replies(4):
> Is Orion open-source?
> We’re working on it! We’ve begun with some of our components and intend to open more in the future.
> Forking WebKit, porting hundreds of APIs and writing a browser app from scratch has been challenging for our small team. Properly maintaining an open-source project takes time and resources we’re short on at the moment, so if you want to contribute at this time, please consider becoming active on orionfeedback.org.
There's no difference whatsoever.
And it's not surprising because on my iOS device I've been using similarly architected content blockers since 2015. There's no issue with declarative ad blocking.
Of course this differs with the kind of sites you visit. So you need to try it on your own. I can believe that perhaps for some people this is a downgrade, but don't automatically assume uBlock Origin Lite won't work well for you.
Many excellent alternatives already exist that are also open and free, I don’t see a compelling argument to use this software on any device at the moment.
Also, keep in mind advertisers are not unaware of all this movement. You don't think they'll try new tactics once they know everyone using chrome is now hobbled to solely static lists? That cloaking (or other approaches) won't then become really popular?
For users switching from Arc, there is no good alternative, but Firefox with Sidebery and custom CSS comes close.
> Firefox, however, has no plans to deprecate MV2 and will continue to support MV2 extensions for the foreseeable future. And even if we re-evaluate this decision at some point down the road, we anticipate providing a notice of at least 12 months for developers to adjust accordingly and not feel rushed.[1]
[1]: https://blog.mozilla.org/addons/2024/03/13/manifest-v3-manif...
I would suggest zen browser [1] for those people.
I also adopted a workflow that has been very conveninent for many years, essentially using Chrome for personal stuff and Firefox for work and other various things (especially once container support arrived!). It's not going to be easy to undo years of muscle memory, but I guess it's time to bite the bullet.
I suppose they want everyone to stop using the Internet and read books.
Google seems much too sure of itself making this change. I hope their arrogance pays off just the same as Microsoft's did with IE.
Unless Supermium is following the manifest path too? Doubt it.
I don't understand why and how it would be less capable, and so far I have not read the details of how/why.
So far, it's just rumors to me.
I will keep using firefox anyway, but honestly I am still waiting for a clearer explanation.
Read up here:
https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-as...
Nothing stops us from doing the same thing again. I've been recommending Firefox to all my family/friends/colleagues for years (ever since I've seen the writing on the wall for Chrome). While Firefox isn't perfect, it's in a much better place than Chrome is, and meets the the needs of nearly 100% of people.
[1] https://adguard.com/en/blog/adguard-browser-extension-mv3-re...
That's going away now. Now mostly everyone is vulnerable with the only recourse being pretty technical stuff, not just downloading a very popular plugin.
So advertisers will now be free to get more aggressive without much downside.
Edit: I do get that this sounds like conspiracy theory. But it really matches the Google boiling frogs approach. Removing the blocking onBeforeRequest, as one of the very first things in the manifest v3 spec was not a coincidence.
My only long-term hope for this space is that a nonzero segment of congressional representatives have had ad blockers installed by their aides, realize that their experience online takes a nosedive when MV2 is discontinued, and calls for hearings! Blocking isn't just about not seeing ads, it's about a user's freedom to set up their "user agent" to preserve their privacy online from sites that don't respect their wishes. That's a right that Google is using its market power to erode, and it's not something we should take sitting down.
More on MV3 from a few years ago: https://www.eff.org/deeplinks/2021/12/chrome-users-beware-ma...
[1] https://addons.mozilla.org/en-US/firefox/addon/multi-account...
I think it's part of a much bigger trend in tech in general but also in Google: Removing user control. When you look at the "security" things they are doing, many of them have a common philosophy underpinning them that the user (aka device owner) is a security threat and must be protected against. Web integrity, Manifest v3, various DoH/DoT, bootloader locking, device integrity which conveniently makes root difficult/impossible, and more.
To all the engineers working on this stuff, I hope you're happy that your work is essentially destroying the world that you and I grew up in. The next generation won't have the wonderful and fertile computing environment that we enjoyed, and it's (partly) your fault.
No, it was driven by having a banner in the most privileged spot of the Internet, Google.com (the most visited site in the world with 0 ads on the homepage) saying that was faster and more secure than the alternatives. In fact Firefox benefited from some free ads on Google.com against Internet Explorer before Google developed Chromium.
iOS I'll give you, but macOS can in fact run ex. Firefox.
> finally matching the security and the privacy in that regard.
"Matching" inferior security+privacy is not a good thing. The only way this is an improvement if you think the blockers are malicious; otherwise a useful tool in the users interest has been made less powerful.
MV3 has a measly 30000 static rule limit. These rules are included with the extension and cannot be updated dynamically. And a 5000 dynamic rules limit. [2]
EDIT: Chrome now has a 300000 shared pool for static rules for extensions that go over their 30000 limit. And a 30000 dynamic rule limit [3].
[1] https://adguard.com/en/blog/adguard-for-safari-1-11.html
[2] https://adguard.com/en/blog/adguard-mv3-beta.html
[3] https://developer.chrome.com/docs/extensions/develop/concept...
WebKit is part LGPL, and part BSD.
So I think from purely a licensing point of view, they are probably not in violation. Provided that the way they are linking the LGPL-licensed code is compatible with the LGPL.
But like the other commenter said, I too would not run any web browser that was not fully open source, like this Orion browser.
Really?
Because I find adblockers on iOS are nowhere near as good - they let far more ads through, and they leave far more sites broken so I have to disable the ad blocker for the site to work.
"Based on input from the extension community, we also increased the number of rulesets for declarativeNetRequest, allowing extensions to bundle up to 330,000 static rules and dynamically add a further 30,000." https://blog.chromium.org/2024/05/manifest-v2-phase-out-begi....
However, it is important to also understand that the employee is not the only stakeholder. Government agencies answer to legislators, nonprofit management answer to donors, corporate management answer to investors, etc. There are layers of compliance that must be considered as well (internal policies, external regulations, different insurance costs, etc.). It is unsurprising that these fewer but generally deep-pocketed entities have an outsized influence on the market compared to more numerous but less moneyed end users. If you refuse to serve the former, you may quickly find yourself out of business.
"Based on input from the extension community, we also increased the number of rulesets for declarativeNetRequest, allowing extensions to bundle up to 330,000 static rules and dynamically add a further 30,000." https://blog.chromium.org/2024/05/manifest-v2-phase-out-begi....
> October 9th 2024: an update on Manifest V2 phase-out.
