Hacker News new | past | comments | ask | show | jobs | submit login
How do Chrome extensions impact browser performance? (debugbear.com)
151 points by fdb 8 days ago | hide | past | favorite | 90 comments

Wow, look at the chart for how much ad blockers improve webpage performance for The Independent and Pittsburgh Post-Gazette. What absolute piles of shit they serve us and expect us to happily suck down for such meager morsels of content! This makes me 100% want them to fail even harder. Journalism hitched itself to a stupid advertising model that serves no one well and the proof couldn't be more stark.

I tried out The Independent with a popular "modern" browser

I found I could browse and read really fast if I just controlled DNS^1

I did not use an ad blocker.

I did not disable Javascript.

What I did was limit the available DNS information to a single domain, www.independent.co.uk

I experienced no significant delays or resource usage.

I was able to read the news no problem, fonts and formatting looked fine

There generally were no ugly image placeholders just white space

I tried blocking the ICO(1), PNG(2) and WOFF2(24) files. The page still looked great

The images are hosted on static.independent.co.uk

The video I suspect is hosted on a third party site, tracked and linked to adtech

I can easily download the images if I am really curious to see them but most images on news pages, unless they are photojournalism, are garbage, IMO

Anyway, I think it is quite easy to avoid all the tracking and ads, even without an ad blocker or disabling JS

The only things that "broke" on this website was the image display, offsite video sourcing and comments. Basically all the cruft :)

1. Truth is I did not even use DNS, the IP address was loaded into the memory of a loopback-bound proxy. No cookies were sent. No user-agent was sent. The only headers sent were Host and Connection

"limit the available DNS information to a single domain"

I would like to do this too, how did you go about doing it?

There are a number of different ways of doing it.

Are you familiar with running daemons? There are many different ones that can suffice.

The other question is browser you are using. I always assume the browser will ignore /etc/hosts. Otherwise the HOSTS file can provide a quick way to try this out.

Which daemons exactly? What would be their role?

How do you expect The Independent and Pittsburgh Post-Gazette to make money?

High level, there are basically four paths to getting revenue in journalism:

- ads

- subscribers

- donations from small patrons

- donations from large patrons

These cover a lot of different business models.

If you want to make money at journalism (or just keep the lights on), focusing on ads when they've been a declining source of revenue for decades is kind of crazy. And that's not due to ad blocking.

It's worth mentioning that ads can also be delivered without tracking and oodles of Javascript. Sell ad placements that are images, even GIFs.

People were blocking ads long before those were reasons.

The first ad blockers existed for popups and because ad networks were being used as a malware injection point.

Only extremists had an issue with the standard JPG banner ad at the top of every page.

TIL I'm an extremist.

Welcome to the club.

Though those little rectangle GIFs were mint back in the day

There is a 5th way. Sponsored content. Basically where people pay to have an article written about a particular topic or product.

>focusing on ads when they've been a declining source of revenue for decades

What led you to that conclusion? (You may be right. I don't know.)

I'd pay 25 cents an article, if they can get together with a few other content creators and decide on a shared micro-transaction system.

I have been waiting for this for a decade. Now that I’m a software developer I can only imagine what the difficulties of implementing this would be.

> what the difficulties of implementing this

Not every problem is technical. Modern journalism is still just a participant in capitalism.

This is a business model problem, and figuring out how to build a healthy company and news organization with a reliable stream of revenues to allow long-term planning. Add in the pressure that most journalism is now private sector with growth expectations, such that the BBC and NPR are outliers.

Isn't that the purpose of the BAT used in the Brave browser?

Yeah, and I hope it works out. But -- last I checked -- I can't use pay pal to add BAT, and I don't think it's a stable coin...

They should have invented Craigslist. No newspaper did this because they couldn't see the value of free classifieds driving traffic for select paid listings.

That's easy. I don't. I have no problem parasitically eating them for long-tail information while paying for my primary sources.

uBlock Origin and rampant infotheft it is. And that's okay, I don't really care if they live or die. Just like they don't really care if I live or die.

By providing better journalism than what I can get for free. That starts with the user experience, which is currently quite poor.

No one is willing to pay for local journalism when every site will copy your story as soon as it breaks.

Great, that puts it on-par with the status quo.

The problem is the free services can't exist without the originators. The originators can't exist without revenue. If the journalists who are actually writing the pieces as opposed to copying them don't get paid the whole thing falls apart.

That's when the current originators fall and newer, more intelligent ones take their place.

No. It's when clickbait and fake news crafted for engagement over truth takes their place.

How do they expect me to make money? I hate to be snarky, as I do actually value journalism and think it represents an important part of a free society. However, why is it my responsibility to participate in their business model? Can we fund them with taxes (in a non-dystopian way that keeps political interference out of the equation)? After all, they don't spend time thinking about my business model.

> However, why is it my responsibility to participate in their business model?

It’s not your responsibility, you can simply not visit their site if you don’t wish to participate.

> Can we fund them with taxes (in a non-dystopian way that keeps political interference out of the equation)?

How can this possibly work?

>It’s not your responsibility, you can simply not visit their site if you don’t wish to participate.

Agreed, this is the best answer. If I don't agree with a sites choice in terms of background scripts/privacy/funding method, I just stop visiting it.

Personally I think big tech aggregators like Google and Facebook should be taxed to support journalism. That could either be a fee when someone clicks on a link or a flat amount per year that everyone gets to spend on journalism implemented as a tax refund.

These companies have sucked all of the value out of journalism. Normally I'd be fine with that, but the tragedy of the commons on an entire vital industry seems to large to ignore here.

So what, Google and Facebook are now incentivized to ban those links from their platform, further increasing the censorship rampant on their platforms?

I knew it!

I'm working on a tool called amna (https://getamna.com). It manages your Chrome Windows for you as part of tasks. However, it does so by giving you a new profile of Chrome to work with Amna, without any extensions. Kind of like a brand new browser.

It's funny because most people who try Amna are like , whoa, how did you make Chrome so fast? They just don't realize that they have all of these unused and bloated extensions slowing them down. And ofc, after logging into Google, it syncs all their extensions and you're back to a crawl.

This is hilarious to me, in a really tragic way. It's a shame that this is the status quo for performance for what is probably the most used software type :(

The most interesting takeaway - the overall resource savings good adblockers provide - is buried under the IMO less interesting graphs showing bad extensions:


> Without ad-blockers per-page CPU time is 17.5 seconds.

This is completely insane. Of course it's a small fraction of that with good ad blockers.

Back when Firefox Mobile was near-unusably slow, ad blocking made it competitive. Overall, the experience (speed and UX annoyances) were roughly the same in both (the removal of ads making up for the clunky Firefox UI).

> Regression in Save to Pocket

> In last year's tests, Save to Pocket injected one small stylesheet into every page, but this had no noticeable impact on performance.

> However, Save to Pocket now always loads a 2 MB JavaScript file, adding 110 milliseconds of CPU time.

Probably a good time to start using Pockets bookmarklet:


Or just use Firefox, where the button is there by default. Not that I like it, but it's a builtin.

I really like what Firefox represents, but we can't just recommend Firefox when many websites don't work well o Firefox.

It might not be firefox's fault and I believe we should not endorse website browser exclusivity, but the fact is that if you have to use teams for instance, it is either the terribly inneficient and bug riddled app or the browser version which only supports calls on chromium based browsers.

Maybe you have to use Chrome and you have to use that particular extension.

Currently the worst offenders are video chat services using old non-standard WebRTC implementation. But this should be resolved this year with its deprecation and most services hopefully moving to standard WebRTC implementation. As for other non-working websites, you can report those directly to Firefox, that way they might be able to fix those.

I know of Netflix that doesn't support Firefox for some reason (last time I tried) but what other websites don't work in Firefox? I'm using Firefox (+uBlock Origin) as my daily driver and everything seems to work fine for me.

Netflix works fine for me in FF, but you will get a prompt to enable EME (DRM) on first visit on linux.

For some reason, Key Bank won't let me login using Firefox unless I spoof my user agent. They claim it's due to security issues with the browser. This is more of an active check though. when I pretend to be Chrome using as different user agent in a container, everything works fine.

Also, ADP (timesheets and paycheck system) frequently breaks for Firefox. Sometimes it just won't load any of its forms or grids when I'm using Firefox. I think they only test with Chrome.

> Key Bank won't let me login using Firefox unless I spoof my user agent

Stop encouraging this behavior and cancel your service, then.

> Also, ADP (timesheets and paycheck system) frequently breaks for Firefox. Sometimes it just won't load any of its forms or grids when I'm using Firefox. I think they only test with Chrome.

Was the last time you checked like 10 years ago? Haven't seen this happen in quite some time.

I'm not going to cancel my banking account and move to a different bank just because they don't want me accessing their website with a particular browser. It's not a big deal to bypass it and it's far more of a hassle to switch.

No, ADP was broken for Firefox just a few months ago. My workplace is on the ESR release channel, so maybe it broke for the slightly older ESR version of Firefox?

Netflix does work in Firefox now, though 4K playback in browser is still limited to Edge or Safari.

netflix worked fine for my last time i checked on firefox. unless something changed in the last few months it's fine

If you are a teams customer please file a ticket to improve cross-browser support.

The only way this will change is if their customers actually say something.

I mean, there is nothing in the roadmap:


And I already upvoted the support ticket for firefox:


However, teams was just an example. Just to say that sometimes people can't just use firefox despite their efforts. Trust me I tried for months, and in both the companies I worked, either teams or Palo Alto VPN freak out with firefox. Had to adopt Brave for the working environment. I use firefox for everything else, though.

>When testing extensions on the Apple homepage we can see that a dark mode extension called Dark Reader spends 25 seconds analyzing and adjusting images so that they better fit into a dark theme. As a result the page loads much more slowly, as we'll see later on.

Sums up my experience not only on Dark Reader but a lot of other Dark mode extension. To the point I simply give up and use some specific CSS extensions. ( However I still get a white screen flash and then turn dark with every refresh or page load, wonder if anyone has a solution to that ).

The same with Ad Block. I just use NextDNS now and it is so much better.

Genuinely curious, is "25 seconds" a typo? The bar graph suggests Dark Mode adds an additional 3000ms, presumably measured in wall clock time, but IIRC extensions are executed in a single thread. So I'm having trouble attributing a difference of that magnitude to, say, total CPU time.

>Genuinely curious, is "25 seconds" a typo?

I am not surprised. Dark Reader have to wait for the whole page downloaded before doing all the calculation on a page with lots of animations and other graphics image over features and CSS layout. ( And it is worst if the image has a white background and not transparent ) There are some page that are just problematic. So generally speaking it is not a very good browsing experience.

In defense of Dark Reader, you can switch its mode for all or just some sites. There's a mode, where it does not parse existing CSS and just injects its own.

Author here. Not a typo, I just cut off the chart at 3s because otherwise you can't see any useful info about the other extensions.

You can force light themes instead and flip the colors in KWin. This will make text look worse than doing it in CSS, but it's basically free performance-wise.


Aside from that, I found that using blue light safety glasses (e.g. Uvex) reduces the pain I get from white flashes significantly.

Solution: From what I remember you could solve it by using firefox CSS. But it implicate using firefox

I have not heard of many of the ad blockers in this list [0].

However, it was good to see that UBlock Origin is consistently performing better than most of the other "security" extensions.

Edit: It appears that this anchor is used more than once on that page so it takes you to the wrong link! This [1] is the image I wanted to link to!

[0] - https://www.debugbear.com/blog/chrome-extension-performance-...

[1] - https://dbb-dev.imgix.net/blog/2021-chrome-extension-perform...

"Last year, Grammarly was loading a 1.3 MB Grammarly.js file on every page. Now on most websites only a 112 KB Grammarly-check.js script is loaded. Only if, for example, the user focuses on a text area does the extension load the full Grammarly.js file." I have to wonder if this could be somehow avoided...

You can bundle js files in extensions… That being said parsing 1.3 of cached JS every site hit is pretty silly. No clue why their “check” js is even 100k. That’s a lot of minified js!

> "only a 112 KB Grammarly-check.js script"

Just that requires 112KB? Seems easily an order of magnitude bigger than it ought to be.

Can you expand on this? You make it seem obvious but I'm really not sure what you're referring to.

it's comparable to website frontend and backend. While there's a single, big instance of the server in the back, there are many clients rendering their small part in the front.

Each time you refresh, only the client is reloaded. To reduce loading times, you should have small clients and let the server so the heavy lifting.

An extension consists of a thin content script loaded into each page that exchanges messages with a long-running background script. Normally you'd make the content script as thin as possible and make the background script do the real work.

I avoid it by not installing Grammarly?

It could've been cached once and used repeatedly if only the Web had not become so hostile that browsers were forced to enforce same-origin...

What makes you think that it's being loaded over the network? It's most likely loading it from fs directly.

Parsing a blob that huge does impact performance though.

It does, but caching/same-origin policies wouldn't change anything in this case.

The Dark Reader performance impact is something I have definitely noticed, had to uninstall it, which is a shame because it works very well.

I've set it to off by default (using a whitelist instead of a blacklist), and have some custom dark themes for most sites I use anyway. Sucks to have bright pages every now and then, but it's still really useful.

Eh, I wouldn't say it works very well if you get a white flash half the time on switching tabs.

So when Google told us manifest v3 needed to throttle ad blockers to improve performance, they were either lying or had no data to back their claim?


All depends what performance metrics you're comparing, there are plenty of data points in this article showing ad blockers slowing down the browser experience, typically on pages that aren't ad-hell. That being said for pages that are ad-hell (typical news sites are a perfect example) an adblocker prevents loading 90% of the site content so is still faster than not. For a page that's 90% not-ad-content it results in a slower experience. The latter gives particularly bad results for ad-blockers in benchmarks.

All depends what sites you compare.

The question is, do Chrome extensions require the user to be "logged in" to Chrome . That seems like a significant tradeoff just to control some software. (Does Firefox require login to run extensions?)

Anyone know what the fastest-loading password manager might be?

Not really "fastest-loading", but you can search for "pass" in the full results to see which have the least performance impact: https://www.debugbear.com/chrome-extension-performance-looku...

In terms of additional on-page CPU activity on example.com (and therefore likely on every page):

  1Password +3 ms
  ThinkVantage +5 ms
  Enpass +15 ms
  Bitwarden +25 ms
  KeePassXC +28 ms
  Dashlane +80 ms
  Norton +88ms
  RoboForm +121ms (also delays render by 115 ms)
  LastPass +127 ms (also delays render by 105 ms)
  NordPass +156 ms
  Keeper +206 ms
  Avira +219 ms

Do you mean fastest-loading in the browser (from initial key press to auto-fill-in)? or just fastest loading app of its own?

KeePass and use it's password pasting feature.

The one built into your browser.

How do I access that from my phone or in native apps or store encrypted notes?

If you're in the Google ecosystem (Chrome, Google account, Android), then it syncs to your phone and works in native apps. No encrypted notes as far as I know however.

I would guess Apple's ecosystem (Safari, Keychain, iOS) would have similar functionality?

That becomes a problem when you work across both ecosystems. I use devices in both ecosystems so an independent password sync utility is necessary for me to be able to access the same set of passwords on my macOS, Linux, Windows and Android devices and within Firefox (on all 4 underlying platforms). I personally use Bitwarden which seems to have good performance in Firefox at least. The Android Bitwarden app also supports password auto-fill in native apps on Android as well (and it works on iOS as well when I had an iOS device).

I think for that use case, you have to suffer the performance penalty of a third-party password manager (original post was looking for the fastest password manager, which will almost always be the first-party one, and be tied to the one platform).

Out of curiosity, how much would you pay for a password manager with decent performance?

Bitwarden is free, so zero? I would be happy to make a recurring small donation though like I do for various projects on GitHub.

Bitwarden hangs for multiple seconds every time you unlock the vault. It loses state when you click outside of the popup, alt tab, etc.

AFAIK it also leaks the list of all your logins (or rather the sites) through their favicon caching server. To turn this off you first have to login (wtf?).

> AFAIK it also leaks the list of all your logins (or rather the sites) through their favicon caching server. To turn this off you first have to login (wtf?).

Do you have more info on this?

this has been shared 4 times in the past 2 weeks

Seems to be shilling a commercial version of https://developers.google.com/speed/pagespeed/insights/

Interestingly I’m a HN addict who reads HN multiple times a day, and this is the first time I’ve seen it.

i know dark reader is bad, but I’m glad somebody did the math.

this is an excellent write-up

Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact