Hacker News new | past | comments | ask | show | jobs | submit login
Apple neutered ad blockers in Safari, and users didn't say a thing (zdnet.com)
190 points by jmsflknr on Sept 21, 2019 | hide | past | favorite | 171 comments

Because content blockers are fine for the majority of users, IMO. Of course there will be power users who are buggered, but things like Wipr on iOS and macOS work just fine for blocking ads.

I switched to Wipr on my devices and ads are still blocked, for basic ad blocking it gets the job done easily and quickly.

I also did not join in the Chrome bashing as I personally prefer the "security" of content blockers vs. extensions. (Tho, I trust my goto extension uBlock Origin just fine.)

Safari's content blockers are super easy to circumvent by anti-ad-blocking tech.

That many publishers don't do that already is a mystery, probably because visitors with ad-blocking are still a minority and publishers don't want to piss them off.

As a disclaimer I was in a team working on such technology. The hardest to beat is uBlock Origin, being the most capable from a technical perspective. And we left it completely alone, a good strategy for angry users having a last resort solution to migrate to instead of investigating why AdBlock Plus isn't working.

And also by not having a company behind it, a partnership with uBlock Origin for "acceptable ads" isn't possible. Which is why the whole industry, Google included, is scared of it and it's no wonder that they've taken steps to kill it in Chrome for desktop ;-)

> And also by not having a company behind it, a partnership with uBlock Origin for "acceptable ads" isn't possible.

I'm really glad you brought that up, because it's an interesting dynamic. Industries generally know how to deal with companies and senators. People like Gorhill though are hard to control using conventional strategies, because they're not getting any money out of it, they don't have supply chains or a duty to investors that you can exploit. They're just people doing stuff.

This can obviously be both a positive and a negative. But when people talk about competitive and regulatory forces, it's important to remember that some forces also come from outside of the system.

Adblocking is legal, but another good (less legal) example is Sci-hub. Sci-hub is just as large of an actor in the debate about academic publishing as any other official institution, but it refuses to be subject to the same rules as those institutions. If you're a traditional publisher, you can't reason with Sci-hub. None of the conventional strategies you would use on a competitor work for Sci-hub.

In general, if you're a business, you would prefer to only deal with other businesses and (to an extent) the government. Purely ideological actors, or people who don't pay attention to the conventional rules of engagement are much more annoying. You have to find some kind of leverage over those people so they can't cause as much trouble.

I don't doubt that part of the reason Google is locking down extensions is for security. I'm also sure that there are executives at Google who look at locked-down extension APIs and the inability to side-load extensions as a way of locking out people like Gorhill, and making sure the debate over acceptable ads is primarily restricted to industry players. For them, the fact that these policies improve some aspects of security is just a bonus.

Anyone else remember why it's called ublock origin?

Because that exact kind of supply-chain attack thing happened to the original version. (ublock)

There isn't anything stopping individuals from publishing Safari content blockers, though? No more than with the previous extension model.

Nor were individuals the only players to take advantage of the powers available to old extensions.

There are also legitimate security reasons why browsers such as Firefox have restricted side-loading add-ons on consumer operating systems such as Windows.

There's a debate to be had about whether security for most users is worth the trade-off in flexibility for power users. But regardless of any other reasons we might speculate, the arguments that have been presented in favor of such changes are already compelling enough on their own and need to be seriously addressed.

As I said, Safari's content blockers are restricted in what they can do and easy to circumvent.

That they work for now is only temporary.

There's also the elephant in the room:

1. Those content blockers don't work in webviews and most apps on iOS open urls in web views with no way to choose Safari

2. Apps have no ad blockers either

Gmail on iOS is especially annoying because we often have to open links that require sign-in (e.g. Github) and there's no way to make it open Safari, but it does have an option for opening "Chrome" (also a shell around an iOS webview).

But I love seeing people sticking it to the man :-)

> Gmail on iOS is especially annoying because we often have to open links that require sign-in (e.g. Github) and there's no way to make it open Safari, but it does have an option for opening "Chrome" (also a shell around an iOS webview).

This is false. GMail has settings for choosing chrome or safari - settings > default apps.

Fair point regarding mobile Safari, though there aren't many better options on iOS. Extensions have never been supported there.

I was mainly addressing the situation on desktop, such as Safari on macOS, since the previous comments were discussing changes to desktop browsers.

>Those content blockers don't work in webviews and most apps on iOS open urls in web views with no way to choose Safari

What's even the point of having a system-level solution if it doesn't work on system-level webviews?

Then you aren't the target for these browsers. I suggest you use one that does what you need. Safari does enough for the majority, tho I understand if "power users" need more "control".

Are you a Safari user? I'm trying to understand why you are so obsessive over this minor (to the majority of Safari users) "issue".

Regardless, we all deserve privacy and I suggest everyone use either an extension OR a content blocker. I don't care. Just stick it to those scum bags mining your data to send you "targeted" ads. That we can agree on!

edit: Cannot reply to bad_user for whatever reason. Regardless, I think we're both on the same page arguing about the same thing in different ways. Let's agree to disagree? <3 my man. Take it easy.

No, this isn't about control.

Safari's content blockers simply suck at what they do.

And yes, I'm an iPhone user.

I use the Firefox Focus blocker on iOS and while it’s not perfect, a few minutes with it disabled is sufficient to say that “simply suck” is grossly inaccurate. It’s a good compromise for something which normal users have a hard time evaluating — 90% of the benefits with zero risk of a security compromise.

See my edits, couldn't reply earlier. We agree in the end. :)

Are you in the anti anti ad block business for research or for the cash? I wish that folks would instead focus on building better business models vs circumventing privacy/malware protection.

Honest question - What are your personal feelings about working on tech that many (perhaps most), HN users consider harmful from a security and privacy standpoint?

I think ads provide a business model without which many online services won't survive.

And indeed there's the privacy angle, however... (1) laws like the GDPR are far more effective at fighting that and (2) ads don't have to actually do personalisation to work and indeed, now that GDPR is in, in the EU many publishers are turning to less intrusive advertising.

I also think many users block ads for reasons unrelated to privacy.

As proof, whenever a new restriction happens for a free service without ads, you only need to witness the outrage, like for example when Dropbox limited its free service to sync with only 3 devices, or when OneDrive lowered the storage provided on its free tier, etc. Also witness, for all the bitching and moaning about privacy issues, how many people here are still using a @gmail.com address.

Truth of the matter is many people want to eat their cake and have it too. Most people just wants free stuff without any inconvenience. and it's hard to take them seriously.

Don't get me wrong, I'm using an ad-blocker myself. However I'm also paying for the content I'm consuming whenever I can, if it has any value to me. I happily pay for YouTube Premium for example, also for Fastmail, Dropbox, Newsblur and others.

So how do I feel? I'm feeling fine to be honest.

If you need to ask other people's advice, then it's probably not ok, because you're already questioning it yourself. The problem is that there's a part of your psychology that wants to ignore any 'moral' issues for some reason. Money and self-status are the two most common reasons I can think of that makes us want to go ahead with a project that others would prefer be left alone.

Specifically, you used the word "harm" which implies that you understand that your actions can actually harm others. I'd give that a solid - "don't do it". Love thy neighbor, brother.

Is "acceptable ads" really such a bad idea, assuming some reasonable criteria (not "pay us") for acceptableness?

If you think back to the early days, ads were often just static images. If we could go back to that, I don't see much of a problem with them, other than being ugly. Ads would be acceptable to me if they just got rid of

1) scripts,

2) user profiling,

3) sound,

4) animation.

Kind of like newspaper ads. They don't have to assault you and find out where you live to be effective.

I think a standard <ad> web component built into browsers is a good idea. This gives the user back control, and allows optimisation directly in the browser with C++ - also allows us to say: load only X ads with Y performance constraints and no more than Z bandwidth before they get dropped.

Yes, it does ultimately make it easier to block ads, but

1) Users who want to do that are always going to, and I'll always stay on the side of freedom for the user. We might as well ditch ad blockers and their performance issues if we can.

2) We have a standard way for publications to respectfully say no to serving content to blocking users rather than the JavaScript, anti-ad-blocker monstrosities we've got today - I respect the freedom of companies too, and they're always going to try and do this - likewise, we might as well ditch the awful performance/battery issues with this.

3) Performance and privacy can be kept in the hands of the user. This also means GDPR consent and a whole host of other stuff can be handled directly by the browser too. Asking the user to allow ads can be built right in and privacy is preserved if they say no which is better than all the consent dialogs we've got today.

Would be interested in everyone's thoughts on this. My approach probably will result in it being more difficult to ask content, but it preserves privacy and performance to the extent the user is willing.

I'm not sure about how reliable the source is but there could be 47% of visitors that use some kind of ad blocker (https://www.forbes.com/sites/tjmccue/2019/03/19/47-percent-o...). Technically a minority but not something to gloss over.

Do your colleagues curse the name of Gorhill and have a dartboard with his face and μblock Origin's logo on it?

Does everyone know Safari's developer menu, if enabled, lets you turn JS on or off in the menu? I find this very helpful browsing news websites. It's not as good as eg noscript in Firefox but it's not inconvenient either.

Ha, no :-)

And I'm also no longer on that team.

And random ad blocking programs that use the traditional ad blocking frameworks can easily record, intercept, and track everything you do.

Any site that goes through trouble of blocking ad blockers I just avoid.

Can you elaborate on what special tech make uBlock hard to beat ?

uBlock Origin replaces some third-party scripts with empty (noop) functions or otherwise sterilized APIs.


Another happy Wipr user here. I have yet to notice a difference in adblocking capabilities and it’s nice knowing that Wipr is entirely incapable of ever doing anything shady.