> Over the last few months, we have continued with the Manifest V2 phase-out. Currently the chrome://extensions page displays a warning banner for all users of Manifest V2 extensions. Additionally, we have started disabling Manifest V2 extensions on pre-stable channels.
> We will now begin disabling installed extensions still using Manifest V2 in Chrome stable. This change will be slowly rolled out over the following weeks. Users will be directed to the Chrome Web Store, where they will be recommended Manifest V3 alternatives for their disabled extension. For a short time, users will still be able to turn their Manifest V2 extensions back on. Enterprises using the ExtensionManifestV2Availability policy will be exempt from any browser changes until June 2025. See our May 2024 blog for more context.
I thought I knew that.
Then I switched from uBlock Origin to uBlock Origin Lite in Chrome, which is compatible with Manifest v3. I was prepared for the horrible onslaught of ads, expecting at least a quarter would start getting through, ready to switch to Firefox...
...and didn't notice a single change. Not a single ad gets through.
And at the same time, loading pages feels a little faster, though I haven't measured it.
Which has now got me wondering -- what if Manifest v3 really was about security and performance all along?
Because if Google was using it to kill adblockers, they've made approximately 0% progress towards that goal as far as I can tell. If they really wanted to kill adblockers, they'd just, you know, kill adblockers. But they didn't at all.
The difference here is are you downloading a random dll from a well known source or from http://free-vpn-fast-internet.dwnloadfree.ru/free-chrome-vpn...? My mom isn't going to know the difference and will click the big green DOWNLOAD NOW button blindly.
Still sucks that the rules are static though. AdGuard devised a method to diff ruleset changes with the built in rules to generate dynamic rules between extension updates. So, I guess it works.
[1] https://developer.chrome.com/docs/extensions/develop/concept...
Here is one empirical data point.
I switched over to Firefox this morning and will advocate for it.
I've considered it for a while, but I never felt motivated to make the switch. It took me a good half hour to set it up the way I like it.
When I tried UBO Lite recently it couldn't block YouTube ads, not sure if that's impossible with Manifest V3, or if UBO Lite just isn't updated regularly like UBO to defeat the YouTube anti-ad-blocking updates.
Update: looks like it's fixed now, not bad :)
> Additionally, we have started disabling Manifest V2 extensions on pre-stable channels.
Title could have been a bit more broad (probably should say "pre-stable" instead of "canary"), but I would say it is inaccurate.
I'm curious about which extensions will be recommended to replace uBlock Origin after it's disabled. I'm sure those alternatives will see a surge in installs.
Also, why doesn't the creator of uBlock Origin update the V2 version to the V3 version? I know V3 version isn't as good as V2, but if you're developing that product, at least give your users something instead of leaving them with nothing. Otherwise, they may end up choosing poor alternatives.
That said, I don't like that the choice is being taken away. If you do want to tinker at that level with the technology you own, you should be given the choice. By all means make it not obvious how to get there - like, have people reboot their computers while playing Twister on their keyboards with interesting key combos, but give them the option.
That's actually not the most relevant part. The most relevant part is "We will now begin disabling installed extensions still using Manifest V2 in Chrome stable. This change will be slowly rolled out over the following weeks."
Google had already started disabling Manifest V2 extensions on pre-stable channels, prior to October 9.
The first paragraph is "what we've been doing." The second paragraph is "what we'll do now."
The change here is actually about the stable channel.
Also, the title makes it sound like MV2 code has been removed from the source, but that's not the case.
https://helpcenter.getadblock.com/hc/en-us/articles/97384768...
https://www.wired.com/story/fake-chrome-extensions-malware/
This has been never ending.
Extensions and in turn MV2 blockers can easily be malicious.
https://usa.kaspersky.com/blog/dangerous-chrome-extensions-8...
Look at how many in Kaspersky’s list are advertised as ad blockers. The majority of users aren’t tech savvy like HN.
Adblockers do multiple things:
1. Visibly block ads from the user
2. Block the user tracking that's attached to those ads
3. Protect the user from malware
4. Save bandwidth and cpu cycles by not loading all that junk
5. Allow control to users over how a webpage is displayed to them
Arguably uBlock Origin Lite can only accomplish some of #1 and a sprinkle of #2 now. And even those abilities are compromised by artificially low limits imposed by chrome in v3 that will eventually allow ad networks to overwhelm those limits and get ads through to users.
Google is 100% boiling the frog here and you/the average user is left in the pot unaware.
Take, for example, hardware attestation on android. There's not really any serious issue with this feature, it can be used to ensure your device is not compromised. This is for example how GrapheneOS enables its use with the auditor application.
But, on the other hand, Google abuses the feature to ensure that you are running a google signed OS if you want to use Google Pay. Meanwhile you can use banking apps which also use hardware attestation (although, from their perspective, they don't use enough of it to ensure it isn't being spoofed, and even then...) without any problem on GOS. Moreover, before Google Pay completely killed all of its competition, it was possible to even find third party banks which would provide you with the ability to pay with your phone without using google pay.
Likewise, secure boot is a great concept if you want to be more sure about the integrity of your laptop throughout its lifetime. But some companies have abused it to force you to use Windows. If you want to set up your own signing keys for secure boot, you end up having to deal with poorly managed UEFI keys from third parties which weaken the security of your machine. The feature, as it's implemented, is rarely designed with helping end user's secure their machines. But the core of the design is fine.
I think limiting root on a phone is also a really good idea, the issue is that Google likes to give themselves and their "system apps" special privileges. If APIs were exposed to allow you to bless your own applications with the right permissions, you would probably not care so much about root restrictions.
So all in all, fundamentally, most of these features are fine. They're genuinely great for security. But the main problem is how they're abuse by the companies in control and how little effort is put into allowing power-users to use those features for their own benefit.
https://old.reddit.com/r/uBlockOrigin/comments/1etvawp/youtu...
Also in chrome, multiple profiles need multiple google account(If I understand the UI correctly)connected, but in Firefox no account is needed.
> It is not fair that Siri is the only one that can access these things now.
That would be true if it was, but it isn't.
None of your comments have actually provided evidence for this assertion, and the previous update dated June 3rd 2024 says users will start seeing a warning. So when between June 3 and October 9 did Google start actually disabling MV2 extensions, and where was it publicized prior to their October 9 update?
People who really care about this (tech minded people) are not using Chrome anyway, others (regular people) will switch to less powerful Manifest V3 adblockers that would probably be good enough and won't switch from Chrome.
Twitter and YouTube ads are blocked.
The drawback? It isn’t free.
