Hacker News new | past | comments | ask | show | jobs | submit login
Web page service workers bypass ad-blockers after Chrome 72 upgrade? (twitter.com)
111 points by ikisusi 35 days ago | hide | past | web | favorite | 51 comments

It might sound dramatic, but if they do block or cripple ad blockers, then I think that could represent a turning point in Chrome's popularity. Even my non-technical friends use an ad blocker, and it's also one of the best defenses from viruses on the modern web, so people who do family tech support are likely to be pretty proactive in ensuring that the computers they look after are running browsers with ads blocked.

(Original tweeter here.) It seems that this is already fixed in Chrome 73 beta: https://twitter.com/jviide/status/1097199686849581057

Also setting "Enable network service" to disabled in chrome://flags appears to fix it: https://twitter.com/jviide/status/1097202611806261248

Real bug or test to see if anyone notices? I'm getting uncomfortably skeptical when it comes to google these days.

Blocking ads for non-savvy/elderly users is definitely a security issue. It's reducing the chance that they inadvertently install malware or fall into a social engineering scam because "Microsoft Support" needs their credit card number to secure their computer.

I was not aware of these scams thanks to using ad blockers and not living in a country that is being targeted that much. A good way to educate elders might be by showing them some scam videos [1]

[1] https://www.youtube.com/channel/UCm22FAXZMw1BaWeFszZxUKw/vid...

My mother is in her 50's and is in between savvy and unsavvy. A few years ago she called me after falling briefly for one of these "Microsoft Support" scams. She had clicked on it because it looked like an error message, and right after she clicked on it, her gut told her that it wasn't legitimate and called me to see what she needed to do.

Elderly users wouldn't have fared as well.

This goes hand in hand with IRS phone call "you're going to jail if you don't pay your tax debt" scams. I think there needs to be serious legislation to crack down on these scams.

I’m of the opinion that we don’t need more legislation to crack down on something already illegal

I hate Mozilla pushing their own things almost as much as Google (a screenshot service? I have a keybinding for that, thank you) but this will probably be the straw that makes me jump ship.

There's always IceCat I guess. Websites get away with loading files from a ridiculous number of third-party servers and it's pretty frightening when you look at the uMatrix tab for it.

Firefox's built in screenshot system provides one things that others don't. You can screenshot the entire page as a single unit, without having to resize the window beyond your own screen size.

Chrome's developer tools also allow this (ctrl+J / F12 -> ctrl+shift+p -> screenshot -> capture full size screenshot (or node screenshot / regular screenshot)

That’s actually very useful, thanks, I wasn’t aware it did that!

Most plugins I’ve seen for doing screenshots provide that functionality. Admittedly I’ve not looked much, but any screenshot utility that can’t do that is pretty much useless to me, so maybe I’ve only looked at ones that had it.

That might be the case now (I haven't looked either), but back when this was introduced that wasn't the case.

> I hate Mozilla pushing their own things almost as much as Google (a screenshot service? I have a keybinding for that, thank you)

The screenshot feature is quite handy, because it lets you capture only a certain element on the page which is more cumbersome using the OS' builting screen capture, because then you need to edit the captured image.

OSX has a keybind that lets you drag the exact rectangle to capture, so all I do is keybind, drag, upload to my intended recipient instead of Mozilla's servers.

(I worked on screenshots)

Sure, but firefox has knowledge about the geometry of the dom, so you just click on the element you want and it intelligently sizes the shot for you.

Also, before it was screenshots it was Page Shot, and it allowed full text search of the text in your screenshots. Management killed that before launch for some reason.

Finally,d you’ve always been able to save the shot locally instead of uploading it to the server, and you’ll be happy, because the server is going away later this year and you’ll only be able to save them locally.

You may know how to use your os screenshot tool, but we got a lot of positive feedback from non power users who don’t. Right-click->Take screenshot is a lot more discoverable than command-shift-4.

It mystifies me why people hate features they don’t use. So you don’t like it — so what? Other people do. You are the one generating the hate for no reason.

Apparently, Windows has it too (snipping tool), so it looks like the firefox tool is not necessary.

Windows has a new tool if you hit Windows + Shift + S, which feels a bit closer to the macOS version and less like a Windows app from 1999.

Ubuntu Linux too - Ctrl+Shift+PrintScr

They're deprecating the service, though the feature will remain.

> They're deprecating the service

Looks like they're serious about imitating Google

I think Mozilla's privacy scandals are much worse than that screenshot service.

