Hacker News new | past | comments | ask | show | jobs | submit login

When Apple says "We're designing this API in a way that allows you to block ads without having full visibility to monitor everything that any user does every web page they visit" it's totally believable because it's in line with the last 10+ years of their product direction.

Yeah, it makes ad blockers less powerful. It also makes them less of an enormous security risk in that all of your web traffic is redirected through them, and a compromised extension could do whatever it wanted with that.

People are more skeptical of Google's motives because nearly all of their money comes from selling ads and for all we know they're more concerned about their very very very large piles of cash than they are about browser extension security. That's not a motivation that Apple would have for their Content Blocker limitations.

Adblockers don't redirect all traffic though them. If you think about it for a moment you will see how absurd that idea is. This would incur one of the most massive bandwidth bills on the internet for negligible financial gain.

Current ublock origin.

Your adblocker frequently updates lists of patterns to block via any of many user configurable lists.

When you load a site ON YOUR COMPUTER it consults all those lists including custom ones you create yourself for annoying elements on particular sites before loading content. It NEVER sends said content to the adblocker or leaks your information.

Ublock origin provides both the adblocking engine and the lists and can innovate on the former and iterate on the latter as fast as you please.

New chrome restrictions.

Google provides an adblocking engine substantially inferior to ublock. Extensions are able to provide only a list much smaller than current lists and can only update that list when the extension itself is updated. They cannot innovate on the adblocking engine as they are stuck with the crummy one an ad company provides. This basically ensures that ad providers win the arms race with adblockers.


Shares the same inherent flaw with chrome that Apple will be providing the adblocking engine with the possible benefit that apple isn't directly making money off ads and has less incentive to directly break adblocking.

I don't mean that it sends the actual web traffic through some uBlock server, I mean that the uBlock browser extension sees all of the requests to load a webpage and decides what to do. It can decide to block them or not. It could also decide to scoop up all of your personal information and do bad things with it.

If someone were able to compromise the developer account and get a malicious version distributed through the Chrome browser gallery, that would be a huge problem. The kind of thing that has been making headlines with compromised npm modules recently.

Google has reviews in place to prevent malicious extensions from being distributed, but they can't be perfect. We've seen that repeatedly with both Chrome extensions and Android apps.

Every extension with permissions set for "This can read and change site data on all sites" has a huge target on it, and the fewer things using that level of access the better. Ad blocking extensions are an obvious place to look for improvement because they're so popular.

I hope that Google can put a blocking system together that will be able to perform as well as existing solutions without adding any huge security risks, but I also agree that it's problematic that their incentives are to do the exact opposite.

The latest version of Chrome allows for "read on a write site data" on a per-site basis. Not so useful for ad-blocking extensions, but a boon to any extensions I don't really want to give full access to.

So enforce human reviews for any update to extension with "read all requests" permission and over X users.

Nah. If they feel inclined to do something more powerful than the Content Blocker API then they should build the ad blocker themselves into Safari. It can be off by default and configurable by users.

It'd make the Content Blocker API kind of pointless but that'd be safer than letting third parties in.

I don't see much value in ecosystems that where only one party can build powerful tools

I don't think "ecosystems" are a priority in and of themselves for Apple.

Thank you for clearly elucidating the difference between what we had and what we're going to have moving forward.

I'm so tired of this trend where folk keep pitching significant reductions of technical capability as some kind of "win" for the consumers and developers of a platform.

This is about exploiting platform owner privilege, no more and no less.

This should be the top comments, thanks for taking the time to write it out

Plus, Chrome only plans to disable the blocking functionality of webrequest, not the monitoring part.

As you say it makes ad blockers less powerful. Ad companies are scummy, and will most definitely exploit this, making it either painful or impossible to block their ads using the API. And then the API will be playing catch-up forever.

And trusting a company based almost exclusively on ad revenue to build an ad blocking API is just bonkers. No, the only way to effectively block ads for the foreseeable future is to give ad blockers all the information. Unfortunately.

> totally believable because it's in line with the last 10+ years of their product direction.

yet they have shitware called uBlock that's there intended to confuse them with ublock origin, just sitting there in app store...

How is that related to Apple’s product vision at all?

It flies in the face of the "curation" and "privacy" arguments.

> Yeah, it makes ad blockers less powerful. It also makes them less of an enormous security risk in that all of your web traffic is redirected through them, and a compromised extension could do whatever it wanted with that.

This presumes I trust Apple significantly more than authors of any conceivable blocking plugin — by large enough margin that it would be worthwhile to lose functionality over it. That isn't really the case — I only trust Apple marginally more and, if anything, making such decisions on my behalf erodes that trust.

Using theit browser, you are already trusting them. If they wanted to spy on you in Safari, they would regardless of content blocking.

"Trust" isn't something binary. I trust them to do something and not something else; they may just be the ones I distrust the least as well. And assuming I _distrust_ someone just because I trusted someone is obnoxious.

Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact