Most active commenters
  • Etheryte(3)
  • Fire-Dragon-DoL(3)
  • const_cast(3)
  • lapcat(3)

←back to thread

Bypassing Google's big anti-adblock update

(0x44.xyz)
1034 points deryilz | 29 comments | 12 Jul 25 19:06 UTC | HN request time: 0.213s | source | bottom
Show context
al_borland ◴[12 Jul 25 20:51 UTC] No.44545060[source]
Even if bigs exists to work around what Google is doing, that isn’t the right way forward. If people don’t agree with Google move, the only correct course of action is to ditch Chrome (and all Chromium browsers). Hit them where it hurts and take away their monopoly over the future direction of the web.
replies(26): >>44545103 #>>44545185 #>>44545382 #>>44545931 #>>44545951 #>>44546164 #>>44546522 #>>44546599 #>>44546664 #>>44546763 #>>44547531 #>>44548200 #>>44548246 #>>44548399 #>>44548418 #>>44548820 #>>44549698 #>>44550098 #>>44550599 #>>44551061 #>>44551130 #>>44551663 #>>44553615 #>>44554220 #>>44556476 #>>44571602 #
high_priest ◴[12 Jul 25 20:58 UTC] No.44545103[source]
Its not happening
replies(4): >>44545238 #>>44545244 #>>44545297 #>>44545919 #
1. Etheryte ◴[12 Jul 25 21:16 UTC] No.44545238[source]
I don't know, I switched to Safari and it was painful for like two hours and then I stopped thinking about it. The only thing I somewhat miss is the built-in page translate, but I don't need it often enough to be bothered much.
replies(3): >>44545267 #>>44545318 #>>44545577 #
2. Fire-Dragon-DoL ◴[12 Jul 25 21:18 UTC] No.44545267[source]
I find switching from chrome to safari essentially doing nothing. If you switched to a non-big-company owned browser, it would make sense but Apple has plenty of lock in which is as bad as chrome lock in.
replies(4): >>44545301 #>>44545310 #>>44545579 #>>44545945 #
3. fny ◴[12 Jul 25 21:23 UTC] No.44545301[source]
I'm a huge fan of Orion by Kagi: you should have a look! It's a little rough around the edges but the extension support on iOS is amazing.
replies(2): >>44545494 #>>44545621 #
4. vehemenz ◴[12 Jul 25 21:24 UTC] No.44545310[source]
Apple isn’t selling my data, and they make the best consumer hardware, so at this point there aren’t many downsides to Apple lock in.
replies(3): >>44545384 #>>44545405 #>>44545625 #
5. mattkevan ◴[12 Jul 25 21:25 UTC] No.44545318[source]
Safari has had built-in page translate for years now. It’ll detect different languages and show a translate option in the site tools menu. Works well.
replies(1): >>44545428 #
6. sensanaty ◴[12 Jul 25 21:34 UTC] No.44545384{3}[source]
> Apple isn’t selling my data

Sorry to break it to you, but yes, they are.

https://ads.apple.com/

replies(1): >>44545793 #
7. scarface_74 ◴[12 Jul 25 21:38 UTC] No.44545405{3}[source]
No company sells your data. They sell access to you based on the data they have about you. Apple is no different
replies(1): >>44547887 #
8. Etheryte ◴[12 Jul 25 21:40 UTC] No.44545428[source]
I'm aware of this, but in my experience it's pretty bad. It doesn't even cover all European languages, never mind the rest of the world. For the languages it does support, it's always a lottery whether it works with that specific site or not. I've tried using it a few times, but it's not even remotely close to what Chrome does.
9. const_cast ◴[12 Jul 25 21:51 UTC] No.44545494{3}[source]
Orion is the only viable option on iOS IMO. The fact that, to this day, Safari has no way to block ads on iOS means it's just awful. Before Orion, I avoided using my web browser like the plague, because the experience was just bad.

Now I'm on Android, and Ironfox is pretty good and Firefox is also available. The browser story on Android is leaps and bounds ahead of iOS.

replies(1): >>44545560 #
10. tech234a ◴[12 Jul 25 22:01 UTC] No.44545560{4}[source]
Actually there are several adblockers available for Safari on iOS; the functionality was introduced in 2015. Adblock Plus and Adguard are some of the larger extensions available, and now uBlock Origin Lite is now being beta tested for Safari on iOS.
replies(2): >>44545637 #>>44545930 #
11. notatoad ◴[12 Jul 25 22:03 UTC] No.44545577[source]
switching to safari because chrome disabled the good adblockers is completely counter-productive. safari has never supported the good adblockers.
12. creato ◴[12 Jul 25 22:03 UTC] No.44545579[source]
It's especially silly in this case because Safari extensions have always been equivalent to MV3 functionality.
replies(1): >>44545735 #
13. Fire-Dragon-DoL ◴[12 Jul 25 22:09 UTC] No.44545621{3}[source]
I don't use any Apple product, so no Orion for me
14. Fire-Dragon-DoL ◴[12 Jul 25 22:09 UTC] No.44545625{3}[source]
The lock in is a downside.
15. const_cast ◴[12 Jul 25 22:12 UTC] No.44545637{5}[source]
I've never used these, but if I had to guess: these probably don't have the same power as full Manifest V2 extensions.

Also names like "Adblock Plus" scare me. I don't want someone I don't trust getting my web activity.

replies(1): >>44550742 #
16. lapcat ◴[12 Jul 25 22:31 UTC] No.44545735{3}[source]
This is not accurate. Safari had webRequestBlocking functionality from 2010 to 2019 and indeed a version of uBlock Origin for Safari. What is true is that Safari was the first browser to ditch webRequestBlocking, replaced by its Apple-specific static rule content blocker API.

Otherwise, though, Safari still supports MV2. Everyone seems to think webRequestBlocking is the only relevant change in MV3, but it's not. Equally important IMO is arbitrary JavaScript injection into web pages, which MV2 allows but MV3 does not.

MV3 is so locked down that you can't even use String.replace() with a constructed JavaScript function. It's really a nightmare.

Google's excuse is that all JavaScript needs to be statically declared in the extension so that the Chrome Web Store can review it. But then the Chrome Web Store allows a bunch of malware to be published anyway!

replies(1): >>44547423 #
17. jampekka ◴[12 Jul 25 22:39 UTC] No.44545793{4}[source]
The greatest trick the Ad ever pulled was convincing the world it didn't exist.
18. ndiddy ◴[12 Jul 25 23:00 UTC] No.44545930{5}[source]
I find the "switch to Safari" talk amusing because the adblockers available for Safari are functionally equivalent to the MV3 API that everyone's complaining about. The problem with the "static list of content to block" approach that Safari and MV3 use is that you can't trick the site into thinking that ads have been loaded when they haven't, like MV2 allows via Javascript injection. The effect of this is that you'll run into a lot of "disable your ad blocker to continue" pop-ups when using an adblocker with Safari, while you won't see them at all when using an adblocker with Firefox.
replies(2): >>44546209 #>>44555045 #
19. zer00eyz ◴[12 Jul 25 23:02 UTC] No.44545945[source]
I don't think in this case your argument is as clear cut and the use cases that people have today arent solved by the choices out there.

George Carlin: "You don't need a formal conspiracy when interests converge. These people went to the same universities, they're on the same boards of directors, they're in the same country clubs, they have like interests, they don't need to call a meeting, they know what's good for them and they're getting it."

The interests of APPLE (who makes money on hardware, and credit card processing) don't align with the interests of Google (who makes money on ad's). I am all for open source, I'm all for alternatives. But honestly if you own an iPhone and a Mac then safari makes a lot of sense. I happen to use safari and Firefox on Mac and am happy to bounce back and forth.

I also keep an eye on ladybird, but it isnt ready for prime time.

And I'm still going to have a chrome install for easy flashing of devices.

