> By releasing an extension built with Manifest V3 today — first among developers of ad blockers – we can say that we've met the challenge that Google posed to us.
They shouldn't do this IMHO.
Manifest V3 is a horrible attempt to kill adblocking (under the banner of "security", as always). But, the web is completely unusable without adblocking.
If there are no more (effective) adblockers for Chrome, users will frantically begin to search for an alternative; there are many: Firefox and Brave to mention just two.
Giving a boost to alternative browsers can only be a good thing; and it may also, eventually, make Google rethink this policy.
Firefox is building MV3 and while they are coy with deprecating MV2, we all know, c'mon, they won't keep MV2 even a day after their minimum year promised.
Their track record speaks against them.
XPCOM extensions? Killed, but don't worry, we will re-implement all the needed APIs as WebExtensions (didn't happen).
Fennec to Fenix mobile extensions? Killed, you get these 10 blessed ones, don't worry, we will eventually re-enable all of the webextensions on mobile, any day now, (didn't happen, you have to do hacky hacks involving nightly version to do un-blessed extensions).
This will likely be their third strike.
UPDATE: Or it's not nearly as bad as I expected. Per [1], while Firefox will be eventually deprecating MV2, the Firefox MV3 is much less 'evil' than the Chrome MV3, in that Firefox will continue to enable the WebRequest API without all the lock-down restrictions.
This makes a competitive advantage for Firefox in terms of adblocking power, if anything.
I also was and still am disappointed about both changes, but I don't think you're being at all fair to Mozilla.
In both transitions, Mozilla made sure to support the needs of both uBlock origin and NoScript, extending the webextension API (such that uBlock origin on Firefox is more capable than on current Chromium) and working with uBlock to make its interface more mobile-friendly.
They also extended the webextension API to allow for extensions such as Treestyle tabs and Panorama-reimplementations (so not remotely all XUL use-cases, but still most of the popular ones).
Hence, they've proven that they will go considerably beyond what Google/Chromium are doing, and that they won't harm "content-blockers", which is what we care about in this case.
I’d say fairness also requires mentioning how the browser has been able to improve because of killing off XUL extensions; technologically, they were holding things back. Firefox is considerably faster than would have been possible without breaking a great many XUL extensions anyway. And more secure, if you care about that kind of thing, which normal people probably do or should, but frankly it’s the performance I care more about. So this is a “yeah, it’s a pity, but there were good reasons and you have benefited from it, even as you suffered” kind of thing.
Also how much more reliable long-term extension/browser compatibility has improved: I’ve used Firefox Nightly as my daily driver for about ten of the last twelve years, and until 2017 I’d spot at least one or two breakages each year, mostly fairly minor, but the occasional major (a couple of which accounted for maybe six months of going back to stable—and the lead-up to the killing of XUL extensions was another few months on stable because not all that I wanted was ready on WebExtensions yet). The extensions were typically patched before the change hit stable Firefox, so normal users wouldn’t notice most. But since WebExtensions, I don’t recall a single breakage. I acknowledge that the biggest breakages were in functionality that cannot be replicated any more, like Pentadactyl (and I ended up not even trying to replace it), but still, the minor and subtle breakages are just gone.
Regarding pentadactyl, I'm using tridactyl on Firefox and essentially for all my use cases it behaves the same as pentadactyl. I realise that some of the advanced functionality of pentadactyl is not available (IIRC pentadactyl allowed you to essentially reprogram the browser), but I have to say I'm not really missing much.
In most areas (though certainly not all), the difference was generally ironed out well before the advent of WebExtensions—what’s come since then has been as often surpassing as catching up.
Chrome was definitely a wake-up call, and the Firefox 4 cycle in 2010 achieved a lot. I recall doing audio stuff with the new Audio Data API (sadly since discontinued in favour of the much-more-complex-generally-for-no-good-reason Web Audio API) with a sine waves stress test (adding random sine waves together until underrun occurs) in Nightly, and watching the number it could cope with increase, week after week, due to JIT engine improvements. It went from handling a dozen to handling a couple of hundred over the course of two or three months.