It’s also nice that content blocker extensions work with mobile Safari, removing the need to install a third party browser and dramatically reducing cell data consumption when browsing. It’s frustrating how Chrome for Android has no blocking capabilities whatsoever.

Wich is why I use Firefox for Android. With extensions.

I do too when using Android, but ideally doing that should be an option, not a requirement. Content blocking is base level browser functionality these days. Unfortunately Google’s position as an ad company will likely ensure that Chrome for Android will never see any form of content blocking, let alone full fledged extensions.

"I also did not join in the Chrome bashing as I personally prefer the "security" of content blockers vs. extensions. (Tho, I trust my goto extension uBlock Origin just fine."

Interesting, as the uBlock Origin author is pretty clear that uBlock Origin for chrome will cease to exist if/when Chrome implements the manifest v3 changes that make it "Safari like".

> Because content blockers are fine for the majority of users, IMO.

This seems like putting the cart before the horse, no? Apple is in a good position to change this and chose not to. Personally it changed the internet for me when I could right click → block content forever. Meanwhile I haven’t found any content blocker on ios or safari that successfully blocks all ads. Even firefox focus lets some through.

There’s a reason they’re focusing on “privacy” and not “ad blocking”.

>I personally prefer the "security" of content blockers vs. extensions

This is why content blockers are actually better, extensions are huge security holes.

Setting aside the whole issue of content v ad blocking, anything that locks down the capabilities of extensions on your system is only a plus for your security.

Nobody cares about extensibility any more :(

"This is what's good for you, and you're going to like it!"

I hate computing nowadays.

Of the scales between freedom and security have tipped more to the security side.

In a way, I mourn the lost freedom, but on the other hand, the increasing scale and sophistication of bad actors make me want for more security. Yes, I know about old Ben's "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety" but in tech there are amplifying factors that can simply overwhelm even the most staunch defender of liberty. At this point you have to give up most uses of technology that have become socially ingrained, if you want to remain secure, yet have complete freedom about your tech. A lifestyle like RMS does not seem appealing to very many people.

A "caveat emptor" argument simply does not work with tech. No one can fully examine every piece of hardware and software, and determine it's secure, or find trusted and competent sources to vouch for everything with certainty. Even then, eventually tricky issues arise in time where subtle bugs can be exploited. By the time there's something for the emptor to caveat, their data has long still been stolen and compromised.

Your scenario fails because there's no reason you can't have both. No one forces anyone to install extensions. Apple could make it available to turn off and use a custom extension without much ado. Instead they act like authoritarians.

That logic, taken to its rational conclusion, means you shouldn’t be able to run any executable on your computer unless it’s been pre-approved by your OS manufacturer.

And yes, that would be a plus for security - and a negative for user freedom.

“Users” don’t care about the type of “freedom” that geeks care about. In fact, I like having the freedom to install any random crap on my iOS devices knowing that it is limited by both the sandbox and the permissions that I give it.

Which is different than any desktop OS.

You can have the same “freedom” on Mac by going into system preferences and turning on the option to only allow App Store apps to run.

It should remain an option, not a forced choice.

(As long as Firefox still exists and can run on desktops, there will still be a choice... but it’s still unfortunate and a disturbing trend to see more companies making moves against user freedom on their PCs.)

Until you need to install something like Zoom - which is suppose to be reputable - and it installs a web server that reinstalls itself if you uninstall it.

Why not have a content blocker with much higher limits? If security is the aim why the limit for 50000 filter rules in use at one time?

I've yet to see a iOS or macOS content blocker that doesn't use multiple filter rules to bypass the 50k limit.

I'm not sure I understand. If everybody can bypass the 50k limit, what's the point of the limit?

If the 50k limit isn't sufficiently high, I don't think, "they're trying to restrict blockers, but don't worry they're bad at it" is a great defense. And if the 50k limit is high enough, and it's a reasonable tradeoff between privacy and performance, then why are content blockers putting in extra work to bypass it?

Should we expect that Apple will block the limit workaround in the future?

One guess:

Without a limit, developers would probably default to a massive append-only list that takes a minute to compile.

With a limit, developers have to shard their rules which lets them at least compile them in parallel. For example, you need to recompile the list if you want to support on-the-fly customizations like "whitelist this site."

> bypass the 50k limit

> when Apple rolled out the new Content Blocker API, it enforced a maximum limit of 50,000 rules for each new extension that wanted to block content inside Safari.

Check again? You're probably thinking of how classic extensions used to work.

> why the limit for 50000 filter rules in use at one time?

Eventually more rules will cause a performance impact.

So do tabs and I can still open 500 (maybe more already) on a 4 year old phone. No scenario I can imagine relies on having so many tabs open at once. The 50000 rules limit is far more crippling to blockers since you need those rules at once.

Hint: Those tabs aren't really tabs, they're pretty much just text links, they are not loaded into memory. 99% of them NOT running. If all 500 of those tabs ran in parallel you wouldn't be able to use your phone.

They can't possibly cause as much performance impact as allowing ads through.

Put a disclaimer/warning and let the user decide whether the trade-off is worth it.

Ads tend to have far higher performance and power consumption impact than this. Do Safari or Chrome force downscaled pictures and videos on you because it's faster? How is any other software "limited" for performance? And if this is a performance issue then why a fixed limit instead of one that varies with your system's performance?

Edit. HN is "hinting" at me that a developer setting arbitrarily low limits "for performance" and not allowing a change is reasonable and expected. Strange place to be told that manufacturer defaults are sacred and the "advanced settings" checkbox should be abolished. For performance, stability, all that. :)

It’s kept low for performance. I wonder if they’ll revisit the limit at some point.

Then why enforce the same limit for the iPhone 6s and a top of the line (i)Mac Pro?

The elegant solution would be to start with a sensible preset for your device, allow you to change it if you want, and then warn you if some noticeable delays are detected. IE used to do this with addon loading.

What performance? Build a DDA out of the union of all the patterns and run it over each URL. Now you have O(1) (with low constant factors) matching no matter how many patterns you have. The DFA itself takes space and memory dereferences aren't free either, but even huge DFAs can be very compact.

They do build a DFA of the rules.

>I also did not join in the Chrome bashing as I personally prefer the "security" of content blockers vs. extensions. (Tho, I trust my goto extension uBlock Origin just fine.)

Do you know if/what are the differences between what Google done in Chrome and what Apple done it Safari? Are this changes affecting only ad blockers or other useful extensions?

>I trust my goto extension uBlock Origin just fine

I am curious, why is that ?

I'm not the parent you replied to, but I do trust uBlock Origin as well.

While I occasionally switch my browser I never ever browse without uBlock Origin. As far as I am able to evaluate, its author and sole administrator (goes by "gorhill") is very transparent and continuously demonstrates an aligned interest with myself as a normal web user.

...which is a quality I not always see with Mozilla and never ever assumed with Google Chrome product management.

I see, thanks for the answer !

I would rather rely on both a good permission model AND a transparent well meaning author than only one of the two, but I can see how it can be enough.

The issue is that even considering that this person is indeed honest (and to be clear I absolutely don't intend to smear them, I have no idea who they are), they can one day decide to stop developing the extension and leave it to somebody else, accept external contributors that might be malicious, etc

How does Wipr compare to AdGuard?

Of course there will be power users who are buggered, but things like Wipr on iOS and macOS work just fine for blocking ads.

I never understand why the sorts of people who engage in geek posturing even bother with iOS. Apple's whole theme since 1984 has been ease and simplicity of use.

A lot of it is people who read something anti-iOS that sounds vaguely technical on another web site, then parrot it all around to make themselves sound like power users.

But if they really were as technical as they portray themselves, they'd be rolling their own Android distribution with all the features they claim they need, instead of moaning that iOS doesn't work the way they want it to.

Just because I know how to mess with all that shit doesn't mean I want to.

>I never understand why the sorts of people who engage in geek posturing even bother with iOS.

I think selective geekery has become a thing as technology now pervades all aspects of our lives. There's just not enough time to tinker with everything all the time.

Just because I'm tech savvy doesn't mean I want to waste my time.

> users didn't say a thing

Maybe most users are simply not aware of this? As a Safari user, I did notice that Adblock wasn't working so well lately. I didn't know it has to do with Apple, I just assumed that I had to wait for the next update.

I noticed this overnight when uBlock Origin wasn't working. I've been slowly transitioning over to Firefox over the last few months, but still end up in Safari quite often.

This motivates me more to move over to Firefox permanently. Battery life might take a hit, but the philosophical and political motivation is too high not to use Firefox.

IIRC Mozilla said recently (last week or two) that they had managed to patch the bug responsible for the majority of battery issues on macOS.

Tests showed this finally brought power usage inline with Chrome, but not down to Safari levels.

I can confirm: Been using Firefox for months on my Mac, and it is not draining my battery like it did a few years ago. It used to be very resource hungry, not anymore.

Safari is SO much more efficient than Firefox. I find it to be more performant while also using a lot less juice on my MBP.

I tried Safari for the first time in a while a few days ago and I agree with you. But the amount of ads, videos, popups, and sticky crap all over the screen makes reading web sites impossible. I didn't realize just how bad the web browsing experience had become without an ad blocker. I'm rebuilding my Pihole at the moment so this nonsense will go away soon. But it's really, really bad to be without it.

But you can still use ad-blockers in Safari… it's not like now it's impossible to block ads in Safari…

Yeah, I was on vacation recently and didn’t have my pihole. It was also eye opening for me too.

Before my next trip I want to get a VPN configured so that when I am remote I can 1, access my home network/lab and 2. Take advantage of pihole (not to mention encrypting my traffic)

I'm putting my next pihole on a cloud VPS so I can use it from anywhere. It's an experiment; I want to see how long I can keep it from becoming part of a botnet. Ideas welcome.

