And not a bogus story in my opinion.
Of course, content blocking could've been part of that new security model.
As Google tightens its grip, I wouldn't be surprised if someone starts a genuine fork of Chromium. Not just Chromium plus some extra stuff like Brave and Vivaldi, but a real, doesn't-rely-on-upstream-changes-fork. Microsoft seems like the most likely candidate for doing so.
No, that's a very misleading use of the term "security hole". By that definition, every piece of software on your computer is a "massive security" risk. Heck, even Chrome itself is a massive security hole since it can see the content of every page you visit.
I think it's worth reacting strongly to this argument because it's exactly the kind of statement that muddies the waters to convincing people that they shouldn't have the option of having full control of their own devices.
And I'm not saying there haven't been huge security issues with extensions. Just as there have been massive issues with any manner of software downloaded and installed. But requiring them to be open source and needing explicit user approval before install (unlike in older IE versions) addressed those issues pretty well, imo.
Edit: I would like to see changes that make it easier to observe when an extension is active and/or communicating with third party servers and/or writing to local storage for later transmittal (if that's possible).
Well, yes. There’s a reason sandboxing is coming more and more to the desktop.
But you can select on which sites the extension is active. You can even make it only active when you click on it.
Edit: I don't like that it seems to not be the default though... if you don't see this option then it's the same situation as before.
And even the adblocker might be disabled on the online banking site.
The media companies saw media piracy and asked:
> "Can't you just make us a general-purpose computer that runs all the programs, except the ones that scare and anger us?"
Google (and advertisers in general) is now asking ""Can't you just make us a general-purpose browser that runs all the programs, except the ones that programs that interfere with our business model?"
> The accidental thing nobody noticed is how @Cloudflare is suddenly in the best position now to take over the Web Analytics industry now that adblockers are all blocking JS-level Google Analytics, since Cloudflare can track users on the DNS-level
So once DNS blocking becomes the norm, the power to do evil will switch from Google to Cloudflare.
A pfSense machine with pfBlockerNG is open source, fully customizable, and can block at the DNS and IP level.
Since blocking content effectively changes how the web looks, and can occasionally break web sites, I'd rather have full control over the service than to pay someone to configure it for me.
Plus, the BSD camp has yet to let me down. :)
But disabling ad block?
That's insane. If that really comes to fruition, there is no way I'm sticking around.
That's the fear. The reality is they want to use the AdBlock+ (ABP) model of getting a trickle cashflow of adblocking users (and allowing so-called "Acceptable Ads").
If you are seeing this as the thin edge of a very hard wedge into the concept of adblocking, you're in good company.
Google/ABP need to start small, offend as few users as possible then make it acceptable and move the conversation to "which ads should/n't be blocked" instead of "all ads should be blocked", all while preserving their revenue stream.
Or so I hope...
> the software giant is not backing down: It says the only people that can use ad blockers following the change will be Google’s enterprise users.
> Google sent me a statement by email, which reads: "Chrome supports the use and development of ad blockers. We’re actively working with the developer community to get feedback and iterate on the design of a privacy-preserving content filtering system that limits the amount of sensitive browser data shared with third parties."
These can't all be true. Which is it?
The last one sounds weasel-wordy to me: it might be saying that they want to allow people to block targeted ads and see random ones instead, which is obviously not ad-blocking and would make "Chrome supports the use and development of ad blockers" a bald-faced lie.
The implementation breaks the model of the most effective blockers like uBlock Origin, which are able to inspect every request and block it based on a much more comprehensive set of factors. The claim they are making is that allowing extensions to inspect web traffic makes them vulnerable to abuse by bad actors who can, for example, offer an innocuous extension then later turn it effectively into a keylogger. There are numerous better solutions to this problem that don't require breaking blockers like uBO, but this choice seems to tick a large number of boxes for decisions that benefit Google and their partners at the expense of their users. And the "Enterprise users" part (which really seems to belie the stated reasoning) was only abounded after it became clear that there was a backlash against this terrible decision.
In particular, I don't think it's true that Google said "only people that can use ad blockers following the change will be Google’s enterprise users".
I mean, it kind of obviously is. Giving random extensions downloaded from the internet access to the URLs of every request ever made by the browser is a pretty insane security hole.
My impression is that other browsers (Safari) already removed this kind of API, or never had it in the first place.
The observer APIs will still be enabled in V3 and extensions will still be able to access that list.
There is a valid case to be made that we should rethink the extension security model, but the V3 manifest doesn't address of any of its biggest problems. It's gimping the parts that enable you to block requests, but extensions will still be able to other spy on you the same way they already can today.
This is very clearly not about security.
Nowadays, you can invent clever ways to get around all this.
With the new Chrome - you probably can't.
In the future, it'll probably be such that every website asks you to disable adblocking or you are blocked from the site.
Hyperbole to assume all will leave of course, but I wonder what this will do to user expectations
Using Privoxy, you could have ad-blocking and continue to use Chrome.
 - http://www.privoxy.org
It was ad blocking that drove me to Firefox on Android. Screen space is precious on mobile, and ads taking up a lot of it drove me nuts. I found I preferred the UI but sorely missed Chrome's "translate page option". (I changed my search engine to DuckDuckGo for the same reason - google search now shows so much "useful" ancillary information I have to scroll past to get to the actual search results I switched to DuckDuckGo just to avoid the scrolling).
But at 0.36% I'm in the noise region as far as browsers concerned, which I assume means most people don't care about ad blocking or noisy search results, apparently.
And it's even worse coming from an ad company. Undermines trust massively, even for people who've never changed a default (no) privacy setting.
There's no way they'll loose control over their users.
This will be changed and they'll find another way to force ads on their users without loosing them.
Wait and see!
Thank God we can change browser user agents :)
If I had the time i’d do it!
(Edit: Whoever just downvoted me -- you work on the Chrome team, I guess?)
This is probably Google's roundabout way to defeat adblocking as a whole.
Disable your adblock, or don't visit any website with Google Ads. Your choice.
As long as bytes of content are being sent over my Ethernet cables, I will find a way to render them.
The issue google is trying to address here is that the adblockers get permissions to basically all browsing data.
Google specifically says "Chrome supports the use and development of ad blockers."
There is going to be a content filtering approach that doesn't require folks give full access to all browser activity to a third party. For example, google could provide hooks for a pattern list that the extension could populate to block content. But no browsing data would be shared with the extension.
I know it's fun to go to immediate outrage - but Forbes is not the first place I'd be looking for thoughtful / balanced stories.
Google does this such that you can install some sort of pseudo adblock, while Google Ads and Google Tracking (especially) still work - at least behind the scenes.
And this comes directly from the dev of uBlock Origin.
The article is absolutely correct, only that 2B users will of course not switch.
But this move from Google is absolutely, 100%, meant to defeat effective ad blocking and any further privacy extensions that people may come up with in the future.
Painting this as all about user safety when it handsomely rewards Google's largest profit center is farcical. (the new static list of 50k filters will be completely trivial to workaround).
The only thing that is bogus here is the people denying it has nothing to do with ad blocking.
As users we could pick adblockers that didn't require permission to ready all our activity.
How is reducing the required permissions (significantly) not an enhancement to user safety.
Your argument that we always must give extension authors full permissions to get anything done is a pathetic one frankly.
FWIW that's how content blockers in Safari have worked for while now. I've always been surprised at how accepting people are of using a browser from an ad company.