Note that it does nothing to block DNS over HTTPS lookups. If your browser insists on going around your LAN's DNS setup, Pi-hole can't help you.
You can use Chrome with multiple profiles by disabling the "Allow Chrome sign-in" option so that none of your browser profiles are tied to a Google account. I don't know if that option can be toggled on a per-profile basis, because I happen to prefer it off for all of my browser profiles.
When the OS is fundamentally in the user's control, they are limited in what they can do, but when the OS disregards it's owners preferences/desires and enforces it's creators desires.
Minor thing actually:
> If APIs were exposed to allow you to bless your own applications with the right permissions, you would probably not care so much about root restrictions.
I absolutely agree with this in theory, but in practice I'm not sure it would ever work because they just aren't going to put in the work to build and maintain APIs for things they don't care about, and there would be a very long tail of things to do (and sometimes those things are legitimately a lot of work). Call recording being a classic example.
But all in all, I very much agree. I love those features when they are in my control on my devices. Biggest issue is, they virtually never are and the number of occurences is trending down.
Anyway,
Edit: Seems Google/Youtube are experimenting/testing with injecting ads directly into the video streams:
https://old.reddit.com/r/uBlockOrigin/comments/1de9kv5/youtu...
The main one is the behaviour of pinned tabs. Pinning in Firefox turns it into an icon that is harder to hit and doesn't even protect it from closing. This makes them essentially useless, they should be moved to the front of the tab bar and be protected from closing.
The second is that when you use vertical tabs the tab bar acts like a title bar instead of a separate entity. This means you can't double click to create a new tab, and trying to drag a tab often results in the entire window moving. I have to use Tree style tabs and disable the normal tab bar completely to prevent this.
There are also things that I don't like such as how downloads are handled and I've has issues with my session tabs being saved properly.
There's another problem with Chrome, which is that nobody is actually paying for it. So the big corps move features along there only in the sense that they won't adopt it or will drop it otherwise. I don't think the big corps are pushing for Mv3 but they also probably don't care that it arrives either. Conversely, I wager Google estimates nearly nobody will revolt and leave Chrome over the loss of Mv2. It hurts ad-blocker developers and it hurts the most conscious users, but Chrome is a marketing product targeted at mass adoption first and foremost. I personally hope their estimation is wrong and the current browser monopoly breaks, but this may not yet be the breaking point.
Even if that happens, Chrome eagerly adopting enterprise policy support may keep it on life support in that environment, though.
It's not an assertion. It's simple reading comprehension. How else can you interpret this?
"Over the last few months, we have continued with the Manifest V2 phase-out. Currently the chrome://extensions page displays a warning banner for all users of Manifest V2 extensions. Additionally, we have started disabling Manifest V2 extensions on pre-stable channels. [paragraph break] We will now [emphasis mine] begin disabling installed extensions still using Manifest V2 in Chrome stable."
> So when between June 3 and October 9 did Google start actually disabling MV2 extensions, and where was it publicized prior to their October 9 update?
I don't know if it was publicized, until now.
After all, when did they publicize that there would be a warning in Chrome stable? But there is a warning in Chrome stable. That started happening some time before this announcement.
Four months is a long gap between announcements.
So you literally don't know if it was news before now, but you're insisting on calling it "old news", apparently based solely on Google using past tense in their announcement.
As to switching to Firefox? I'd love to, but Firefox on iOS refuses to put in an AdBlocker. Yea, you can use Firefox Focus but that one doesn't sync.
I don't understand Mozilla's stance on this.
By my count 5, 6 if we include "Autoskip for Youtube", out of 34. That might be an argument for dropping extensions, but I don't think it's an argument for breaking ad blockers.
> I do get that this sounds like conspiracy theory.
> … was not a coincidence.
Could it be that it was coincidence? Do you have a solution for reducing extension malware without removing onBeforeRequest?
MV3 doesn’t allow extensions to know what requests are being made, so extensions can’t use your data maliciously.
Requests to ads that are blocked are blocked.
I think you’re thinking of Privacy-preserving ad measurement which is an option in Firefox and Safari. https://support.mozilla.org/en-US/kb/privacy-preserving-attr...
Or do I not understand the obligations of LGPL?
That was just a figure of speech, which I don't wish to quibble over. I don't insist on using that phrase. The point, from the beginning, is that the HN submission title is not good.
It actually doesn't matter when exactly that Google began disabling MV2 extensions in Chrome canary, because what's the justification for focusing on canary in the submission title when the announcement says, "We will now begin disabling installed extensions still using Manifest V2 in Chrome stable"?
[EDIT:] I see that the submission title has now indeed been changed, so this argument has become redundant.
That was a world where the user base was much more limited and devices were less capable. Now we have children, grandparents, educated, and uneducated users with access to web connected devices. These devices now contain everything about you. Compromise of a device can destroy someone’s life.
Not only that, but compromise of a device can cause collateral damage to other devices on the same network.
We now have to cater to every user. Not just to the technologically adept. Look at what people believe on social media. The bar is so low to con people into compromising their device.
Manifest v3 blocks user tracking -- if the request is blocked, any tracking attached to it is blocked. I'm sure it's not 100% perfect, but it's certainly working well enough in practice.
And what malware are you talking about? If a request is blocked, it's blocked. It doesn't matter if it's an ad or malware.
Manifest v3 is better at #4, because the junk isn't loaded, and the blocking is more efficient in terms of CPU.
And then #5 I don't know what you're talking about. I use Stylus and Tampermonkey to customize webpages and they continue to work great.
So I just don't see the evidence that "Google is 100% boiling the frog here". That's what everyone was saying, but now that Manifest v3 has come out, I just see adblocking that continues to work and uses less CPU to do it.
I see a lot of fearmongering around Google, but now that the results are in with Manifest v3... they just don't seem true. You're making all these claims, but I just don't see the evidence now that we're seeing how it works in practice.
The browser is called a user agent, but this shift to absolute security no matter what, no say about it is a shift to native apps, is a shift to the developer is in control, is a shift to this being Google and the sites browser, not ours, and that being done unilaterally with nearly no opt outs is the sort of mega tectonic shift that ruins this magical special unique place in software where users had some say in what was happening. We cannot pander to imagined ever worsening users forever.
It feels like the things being done in the name of security are really building an immense prison. The work being done to allow verified age and identity checking ranks up there highly in the this corals humanity, area, not giving us agency.
I agree that a lot of money is going to things other than the browser though.
The Firefox version of uBlock Origin Lite was pulled due to unsatisfactory audit process: https://news.ycombinator.com/item?id=41707418
Those extensions used the same API that ad blockers used, but for malicious purposes.