20. lapcat ◴[12 Jul 25 23:45 UTC] No.44546209{6}[source]
A Safari content blocker can be combined with an MV2 Safari extension in one app for JavaScript injection.
replies(1): >>44550522 #
21. rasz ◴[13 Jul 25 04:11 UTC] No.44547423{4}[source]
There must be ways of injecting custom non static js because mv3 version of tampermonkey works https://chromewebstore.google.com/detail/tampermonkey/dhdgff...
replies(1): >>44549596 #
22. 0xblinq ◴[13 Jul 25 06:03 UTC] No.44547887{4}[source]
Facebook entered the chat
replies(1): >>44548649 #
23. scarface_74 ◴[13 Jul 25 08:46 UTC] No.44548649{5}[source]
Facebook doesn’t sell your data to other companies either. Your data is too valuable to sell. Companies tell FB what demographics they want to target.
24. lapcat ◴[13 Jul 25 11:44 UTC] No.44549596{5}[source]
After dragging their feet for literally years, Google finally implemented a specific userscripts API. However, the implementation was initially just statically declared rules like DeclarativeNetRequest, which sucked, and it also required that the user enable developer mode.

In Chrome 135, which is very recent—the public is currently on Chrome 138—Google added an execute() method to run an individual script. However, the API is not available from the extension content script, so if it needs to be triggered from the content script, you have to make an async call to the background script (or more accurately, the background service worker, which is a whole other nightmare of MV3). Moreover, the API accepts only a string for JS code or a filename; you still can't use a Function() constructor for example.

In Chrome 138, the current version, Google switched from developer mode to a dedicated userscripts permission toggle in the extension details, which is disabled by default. I think Google is still working on but has not finished a permissions request API. Remember this is almost SEVEN YEARS after Google first announced Manifest V3. The entire time, Google has been stalling, foot dragging, practically getting dragged kicking and screaming into doing the least possible work here.

replies(1): >>44553959 #
25. ndiddy ◴[13 Jul 25 14:01 UTC] No.44550522{7}[source]
Thank you for the correction, it looks like Adguard uses this approach.
26. Etheryte ◴[13 Jul 25 14:35 UTC] No.44550742{6}[source]
You don't have to guess, they're as capable as MV2 and AdGuard has been around for a long time.
replies(1): >>44555448 #
27. rasz ◴[13 Jul 25 21:36 UTC] No.44553959{6}[source]
Iv been following https://github.com/Tampermonkey/tampermonkey/issues/644 since 2020. I remember a moment in 2021 where Google came out with this ridiculous notion of User code stored on User computer and executed by User Agent being "remote" because it wasnt under Google control, but somewhere around 2022 things started clearing up and Jan Biniok managed to get a working mv3 version a year ago in May.

Surprisingly this async serialize/deserialize nature of the API (https://github.com/Tampermonkey/tampermonkey/blob/cdfc253c07... ?) somehow still manages to inject and execute scripts fast enough to make them act like content scripts at document_start. The only problem is no arbitration between extensions, cant force Tampermonkey inject before uBO (tons of adblock filters disable functions required for Tampermonkey and effectively kill Tampermonkey in the process).

28. carlosjobim ◴[14 Jul 25 00:15 UTC] No.44555045{6}[source]
I never see these popups in Safari, so I think theory and practice is not the same.
29. const_cast ◴[14 Jul 25 01:16 UTC] No.44555448{7}[source]
A quick Google search reveals AdGuard is only a DNS resolver, so it has the adblocking power of something like a Pi Hole. So... nowhere near as capable. It can't inject JS into webpages to prevent pop ups, which is going to lead to white boxes everywhere. In addition, ads can obfuscate the URL or share domains with non-ad content - so that content won't be blocked with a DNS resolver.

However, the software seems safe. Their privacy policy says they only store websites locally, and never upload them to servers. The app is also open-source.

Ad Block Plus is not privacy respecting. They collect usage data as well as unique device identifiers.