Google privacy scandals, meanwhile ... don't happen because look where our expectations went, huh.

Their very existence is a scandal.

This could backfire since websites will be benefit from Chrome's move. They can subtly start supporting chrome more over other browsers. Asking users to switch to Chrome. And there are enough people who won't give second thought while making the switch.

I'd go farther and say that the web is basically unusable without an ad blocker.

The majority of people don't use an adblocker (otherwise the ad based ecosystem would not work) and if you ask them if they want to pay for the sites they visit instead of seeing ads then most of them choose free with ads.

One visits lots of sites while browsing and paying for each of them is simply not feasible. The solution would be some kind of universal micropayment scheme, but it's unclear how such a sytem could be adopted universally, because making the users setting up multiple micropayment providers in their browsers will not work.

So every site with "disable your adblocker" will display the message just because a "majority" doesn't use them? I find that doubtful.

Adblockers are impacting revenue from a considerable amount of users, otherwise there wouldn't be such messages.

They try different solutions, before the impact gets bigger. I guess Chrome will introduce sometime in the future a disable ad blocker feature, so sites can ask the user to disable the ad blocker to continue and the browser will pop up a confirmation for the user, so the user can simply choose Allow without knowing the technical details of how to disable the ad blocker.

But when ads are so user-hostile that they sometimes include malware, that's when I lose sympathy for the ad-supported web.

Ad networks strive to filter these out, so it's not an argument against ads. Otherwise, you could say let's not use, for example, app stores, because sometimes malicious apps can get through the checks.

The difference is that app stores are pull-only. I have a subset of apps I allow on my phone, and random ones aren't downloaded every time I open it up. With websites, you don't get to pre-approve the ads that get downloaded, and since these adds are auctioned dynamically, you can't even say that one website is safe or unsafe.

If you want to make an analogy with app stores, visiting a website that's hooked up to an ad network is more like opening the Google Play store, entering a random search, and then clicking install on whatever the first result is. Yes, the web has better sandboxing than Android, but that's still a wild thing for any user to consent to.

When I installed the Play Store on my phone, I wasn't agreeing to give every single app it hosts access to my device. But that's what ad networks essentially force me to do.

Having an extra layer of filtering is good, but time has shown it to be less effective than adblocking.

Your app store example is a non-sequitur, because users want to download apps. Users in the general case do not specifically want ads.

> Users in the general case do not specifically want ads.

True, but users want to access content for free, they don't want to pay for every site they visit. And currently it's only possible with ads.

And most users rather bear ads than pay. If everyone uses an adblocker then most sites will either close or become paid.

I would really like to avoid app stores, too. Unfortunately F-Droid has been unreliable for me - https://f-droid.org/en/packages/ is down right now, for instance.

Even if this is chalked up to something inadvertent, it's only a matter of time before it happens for good. Google will likely win this arms race, at least within Chrome.

The browser from the mega company that gets nearly all revenue from ads will eventually close that hole.

I switched to Firefox about a year ago in anticipation of this specific change, and haven't missed a thing.

In the past few months several services I (used to) use, one of them being paid Spotify, started to crack down on adblockers and anti-adblockers killers. I don't feel this is just a coincidence, together with Chrome changes.

I'm pretty happy about this as I want the ad companies to start getting desperate and throwing punches. It's like people won't see how bad the situation is until you they get shit almost literally thrown in their faces. Tracking, data collection and malware are too invisible for people to care.

It wasn’t paid Spotify. It was the free one. People who provide a negative value to Spotify were having their accounts disabled

It sounds like ad blockers need to work on the os level now and not a browser extension. Just block all requests from the machine to the ips.

They’ll just serve the ads from the same ip as the content then, or even embed it right in the same request as the content.

You’ll face kickback from ad agencies over that: the third party requests are also used by the agency to track that the impression/click/etc did actually occur and the publishers aren’t just lying about it to boost their numbers.

Hmm, that's interesting. Makes sense.

Adblockers have been around for a long time, and few websites use the workarounds you suggest.

DNS based blocking still works :]

Not for Youtube and I guess that is what Google mostly cares about.

This is why Google is pushing DNS-over-HTTPS with an in-browser resolver.

Doesn't chrome circumvent host-file blocking? At least it did for me in windows before I switched to Firefox permanently.

Stop. Using. Chrome.

The Twitter thread ends in "submitted a bug report"...this is a feature not a bug, right?

No, a bug that was even already fixed: https://twitter.com/jviide/status/1097199686849581057

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact