones I can think of off the top of my head.
What are the advantages of Chrome over Firefox?
You get to view ads, apparently.
Translation is the only thing I open it for. The Google Translate website doesn't work as well as the real time functionality in Chrome.
Firefox does not stack tabs like Chrome does and does not load all the restored session tabs at once either. Aren't these dumb design decisions enough to switch to a product where people actually think about how it's going to be used?
> does not load all the restored session tabs at once either
As someone who always has too many tabs open, I consider this a plus.
I do however think you can disable this in about:config : browser.sessionstore.restore_on_demand
also, if you use Autodiscard plugin, you will find that FF use less RAM and Ru. more faster. Essentially discard and suspend tabs that you aren't using.
Laying all the trans at one cripples my core i8 system for some time. Firefox's lazy tab loading is a much better user experience. Together with TreeStyle Tabs and the recent multi-container add-on, Firefox is just a better experience.
I used to be a fanatic about tree style tabs, but due to the new api, it's unusable with containers. I recently switched over to vertical tabs for that reason. I miss the tree layout, but at least now my tabs maintain their ordering.
All of my TST issues have been related to the layout cache. You can disable it if you right-click the toolbar icon.
Thanks for the heads up. I'll play around with it sometime later this week. I would love to have it working consistently again.
What are you talking about? I've been using TreeStyleTabs with containers for a good year or so.
I'm sure you're aware that not every user will have the same experience with a piece of software. There are a couple of bugs referenced in the Github issues for TST relevant to containers. There is a workaround, but I experience the issue again within a half hour. Not worth it to me.
Alright, it's just that the phrasing - blaming it on the new API - made it sound like an inherent flaw that would affect everyone, which definitely isn't right.
> and does not load all the restored session tabs at once either
For what it's worth, Chrome stopped doing this for me in a recent update (I think version 71).
.. and Chrome doesn't have container tabs, which for me are a killer feature.
I use Chromium on linux because Firefox doesn't have touch-screen support and smooth-scrolling feels a little rough. I wont hesitate to switch over if these changes are made though.
I've had great success getting touchscreen scrolling to work with https://superuser.com/a/1155441 (Surface Pro 3 running KDE Plasma)
Add 'export MOZ_USE_XINPUT2=1' to ~/.xsessionrc and disable “Use smooth scrolling” to get the real smooth scrolling.
+100 This is the first setting I change on a new Linux laptop install.
You can also disable smooth scrolling only for the touchpad in about:config to keep the animation for scrolling with the keyboard. Search for "smooth"; I think it's the mouseWheel one, but I'm not at home to verify.
I find the touchscreen support to be pretty good with Fedora's patches running on Wayland. I think these patches are slated for upstreaming, so get excited!
Disclaimer: I contribute to Firefox and enjoy it quite a bit.
>Firefox doesn't have touch-screen support
On Ubuntu and Kali (both debian-based), it most certainly does.
I know. Apple, too. Can't get more closed and locked-in (outside of Oracle).
Chrome is still the best performing browser (even if it's a resource hog).
I tried using Firefox for Linux for about 6 months last year, but had to give up. I got frustrated with the random UI pauses/latency, random crashes, and broken web rendering (not its fault). On the other hand, Chrome just works, and provides a very smooth, low latency experience on Linux. I don't like that I have to give up my privacy for a decent browsing experience on Linux, but that's the state of things.
To be fair that seems anecdotal. I've been on Firefox since v57 on Arch Linux with no major issues.
Yeah, it's totally anecdotal and just my experience. I would really like to use Firefox. I may try it again. Quantum made such a big improvement on Linux which is why I gave it a shot and stuck with it so long. But it still had issues for me.
Out of curiosity, what distro, display server and GPU drivers do you use?
Arch/X/Intel.
Hmm...that is super strange then. Intel has definitely been the most solid for me when it comes to GPU stability, including in Firefox. I primarily use a workstation with an AMD GPU, but have a secondary laptop with Intel and had no issues with Firefox there whatsoever. I am also on Arch. The only time I ever experienced frequent crashes was when I was testing the Wayland build early on, (they still happen sometimes on Wayland, which is still experimental in Firefox, but on X things have been solid for me).
I am honestly perplexed what the issue could be then, I was sure you were using an NVidia with the proprietary drivers or something like that, as such setups have caused me trouble in the past.
The only thing is I wouldn't recommend turning on WebRender for everything yet, but it's not on by default so I doubt you had it on.
I'm currently running the experimental branch of Firefox on Linux and IMO things have improved a lot since then. I had similar issues, especially with tabs that crashes / get stuck when watching 3 or 4 twitch streams. With the latest releases almost all has gone away (cant remember any crashed tabs in the last few months).
The dev console is better than Firefox one. It's faster. Minimalistic interface is great. HOWEVER - Firefox console is catching up. Firefox is fast enough. Chrome is getting more and more bloated and interface is starting to suck compared to initial version of Chrome. Now they're trying to do stupid things and promote ads more and more. It gets worse every day and hopefully, they'll screw up to the point it dies. I loved Google before, now I'm disliking them as much as I do Facebook. I root for Firefox, but it's still not there yet.
Guys who maintain Firefox - thank you. I hope I'll join the FF users once more in the near future.
Most young devs use a mac. And from what I understand Firefox is slow on macOS.
It's still slower than other platforms but it's much faster than it used to be. I've been using Firefox exclusively on OS X / macOS for a year. The only problem I've seen is that it sometimes uses more CPU than is reasonable, which often appears to be due to Gmail's terrible implementation.
Since they made the big changes and become faster, I found Firefox faster that Chrome, except for Google pages.
Chrome is notoriously power inefficient, though, relative to Safari at least. One would think developers would notice.
It's hard to notice power efficiency when you always have your laptop plugged in.
Sorry Google, I feel "icky & gross" when you use me.
Most of my logins have been syncd via Chrome. Makes logging into a new computer a breeze, or if I need to borrow someone else's stuff really quick.
Firefox also has password/history/bookmarks sync between devices.
I've always wondered how Chrome and Firefox password storage fare in safety. Are they both equality trustworthy? Are the encryption technologies comparable?
You can read about Firefox Sync here: https://hacks.mozilla.org/2018/11/firefox-sync-privacy/. It is also possible for you to run your own sync and account servers: https://mozilla-services.readthedocs.io/en/latest/.
I assume that Chrome has a similar design, but I'm not familiar with it.
auto-fill of CC/billing information is the feature I wish FF had.
Firefox has this in nightly too (possibly only in US). It's been there a while and works well, I don't know why it hasn't moved on from nightly, to be honest...
I use the BitWarden Firefox extension for this.
I've been using 1Password for years now, and it has extensions for both browsers. Now I'm portable and not locked into a single browser. I had a friend nag me for a long time because I was too lazy to try it out. Once I did, I have never regretted it.
Use an extension instead. It's more portable, you have control over it, and don't have to feed Google more data.
That's really how I feel about all browsers since Opera did a U-turn and re-made their product into a Chrome clone. Firefox can get quite close with a bunch of add-ons, but not enough.
The great dev tools and overall design is pleasing.
frankly, I love the UX and developer tools in Chrome more than FF... however, this would have me jumping back to FF as my daily driver.
On second thought, I might switch to Brave like I did on mobile.
It's a better browser. It's faster, more cutting-edge features.
Check their dev blog, they add cool features every couple of weeks:
I think chromium devtool is still much better than firefox's ones.
tbh, nobody gives a shit what "hacker" communities think, that is precisely why Firefox exists
It's Chrome devtools really
I'm invested in the Google ecosystem, and have recently got myself a Pixel Slate that I carry everywhere as my primary computing/ media device (no more separate laptop and tablet). It would now be silly of me to use Firefox in place of Chrome. Moreover I have got nothing to hide, so all these privacy-fears don't concern me; in fact I often feel like they are being overblown.
I'm sure you believe that's true, but I suggest that your belief is based on a certain confidence that the people pouring through your data are fundamentally acting in good, or at worse neutral faith.> I've got nothing to hide.However, if this data ever gets into the hands of someone acting in bad faith, even the most innocent behaviour can be weaponized against you. Let's say, for example, that you are wrongly suspected of committing a crime, and the investigating police are more interested in cooking up a conviction than determining if you actually did it.
All sorts of details about your life can be leaked and "spun" to make you look very, very bad. You went to a bar on a certain evening? So did these known crime figures. Were you meeting them?
You spend time on Hacker News. HACKER NEWS. You could find yourself the target of a smear campaign designed to turn public sentiment against you.
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."—Cardinal Richelieu
If you hand over your data without hesitation to a nation-state or to powerful and unscrupulous corporations, I believe you will discover that there is no such thing as "nothing to hide."
That's not an unreasonable point, but with that alarmist logic why are you then not living off the grid?
This seems like a fallacious argument in that you’re attempting to conflate “alarmist” with “extremist”.
Someone could be alarmed about the state of privacy in society and not want to take an extreme action.
It seems entirely reasonable to want to remain a part of civilization and advocate for change on a topic you are passionate about.
Because the only 2 possible options is to hand over all your data or live off the grid
People who feel that they have “nothing to hide” don’t quite understand the extent to which they’re being mined for personal data. Google offers all of this amazingly polished software for free so naive people like you will feed them your browsing history, email, location and search queries. They will then monetize that data by targeting ads to you, which generates over 80% of their revenue.
If you are ok with that and still think you have nothing to hide, ask yourself if you’d be ok with this trove of data ever being exposed publicly.
Ever googled something embarrassing? Perhaps a medical condition or symptom? Sent a very personal email? Visited a less than savory location, or lied to an employer about your whereabouts?
I’d be willing to bet most people have some data that could be weaponized for blackmail.
Surely many people (especially the ignorant) will find Google’s products and services “worth using” but privacy concerns are anything but overblown.
I did a factory reset on my Android phone today and was depressed when I realized the vast number of settings I have to change in order to get even a small semblance of privacy. App permissions, location history, disabling of default apps; the list goes on.
> ask yourself if you’d be ok with [your browsing history, email, location and search queries] ever being exposed publicly.
I already did, and the answer was "Yes, I'd be okay" (although the likelihood of that happening is extremely rare).
> Ever googled something embarrassing?
Use incognito mode.
> Perhaps a medical condition or symptom?
I have only one medical condition, which I'm not embarassed to talk about publicly (I already do it).
> Sent a very personal email?
I rarely send "very personal"/ intimate information over email in lieu of just talking over phone.
> Visited a less than savory location,
Never in my life.
> or lied to an employer about your whereabouts?
I never had to do it (why would I?).
> I’d be willing to bet most people have some data that could be weaponized for blackmail.
If--note "if"--I were to engage in an activity that could potentially be used to blackmail or harm me in any way, I would of course be doing it in as private manner as possible. However it would be silly to spend the rest of my normal life cowering and being phobic to technological advances.
> Surely many people (especially the ignorant) will find Google’s products and services “worth using” but privacy concerns are anything but overblown.
You confuse being naive (in its original sense of the word) with being ignorant. But I guess that's what fear does to one.
>Use incognito mode.
All this means is that it's not stored on your computer/history. This doesn't mean Google doesn't still have everything from those periods.
Google does not track your incognito history and cookies unless you actually sign-in to your Google account in the incognito window of course.
Of course they do.
Yes, they are likely tracking users in incognito mode. You're still loading google analytics or doubleclick resources on many, many sites. Merely making that request (or any request to a google property) gives them your IP which is static enough to identify a household or corporate complex based on previously gathered data. From there these javascript libs phone home every bit of data they can from your browser, including UA string/browser minor version, plugins, resolution (fingerprinting). This can further narrow things down to an individual device you have used before, especially if you're just popping in and out of incognito.
Google also operates some of the most popular DNS services 8.8.8.8,8.8.4.4 which can capture domains you query from your IP.
There are various measures you can go through to stop this to some degree, like DNS blocking, client-side ad/tracker blocking, VPNs etc. but to go all-out is very cumbersome and I'm not convinced that it would even be 100% effective. Google's business DEPENDS on collecting your data and tracking you, and they are very, very good at it. I highly recommend reading "The Age Of Surveillance Capitalism".
Do you have evidence? Or is it all just fear mongering?
Here is a recent article suggesting that that's at least somewhat true:
https://www.theverge.com/2018/12/4/18124718/google-search-re...
Somewhat true, but not actually true.
This is a flawed study by a Google's competitor (the for-profit organization called DuckDuckGo). FTA:
> Following the study’s publication this morning, Google told The Verge in a statement that it found the methodology flawed and the findings misleading. “This study’s methodology and conclusions are flawed since they are based on the assumption that any difference in search results are based on personalization. That is simply not true,” a Google spokesperson said. “In fact, there are a number of factors that can lead to slight differences, including time and location, which this study doesn’t appear to have controlled for effectively.”
and:
https://twitter.com/searchliaison/status/1070027261376491520
Facts won't change being facts no matter how many times you downvote them. :-P
It is a shame that you are being downvoted. I (like a lot of people here) disagree with you, but you have a point of view shared by a lot of people. It's an important point of view to consider and engage with because my impression is that it's the majority view from the population - based on their actions, they don't care about their data privacy if it gets them gmail for free.
For a lot of people they possibly hold that view due to a lack of understanding about the situation, but some people like you understand the situation and still are OK with it. That's an entirely reasonable point of view which should be eagerly debated with.
> It is a shame that you are being downvoted. I (like a lot of people here) disagree with you, but you have a point of view shared by a lot of people.
People are notoriously bad at acting in their own best interest. I recall reading a forum, where a guy asked for medical advice, because he was diagnosed with fibrosis (his lungs basically got scarred all over). His work required him to continuously inhale toxic exhaust, and he wanted a way to avoid further health complications (but keep a work!) because "the pay was good".
Fibrosis causes you to cough non-stop and significantly increases probability of dying from lung infection. Compared to that, using Google's products does not result in any visible long-term effects on health. Therefore, it is natural to conclude, that using Google's sites and services is safe, healthy and should be widely encouraged. It does not matter, that Google uses anti-competitive practices to monopolize market, restrict user freedom and lead us to future, when we won't be able to refuse shoehorned "services", shoved in our face, right?
Please stop with those creepy "understanding" antics. Encouraging self-harm is bad, and wishing to view advertisements is definitely a form of self-harm.
This is such a patronizing point of view.
You are essentially deciding for me that what I choose to do with my technological choices is "a form of self-harm" (when in fact I only experience total pleasure).
Is it really that hard to comprehend that, when one does not share the alarmist feelings of the crowd, they will make intelligent choices based on personal preferences?
