←back to thread

Bypassing Google's big anti-adblock update

(0x44.xyz)
1034 points deryilz | 10 comments | 12 Jul 25 19:06 UTC | HN request time: 1.906s | source | bottom
1. fracus ◴[12 Jul 25 21:40 UTC] No.44545431[source]
> But I don't know how to make an adblocker, so I decided to report the issue to Google in August 2023. It was patched in Chrome 118 by checking whether extensions usin

Well, thanks for nothing?

replies(1): >>44545537 #
2. deryilz ◴[12 Jul 25 21:57 UTC] No.44545537[source]
Author here, sorry. I don't think any open-source extension (especially large adblockers with millions of users) could actually get away with using this bug, because Google is paying close attention to them. It would've been patched immediately either way.
replies(2): >>44546909 #>>44547391 #
3. physicles ◴[13 Jul 25 02:08 UTC] No.44546909[source]
You’re right, and good on you for paying attention to the human/business context behind the code.
4. deryilz ◴[13 Jul 25 04:52 UTC] No.44547625{3}[source]
Hi, I appreciate your opinion, but really disagree. First of all, this is one bug, and most of the ones I find don't "act against user's interests" (not that this one could have been used effectively without being patched anyway). Doing bug finding is how I make a difference and a skill I feel proud of.

I USED to keep bugs (read: exploits) for myself without sharing them, but after a while I realized it was not worth it and my skills were basically going to waste. You can say philosophical stuff about ads if you want but bug finding for me is a fun challenge with a good community. I'm not pretending Google is my best friend.

Plus, doing this gets me a bit of money. It's either this or I work summers at a grocery store, and I prefer this.

replies(1): >>44547735 #
5. deryilz ◴[13 Jul 25 05:17 UTC] No.44547728{3}[source]
Also, dude, from your other comments: "What a selfish dickhead, helping them make better nooses to put around everyone's necks (including his own)."

And "People like this are enemies of freedom and should be called out publicly."

What the ?

replies(1): >>44547919 #
6. jonas21 ◴[13 Jul 25 05:18 UTC] No.44547735{4}[source]
Yes, this is a mature way of looking at things.
replies(1): >>44547922 #
7. ifwinterco ◴[13 Jul 25 07:58 UTC] No.44548414{6}[source]
Google can see extension code, there's no way you could have used this to make an adblocker without them patching it.

You're inventing a moral dilemma here that simply doesn't exist

replies(1): >>44564210 #
8. IshKebab ◴[13 Jul 25 14:30 UTC] No.44550711{3}[source]
He may be young but it seems like he has already learnt not to be patronising and wrong.
replies(1): >>44556267 #
9. userbinator ◴[14 Jul 25 19:21 UTC] No.44564210{7}[source]
That's why you keep stuff like this quiet, instead of snitching to the enemy. But the vote patterns here clearly show who's trying to control the narrative.
replies(1): >>44572923 #
10. Anamon ◴[15 Jul 25 16:31 UTC] No.44572923{8}[source]
You can either keep it quiet, im which case it's useless to the rest of us because no ad blocker would've been using it, or share it with developers, in which case I'm not sure the time it would've taken to write the exploit would've been worth it, for it to work the one or two days Google would've taken to notice and patch it.

No other decision here would have made much of a difference.