It’s totally doable. You want to run a VPN server on the host so that you can connect to it and have your network traffic go through it. You could tunnel all traffic thru the VPN, or only the DNS traffic. Then you could have the pihole bound to the local interface only, not accepting connections from outside that host.

I’m making it sound easier than it is, but it’s still pretty straightforward. There’s actually a doc on the official pihole site that explains how to do this but I haven’t read it completely.

But ads often slowdown browsing significantly and cause unwanted cpu work and network traffic.

Then there is tracking and sometimes even malware...

Safari is aggressively attacking the tracking problem as a code browser feature, and the as blocking capabilities are sufficient for blocking all the ads you need blocked anyway. It just can't do all the other page optimization / CSS stuff to strip out elements completely, so you might have some empty divs or whatever; who cares

I have Pihole on my network doing DNS/ad-blocking.

So just install a content blocker? I don't get what you're trying to say.

Plenty of them out there for iOS and macOS and they work well.

FYI, In the next Firefox release there's a change that should dramatically improve Firefox battery use.

The other issue is that uBlock Origin development on Safari stopped sometime last year. I still prefer Safari, but Firefox is a close second so I'll just switch if I can't find a good enough adblocker for Safari.

And whatever adblock works on mobile Safari (I'm using Refine, but haven't looked at others) is already pretty good.

Why not just move to a content blocker?

I noticed this for the first time this morning - I hadn't heard about any changes ahead of time.

I accidentally used the web for about three minutes a few weeks ago without Ghostery installed, and the experience was quite miserable. It actually led me to finally buy a Raspberry Pi and put PiHole on my home network.

If Safari doesn't continue to support ad blocking for when I'm outside my home network ("Ghostery Lite" is in the App Store, but I haven't fully evaluated it yet), I will switch away from Safari as a primary browser - probably to Firefox.

I'm not sure I view this in the same light as a Google, however. There is a content-blocking API which seems to work OK, and Apple do not rely on privacy invasion for a substantial portion of their income.

Safari supports the same sort of ad blocking as a pi hole -- specifying a list of domains to block. This is available in so-called content blocking extensions.

So far I haven't spotted a problem with Safari's new content blocking mechanism (using Ghostery Lite). I still prefer the PiHole because it applies to all devices without additional configuration.

Where does "users didn't say a thing" come from? The version that really makes the difference was only released a few days ago... and there has been lots of news/criticism in tech circles about it.

This. I started Safari today for the first time in weeks, and I was greeted by a popup saying they’ve broken most of the extensions I have, including Bitwarden (!).

Well then, even less of an incentive to ever use Safari again. Already I started it only when I actually wanted to be tracked (with referral-generating sites like quidco and so on), now I’ll just never use it. And to think I even went to the trouble of building an extension for it, so many years ago....

Apple really, really hates the desktop these days.

FYI there is a beta for a new Safari extension for Bitwarden you can use https://github.com/bitwarden/browser/issues/664

I have been using it for a week or so now and other than the known issues mentioned it works the same as before.

It’s actually released now on the website.

How many Safari users even know what an ad blocker is? It's not exactly a power feature, but people using the stock browser shipped with their OS probably aren't aware that it's even an option.

Many people using Mac will use safari because it's power usage is incredibly low compared to the others. Im a Firefox user, but on a MacBook, safari is the only option.

To further add to that EVERY person using an iPhone is using Safari. If they search the app store for adblock or some other name brand blocker, they’ll be instructed to turn on content blockers.

In addition to the power usage, Safari is the only browser that syncs tabs and passwords with the browser on my iPhone. I tried to use Firefox (in response to this change) but I couldn't log in to any websites because all of my passwords are randomly-generated strong passwords stored in Keychain and Firefox refuses to use the Keychain.

My MacBook is plugged in 90% of the time. While travelling for example on a plane and I forget to charge it, then yeah, Safari is helpful to have.

Even while plugged in, your computer has limited CPU/GPU to go around.

Swapping out one app for another that's almost identical but with less CPU usage seems like a no-brainer. Though I do keep Chrome around with a couple tabs open for its development tools during work.

Safari even uses fewer resources when watching Youtube/Netflix at the same resolution. I first noticed this while using a dual monitor setup with a fullscreen game on one and Youtube/Netflix on the other. I noticed my game's FPS would improve if I merely changed from Chrome to Safari when watching video. Did some more scientific measurements and never looked back.

Firefox is supposed to have fixed that in nightly builds. Can’t land in the main channel soon enough.

I think many people using a Mac use Safari because it’s the default.

I use it because it has the best looking font rendering and the smoothest scrolling

This is why I use it. I haven't upgraded to Safari 13 yet so if that's where the change is it hasn't hit me yet. Still using an old version of ublock origin that has updated lists and between that and pihole it's going strong.

