Google Struggles to Justify Why It's Restricting Ad Blockers in Chrome

[steven36]

Google says the changes will improve performance and security. Ad block developers and consumer advocates say Google is simply protecting its ad dominance.

 

 

Google has found itself under fire for plans to limit the effectiveness of popular ad blocking extensions in Chrome. While Google says the changes are necessary to protect the “user experience” and improve extension security, developers and consumer advocates say the company’s real motive is money and control.

 

As it stands, the Chrome web store currently offers users a wide variety of ad blocking extensions that can help curtail the volume and nosiness of online advertising. From Adblock to Ghostery, such extensions make it harder for ad networks to build a detailed profile of your online activities or serve you behavioral ads based on your daily browsing habits.

 

Last year, Google began hinting at some changes to Chrome’s extension system as part of its Manifest V3 proposal. Under these changes, Google said it would be modifying permissions and other key aspects of Chrome’s extensions system. The extension development community didn’t respond well, and said the changes would harm many popular user tools.

 

Currently, many Chrome adblock extensions use Chrome's webRequest API, letting users block ads before they even reach the browser. But Google’s proposal would require extensions use the declarativeNetRequest API, which leaves it to the browser to decide what gets blocked based on a list of predetermined rules. While some extensions, like AdBlock, already use the latter, developers say the overall result will be tools that simply don’t work quite as well overall.

In the wake of ongoing backlash to the proposal, Chrome software security engineer Chris Palmer took to Twitter this week to claim the move was intended to help improve the end-user browsing experience, and paid enterprise users would be exempt from the changes.

 

 

Chrome security leader Justin Schuh also said the changes were driven by privacy and security concerns.

 

 

Adblock developers, however, aren’t buying it.

 

uBlock Origin developer Raymond Hill, for example, argued this week that if user experience was the goal, there were other solutions that wouldn’t hamstring existing extensions.

 

“Web pages load slow because of bloat, not because of the blocking ability of the webRequest API—at least for well crafted extensions,” Hill said.

 

Hill said that Google’s motivation here had little to do with the end user experience, and far more to do with protecting advertising revenues from the rising popularity of adblock extensions.

 

“In order for Google Chrome to reach its current user base, it had to support content blockers—these are the top most popular extensions for any browser,” he said. “Google strategy has been to find the optimal point between the two goals of growing the user base of Google Chrome and preventing content blockers from harming its business.”

Hill argues that the blocking ability of the webRequest API caused Google to yield some control of content blocking to third-party developers. Now that Chrome’s market share is greater, the company’s in a better position to “shift the optimal point between the two goals which benefits Google's primary business,” Hill said.

Consumer advocates are similarly unimpressed, noting that the changes could also harm the effectiveness of some parental control, privacy, and security extensions.

 

“This is a very bad decision on Google's part,” Justin Brookman, Director of Consumer Privacy and Technology Policy at Consumer Reports told Motherboard in an email.

 

Brookman noted that millions of users rely on extensions like uBlock, Disconnect, and Ghostery to limit cross-site tracking and block malicious code from third-party servers, and that pushing these extensions to use a different API with lesser functionality would only weaken them.

 

“It's hard to escape the suspicion that this is driven primarily by a desire to protect third-party tracking and ad revenue, where Google is the overwhelming market leader,” he said. “Notably, the move will insulate the largest ad blocker AdBlockPlus, who Google pays to whitelist their ads and tracking behavior.”

 

That concern has long been mirrored by the Electronic Frontier Foundation. The group frequently argues that Chrome’s ad tracker blocking technology has lagged behind other browsers because Google, whose online ad market share currently hovers around 37 percent, doesn’t want to hamstring the profitability of tracker-driven, behaviorally-targeted ads.

The EFF’s Privacy Badger extension is one of the ad blocking tools that would be impacted, and its development team has also spoken out against the changes. In an email, an EFF spokesperson argued that Google’s move would stifle developer innovation in the browser space and hamper user security and privacy.

The group also wasn’t particularly sold on Google’s justification for the move.