When the transition from XPCOM to WebExt started, Mozilla made some big promises about the functionality parity about the two but failed to deliver most of them (and silently removed such promises from their official pages, and left relevant Bugzilla tickets rot (e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=1427928 )).
IMHO, practically speaking, the final result of WebExt isn't that bad, especially taking into consideration of the added APIs you mentioned.
It is the shear difference bwtween promise and reality that really hurts lots of power users and addon developers to this day.
Also you mentioned Treestyle as "most of the popular ones", but left out the elephant in the room, Tab Mix Plus, which even has its own Bugzilla ticket: https://bugzilla.mozilla.org/show_bug.cgi?id=1226546 Gesture extensions nowadays are also pretty limited compared to its heyday due to the nature of WebExt.
In hindsight, these promises were just too good to be true, but people were believing.
And the story of extension support on Firefox on Android is way too similar to the last time in the Fennec to Fenix transition. At least this time, users just didn't have much faith in it to begin with.
> I don't think you're being at all fair to Mozilla
> In both transitions, Mozilla made sure [to keep top popular addons mostly happy and ensure adblockers are happy]
Those are all fair points, and yes, I was probably too harsh with my language overall, that post written before I was corrected that Mozilla was not developing MV3 the same as Google was.
I stand by my strikes that Mozilla did kill XPCOM, and failed to deliver their promise to release all addons to Fenix on shipping stable versions. They don't even enable about:config on stable Fenix to enable power users to workaround that limitation.
"Mozilla did kill XPCOM" isn't a deviation from their stated intent. XPCOM was a magnet for Hyrum's Law problems, because obviously XPCOM plugins are going to depend on the inner workings of the browser, that's just how XPCOM is designed - so now if you touch these internals it breaks third party stuff. There were operating systems which took the approach XPCOM has to extensibility, they're not doing so great: Classic Mac OS, the Amiga Workbench, MS DOS... That's just not a sustainable situation, Mozilla had to kill XPCOM.
So to the extent Mozilla failed to deliver here it's on the replacement APIs. But how much is enough?
I would like lots of things to have APIs that don't. For example I'd like a way to do some basic queries on the built-in Public Suffix List for Firefox instead of needing to either bake the PSL into each plugin (and keep it up to date) or call out to a web API (ugh) or just guess that TLDs are "enough" and make everybody who needs other suffixes mad.
But in that particular case there are two reasons we don't have such APIs. #1 Nobody did the work. I didn't do the work, you didn't do the work, the work didn't get done. #2 In many cases (I think not mine but it's always arguable) the PSL is the Wrong Thing™ and so encouraging more use of the PSL makes things worse.
> There were operating systems which took the approach XPCOM has to extensibility, they're not doing so great
The Emacs OS is still doing well! :)
> "Mozilla did kill XPCOM" isn't a deviation from their stated intent.
The issue is that their stated intent changed over time, and their communication about their precise intentions was often pretty poor.
It didn't help that the Webextension transition came on the heels of the e10s transition (5 firefox versions separated deprecating non-e10s add-ons and disabling e10s add-ons), but with relatively little warning, which meant that:
1. Many people implicitly believed that once they adapted their addons for e10s, they'd be safe.
2. Many people put in a huge amount of work to adapt for e10s and then had to redo a large part of it to convert their add-on into a webextension.
3. Some people put in a huge amount of work to adapt for e10s and found out that their work was pointless because their add-ons couldn't be converted into webextensions.
From a technical point of view, much of Firefox's XPCOM/internals were actually sufficiently stable post-webextension (57) that old e10s extensions could have continued to work with little changes. (e.g. VimFx continued to work with minimal changes for ~30 Firefox versions, on Nightly, with very slight hacking. AFAICT it still continues to work, with slight changes, but now with major hacking to get it to actually install.)
Thanks for the summary. I had perceived the betrayal but I had never organized the thoughts nor verified the claims.
What do you think is the future (+2 years) for people with hatred for ads? For now I am using Firefox on computer + Kiwi in Android, but I also expect those two to go awry in the mid term.
* I see that after the edit, it doesn't look as bleak for Firefox PC. But what about Android?
For Android, I don't have a great answer for you. In theory you can install Fennec on F-Droid, version 57, the last version the last version of Firefox built by F-Droid that was based on the Fennec browser engine, but that has security vuln potential, increasingly so since its been a few years since Fennec -> Fenix switch.
