Hacker News new | past | comments | ask | show | jobs | submit login
uBlock Origin Lite: Description (github.com/gorhill)
373 points by bertman on Sept 20, 2022 | hide | past | favorite | 148 comments

I'm really happy that Gorhill has listened to feedback on the branding and explanation of this, and added back in the ability to "opt in" to extended permissions on individual sites. Thank you for your work, and I'm sorry if my comments in the preview HN thread came off as overly hostile, because given the original comments you made about MV3, I couldn't imagine this sort of outcome. I hope that you or someone else still works to release an MV3-compatible "Full site permissions" version of uBlock as well, since I think there are a lot of potential options for improvement by using declarativeNetRequestFeedback, and it's certainly more convenient to not have to opt-in. And I'm still worried that without an MV3-compatible version of full uBlock Origin, users are still going to assume that "MV3 means that ad blockers are broken".

> I'm still worried that without an MV3-compatible version of full uBlock Origin, users are still going to assume that "MV3 means that ad blockers are broken".

They currently are when compared to their MV2 counterpart.

The AdGuard MV3 version which came out earlier this month[1] shows this. Though it does its best to deal with the technical challenges which comes with MV3, the end result is poor efficiency- and reliability-wise compared to its MV2 counterpart.

This is easy for anyone to see: open the browser's own Task Manager (Esc-Shift works) and notice how the service worker associated to AdGuard MV3 is regularly (every few seconds) evicted and respawn.

When it re-spawns, the process's CPU and memory usage peaks, with memory usage shooting up to between 100-200MB. This happens repeatedly every few seconds or whenever you navigate to a new webpage.

CPU/memory efficiency has always been a primary feature of uBO, and I can't release an MV3 version suffering such efficiency setback (this on top of matching algorithm not being fully compatible with that of uBO).

However I am willing to work on an MV3 version which does not suffer no CPU/memory efficiency issues, hence uBO Lite, which takes advantage of new possibilities in MV3 to be fully declarative, at the cost of sacrificing some capabilities.


[1] https://news.ycombinator.com/item?id=32648131

I think most people would agree that it's important to add the ability to evict unused extension code from memory, which is what the fundamental move to a stateless ServiceWorker architecture is designed to support (since the previous stateful architecture required all extension background pages to be loaded regardless of whether they were actually doing anything). Being able to do that for the vast majority of extensions that that helps, without requiring extension authors to "opt in" to that change, is a very important goal.

But I agree that the heuristics for when to evict certain extensions (especially those with broad all-page access permissions) definitely remains tricky, and I hear you that Chrome's are currently too severe for this type of extension to be practical. I don't think that's a fundamental problem with the service worker model though—it seems easy to add a heuristic to cover this case like "If the extension has a async network request event registered and there's an active tab open that that extension has permissions to view, be very cautious in evicting it". In that case Chrome could still want to evict the service worker i.e. if the tab/browser is in the background and paused[1], so that it wouldn't be handling event loop / network requests anyway.

"And I'm still worried that without an MV3-compatible version of full uBlock Origin, users are still going to assume that "MV3 means that ad blockers are broken"

I mean, they are hobbled. If you think of it like a malware scanner, it's the equivalent of taking away all heuristics and relying solely on big lists of payload checksums or "bad words".

But even worse than that, because you have a limit on how big that list can be.

Otoh, with full permissions it can still do things like hide ads that aren't blocked by the declaritive rules. But, to continue the analogy, that's like killing a process after it's doing malicious stuff instead of preventing it from running in the first place.

How is everyone else's MV3 upgrade going?

I have 3 extensions and each one has multiple feature-breaking changes that will take hundreds of hours to implement less than ideal work arounds. I guess I'll focus on SnipCSS (https://www.snipcss.com) because that's the only one I have paying customers.

For people who do manage the upgrade, at least we can look forward to less competition in the Chrome Web Store?

Took us about a quarter heads down to do the conversion which involved quite a bit of rewriting. We had been prepping and planning for the work pretty much since they first teased MV3 in 2018.

Now we are figuring out the right way to flip the switch. You get stuck in the long review queue every time you flip manifest versions, cuz your permissions list has likely changed.

Google's rollout has been the absolute worst; but hey, as you say, everyone who can't eat a bowl of shit and keep on smiling will simply disappear from the competitive landscape.

Yeah, I find it funny that most of the conversations were always focused on ad-blockers, but honestly it seems like for 99% of people who don't use the power user features, it'll be a no-op on that end. It's other extensions that are much more in trouble.

Partly cloud with a chance of thunder. I have 2 extensions and we've gotten one in sight of the finish line (after months of work), and the other appears to be dependent upon some as-yet unfixed third-party code.

We are really hoping Google doesn't force this through on their originally-announced timeline. This is the third massive Google-induced change that we've stomached in the last couple years. We spend more time keeping our head above water than we do adding new features...


uBlock Origin Lite - https://news.ycombinator.com/item?id=32904591 - Sept 2022 (13 comments)

Proxy Chrome extensions are not going to be usable in MV3 - https://news.ycombinator.com/item?id=32899846 - Sept 2022 (199 comments)

“UBO Minus (MV3)” – An Experimental uBlock Origin Build for Manifest V3 - https://news.ycombinator.com/item?id=32754274 - Sept 2022 (255 comments)

I guess the biggest issue I have with V3 is I don't really "get it".

The idea was initially that extensions have too many privileges and that malware can leverage those privileges for harm. I'd love data here! This is such a good area to share information on, as someone in security I'd really value that.

I'd like to see case studies on malware, or even broad things like "malware uses these permissions X% of the time".

But back to the point, assuming that this is true, how does V3 help? Specifically, what can malware not do with V3 that it could do before? Given the data, how will this impact the threat landscape?

I can think of some obvious things, like that you can't have dynamic scripts - cool, makes sense, I bet malware loves that and removing it seems like it'd be a huge win.

But WebRequests? I'm sure malware was using it, I guess, but what in V3 makes the malware use case for it harder? It seems like we're getting something that can be used maliciously just like before, but it's somewhat weaker in ways that malware won't care about? Again, data here would be great. I'd love to see "X% of malware used it this way, we removed that way".

Communication has seemingly been pretty bad around the motivations, which has led to a lot of people being pretty upset and confused about the changes.

Google, please share the data and reasoning!

edit: With regards to uBlock Lite specifically, I'm looking forward to seeing it evolve. I do like the idea of having a permissionless blocker that works decently and can then have the opt-in approach. I don't honestly consider it a massive security win though.

The reason you don't get it is that taking away the functional part of onBeforeRequest() doesn't really help with privacy. Because extensions can, for example, still inject arbitrary javascript if those permissions are in the manifest.

What it really does is ensure that adblockers can't do heuristics, and instead have to rely solely on semi-static lists of urls. That's a nice outcome if you're a company that makes most of their money from ads.

There's not really a nice way to say that aloud though, so trying to make it sound it's a way of ensuring extensions honor privacy and security sounds better.

Yeah, I said this in another comment, I don't really believe that to be the case. I'm not saying that a conflict of interest doesn't exist, I just don't believe that this move is part of an overall plan to have Google start bypassing adblockers.

It's not really unprecedented for them to offer up (often attractive and plausible) trojan horse reasons for why they do things that aren't the real reason. AMP, to me, is one good example. There are others.

I don't know what else they would really gain, or why else onBeforeRequest() was the most important thing to take away when extensions have so many other ways they can do harm.

Perhaps another way to look at it is not Google actively defeating adblockers, but giving a gift to their customers that pay for ads...making it easier for those customers to deal with the rising tide of adblockers, paywall end-arounds, etc.

> Perhaps another way to look at it is not Google actively defeating adblockers, but giving a gift to their customers that pay for ads...making it easier for those customers to deal with the rising tide of adblockers, paywall end-arounds, etc.

This assumes that Google's ads will start to bypass the V3 adblockers. V3 in and of itself does nothing, Google's ads are still blocked by the updated adblockers.

> I don't know what else they would really gain

Well that's what I'm asking haha I'd like to hear from them on this. Even if some people at Google are nefariously implementing V3 for some future plan to bypass adblockers, surely some people at Google believe that there are benefits to the work.

