←back to thread

"Begin disabling installed extensions still using Manifest V2 in Chrome stable"

(developer.chrome.com)
552 points freedomben | 9 comments | 11 Oct 24 14:20 UTC | HN request time: 1.093s | source | bottom
Show context
blakesterz ◴[11 Oct 24 14:36 UTC] No.41809847[source]
Has anyone been using the v3 compatible version of uBlock Origin? Have you noticed much of a difference? From what I read there isn't supposed to be much of a difference?
replies(8): >>41809855 #>>41809863 #>>41809873 #>>41809987 #>>41810060 #>>41810246 #>>41810440 #>>41812912 #
kccqzy ◴[11 Oct 24 14:37 UTC] No.41809855[source]
I have been using the Firefox version of it for more than a year by now, basically as soon as it came out. I commented on HN that I was going to do it: https://news.ycombinator.com/item?id=37219071

There's no difference whatsoever.

And it's not surprising because on my iOS device I've been using similarly architected content blockers since 2015. There's no issue with declarative ad blocking.

Of course this differs with the kind of sites you visit. So you need to try it on your own. I can believe that perhaps for some people this is a downgrade, but don't automatically assume uBlock Origin Lite won't work well for you.

replies(3): >>41810031 #>>41810168 #>>41810257 #
drivebycomment ◴[11 Oct 24 14:55 UTC] No.41810031[source]
Anyone jumping up and down about MV3 while using Mac or iOS are hypocrites, since MV3 is essentially doing the same thing Safari did years ago, finally matching the security and the privacy in that regard. The reduction in adblocking is so miniscule in aggregate - since declarative approach will always cover all the major advertisers - that it's not even a meaningful "trade-off".
replies(3): >>41810082 #>>41810142 #>>41810156 #
1. yjftsjthsd-h ◴[11 Oct 24 15:06 UTC] No.41810142[source]
> Anyone jumping up and down about MV3 while using Mac or iOS are hypocrites, since MV3 is essentially doing the same thing Safari did years ago,

iOS I'll give you, but macOS can in fact run ex. Firefox.

> finally matching the security and the privacy in that regard.

"Matching" inferior security+privacy is not a good thing. The only way this is an improvement if you think the blockers are malicious; otherwise a useful tool in the users interest has been made less powerful.

replies(2): >>41810438 #>>41810448 #
2. drivebycomment ◴[11 Oct 24 15:39 UTC] No.41810438[source]
One of the most common API malware extensions use is what MV3 blocks, and adblock extension is one of the common malware vectors:

https://helpcenter.getadblock.com/hc/en-us/articles/97384768...

https://www.wired.com/story/fake-chrome-extensions-malware/

This has been never ending.

replies(1): >>41810918 #
3. kuhsaft ◴[11 Oct 24 15:39 UTC] No.41810448[source]
> The only way this is an improvement if you think the blockers are malicious

Extensions and in turn MV2 blockers can easily be malicious.

https://usa.kaspersky.com/blog/dangerous-chrome-extensions-8...

Look at how many in Kaspersky’s list are advertised as ad blockers. The majority of users aren’t tech savvy like HN.

replies(1): >>41810894 #
4. yjftsjthsd-h ◴[11 Oct 24 16:25 UTC] No.41810894[source]
> Look at how many in Kaspersky’s list are advertised as ad blockers

By my count 5, 6 if we include "Autoskip for Youtube", out of 34. That might be an argument for dropping extensions, but I don't think it's an argument for breaking ad blockers.

replies(1): >>41811442 #
5. yjftsjthsd-h ◴[11 Oct 24 16:28 UTC] No.41810918[source]
Okay, if you absolutely must then make that specific API require extra audit approval from the extension store, but breaking it outright is throwing out the baby with the bathwater; in a world where the FBI outright recommends an adblocker because ads are such a strong malware vector ( https://techcrunch.com/2022/12/22/fbi-ad-blocker/ ), it's irresponsible to undermine uBo.
replies(1): >>41811409 #
6. kccqzy ◴[11 Oct 24 17:23 UTC] No.41811409{3}[source]
Nobody likes extra audit approvals. The platform doesn't want to spend resources doing the audit. The developers don't want to be audited.

The Firefox version of uBlock Origin Lite was pulled due to unsatisfactory audit process: https://news.ycombinator.com/item?id=41707418

replies(1): >>41815890 #
7. kuhsaft ◴[11 Oct 24 17:26 UTC] No.41811442{3}[source]
> That might be an argument for dropping extensions

Those extensions used the same API that ad blockers used, but for malicious purposes.

So, you would support removing that API? Well, that’s what they did for MV3 and implemented an API just for ad blocking.

replies(1): >>41816936 #
8. Dylan16807 ◴[12 Oct 24 02:33 UTC] No.41815890{4}[source]
> The Firefox version of uBlock Origin Lite was pulled due to unsatisfactory audit process

So make one that isn't incompetent? That's not really a counterargument to the general idea.

9. yjftsjthsd-h ◴[12 Oct 24 06:31 UTC] No.41816936{4}[source]
> Those extensions used the same API that ad blockers used, but for malicious purposes.

Sounds like an obvious chance to flag the extension for further review, and probably a warning on the user side.

> So, you would support removing that API?

Of course not; that's throwing out the baby with the bath water. This brings us back to the "further review" thing; there's plenty of precedent for a platform having API surface that only a smaller subset of apps/extensions are allowed to use, because the features it exposes are legitimately needed for some things but it could be abused so it gets flagged and you have to write a detailed explanation for why your thing really needs this permission and then the reviewers can look at it particularly closely.

> Well, that’s what they did for MV3 and implemented an API just for ad blocking.

And then for bonus points they hobbled it so that it couldn't be used to make as good of ad blockers, which is why the whole thing is not okay.