> Moreover I have got nothing to hide
Don't mean to insult you, and some people just have an easier time opening up about everything, but a life with nothing whatsoever to hide sounds limited, uninventive and uninteresting.
No insult taken.
> a life with nothing whatsoever to hide sounds limited, uninventive and uninteresting.
Ever familiar with the phrase "un unexamined life is not worth living"? Here, of course, the thing to be examined is your belief that a life with nothing whatsover to hide is limited, uninventive and uninteresting.
The right to free speech is important even if you don't have anything to say. Privacy is no different.
> I have got nothing to hide
So if you don't mind would you share some nudes, your CC numbers and your medical history with us?
What about his address, and his family and friends' addresses, as well? What about his income, where he works, the time he leaves for work and the time that he gets back? And the street he grew up on and his mother's maiden name?
> It would now be silly of me to use Firefox in place of Chrome.
Why? In what ways is Chrome more useful than Firefox on Chrome OS?
Chrome is deeply integrated in ChromeOS devices (should be obvious from the naming), of which the Pixel Slate is what I own. A bunch of PWAs (arguably the future of android apps) also require Chrome.
Moreover I use Chrome to sync my Google account, including passwords (which I can't live without) and browsing history.
Moreover I have got nothing to hide
That's not your call to make.
what?
People who own more guns than you do are the ones who decide whether or not you have "something to hide."
It fast. That most important thing.
Firefox with uMatrix will smoke Chrome without it, in nearly any real world use-case.
This is an excellent point. There is absolutely no way a browser which loads and executes ad-loading and tracking script can be possibly be faster than one that doesn't.
It's the same reason why Firefox for Android it's faster that Chrome android
Yeah, even with all the speed increases from the rewrite, Firefox still feels awkward and slow at times when compared to Safari and Chrome. Every time I decide to try and switch over from Safari, I get pages where scroll performance is a lot slower than what I'm used to and then I get bothered by it and switch back.
It annoys me because I really want to use it. I'm very happy that we have it and I hope that the wider community will hold Mozilla to account every time they try something shady to protect the best free and open browser we have. If we lose Firefox, we lose the Internet to corporations.
This is strange, because Firefox is much faster than Safari for me. Have you tried Firefox Nightly?
I haven't but I'll give it a shot, thank you!
If you want to try their experimental GPU rendering (webrender) you can enable it via about:config -> gfx.webrender.all = true
It works well on windows, I don't know how far the mac support is.
Note that the WebRender can only be enabled in the Firefox Nightly channel. To confirm that it's working, flip the pref, restart Firefox Nightly, and then search for "WebRender" in about:support.
WebRender does work on macOS (and Android and maybe Linux), but Mozilla is prioritizing a Windows MVP first (because something like 90% of Firefox users are on Windows). Work on macOS, Linux, and Android will then resume.
Also good to start with a fresh profile[1], lots of times you may have some cruft built up in an old profile.
1: https://support.mozilla.org/en-US/kb/profile-manager-create-...
> I'm very happy that we have it and I hope that the wider community will hold Mozilla to account every time they try something shady to protect the best free and open browser we have. If we lose Firefox, we lose the Internet to corporations.
Yet how long will we have it if everyone keeps using excuses to continue using Chrome?
Firefox on Windows is no slower as far as I can tell, and renders fonts better.
Firefox on Mac is noticeably slower.
In my experience Firefox on Mac got a good amount faster in the last year.
Agreed. While I still use it, Firefox on Mac just hangs on some js-intensive sites.
Came upon this review the other day, that placed Firefox on #1. Didn't read the detailed report (I'm on FF and feeling happy), but maybe worth a look: https://www.toptenreviews.com/software/internet/best-interne...
Hey, you should give w3m a try then.
Icky, gross and violated.
I am pretty sure that most of the people using firefox right now are from the hacker communities though.
I find it rather odd that Googling "uBlock Origin" from Firefox does not return links to addons.mozilla.org - at all. The top result is of course the Chrome addon. The third result is the website for "uBlock" which is the unmaintained fork. Three pages in and you're getting dubious-looking repackaging sites, but no official addon.
How on Earth does "Comorbidities Associated with Plaque Psoriasis | Dermatology Times" on page 10 have a higher PageRank and relevance for the search query "uBlock Origin" than https://addons.mozilla.org/en-US/firefox/addon/ublock-origin... ?
That's sort of weird. Searching DDG for "ublock origin" gives me:
1. Chrome web store
2. ublock.org
3. Microsoft store
4. Wikipedia
5. Mozilla addon, and finally
6. Gorhill's github for ublock origin.
Can we finally say that DDG is better for some searches than Google?
>Can we finally say that DDG is better for some searches than Google?
I think we're close. For some things, it's still not the best but instead of going to <insert another search engine here>, I try to modify my query to scope to what I'm looking for.
In a crude example, if I'm looking for the "LoadCrashDump" method,, which is specific to ClrMD[0], I can simply construct my query as "ClrMD: LoadCrashDump".
[0] - https://github.com/Microsoft/clrmd/blob/ac36603e37ef7c8ba05d...
Bing pretty much returns the same as the above
Not too surprising, since Bing is one of the engines DDG uses under the hood.
I had to go to the last page and click "repeat the search with the omitted results included" to make it show up at all. After doing that it was the third result.
Yep, made the switch to Firefox with DuckDuckGo little less than a year ago. It was surprisingly fast to get used to and I haven't been more at ease since. I highly recommend trying this out for at least 1 week for everyone out here!
With the news that Edge would switch to chromium, Firefox is really the only thing preventing a complete web browser monoculture. Support Firefox if you can!
Thanks for the reminder. I try to give a little to Mozilla and Wikipedia on a regular basis. So far they are living proof that there is a way to make this whole mess work at a high standard of quality without resorting to the advertising model, which seems to become more heinous by the day.
Please everyone help the other options survive, even if you don't personally like them or use them. There is no way legislators are ever going to catch up on their technical knowledge enough to manage even the most blatant monopoly. Who am I kidding, they wouldn't care anyway. Somebody has to get in there to offer competition and keep things honest. Having options improves all of the options.
Edge moving to Chromium has handed Google a lot of extra power which gives them the ability to make changes like this.
> Firefox is really the only thing preventing a complete web browser monoculture
WebKit?
I use Safari as my preferred browser and I'm really happy with it, it's become a lot faster with each update, noticeably so. But I don't trust Apple any more than I trust Google to fight for a free Internet. We need an open browser.
We sure do, but Apple is trustworthy. Their business is not grabbing user data but keep it as private as possible. That sells devices.
Trading Google overlords for Apple overlords does not seem like an upgrade.
With Apple, you're the customer, not the product. For one, Apple defends and doesn't sell your data.
Unless you happen to live in China.
> For one, Apple defends ...
It's fairly likely that's just PR. They're a US headquartered place, so would have to comply with NSL's (etc) just like every other US company.
Yes, they have to comply with NSLs. Difference though is the level of data they harvest on you. Google's business model requires they harvest as much as possible and in a way they ensure they can read it. Further, the bigger risk to most users is not NSL's, it's having some dodgy ad-corp buy your data and sell it to even dodgier companies.
> and sell it to even dodgier companies
And banks and insurances for credit ratings. And for screening companies, that are contracted to evaluate your job application on basis of your purchases, locations and so on
That's totally fine, but it's still disingenuous to claim that Firefox is the only other browser out there.
Chrome------------------64.15%
Internet Explorer--------10.83%
Firefox-------------------9.89%
Edge---------------------4.30%
Safari--------------------3.80%
Opera--------------------1.58%
Safari will survive since Apple is their patron. Obviously Internet Explorer is only a lumbering undead husk at this point, and it's pretty shameful that it's still outgunning Firefox by a small amount. Even more sad that it's got over twice as many users as Edge, lol.
Your numbers are off by a bit.
I work for a website with around 1.2 billion annual pageviews. Mobile Safari is about 55%, Chrome (mobile & desktop) 35% and everything else gets the leftovers. Samsung browser is growing fast while IE, Edge, macOS Safari and Firefox are rounding errors.
Kindle browser does better than IE. It’s amazing how far and hard it's fallen.
These numbers do not appear to include mobile browsers. Mobile browsers are just as important as desktop browsers these days, because a lot of people use them as much or more than they use desktop browsers.
If you include mobile browsers, Safari's market share is closer to 17%, which makes it the #2 most popular:
https://netmarketshare.com/browser-market-share.aspx?options...
Ah, I was getting my data from the same site but I forgot to toggle mobile browsers. Wonder why that's not the default option? That's silly.
This is fantastic, actually. It flies in the face of end users, and there will be blow back.
Power users won't stand for this sort of thing and will switch to Firefox. Firefox, in turn, will gain greater development mindshare.
In aggregate, these privacy and "ads above all" stories will continue to taint the Google brand. Many of my layperson friends are starting to worry about their privacy when using Google products--it's a good thing!
I really don't understand why people prefer Chrome to Firefox, it's a better browser all around in my experience.
I use FireFox full time, but I think it's inferior to Chrome. It's uglier, slower and clunkier. I use it because although I'm more than happy to hand a lot of my digital life over to Google (and I'm really not a zealot about this), the ability to observe every single web site I visit ever and every interaction I have with those sites is just a bridge too far.
Prior to 60x I would agree, but nowadays I personally prefer the look and feel of FireFox. I haven't noticed any real clunkiness outside of Google sites like Gmail either. Chrome might still be smoother, but I haven't used it in over a year now, and I don't miss it. That's the key part for me, FF works well enough that I don't feel like I'm settling.
And I completely agree with you regarding ideological reasons to use FF. You don't have to be a zealot to value your privacy.
Also a good time as ever to donate to the Mozilla Foundation. They are basically our last hope at keeping the web open as we know it.
I’ve been off of Chrome for almost a year. Don’t miss it at all.
Someone correct me, but can’t ad blockers just be installed through the OS and not be dependent on the browser?
I recall this is what I had to do for Safari since there wasn’t a supported extension for the new browser yet.
This would lessen our dependency on a browser for ad blocking in this ongoing browser war.
You can block the network calls to ad networks on the OS level by intercepting the DNS requests. That's a lot cruder and less flexible than the fine grained control over the DOM provided by a browser-based ad blocker though. If DNS level ad blockers became prevalent websites would also move to circumvent them, which would be a lot easier than with browser-based ad blockers.
It's better to just not let a browser that's user hostile enough to prevent ad blocking win a browser war.
That doesn't get you close to what umatrix offers.
I can throw facebook's servers into my hosts file, but what if I want to permit connections to facebook servers if and only if I am on facebook.com? uMatrix makes that trivial.
That can only do blocking at a coarse dns level. The browser extensions do a lot more. If you want to do everything at the OS layer without browser extensions, you'll have to MITM your ssl connections by trusting your CA and set up a parallel engine that does what extensions do right now.
Congratulations, you have correctly identified the reason Google is pushing DNS-over-HTTPS via Chrome.
I think it can be done through /etc/hosts or similar yes? The downside is maintaining the blacklist, but I believe it’s still doable.
how does this interact with TLS, particularly DNS over TLS? An OS level http proxy would have to MITM the TLS stream.
I worry that Mozilla will copy the API changes ("for compatibility!") and disable ublock on Firefox too, as Mozilla gets most of their funding from advertising companies too.
If the new API get's ported (which is likely to happen), it does not mean the existing API will get crippled. After all, they are different implementations and it's Mozilla who's behind that. I trust them to not deprecate the old API until all use cases, especially concerning privacy, are taken care of in the appropriate way.
Let's hope I'm right. :)
They didn't care too much about making APIs equivalent the last time they broke everything API related.
The question then will be which fork of Firefox becomes the most popular.
In time it will go the way of edge. Reimplimenting the same features over and over makes no sense.
I really want to like Firefox, but it has basic bugs that make it unusable for me. E.g. waking up macOS from sleep, or switching between two active users in macOS stalls Firefox regularly and requires restarting it.
To defend Google a bit, it looks like the change is being put in place so that users would have more privacy – by stopping extensions accessing all active URLs.
In essence they are copying what Apple did with Safari and their content blocking APIs. In this model, content blockers provide the browser with a set of blocking rules and the browser executes them against pages during render & load. Ad blocking can occur and privacy of what the user is viewing is retained.
Sure it's more restrictive and yes will likely break existing adblockers, but it's probably a better model for the future.
There will be arguments that you "can't do what is necessary" to create effective adblockers. That's incorrect.... I've created such an adblocker [1] using the Safari methods and its efficient, effective and high performance – including loading some sites 2x faster.
So Google is going to help me have more privacy by preventing me from letting extensions I want to run from having access to data I want that extension to have, so it can do a job I want it to do. Meanwhile, Google's software will of course have full access to everything I do online, and most of my data will live on Google servers. And the extension that I want to have access is also downloaded from Google servers. And the extension is open source, so I can totally check it for problems, or believe people I trust who vouch for it. Of course, I can't do that with any of the code on Google's servers, where basically everything I do all day, everything I read, everything I search for, and all my emails and documents are.
Got it.
I used to vouch for AdBlockPlus, sometimes extensions change for the worse. They can he hijacked too. HN readers are a small subset of Chrome users. There are many malicious pages out there that attempt to get you to install malicious extensions and the average user will blindly listen. Most people will not check the source, or even reviews.
Sometimes browsers change for the worse too.
Yep, when chrome started forcing "logins" to the browser whenever you log in to their services, I knew it was time for me to stop relying on Google's browser.
Do you even hear the completely irrelevant cynicism? let's all go jump off a building.I used to like 'other thing', and one time 'other thing' changed. It went bad so therefore 'thing you are talking about' could go bad too. Other unrelated grouping is a small part of bigger, more important grouping. There are many bad places that try to do many bad things and bigger, more important grouping will listen. Therefore, existing and functional solution that is currently being broken here is irrelevant.
When Google takes the approach you want, they are vilified for "letting third parties access your data" - as in the Gmail "scandal" a few months ago.
If you let users do whatever they want, they will often shoot themselves in the foot. It's a tough balance.
Gmail users let third parties access their data, i.e., their e-mails. We should not blame Google if Gmail users can decide whether a third party can access their e-mails.
Well too bad, because there were news articles shared all over the place and crazy outrage. People were calling for fines or for Google to be broken up.
Or look at flashlight apps that steal your text messages. People shout and scream that Android shouldn't permit this or that Google shouldn't have them on the Play store. But pull a lever to make these things harder and suddenly it is about freedom and how Fdroid is the only good store.
Sorry for being behind in the news. What's this Gmail "scandal" you quote from a few months ago?
Not nearly as big a story as Google taking it out on the most efficient and effective browser protective filter, uBlock...
Excuse me if I don't buy the BS excuse that an ad company limiting adblockers is somehow for my own protection.
This change isn't about one open source extension. It's about all extensions and protecting users who blindly click through permission prompts.
While we're at it, we should require every $20 bill a person has to be attached to their belt with a long rubber band. That way they can pull the rubber band and get their $20 back, since apparently it's necessary to protect people from randomly handing out their $20 bills.
Do you need to shill your product every gosh darn time this comes up?
NO, your product is not a good replacement. You do not have custom rules, you can not block annoying elements, no it is not faster than Ublock and no, it is not even close to the feature set of Umatrix. And you can not do these things, because your product basically ships an ad-blocking list, and is not a fully featured ad blocker that gives control to the user over what to block.
You have just added white lists of websites. As Beta. For Pro subscribers. That doesn't even remotely compare to the permission feature set - in the hand of the USER - of UMatrix or Ublock. Your Adblocker would not even be functional for someone visiting non-English pages.
YOUR extension will be caught by anti-adblocking scripts all the time.
Please stop. Every time this comes up you post the same thing. Stop deceiving people.
You CAN NOT build an equivalent product with the Apple API, and you have certainly not done. No Matter how often you claim this!
By the way, Ublock, a product vastly superior to yours, is free.
It doesn't actually provide any privacy at all, it simply removes the possiblity to block and leaves the events to be observable.
> In Manifest V3, we will strive to limit the blocking version > of webRequest, potentially removing blocking options from most > events (**making them observational only**)The line about privacy is bullshit.
This change is clearly targeting aggressive ad-blockers that are too dangerous, too capable to circumvent via anti-adblocking technologies.
And Safari's content blocking is a piece of shit that's too limited and that's easily circumvented. It's in fact the weakest adblocking capability around and doesn't pose a threat to publishers.
If I want privacy from an extension, I don't install it. I can't do that realistically with a website as I need to visit it to determine whether it violates my privacy.
Running an extension is running code I trust (mostly). Visiting a website is running code I (inherently) don't trust. Many websites even have no idea which code they run on my machine (advertizing networks).
How do you respond to the comment (#23) from the author of uBlock Origin & uMatrix describing the filtering capabilities that will be lost under the proposed declarativeNetRequest API?
Many similar concerns were raised when the Safari API changed, in this case some of the specific limitations and concerns re the declarativeNetRequest approach may be valid – if so, I'd hope that the Chromium team take them on board and improve.
I think the concern re the 30,000 rule limit is misguided. Many of these adblock rule lists are extremely inefficient and should probably be pruned to have less rules.
Extremely good and effective adblocking across most websites can be achieved with significantly less rules.
I personally use an adblocker not only to block ads, but also to block literally everything I don't like. In most websites, this means the social buttons, the comments section, all search functionality, anything in the header or navigation I won't click, related articles, top articles, other recommended articles, footers, links to privacy policies, parts of bylines that I don't care about, header images when I don't like them, posts in certain categories that I don't like, etc. I use filters to, for instance, block Slack links containing domains I know I'm not going to click. I have over 3,000 rules. I wrote the rules myself to be maximally specific and I am not confident that I could prune the list significantly, although I guess it's possible.
It would not surprise me if ad lists are substantially longer, because they have to incorporate the entire internet, not just the 0.001% of it that I visit.
I support the goals of efficiency and performance, and think developers should take those goals seriously, but I object when a browser places a hard cap on anything, because the number that cap should be at differs by use case and by user.
Please share your rulelist
1Blocker for iOS can block everything you mentioned and doesn’t get access to your browsing activity to do it.
according to https://1blocker.com/faq/ to have full functionality it gets access to your browsing activity.
That’s actually not possible on iOS. The content blocking framework only allows a third party ad blocker to submit a JSON file to the system and the rules are processed by Safari.
If you are referring to the quote below, that applies to the Mac version. The iOS version uses a share sheet extension that uses an out of process extension where you have to explicitly share the link you want to block.
Safari warns me that 1Blocker Menu has access to webpage content, why? We use this permission in order to get information about current tab's domain when you select whitelist option. Sadly, there's no technical way to request just this functionality from the system, so we have to request full access to webpage content (which may include your sensitive information). However, we understand how important this data is and only use the domain. We do not transmit or process your data in any other way. Feel free to disable 1Blocker Menu if you don't like this (you'll still be able to block content).
Actually the quote from 1Blocker:
> Sadly, there's no technical way to request just this functionality from the system, so we have to request full access to webpage content (which may include your sensitive information)
is incorrect. They could use a share extension on the Mac as well (which we do for our adblocker app) which would give them access to the URL when the share extension is accessed but not give full access to the web page content.
Free Firefox Focus provides iOS Content blocker too, which you can use in Safari.
> Extremely good and effective adblocking across most websites can be achieved with significantly less rules
Both uBlock and uMatrix can be used without any filter lists, simply using a default-deny ruleset approach, optional in uBO[1], main feature of uMatrix.
However, this approach requires a entirely different matching algorithm than the one matching algorithm picked by the declarativeNetRequest API.
---
[1] https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium...
So is your proposal to impose an arbitrary rule on the maximum number of rules and simply have less efficient blocking (with regards to privacy and actual blocking, not performance) until some indefinite point in the future when someone will have potentially produced an equally efficient set of rules satisfying the arbitrary rule?
215,169 network filters + 77,133 cosmetic filters
"30000 rules is enough for everybody"
A good general rule:
If you are planning on providing the functionality in the future please refrain from deprecating the existing mechanism until your replacement is fully complete.
Early access may fly on Steam but in the real world your careless management of the refactoring process is wasting the time of your peers.
Your definition of privacy is misplaced, one extension can get more information about an user from having access to facebook.com, google.com, gmail.com and twitter.com than all the other sites combined; and I'm pretty sure Google know this so this change -and whatever Apple is doing- has clearly other goals in mind.
A question: Would this proposed change mean all Chrome extensions can no longer know what URL I am currently visiting? if so, I guess one company (whose name starts with a S) is gonna be dreading this.
No, only the blocking API is concerned. Observational capacity will remain.
Damn, that's like tossing out the baby, with the bathwater still in the tub. Throw out the good. Keep the bad..
In this case it's clear google doesn't give a damn about the bathwater, it just wants that baby dead. Anybody claiming that google is doing this to protect privacy is either uninformed or deluded.
I never would trust Google to increase my privacy.
>Sure it's more restrictive and yes will likely break existing adblockers, but it's probably a better model for the future.
A good example why "secure system" is, in a longer run, a system with low usability, and little control by the user/owner.
Right now we have ability to block URLs according to any rules, without being limited to whatever the browser author conceived. Perhaps we want to block some URLs based on context, or on content of previous communication, or whatever. Or perhaps pseudo-randomly, to emulate certain problems with the network.
Switching to "more secure" approach limits us to "one true way", and precludes any smart hack we may come up in the future.
It doesn't help that the change feels like attempt to squeeze out grassroots adblockers, and force people to, at best, use the ABP, which allows ad publishers to buy their way around blocks, and onto users' screens.
If uBlock becomes ineffective, I fully expect ABP to be even more aggressive with monetizing access to users' screens.
What is the limit on the number of rules you can give to Safari? Gorhill mentions a limit of 30K and EasyList alone has more than 40K rules.
50k per content blocker. Though a single app can bundle multiple content blockers.
How do you explain the fact ad blockers on iOS Safari so much less effective than uBlock Origin?
Because Apple imposed a limit of 50,000 filters.
On my Mac I have lists which currently total 140,000 filters.
Easy to see the problem.
Well, highly recommend Firefox. Works great after the updates last year and even use it on mobile.
It bothers me that iOS doesn’t support addons to Firefox mobile. But on Android you can even install ublock origin
Which is why I'm all the more disappointed that Mozilla is unable to resist the siren's call either, what with the Looking Glass decision and their tendency to deprecate UX functionality with no replacement (like custom keyboard shortcuts).
... Their totally transparent study system, and turning off hotkeys. You bring that up in a discussion about google crippling ad blockers.
Why does this always happen? Why is it when google commits murder, someone mentions that firefox was caught jaywalking?
"Randomly installing unauthorized addons with creepy messages because marketing told you" is the same kind of error, just different degree.
They also disabled user-provided unsigned addons, even when you authorize them: https://www.youtube.com/watch?v=taGARf8K5J8
Super Metroid in 1992 had customizable keys. Mozilla gets $500 million a year and can't even keep a feature it had 3 years ago. I shouldn't be disappointed about failure to get basic things right, when they're suppose to be the great bulwark against those who wish to control your machine?
In Firefox I really miss the ability to tab-search from the address bar in site-specific search engines. I.e. in order to search for something on Amazon: type "amaz", tab, then type a search term. I didn't find any extensions for Firefox that would provide this feature.
I use ddg's bash syntax for it. !g for Google !a for Amazon etc.
You can create keywords afak, but it's a manual process
iOS might not support Firefox addons, but you can use a system wide ad block app with Firefox.
The "system wide adblock" on iOS has the same restrictions as this new Chrome extension system. It does not support the extension API that uBlock Origin uses.
https://developer.apple.com/library/archive/documentation/Ge...
Not versed in the technical details but 1Blocker X for iOS Safari has prevented practically 99.9% of all ads I used to see in an unmodded Android Chrome before. I've only seen 2 websites have some form of ads in the last 14 months.
Then Chromium's Manifest v3 is for you. Most of the other people commenting here want something more powerful.
>I've only seen 2 websites have some form of ads in the last 14 months.
It doesn't work on reddit, which makes up a lot of page visits for most people. Also, they can't defuse/bypass anti-adblock scripts.
there are dns rule-based adblockers for ios
There's still a feature of Chrome that keeps me from switching - Chrome will show a lot more tabs open. I tend to leave a lot of inactive tabs to come back to later, but that means I need to see them all.
Install Tree Style Tab on Firefox. Moves tabs to a tree on the left. You can see a lot more, and better organized too. In the era of landscape screens, I think it's a must.
https://addons.mozilla.org/en-US/firefox/addon/tree-style-ta...
For native vertical tabs, you can also check Vivaldi.
I have a hard time understanding why, with widescreen so common nowadays, it isn't a standard native feature in all browsers.
I might have to try that. Looks like you still have the tabs at the top of the window too, not sure I'd like the visual clutter.
Not very user-friendly, but you can disable the horizontal tabs by editing userChrome.css in your profile directory: https://superuser.com/questions/1261660/firefox-quantum-ver-....
This is the up-to-date documentation for this:
https://github.com/piroor/treestyletab/wiki/Code-snippets-fo...
Try adjusting browser.tabs.tabMinWidth in about:config.
You're a life saver, thank you!
Try out Brave. It's a faster, privacy-oriented browser with built-in ad-blocking.
The only problem with Firefox is the UI when they redesign a great slick Ui like chrome this browser game will change
I am curious, what do you not like about the Firefox UI? I honestly could go back to like Firefox 3.5 and still be fine with it. I prefer the UI of the debug tools in Firefox over Chrome as well.
That's an interesting comment considering how Chrome has recently changed its UI to look more like Firefox to the point I often mistake people for running Firefox when they are actually running Chrome.
agree completely, I started Firefox many times and each time left it because of the interface.
What about the UI don't you like? I've heard this complaint before, but the two appear pretty similar to me, at least to the point that I never considered one more appealing than the other.
icons, text, bookmarks bar, all seem unpolished, to the point it prevents me from using it.
How can superficial details like that be more important to you than your privacy?
I just opened both browsers and it's pretty hard to really see much of difference in UI. If anything, Chrome's UI is slightly more basic. But the icons, positions of menus, etc are almost identical.
If uBlock stops working... I stop using Chrome. Simple as that.
Don't threaten, don't wait, do it now.
Not the person you're responding to, but no. Until uMatrix actually breaks for me, I'm not switching to Firefox.
Switching is a pain, and I don't like Firefox's UI/UX. I'd switch if they did this because I value the extension very highly, but I wouldn't be happy about it.
> and I don't like Firefox's UI/UX
Maybe I'm not as critical about the UI, but I have both browsers open at the same time so I took a second to compare them.
Both browsers have a row of tabs. Below that is a second row. The left most set of buttons is navigation (back, forward, refresh, etc), then the address bar, then on the very right of the row is a set of buttons for extensions, settings, etc. The remaining portion of the window is the webpage. I'm just not seeing many differences. The view of recently downloads is different, but nothing that bothers me from either one.
I also just compared how both browsers displayed HN main page. Slight differences in color of orange and font weight, but only noticeable if comparing both directly (and besides devs, who does that?).
So I guess I'm asking what about the UI/UX is bothering you. I'm almost hesitant to ask because I'm sure if you point something out that bugs me, I'll never un-see it.
Firefox doesn't deal with touchscreen and touchpad gestures very well. Take, for instance, the two-finger pinch-zoom-in gesture. Chrom(ium), Opera, Edge, Safari etc. all smoothly and instantaneously magnify the area where the mouse is. Firefox, on the other hand, reflows the entire page with each zoom (as the other browsers do when you do a ctrl +/- zoom), which is inconsistent with how we're used to interacting with touchscreen devices, in addition to being quite laggy on a reasonably modern laptop and tending to undershoot or overshoot the desired zoom level. This zoom behavior is also a lot less useful for looking at a particular item on the page, since the reflow-zoom doesn't seem to depend on mouse position on any way (so any element not at the center of the screen will no longer be visible past a certain zoom level, no matter where you put the mouse pointer when zooming in), which makes using it a lot more frustrating on smaller monitors.
The lack of smooth zoom support has been a known deficiency in FF for the last seven years (https://bugzilla.mozilla.org/show_bug.cgi?id=789906) and has yet to be addressed.
I do not own a touch screen device that is not a mobile device, so I have not experienced that. I also realize that my comments only related to the UI portion, not taking into account how responsiveness (or lack of) affects the UX portion.
Try nightly with WebRender enabled and see if it's still an issue. I wouldn't be surprised if it wasn't.
I am a firefox user but will switch to chrome when using google maps. Simply because using maps on firefox on my windows tablet sucks, but its a breeze in chrome.
Otherwise I completely avoid chrome because of the privacy issues, and because firefox has 'containers' and is a little snappier.
On the surface they're quite similar, I agree. I won't pretend that Firefox has some whole separate UX decision process that's ruining it for me. It is, like all decisions between similar products, a matter of my own pet nit.
I dislike Firefox's zooming behavior. I have to zoom into websites because I have poor vision. Chrome's zoom behavior has been extremely natural for me, and easy to adjust to. When I used Firefox I attempted to use 'vanilla' as well as an extension that aimed to improve the zooming behavior by separating scale of text from scale of other elements, etc.
I was unable to find a solution that worked for me. I hated using the extension, which itself had a pretty bad UX, and I couldn't get preferences to save properly for individual webpages.
I can't use a browser with poor zooming behavior, I rely on it too much. As I write this I am zoomed in 250% in Chrome, for example.
Those pet-bugs or pet-nits are, in my opinion, the huge thing that keeps people from moving (alongside the perceived friction of moving data over). I wouldn't read too much into mine.
> When I used Firefox I attempted to use 'vanilla' as well as an extension that aimed to improve the zooming behavior by separating scale of text from scale of other elements, etc.
I don't know how Chrome does it, but needing an extension sounds like you didn't try the built-in text zoom: https://support.mozilla.org/en-US/kb/font-size-and-zoom-incr...
I agree 100% on Firefox's terrible zooming implementation. It's the reason I started using Chrome.
Your reply resounded with me a little. I agree with the person you replied to, I don't like the UI/UX.
I think it's the 'second level' of UI stuff - menu's behind buttons, settings pages, things like that. I think Chrome does a good job balancing 'advanced user' and 'basic user' stuff. Firefox feels a little too 'dumbed down' for me.
I'm honestly trying hard to put a fine point on it, but it a lot of it just feels 'off'. I'd love a very minimal-design, maximum function look into it.
I was going to add a stipulation about the about:settings type stuff being different and what not, but chose not to originally. My thinking was how often are you in settings that it's a problem? I'm not a browser power user, so I only go in to the settings usually after reading something here. I set it, and forget it. Maybe 30 seconds?
As far as dev stuff, I'm really only familiar with Firefox after Firebug was rolled into the browser so that it is similar to Chrome with a Cmd-Option-i key press. I hear people stating that the dev tools are still very different. All I really ever use it for is seeing how the DOM is changing in the inspector, looking for output in the console, and see what files are doing (404,200,500, params/response, and CSS values type of stuff. Both browsers do what I need in a way that I can't tell the difference.
It's almost entirely the more in-depth stuff. For example, differences I find annoying include seeing raw ajax values, re-runnning those queries, and how Chrome can't select individual log levels to view in the console.
On top of that, various parts of Firebug's console UI was better than either one's current console, mainly in how it displayed data.
I felt like this as well when I was still using Chrome for everything (I switched when Firefox launched Quantum). For me it simply turned out that after getting used to Firefox (again) I had no problems at all with the UI. Chrome felt better before the switch because I was used to it.
On macbooks for me just the act of running firefox makes the CPU go crazy and the fan turn on. Multiple different years.
> I also just compared how both browsers displayed HN main page. Slight differences in color of orange and font weight, but only noticeable if comparing both directly (and besides devs, who does that?).
So on the color thing, one of our designers noticed and I looked into it. Turned out to be an open bug report for Chrome(ium? I forget) where it's using the wrong color profile for css, and resulted in images not matching borders and backgrounds.
I was in your boat, it is a pain, but...
I found that I actually like the UI in firefox after customizing it. For me it may have been easy because I use sway (i3 clone on wayland -- clone is the best, it is actually more / better than i3). But it really ended up looking nice[0]. I found I could customize more things that I could on chrome, including the start page.
In any case, if you don't switch, I urge you to give it 15 mins and tinker with the ui config and a home page config. You can rid your self of alot of weird chrome bits that I think most find ugly and make it look smooth.
Further more, you can set up your own sync server and sync all your stuff to a safe spot.
I actually don't switch to Firefox because I'm on i3. I fell in love with surf-like browsing, and am able to somewhat get the same result with chrome in --app mode. There is however no way (to my knowledge) to get tab-less full-window browsing in Firefox.
edit: I just installed the tab-less extension, edited my userChrome.css, and I'm really happy with the results. I'm going to give Firefox a go from now on!
Can you please share a screenshot, and information on what you edited in userChrome.css ?
Sorry I hadn't seen this earlier.
I don't have a screenshot right now, but it's just as you might expect, the whole tab line is removed (the nav bar line with menus comes to the top instead). [This post](https://www.reddit.com/r/firefox/comments/736cji/how_to_hide...) talks about doing the same thing in the context of tree-style tabs. Good luck!
I'm in the same boat. I'm not a fan of Firefox at all. Leadership, code, marketing, UI, etc. I'll probably move to Safari
There's also Brave and Kiwi browser if they disable/limit this api in their extensions there's no stopping Chromium-based browsers from implementing them natively outside of extensions.
Isn't Firefox like much better in terms of the technical side of things i.e. faster, uses fewer resources, has better code inspection tools etc?
On the Mac, Safari is far more power efficient. With each update I notice Firefox is using more and more ram too. Also good luck finding out which tab is causing problems.
Last time I did a DOM benchmark Chrome still beat it by a significant margin. Also, only personal experience, but Chrome seems way more responsive with multiple tabs open than Firefox.
One annoying thing is that current versions of Firefox seem to rely on disk I/O too much, so if it's busy, you can't really do anything (switching or creating new tabs is greeted by spinning loading circle that takes a long time to happen).
Could you explain more about your dislike of Firefox's leadership?
IIRC, the complaints I've read online are along the lines of: Mozilla ran a Mr Robot ad campaign with browser integration, partnered with an ad company for some research in a seemingly-sneaky way, made their CEO resign (now the CEO of Brave) because he donated personal money to an anti-gay marriage lobby effort, forced pocket integration for ad revenue purposes, and they deprecated their extension api which broke most extensions that did not get updated.
I'm not saying anything in favour of or against these decisions, they're just what I remember reading people complain about over the last year.
edit: typo and clarification
Funny, I switched to Firefox because I preferred the UI/UX. I'm happy with my choice.
Firefox UI feels like it was left behind. When I open up Firefox I feel like I've stepped into last decade. I realize this is just a personal opinion but it's strong enough to keep me from using FF. I was also super irritated with their default tab that shows all of the links you visited. I prefer my porn not showing every time I open a new tab. Features like this one, even if easy to disable should be opt in, not opt out. Any company that enables an opt out feature by default will get the boot unless no alternative exists. I know, it's harsh, but I vote with my usage and with my money.
I'd recommend giving Brave a try if you haven't already.
It's built on top of Chromium so has the same UI/UX as Chrome, including dev tools. And it does ad blocking out of the box, no need for an extension even.
Why not Brave? It uses Chromium. UI/UX also isn't as nice as Chrome but it's closer.
The headline is “changes to Chromium,” on which Brave is built...
I trust the Brave team to find a way around this, eg; with a fork. Otherwise their organization will fail.
Do we know that Brave will continue to be immune to this?
Threats are useful for shaping behavior. Disengaging with someone because they suggested something you disagree with can be good for shaping behavior, but it's really pretty extremist.
Disengaging immediately also gets rid of your leverage, so theres that as well.
I already have switched to Firefox for home use. Won't take me much to switch to Firefox for work, and believe me I extensively use Chrome all day.
I hear you. But I'm not here to take a stand. I want to go online, get some stuff done, then go be with my kids.
Other browsers won't prevent you from any of these things. Some browsers are on par with Chrome when it comes to speed and extensibility (plugins and such).
I have written this a few times here already, I can repeat it again: Firefox wiped their extension store semi-recently and the long tail didn't recover yet. I actually just checked my usual roster and it is better than last time but not yet.
Nope, not as long as Firefox randomly paints text boxes black (a bug report that is now old enough to vote) and hard refresh doesn't work. I expect to be able to do work on my browser, and Firefox just gets in the way.
On what platform? I use FF on Android, OS X, macOS, Windows, and Linux and can't remember having seen that bug.
Linux, when you have a dark desktop theme, Firefox changes the default and background colors of websites to match, often resulting in black text on black background.
It's infuriating, and the devs say they wont fix it because they expect websites to stop using custom color schemes and respect user desktop themes instead.
Pi-hole covers you regardless of browser.
Yes, but also less so every day. Google has already figured out that they should serve Youtube ads and content from the same servers to limit the ability of DNS based ad filtering.
DNS filtering is a cat-and-mouse game that DNS filtering tools will eventually lose. Don't get me wrong, I love Pihole and have used it for a while, but I know that I'm on the losing side of this battle.
DNS filtering has been on the "losing side" for a few decades now. As long as more than 0.1% of people don't use it, it's not worth solving for most ad companies. Even if places like YouTube DO find ways to stuff ads into my face (likely at great technical and operational expense to them), I make it a point to NEVER EVER buy anything advertised, search for any of it, etc. Because they know so little about me (I go out of my way to block as much telemetry and data sharing as possible), their ads aren't very relevant to me anyway, so they're literally just wasting money serving me an ad, trying to pressure me into paying for their premium service. Instead, I just get annoyed if there are too many ads and find something else to do. It would probably serve them better to just realize that some users won't ever convert, and stop wasting time serving them ads.
So you're getting down voted, but I totally agree. I too used to disable javascript using NoScript every where until it was a site that I was okay with. I played the game of only allowing javascript from the same domain, and then looking at the remaining scripts the site wanted to request. CDNs for jQuery, FontAwesome, etc, started to get whitelisted. Anything else, nope. If the site didn't work after that, then the tab was closed. After allowing NoScript to run javascript, I would then lean on uBlock to block the trackers etc that were loaded by anything I missed. It's amazing how difficult surfing the web like this was.
Maybe if you won’t ever convert, they should simply stop wasting time serving you anything? YouTube isn’t a charity.
They're not a charity, but their business model is based on ads and they rely on the network effect to support that model. People who can't see anything at all will immediately defect. No revenue at all from the moment that policy is implemented, plus significant risk that enough will leave to weaken the network effect. People who are forced to watch ads with their content will grumble, some of them might eventually defect, but for the most part they will stay and continue generating revenue. Less immediate impact to the bottom line, and hardly any risk of undermining the network effect.
The "just go away" approach is proving suicidal for online newspapers and magazines. It would be no less so for YouTube. Their content is neither compelling enough nor exclusive enough for that to work.
How could YouTube know you won't ever convert beforehand, and at scale? If they started blocking users for suspicion of not buying anything from ads they would have to block a sizeable portion of their traffic and that would have a negative impact on their company.
YouTube doesn't care if you buy what the ad is selling. They are selling the fact that you viewed the ad.
Network level ad-blocking doesn't work very well.
Privoxy (and Proxomitron before it) were doing it 20 years ago, but never caught on because they're a PITA to setup and can't handle inline adverts. Pi-hole is new, but it's even more work to setup, and suffers the same limitations.
And as ad-blocking has become more popular the problems only gotten worse. It's unusual that I see any ads any more, but when I do it's always in an inline div or span with a "random" id or class name, essentially invisible to pi-hole.
I still use Proxomitron. It's as powerful as the filters you write for it, works across all browsers (including the "hidden" ones embedded in apps and such), and the community has made patches that let you MITM TLS as well using OpenSSL (although the certificate setup needs a bit of planning and understanding.)
The only downside is that its filtering language is regex-like, so basically the equivalent of "two netcats and a sed". I've contemplated writing a filter proxy that would parse HTML into a DOM, run filtering on that tree-structured representation using something XPath or XSLT-ish, and then reserialise the modified HTML to send to browsers, but never had the time to. I suspect performance wouldn't be great with such a setup, although with MITM TLS it's already doing a double-encrypt-decrypt and I don't find that slowing me down noticeably.
Why doesn't it? (Not a leading question, I just don't understand why it doesn't) Isn't the way uBlock and the like work is that they see network requests from a blacklist and not load those resources? Isn't network level blocking just moving that from the local device up a level?
They do (well partly), but with network level blocking you end up with broken DOM elements (like images, videos, etc.) The good think about the browser extensions is that they clean up the DOM and in many cases you wouldn't even know if the pages had ads.
Then there's also Javascript trickery loaded with the page that do hostile things if ad servers aren't reachable, and extensions know how to detect and replace them.
I think the closer the blocker is to the user, the higher the fidelity of the blocking.
A browser extension has access to the actual requests, while all a network level blocker has is the Server header of a TLS packet at best, just an IP with SNI encryption at worst. That's why PiHole works as a DNS proxy by only properly responding to non-blacklisted hosts with a proper DNS response, but even this might be useless in some cases due to "domain fronting".
A PiHole only sees the DNS request, which works fine if ads are served from a separate hostname like ads.mydomain.com. But if they're served from the same sub-domain and simply have a different URL (ie, mydomain.com/ads/[...]), then the PiHole won't block it. uBlock/ABP will, because they can filter on entire URLs, not just the domain.
uBlock (and AdBlock Plus) can access and prune/block individual DOM elements, and even has a built-in tool (the eye dropper icon) to select and block them. I think they call it "cosmetic filters". It's also available in the right-click context menu under "Block element".
I don't know exactly how it works under the hood, though. If I block a div with text in it, I know the div is still downloaded, just not displayed. I don't know what happens in more complicated cases, like if I block a div that contains an img tag. I think it's smart enough to prune the img tag before the browser downloads it, but IDK for sure.
I vaguely recall Privoxy having some kind of content filtering, but when I tried it, it wasn't html/css/javascript aware, and only did regex based replacement.
I guess I am missing something. I have a Pi-Hole setup at both home and office that serve as the only DNS for the entire network at both locations. I don't see ads, affiliate links don't resolve, and tracking/monitoring services don't capture my traffic.
My experience has been that it took about 30 minutes to setup and I don't see ads on the internet, nor do my family or team.
I can’t speak for pi-hole, but Diversion on Asuswrt-Merlin works fantastic for me. No ads ever except for YouTube ads lately due to google’s changes to how they serve ads from the same servers they provide services on.
> No ads ever except for YouTube ads lately due to google’s changes to how they serve ads from the same servers they provide services on.
Thats what I meant by network level blocking doesn't work very well. Using uBlock Origin, I don't see YouTube ads.
There's a huge difference between "doesn't work very well" and "works perfectly except for one really sneaky ad company, sometimes". How does ublock origin cover scripts and ads for my entire network? Did you even look at what I'm talking about before making such general statements? My router blocks hundreds of thousands of incidents per week, and there are only two people in my household. One can't use a browser plugin on android tv, Apple TV, smart tv, and a million other devices. By your own logic, ublock origin doesn't work very well. See what I mean?
Pi-hole and similar solutions are crude compared to uMatrix. I wish that weren't the case. If we didn't have to rely on browser extensions for fine-grained control then alternative browsers like qutebrowser could become more than just toys.
One of my concerns is that DNS over HTTP(s) is really just a way to obfuscate DNS queries from the oversight of network level ad blockers like Pi Hole, AdBloka et al.
You might've noticed most of the new Internet protocols Google is championing move to pushing things through HTTPS where they cannot be intercepted and provide a guaranteed tunnel between the servers (statistically speaking, Google), and the browser (also, statistically speaking, Google). I would never go so far as to speculate why, but it does appear Google is heavily focused on this.
That's why you use DoH from you pihole, not your computer/phone etc.
Of course, but my concern is that DoH makes it easier for apps (Chrome, etc) to handle their own DNS queries internally rather than relying on the device's network libraries.
MiTM intercepting HTTP(s) traffic on my Android devices is really difficult due to certificate pinning. The only way to quantify how many unexpected requests apps are making was to watch DNS traffic. If, one day, these apps just make a single DNS request to Google's DoH host then encrypt all their traffic from there onwards, I'd have no insight into what's going on in my own device.
I am not a fan of DNS over HTTPs for similar reasons too.
I have a Pi-hole and use uBlock; when I turn off uBlock and use the Pi-hole alone, a ton of ads still seem to come through. This is with the default blocklists (StevenBlack, MalwareDomains, sysctl.org, zeustracker.abuse.ch; about 8 total). Maybe I'm not adding enough lists, but "out of the box" it doesn't seem to cut it.
You may have a secondary DNS. Sometimes that isn't even intentional as ISP modems automatically upstream failed DNS regardless of the local DHCP settings (I'm looking at you AT&T Fiber)
The new trend to slip through is hiding behind cloudflare. I see cloudflare urls being loaded within cloudflare URLs to obfuscate the source of ads and scripts
So this only blocks/matches known domains? That isn't nearly as useful as to what uMatrix/uBlock allow, such as filtering by resource type. E.g. you may want to disable all JS by default, which uBlock allows.
Yes. Pihole and the like can only block domains, adserver.doubleclick.com.
setting up a dedicated linux box to run pi-hole is a lot harder than installing a browser extension (but I agree it's awesome)
Using uBlock in Chrome is like asking a bank robber to guard an open vault. Sure, they’re smart enough not to steal anything, but they’ll case the joint the entire time and you’ll never sleep well again.
EDIT: The bank robber is Chrome.
I highly suggest looking into Opera. It is also based on Chromium and therefore backwards compatible with extensions, bookmarks, etc. I switched around 6 months ago and haven't looked back since! They have built in VPN, adblocker, Turbo, screenshot, news, and more! Been really happy with it so far.
Opera is now owned by a Chinese consortium and quite possibly embeds spyware. Check out Brave, instead, which is founded by the inventor of Javascript and extremely privacy-focused.
Saying something quite possibly embeds spyware can be true for almost any company or software. Is there anything specific about the companies that purchased Opera that leaves you with doubts?
I feel like "open source" has become a cheap way to earn trust. Very few people are able to understand code, even fewer actually comb through all the code and fewer still are able to find and decrypt obfuscated code, especially on large repositories. If someone really wants to hide something, publishing under open source isn't going to make a difference. Essentially, whatever you use, there's going to be some degree of trust you must instill to the company and its developers that they will protect and respect your data.
Brave is also based on chromium.
True, and has ad-blocking built in, so presumably this is an area of focus for them.
If it's based on Chromium, this will effect it.
The base is from a forked off version.
You can read the spec here
"In Manifest V3, we want activeTab-style host permissions to be the default, with a number of extra options. Instead of being granted access to all URLs on installation, extensions will be unable to request <all_urls>, and instead the user can choose to invoke the extension on certain websites, like they would with activeTab. Additional settings will be available to the user post-installation, to allow them to tweak behavior if they so desire." --- https://docs.google.com/document/d/1nPu6Wy4LWR66EFLeYInl3Nzz...
yup it looks bad.
Yikes! I'm one of the maintainers of the Remote Browser open source project [1]. It's a cross-browser compatible automation framework which heavily leverages the power of vanilla JavaScript and the Web Extensions API to offer features comparable to those of Selenium (without the legacy cruft). Removing the ability for extensions to interact with arbitrary pages would effectively break Remote Browser's compatibility with Chromium/Chrome overnight. I have a feeling that there are a staggering number of interesting extensions that will break due to the various V3 manifest changes. Hopefully the outrage over uBlock Origin will push Google to reevaluate this decision.
I made an extension called the "Productivity Owl." It only has 10k users, but the owl would definitely be dead with this change.
Is that for security?
Security of googles profits.
That is one of the reasons to do this.
I don't understand the technical details of this - could someone explain it to an idiot?
- Is the change specifically to block ad blockers, or uBlock specifically? Or is it just a new extension API?
- Could ad blockers adapt to the new version to work again?
I am reminded of the new version of (Mac) Safari, which features a new extensions API. It took a while for them to appear but there are now good ad blocking extensions again, like AdGuard for Safari.
From what I understand, there are currently events which gave you the ability to inspect, and also cancel a request if you want. This allows you to do things like cancel a request if it's trying to download a big video file.
But Google wants to remove the ability to cancel a request through the events, and they want to replace that with declarativeNetRequest[1]. If you look at the link, in the Rules section, it seems to be simple, kinda hardcoded (but configurable) filters.
You can also see there's a limit of only 30,000 rules[2], which is not enough for EasyList[3] (example used in the tracker), which seems to have ~74,000 rules.
This is not targeted to ad blockers specifically. It's a change that makes blocking requests less flexible. For example, uBlock and uMatrix rules can be overridden by more specific rules, something that declarativeNetRequest can't do.
1. https://developers.chrome.com/extensions/declarativeNetReque...
2. https://developers.chrome.com/extensions/declarativeNetReque...
>This is not targeted to ad blockers specifically.
At superficial inspection it's not obviously targeted at ad blockers. It might still be. Most of google's revenue comes from advertising, fighting against ad blockers wouldn't be unexpected for them.
The fact that they are leaving in the functionality to view/record/forward anything you visit makes it clear to me that the target is adblockers. Removing solely the ability to cancel a preflight request is, er, pretty specific.
Given Google's core business, I don't think it's irrational to assume that this might target ad blockers.
I would defer to someone more knowledgeable, but here's my take:
1. Google is proposing to limit the API uBlock Origin uses, and replace it with a less capable one.
2. Google also plans to put artificial limits on the new API (30,000 rules or something), which will make it even more difficult to make an effective ad blocker. That's not even enough to implement current blocklists.
3. The new API is inflexible, so it will be difficult to impossible to create innovative ad blockers in the future.
Not to mention, once adtech gets the carrot dangling in front of them they will all overload their code with a ton more variations to escape the broad net of the top 30,000 rules. Which means the worst actors would be the ones most likely to escape filtering.
https://www.ghacks.net/2019/01/22/chrome-extension-manifest-...
ghacks does a great job of explaining this (saw it first here).
Paraphrasing the article: Basically, they are limiting filters (used by ad-blockers) to 30k. Lots of blocking lists use more than 30k.
This is part of (possible) removal of blocking options from the webRequest API and the (possible) move to declarativeNetRequest to handle blocking requests.
The problem is with the limit on the number of filters. On desktop Firefox I have ~120,000 network filters active on uBlock. Safari on iOS limits the number of filters an adblocker can have active to 50,000 and Google are proposing limiting it to 30,000 on Chrome.
On iOS and macOS, blockers can have more filters than this "limit" by simply exposing more than one list, since the quota is per-list. I think AdGuard exposes four, for example.
Is there something special that needs to be done to configure it? Every time I go over 50,000 I get a red warning at the bottom of the AdGuard filters setting screen telling me that I'm over the limit.
1Blocker for iOS and Mac works around this limitation by segmenting it's blocker list into categories, and each category is a separate blocker extension but they are all shipped together in the same app.
This way they can have pretty much as many multiples of 50,000 rules as they need.
Looks like they are removing blocking API from extensions, and replacing it with buildin Chrome blocker (limited to 30K rule entries).
Used to love google, for many many years. Slowly starting to despise them, though.
It's different for everyone, but for me it started with this gmail redesign that made the product so slow it's almost worthless to me. And worst of all is I feel like there isn't even a good competing service to switch to.
And now Chrome...
I think for most people, their image of Google was formed when gmail was released. Most mail providers offered mailboxes 10MB in size and Google upends all of that offering "free" mailboxes 1000MB. Respect for their command of technology formed with every product.
Then people started to realize Google only introduces products that collect data in a new way from its other products. If it can't survive that test then it doesn't exist. Ugh.
I blame the CEO. Is it a coincidence that all the best Google products peaked in 2012-2016?
They literally removed the don't be evil motto as the reason for their conduct.
People will say that they still have, but that's just a stupid line at the end. They used to have a whole preface dedicated to it and have the code of conduct based around it.
I switched to protonmail a few months back, and have been very happy with the service. They focus on privacy and security as a core value. They have a limited free account (limited in terms of storage space and message volume), so not a direct replacement for gmail. I use the paid service for more storage and a custom domain.
Yes, love it. The paid service is $5/m and you can use a custom domain and create 5 email aliases. Also, I think, ProtonVPN comes with that package (not using that yet, but will)
The comments in the linked thread don't really go into why this change was made, but I think Google deserves the benefit of the doubt that the proposal was made in an effort to improve other aspects of the browser (speed or maintainability, for example)
No sane person should give Google the benefit of the doubt, triply so when it comes to ads and ad-blocking.
Indeed. A company worth $0.8 trillion dollars does not need Internet commenters to defend or make excuses for it.
What are your HW specs? Gmail is fast as ever for me, the UI works just fine on both Mac and PC.
Quad core, sixteen gigs of RAM, and it takes several seconds of "Loading" to delete an email. It's comical. If you're using Chrome you might not have the issue, Google uses a lot of proprietary Chrome only tricks to make their websites even borderline usable.
Bingo.
Funny you say that. The gmail redesign is absolutely dysfunctional in Firefox and had me searching for desktop email clients.
I switched back to Thunderbird and have been content ever since. IMAP works fine.
Are you using GMail, or have you found another email host too?
So we have a browser with nearly 70% market share, made by an advertising company that's arguably the most powerful business on the internet, interfering with ad blocking. And of course there is no regulatory body that is able or willing to step in.
Great.
What regulatory bodies have legal standing to step in?there is no regulatory body that is able or willing to step inThe Federal Trade Commision has that legal standing even if they chose not to exercise it.
I'd say at least several hundred worldwide (because many of them can simply claim jurisdiction over whatever they want that enters the lives of their citizens). There are probably about a dozen that have the teeth to actually change Google's behaviour if they chose to.
Indeed it is! We have a wonderful mechanism that handles this situation: a free market.
We've already seen far greater market share from a browser. That browser lost it's market share when it stopped serving consumers. It lost it so thoroughly that decades and billions later it still can't recoup it.
Why would you want the government to hurt Firefox and the other competitors who would be happy to compete with Google on this front?
You appear to be forgetting that a huge part of the story was government action to limit the power of the company that made that browser, both in the US and especially in the EU.
Its not a free market
Browser choice is most certainly a free market. Microsoft, Mozilla, and Apple all develop their own, and their browsers are not beholden to the same pressures as Google (i.e. to not block ads).
Except for the Microsoft part, yes: https://blogs.windows.com/windowsexperience/2018/12/06/micro...
It's not a free market, so let's make it less of a free market by getting the government involved. That's the plan, right?
You, like so many others, are conflating "ideal" market and "free" market. Free markets do not always behave ideally, and ideal markets is really what we should be aiming for.
Ehhh...you could probably just take away all the government protections such as patents and subsidies/tax breaks instead
Why should a regulatory body step in? People were saying for years about how evil Google is, along with how limited and how much of a spyware Chrome is. There are alternatives that people can switch to, if they decide to keep using Chrome they should just suffer the consequences.
It's tempting to fall into the trap of feeling smug that you've made the right decision so no action should be taken against a company abusing their market position in a manner that's harmful to the public. Try to resist that temptation, like I have. I too have been using Firefox this entire time, but I don't let that tempt me into apathy towards the state of the industry.
You may as well question the purpose of the FDA regulating slaughterhouses since vegetarians have been found a way to avoid doing business with them. That's a nonsense position. A vegetarian should demand that the FDA regulate the meat industry, and a firefox user should demand regulation for corporations they've avoided.
>abusing their market position in a manner that's harmful to the public.
Why is it abuse? No one is being forced to use chromium. Are you abusing your market position when you buy the cheapest toothbrush in a manner that's harmful to other toothbrush companies?
However, due to marketshare, the other browsers do tend to be forced to implement the same features as Chromium/Chrome.
Google can easily force the other browsers to lose the Web Request API, because maintaining it when they're the only ones using it is a net loss of productivity, which will probably be needed elsewhere.
> harmful to the public.
How do you measure this? Does the public include content creators who rely on ads for their livelihood?
Relying on Internet ads for their livelihood is a tenuous position to start with, and always has been.
The (bad actors within the) advertising industry are the enemy of people whose livelihoods depend on Internet advertising because they're the ones making ads either bandwidth-hogging, epilepsy-inducing, website-avoidingly annoying, privacy-invasive, or an actual virus/malware vector.
This is, directly, what has caused the popularity of ad blockers to skyrocket. Tech-savvy folks protecting their family from these dangers by installing ad-blocking software so they don't get regular family-tech-support calls about the various issues potentially arising from "bad" advertising.
Follow-up questions:
How many user ad clicks / views does it take for the revenue to be critical to one's livelihood?
Could you consider donations through any of the various options like Patreon?
Then you should aim regulators at the advertising industry.
Chrome has a responsibility not just to the end user but also to the website. The cost of the getting the web page's info was viewing the ads. Why should the browser help the user to commit virtual theft?
Simply blanket dismissing ads as "tenuous position" is nonsense. Lots of people make a living via web ads. Google makes billions on ads. It's a real source of real money. Alternatives could, and should!, be considered. But simply cutting off a revenue stream while arguing that the ability to cut off that revenue stream should be protected by regulators is weak at best.
> Chrome has a responsibility not just to the end user but also to the website.
Chrome is the user agent. It acts purely on behalf of the user. Browsers aren't trojans built to exploit my eyeballs. This "virtual theft" talk is as silly as claiming that spam filters should be illegal - your server sent me some markup, and I'm free to preprocess it in any way I want.
> Simply blanket dismissing ads as "tenuous position" is nonsense.