"Google's ads" is a broad category. I imagine there's many already defeating ad blockers. They wouldn't start with adsense or their ads on google search.

I'm not really familiar with more than AdSense and Youtube (I think Youtube's ads are a separate thing, I'm not sure).

Ah, there's lots. What used to be "DoubleClick" still exists under a different name, a sort of more publisher controlled private-ish instance of Adsense/Adwords. Then ad-like things..embedded google shopping results, local search, google flights, travel/hotel widgets, etc. Ads inside products like Maps, etc.

Why doesn't Chrome on Android support addons?

security here meansgoogle being able to ensure you are running the code that google gave you, instead of illegally running your own code.

Most bad extensions I've come across when trying to vet what I'm installing fall into two categories: those that are passively malicious: inserting redirections to affiliate links (or sometimes randomly spawning ad), and those that are "actively malicious" by scanning for browsing history and then sending that over to be sold off.

I guess the general idea of manifest v3 is to limit the page/extension boundary to being declarative in nature. I haven't looked into this too much to know how restrictive it is in practice, but at least one such thing is that webRequest is neutered so extensions can't run their own logic for request pre/post processing (where they might try to obfuscate/disguise the target redirect), instead they have to declare the list of redirect targets upfront, where presumably they can be scanned by trivial static analysis.

While I think there is indeed a problem of malicious extensions, I don't believe that manifest v3 is the solution. Switch to a more granular but still non-declarative permission model might be useful to gain a stronger signal on malicious extensions, or maybe requiring web store extensions to be declarative but allowing "power-users" to still manually install non-declarative extensions.

Maybe I'm out of touch but I think the 'malware' they are worried about are ad blockers.

I don't think so. That gets repeated a lot but I think people are just unaware of the fact that Google ads are particularly uninvasive and easy to block. If ad blockers are less capable that will only help Google's competitors, not Google. Another comment the other day confirmed that Google's ads continue to be blockable with V3.

This could change - AdSense ads could start implementing bypasses. I think that's unlikely because Google would likely end up with a few lawsuits, questions about browser monopolies, and a congressional hearing. Certainly the EU would be on their asses. One day that may change, but I don't see this move as being part of any specific plans to improve AdSense revenue.

you think youtube ads are uninvasive?

> That gets repeated a lot but I think people are just unaware of the fact that Google ads are particularly uninvasive and easy to block.

Not true in my experience, i have encountered adsensw that pretty invasive to my 2012 laptop's cpu core i3 gen3 (i know its pretty old), i dont think any ads should be that way.

I don't know what you're trying to say - the ads you're running into are explicitly working to bypass your adblocking?

You are right about requiring more case studies. In the same context, MV3 extensions are being moved away from persistent background pages to ephemeral service workers. There's a thread and several very popular crbugs for how the web-based service workers don't work well for extensions (https://github.com/w3c/webextensions/issues/72). Given all this, the Chrome team continues with the change citing increased performance when using service workers. However, even when extension developers continue to come out with claims of decreasing performance, the Chrome team - as in the malware case - has not provided any case studies on how it is so sure about the increased performance (or efficiency, memory use, etc.) of SWs.

I'm really really really hoping that the non-crippled version, which works in Firefox, doesn't die the way uMatrix did (loved it, still miss it). That said, huge thanks to gorhill and all the others working on this project!

Note: uMatrix is not dead, it's just no longer updated. It's still available from the Chrome web store and Firefox add-ons sites. I am using it in Firefox right now, it still works as well as it always has.

it’s not dead and works well, but wont survive the Manifest V3 changeover. It’s the most important extension out there for the savvy web explorer

So switch to Firefox and continue enjoying it after Mv3

Firefox still seems to be quite bloated, although there has been improvements in performance. We need more competition vs a company that’s entirely reliant on Google’s $ to stay in business

I know there have been some threads about the mv3 uBO version recently, but this is a new, consise and imho good description by gorhill himself.

The ability to opt-sites in to cosmetic filtering seems like a big upgrade. I'm now looking forward to seeing this version used in practice.

Isn't the biggest problem with MV3 the 5000 rule limit?

Or are there ways around that by compiling it into something internal?

This is how adguard did it: https://adguard.com/en/blog/adguard-mv3.html

I'd suggest stop trying to support chrome and let it die?

It won't work on mobile anyway, only Firefox supports ublock origin on mobile?

> Isn't the biggest problem with MV3 the 5000 rule limit?

Not really, the bigger problems come from the removal without alternative of a number of useful primitives that uBlock Origin used for blocking. See https://github.com/uBlockOrigin/uBlock-issues/issues/338 for a detailed accounting of the changes and their impacts.

> I'd suggest stop trying to support chrome and let it die?

You're living in a bubble. If the extension doesn't support Chrome, its the extension that dies, not Chrome.

"It won't work on mobile anyway, only Firefox supports ublock origin on mobile?"

Kiwi Browser which is chromium based supports Chrome extensions including ublock origin on Android devices.

The current limit is 30,000 rules, but they've talked about raising it further beyond that point.

Trivia: 1Blocker convinced apple to raise the limit from 50k to 150k per list for Safari content blockers.

My question is why have limits

Unbounded lists rarely seems like a thoughtful way to start out.

But there are probably some DX and UX improvements over unbounded lists. e.g. recompilation takes time, so you set up developers for better UX when their dynamic lists are shorter and separate from their static lists, and they can compile multiple lists at once. (A 50k rule list took seconds on my old Macbook Air). Also encourages breaking lists into logical sublists which is better UX (e.g. regional lists)

Also might discourage append-only accumulation where there’s no real incentive to prune the list (i.e. see EasyList). Some limit can help here.

Kind of like deciding on a queue size vs unbounded: makes sense to set a limit, see who hits it, and cross that bridge as needed. In Apples case, they 3x’d the limit after a real world product made a real world case.

Just some thoughts having built my own Safari content blocker.

The entire living under the grace of the vendor-king to have permission to modify your own experience is fairly onerous on it's own.

And before you say, but app store review!, I also think that is bad too.

Brave iOS has a built in adblock that I find about as good as ublock, compared to the ineffective iOS native safari style that MV3 forces you into.

So the future for chromium browser based adblock are small mini-forks that re-add the proper hooks needed to implement adblock properly

If no one were building an adblocker for Chrome I'd just build it myself. I'm sure I'd do a worse job than the people doing it today but it'd be better than nothing.

Also, there are other adblockers on Chrome. They just aren’t as good and are sketchier. By pulling the extension you just enrich worse actors at the expense of innocent users.

If this works, is there any reason this won’t work as a content blocker for safari?

It just won't work that well. Recently in the past few months I've been noticing more and more ads with safari style content blockers, while ublock style continue to work fine. I fear this style of 'adblock' will have similar issues.

Switch to Orion browser - https://browser.kagi.com/ - it's a Safari / webkit clone with built-in uBlock Origin.

Thanks for the suggestion, I've been looking for something like that. Will give it a shot.

  brew install orion

Yeah i use brave which does something similar.

Brave is a Chromium clone with their own built-in adblocker. Orion is a Safari / Webkit clone re-engineered to work with Ublock Origin (which is currently the best ad blocker). So on a mac or ios, Orion will be slightly better.

I believe there's none.

What happened to the name “uBO Minus”?

Why was it controversial, tho?

Quoting gorhill from a GitHub conversation:

"Side note about the experimental uBO Minus MV3 extension: I did not pick the Minus part out of spite, it's to make clear that this is not uBO proper and I want to be sure there is no expectation that this will be the case. I picked Minus for the same reason that the Plus in Adblock Plus was to highlight that this was an improvement over the previous Adblock version.

Now the fact that uBO Minus does not require broad read/modify data on all websites can be seen as an improvement over uBO proper by many people who are uncomfortable with granting such broad permissions to an extension. In that case, if you have a better qualifier than Minus, I welcome suggestions."

A chance for the return of the Safari extension perhaps?

MV3 version should be directly portable.

You just need build infrastructure. As far as I know, you need XCode to generate the "app" that contains the extension (all extensions need to be provided by an "app" even if it doesn't have any logic in it), then code sign and upload to the App Store. There are open, third-party implementations of the code signing tools so it can be done without a Mac but it just requires effort.

I did this earlier today. The background stuff (I forget the name of what crashed at present) crashes on a vanilla conversion. It did block some ads, but wasn't full-featured.

Any possibility to get a blog post about how to do this or a gist? I would love to learn how to do this but I sadly don’t know where to start.

Sorry, didn't see your reply.

`xcrun safari-web-extension-converter <extracted chrome extension directory>`

It'll create an xcode project and you can run the mac app from there. Safari will need the "Allow Unsigned Extensions" from the Develop menu set before it'll show up in the prefs page. No idea how it all works if you want it on iOS.

i love the idea of uBlock Origin Lite. i am willing to trade some efficiency if i don't have to give it the "has access to everything i do in the browser" permissions.

Why does MV3 matter?

Fuck Chrome, for a moment. It sounds, to a layman, like an arbitrarily established API for web engines to expose to extension developers.

In other words, it isn't HTML5 or HTTP4. Each browser chooses whether to use it.

If it is such shit, why is Firefox doing it?

Because Firefox needs extensions and considering their 5% market share if they make their own API they will soon have next to no extensions.

Firefox has always extended the manifest API and will deliver more functionality than required by the spec to give extensions more flexibility.

What I don't get from this is how uBOL (MV3) compares to uBO (MV2). Anyone?

CNAME cloaking is one of the more significant differences. It's typically used for tracking (and is becoming increasingly common), but also works for advertising. Instead of linking images/scripts/etc. to ads.advertisingcompany.com you can simply set up a CNAME under your TLD that points to the advertising company. Now the domain no longer appears in the blocklist, so all the requests (uploading tracking data, or downloading adverts/scripts) work just fine.

With MV2, uBlock is able to inspect the DNS record while it is vetting the request, thwarting this workaround.

> With MV2, uBlock is able to inspect the DNS record while it is vetting the request, thwarting this workaround.

Not in Chrome-based browsers. Only in Firefox.

Since MV3 adds quite a lot of limits on what uBO can do, you have to grant permission for each site to have cosmetic filtering.

That limitation has nothing to do with MV3. Adguard does not suffer from this problem. Making it opt-in is a specific design consideration that gorhill took with this version of uBlock to reduce its permission scope.

I wish people were not so quick to share misinformation like this.

The amount of misinformation in these comments is absolutely wild.

For some reason people are just itching to spread FUD about this topic and Google in general. I don't understand where it comes from or why it happens but it's really annoying.

So we need to build something external to the browser that will detect uBlock Origin asking for permissions and automatically grant them :)

Edit: doesn't this mean that any site you visit will get a chance to track you the first time, until you manage to click to grant permission?

From the blog post on how adguard built their v3 extension the ads themselves are blocked but aren't removed from the page if the cosmetic filters aren't run

Gorhill is a god amongst developers and power users at this point. Great guy.

Gorhill should have a statue somewhere for making the web browseable.

The contributors to EasyList should be getting their share of credit here. Basically every adblocker depends on them.

This is a great point. Does anyone know how one can contribute to easylist? It seems like something worth helping with.

If you mean money, I don't know. Otherwise, see https://easylist.to/pages/development.html

You bet he should!

To me, there are 3 projects I'd throw my money to:

- uBlock Origin

- ytdl

- The Internet Web Archive

But, do you donate?


(Couldn't find links for uBo and ytdl. I've asked gorhill where to donate in the past and they've refused donations.)

From the uBlock repo: [0]

> No donations sought.

> Without the preset lists of filters, this extension is nothing. So if ever you really do want to contribute something, think about the people working hard to maintain the filter lists you are using, which were made available to use by all for free.

[0] https://github.com/gorhill/uBlock

I know it is gorhill that wrote that, but I completely disagree that uBO is nothing without the filter lists. I use it the way I used to use uMatrix (rip) to default deny bits and bobs across the web, unblocking as necessary. It’s everything that NoScript should be!

Note that you cannot manage your recurring IA donation for any reason without manually contacting them. For this reason I have not moved my IA donation to my newer credit card nor increased my donation since it was set up. I do not know if this is a dark pattern or just an oddly limited system, but the only officially recommended solution is to use PayPal. So I'd recommend that. https://help.archive.org/help/how-do-i-update-or-change-my-r...

I've worked on several large recurring payments platforms. It isn't rocket science, but let me tell you it is generally a pain in the ass to to manage recurring payments - in most of the systems I've worked in its easiest to just cancel and start a new one. The schemas are generally awful and make a lot of assumptions in the worst of ways. I wouldn't be shocked if the IA just finds it easier to manage manually than put in the large amounts of money for a refactor. One org I was with it took a Staff engineer nearly two years to rework the very odd weekly recurring feature to make it something that would be later made into something you could edit (of note, it was entirely separate in logic than the monthly recurring...)

I've worked on several platforms with recurring billing, including a marketplace prior to Stripe Connect existing, so I get that it can be pretty challenging.

That said:

- IA doesn't even offer cancelling. That's... not a particularly technically challenging feature. I have a strong feeling that they in fact have a cancel button somewhere in their backend anyways.

- While some of this can be annoying, it's kinda table stakes these days. If you can't handle basic subscription functionality, god help you for things like 3-D Secure.

Thanks for that note.

This is a non-starter for me.

I refuse to donate to the Archive since the unpersoning of KiwiFarms.

Could not find what happened, but if it's the forum known for enabling harassment, and if IA did something bad to this site owner, then I find no problem. Those kind of people deserve what they do to others.

The funniest part of Kiwifarms is that they look and act like the people they make fun of.

Thanks, I wasn't aware of that. Another reason not to donate to IA.

I donated before but then they spammed me with nag-mails asking for more donations. Not going to support that kind of behavior.

A person who shops on amazon can shop using smile.amazon.com and have a percentage of their purchase payments go towards charities or other organizations. The Internet Archive is one of them.

I don't donate directly, but I check the box to donate them a dollar every time I buy something with PayPal.

SponsorBlock is on my list these days too.

+ Clickbait Remover for YT (removes the eye-catching thumbnails)

+ Dark Reader

OBS for me. VLC also.

My top 3 too

Not wikipedia? It seems way more important

Have you seen how much money they receive and where they squander it all?

Can you share more information on this?

There are fast-growing sections of their budget slated for political-like causes, not technical ones that keep the website online and accessible. They call it the Thriving Movement and it's largely based around DEI-type initiatives.

"The Thriving Movement budget has increased from $14.3 million last fiscal year to $36.7 million in this budget which represents an increase of $22.4 million or 157%. It has also grown from being 13.2% of the Foundation’s overall budget to 24.5%."

Not only is more money going into it, a larger share of their budget is being allocated to it, so a larger share of each donation goes into DEI initiatives. If you're the kind of person that does not think this is a valuable investment of your money, you might not be inclined to donate anymore (or to donate less than before).

I personally believe a 24.5% share of the budget for what are largely DEI initiatives is not something I'd prefer to support with increasing donations, so I have scaled back my donations to them (as well as Mozilla/Firefox for the same reasons). I am sure many people agree with DEI initiatives and donate more. That's fine. We all vote with our wallet.

Source: https://meta.wikimedia.org/wiki/Wikimedia_Foundation_Medium-...

As someone who never heard of "Thriving Movement" nor "DEI-type initiaives" before, it seems to be around making the workplace (Wikimedia Foundation) more diverse, equal and inclusive. At a glance, those seems like good things to introduce to global organizations (especially foundations) that is supposed to be represented by the whole world. But I can agree that it seems like a large part of the budget, for being what it is.

But if I understand what you're saying correctly, you're saying it's a negative for them to put such a focus on it?

I'm not morally judging them. If they think it's a good idea, good for them.

I'm just not interested in funding those initiatives at that percentage of budget and would rather send the money to other essential Internet companies who have lesser investments in those ideas. I still give some to Wikimedia, just not as much.

Thank you for explaining your position! Which internet companies do you currently donate to that also publishes exactly what they spend their money on, so you can make sure they don't spend similar amount on similar initiatives?

In my experience, the Wikimedia Foundation seems to be the one who is most transparent about where funds go, while organizations like Internet Archive doesn't make a lot of data public, at least via their own website.

Wikimedia is not unique. CharityWatch is a good place to start. Many high-rated nonprofits detail very specifically where all funding goes.


Also, Wikimedia may not be as transparent as you think. Here's more information on that, but the whole thread is worth reading.


Thanks yet again!

So Wikimedia is a non-profit AFAIK, you have any idea why it's not listed on charitywatch.org?

It's on Charity Navigator. Not sure why it's not on CharityWatch.


EDIT: However it is not updated for recent years. Likely because Wikimedia is not transparent enough with their financial statements.

> those seems like good things

The road to Hell is paved with good intentions. If I were a cynical man I might speculate that it's not because things that look good don't get scrutinised as much but that anyone wanting less scrutiny might try painting their aims as "good" and those who object as therefore "bad". But I digress. Wikimedia's mission is[1]:

> to empower and engage people around the world to collect and develop educational content under a free license or in the public domain, and to disseminate it effectively and globally

What does DEI at their workplace have to do with that?

[1] https://en.wikipedia.org/wiki/Wikimedia_Foundation#Mission

They also don't need millions to achieve a diverse workplace - a more economical option could be to move their headquarters out of SV.

This is an interesting article and comment thread on wiki and their funds.


If you've ever seen how topics are treated in a Wikipedia discussion thread you'd feel like the whole website has zero credibility. There's a reason academics don't let you use it.

The reason is that it is not a direct source of course because the authors cannot be validated. Never met a college professor that said don’t use Wikipedia (if anything it was encouraged) as long as you’re pulling from the citations. I had plenty of high school teachers talk about how awful it is though and I think it was because they just didn’t understand it

I'll take this a step further to say that my graduate algorithms professor assigned Wikipedia articles as reading. The parent blanket statements are just that: overgeneralizations.

I had a similar experience. My cryptography professor regularly linked to Wikipedia articles in his assignments as the reading to go with the assignment. Honestly, the last time I had a teacher really say something against using Wikipedia was in high school.

My undergrad physics professors didn't exactly assign wikipedia articles, but they did tell us that some articles were useful resources for understanding certain topics. In my experience, the more technical a topic, the more likely the wikipedia article is to be reliable. Probably because there isn't much incentive for someone who isn't an expert to edit it.

He really should. I'd pitch in 50 EUR for that.

Haha. This reminds me of a Redditor's story. Despite having no money to afford professional hardware, he still managed to take good astronomy photos using his phone. In one of his posts, his photos impressed a "kind stranger" so much that they gifted him one of the most expensive Reddit awards, whose value can buy him a third of his desired gear.

haha, oh man

(For context: Reddit awards don't give the recipient anything except the ability to browse Reddit without any banner ads, and access to a special forum. If you make a big Reddit donation to someone, you're actually donating to Conde Nast, Spez, etc)

pretty sure the most expensive reddit award is worth $120, which isn't a down-payment on an equatorial drive. It might pay for 1/3 of an IR conversion on an existing DSLR camera, maybe.

professional astronomy photos is an activity where the low end starts very expensive. Basic setups are in the thousands of dollars.

If you are imaging bright objects like planets or the moon, you don't need an equatorial drive. Especially if you are using a "fast" telescope.

"Lite" is such a bad name, it's often a positive signifier that describes low resource usage/costs. It should have a more negative name, like uBlock Origin Reduced.

The problem is that something pejorative on the surface is only meaningful to an end-user that is intimately familiar with the limitations of ManifestV3.

If you titled an adblocker "uBlock Crippled Edition", you might be protesting Google, but the unfamiliar end-user is just going to see it and think, "Well I certainly don't want a crippled adblocker! Let me just grab one of these numerous others from the appstore that claims it's 100% effective."

> The problem is that something pejorative on the surface is only meaningful to an end-user that is intimately familiar with the limitations of ManifestV3.

You don't need to be "intimately familiar" with the limitations of ManifestV3, a casual understanding, from perhaps an explanatory note in the description of the extension, is sufficient to understand such a name.

Your average user has no interest in Google politics, nor would they bother to read through the explanation. Most people install an adblock to block ads. The politics of internet browsers and privacy only matter to power users.