Firefox is nice and chrome is ok but they're a distant second at the moment due to the ecosystem with iOS

Some people actually choose to use Safari from the plethora of available browsers. Low battery use, smooth scrolling, and utmost respect of system settings (e.g., Firefox will still use a blue accent color even if you set your system accent color to something else) are all reasons to consciously choose Safari over another browser.

I have some 5 or 6 browsers on my Mac, mostly for development purposes but for everyday web browsing, unless there's some special requirements, I still use Safari. It's the most convenient and efficient of Mac browsers, and the rest just feel a bit crufty and un-Mac-like.

Honest question....

Is the problem of content blockers using rule lists? Or, is the issue that Chrome proposes to limit the number of rules. Quickly looking at Safari there isn't this limit to the number of rules.

I understand change being a problem and maybe uBlock Origin can't work in the new Safari model. But, could a new project do just a well based on similar blocking ideas?

The article states that Safari does have a limit of 50,000 rules, and that this is less than Google's updated proposed limit of 120,000 rules that ad blockers have stated is too low.

I believe ad blockers like uBlock Origin also do some dynamic detection of behavior so that certain types of ad-serving that come from hosts you do not want to block. CBS Sports, for example, requires special handling -- in Google Chrome, accomplished by a separate extension for uBlock Origin -- to properly block ads on their site without destroying login and video functionality. This kind of blocking cannot be performed with host lists.

Safari allows 50,000 rules per list and an extension can have unlimited lists. Google is doing "a global maximum of 150k rules" per extension.


IIRC, the limit is 50k a list, but you can have unlimited lists. That is the difference between 1Blocker and 1Blocker X.

According to the posted article, Apple limits the number of rules in Safari as well. Safari's limit is 50k.

Similarly, Chrome's initial proposal suggested a limit of 30k, which has since been revised upwards to 90k to 120k based on feedback.

The article is wrong. There is a 50K limit per list but you can have unlimited list. 1Blocker X does this.

I thought I mentioned that, but I must have accidentally deleted it when I edited the comment. Thanks for pointing it out.

I wouldn't say the article is wrong, just that a workaround exists.

While "Power Users" make up a small amount of total users. (Something like only 20% of people use an adblocker). These power users have tremendous sway on the masses, they're the IT/tech savvy people setting things up for other people and people listen to them. I trust Gorhill and ublock origin a lot more than I trust Apple and whatever closed source shitty adblocker the put in Safari. At this point Chrome (run by an ad company, but chromium is open source)is looking better then Safari.

Firefox or tor are the only good browsers left, that you can trust. Bromite for Android is amazing too, honestly the browsing experience because of the free high quality adblockers is so much better on Android compared to IOS. Nothing comes close t0 ublock origin. Safari on osx is like Windows Microsoft Edge or Android Chrome, they're both quite useful for downloading Firefox.

I thought, "This article is based on a Hacker News comment." And it was.

I've tried to switch to Safari about 10 different times, and each time some random different missing feature stopped me from being able to do it. It's got low market share relative to the other browsers and the most picky users are going to be those who weren't satisfied with it in the first place (like me).

Safari content blockers are okay, but not great, and 1Blocker didn't block nearly the amount of ads that were blocked by uBlock Origin on Firefox/Chrome, so I just decided to stay with Chrome/FF.

I don’t get it, is this separate from the native content blockers they introduced to big fanfare a few years back? If so, what’s the problem, why would we need two systems for blocking ads?

Because we saw it coming. Apple made no secret of it.

And when running uBlock Origin on Safari became untenable, I switched to Firefox full-time and its been great.

Who the hell uses Safari? And why? Google Chrome works perfectly on my Macbook. I don't see a reason to use anything else.

I use Safari because it is lightweight, fast, and imho, better looking (compact, minimalist) than Chrome.

It uses WebKit, like Chrome, so it renders pages the same, but I simply find the app much simpler, faster, and comfortable to use.

Give it a try some time.

Here's a thread in this very comments section with some answers: https://news.ycombinator.com/item?id=21035826

POWER EFFICIENCY is the only thing, also sync across devices is bonus.

The power efficiency of Safari is much better.

Google is Skynet.

Isn't this article incorrect? Apple changed the _distribution_ mechanism for Safari extensions, something they have been communicating for a year to developers. And many developers, like 1Blocker, have already moved on to the new extension packaging format and work just fine like they did.

What they have not done is cripple Safari's web extension capabilities. Correct me if I'm wrong, but I am sure developers can still use the exact same blocklists that they used before.

Same as documented on https://developer.apple.com/documentation/safariservices/cre...

Comparing this to what Chrome pulled is not fair - I think Chrome actually crippled ad blocker capabilities, while Apple only changed the format of a packaged extension.


Not quite. Safari extensions were, like other browsers, a package of JS that could mostly run as it liked in your tab. The new app extensions system is more generally applicable across the system, but more precise in what it allows. For example, it allows an app to provide a sharing target – so that other apps can share content to it.

