* The list is totally opaque (I am wrong, see EDIT 2 below)
* They use the hard work of people like EasyList and subjectively apply it (though not that big of a deal, they do make it free/open for all uses after all)
* They build it into the browser instead of as an extension or working with the existing ad-block community
I urge everyone to keep with uBO and the like. How anyone can be for NN and then think a coalition can be an on-by-default gatekeeper of good or bad web items I'll never understand. At this point, I have a hard time separating browser from ISP wrt end user control and limited choice (especially for the masses who aren't familiar w/ these kinds of details).
EDIT: I should note that this is the same mechanism by which the safe browsing lists work that tell you a page may be bad. For consistency, I disagree with that too of course, but I find the motives and targets here to be much more sinister. I would also say switch to FF, but they also use the secret safe browsing lists, so they'll probably switch to this as well. I say find a Chromium/Gecko based browser w/ all the ancillary shit like this removed.
EDIT 2: There is a method of obtaining the entire list via the API, see comments below. I was wrong about the opacity and stand corrected. Still doesn't alleviate the concerns around gatekeeping. I wonder if Google would let me keep a running update of this list in GitHub so we can all watch changes and other things like adblockers could use it.
Whenever you have the browser maker, and punitive actions controlled by the same party, and arbitrarily, its a recipe for disaster.
If Google really cared, they should spin Chrome off to a foundation, provide it a large amount of funding, and totally step aside.
Having the #1 web browser and the largest ad network, controlled by Google, even if you agree with what they are doing, is a recipe for disaster.
Google, of course, MUST protect its ad business, let's call his what it is.
Judge, jury, and executioner as they say.
Why would Chrome being run a foundation that is funded overwhelmingly by Alphabet make a difference? Chromium is already public -- aren't there already forks that focus on privacy and ad blocking?
This is absolutely not about quality but a political move to counteract ad blocking extensions and companies. While the intent seems noble, it's likely to cause no real improvements compared to better existing options like not serving these formats at all.
The same reason every conflict of interest is a problem. You're not advocating for what's best for the side you are supposed to be representing because you are also representing a self interest.
(Also, imagine the hilarity if the default search of Chrome ever became Bing.)
As you noted, this is false. See https://developers.google.com/ad-experience-report/
> They use the hard work of people like EasyList and subjectively apply it (though not that big of a deal, they do make it free/open for all uses after all)
Again, I don't see the problem here. As you said, EasyList is free and open. It seems like your objection is just that you don't like the way its being used?
> They build it into the browser instead of as an extension or working with the existing ad-block community
I'd actually consider this a huge win. Everyone gets it by default (though you can turn it off in settings if you want), and it works on mobile, which doesn't currently allow extensions. What's your actual concern here?
> think a coalition can be an on-by-default gatekeeper of good or bad web items I'll never understand. At this point, I have a hard time separating browser from ISP wrt end user control and limited choice
There's a reason browsers are called the "user agent"; it's because their purpose is to make decisions and perform actions on behalf of the user. If a browser vendor wants to block ads on behalf of the user on sites which they deem to be using those ads in an abusive manner (and the standards for what is considered "abusive" in this case are actually pretty clear-cut: https://www.betterads.org/standards/) I don't see a problem with that. If you as a user don't want your user agent behaving that way, you can either tell it to stop (chrome://settings/content) or get yourself a new user agent. (And both of those actions are significantly easier than they are with your ISP I might add.)
Not really my objection, I just wonder if it's the objection of the people putting in the work on those lists. I personally don't think it's a big issue.
> I'd actually consider this a huge win. Everyone gets it by default (though you can turn it off in settings if you want), and it works on mobile, which doesn't currently allow extensions. What's your actual concern here?
A bigger win would be to allow mobile extensions. It's strange to use a decision Google makes as a reason Google has to do something this way instead, ha. That it's on by default makes those of us on the non-user side of the web wary of the slippery slope of browsers not being neutral about what is shown to our users.
> I don't see a problem with that. If you as a user don't want your user agent behaving that way, you can either tell it to stop (chrome://settings/content) or get yourself a new user agent.
I'm more concerned with the site developer side than the user side. If something ships to millions of users and begins to exercise non-neutral control over content, you should become concerned. It's like TVs constantly updating a list of shows they won't allow to be shown on their TV. You might tell a user to go change the settings of the TV, but as a someone making the video, would you not be concerned? Or glasses that limit some of what you get to see by default, or headphones that disable some of what you get to hear by default, or cars that don't allow you to enter some areas by default, etc. I hope it's clear that conduits like these need to remain neutral.
However, I think the type of "content" Chrome is discriminating against here is pretty far removed from what most users would consider "content". They're not basing the decision on whether to block ads on a news site on the _content_ of its articles, but on the placement of its ads.
To the extent that ads can be considered "content" then yeah, Google's not being content-neutral here, but while site owners might consider ads to be "content", I suspect most users don't.
It's a pretty similar situation with Google's Safe Browsing system. While a malicious site operator might consider malware to be "content", malware is almost certainly not the sort of content the user came to the site for.
Isn't there an open API for querying this information, as well as their webapp? It can't be all that secret.
Unfortunately.. I don't see a dispute button. If Google won't let you dispute like blacklisted mailserver, I see class action lawsuits because ultimately with such high % of market share, Google and his pal Chrome will decide whether your business thrives or dies.
My guess would be there isn't a simple canonical list, and it's more of a heuristic evaluation where certain thresholds will trigger site warnings.
In this case an API would be more up-to-date, and less computationally expensive than serving large, always-changing lists. It was likely just the more logical choice. Though I'm assuming the new ads functionality uses the same Safe Browsing infrastructure.
>Sure they can say they don't want the offenders to know they are offending
Actually not the case at all. They send alerts to sites that are affected by Safe Browsing via Search Console.
>In this case an API would be more up-to-date, and less computationally expensive than serving large, always-changing lists.
Like Google search?
I fail to see whats hard about returning a large list of items. Its their entire organizations' core competency.
Makes you type-in a single URL. There is no way to use a keyword to get a list of items back. My point is that it should be trivial for google to do this, since this is their core competency.
I fail to understand whats so special about maintaining a tiny list of website URLs that anybody can access at any time? I'd wager you can fit 10+ million URLs per GB. The wayback machine has 300 billion+ pages of full page historical content and you can access all of it. This is entirely within Google's wheelhouse. Certainly, there could be other factors to not handout the list, but I'm merely speaking about the engineering aspect here.
Oh please. Claiming Google can't publish a giant list is really disingenuous. The question is really if they want to or not.
Out of curiosity what is your objection to the Safe Browsing lists?
I personally have my router blocking sites at the IP level and DNS rejecting queries for domains off this list.
I can't remember the last time I couldn't visit a site because it was on the list but with the prevalence of zero-day malware and naive users on my network, I'd rather just not even deal with the potential.
The gatekeeping and phoning home (even though it is privacy conscious). But it's not a strong objection. In general I prefer browsers to be neutral by default and make no HTTP requests behind the scenes, but I acknowledge that's unreasonable for most users. It's less about my personal objection and more about an objection to on-by-default corporate decision making being deployed to millions of users.
While safe browsing hasn't come under much scrutiny due to its limited scope and that it hasn't been abused, I suspect it won't be long before someone's site has its ads blocked unfairly by the coalition. I understand with human review and pending-vs-actual-blockage incubation they are attempting to alleviate false positives, but the internet is too large IMO and the rules are subjective (so I can have a site with a 29% ad density?).
Google does not have an interest in showing you shitty ads. They have an interest in providing their clients with ads that are acted upon and that web users appreciate, and they have an interest in having a browser that does that with as little friction as possible.
I'd say their incentives are perfectly aligned with ours.
Speak for yourself. I hate advertising and would rather see that whole revenue method burn to the ground and pay the $2/mo or whatever to use my favorite services.
Ads have ruined everything they have touched (radio, satellite radio, TV, cable TV, satellite TV, magazines, highway scenery, etc) and they are well into the process of ruining the internet.
In addition to bloating every site and exposing you to higher malware risk, they encourage companies to violate your privacy as much as possible and exploit psychological weaknesses to get you to buy stuff you didn't want or need to begin with.
Google's incentives are to spread this poison so they are not aligned with mine at all.
Disclaimer: they work for Google
They also own the most popular way those ads are shown: through their web browser. This browser has the ability (at Google's sole discretion) to block shitty ads, of which all of them are run by their direct competitors.
So what's happening is, Google is giving themselves the right to block parts of the Internet they don't like, with the implied statement of "if you want your ads to be seen by Chrome users, buy them from us or else we might block them".
That is a classic protection racket. "Want your ads to be seen? Better buy them from us, or... bad things will happen."
Seems pretty reasonable.
They use this by default, but you're free to turn it off, and that setting (unlike others) seems to sync just fine using Firefox Sync. Just checked and it's off. I turned it off once years ago and switched between OSs and different devices in the meantime, and it's still off.
Don't know if the same is possible on Chrome.
> I should note that this is the same mechanism by which the safe browsing lists work that tell you a page may be bad. For consistency, I disagree with that too of course, but I find the motives and targets here to be much more sinister.
I agree with you completely on this one.
I had to turn that off on two layers, on a browser level, and inside my antivirus' firewall. My antivirus now constantly complains that I'm "not fully protected" because I don't want it to do web filtering for me.
I do support other private browsing techniques that stay on my device, like first party isolation, and adblock-like lists that are downloaded on my device.
Both are available in Firefox, and using them doesn't collide with my stance on NN, since I'm the one preventing the content from being fetched by my machines.
Also, I cannot find a clear explanation from Google how the internal details of this ad blocker work (how they manage the hashes on their side, where this coalition list is maintained, etc). I would love a link, but alas with these kinds of things transparency is usually the first thing to go, especially since people don't demand it.
EDIT: Updating from previous statement saying I couldn't find where to get the list. I have now obtained it from  and put it at  (caution, it's a large gist).
0 - https://developers.google.com/ad-experience-report/v1/refere...
1 - https://gist.github.com/cretz/18594176f791fc0ede26078f76cf12...
This weird hashing scheme comes from safe browsing (which blacklists sites that install malware etc.). I guess (without specific knowledge of it) it was just reused for this ads thing because they had all the code handy for it,
both the browser-side code and serving code.
For safe browsing, as I recall the data format was designed with Mozilla -- that tech predated the existence of Chrome. There's some history about it here:
https://wiki.mozilla.org/Security/Safe_Browsing and https://wiki.mozilla.org/Phishing_Protection:_Design_Documen...
I recall the weird hashing scheme was carefully designed to balance some concerns. For example when it phones home, it phones home with a hash of the current URL so that it doesn't reveal the current URL to the server (unless the URL is already in the server-side blacklist). I also think it was intentional that the client didn't get a list of all known-malware URLs. I can't find any design docs for it at the moment better than https://developers.google.com/safe-browsing/v4/ . It may well be the case that the hashing scheme doesn't make sense at all in this context.
Do you really believe Google has PR people that are paid to reply on posts on HN? It could be, but I find this quite incredible.
(Saying this as an Eng Googler, I have absolutely no insight on how the whole "business" side of the organisation works.)
I'm not suggesting the dead post's particular case is true. I'm just pointing out that it's a company's dream to have engineers voluntarily spending time on a forum like this where they have identified themselves as employees. They are implicitly doing PR for free.