Not really. Advertising has always been about manipulating people into doing things they otherwise wouldn't do - if all ads were purely informative it'd hardly be a multibillion dollar industry.
Then you should aim regulators at the advertising industry
Yes, yes, yes, and more yes. That's the cause that needs treating. Apologies if I wasn't clear, that's definitely where I think the regulation should be looking towards.
It's impossible to aim regulators at every single country on the planet.
Aaah, the Homer Simpson position: Can't win, don't try.
Regulate what's within your jurisdiction. That's all any government can do in any circumstance. If regulation results in more friendly advertising that's less likely to have users reaching for the blockers, then those advertisers are going to be more successful, and so even those in unregulated countries will need to conform in order to compete.
That's assuming that the number of users that have already reached for the blockers are of a significant enough percentage to make a difference to website ad revenue.
Start somewhere or stay nowhere.
Won't someone think of the buggy-whip makers!
Any abuse of a monopoly is harmful to the public.
Correct me if I'm misrepresenting your position, but I vaguely recall a discussion some time ago in which you compared adblocking to theft. If I'm remembering that correctly, you and I have no common ground upon which to have a civil discussion.
> Any abuse of a monopoly is harmful to the public.
So you disagree with google deplatforming alex jones?
His primary website is still online. Me might not be allowed on YouTube anymore, but his primary platform still exists.
Additionally, I thought his removal from YouTube was as a result of pressure from the Government on hate speech and fake news etc. All the stuff Facebook is also attempting to crack down on.
His website being up is not relevant to the point. Govt didn't ask YouTube to remove it.
Comparing using Chrome to eating meat is stupid. You can avoid Chrome by a 2 minute process of changing browsers. You can’t avoid the meat industry without vastly changing your dietary lifestyle and traditions.
Because the state is responsible for the well-being of its constituents. It's the reason Australia had a Royal Commission into the banking and finance sectors - they were screwing over people who weren't well-versed in finance, people who took the word of a financial advisor (because financial advisor's are sought out by people who need help with finance) were being screwed over with loans they couldn't actually afford.
It's not possible for people to be well educated in everything and, as hard as it is to swallow for us techy types, a fair percentage of people don't have the time or inclination to even realise the potential down sides of using the Internet. They're too busy with whatever their own areas of expertise are.
Maintaining this shit is hard for a pro. The amateurs don't deserve to get shafted.
Depending on the country, dominant market share as a search engine, online advertising platform, web browser, and operating system. And they’ve been claiming to be adding their own ad blocking to that web browser for sites that have “too many” ads. I’m not saying regulators should or shouldn’t do specific things, but one should anticipate significant anti-trust actions if Google’s lobbying influence wanes.
On the other hand, Google is getting bigger, expanding and hiring more people as the list of their failed projects increase. The chances of them screwing up their core products seems to be increasing, from my point of view. If they manage to do that, that would negate an inevitable future collision with anti-trust regulators. As for the EU and the GDPR I’m sure we are seeing the earliest warning shots and it’s going to be a big mess for them.
> And of course there is no regulatory body that is able or willing to step in.
On basis of what exactly? What is google doing wrong?
I am curious to hear. Don't downvote me.
I suspect a reply to your comment isn't going to change your stance on whether Google is dancing around in the anti-trust/monopoly area.
Maybe you would concede that some reasonable people think they have in the past?
Like FTC investigators (albeit overruled by their bosses): http://graphics.wsj.com/google-ftc-report/
Or Eric Schmidt: https://www.businessinsider.com/is-google-a-monopoly-were-in...
see this https://news.ycombinator.com/item?id=15045653
Winning argument was
> It takes me all of 10 seconds to type duckduckgo.com, and maybe 30 to switch default search engines for the browser. [1][2]
But an equivalent, i can just download FF in 10 seconds is not acceptable in this context. why? Infact, Google browser is way less dominant that the search engine.
> I suspect a reply to your comment isn't going to change your stance on whether Google is dancing around in the anti-trust/monopoly area.
Why is that? Sounds a bit patronising.
>Why is that? Sounds a bit patronising
It wasn't meant to be patronizing. People's views on anti-trust law vary enough that I don't expect a debate to settle things.
gotcha.
Why is this a problem? There are other browsers you can use. Google has a right to do what it likes with theirs. Just switch if you don't like it.
"President Donald Trump’s nominee for U.S. attorney general, William Barr, told lawmakers on Tuesday that he would focus attention on the “huge behemoths” in Silicon Valley at the center of a debate over antitrust enforcement. " https://www.reuters.com/article/us-usa-trump-barr-antitrust/...
We can only hope.
Beware the hidden intentions of all sides.
Google (and the Silicon Valley behemoths): Currently know a lot of personal information about the citizenry
The US Government: Wants to know this information
Neither are necessarily deserving of or entitled to this information, so we shouldn't be cheering for either side.
Antitrust is less the issue than personal information / privacy / data tracking regulation. Antitrust enforcement is treating the symptoms, not the cause.
Is there any reason to think the NSA doesn't have access to most of what US corporations have? Either legally through classified programs or illegally through various methods.
It's been confirmed they've had lots of forms of access many times in the past. Seems naive to believe anything would be different today.
You raise a very good point, and I can't even start to guess at the answer or implications.
I think any data the NSA has would be stringently guarded and only used for high-profile / high-impact cases. If the NSA was constantly feeding data to other agencies about trivialities, then it would raise red flags about where "all this incriminating evidence" came from.
Cases involving StingRay interceptions have been dropped so as to protect the details of such interceptions.
There's also the relationship between the agency and the Government to consider. The CIA don't seem to get along very well with various members of the US Government, and with "good" members such as Ron Wyden, if the NSA was feeding ill-gotten data to the US Govt, then someone like him would probably raise some kind of stink.
This doesn't answer the fundamental question of whether the NSA has this data, it's more about the potential mitigation of the likelihood of the data being actually used against someone.
Much like we don't know where the line is on the potential for Huawei kit to be a threat to national security.
Something. Not nothing.
Edited to add: There's also the very likely situation where Government policy / regulation is put in place to cover all parties, and the NSA ignores this anyway because they're above the law. Everyone else must play by the rules, the US Govt looks to be doing the right thing.
(this isn't a bitter statement, merely that I think this is how things actually work, whether for the US or any other country; realpolitik)
> I think any data the NSA has would be stringently guarded and only used for high-profile
Didn't Snowden attest in an interview to NSA officers using webcam intercepts to get their rocks off?
This is just a dog whistle for the political claim that search results, curated content, or algorithmic feeds are "biased" against a particular viewpoint of the world that they would prefer. Their intent is to use enforcement and investigative powers to make that case publicly and intimidate. The worst case, in their view, is to raise uncertainty about information sources; or, in the best case, to coerce more favorable rankings for their favored information sources. It's a furtherance of our state of domestic information warfare, while they remain in power.
Barr is notably for a surveillance state, more or less. Relying on a pick of Trump's to solve anything in the Valley is a recipe for disaster.
Do you know of a WH official that was ever against the surveillance state?
And why does trump picking him make him automatically a disaster?
I feel like this is being completely dismissive of any kind of progress that could be made because orange man is bad.
I think the heuristic is whether someone accepts a nomination from trump.
> And why does trump picking him make him automatically a disaster?
Because President Trump doesn't have a great record in picking nor retaining people.
https://www.brookings.edu/research/tracking-turnover-in-the-...
Pretty much this, yeah. Just because we're on HN doesn't mean reality (GOP rot) goes out the window.
A fish rots from the head down, and Trump's avowed preference would be to attack companies for spite if they haven't been nice to him personally. Those kind of regulations are probably not productive.
Why does a regulatory agency need to be involved? Use Firefox, use Safari, use whatever you want. Nobody forces you or anyone to use Chrome.
Because that's what they're for. They take actions on behalf of society, because direct action by the masses on every single issue is extraordinarily inefficient.
Why should Google, an ad company, not interfere with an ad blocker? No one has to use Chrome and Google doesn't have to allow ad blockers.
ruthless pursuit of profit risks alienation of its customers? good point though. I'd be shocked if >10% of Chrome users use uBlock Origin, in which case it's probably worth it (for their shareholders). Remember that advertisers are Google's customers, not us
> Remember that advertisers are Google's customers, not us
Exactly, we are the product they are selling
You do start to wade into anti-trust areas when you start down this track, however...
I will stop using Chrome entirely if this change is made.
Same for me. There is no real reason that I use Chrome rather than any other browser. I switched to it like 10 years ago for whatever reason and I had no reason to switch away from it since then. I use Firefox on mobile, despite all the issues I encounter with it, because its the only browser that allows me to use uBlock origin. I will no doubt switch for that reason to Firefox on Desktop too.
Those are hollow threats. If you really care, you all really ought to stop using Chrome now, regardless of whether they go through with this. Bitching on forums aren’t going to register on their metrics. Only actually stopping use will.
Counterpoint: "Hey, we released that new feature and lost 2% market share" sends a message.
And that message is "Oh well, it would cost too much to revert that feature. We'll just shove some more ads into the search product telling people to 'upgrade' to Chrome."
Surely they'd do that regardless if market share dips?
Don't wait, switch now.
Me too.
Same. I've already been on the fence but this would be the last straw.
I've been a double user of Chrome and Firefox for the last several months. Firefox irks me in some ways still but I've gradually grown accustomed to it. It's also much more customizable.
Indeed, if Chrome breaks uBlock Origin and uMatrix, I am just ditching it and will only use it for testing.
Silly me, did I just say "me"? That'll be me and my customers (probably not enough to make much of a dent in the stats but rather more than a few users)
Google has shown some Chutzpah to sell their own ad blocker when they are the #1 advertising vendor.
If feel they have enough impunity to get away with that, then it is no surprise that they will try to put other ad blockers out of business too.
Other ad networks might be big enough to bring an antitrust lawsuit against Google (although they probably won't last long enough) but Ad Blocking is such a niche market that they couldn't possibly sue.
Ouch, I understand why they want to not have a blocking webRequest API but I consider uBlock Origin to be a must-have extension. Hopefully this is relaxed somehow.
I personally still use Firefox at home despite recent issues, but I honestly would prefer having both as an option, plus I always recommend uBlock Origin to everyone.
(Disclaimer: I work at Google but not on Chrome, opinions are mine and not my employer's.)
Have there been recent issues? I've been using Firefox consistently for years and lately it seems better than usual.
It's quite memory hungry. Not saying leaking per-se, but my 16GB machine at work started swapping heavily mostly due to Firefox today.
Only had about 15 active tabs (though a number of dormant ones since last FF restart). Between the various processes, FF was using about 6-7GB of memory. Closing almost all of the tabs reclaimed about 2GB, so still a lot left over.
That said I'm not too bothered, I can restart FF every other week or so.
My main concern is the questionable use of Studies and other experimental paths to test things like advertising in Firefox. I don't like this. I would prefer my browser to be more neutral.
Of course I can disable it if I want. But, I wish I could simply trust my browser vendor to do the right thing.
The browser itself seems solid, I've been happy since Quantum and look forward to seeing WebRender rollout.
A lot of usability issues, for example: You can't disable Ctrl-Q on Linux due to a bug that they do not seem to be willing to fix. In the past I used to depend on the "are you sure you want to close N tabs?" confirmation dialog thing but now they have removed it.
For me the JS execution is much slower than Chrome. With all these React and Angular apps around it is noticeable.
Are you forced to use Chrome @ Google?
No, but I use extensions that are written for Chrome at work, which is probably not surprising.
Why would Google be given any benefit of a doubt in the case of ad/resource blocking?
They are a behemoth ad-based corporation that is becoming a monopoly in many areas of computing. In yet more areas, they are becoming an effective monopoly through size: they may not be the only company offering a type of service, but they are the only one able to offer it at scale and/or with a certain level of sophistication, given their resources are orders of magnitude larger than almost any other company's.
All this taken into account, it's obvious how much is at stake for them. Why wouldn't they try crippling blockers? Their revenue depends on it and the only counter-incentive is that there may be a massive exodus of users to Firefox, while it still exists. Do it slowly enough, though...
I think you overestimate the level of strategy here.
This is simply an engineer spotting a performance bottleneck in Chrome and posting a design to resolve it.
There is zero chance that Google's top brass told the engineer to deliberately cripple ublock.
A design that happens to cripple modern ad blocking and is not nearly close to being a full replacement of the existing API. Improving performance by removing features is easy. I don't think it's misrepresentation to call it crippling of said features.
The fact is that modern ads and crapware/malware web resources are a large problem that users choose to deal with by installing modern ad blockers. Even if that makes the browser somewhat slower overall, it is the ads that are the culprit, not the ad blockers. Also, anecdotally, but I find the web's performance to be vastly improved by installing uBlock Origin, as has also been noted in another comment.
It is also a fact that Google's whole business revolves around ads. Again, why wouldn't Google be mindful of ad blocking and try to prevent it from happening, with all the resources it has at its disposal? It would be bad business not to try.
Even if this particular situation isn't an example of this, I think it is irrational to think it does not and will not happen.
> This is simply an engineer spotting a performance bottleneck in Chrome and posting a design to resolve it.
The #1 way to improve web browsing performance is with aggressive and comprehensive ad blocking.
Hmm. Google very closely tracks ad-blocker usage.
I don't think I can go back to the internet without uBO+uMatrix.
On a related note, why doesn't Chrome for Android have extensions? I get the sense it's because it was more strategic to ban extensions entirely than to allow ad blocking on mobile.
Can't remember the site, but uBO reported blocking over 1100 requests when I landed there the other day. I can't imagine browsing without it.
I think a lot of requests get repeated once they fail. So in reality it's a lot less. Don't quote me on that though.
serious question - what sites are you visiting that you run into these issues? I use chrome without any adblock and have for as long as chrome has been around. I have NEVER once ran into this situation.
You probably run into hourly since you don't use adblocking, you just don't see it because trackers/analytics engines aren't usually visible.
(I hope) it was just a poorly written JS that retries on failure
uBlock Origin is why I use Firefox on Android.
I think you hit the nail on the head.
This was only expected. Why would an advertising company care about web experience, security, or privacy?
Acquire, Embrace, Extinguish
I think we're at Stage 3.
That's not the correct quip (Embrace, Extend, Extinguish); and even if it were, it doesn't make any more sense in this context than your version does.
Even in the most skeptical reading of the situation, Google never "embraced" adblockers, they allowed them. You'll note there's no extensions on Chrome for Android for example.
Embrace: Google shipped its own ad blocker in Chrome last year. It blocks all ads on sites that violate ad standards set forth by the Coalition for Better Ads. If Chrome's basic ad blocker can encourage the publishers to clean up their most annoying ads, then Chrome users might be less likely to install a full-featured ad blocker like uBlock Origin.
https://www.theverge.com/2018/2/14/17011266/google-chrome-ad...
But uBlock Origin works flawlessly on Firefox for Android.
It is funny to think that company that makes money by showing you ads based on information that it harvests by various mechanisms would let you browse the web without watching ads.
Interesting changes to Chrome seem to have become more often. A recent one was the forced login policy. https://blog.cryptographyengineering.com/2018/09/23/why-im-l...
Quote from the linked design doc:
The current webRequest API allows extensions to intercept network requests in order to modify, redirect, or block them. It is frequently used by content blockers. Currently, with the webRequest permission, an extension can delay a request for an arbitrary amount of time, since Chrome needs to wait for the result from the extension in order to continue processing the request. The basic flow is that when a network request begins, Chrome sends information about it to interested extensions, and the extensions respond with which action to take. This begins in the browser process, involves a process hop to the extension's renderer process, where the extension then performs arbitrary (and potentially very slow) JavaScript, and returns the result back to the browser process. This can have a significant effect on every single network request, even those that are not modified, redirected, or blocked by the extension (since Chrome needs to dispatch the event to the extension to determine the result).
Google has noticed (as have I) that a typical chrome instance is significantly slowed down by things like adblock plus, because it turns out running every URL through a million regex's uses a massive amount of CPU and really slows down loading. As web pages get bigger and have more resources, it isn't going to scale.
This has been going on a long time, and there are totally ways to improve performance, but typically ad-blocker authors don't have a commercial incentive to make their software super performant, so as far as I know, none have even implemented basic performance features like prefix trees, bloom filters or hashed lookups.
Google Chrome developers need to add limited virtual machine for filters like eBPF[1] with constrained execution time and resources.
You know what else takes up massive amounts of CPU and slows down a typical chrome instance? Sites filled with ads.
In my tests (albeit a few years ago), the actual text content on web pages was slowed down slightly by adblock plus. I measured with a video recording of the screen, and considered a page complete when the title and main body text of a page were loaded.
It became a dramatic slowdown with a slow CPU. I made a performance patch which saved 40% CPU time (by making a new css selector matcher). I even tried to submit the patch upstream, but my employer blocked it with bureaucracy.
Adblock Plus is complete shit. uBlock Origin and uMatrix wipe the floor with Adblock Plus.
Ok? Well it's my choice to use a content blocker and "run all those regexes"
I started using uMatrix full-time about a year ago. At first, I was shocked by how much traffic it would block - sometimes dozens of tracking domains. I didn't understand the sheer scale of the tracking industry.
Losing the full efficacy of uBlock and uMatrix is a deal-breaker - not just for Chrome, but many other Google services. That such a proposal is even being considered is stunning and causes me to reconsider Google's reputation.
> With such a limited [...], I am skeptical "user agent" will still be a proper category to classify Chromium.
epic burn
The comment author provides these notable examples which would no longer be possible:
> the blocking of media element which are larger than a set size, the disabling of JavaScript execution through the injection of CSP directives, the removal of outgoing Cookie headers, etc.
Seems like pretty fundamental stuff for any user-side content filtering, especially for the use of bandwidth and privacy considerations, ad-blocking aside.
Discussion moved here: https://groups.google.com/a/chromium.org/forum/m/#!topic/chr...
So glad I’m not a google user. How much more does google have to do before people stop seeing them as the freedom option?
This might actually be good; would certainly drive some users over to Firefox
"Hi folks! Can we please move this discussion to somewhere it's not as noticeable? K thx bye!" doesn't address anything
Sounds like Google devs to me!
Or perhaps it's because people are spamming their bug tracker from sites like Hacker News, preventing the necessary technical discussion from taking place.
So unexpected traffic is "spam?" Seems like everyone posting has a stake and is pretty engaged with the topic.
Negative != Disrespectful
Unexpected != Illegitimate
This isn't just traffic. This is interrupting someone else's conversation to complain after reading an editorialized headline.
Having dozens of people post "I'm moving to Firefox!!" doesn't contribute anything. It detracts from discussion. For exactly those reasons the thread has now been locked.
We screwed it up, like we always do.
Next move by Google: slowly crippling the functions of most Google sites (YT, Gmail, etc.) on Firefox for "better UX on major browsers."
You see? Power corrupts.
This is already happening. The new Gmail redesign is borderline unusable and uses up 60% CPU just to display a plain text email, and YouTube's latest update is slower in Firefox because they use a Chrome specific API.
If they go through with this, they would lose a fair portion of their users, even non-fossy ones. I've seen memes on popular reddit subreddits like /r/me_irl and /r/teenagers about adblockers (e.g. "you can't stop me" "I know, but he can") and I would hope that this would maybe be a breaking point for those people - they'd google "adblock not working chrome", find an article that prescribes switching browsers (probably or hopefully firefox or some non-chromium browser), and chrome would lose around 5-10% of its share. Hopefully it will at least wake people up to the monopoly google has by exclusively controlling the most popular browser.
I'm all for getting out the pitchforks when Google does something anticompetitive, but this seems to me to be very similar to WebKit's content blocking API. How does this differ from that, and are extensions that run JavaScript no longer allowed?
Firefox exists, it works well, and it doesn't fuck its users to help advertisers. If Google manages to push it out of the market we'll be stuck with a garbage browser built by an ads company.
Meh, I waste way too much time on the internet anyway. Maybe it's time to rediscover some outdoor hobbies.
Please don't editorialize :|
Suggested title: Chromium Extension Manifest v3 change would break uMatrix/uBlock
Mods?
The current title ("Google proposes changes to Chromium which would disable uBlock Origin") is more reflective of linked comment.
The essential quote from the linked comment is this: "If this ...[change to chromium is implemented]... [it] essentially means that two content blockers I have maintained for years, uBlock Origin ("uBO") and uMatrix, can no longer exist."
"can no longer exist" is much closer to "disable" than "break".
The problem is I see a ton of people in the comments assuming this is a change made with the intent of disabling/breaking ublock. Clearly it's not, and it will affect more extensions than just that.
We should demand a LOT more evidence before claiming that Google intends to break adblockers before accusing them of that. If they are doing that, I want to be the first one raging against them, and I don't feel comfortable raging on something that deserves the benefit of the doubt.
I don't think companies should ever get the benefit of the doubt. If they are doing something people think it's bad, they are bad until they have their defense. That's why big companies have PR people. People may have the benefit, but companies shouldn't.
But I'm not advocating people treat this as any less important/urgent. The consequences of this change are clear: uBlock/uMatrix would break, this is bad, and it needs to be fixed. However at this point in time, it's an open issue, on an open bug tracker, and Google should be given space to adjust before we can actually declare they're doing this on purpose.
If the change goes through despite the issue being known, that is bad, and that will be a clear sign they don't care that adblockers are getting shut out. Still won't be proof it was intended to do that, but at least there's a different level of outrage you can apply to it.
This is not about who does or doesn't deserve the benefit of the doubt. It's about not having knee-jerk reactions to headlines. In the current political climate, that should be given some serious thought.
Edit: In fact, so far the only thing this thread has achieved is having people go in the issue tracker and leave their comment. You can guess what will happen next: Outrage and abuse in the comment section, followed by a lock, because of fucking course they should lock when there's abuse. This happens every damn time there's a github issue being linked on HN.
What this behaviour does is it prevents an actual discussion from happening.
It's still very suspicious though that such changes happen right after Google implemented their own native adblocker. If tomorrow 3rd party adblockers stop working, Google can now point out that people can rely on their own solution.
Paranoid? Probably. But Google's revenues are from ads, so this kind of attitude is very much warranted in this case.
> Clearly it's not
What is your basis for this claim?
I am not an expert on this topic, but Gorhill is and has a demonstrated history of technical/privacy judgement.
Gorhill's comment makes it clear that impacting the functionality of blockers is an intentional change, as the proposal not only removes previous functionality, but also enshrines one particular and limited approach to blocking.
Edit: I would also note that "break" may suggest the possibility of altering blocking extensions such that they could keep working and maintain their present functionality. Gorhill's comment makes it clear that this is not the case.
This seems very similar to the changes Safari made a while ago for their content blocking API, so there may be more to it than "Google wants to break adblockers".
I've explained the logic in the post you're replying to. I'll rephrase it:
There is no evidence the change is being made with the intent of getting rid of adblockers; it is so far only a side-effect. We should demand such evidence before implying that this is the intended outcome.
If such is the goal, have at it with the headlines. They write themselves. "Advertising Giant Google Forcefully Breaks Ad-blockers in Chrome Update".
But until the evidence is there, we should be responsible about this.
I've reviewed the design doc and and the spec for the new API. I agree that there doesn't seem to be an intent to "[get] rid of adblockers". Nonetheless, the proposed changes will disable core functionality in uBlock and uMatrix, which is what the title states.
>There is no evidence the change is being made with the intent of getting rid of adblockers; it is so far only a side-effect.
Yes, but what's the point of this change, if it is only a side effect? I've read this thread and I haven't seen clear explanation what this change strives to achieve, other than breaking some popular anti-tracking/ad-blocking extensions.
> There is no evidence the change is being made with the intent of getting rid of adblockers
So far there is only one rationale that could describe the motivation to make this change. Can you propose another possible motive? I am personally struggling.
My understanding of the changes is that they make sense for most extensions, but gorhill's addons are being negatively impacted by them because of the way they were implemented. You'll note it's still possible to implement content blocking in the new system.
As others have pointed out the blacklist capabilities are severely inhibited in the new system. Could you elaborate on how the changes make sense? It feels like their messaging behind this is off if their intent truly is benign.
I always found it strange that the most popular ad blocking method is one that is internal to and relies on the browser itself.
Companies can change their browsers anytime and for whatever reasons they want. As far as I can tell, users have little control over the organizations/companies that write browsers, not to mention that the most popular browsers are written by companies that benefit from sale of the online ads. This make the ad-blocking browser extension brittle.
I also find it peculiar that the preferred approach to ad blocking has been blacklisting rather than whitelisting. In other words, users prefer to let a third party pick a list of servers to block. Everything else is allowed by default.
Besides issues of delegation and having to trust a third a party, this of course is a very large, constantly growing list that includes many, many servers most users will never, ever encounter in their entire lifetime online. Though it may be unnoticeable for now, an enormous block list is inefficient.
The alternative, which I have found easier to manage, is for users to determine what servers they need to access, "whitelist" them (e.g. by placing them in localhost authoritative DNS or /etc/hosts), and then block everything else by default. This is similar to a firewall ruleset.
The number of servers any user will use in their lifetime is relatively small compared to the total number of ad server addresses in existence now or in the future. It is manageable.
If you are a non-technical Chrome user, and you have no idea of what servers you are actually using repeatedly day-to-day, there is a built-in feature that can help you make your own "whitelist".
Here's the URL:
chrome://site-engagementA little PSA, "uBlock Origin" is the currently updated, correctly working extension, "uBlock" is the broken one.
https://www.reddit.com/r/ublock/comments/32mos6/ublock_vs_ub...
Annoying, but just block at DNS or host level.
* Pi-hole®: A black hole for Internet advertisements – curl -sSL https://install.pi-hole.net | bash || https://pi-hole.net/
* GitHub - StevenBlack/hosts: Extending and consolidating hosts files from several well-curated sources like adaway.org, mvps.org, malwaredomainlist.com, someonewhocares.org, and potentially others. You can optionally invoke extensions to block additional sites by category. || https://github.com/StevenBlack/hosts
Someone will make money selling an ad blocker device that's just a configured Raspberry Pi with a consumer-friendly way to install it on a home network.
Brave is a great alternative. I just wish they could somehow integrate the whole chrome extension ecosystem in there.
The new update added support for Chrome extensions. Are the ones it doesn't support?
Not sure if they're purposefully blocking uBO. Those who are effected will either move to Firefox (and encourage their friends to), or just use another content-blocking technique (eg, DNS).
For the few extra ad clicks they'll gain, it's just not worth the upset.
Their captcha is deliberately vindictive against users who don't have google accounts, use firefox and use uBO. For instance, the tile "fade in" lasting several seconds that plays absolutely no role in making the captcha difficult for ML to solve, existing only to punish real humans who don't comply with Google's surveillance system.
So in light of that, I see no reason to not assume malice in this case too.
Oh my god that tile fade in irritates me to no end.
Could someone please help explain the technical details of this?
From what I can gather from the chrome.webRequest and chrome.declarativeNetRequest documentation, it looks like this change would make it difficult to have long lists of blocked hosts, or perhaps to update such lists automatically. Obviously there is a conflict of interest here for Google, but it looks like there are at least a few non-bogus justifications for the proposed change.
See also (especially the section "Comparison with the webRequest API): https://developers.chrome.com/extensions/declarativeNetReque...
There's a couple of different issues with the proposed API:
* There's a limit of 30k blocked rules, which isn't enough to fully block every ad (for example, EasyList alone is 87k filters right now).
* The declarativeNetRequest API only supports a limited set of filter options. Currently, uBlock supports a bunch of additional options that give you more fine-grained control over what is blocked [0]; most of that wouldn't be possible in the new API.
* AFAICT, the ruleset can't be updated dynamically, which would prevent uBlock's dynamic filtering [1] mode from working.
Google's argument is that doing this improves performance (because it doesn't require communicating with the extension), and that it improves privacy. The privacy issue does have some merit - uBlock's author seems to be trustworthy, but other extensions might not be - but the performance argument in particular seems really shaky. uBlock's benchmarks [2] show that it takes around 0.1ms to decide whether to allow a network request. The only way it could noticeably impact performance is if the overhead of communicating with the extension process is really high, and that sounds like something Google should fix rather than eliminating it.
[0] https://github.com/gorhill/uBlock/wiki/Static-filter-syntax [1] https://github.com/gorhill/uBlock/wiki/Dynamic-filtering [2] https://github.com/gorhill/uBlock/wiki/uBlock-vs.-ABP:-effic...
Yet another reason to use Firefox.
I’m more concerned that the http/3 Connection Migration ID, proposed by Google via the QUIC spec and operating at a lower level, will create a persistent tracking mechanism, regardless of the application in use.
Anybody knows what "Hotlist-ConOps" means? I'm guessing "ConOps" is the name of the project. Even looking at the issues like[1], I still have no idea what it means.
[1]: https://bugs.chromium.org/p/chromium/issues/list?q=label:Hot...
> There are other features (which I understand are appreciated by many users) which can't be implemented with the declarativeNetRequest API, for examples, ... the disabling of JavaScript execution through the injection of CSP directives, the removal of outgoing Cookie headers, etc.
This is also incredibly important.
It's my HTML, don't restrict me. Let me mangle the web pages I request.
I recently set up pi-hole in a couple of hours on a raspberry pi I have at home. Works fairly well - it can't block as many things as ublock origin can, but it gets the job mostly done while still providing some sort of revenue to content creators.
curl -sSL https://install.pi-hole.net | bash
For those that have migrated from Chrome to Firefox recently, what adjustments did you have to make/get used to in Firefox?
I changed last year? ( whenever the quantum beta came out )
now I live between the two browsers. For the most, there is no real difference and for both browsers, holes can be plugged with plugins. ( One nice thing I like out of the box for FF is that it supports column selection which makes my life easier on some web pages I have to use regularly )
I like the web development tools on firefox, and usually use them over chromes
The only few things I've really had an issue with is a particular wiki page in my works confluence system that seems to go incredibly slowly on firefox and I end up using chrome to edit that page. The other is sometimes firefox doesn't open a new tab in a new tab if the tab bar has a lot of tabs if I'm using the UI ( I use vimium on both chrome and FF and it can open tabs no matter what )
Other than that, I have this very subjective "feeling" that chrome feels just a wee bit nicer than FF.
Not surprised.
Was no one but me outraged about them turning the 'stop autoplay' of video feature off within Chrome on desktop? This happened in the last year or two - I don't remember since I switched to Firefox.
Chrome I only use for business / G-Suite purposes and for dumbo sites that only work in Chrome. Admittedly I'll use IE before I use Chrome.
Just use Firefox, disable all content blocking addons and enable resistFingerprinting and container tabs. There you go you are virtually impossible to track, and as thus will only generate useless traffic for advertisers/trackers and actually cost them money in a legal way.
It would actually go hand in hand with "hide but load element"
This was bound to happen. Google has always treated Chromium as their toy and a way to protect their advertising monopoly. That is why we released the new PrivacyWall today which includes the most advanced host level ad blocker built by Stanford engineers. It's free and we will never sell out.
Another reason to try out the new brave which has all the capabilities of chromium without downsides
I'm surprised at the lack of support (hacker news) for Safari. It's a fantastic browser, made by people who have a track record of not being evil with data. I know that might seem like a big statement, but in the face of Google I will happily trust Apple.
A few years ago they were considered the new IE when it came to html5 compat (which was lagging behind other browsers). I'm not sure what the status is now.
I love safari, but of late unBlock Origin has stopped working, which means i constantly switch to firefox when the ad's get nauseating.
Amusingly, Safari made the same change as the Chrominum devs are discussing here. Limiting how well extensions can parse and block requests.
I love safari, but of late unlock Origin has stopped working, which means i constantly switch to firefox when the ad's get nauseating.
Choose Firefox Now Or Later You Won't Have a Choice
https://robert.ocallahan.org/2014/08/choose-firefox-now-or-l...
Bug reports are for technical discussion, not filing grievances. Please don't be "that guy" who uses this space to complain. Especially if you haven't bothered to read the new spec and are simply mad at the title.
The spec makes this a bit ambiguous, and I have experienced nothing but frustration in my continual attempts to move to FF (last time was two months ago, spare me the argument), but if uBlock is over then so is my relationship with chrome.
They are blocking Ad-blockers and improving Ads. Blocking Ads that are scam like popups and such so ux should be good with content and Ads side by side.
It's actually Google wants to rule by blocking other platforms that provide Ads.
The only thing that surprises me about this announcement is that it took them that long.
Oh well, they'll just give me a reason to accelerate my full migration to Safari and Firefox and to only touch Chrome when testing a website.
Well, look at the bright side: People will (hopefully) remember that there's an open source browser from a non-advertiser company (and therefore with not many incentives to break your adblocks)
Unfortunately Google invests heavily in Firefox, and Edge is switching to Chromium.
I wonder what this means for browsers like Brave. They are on Chromium engine but AFAIK they are using their own blocking, different from uBO (not sure what exactly they're using).
The day I see google ads on my chrome I will switch, they can do whatever they want. I will also advocate switching to every person I know, so disable ublock origin with that in mind.
... and yet another downside to Microsoft moving to Chromium.
presumably they are capable of putting in the engineering work to restore the old feature
then they'd be able to sell their browser as having ad blocking when chrome doesn't
the market would take care of the rest
Why would Microsoft be driving this change? Google is the company with the huge advertising business.
Because by moving to Chromium, Microsoft increased Google's control of the browser ecosystem by killing one of the last remaining competitors to it. Now only Firefox is left.
Before they dropped Edge, a move like this would have been a great marketing opportunity for Microsoft: "Come to Edge, where your ad blocker still works."
I assume they meant that with Microsoft moving to Chromium there is less competition and thus less reason to fear that the change will hurt Chrome.
Would this also affect Brave? From what I understand they pack their blocker into the binary, but they might still call this API under the hood.
This is why we need competing browsers and Microsoft should have continued Edge browser development. Thank goodness we still have Firefox.
Privacywall provides host level ad blocking
Doubtful they will make such a popular extension impossible permanently. Doing so risks alienating influential users.
I will reserve my opinion until this one made it into the final or the dev showed no sign of willing to change.
This makes me again wish that Microsoft had used Firefox's engine for their new version of Edge.
Doesn't matter to me much for the browser since I use Firefox, but would ruin Chrome OS for me.
I'm very happy about this change. Hopefully Firefox would gain a plethora of new users.
Mozilla is really no better than Google... in fact Chromium on my Linux distro vastly outperforms Firefox.
What does performance on a Linux distro has anything to do with Mozilla being better/not better than Google?
Because Firefox doesn't offer any extra security controls over Chromium, in fact I would say they are way worse than vanilla Chromium on Arch. Therefore it makes sense to go with the browser that performs well, rather than one consuming a bunch of resources unnecessarily.
what security controls are you referring to? Also, I think we were talking about performance. How is performance relevant to security controls? And again, how does that imply that Mozilla is better/not better than Google?
I'm starting to believe I'm talking to a bot.
I'm referring to the security controls that Mozilla and their Apple-like fan group claims give it an advantage over Chromium. I am saying that I do not believe that it has any security or privacy advantage to Chromium, and the performance is worse, so there is no reason to be in the Mozilla cult-like fan club.
Firefox is a much nicer browser anyway. For a number of reasons including privacy.
Well, it was nice mooching off the work they put into Chrome while it lasted.
I find it disappointing that uBlock cannot be installed on Firefox on iOS.
Brave is my new everyday browser since they added Chrome plugin support.
Ublock Origin (or equivalent) compatibility is a deal-breaker for me.
Check what effect this proposed change have on @exteranto framework
Loving my decision to switch to firefox this year more and more.
Can a downstream client of Chromium (like Brave) add it back in?
Embrace, Extend, Extinguish. Where have I heard that before?
duck.com + mozilla.org
I'd like to use Chrome or be on the ecosystem for the developer tools and website compatibility but not have to...well...suffer through this. Maybe Brave or another maintained fork of Chromium fits the bill.
I've been using Brave for a few months now and they have come a long way -- with many bumps along the road. When sync is finally released (its in beta now), I really think it will be a contender.
Vivaldi user here, should i switch to Firefox too?
i will go wherever uBlock Origin and uMatrix go
Stick to firefox, for this simple reaseon.
I've switched to Brave for most everyday browsing. Still use Chrome for work, but mostly just on sites that I pay for, with no or limited ads.
Perhaps the participants of this debate should also comment on the ticket itself? Complaining here probably won't make Google hear you.
If your goal is to lock the bug report to all future discussion, then by all means start brigading.
Can we not brigade? That would be great.
Right now, I still use Chrome. This change would end that use for all but a couple small niche cases.
Installing Firefox on mobile today. Time to prep.
The nice thing about the mobile version is that you can add uBlock there too. I switched to Firefox a couple years ago and haven't looked back. Also have been DuckDuckGo for about a year and last year I switched my email over to Fastmail. Funny because I used to be the biggest Google Fanboy a few years back.
I heart Mozilla Firefox.
I switched from Chrome back to Firefox last year and haven't looked back once.
I sometimes use Chrome these days, it’s time for goodbye for good to Chrome now.
dropped chrome long ago, actively remove it from anywhere I'm authorized to. recommend you do the same, it's crossed the malware threshold long ago.
Beautiful. Will be great to see Firefox share increasing.
I assume people with much more data than me have ran the numbers and concluded this is a good move, but with the rise in people using ad-blockers [0], this seems myopic from the outside.
The GDPR situation and this week's 'fine' for Google certainly suggests that the current model of surreptitiously harvesting outrageous amounts of data from unsuspecting service-users is untenable (as well it should be), so I'll be fascinated to observe the next stages of the data collection vs privacy skirmish.
[0] - https://marketingland.com/survey-shows-us-ad-blocking-usage-...
As far as I’m concerned, this wii break Chrome.
main reason why I use firefox on my mobile these days instead of chrome, I can install uBlock Origin in Firefox.
Go Firefox!
No this is about killing content blocking, while not saying so explicitly...
> the 30,000 limit is not sufficient to enforce the famous EasyList alone).
The uBlock origin author's comment on the CR bug threads looks incorrect to me, for the following reason.
Chrome extensions have access to the 'debugger' API.
Debugger API provides access to remote debugging protocol.
Remote debugging protocol provides commands to intercept, filter and block requests.
Please see: https://chromedevtools.github.io/devtools-protocol/ and specifically the "Network" domain.
Fork them
gorhill is a very short sighted zealot
it's like they are trying to get you to switch to firefox.
"We went ahead and uh, fixed the glitch."
I can't wait for the day Firefox stops killing my MacBook.
This will affect even Brave browser right? Really any browser that uses chromium?
No.
> we will strive to limit the blocking version of webRequest, potentially removing blocking options from most events
Is there any rationale why?
The "blocking version of webRequest" means that page loading stalls until the extension decides whether to allow, deny or modify each request. This gives extensions enormous power, which can easily ruin user experience if the extension is slow about handling requests.
unlike say, ads doing the same thing.
I hope they don’t go on with this... I really don’t want to go back to Firefox.
Recent versions have improved hugely. Have you tried them?
Not OC, but I honestly have consistent window rendering issues with Firefox on Windows 10's Tablet Mode.
I don’t trust the Mozilla Corporation. Putting ads on my home page a few weeks ago was the last straw. But if Google does this, that’ll be almost worse. https://venturebeat.com/2018/12/31/mozilla-ad-on-firefoxs-ne...
It’s funny when you think of it, now both browsers want to shove ads down my throat. I hate the modern internet.
I agree that ads aren't a great solution, but the entire reason Mozilla is doing things like that is to avoid having all their revenue (and thus their existence) dependent on Google. How else do you think they should make money?
It's also worth pointing out that the included ads are targeted locally on your computer, and none of your browsing data gets sent to Mozilla (https://help.getpocket.com/article/1142-firefox-new-tab-reco...).
And it's also really easy to turn them off (preferences > home > "sponsored stories").
> I don’t trust the Mozilla Corporation. Putting ads on my home page a few weeks ago was the last straw.
I have my Firefox homepage set to a blank page and see nothing of the sort.
Because of your comment, I temporarily set my homepage back to "Firefox Home," but didn't see any ads. Just a a few recommended news articles.
You can deactivate the featured by pockets and the highlights sections. => about:preferences#home
>> But if Google does this, that’ll be almost worse.
Yes, google never shows you ads.
What problems do you have with Firefox?
If you prefer chrome but don't want to deal with the privacy issues, definitely try out brave-browser. It's a custom build of chromium with privacy and ad blocking enabled by default, and is fully open source.
People who have grown to know and love ad blocking will move en masse to Firefox. That would be a good thing.
The attempt to force users into a system they don't want when there are other options available results in a loss of users.
I’m not so sure about that. From a nontechnical users’s point of view, they aren’t entirely shutting down adblockers outright, but merely slightly inconveniencing them - most users will probably migrate to a different, less powerful ad blocker and just keep using Chrome. We’re all frogs in water while Google keeps raising the temperature just ever so slightly higher.
Google proposed changes to chromium that makes many people not use chromium. Or chrome.
I will focus on Firefox for compatibility, if it works on chrome that's great but I will consider it ie6, I don't care about crippled browsers.
Depending on the project and leeway I might even block it outright. I did that with ie6 on one system.
Apparently I can't post just the thinking face emoji. But we all know what this is, what else is there to say that hasn't been said to death already?
Another reason why it was an enormous mistake for Microsoft to adopt Chromium as the engine.
Now Microsoft has a choice for Edge:
A. Fork here and pay the maintenance price and extension compat issues, with potentially unlimited downside of technical debt in reconciling the two.
B. Adopt these changes and kill ad blocking in Edge, preventing them from differentiating themselves from Chrome and reinforcing Google's position as an advertising giant.
Both are bad. What would have been less bad is if Microsoft switched Edge to say, Gecko, or maintained EdgeHTML and continued to support a multi-platform, multi-implementation web.
Or pull a 180 and start running their own build of firefox that they contribute to.
Has anyone considered they are trying to do something good here? Publishers are dying left and right...ads support a lot of good businesses!
Ad-supported businesses are an example of tragedy of the commons. They cause users to be product rather than customers. They make it harder for any other monetization strategy to take off the ground (it is hard to compete with "free"). Ads, and marketing in general, is a zero sum game with your resources being spent simply not to fall behind, just because your competitors are spending them (they are like lawyers and military in that regard). Ads enable and encourage parasitic businesses, like content farms and the like.
For the marks, I mean, users, ads pollute visual field, occupy mental space, create and encourage unhealthy habits.
Ad industry can't go out of business fast enough.
Sure, but the plague of dark patterns and intrusive ads far far outweigh the few legitimately non intrusive ad supported websites. I agree there needs to be some way for sites to make money, but there is just too much stuff out there that should be blocked.
I'm sympathetic to this argument, but browsing on my mobile device (where I don't have a good ad blocker) is regularly interrupted by redirects to malicious sites ("you're a winner!") that are clearly injected by ads.
I'll happily whitelist any ads from a network that bans scripting in the ads they accept.
If they are explicitly making these changes to support ads, that's not a good thing. Google is the Internet's largest advertiser. If that business is driving decisions in Chromium, then the project (and the Internet) is in big trouble.
The ad industry has had decades to get its collective shit together and stop taking the piss out of users. I have no more sympathy or patience, I'm just blocking the lot.