For now, because I don't want to be hit by security vulns in the browser itself, I'm holding my nose and doing plain old Firefox mobile, leaving some of the tracking stuff blocked on my Pi-Hole, then letting my wireguard VPN ensure that even when I'm off Wi-Fi, my signal gets routed to my home connection so the Pi-Hole can stop some of the telemetry (but not all! some gets through no doubt).
Why am I holding my nose there? Because my planned next browser, Iceraven [1], is not yet out of alpha and published to F-Droid. I check every 3 months or so, once it is, that's where I'm going, because it's as close as I can get to Firefox Desktop, but runs on Android.
Firefox Nightly for Android supports most desktop extensions. It is clunky to enable them (you have to create a collection and then subscribe to it) and being a nightly build it does have some instability, but it works out pretty well.
Only caveat I've really found is that it gets stuck on the Guardian's website (after a few clicks).
It's not a clean experience and I wouldn't recommend it to anyone non-technical but I use this approach and it works fine, at least for the extensions I care about. There's also the caveat that you're running Firefox Nightly which usually is fine but has had big functionality bugs. I'd keep another browser installed as backup.
Hi, try Iceraven on android with a custom extension repo. They'll all install but are not guaranteed to work. I have most of those extensions working on Iceraven myself.
I don't know. I'm using it now in the form of pihole, but DoT/DoH with ESNI are coming, and we don't have a good way to ID and block them by their very nature, which is the bad edge of the double-edged sword that they enable.
The good edge is keeping ISPs etc. from messing with your DNS requests, but that sword cuts both ways as it also can lock your own home network out.
I don't understand what is it with DNS-based blocking people that they seem to be some of the most annoying proselytizers. Anyone remembers the "HOSTS file guy" from Slashdot ?
DNS-based blocking is as much a "future-proof" technology as "just don't look at the adverts". DNS-based blocking is old, easily workaroundable by anyone (just use the same domain name for everything, or interchangeable domain names, or just don't rely on system DNS), and significantly less featureful than even the simplest DOM/JS-based blocking (e.g. good luck collapsing ad elements from the view, getting Youtube not to play ads, etc.).
I think a hosted browser might be key to solving this. Something like Mighty (https://mightyapp.com) if it were self-hosted or somehow run by an org you could trust (or be run in some verifiably zero-trust way).
Parent asked about Firefox for Android. This functionality you mention is only available in Firefox Nightly, and even then it requires setting up a curated list on Mozilla's service to use it.
What's wrong with running Firefox nightly on android? I've been running it as my main browser for quite a while and have hardly experienced any breakage (maybe 2 or 3 times in the last 3 years).
> Fennec to Fenix mobile extensions? Killed, you get these 10 blessed ones, don't worry, we will eventually re-enable all of the webextensions on mobile, any day now
I harbor the (conspiracy?) theory is that Google told Mozilla based on their "No arbitrary code"-rule that they are not allowed to run arbitrary extensions anymore. And made Mozilla promise to never tell anyone.
> Fennec to Fenix mobile extensions? Killed, you get these 10 blessed ones, don't worry, we will eventually re-enable all of the webextensions on mobile, any day now, (didn't happen, you have to do hacky hacks involving nightly version to do un-blessed extensions).
The only thing keeping Firefox alive and relevant is uBlock Origin and its ad-blocking features. If Mozilla cripples it in any manner, Firefox will die. But I don't have high hopes and lost all trust in them when they built a backdoor in their browser to run any code through it on their users browser, as they please, and have even used it to violate their users privacy and trust - Mozilla ships Cliqz experiment in Germany for ~1% of new installs, collects surf data, including URLs - https://old.reddit.com/r/firefox/comments/74n0b2/mozilla_shi... ...
Unless Firefox is released from the clutches of Mozilla, Firefox will never be a serious competitor in the browser wars.
Switch to Brave, you will still maintain 99% of the bell and whistles of Chrome (because it's a Chrome fork) and you will have an Adblock engine directly in the browser core written in Rust. How cool is that...
It's all opt-in. Brave is self sustainable for opt-in privacy respecting ads and crypto is a way for making users opt-in and getting paid. Compare that with Firefox which does not have a real sustainable business model and relying on Google or other sponsors.
Having to turn off "opt-in" UX widgets is not "out-out". "Opt-out" would mean you had to turn off the feature that was on by default, not remove the button or other affordance to turn it on when it is off by default.
I get your complaint, you want nothing visible to do with our opt-in, off by default crypto stuff. But calling that stuff "out-out" is misusing the phrase. It's off by default.
The New Tab Page sponsored images are non-tracking and not crypto related unless you opt into rewards, so I wouldn't lump them in here. Turn off in slider-widget control at bottom of NTP.
I already have to go through and rip out all the ads that Firefox has and the pocket integration on the toolbar, so this doesn't look all that different to me.
Have you not updated? Brave's crypto nonsense is super aggressive nowadays with a wallet builtin, decentralized domain resolving, ads for crypto exchanges on the start page, paid crypto background images and their own currency BAT.
The browser is getting more bloated by the year, they've added some Brave News service now and integrated their paid VPN with their browser instead of making it a separate product like Mozilla VPN
And obviously they started using affiliate marketing, parasite behaviour.
I have no idea what they have been up to lately but when originally rolled out Brave's business model seemed very much like a protection racket. I haven't touched it since and never will.
No, I meant you. As I understood it your software blocked ads at websites, presented your own ads and then you told website owners they could recoup some of their lost revenue by participating in your whole BAT scheme. That sounds pretty close to a protection racket.
wrong. the user decides whether they want to block ads or not; no browser forces you to block anything. their ads are also opt-in, which means the user is the one ultimately choosing whether they want to block ads and/or opt-in to brave ads. also, turn off that adblocker youre using hypocrite.
>there are many: Firefox and Brave to mention just two.
So just Firefox and then all the Chromes?
There really aren't "many" alternatives, there isn't even /an/ alternative because Firefox suffers from Mozilla Misguidance(tm).
Presumably the same people who bitched about the IE6 monopoly brought on and fully embraced the Chrome monopoly. We now all get to sleep in the Chrome bed.
I was all for Firefox until Mozilla decided cancel culture was the way to go back when they canceled their CEO.
It became even worse since - calling for the de-platforming of half the country.
I know Google hates the same user group, but Google also likes their money (or their money-value).
Go woke, go broke. If your trying to compete uphill, shooting yourself in the foot isn't going to make it any easier.
I think you overestimate the role adblockers play for regular users. Most people not affiliated with IT in any way I've met actually don't use an adblocker or have forgotten that they in fact do and would not notice the change to Manifest v3.
Also, most people care much more about "it simply works", and that is Chrome. Firefox is neither preinstalled nor as compatible as Chrome (nor as fast or user friendly). There's already a lot of popups like "this site works best in Chrome".
It's actually ridiculous to surf the web without an adblocker.
Let's say you have a brand new computer, and want to download nVidia drivers. Fire up your brand new computer, search for "nvidia drivers" using Bing.... and the first results are all ads for extremely scummy adware. (It's also hilarious when you search for "chrome download" when Edge begs you not to, and including when you click through, but that's a story for another time :)).
> It's actually ridiculous to surf the web without an adblocker.
Obviously for this audience. But two of my buddies didn't even know such things existed and were truly grateful when I introduced uBO/Privacy Badger to them.
Yeah, I went to use my Mom's phone and I was appalled with all the ads and notifications. We can disable notifications, block intrusive ads or at least figure out which app is sending them to uninstall it, but for regular users the whole thing is an awful experience. I don't refrain from calling it "evil" anymore, because that's what it is. No wonder we're collectively going insane.
> nor as compatible as Chrome (nor as fast or user friendly). There's already a lot of popups like "this site works best in Chrome".
User-agent sniffing[1] and it is a webdev smell. I acknowledge that this is true, but I admit being bummed that we didn't win the war to use web standards.
I helped my mom try out a smartphone for the first time this weekend, and she won't really use the web much on it except maybe weather. So I go to weather.com or something to show her how she can get to it.
I got a full screen cookie consent popup, a location permission popup, and ads were everywhere on the screen. Must have been 50% of screen space for the top part of the page. It's absurd!
AdGuard is a business, and Chrome is the world's most popular web browser. They don't have much of a choice. uBlock Origin can pass because it's not a business.
Unlike some ad blockers, AdGuard’s business model, while for profit, doesn’t include taking money to let ads through, contrary to, say, AdBlock Plus or Ghostery.
AdGuard does have an option for users to allow inline search results ads and sites’ “self promotion” ads. More here:
Ghostery doesn't take money to unblock ads like AdBlock Plus. The decision what to block on a site depends on the community lists (e.g. EasyList, FanBoy). If you want to get unblocked in Ghostery, you need to convince the maintainers of the community lists.
> If there are no more (effective) adblockers for Chrome, users will frantically begin to search for an alternative
More likelier scenario: Most Chrome users do not even know what an ad-blocker is, let alone difference between Manifest v3 and v2. The franatical run, if one was ever a thing, already happened when Google announced V3, long time ago. The few people (relatively speaking) that cared about it already switched browsers.
> Manifest V3 is a horrible attempt to kill adblocking
I really don't understand the push of MV3.
I don't believe they're just for security as Google claimed but at the same time I feel thinking it's "just" to ruin ad blocking is equally baffling. Could someone who is more involved elaborate the nuance of (intent of) MV3?
Google sells ads. They totally want to kill adblocking with all means necessary. The moment they can no longer show increasing revenue, the stock will fall down to the levels expected from utilities from the levels that tech companies are valued at.
I've talked to a number of real engineers within Google. The folks building the browser have no desire to kill adblocking; they're never going to include first-party adblocking (not least of which because antitrust), but they're not out to break third-party adblockers.
It really is the case that the same mechanisms that enable adblockers ("this extension may affect your traffic on every website") are also the mechanisms that enable malware in extensions, which are not at all rare.
Have you combed the bug tracker or submitted reasonable PRs and have proof that the decision makers are gatekeeping an open source project from implementing something that is clearly a better alternative?
The solution here though is simple: As the sole publishing source of extensions users can install on Chrome, Google just needs to stop distributing malware from their extension store!
But of course, that would require Google actually take some responsibility and do some legwork and neither of those things are in their core competency.
If Google actually had any goals of improving security, they'd literally just delete the Chrome Web Store and start over and manually reviewing and approving extensions one by one.
Here's the problem with that apologism: They already are gatekeeping. They made that call as soon as they removed sideloading extensions. The problem is Google is just a shoddy gatekeeper.
People reviewing the security of browser extensions should have the title of "engineer" at minimum.
Bear in mind browser extensions completely defeat all the benefits of HTTPS. If we aren't putting them through significant scrutiny there really is no reason for anyone at Google to claim to work on security at all. Extensions need to be treated as incredibly privileged code and vetted accordingly.
MV2 extensions have a lot of API power and it was a common malware vector in the browser since the APIs let you sidestep a ton of regular web security. If you run a popular extension you will get offers to buy the extension which is a nice payday. The buyers would then stuff it full of malware to infect the existing users.
Google makes no money off the Chrome Web Store and their initial attempts to restrict MV2 failed. The goal was for automated approval to suffice. Still, there was certain APIs that required human review.
Google could have continued restricting MV2 until they didn't need human review but they must have got the idea for MV3 at that point. They could also hamstring ad blockers and get some promo packet material.
You mean MV2. I've said we'll keep support uBO and uMatrix uses of it, at least. This means we'd have support from the maintainers for their builds to produce extensions we can add to our component updater as optional for our users. We are discussing this now with uBO/uM maintainers.
Are there any reliable stats on what percentage of internet users use an ad blocker? I've always felt that we are mostly a vocal minority, and as such I don't see this move making a huge dent in Chrome's market share.
They shouldn't do this IMHO.
Manifest V3 is a horrible attempt to kill adblocking (under the banner of "security", as always). But, the web is completely unusable without adblocking.
If there are no more (effective) adblockers for Chrome, users will frantically begin to search for an alternative; there are many: Firefox and Brave to mention just two.
Giving a boost to alternative browsers can only be a good thing; and it may also, eventually, make Google rethink this policy.