The relevant thing that's provided here is a content blocking extension point. Unlike ad blockers providing a bundle of JS that may or may not block ads, record your browser history, etc, the content blocking extension point is a pull-based system. Safari asks the app for its list of content to block, then computes that into a fast lookup table of some sort, and never talks to the app during browsing. This means ad blocker app built with the app extensions API is more secure, more private, and in all likelihood, faster. Potential complexity is reduced, but that may be worth it.

because of the difficulty in policing extensions, this is decidedly a good thing.

that ad blocking and privacy tracking precision suffers is not great, but with safari’s cookie policy it makes up for it.

such a content blocker method doesn’t work for chrome because ghostery and the like won’t work. with safari it doesn’t matter as much (if at all) because the core browser handles this much better.

I use other browsers for general browsing. I only use safari for specific tasks like shopping at sites I’m already familiar with

One more reason to block everything at the DNS level.

Well, it's Apple ain't it? It it would be Google or Microsoft, HN would have 16 upvoted posts.

Brand cheerleading is, and always have been, alive and well.

Because Apple doing this transition in a much better way. First they introduce some better system (for ex: content blockers), waiting for it to be successful from user perspective, then replacing old system with this new accepted one.

"The bottom line is that there's no way to install a classic Safari ad blocker starting this week, and that Apple is expected to remove or disable old Safari legacy extensions from users' browsers sometime in the future, for good."

How is that different from what chrome is doing? There's a deprecation plan, it doesn't appear to be significantly shorter in time scale than what apple did.

Content blockers are inferior to extensions such as uBlock Origin.

It's complicated? They have advantages and disadvantages over extensions. For most people who just installed an adblocker and never touched its settings, I bet they're practically equivalent.

Advantages: privacy, efficiency

Disadvantages: lack of flexibility, some things they just can't do

If you have some source about the efficiency advantage, could you please share?

I only ever read that hypothetically it could be more efficient but never stumbled upon actual measurements/benchmarks.

Also, extension adblockers are already so efficient that I would doubt there is a perceptible difference.

That is naughty. I haven't used Safari for a few years as I have Vivaldi always running. But this change is just not right.

I use brave it seems to work great

Here here. Even though they use the same browser engine as Chrome, the Brave team have chosen not to include the blocker limitation introduced by Google[0].


Chrome did not introduce any limitation yet and it’s gonna take a while before they do it (they only started showing part of Manifest v3 changes in canary versions). So nothing changes for forks of Chrome for now.

Because Safari has no users.

Safari has tons of users, the majority being on mobile.

Safari has functioning content blocking.

What is the point of your comment?

I was using Safari every now and then, replaced it with Firefox not long ago. Now I won‘t use Safari at all.

The only two extensions I used - AdGuard and Feeder are not working anymore.


Just use 1Blocker. It works fine. Extensions are battery killers.

Not just "just use 1Blocker", but isn't the mechanism 1Blocker uses functionally equivalent to the "old" mechanism? Whereas Chrome just turned it off without offering a different route to the same functionality?

To my knowledge, 1Blocker uses the iOS/macOS content blocking APIs, which essentially allow an app to provide lists of content to block to the system, which pre-computes a fast/efficient ruleset for use while browsing. This results in lower energy usage, faster browsing, and more privacy during browsing.

Chrome does not to my knowledge provide an API like this, and extensions are still roughly a JS bundle that defines blocking rules at runtime, slowly, using more energy, and potentially having access to your browser history while it does it.

The posted article is all about how the changes Apple made to Safari mirror the proposed changes to Chrome. Safari content blockers such as 1Blocker are pretty much exactly how Chrome adblockers will work in the future.

Chrome has not changed how extensions work yet. That's all in the future. Currently, nothing has been turned off and the "old" mechanism still works. Eventually that will change, just as Safari has already done.

"Extensions are battery killers" is simplistic, and, well, wrong. Like any program, efficiency depends on what a program actually does. Some extensions use a lot of power. Others don't. The anti-extension animus on this thread is weird.

"Extensions are battery killers."

ANY processing is a battery killer. It's as if people forgot every single thing done on a computer system STILL REQUIRES ENERGY TO DO.

Maybe there aren't that many Safari users at all and the remaining just moved to Firefox/Chrome.

Really? That was downvote worthy?

I just stopped using both Safari and Chrome, ditched them for Firefox on all my devices. Also, I'm almost exclusively use Duckduckgo now for search.

Yes, Firefox does drain MBP battery, that's sad, but they promise to fix it.

Adblock is stupid. Block hosts and be done with it. Pihole/pixelserv/diversion for the lan, gas mask for Mac, AdGuard vpn with custom lists for iOS. No ads, no stupid adblocker blockers bs.

AdGuard vpn with custom lists for iOS.

