Most active commenters
  • yjftsjthsd-h(4)
  • kuhsaft(4)
  • kccqzy(3)

←back to thread

"Begin disabling installed extensions still using Manifest V2 in Chrome stable"

(developer.chrome.com)
552 points freedomben | 21 comments | 11 Oct 24 14:20 UTC | HN request time: 1.668s | source | bottom
Show context
blakesterz ◴[11 Oct 24 14:36 UTC] No.41809847[source]
Has anyone been using the v3 compatible version of uBlock Origin? Have you noticed much of a difference? From what I read there isn't supposed to be much of a difference?
replies(8): >>41809855 #>>41809863 #>>41809873 #>>41809987 #>>41810060 #>>41810246 #>>41810440 #>>41812912 #
1. kccqzy ◴[11 Oct 24 14:37 UTC] No.41809855[source]
I have been using the Firefox version of it for more than a year by now, basically as soon as it came out. I commented on HN that I was going to do it: https://news.ycombinator.com/item?id=37219071

There's no difference whatsoever.

And it's not surprising because on my iOS device I've been using similarly architected content blockers since 2015. There's no issue with declarative ad blocking.

Of course this differs with the kind of sites you visit. So you need to try it on your own. I can believe that perhaps for some people this is a downgrade, but don't automatically assume uBlock Origin Lite won't work well for you.

replies(3): >>41810031 #>>41810168 #>>41810257 #
2. drivebycomment ◴[11 Oct 24 14:55 UTC] No.41810031[source]
Anyone jumping up and down about MV3 while using Mac or iOS are hypocrites, since MV3 is essentially doing the same thing Safari did years ago, finally matching the security and the privacy in that regard. The reduction in adblocking is so miniscule in aggregate - since declarative approach will always cover all the major advertisers - that it's not even a meaningful "trade-off".
replies(3): >>41810082 #>>41810142 #>>41810156 #
3. SoftTalker ◴[11 Oct 24 15:00 UTC] No.41810082[source]
I see boatloads of ads in Safari on iOS. To the point that web browsing on my phone is intolerable, so I don't do it.
replies(2): >>41810308 #>>41811151 #
4. yjftsjthsd-h ◴[11 Oct 24 15:06 UTC] No.41810142[source]
> Anyone jumping up and down about MV3 while using Mac or iOS are hypocrites, since MV3 is essentially doing the same thing Safari did years ago,

iOS I'll give you, but macOS can in fact run ex. Firefox.

> finally matching the security and the privacy in that regard.

"Matching" inferior security+privacy is not a good thing. The only way this is an improvement if you think the blockers are malicious; otherwise a useful tool in the users interest has been made less powerful.

replies(2): >>41810438 #>>41810448 #
5. kuhsaft ◴[11 Oct 24 15:08 UTC] No.41810156[source]
It’s similar, but not the same. Safari lets you dynamically generate rules that are then compiled for privacy and efficiency. The limits were increased to 150000 rules per content blocker due to user demands [1]. And each extension can have multiple content blockers.

MV3 has a measly 30000 static rule limit. These rules are included with the extension and cannot be updated dynamically. And a 5000 dynamic rules limit. [2]

EDIT: Chrome now has a 300000 shared pool for static rules for extensions that go over their 30000 limit. And a 30000 dynamic rule limit [3].

[1] https://adguard.com/en/blog/adguard-for-safari-1-11.html

[2] https://adguard.com/en/blog/adguard-mv3-beta.html

[3] https://developer.chrome.com/docs/extensions/develop/concept...

replies(1): >>41810276 #
6. michaelt ◴[11 Oct 24 15:09 UTC] No.41810168[source]
> And it's not surprising because on my iOS device I've been using similarly architected content blockers since 2015. There's no issue with declarative ad blocking.

Really?

Because I find adblockers on iOS are nowhere near as good - they let far more ads through, and they leave far more sites broken so I have to disable the ad blocker for the site to work.

replies(1): >>41810578 #
7. the_gipsy ◴[11 Oct 24 15:18 UTC] No.41810257[source]
> There's no difference whatsoever.

That's simply not true. Have you ever donde a side by side comparison, or are you just going by feeling?

8. nolist_policy ◴[11 Oct 24 15:20 UTC] No.41810276{3}[source]
The limit is 330000 rules:

"Based on input from the extension community, we also increased the number of rulesets for declarativeNetRequest, allowing extensions to bundle up to 330,000 static rules and dynamically add a further 30,000." https://blog.chromium.org/2024/05/manifest-v2-phase-out-begi....

replies(1): >>41810349 #
9. kccqzy ◴[11 Oct 24 15:22 UTC] No.41810308{3}[source]
This is such a data-free anecdote. Which websites are showing ads? Which ad blocker did you install on iOS?
10. kuhsaft ◴[11 Oct 24 15:28 UTC] No.41810349{4}[source]
It looks like it’s a shared quota now with a minimum per extension [1].

Still sucks that the rules are static though. AdGuard devised a method to diff ruleset changes with the built in rules to generate dynamic rules between extension updates. So, I guess it works.

[1] https://developer.chrome.com/docs/extensions/develop/concept...

11. drivebycomment ◴[11 Oct 24 15:39 UTC] No.41810438{3}[source]
One of the most common API malware extensions use is what MV3 blocks, and adblock extension is one of the common malware vectors:

https://helpcenter.getadblock.com/hc/en-us/articles/97384768...

https://www.wired.com/story/fake-chrome-extensions-malware/

This has been never ending.

replies(1): >>41810918 #
12. kuhsaft ◴[11 Oct 24 15:39 UTC] No.41810448{3}[source]
> The only way this is an improvement if you think the blockers are malicious

Extensions and in turn MV2 blockers can easily be malicious.

https://usa.kaspersky.com/blog/dangerous-chrome-extensions-8...

Look at how many in Kaspersky’s list are advertised as ad blockers. The majority of users aren’t tech savvy like HN.

replies(1): >>41810894 #
13. eek2121 ◴[11 Oct 24 15:52 UTC] No.41810578[source]
That is the fault of the blockers themselves. The one I use (https://apps.apple.com/us/app/1blocker-ad-blocker/id13655310...) works extremely well and even uses a local VPN setup for app ad-filtering.

Twitter and YouTube ads are blocked.

The drawback? It isn’t free.

14. yjftsjthsd-h ◴[11 Oct 24 16:25 UTC] No.41810894{4}[source]
> Look at how many in Kaspersky’s list are advertised as ad blockers

By my count 5, 6 if we include "Autoskip for Youtube", out of 34. That might be an argument for dropping extensions, but I don't think it's an argument for breaking ad blockers.

replies(1): >>41811442 #
15. yjftsjthsd-h ◴[11 Oct 24 16:28 UTC] No.41810918{4}[source]
Okay, if you absolutely must then make that specific API require extra audit approval from the extension store, but breaking it outright is throwing out the baby with the bathwater; in a world where the FBI outright recommends an adblocker because ads are such a strong malware vector ( https://techcrunch.com/2022/12/22/fbi-ad-blocker/ ), it's irresponsible to undermine uBo.
replies(1): >>41811409 #
16. HDThoreaun ◴[11 Oct 24 16:54 UTC] No.41811151{3}[source]
Which adblocker are you using? I have adguard and dont get ads on most safari sites but its just static DNS blocking so first party ad servers like youtube dont get blocked.
replies(1): >>41819924 #
17. kccqzy ◴[11 Oct 24 17:23 UTC] No.41811409{5}[source]
Nobody likes extra audit approvals. The platform doesn't want to spend resources doing the audit. The developers don't want to be audited.

The Firefox version of uBlock Origin Lite was pulled due to unsatisfactory audit process: https://news.ycombinator.com/item?id=41707418

replies(1): >>41815890 #
18. kuhsaft ◴[11 Oct 24 17:26 UTC] No.41811442{5}[source]
> That might be an argument for dropping extensions

Those extensions used the same API that ad blockers used, but for malicious purposes.

So, you would support removing that API? Well, that’s what they did for MV3 and implemented an API just for ad blocking.

replies(1): >>41816936 #
19. Dylan16807 ◴[12 Oct 24 02:33 UTC] No.41815890{6}[source]
> The Firefox version of uBlock Origin Lite was pulled due to unsatisfactory audit process

So make one that isn't incompetent? That's not really a counterargument to the general idea.

20. yjftsjthsd-h ◴[12 Oct 24 06:31 UTC] No.41816936{6}[source]
> Those extensions used the same API that ad blockers used, but for malicious purposes.

Sounds like an obvious chance to flag the extension for further review, and probably a warning on the user side.

> So, you would support removing that API?

Of course not; that's throwing out the baby with the bath water. This brings us back to the "further review" thing; there's plenty of precedent for a platform having API surface that only a smaller subset of apps/extensions are allowed to use, because the features it exposes are legitimately needed for some things but it could be abused so it gets flagged and you have to write a detailed explanation for why your thing really needs this permission and then the reviewers can look at it particularly closely.

> Well, that’s what they did for MV3 and implemented an API just for ad blocking.

And then for bonus points they hobbled it so that it couldn't be used to make as good of ad blockers, which is why the whole thing is not okay.

21. SoftTalker ◴[12 Oct 24 15:43 UTC] No.41819924{4}[source]
Why should I need an adblocker app from some third party to which I have to grant full control over my browser? Apple would be enormously popular if they included one by default. Perhaps as an option you could disable. I don't know why all browsers don't do this (well, I know why Chrome doesn't).

Browsers are selected by users, they should have no obligation to show ads.

Brave is the only one doing this right AFAIK.

Almost all the problems with tracking and buying and selling user profiles would end if browsers just didn't show ads.