So, you would support removing that API? Well, that’s what they did for MV3 and implemented an API just for ad blocking.
Tampermonkey still works fine with MV3
> We cannot pander to imagined ever worsening users forever.
The most popular software/hardware will always pander to the most users. That’s why they’re the most popular.
You can’t complain about the most popular option pandering to the most users. Well, you can complain, but you might be in the minority of the users.
> It feels like the things being done in the name of security are really building an immense prison.
I get that, but we are running so much untrusted code on our machines now. Applications that use thousands of dependencies with the hope that someone spots a bad actor.
Yet you can still inject js right into the page. You just can't stop a page that was going to load from loading. They could have taken away the onBeforeRequest redirect capability and left just the onBeforeRequest cancel capability.
Not sure I've heard of any spyware/malware depending on just that cancel capability.
Besides, webRequest implementation in Chromium is a terrible collection of hacks on hacks. It is a good example how not to design or implement API. I will not be surprised if the removal of the API comes from a simple desire to remove that embarrassing code.
I recently quit my job, developing among others the means to "protect" media using DRM. While this was not a primary motivation, I'm glad to somewhat clean my hands.
The technology (dubbed Common Encryption) is a bunch of smoke and mirrors that a childishly easy to hack around. Yet clearly aimed against good faith consumers.
Why would you even use the lite version on firefox when the original works?
That's not true, he donated to organizations supporting California Proposition 8 which banned same-sex marriage which by the way was supported by the majority back then in California. That was also 16 years ago, it's time to let it go and stop spreading misinformation. You should instead not rely on ad-hominem and critize Brave for being ridden with cryptocurrency and doing shady stuff.
Chrome Canary just killed uBlock Origin and other Manifest V2 extensions - https://news.ycombinator.com/item?id=41757178 - Oct 2024 (46 comments)
That one never made the frontpage, so I'm leaving the current thread up.
https://developer.chrome.com/blog/crx-scripting-api#breaking...
https://www.reddit.com/r/chrome/comments/23jnmy/why_is_chrom...
This kind of not-freely-given consent was key to Chrome's growth.
Later Google's ability to buy installs and put it on google.com came into play, but for at least the first 5 years and probably longer, chrome was a far faster, more secure, and more reliable choice. They also pioneered the multi-process model to isolate different components of the browser.
First, exceptions are at the domain level. So you can't say "allow this domain on this site", you have to blanket-allow a domain or not.
Second, the UX for making exceptions isn't great. With uBO it's just a couple of clicks. With something like Pi-hole it's more complex: https://discourse.pi-hole.net/t/how-do-i-whitelist-or-blackl...
Now, if an ad blocker has webRequest permissions it’s a red flag.
For example https://developer.chrome.com/docs/extensions/develop/concept... uses webRequest to send telemetry back to some remote server.
> We will keep Manifest v2 for as long as it’s still available in Chromium. We expect to drop support in June 2025, but we may maintain it longer or be forced to drop support for it sooner, depending on the precise nature of the changes to the code.
Note that June 2025 is the same date Google plans to drop support completely[1].
[0] https://vivaldi.com/blog/manifest-v3-update-vivaldi-is-futur...
[1] https://developer.chrome.com/docs/extensions/develop/migrate...
With Manifest v3, let's say I'm an ad blocker and I want to get access to metrics not to violate privacy, but just to report them to the user (X domains blocked, Y out of Z requests blocked, etc). How would I get access to those metrics?
Perhaps it has to do with being a Google-funded browser.
I wonder how hard that would be to implement for someone who knew how to do it? Or if the code for that in vivaldi is open source?
[1] https://learn.microsoft.com/en-us/microsoft-edge/extensions-...
A javascript extension cannot do that. It is sandboxed and is bound to a permission system limiting what it can do on top of that.
Signing a DLL only proves that the author is who he says he is. Not that his intentions are good. Same for browser extensions.
So it's best to limit what the extension can do to begin with.
To extend ManifestV2 in Chrome, add the text below to a text file, saving and running it as a .reg will create and add a value of 2 to "ExtensionManifestV2Availability" in the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome key
(When you open/run a .reg file, it updates your registry, usually preceeded by a warning.)
Alternatively, you could do this manually by pressing the Windows key, type "run" (without the quotes) and enter, type "regedit" (without the quotes) and enter, then navigate as far as you can to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome key
You may find there is no "Chrome" key and will need to create it, as well as creating ExtensionManifestV2Availability
--------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"ExtensionManifestV2Availability"=dword:00000002Of course I'm still using the normal uBlock Origin in my main browsing profile.
Right now most websites don't seem to require any specific chrome feature but with Google's pushing some API's like their Web Environment Integrity proposal I'm worried sites will start to lock their site to Google Chrome and their official Mobile clients.
Otherwise, you can’t really without more invasive permissions.
https://stackoverflow.com/questions/74813523/chrome-extensio...
Saying anything positive about MV3 or the lite extension seems to get you downvoted without explanation though, which is a nice example of how absurd this site is when it comes to anything related to Google.
Sometimes I think downvoting should require leaving a comment and reason, because I can't see any reason to downvote this other than "google bad".
https://news.ycombinator.com/item?id=41812416
If you are really privacy conscientious, ad blocking extensions should be able to exist without any access to web requests now.
The main thing I missed was the ability to block arbitrary elements with the zapper. I use this for more than just ads, so losing it is a real loss in functionality. Otherwise it worked fine.
Removing the onBeforeRequest redirect didn't add much security either, since you can just ask for permission B instead of permission A and just inject code. Though, ad blockers don't need that anyway.
> To all the engineers working on this stuff, I hope you're happy that your work is essentially destroying the world that you and I grew up in.
May I be blunt? I grew up in it, so yes. I am. I was there for the Windows virus wildfires. I was there for the malware distribution schemes. I was there for the first wave of enshittification. For the dotcom crash. For the spam wars. For the search engines that didn't work. For the JavaScript injection attacks. For the world where "nobody knew you were a dog" as long as you didn't talk like yourself. I couldn't trust most of my relatives to use a computer the way we had to use them in the late '90s / early aughts. That's not a problem now.
For all its flaws, the modern system is cleaner, simpler, faster, and better for end users and no longer requires them to be super-nerds (and meanwhile, open and malleable devices are still there for the super-nerds to play with and work with). This was the goal---to make computers something that benefit everyone, not just the technorati and the priest-class.
May the past become a foreign country, hard for the modern mind to comprehend. May it always be so.
But, every time Mozilla does something slightly abrasive, HN users pile on about how Mozilla is ruining their privacy-respecting reputation, and then go back to using Chrome... The double-standard is really something else.
Maybe instead of getting someone else to break up Google for us, we could just... stop using their shit? I'm typing this from Firefox, I use Proton Mail (and pay for it!) for email, and I mostly search with DuckDuckGo (I know that's not perfect, either). I certainly don't feel like I'm living like a caveman...
/rant
leetcode all the time and dream of working at google and using chrome and writing javascript.
if the tech nerds took a stand and used firefox en masse, we wouldn't have this problem.
unfortunately it is now normie season. we have to travel through these dark times.
I don't think the fact that Chrome is (was) better is the question, it's a question of how they got here.
Google took tons of money and threw it into Chrome and therefore developed something better. It's better because Google put more money into it than anyone else would have because, in the absence of considering using it to enshrine their search and ad revenue, it wouldn't make sense.
Isn't this part of the antitrust test?
Ideally, yes.
I wouldn't be surprised if Chrome still performs better on Google-owned web sites, for obvious reasons. But, nobody is really going to notice a difference between Firefox and Chrome when visiting, e.g., your bank's web site.
So, it's been somewhere between six and eight years that Firefox has had comparable performance, comparable web dev tools, and way cooler extensions. I'm sure plenty of people will reply that this isn't true and there was some website just this week that FORCES them to stay with Chrome because they noticed a jitter once, but people on the internet are top-tier experts at rationalizing and I don't buy it.
We could've all jumped on board with Firefox when the e10s project landed, but nobody did because it was just slightly less convenient to switch than to not. I hope it was worth it for them.
Which is something we know for a fact uBlock Origin doesn't do. It's open source, you can check the code yourself. MV3, on the other hand, doesn't do much to assure me that an addon isn't phoning home. Why not just give the user to ability to block network requests on a per-addon basis? Too difficult a task for the trillion dollar company? Or could it be that forcing users to switch to MV3 addons isn't about safety at all?
Tech nerds mostly knew that Windows was not a good server operating system. It was also not a fantastic software development environment unless you were using a big, all-inclusive, IDE that was probably aimed specifically at developing Windows libraries and applications.
But, Windows was (and still is) the choice for normies by a WIDE margin.
The tech nerds continued to mostly ignore Windows for server stuff, and more and more ignored it for other dev stuff, too (many migrating to Macs, some to Linux, etc).
If you have a lot of users, but no developers on your platform, you're playing a dangerous game. Eventually Microsoft found a way to have Linux running in Windows. I don't know or care if that "saves" Microsoft or Windows or whatever, but I do see that as a win for the tech nerds.
All we have to do is get the tech nerds to stop using Chrome. Chrome can't survive forever if the nerds stop using Chrome, if we stop optimizing our web pages specifically for Chrome, and if we stop writing and maintaining extensions for it.
Eventually, they'll probably cave and put back more stuff to make the nerds happy, in order to bring them back to the platform and save their normie userbase. Either that or Chrome will die. Both are fine with me.
It’s insane to want extensions to snoop on all your requests in an attempt at more privacy.
V3 introduces a hard limit on the total number network filters an extension is allowed to set and it's a laughably low number. Far below what uBO uses even on a barebones, default setup
Most websites (except for those doing some really fancy stuff with new experimental web apis) tend to work just fine in Firefox. Google's sites are the only ones I regularly encounter that perform terribly and leak memory continuously.
In general, though if an app sticks to "known good" DNS over HTTPS and pins its certificate to boot, it will bypass DNS-based adblocking very easily, and additionally will punish you by not working at all if you try to do any firewall/routing trickery.
I admire your optimism by the way that a few technologists saying "stop using Chrome, Google is evil, use Firefox" is enough to overcome the market dominance of a monopoly like Google's, but I sadly don't share it. People have been saying it (and similar things, like "don't use Windows, Microsoft is evil, use Linux") for decades with little success. Even the few people who do get swayed will switch back after a few instances of "I was late for my important meeting/was unable to open this important document because the website didn't work with Firefox".
Most people's tech choices are deeply pragmatic and based on familiarity. And to expect anything else is honestly foolish, in my opinion.
This is coming from a Firefox and Linux user by the way.
Also for those who use cloud bookmark/history/tab sync, people might just not want Google specifically to have that data; Vivaldi does its own sync.
https://learn.microsoft.com/en-us/microsoft-edge/extensions-...
Am I missing any? https://gs.statcounter.com https://analytics.usa.gov https://www.w3counter.com
Write insecure software and you'll get screwed by hackers. Write secure locked down software nobody can touch or modify, and you'll get doubly screwed by a large corporation that wants to pound every penny they can out of your bloody corpse, upto the point your device is compromised by the corporation who can do whatever they want, but you cannot tell.
There is no win situation here, there are only trade offs.
These limits are easy targets for ad networks to overwhelm or outmaneuver.
That's what everyone was saying
No one was saying that adblockers would literally stop working, so it's beyond disingenuous to dismiss people's issues with these changes by just saying 'works for me'.
What evidence would you actually accept anyway? Do you need a leaked internal document from Google saying literally 'devs, go neuter adblockers' before you believe Google might have bad intentions surrounding people's ability to block ads and tracking?
If security and performance were the actual driving forces of DeclarativeNetRequest, then they would have simply added it in addition to the existing webRequest block functionality. uBlock Origin and most extensions would have happily moved the majority of their rules to the static list if it meant better performance and privacy while keeping around the webRequest blocks for the things that actually need it.
Google has gone from having only one nuclear-level option for influencing adblockers (aka delisting) to now having its boot softly pressed against their necks and plenty of levers to pull. And you want me to look at that and go, 'There's no direct evidence of malicious intention there... so perfectly normal and/or acceptable behavior by the world's biggest ad company'?
And if we are being honest about those limits, they have already been exceeded. Ublock origin is going from 100,000 to 500,000 dynamic rules to just 30k rules(only 5k of those can be dynamic) in the lite version.
Adblockers have absolutely been neutered in v3.
Do you not remember all the ads promoting chrome? First was chrome-frame IE extension, then came all the ads - then tie-ins where you got Chrome in addition when you really wanted some other app.
They pushed it hard because they knew they had no real competitors and could eat up marketshare.
https://blog.chromium.org/2017/11/reducing-chrome-crashes-ca...
Also, just for clarification:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"ExtensionManifestV2Availability"=dword:00000002
Save the file as:
EnableExtensionManifestV2.regAgreed 100% with this.
Every time I try to migrate my very large bookmark collection to another browser, it either misbehaves and partially loses some data or fails completely.
I don't know and I don't have to. All I know is uBlock Origin Lite is still blocking everything. So it seems like 30K rules is plenty? Like it's not a meaningful difference for end users if it's blocking 99.99% vs 99.9999% of ads?
> No one was saying that adblockers would literally stop working
That's sure what it sounded like. That it would literally be so bad you'd have to switch browsers because of how degraded the experience would be.
> What evidence would you actually accept anyway?
The fact that the adblocking experience was significantly degraded for the average user -- e.g. that now 10% or 25% of ads were getting through.
> And you want me to look at that and go, 'There's no direct evidence of malicious intention there... so perfectly normal and/or acceptable behavior...
Yeah, pretty much. As far as I can tell, security and performance seem to justify the Manifest v3 changes. Occam's Razor says you don't need anything else. If you think there's malicious intention, then the onus of proof is on you.
I was told, time and time again, than Manifest v3 would result in an adblocking experience so bad that people would start switching browsers because of it, that Google was cracking down on adblockers to neuter them. Now that it's here and my adblocking works just as well, maybe even better (if it's sped up page loading times) -- then sorry, as far as I can tell the malicious intention was made-up.
REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome /v ExtensionManifestV2Availability /t REG_DWORD /d 2That's not what the docs say [1]:
A single rule does one of the following:
- Block a network request.
- Upgrade the schema (http to https).
- Prevent a request from getting blocked by negating any matching blocked rules.
- Redirect a network request.
- Modify request or response headers.
[1] https://developer.chrome.com/docs/extensions/reference/api/d...
Firefox failed because it stagnated on performance and code quality (read: memory leaks for daaaaaaaaays) and ultimately because Mozilla was corrupted by Mitchell Baker and still is to this very day driving away nerds and engineers by the truckload.
Lest we forget, Internet Explorer lost to Firefox despite bundling with Windows. Edge still loses to Chrome despite bundling with Windows. Safari despite bundling with iOS and MacOS only survives thanks to the Walls of Applestantinope holding against the SelEUk Empire's onslaught.
[1] while pre-existing v2 extensions are still on the store at least for now (e.g. https://chromewebstore.google.com/detail/ublock-origin/cjpal... ) newer ones haven't been able to be added to the store for a long time already, e.g. see https://libredirect.github.io/faq.html#chrome_web_store
It might've been better, had uBlock Origin Lite not happened, but is there still a migration opportunity here, and is Mozilla working it?
[1]: https://old.reddit.com/r/uBlockOrigin/comments/1d49ud1/manif...
#!/bin/sh
[ -z $CHROME ] && CHROME=chromium
TMPDIR=$(mktemp -d /dev/shm/chrome-XXXXX)
$CHROME --user-data-dir=$TMPDIR --no-first-run --no-default-browser-check "$@"
rm -rf $TMPDIR
Some of the anti-monopoly investigations of Google might achieve this too.
The removal of MV2 is extremely clearly Google abusing their dominant market position to line their pockets at the expense of their users.
When this goes through, there will be another EU anti-monopoly investigation just for this.
I imagine they couldn't figure out what an appropriate warning window would look like for that kind of protocol.
Neither Brave nor Vivaldi are proposing to maintain engine support for v2: they both point to the codebase retaining support after Chrome drops support (likely for enterprise) as being the driver of their ability to offer v2. Both say that once those codepaths are removed, so too will v2 support be removed from Vivaldi and Brave.
No idea when Google will make that call.
The counter argument is that ad-blocking is an arms-race and the only reason a subset of traffic blocking methods is going to work at all is because there isn't a big enough incentive yet.
Other than that the arguments in favour of V3 are going to be about the same as for any API update. My guess is a few extra APIs and more granular permissions.
I don't mind nice and powerful tools, but one thing I learned with Java (where the tools are so much nicer and so much more powerful) is that if you're leaning on them heavily, that's kind of a sign you've messed up. Like on the scale of severity (https://raw.githubusercontent.com/matthiasn/talk-transcripts...), at least as severe as really bad coupling or brittleness. Thank goodness for the tools that let people efficiently figure things out and get on with things, but it's really better to have not needed to be in such a situation to begin with.
I have a similar view with valgrind -- amazing tool everyone would rather exist than not, one could imagine a "Google Valgrind" and "Mozilla Valgrind" competing on mild differences of amazing, but really, life is better if you can just use a managed language and never have to deal with any flavor of valgrind. I think there are ways to do webdev that significantly reduce the need to use any browser dev tools at all, though the domain necessitates some use. ClojureScript in 2014 was showing the way.
IMHO that's actually part of an even bigger societal trend. "You will own nothing and be happy."
The ones in power want to control everyone and turn them into mindless sheeple to be exploited and milked. It's not just tech. There's another comment around here that mentions features being requested by large corporations and governments.
Even once e10s supposedly fixed their problems another 4 years down the road, I didn't see any reason to rush back. I've switched to another Chromium browser, but I'd rather try a new engine entirely like Ladybird than switch back to Mozilla, until they prove they're not going to let the browser stagnate for so long again.
This is not true.
People talk about the upside of the declarative API plenty, but adding one function doesn't mean removing another, and the conflation required to use that as a defense of google is what gets downvotes.
> I was told, time and time again, than Manifest v3 would result in an adblocking experience so bad that people would start switching browsers because of it
Once enough ads catch up with the new limitations. Right or wrong, we're still too early for that.
From my perspective, all of you are saying a lot of things as if you know them to be true, but you have no idea whether they're true or not; really, you just find them to be plausible.
I will take this one.
First, your limits are out of date. The static minimum is 30k, but can now escalate to an order of magnitude higher depending on how many extensions are installed. The dynamic limit is now 30k, of which at most 5k can be "unsafe". Source: https://developer.chrome.com/docs/extensions/reference/api/d...
Second, even if the limits were correct: consider the possibility that 99% of those rules are irrelevant, out of date garbage that blocks nothing anymore but haven't been removed because there is neither process nor incentive on the extension dev's part to do so.
Ad uses pattern. UBO adds matching pattern. Ad switches to new pattern. Cat and mouse.
This happens widely, rapidly, and on an ongoing basis. The result is that the rule set is large and grows rapidly, but very little of it is actually useful day to day. From the user's perspective, the only cost is that the browser very slowly gets continually less performant, which they will not attribute to the extension.
This isn't hypothetical. I'm on the Chrome team. We analyzed the rule set contents. This is why we proposed the initial limits we did: they were plenty large enough to allow all the extensions we analyzed to do everything they actually wanted to do, if only you stripped the cruft.
The rule size increases since then primarily come out of a dialog process with ad blocking devs about their process and needs and what they see in the wild coupled with what we think we can manage to keep performant. There are compromises. I'm not on that team so I can't speak to details. But it's part of an honest attempt to have a dialog.
There are usually simple explanations for things, if people were truly willing to consider them without bias.
It is a permission that could be used by a malicious extension to snoop, but that is far from the only use. Wanting the permission != wanting snooping.
So make one that isn't incompetent? That's not really a counterargument to the general idea.
And donating to a specific cause shows a lot more commitment and understanding than a typical vote.
v3 removes the ability to block, but not the ability to monitor. It doesn't make anything more granular.
The modern Web Browser is an advertisement terminal. If Google would manage to eliminate having to serve content, they would certainly do it.
That's of course an oversimplification. But people who believe they're technically knowledgeable and adept are just as likely as other folks to fall for bullshit and be convinced to do things contrary to their own self interests. It's just a different type of bullshit.
No one wants to hear that, because we all want to tell ourselves that maybe everyone else is gullible, but WE'RE smart and rational. To a close approximation, though, none of us are.
How exciting!
Time to do your part. Switch to ladybird!
(Insert imaginary we want you for the army poster here)
I was ecstatic about Ladybird from a "fun NIH project" perspective but once it became "serious" and had a cross-platform daily-driver long term focus it was quite the let down that the hot new independent kickstart was... still going to be built on C++ anyways. Even the Serenity ecosystem had started work on a NIH memory safe language - Jakt! I'm not going to say the "R" word (mostly because I'm less interested "which" and more interested in the "what") but the one place I'd really like to see memory safety is the new fresh-engined web browser written by a small team (or really, any team).
On that front https://servo.org/ is "alive" again under the Linux Foundation. It has a focus on being an easily embeddable engine and it seems to be picking up a bit of steam. Whether or not it really takes off remains to be seen. I'll be watching closely though!
It seems Shields was their main focus for MV3 mitigation, much like Vivaldi's now native content blocker made for the same reason (though Vivaldi has said[2] they won't be supporting MV2 past the last Chromium build that includes it).
[1] https://brave.com/blog/brave-shields-manifest-v3/
[2] https://vivaldi.com/blog/manifest-v3-update-vivaldi-is-futur...
`export HOME=$TMPDIR chrome <args...>`
Will make chrome think that $TMPDIR is $HOME. Keep in mind that means your downloads for example would also be deleted after the rm -rf
This works for most other software too
So here's the dilemma:
- People are afraid of plugins "in the wild". People need some kind of centralized, managed "extension store"
- People complains about store policy like Manifest V3
I don't think a single mechanism can please both crowds.
And what's worse? Google doesn't actually care about the security of the the "store". Scam extensions are everywhere. The "audit process" are minimal, customer/developer service are essentially none, and Google only enforce rules that affect their ads business.
My reason for learning Rust in the first place was trying to contribute to the servo engine. But then, Mozilla happened. My hope for servo continues, but it won't go anywhere if it stays in the limbo it has been in after Mozilla ditched it as a project. We need a real browser project, with a full UI/UX and everything, until people take it serious as a base to fork off.
The problem with reality is that almost all software is still built on C. Kernels, userspace APIs, libraries, everything. I just wish that we would've gotten something like C ABIs, but with memory safety and VM-to-VM communication in mind, e.g. for Rust and Go, along the way. WebASM / WASI somehow got there, at least in that direction. But it's never seen as a shared object or dll replacement, and always is just a compile target and nothing more - even when the potential is there.
Something like that would solve so many problems that all kinds of programming language are trying to solve by themselves, over and over again.
Either from the "wild" internet or manifest v3 intranet.
Or can we do better? For example, a community can maintain an opensource "network control" DLL that allow users to enable/disable tamperscript-like firewall rules from uBlock or such.
Cookie invaders gave me a good shock too :D. As well as the random "bloop" sounds. 10/10
PS: The crypto challenge is related to the song that the avatar is humming :)
Maybe something assembly related would be fun to do, too. These days I am reversing lots of malware, so sth like patching a binary so that it evolves into a different program similar to how APE does it would be a fun challenge, I guess :D
(v3 drops not only ad-blockers but also user style managers, so a significant degradation of the web interfaces)
If you're in a position of power in a corporation to dictate software usage, consider making firefox the default choice.
https://old.reddit.com/r/chrome/comments/1d799pa/tutorial_on...
It's hard to argue chrome won on merit here when they were using their monopoly to actively sabotage users running firefox on the most popular sites.
> YouTube page load is 5x slower in Firefox and Edge than in Chrome because YouTube's Polymer redesign relies on the deprecated Shadow DOM v0 API only implemented in Chrome
Well, that’s going to be Chrome from now on.
https://news.ycombinator.com/item?id=41707418
And also recently, their poor engagement/comms around Privacy-Preserving Attribution:
https://blog.mozilla.org/en/mozilla/improving-online-adverti...
Sounds like an obvious chance to flag the extension for further review, and probably a warning on the user side.
> So, you would support removing that API?
Of course not; that's throwing out the baby with the bath water. This brings us back to the "further review" thing; there's plenty of precedent for a platform having API surface that only a smaller subset of apps/extensions are allowed to use, because the features it exposes are legitimately needed for some things but it could be abused so it gets flagged and you have to write a detailed explanation for why your thing really needs this permission and then the reviewers can look at it particularly closely.
> Well, that’s what they did for MV3 and implemented an API just for ad blocking.
And then for bonus points they hobbled it so that it couldn't be used to make as good of ad blockers, which is why the whole thing is not okay.
Otherwise Edge is not bad at all. Chrome without MV2 is dead to me.
Never leaving your subscriptions (never using the algorithm recommended feed) is not a solution because of second-hand toxicity, e.g. political posts in meme subreddits in an election year.
If anyone knows of a solution that works in Manifest V3 I'd love to hear it!
Firefox pinned tabs are moved to the LHS of the tab bar, they have no close button and ctrl-W doesn't close them. How much more do you want them to be protected from closing?
This is actually one thing where Firefox is clearly better than Chrome ... Chrome pinned tabs close with ctrl-W which is really easy to do accidentally.
Surely there are better ways for a developer to make money off of an existing extension without suddenly locking previously available functions behind a paywall. Perhaps instead paywall NEW features? Or ask for donations?
We aren’t talking just an extension here. If it didn’t exist, that would make web browsing insufferable to many. It is a part of web browsing itself. Let me put it as clearly as it can be:
***
uBO is a Holy Grail and gorhill is our Jesus Christ.
***
If MV3 (and further development) tries to touch it in any inappropriate way, comments promoting it deserve 5x downvote mutiplier without the usual -4 limit.
I read an article about Ublock Origin light. It claimed it couldn't do script injection and content blocking but I've written V3 extensions that do that though maybe what I'm thinking and what ublock origin does are different things. Does anyone know specific details or maybe a pointer to docs on what's not possible?
It would be good to know what not-chromes you have tried, so as not to suggest 'x', which may have not worked for you.
Browsers are selected by users, they should have no obligation to show ads.
Brave is the only one doing this right AFAIK.
Almost all the problems with tracking and buying and selling user profiles would end if browsers just didn't show ads.
I thought about this a bit and I think that at the end of the day, the entire OS is just a bunch of these APIs. And I do think there's even a market for these APIs, they just don't want to set that precedent, I don't think it has anything to do with it being a lot more work than anything else they expose. They already have some very privileged APIs you can bless some apps (e.g. think of MDM) except not for everything and in the case of the MDM APIs it's very difficult to use it as a normal end-power-user.
It's just that uBlock Origin is so important and trusted it should have access to everything. Truth be told it should be literally built into the browser itself and deeply integrated with it. Only conflicts of interest prevent that. Can't trust an ad company to maintain ad blockers after all.
So in order to prevent a hypothetical hacker bogeyman from getting our data we gladly entrust it to corporations that actively squeeze every possible cent out of it by, among other things, giving access to it to other corporations and uncountable "partners" that will feed us content with the goal of psychologically manipulating us into buying things we don't need, or thinking things someone else wants us to think, destroying the very fabric of society in the process.
I somehow find all of that delusional, our acceptance and support of it nightmarish, and trust hackers to be less diabolical in their schemes.
Computers should serve us, not the other way around. The solution to these problems is tech education, not tech babysitters.
Been a while since the last commit, so I'm not sure if it's maintained, but I might try adding it (or something similar) to my pihole.
Orion is kind of a stretch I think, but they do see it as being in service of their search product as it's the only way they'll ever be the default search engine anywhere.
AdGuard AdBlocker (MV3 Beta): https://chromewebstore.google.com/detail/adguard-adblocker-m...
Copy and pasting the ublock custom filters into AdGuard seems to work.
Hilariously since you can use Chrome password manager on iOS, it became a better solution overall than trying to stick with Apple mess. With it I got support for uBlock Origin (nothing is as good for Safari, and it came to a point where I just couldn't deal with the ads anymore) and a much faster/more modern browser. As a bonus, it syncs everything with my Windows installation much better and I can use my Chrome profile on other computers when I need to. But when uBlock Origin is not supported in Chrome anymore I'll probably revisit the choice for something else.
Apple has completely lost the plot, pushing their half-assed, barely work, cloud stuff while simultaneously raising the price of entry/maintenance of their hardware. This is why I laugh my ass choice when they brag about their privacy bullshit. If they have wanted, they could have very well figured out a sync without relying on any cloud stuff; instead, they push iCloud to make more money (it's a crutch for people with iPhones that have way too little storage and other proper computing device) even though it makes no sense for what was the philosophy of Apple software/hardware previously. They have no competitive advantage in this matter and it often just sucks or doesn't work properly.
Who's IBM now, right ?
The reason the "normies" "choose" Microsoft is because it's the only choice that make somewhat sense from a financial standpoint if you don't care that much. There is a whole mythology about Apple hardware lasting longer and all but, in my experience, the reverse is true and you get much more for your money if you opt for a standard computer that happens to come with Windows.
Linux would have a fight chance with better hardware/software support but dev/manufacturers can be arsed because it's a chicken and egg problem (there are also too many variations of what is Linux, so that doesn't help).
With the iPhone success, Apple had a chance to gain market share for "real" computer in a way that would have long lasting effect both for business and consumer support, instead they went full greed mode and found many clever ways to close even more a platform that was already not the most open, while had the same time selling weak computer that are clearly lacking for the price, very often with terrible engineering decision (like their new Apple Silicon iMac, already having issues, less than 4 years after release, what a joke).
Once again, I went stupid adding blocklists so the level of management previously required is kinda worst case-y and it is absolutely my own doing and since working through my idiocy it just works its magic without needing intervention. If you're more careful about not adding blocklists which say 'this will break things' (not hard) you'll be fine.
But, even so, you basically admit in the second paragraph that they're probably both fine, but you won't switch back to Mozilla "until they prove they're not going to let the browser stagnate for so long again." What the heck kind of test is that? And how long, exactly, will that take for you? If they "stagnated" for a decade, according to you, is it going to take another decade to prove they won't let it stagnate? Two decades, maybe? What does "stagnate" even mean? To me, it looks like Chrome is stagnating- what have they done lately that's innovative and actually good for users? Breaking a bunch of extensions and removing the ability to block ads? How many years does Chrome have to start behaving itself before you'll switch back to it after all of this? Ah, right- you won't switch away from it; you're probably only concerned about Firefox stagnating.
The truth is that you'll always make an excuse to not switch away from Chrome (and yeah, a browser that uses the Chromium guts is effectively the same thing when it comes to the monopoly on web standards).
As I mentioned Vivaldi is my Chromium based browser of choice, and it is far better in the handling of pinned tabs. They go up to a separate section at the start of the tab list without reducing in size, and then they absolutely cannot be closed without unpinning the tab first
But I suppose in your clown world security model the big US corporations who have proven again and again that they will act against your best interests are the only ones to be trusted while individuals with a proven track record must be sandboxed at all costs.
Kids these days have much worse computer skills BECAUSE of the locked up platforms they are exposed to from a young age. Meanwhile two decades ago my non-technical grandpa learned to use a real PC just fine in his old age. Don't underestimate regular users ability to deal with technology when there is a will.
Zen doesn't have tab groups yet, but vertical tabs are a far more important feature for me.
2. What does "cancel" even mean in this situation? Calling him a jerk or deciding not to use Brave is definitely not worse than "the most extreme things you could donate towards".
3. There are plenty of things that could be construed as a "political opinion" that are valid targets for criticism and avoiding contact over. In particular, politics are full of scapegoats, and judging someone for participating in scapegoating is entirely fair.