"I don't trust ads, so I'm going to run all my internet traffic though this rando VPN in the Middle East."

Why the "Middle East"?

AdGuard and similar apps such as Blokada function as local VPNs, as mentioned, so most traffic does not pass through any particular external server.

The AdGuard app does use AdGuard's DNS servers, so DNS traffic passes through their servers in Russia: https://community.spiceworks.com/tools/ip-lookup/results?hos...

AdGuard says they do not log DNS queries.

The company was founded in Moscow in 2009. In 2017, they changed their official headquarters to Cyprus: https://adguard.com/en/blog/the-chronicle-of-adguard/amp.htm...

> The AdGuard app does use AdGuard's DNS servers

Well, no it does not if you don't explicitly choose AdGuard DNS among other DNS servers. It filters everything locally.

> through their servers in Russia

I see no servers in Russia on the map: https://adguard.com/en/adguard-dns/overview.html

Thanks, I didn't notice the app does not currently enable DNS filtering by default. I do frequently see posts especially on reddit recommending dns.adguard.com, so for a number of users the DNS service may be their main exposure to AdGuard.

You're an AdGuard developer, I take it? Based on your Show HN post: https://news.ycombinator.com/item?id=18238503

Would you happen to know why AdGuard's IP addresses point to Russia, if you no longer have servers there?

The link I previously posted is simply a tool to look up AdGuard's DNS address: https://community.spiceworks.com/tools/ip-lookup/results?hos...

Any HN users can look up the same information themselves.

> Would you happen to know why AdGuard's IP addresses point to Russia

The link shows the owner of the AS, not the location of the servers.

The IP address itself belongs to an AS (https://en.wikipedia.org/wiki/Autonomous_system_(Internet)) that belongs to a Russian hosting company, and we have a long term rent contract on this subnet (with a purchase option), and we'll eventually acquire it.

To check where it really leads you should see the output of `traceroute`. However, this is also not the best option because AG DNS uses anycast (https://en.wikipedia.org/wiki/Anycast), and the route depends on your location.

IIRC traceroute was how I originally looked it up locally. I posted the link for convenience. Perhaps I misinterpreted the results, though.

I'll have to take your word for it that the Russian IP address you use does not mean you have a server there. Thanks for the explanation.

Why the "Middle East"?

Because that's where the company is headquartered: Cyprus, which has Turkey, Syria, Lebanon, Israel, and Egypt for neighbors. The Middle East.

Technically that's not wrong, but Cyprus is an EU and Eurozone country.

Why not just say "Cyprus" rather than using the "Middle East" appellative?

Because it's small. The same way I could use "South America" for Uruguay, or "Eastern Europe" for Slovakia, but "China" for China, and "Russia" for Russia.

The problems with calling AdGuard untrustworthy because it's a "rando VPN in the Middle East" are threefold:

- The app is a local VPN so your data doesn't leave your device, except for their DNS feature.

- Cyprus is in the EU, so it's not what most people would think of as the "Middle East". The boundaries of the Middle East are man-made, not natural, and Cyprus is often considered closer to Europe these days.

- There may be concerns regarding certain states in the region, but implying "Middle East" is a pejorative is a bit crass.

TBH I'm more worried about AdGuard's Russian connections, though an AdGuard developer offered reassurances above.

If you're going to raise concerns about AdGuard, at least make them accurate.

A local VPN running on your device which code you can examine on Github: https://github.com/AdguardTeam/AdguardForiOS

It’s an on-device vpn only, not an actual vpn. But please keep contributing insults to the conversation without any research. :)

That should not be called a VPN, that's a local proxy server.

> in the Middle East.

FTFY: in the EU.

Or to be more accurate: in whichever country you reside. Because the VPN is local.

Does pihole block Facebook ads on Facebook.com, google ads on YouTube.com?

And to be honest, that's probably not a bad thing. Majority here are worried about cross site tracking and not advertising itself.

I'm worried about advertising itself.

I believe pervasive, omnipresent advertising is bad for society, even if it's native, and even if it respects people's privacy. Even in the real world, if there was some way of blocking billboards or posters on the subway, I'd be all for it. I really don't like companies inserting themselves into my life without my permission.

I don't know how typical that is -- almost certainly people like me are a minority, but I suspect that there's a non-trivial number of people who feel the same.

Native advertising is especially worse and it will only grow more prolific with ad blocking.

I'd rather have display ads like we've got now just to avoid having to do mental gymnastics to check if an article is an advertisement or not.

At least with the current situation things are separated.

Citation needed.

In all seriousness, I think the performance issue of ad-blocking is much more beneficial to me than the cross-site tracking. While cross-site tracking may end up being more nefarious or theoretically worse, the slowdown in reading and interaction is a definite real-world pain solved by blocking ads, even same-site ones.

Performance too. Honestly I'm not citing anything it's just my personal opinion. I have no issues with advertising beyond privacy, performance, and obviously advertising overload (there is a limit).


Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact