Slashdot Mirror
Google Proposes Changes To Chromium Browser That Will Break Content-Blocking Extensions, Including Various Ad Blockers
"Google engineers have proposed changes to the open-source Chromium browser that will break content-blocking extensions, including various ad blockers," reports The Register. "The drafted changes will also limit the capabilities available to extension developers, ostensibly for the sake of speed and safety. Chromium forms the central core of Google Chrome, and, soon, Microsoft Edge." From the report: In a note posted Tuesday to the Chromium bug tracker, Raymond Hill, the developer behind uBlock Origin and uMatrix, said the changes contemplated by the Manifest v3 proposal will ruin his ad and content blocking extensions, and take control of content away from users. Manifest v3 refers to the specification for browser extension manifest files, which enumerate the resources and capabilities available to browser extensions. Google's stated rationale for making the proposed changes is to improve security, privacy and performance, and supposedly to enhance user control.
But one way Google would like to achieve these goals involves replacing the webRequest API with a new one, declarativeNetRequest. The webRequest API allows extensions to intercept network requests, so they can be blocked, modified, or redirected. This can cause delays in web page loading because Chrome has to wait for the extension. In the future, webRequest will only be able to read network requests, not modify them. The declarativeNetRequest allows Chrome (rather than the extension itself) to decide how to handle network requests, thereby removing a possible source of bottlenecks and a potentially useful mechanism for changing browser behavior. The report notes that Adblock Plus "should still be available" since "Google and other internet advertising networks apparently pay Adblock Plus to whitelist their online adverts."
But one way Google would like to achieve these goals involves replacing the webRequest API with a new one, declarativeNetRequest. The webRequest API allows extensions to intercept network requests, so they can be blocked, modified, or redirected. This can cause delays in web page loading because Chrome has to wait for the extension. In the future, webRequest will only be able to read network requests, not modify them. The declarativeNetRequest allows Chrome (rather than the extension itself) to decide how to handle network requests, thereby removing a possible source of bottlenecks and a potentially useful mechanism for changing browser behavior. The report notes that Adblock Plus "should still be available" since "Google and other internet advertising networks apparently pay Adblock Plus to whitelist their online adverts."
If the DOJ (no particular friend of Big Tech in this Administration) wanted an excuse to probe Google with the FTC for some anti-trust discovery, this would be a quick ticket.
The world's dominant browser requiring that the world's dominant ad network always be displayed would be a wonderful reason to force a divestiture of one or the other (or, preferably, split everything up into components).
Hire a Linux system administrator, systems engineer,
But Google uses Linux on their servers and said they would Do no evil.
LOL @ the all the tards who fell for Google's bullshit.
Wow, the company that makes 90% of the its profits from advertising is trying to use the open source projects it near controls, that has a near monopoly on web browsers now... to stop adblockers from existing...
It's a coincidence surely. *Hugs Firefox*
Word to the wise: wget https://dl.google.com/linux/di... Rather than using the online "installer" that does the download. Keep older versions on some share, it may protect you from this "upgrade".
The report notes that Adblock Plus "should still be available" since "Google and other internet advertising networks apparently pay Adblock Plus to whitelist their online adverts."
So there will still be an API that works, if you play their game..
As now there's only literally one major browser out there, and the vendor is Google, why would it care about content blocking? The sooner it kills actual content blocking in Chromium, the more profit they will get.
Ironically, using Firefox may not only for saving the Web in the future. It's also about saving yourself. Hopefully Mozilla won't be stupid enough to follow, or they actually may not deserve to suivive.
In the future, webRequest will only be able to read network requests, not modify them.
They're doing it to increase browser speed. How wonderful of them. It's not like you *have* to install extensions that use this feature or anything. And most/all of their clones will follow suit.
In The Future, I guess I won't be using Chrome-ish. Lynx, here I come! (Or maybe not.)
If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
Right?
Since Mozilla recently also adopted the same plug-in interface for Firefox I'm guessing this is going to affect Firefox as well.
Would Mozilla and developers be willing to split from Google's way?
I wonder if there is a way to still block ads based on somehow modifying your host files? Does anyone make software like that, that will let us manage our host files?
But at least they don't have a walled garden so I can still install my favorite chinese spyware! clearly they're the good guys!
Everything Google touches either IS shit or turns to shit.
Don't fucking use stuff which is associated with Google.
And for those who don't yet know, Opera is a very nice browser, which is fast and doesn't undermine your efforts to block ads.
I suggest you try Opera if you have not already done so. ( I have NO affiliation with Opera, but I like stuff that comes from a source other than
Google or Microsoft )
The story is nonsense adblocker plus you right click the mouse button and select block ad on any website that it does not recognise the ad. Adblocker plus is ad blocking customisable
This is great news ... for Mozilla!
In the walled garden I have
A bed of greens
A shaven animal
And koi who are not coy
I sleep fitfully on a stone bench
I dream of you waking me with a song
Until your song disturbs my slumber
With a bed of greens
In the heart of my walled garden
Won't this hurt WebExtensions in the long term? By giving the browser a separate API for network requests, it's very fishy that Chromium is going this direction.
Somehow, I feel that Google has now altered the deal. Pray they don't alter it any further.
So now that the last major holdout, EDGE, has swapped over to chromium as their core engine google finally reveals their cunning plan to get advertising (their core business) to work once again!
I use a proxy auto-config file to filter out ads. It used to work perfectly, but thanks to one change, it's little better than a hosts file now: They decided that passing the full URL to the PAC file was a security issue for https sites. Now I can't filter out ads from the same server as real content since almost everything is https now. Fortunately, most ads are on separate servers, so it still works. In a pinch, there is a browser setting that will tell it to send the full URLs, and I might switch that on if I find a site that is particularly annoying. The advantage the PAC file has is that I can use a magic URL as a flag to turn ad blocking on or off as needed, such as to test if a page display error is due to the blocking.
Who can piss off the most of their users the quickest...
Firefox and Chrome are neck and neck at this point.
Wow there are a lot of browsers that use Chrome, RIP them. This probably has something to do with the fact that Edge adopted Chrome. Google really wants to exploit those 3rd party browsers. These days Google is more of a marketing company than a tech company. RIP Chrome.
Why does an ad-blocker need to be an extension or add on program? Nortons years ago had a built in ad-blocker, worked great so so we really need to be tied to what the browser makers do and just add a filter before it gets to the browser? I am not a coder,so..
Jack of all trades,master of none
The report notes that Adblock Plus "should still be available" since "Google and other internet advertising networks apparently pay Adblock Plus to whitelist their online adverts."
hahahaha whats the point of an ad blocker if. it. isn't. blocking. ads.
Fuck you, Google! Corporate shills!
Just don't use Chrome.
Google introduces a quasi-ad-blocker. . Shocking that they want all other ad blockers to die by breaking compatibility. Then, figure that 90% of users never seek out another blocker, and Google's ads get back through.
Your ad here. Ask me how!
Because it would be much more effective to block content from within the browser versus having an external application.
It sucks that you have to install per-browser, but it's much more effective than having an external application handle something like a hosts file or rip into your HTTPS traffic.
Firefox still blocks all with umatrix or ublock, so this Chromium change will not cause me to quit firefox.
What goes around, comes around? Why does this not surprise me? Perhaps it's because the W3C has had fingers in corporate pockets and pants legs for as long as it's existed, and serves the corporate presences on the Web and not the "useless eaters" who consume it? The HTML spec has long been saddled with additions that benefit that corporate control of the Web. Why should it surprise anyone that one of the biggest corporate presences wants to take further control through use of its own browser?
So the Resistance is now back to using HTTP filtering proxies like the dead Proxomitron and Privoxy to try to take back the Web from corporate control. Good luck with that. Nobody really gives a shit any more. Instead of more such independent proxies and more refinements to them to make them truly user-friendly, we got the horrifically bad idea of BROWSER EXTENSIONS... and those extension developers got pwned even by Mozilla after the trap was sprung.
Right now it intercepts the request and says "don't make that one".
Is it possible that the browser makes the request and gets the file, but you tell it "don't load that one"?
So, essentially, the network traffic still happens, but the file isn't active/usable.
I refuse to sign
And fuck Chrome, Chromium, ChromeOS, and anything else from Google (or anyone), that disempowers users...plus the horse they rode in on.
Firefox is about to prevent DLL injection in future versions for "security reasons", similar to what Chrome did last year. And they've regularly copied Chrome over the years to the point where it gets regularly mocked as being a Chrome-wannabe. So I'm not convinced that Firefox will be the savior of the free internet that everyone thinks it will be if Chromium-based browsers kill uBO because they'll probably pull the same crap in time.
And I like how people are saying that uBO can just adapt around it. The developer of uBO has already said that it's impossible because v3 removes key functions that make it work (and without it, uBO would only have the filtering power of ABP).
DO IT NOW
https://www.mozilla.org/en-US/firefox/new/
Advertising is a pollutant deliberately injected into society. Most people instinctively dislike it but few realise how much damage it does.
All types of pollution should be limited by government regulation. Currently advertising is not sufficiently regulated. It is a shame that so many businesses are fundamentally about spreading this type of pollution to the detriment of society.
Even when Google's user tracking still knows about what you have been browsing in Firefox?
Go to youtube and check what ads it shows you. They will mysteriously resemble what you looked at in Firefox.
This should help get Firefox user numbers back up.
"When information is power, privacy is freedom" - Jah-Wren Ryel
And the second best time is today.
Cry me a river... We don't need the DOJ doing jackshit as long as Google is still providing the full source code to Chromium. Just make a few tweaks to the source code and boom, ad blocking is back in business. Sure, the change sucks for extensions like uBlock Origin, who will likely lose users as people find new ways of ad blocking, but it's not like the bad old days of closed source Internet Explorer.
Brave Browser is based on Chromium's rendering engine and provides ad blocking built-in, no extensions necessary. It's already here and works pretty darn good.
The browser has to do it because you can direct it using an extension to block html classes, ids, maybe even tags and domains. Blocking just domains (aka hosts blocking) doesn't work in the long run if the site is coded well enough that it uses the same origin for ads and regular files, so the extra power is partially up to the browser to handle everything else.
This is the first article I've seen on slashdot featuring a popover on the bottom of the page. Goodbye slashdot
I use Firefox with uBlock Origin, and I also use the MVPS Hosts file... both on my home and work computers.
I stopped trusting Google when they were bundling Google Desktop with new computers.
Back to Privoxy/Promoiyton? Why do you think Google spent 5 years convincing everyone HTTPS was necessary, even for static, low-risk pages?
Your ad here. Ask me how!
Run Pi-Hole instead and point your DNS to your Pi-Hole system?
https://pi-hole.net/
Pi-Hole doesn't have to run on a Raspberry Pi. Run a small VM, another Linux box, etc.
I have a home server running a Ubuntu VM alongside a bunch of Windows systems, so Pi-Hole would work for me.
Still, way more overhead and complexity than uBlock Origin.
Firefox time.
Corrupted by money and blind to the effect of anything they do.
It's hard to believe that once upon a time, Google used to be considered a good role model for Internet companies; and now, a revolting turd in a cesspit of putrid scum.
While not perfect, it seems to me that a filtering proxy would take care of a lot of ads, at least those from 3rd party ad-servers.
-- Alastair
If you read the spec it's that they are thinking of moving the blocking ability to declarativeNetRequest from webrequest. They will need to rewrite some of their code but it should all still work as expected.
www.moonnext.com
We can stomp out socialism and have real freedom. Let's show those Europeans a thing or two?
http://saveie6.com/
What did users expect?
To get a service and block approved ads?
Find a real OS and a real browser that lets the user block ads.
Domestic spying is now "Benign Information Gathering"
Hello Firefox
Local proxies are still allowed. And likely always will be if they want the corporate market share (this is the reason tls 1.3 got blocked for a year). Add your proxy's CA to your trusted certs and it can mogrify all the pages you send its way, regardless of security or origin. Granted, you can no longer see the original certificate from the origin webserver, but block ads it will.
Google is making this change because filtering malicious javascript and advertizing from web pages by the "web client" (ie, the browser) is ruining their business model which is completely and entirely based on the "web client" executing malicious javascript and displaying advertizing contrary to the interest of the owner of the device on which that malicious javascript is running and on which the advertizing is being displayed, at the expense of that owner (who is paying to transport that unwanted malicious javascript and advertizing).
Therefore, Google has two choices: Make is so that people using "Chrome" based crap cannot protect themselves from malicious javascript and advertizing (99% of which is promulgated by Google) or just close up shop and go out of business.
Because they are a bunch of greedy fucks who do not actually have a product any non-sleezebag would want to actually spend money on (and therefore no actual business model other than being a shitbag), the have decided to pursue the former course rather than the latter.
Of course, it also helps that 99.999999% of the people who use their products do not give a shit anyway and are too stupid to only use products which are not inherently malicious.
In other words -- follow the money.
=====E Chromium
JUST FORK IT!
That was practical when most of the internet was HTTP, but now it's mostly HTTPS (Encrypted) and there's no good way to intercept and modify content before it hits the browser.
Technically, there are methods that add a suite of trusted certificates for the middle-ware, but they all have very significant drawbacks that either make the browser less-safe (by presenting valid, safe certificates for sites whose original certificate is less-so) or by the browser not trusting the content.
The best place to catch ads, malware, etc. is now in the browser, after it's already been decrypted by the browser, and prior to rendering the content.
If they do this, then, someone is just going to fork it and take restrictions right back out.
Bye bye Chrome
Bye bye Edge
Bye bye Opera
Clearly "Don't be evil" went out riding the coattails of the previous government administration and its anointed successor.
You might have missed the bits where Mozilla took time to collaborate with extension authors (such as NoScript) in order to add extra functionality, so that critical things which were possible in XUL extensions could be ported to FireFox' flavour of Web Extension.
The only extensions that didn't make the jump were either abandoned, or those whose authors preferred to loudly complain and join sone "anti-WebExtensions resistance" instead of trying to work out a solution.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
There are plenty of reasons but here is the simplest: because when you're dealing with HTTPS traffic, if you want to inspect or modify it, you MUST be listening at one of the endpoints, which here means inside the browser.
DNS black hole time folks
Came here to post same. Eventually we'll have DD-WRT incorporating Pi-Hole natively, and the average person won't need to worry because your gateway DNS includes it by default.
No way is ublock better, either in overhead or complexity, to Pihole.
If you have a single device and can install adblock/ublock, great.
We have 3 laptops, 2 computers, 2 tablets, storage devices, etc and god knows how many visiting travelers and friends use our wifi.
Pi-hole is the only way i know of to force this on all users, including the stupid ipad and edge users that occassionally stumble through our door.
Add in all the processing on all these devices and all the white/black ilst downloading and updating, and immedaitely you see pihole is simpler and less overhead for a household. YMMV depending on amount of people in household.
I haven't used Palemoon in a long time, how good (or bad) is it these days ?
But Google uses Linux on their servers and said they would Do no evil.
LOL @ the all the tards who fell for Google's bullshit.
It was probably more or less true in the beginning, but then greed took over.
At least we still have Pale Moon http://www.palemoon.org/
FireFox is dead.
I fully respect the disdain for all things Alphabet Soup (formerly known as Google Inc) but the specs to chrome.declarativeNetRequest appear to suggest a different extension programming model to accomplish the same thing.
Instead of loading a separate web document (as webRequest API does) the new API allows an extension to run through its rules at the onBeforeRequest stage -- in other words, instead of intercepting a separate network request mid-stream the API provides the means to evaluate the network request BEFORE going all the way through.
Another way to look at it is like a (network routing) proxy service. The proxy runs through client-side rules first (whereby the rules.json may have "block" and "allow" and "redirect" action types) and reacts accordingly all BEFORE dropping mid-stream packets.
As I ponder this a bit more, it seems that an ad-blocking extension that utilizes the new declarativeNetRequest API would actually DECREASE the amount of hits an ad-server would experience since the browser would never initiate a connection to the ad-server. To this end, the specs say that iframes and images blocked by the declarativeNetRequest API would collapse at the DOM (thus killing the html content within the iframe from ever being loaded).
Question: Did I understand the SPECS correctly? (Yes, I am ignoring the brouhaha otherwise as well as the claim that [oh no] ad blockers have a new API at their disposal...)
Since websites will assume if you are using firefox, you must be blocking ads. This will be a fom of drm and more websites will be going chrome only to ensure thir ads will be seen. Chrome has acheived the browser monopoly after we fought so hard to get rid of Internet Explorer.
You don't seem to grasp how much flexible Proxomitron and Privoxy are than something as simplistic as Pi-Hole. They don't just block advertising: they can REWORK PAGES to display information in a fashion that is effective for you, and NOT display page elements that distract from your goal, regardless whether those elements are advertising, site self-promotion, sidebars you don't need, and far more.
Don't you get sick of having a widescreen monitor yet so many Web pages are imprisoned by their designer in a narrow column that only benefits that designer's "vision"? Don't you ever find yourself wanting to overrule the stupid or selfish decisions that Web designers make? You could do that are more with Proxomitron, because it was designed specifically to be more generalized than just an ad-blocker. Before Proxomitron's sole author died and the software lapsed into obsolescence, I used it for all of the above, and my Web experience was dramatically improved, because it was MY OWN.
Instead of promoting Pi-Hole, you should be promoting a revived open-source community edition of Proxomitron.
Are you new here? That solves nothing at all! What alternative browser shall you use? Mozilla? Mozilla is still in bed with corporate sugar daddies and quietly does their bidding in large part (because to not do so means no more shugga from daddy), and the W3C is still dominated by a corporate oligarchy and corporate motives, and the HTML and other specs are still designed to serve THEM and not us.
Say hello to your Web overlords. They control your Web browsing regardless what browser you use.
uBlock Origin + uMatrix = no ads at all in youtube with Firefox
This move would basically prevent privacy badger from operating. At the moment it is *extremely* effective at preventing tracking companies (Google, Microsoft, Apple (yes, apple), facebook, etc) from tracking you, and it's extremely effective
The changes proposed would break all of that, preventing privacy badger from functioning. I take big issue with the proposed changes because of this, and so should you.
... it would be shame if something happened to it.
"Don't be evil" my ass.
Today I received a message that the web version of Skype will not longer be supported on Firefox and I should switch to Edge or Chrome. In theory I can install Skype on the Desktop but they change the interface far too often and make the application run very poorly. Will companies stop supporting browsers that are not based on Chromium in the future?
I thought Lemons superb work on PROXO had been forgotten. In the day PROXO fronted my faithful WinME ( rock solid 4 hours at a time ) doing Web-malware surveys on suspicious URLs. In several years of survey, only one badguy was able to punch-thru and swipe me a threat . A couple tickles to PROXO interface ( not unlike ZONEALARM motif ) and the blackhat threat vanished.
Browsers have started to implement DNS-over-HTTPS and it's only a matter of time before Google enforces it in the future.
when they force me to watch their ads , I get the right to bomb them.
hundreds of others which integrate(d) deeply with the browser.
If an extension is deeply integrated into the interface of the browser, you might expect that when this interface change, there'll be some work involved.
Tab Mix Plus
is in the process of being re-written (but still isn't on par with the classic on)
Hide Caption Titlebar Plus
...is a function that is now directly supported into Firefox with client-side decoration. No need for extensions.
Status-4-Evar
The interface of Quantum is based on Servo, it's not using XUL anymore, it's written in HTML/CSS. You don't control it the same way any more.
It's like complaining that MS-DOS screen savers and always on top status-bar thingy don't work on the Windows desktop.
Quantum *does* support a permenent status bar, but currently there's no interface to configure it, you need to manually patch the CSS.
It's not ideal, but there's no practical way ever to make Status-4-Evar work in Quantum.
DownThemAll
And meanwhile, the Firefox extensions used by JDownloader 2 to communicate does work with Quantum.
In both directions (intercepts download pages and allows you to add them into JDownloader 2, or conversely has JDownloader 2 able to open pages in Firefox when a user interaction is needed).
For a download manager *IN* Firefox : the necessary API extensions are still being worked on.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
So we will get those , 1000$ android adware phones.... they must be joking.
Can start giving them out for free if they want me to use any of them.
Seems like Google's gone off the deep end lately. Their search results have gone to shit, to the point where I'm getting more relevant results with bing or duckduckgo, they're pissing off all the YouTube content creators, they seem to be focusing on making the Android Platform useless and annoying and they're shutting down Google Plus after jamming it down our throats just a couple years ago. If I didn't know any better, I'd say they're trying to drive their customers away. And they're alienating a large chunk of their workforce with their projects supporting the military and authoritarian regimes. Should someone explain to them that "Make everyone hate you," really isn't a good business plan? Because the internet is starting to realize that Google is a disease, and it's really hard to come back from that point.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Because loading most of my pages without uBlock takes nearly 50% more time due to the excessively heavy ads.
They should compare the speed of loading with uBlock or equivalent loaded because that's what most people
do, if they don't then it simply proves that they are not doing this for technical reasons at all.
DV, author of libxml2
Iceweasel? Chromium? I'm sure there will be a fork of Chromium that maintains the desired behaviour.
I think this time we need to take a new approach. Namely. We need to build something that breaks off the data stream for ad's into a seperate process and just clicks on everything it can. Or whatever it can randomly. Fills out any forms given to it with BS. Make something that would force the big monopoly players either to get out of advertising entirely and start focusing on technology, or force them to invent a protocol so haness and horrific to circumvent so as to end the internet, showing their true colors upfront.
Literally I could build a business model for a paid service to intentionally feed advertisers absolute garbage. Sure there'll be lawsuits, all frivilous slapsuits that will be dismissed with prejudice. Heck that might become a companies primary revenue model; countersuiing advertisers. "I don't see how we've harmed company X whatsoever, our users pay us to harm company X, they are at fault, now pay us our dues slimeballs".
Want privacy? Poison the Data well.
Go ahead Google, make my day. See how long it takes for you to lose control over your browser project because it gets forked. Then watch the remainder of your users flee back to FireFox in throves.
Can it remove those fucking video ads that play while I'm trying to read something? Often those come from the same domain and are not filtered automatically by an ad blocker.
That would be amazing...
My work computer did not have an ad blocker until a couple of weeks into the job when I tried to read a news article during some down time. I quickly discovered the general internet was unusable without an ad blocker.
I wouldn 't trust that, it would be unsurprising if google checks to see if they can reach their ad servers via non proxy connection and use that regardless of your settings if they can.
I've just bought a raspberry PI to create a PiHole to deal with intrusive tracking and adverts.
Microsoft adding adverts to my lock screen in win10 really is not funny. Google is just as bad and stuff like this is why chrome is not installed on my PC, I prefer firefox anyway. Chrome constantly hits your disk even when its not open.
You cannot trust these companies to not exploit your data at every turn so you gotta take control back and block access to your network.
This was supposed to get better with GDPR but it was so poorly implemented that its just made websites worse. You have to turn on 3rd party cookies for the tracking websites to remember you don't want them to track you. That's just backwards like opening your bank vault door to keep out thieves. Also every damn website that 'cares about your privacy' also puts a popup with more clicks to stay opted out than to opt back in even if you have already opted out.
pi-hole or pfSense+pfBlockerNG can block nearly every ad at the network level, making all devices on your network nearly ad free with zero client configuration.
I have a home DNS server based on the PiHole software and a raspberry Pi. I went this route because Android Chrome already sucks. /. readers can probably DIY in an hour or 2.
Lazy F'ers like me can get it pre-built and ready to go from PiSupply in the U.K.. Most
Problem is you can't add your own certificates to many devices, e.g. smart TVs.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
PiHole is better than nothing, but DNS based blocking is very limited these days compared to what an in-browser ad blocker can do.
For example, it can't do much about ads served from the same host as the content. It can't do pattern matching based on the URL. It can't selectively disable Javascript, e.g. to disable 3rd party scripts. It can't stop auto-play videos.
It doesn't work with YouTube either. Currently PiHole can't block YouTube ads, much to my annoyance.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Or you run the browser in an isolated network container with an HTTPS proxy set up that contains your own self-generated cert that's also installed in the browser's trust-store and do the ad blocking at the container boundary.
Mozilla hasn't done themselves any favors either. Firefox has become pretty terrible. Compared to IE it was lightweight, fast, secure and innovative. It is now none of those things. Granted, any browser that is worth using is far from lightweight anymore because we have an entire generation of developers seduced by the forbidden fruit of web applications and JS frameworks, but FF is still bloated compared to its competitors and is behind the times. Mozilla seems more interested in chasing fads and sjw virtue signalling than making a straight forward solid browser. Chromium is simply better. The FOSS community naively gave up browser development and handed it over to Google. Konquerer used to be KHTML based but now its Chromium based. In a world where nobody can agree on anything and we have 1000 unnecessary package managers we effectively have one web browser. We should be ashamed of ourselves.
Is there a mechanism that lets you bypass those interstitial ads that youtube injects in the middle of a video?
By pro corporate anti regulation folks. There's no shortage of alternative browsers either so you'll have a tough time arguing anti competitive is a thing here.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Actually that is possible with PiHole. It's the pre-roll ads it can't block.
Until Google changes the domain names of the interstitial ad servers.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
The constant deluge of popups from sites that have detected my ad blocker is driving me up the wall these days. I'm thinking of going to Pihole just so they won't be able to harass me about using an in-browser ad blocker any more.
Have you read my blog lately?
Coming from a company that makes almost all its revenue from ads. It also addresses the fact that Chrome's own annoying ad blocker is probably nothing more then a placebo. If people were smart, they would drop anything Google like a hot potato.
PiHole is better than nothing, but DNS based blocking is very limited these days compared to what an in-browser ad blocker can do.
There's a third option, which is to use a proxy. I used to use a filtering [SQUID] proxy to block ads, and it was moderately effective even without much effort spent on it. There are all the usual proxy disadvantages, but it can rewrite pages before they even get to your browser, and it's the only solution which can. I mangled packets to force all identifiable web traffic through the proxy, unless you specifically chose a specific proxy port which permitted unfiltered content.
DNS blocking is more or less worthless today, although I suppose there's no great reason not to do it. But proxy-based blocking still works great, where you have control over where traffic goes. If we could have a proxy with a nice configuration interface, that would probably be the best bet. It's hardest for the googles of the world to defeat. Android users who can't root will still have problems on the road, but people who can't be made to understand why they need a rootable device probably just can't be saved.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Problem is you can't add your own certificates to many devices, e.g. smart TVs.
You might be able to add your own certs to some smart TVs with enough effort, but the smartest thing is not to buy such devices in the first place. They're less reliable than dumb devices, so that alone should be enough to disqualify them. It's not like an external player is expensive or takes up any noticeable space, so they really offer nothing of value.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
The problem with proxies is that you can't load your own certs on to things like smart TVs. Also I think Google has pinned certs in its apps for things like YouTube anyway.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
This is irritating as it upsets my plans for end-to-end Web encryption. By which I mean encryption of the data on the server so that the server has no access to it. The only things that are on the server are encrypted data blobs and a pile of random numbers.
By end-to-end Web I mean that you will be able to set up comment forums like slashdot, read email in a Web browser and everything else you are accustomed to doing on the Web but without any of the plaintext content being accessible to the server.
The technical basis for this scheme was worked out in the 1990s and then patented by a completely unrelated company which merely sat on the patent till it expired last year. It uses meta-cryptography which is a property of the Diffie Hellman schemes that if you add two private keys, the corresponding public key is the product of the public keys, etc. Matt Blaze, Torben Pedersen and others worked out how to apply these effects to achieve an effect they considered interesting but insufficient. My contribution is merely to show that the simple scheme is more than enough to do interesting things.
So now I need to work out how to hook into the browser. One possibility is to present the decryption module as a new compression scheme. It looks like a compression scheme in other respects. It just requires the host to have access to a private key capable of completing the decryption.
Any help would be appreciated: hallam@gmail.com
The project site is mathmesh.com but that is of the previous approach which has been superseded in the reference code but not yet documented.
[Oh and yes, I do know what I am doing sort of, I have probably considered the corner case you have just thought up. This has been in discussion for many years with serious protocol design people.]
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
I try to use Firefox as much as possible, but the browser is often a resource hog, heating up the laptop with fans screaming. It's a bit like me. Old and bloated, unable to change to meet the requirements of the modern and Agile world. Plus hooked to Google, wanting to be Chrome and all that.
The rest of the browsers seem niche products and are based on Chromium, so is that really a good way forward? Opera, Brave, .. Not that I know much about those details. Anyway, dear fellow nerds, could someone who knows, educate the rest ..
No, it wasn't. It was never true.
Ad blocking always seemed kind of scumbag-ish to me. If you want to view content on someone's Web site and not directly pay for it, then it's OK to display their ads. What I don't think is OK is for the Web site to take advantage of that and do something even more scumbaggy. With that in mind, I always run Firefox and add No-script. It keeps the majority of sites at a tolerable level of readability and still gives Web sites an option to fund themselves (in fact, it encourages them to use "good ads" because the others won't work.)
The way the Internet should be used. No one actually needs graphics and video.
Posting anyway.
Just sounds like a new API for ad-blockers to update to. Outside of blocking requests, intercepting and manipulating requests, sounds like security issue to me.
This will just cause people to not update and decrease web security as a whole. There is no way I am updating my browser if it is going to break my Adblock.
WTF?
It amazes me that anyone needs more reasons not to use chrome(ium).
Firefox with some adblocker/content filters runs fine. Anyone that says otherwise is just making noise.
I was on twitch for an hour. In that hour it blocked over 499 request for ads.
It is utterly sickening how many ads we have shoved in our face.
As long as we're all discussing browsers, I'm curious what /.'s opinion of Maxthon is. I've been using it for years now, mostly because I like a variety of it's embedded features, but I can never find very tech-savvy people expressing their opinions on it.
If Google makes a change like this, then most Chromium-based web browsers will either switch to some other basic engine, or would disappear.
No. It is on to using Proxomitron Reborn....recently released last year....with multiple patches since then. (And for those too lazy to read the post...it supports https too.)
http://www.prxbx.com/forums/showthread.php?tid=2331
https://addons.mozilla.org/en-US/firefox/addon/uaswitcher/
https://blog.mozilla.org/addons/2018/10/26/firefox-chrome-and-the-future-of-trustworthy-extensions/ - Everyone seems to have missed this!
Well, this kills the ad blocker. All of them on all browsers, pretty much.
Then everyone will hardcode "Chrome" into the User-Agent header of http requets... just as everyone already hardcodes "Mozilla" into the User-Agent string today.
And how are you going to alter the page without breaking https? One reason Proxomitron and its likes don't work well anymore, is that they would be in effect "man in the middle" changing content, which is the same problem web cache or accelerators (compress, replace bloated pictures, etc) face.
Privoxy IIRC was pretty much superceded by polipo...
BTW "Reworking" a page can still be done at the end side (browser) by the likes of greasemonkey or stylus.
Artix
Your Linux, your init.
Yes, I used to use Proxomitron to display full size images instead of thumbnails and change other things the way that I wanted them. It's been a long time since I used it, but I used it extensively at one time when the web was simpler.
of it.
Bye Chrome. I never really liked you because this kind of shit was always possible in your roadmap.
Mozilla has already taken the initial steps to do this too. The web is about to become a MUCH emptier place when the mice realize that fucking with the bait ensures that the trap always fires off.
I am wondering if Konqueror is a reasonable enough method of looking at websites safely? Are they still working on it? Do they have good script controls now?
"Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
That is actually pretty neat. Still the original suggestion of PiHole or whatever is not bad. There are tons of people like me who really would rather not use "the web" but kind of need to for some things. A quick and dirty answer is a reasonable solution.
Slashdot is the only website that I participate in on a regular basis. Figuring out Proximiatron or whatever is not on my todo list as the only website that I use enough to justify that level of control is Slashdot. And Slashdot is not THAT bad.
If the previous discussion between you two were to be viewed as battle, you both won and lost. He won because a quick and dirty solution is sometimes the best choice. You won because you pointed out some software that can completely transform your experience in a way that is desirable for you.
Not every discussion has to have a winner or loser. I don't see that problem here, but it erupts so often that I figured I would address it in an offhand manner here.
"Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
My point was that Pi-Hole is a passive band-aid that does nothing at all to help "take back the Web". Simply blocking advertising/malware/porn domains wholesale does nothing to lessen the control of "content creators" over how others are able to view the content they disseminate.
P.S. Slashdot really HAS become that awful, courtesy of its more recent owners who only wish to bleed it dry and contribute nothing; its owners now have no investment in the process other than a monetary one. Their willingness to take a cut from allowing Taboola to display misleading deceptive clickbait ads shows how little they respect their userbase... who actually create the "content" AKA discussions that make the site have value. Taboola is the Exoclick of mainstream advertising: no porn, but every bit as sleazy and deceptive.
(I wouldn't even know how bad the advertising is were it not for Thunderbird recently also adopting WebExtensions and in the process breaking everything I had in place to rework RSS feeds like Slashdot's.)
They only "control" it as long as groups still consider W3C a legitimate standards body. All we need is a single opinionated, slim browser to upset the ecosystem.
If you're interested in an up-and-coming alternative, take a look at netsurf: http://www.netsurf-browser.org/
It's written in C (and extensions can be written in C, too) and already supports HTML 4 and CSS 2. Still kind of a ways from HTML 5 and CSS 3, but the Web way is "move fast and break things"; it's not sustainable or healthy over the long-term. I think netsurf may be a suitable alternative once someone puts together an ad-blocking extension. Right now it feels like browsing in the early 2000s, but with some time and attention it will improve.
So?
I'm asking in all seriousness: SO?
Current PCs come with more ram and processing power than you need, unless you're running server daemons (in which case I question the use of a browser at the same time) or games (in which case I don't only question your use of a browser at the same time but you probably already handed your privacy to Origin or Steam anyway).
Add Firefox to that list. I've had a current PC outfitted with enough RAM to make many gaming PCs look whimpy get bogged down by Firefox's memory leaks. Interestingly, while Chrome has its own memory hog issues, Pale Moon runs just fine. This actually is pretty much why I'm willing to believe the claims that Firefox really did manage to patch the (original) memory leak--that, and Firefox did briefly seem to stop leaking memory for a bit just before they decided they really needed to look like Chrome. Which does suggest a bit on where to start looking for where the new leak is coming from...
Just replicate the key functions. People act like if an API removes functionality, it is gone forever. Implement it yourself.
We do have others... Pale Moon has Goanna (fork of Gecko), Gecko is still around (just not worked on by Mozilla), netsurf is a thing (though lacks support for HTML 5 and CSS 3 for now), and there are tons of other Gecko forks I don't even know about.
The core problem is the speed of Web "standard" adoption, which influences the rate of breakage in browsers. Ever since XmlHttpRequest, people have tried to turn the Web into a general purpose application platform. The resulting complexity makes it extremely difficult to keep up with the changes.
I think the best long-term solution is to build a browser that's opinionated and hard-lined about the basic browser, but supports modules. As in, a layer below extensions, where the browser can load a "javascript" module to begin working with JS, a "python" module could give DOM API access to a language other than JS in the browser, etc. The idea is everything goes into a module, including the rendering methods (standards-conformant, tag-soup, etc). Then you could have extensions that are built for certain modules, etc. It would suit those who want a slimmed-down, safe browser, and grant new capabilities for those who want to throw all their eggs into the HTTP/S basket.