“Google's claim that these new limitations are needed to improve performance is at odds with the state of the internet,” the organization said. “Sites today are bloated with trackers that consume data and slow down the user experience. Tracker blockers have improved the performance and user experience of many sites and the user experience. Why not let independent developers innovate where the Chrome team isn't?

 

The EFF says it was “particularly worrisome” that Google is going ahead with these changes despite all of the criticisms it's received from the developer community, adding that “security extensions should not be a privilege reserved only for enterprise users.”

While Google has responded to criticism by saying the proposal was subject to change, it hasn’t yet backed off the proposal, which would be implemented this fall at the earliest. Should Google stick to its guns in the face of widespread criticism, it’s pretty clear that more than a few Chrome users will soon be on the market for a different browser.

 

 

Source

 

[coromonadalix]

Quote : it’s pretty clear that more than a few Chrome users will soon be on the market for a different browser

 

 

That will be my case ....

[mp68terr]

As written in another thread, it's not only about chrome, it's also about all chrome/chromium-related and chrome/chromium-fork browsers. What remains? FF, already criticized for not allowing anymore the legacy extensions, now only allowing WebExtensions.

[Cereberus]

Quote

Google is planning to restrict modern ad blocking Chrome extensions to enterprise users only, according to 9to5Google. This is despite a backlash to an announcement by Google in January proposing changes that will stop certain ad blockers from working efficiently.

And the software giant is not backing down: It says the only people who can use ad blockers following the change will be Google’s enterprise users.

The proposal–dubbed Manifest V3–will see a major transformation to Chrome extensions that includes a revamp of the permissions system. It will mean modern ad blockers such as uBlock Origin—which uses Chrome’s webRequest API to block ads before they’re downloaded–won’t work. This is because Manifest V3 sees Google halt the webRequest API’s ability to block a particular request before it’s loaded.

People aren’t impressed. Many have complained about the move, which effectively takes control away from the user and creates an incentive to use other services instead.

9to5Google highlighted a single sentence buried in the text of Google’s response to the complaints, which clarified the changes: “Chrome is deprecating the blocking capabilities of the webRequest API in Manifest V3, not the entire webRequest API (though blocking will still be available to enterprise deployments).”

 

Quote

Developer reactions to the just-announced changes

Despite all assurances that the full webRequest functionality will not be removed for enterprise users, Raymond Hill, the developer of uBlock Origin and uMatrix, says that "The blocking ability of the webRequest API is still deprecated, and Google Chrome's limited matching algorithm will be the only one possible, and with limits dictated by Google employees."

"The blocking ability of the webRequest API caused Google to yield control of content blocking to content blockers. Now that Google Chrome is the dominant browser, it is in a better position to shift the optimal point between the two goals which benefits Google's primary business," also says Hill.

uBlock Origin's developer also states that the "deprecation of the blocking ability of the webRequest API is to gain back this control, and to further now instrument and report how web pages are filtered since now the exact filters which are applied to web page is information which will be collectable by Google Chrome."

 

Quote

Chrome is updating the API for extensions to a new version, "Manifest 3". The new version removes the key feature used by adblockers. Google says that this isn't a problem since there is also a new feature the adblockers can use instead.

Google has been repeatedly told by extension developers that the replacement API is unusable, but they keep doubling down on it. They think their new system is faster and offers less potential for abuse by a rogue extension, and seem extremely unwilling to give up these "advantages". (That's at least what they say; a very popular "conspiracy theory" right now is that they think people will choose to abandon strong adblocking rather than abandoning Chrome, thus rescuing Google's ad revenue.)

So sometime in the future, when support for the previous generation extensions is removed, adblockers will henceforth be much less effective on Chrome. The difference between uBO-on-Chrome today and the best Chrome adblocker tomorrow (not necessarily uBO, as uBO may just quit the field if this passes) will be much more significant than the difference between ABP today and uBO today.

In a bit more detail: Under the old system, extensions were able to examine each "request" and do arbitrary computations to decide if it was good or bad. This meant the size of the blacklist used could be theoretically unlimited, and it was always possible for the extension developer to extend the filterlist language, or do "dynamic stuff" not even expressible as a list. Under the new system, the extension has to upload its blacklist to the browser once and then the browser does all blocking on its own.

 

This blacklist format is pretty much locked into having only ABP features, and on top of that there is a size limit too small to even include the entire Easylist.

 

sauce

 

https://www.forbes.com/sites/kateoflahertyuk/2019/05/30/google-just-gave-2-billion-chrome-users-a-reason-to-switch-to-firefox/#27688ed8751f

 

https://www.ghacks.net/2019/05/30/google-still-on-track-to-limit-ad-blockers-in-chrome/

 

https://www.bleepingcomputer.com/news/google/chrome-ad-blockers-to-get-full-api-access-via-free-enterprise-policies/

 

 

 

 

so if you didn't particularly care about privacy, but you CARE about the ability to block ads, then now may be a good time to make the jump over to firefox (or other if you prefer).

 

 

 

even if you don't particularly care about privacy matters, ads still have issues in other ways.

- pop ups, pop unders, redirects, a ton of ads loaded at once or to distract you continuously when surfing.

- malvertising (ads are vectors for malware)

Quote

Malvertising - Ad Blocking and Why You Need It | Malwarebytes

How does malvertising work?

Malvertising takes advantage of the same methods that distribute normal online advertising. Fraudsters submit infected graphic or text ads (both work as long as they use JavaScript) to legitimate advertisement networks, which often can’t distinguish harmful ads from trustworthy ones.

Despite the malicious code, malvertising takes on the appearance of everyday ads like pop-ups (pushing things at you such as fake browser updates, free utilities, antivirus programs, and so on), paid ads, banner ads, and more. Malvertising criminals rely on two main methods to infect your computer.

The first is an advertisement that presents some kind of provocative enticement to get you to click on it. The lure might come in the form of an “alert,” such as a warning that you already suffer from a malware infection. Or it might be an offer for a free program. Such tactics use social engineering to scare or tempt you into clicking on a link. Give into that temptation and you are infected.

Even more nefarious is the second method, known as a drive-by download. In this case, the infected ad uses an invisible web page element to do its work. You don’t even need to click on the ad to trigger the malicious activity. Just loading the web page hosting the ad (or a spam email or malicious pop-up window) redirects you to an exploit landing page, which takes advantage of any vulnerabilities in your browser or holes in your software security to access your machine.

https://www.malwarebytes.com/malvertising/

 

 

 

if you want to stay on chromium based browser and not be affected by this bs, there is brave.

Quote

Unlike all the other browsers in this roundup, Brave is based on Chromium instead of Firefox. Chromium is the open-source code behind Chrome, with all the closed proprietary bits stripped out (at least in theory).

It comes with a built-in ad-blocker, tracking protection, script blocker, and HTTPS-Everywhere functionality. Brave also features one-click anti-fingerprinting and WebRTC leak protection. And anyone used to Chrome will feel at home instantly.

Despite all this, Brave is a controversial choice…

-Brave helps to fund itself via an ad-replacement program. This replaces "bad ads” which include tracking pixels with “good ads” from its network partners. Participating in this program is opt-in, but detractors feel it adds to a problem that private browsers are supposed to be fixing.
-The CEO of Brave Software is ex-Mozilla CEO and JavaScript inventor Brendan Eich. Eich was forced to stand down from Mozilla in 2014 after he donated $1,000 in support of California's Proposition 8, which attempted to prevent same-** marriage for LGBTQ Californians. This has no relevance to the quality of the software of course, but you may wish to consider if you want financially benefit someone with these views by using his product.

Brave is available for Windows, macOS, Linux, Android, and iOS.

 

https://old.reddit.com/r/brave_browser/comments/buhq20/chrome_to_limit_full_ad_blocking_extensions_to/epdmuk5/

https://community.brave.com/t/brave-with-ublock-origin/51789

https://proprivacy.com/guides/most-secure-browsers

 

 

 

 

 

And yes before someone comes along and says there is firefox, well i tried it, but it has a big issue for me. and that is an immature session management api. all the extensions i tried didn't quite do it. best of the lot was session boss, but it cannot open session windows in the same order as before, instead it does it randomly which is a deal breaker for me. if it weren't for that, i'd be okay with firefox.

 

 

tbh google did us a favor by forcing us to move away from chrome, to a less privacy invasive and an adblock supported browser. most people are oblivious to privacy behind the scenes, but if you mess with adblock capability well thats breaking the camels back and you will have many mutineers jumping ship 

 

 

PS: this wasn't the first attempt google tried to kill adblockers (specifically ublock) that worked TOO effectively. Their initial attempt was prevented by public outcry to which google backed down. But this NEW issue is round 2. They don't give a shit about appearances anymore. They took a page from Ajit Pai and do bad things with a straight face and go on and lie about it to justify their actions in a disingenuous and condescending manner.

 

 

[Cereberus]

While i'm at it, ads have evolved, and got worse 

 

[dhjohns]

I could never find a reason to switch to Firefox.  I still  can't.  I use Edgium now. 🤪

[TheEmpathicEar]

I commented about this in another thread and am considering at least two ideas. 1. Switch to Firefox. 2. Start using AdGuard instead of a browser extension. Maybe Google will abandon abundant greed and change its mind?

[Cereberus]

5 hours ago, TheEmpathicEar said:

I commented about this in another thread and am considering at least two ideas. 1. Switch to Firefox. 2. Start using AdGuard instead of a browser extension. Maybe Google will abandon abundant greed and change its mind?

 

oo sorry i didn't know :{ didn't see it. got a link?

 

 

1. Switch to Firefox.

- i at least tried it. Managed to install same extensions or similarly functioning ones. only one i couldn't get to work satisfactorily is the session management which was the deal breaker for me.

 

3. Maybe Google will abandon abundant greed and change its mind?

- i wouldn't hold my breath

[TheEmpathicEar]

@Cereberus [Remember U asked for this depressing story] Google to restrict modern ad blocking Chrome extensions to enterprise users

[Cereberus]

1 minute ago, TheEmpathicEar said:

@Cereberus [Remember U asked for this depressing story] Google to restrict modern ad blocking Chrome extensions to enterprise users

 

well... you know that saying... misery enjoys company 

 

thx 

[halvgris]

if chrome gets slover than ff i will switch.

 

will get pi-hole and vpn settings on a device which locks

most annoying domains.

[steven36]

38 minutes ago, halvgris said:

if chrome gets slover than ff i will switch.

 

will get pi-hole and vpn settings on a device which locks

most annoying domains.

Firefox takes less resources than Chrome  that you could be using for something else so if you have a lot of   or tabs open at once it already is faster .

[Karlston]

Similar topics merged.

[Sofa King]

Is Firefox running good enough that you can switch from Chrome to Firefox?

[Cereberus]

Quote

Mark said on June 14, 2019 at 11:30 am

and to add/make clearer a fundamental part of this comment…. The webRequest API stops the elements from being download. Fullstop. Using the new API will allow google and to track you even if the ad is not displaying so they can still build that famous profile.

 

And to make everybody remember that profile is who you are, what you do, how much you spend, where you are geolocated at least roughlky from your IP address or more accurately from your mobile, your movements on a laptop & mobile, where you visist restaurants, palces etc… your name, surname even potentially your credit card (google wallet or you pay for google photos etc…), your phone numbers from your google accounts recovery options, your friends phone numbers from android contact list sync to gmail/google and lots of others that I forget.

 

Then they sell this to god knows who and make money on your back or they loose it via some hack which is only a matter of time

https://www.ghacks.net/2019/06/13/chromes-adblocker-controversy-google-raises-maximum-limit/

 

 

what i liked about ublock/umatrix was that you can prevent stuff simply downloading onto your hard drive. the extensions would block it unless you whitelisted it. 

 

But from the sound of it, seems like this will no longer be the case. Not showing ads visually is important yes, but so is not downloading stuff onto my hdds either ....

 

 

hail hydra