>... it's often a positive signifier that describes low resource usage/costs

Third sentence:

>This means that uBOL itself does not consume CPU/memory resources while content blocking is ongoing -- uBOL's service worker process is required only when you interact with the popup panel or the option pages.

Sounds like a plus for manifest v3 then. Fewer resources, fewer permissions, to do most of the same task.

Adding support for a less-resource intensive API to filter is fine. The problem people have is the destruction of the more powerful APIs to permit the fine control that UBO requires, to do the job proper. There was no need for that, there was no trade-off¹ being made.

¹of technical concerns.

It's not doing the same task though. It's being assigned the same task and doing a worse job at it. Because a better solution is unavailable.

I agree, uBlock Origin Minus was a better name. "Lite" is carrying water for Google.

People in HN get a chuckle about the name. 99% of people would see it and just download something else that isn’t “minus” for some reason.

A chuckle? I don't see the humor in it.

The page itself mentions how it consumes less resources, and requires less permissions.

It was indeed named "uBO Minus", but what do you expect from Google? Accept that name?

Why not name it uBO Neutrino?

It has the connotation of being "Lite" since they're low-mass particles. And it sounds vaguely like "neutered", which is what MV3 attempts to do to ad-blockers.

(That being said, this description from gorhill looks great.)

Why would they reject it? Is it offensive?

I would call it "uBO Reduced". Reduced resources, reduced permissions, reduced capabilities, reduced effectiveness in actually blocking ads, trackers and content.

Can't wait for the Chromium team to land the new permissions GUI so that all that whining around how MV3 is the end of uBlock Origin can stop. Many here will look silly overnight when that happens.

See here: https://bugs.chromium.org/p/chromium/issues/detail?id=113549...

> We have always intended to provide support for this functionality in Manifest V3 (for both user-installed and force-installed extensions), and have been iterating on different possible approaches. Our tentative plan (which is not yet finalized) is that the Manifest V3 version of this capability will require extensions to request a new permission scoped to intercepting authentication requests, but will otherwise allow extensions to handle these requests in a similar manner to how they do in Manifest V2.

> The permission string and end user facing warning string have not been finalized yet. Also, we have not yet finalized how this new permission will interact with other permission grants, but extensions that currently have the webRequest permission and broad host permissions will likely not require an additional grant for this permission.

The MV3/UBO issues are not really at all related to this ticket or GUI. The thing people take issue with is the removal of a number of mechanisms for intercepting and blocking traffic that uBlock Origin uses.

https://github.com/uBlockOrigin/uBlock-issues/issues/338 has a more detailed list of issues.

If you have a look at the bottom of the discussion in that link:

> The redirect-rule= filter option is also not compatible with DNR redirect action due to differing matching algorithm. In uBO, redirect filters do not compete with block/allow filters, as the redirect directives are looked up only after a network request has been matched to a block filter, whichever that is. This works differently in the DNR matching algorithm, redirect rules compete with other block and allow rules.

> The no-large-media-elements feature can't be implemented as this requires to inspect response headers on the fly.

> There is no concept of exception modifier filters in DNR, i.e. csp=/removeparam= exceptions cannot be accurately translated to DNR rules. For a specific example, all the removeparam= filter exceptions from AdGuard URL Tracking Protection, meant to override the main $removeparam=utm_source filter, can't be converted to DNR. At best, those exception filters maybe could be less accurately be excepted using the excludedRequestDomains property of the main $removeparam=utm_source filter.

These issues are all fixable by acting as proxy and inspecting/modifying/replacing requests on the fly (in sync/blocking mode).

> These issues are all fixable by acting as proxy and inspecting/modifying/replacing requests on the fly (in sync/blocking mode).

That is not possible in MV3, and is the center of the entire problem.

Which is why when the Chrome team finishes fixing these edge case tickets related to MV3 proxy features, there won't be major issues with uBO anymore.

Note that per its author himself, uBO Lite on MV3 already does the vast majority of the work uBO was doing on MV2, largely enough for regular non-power-users people.

Why even pretend like MV3 isn't meant to cripple adblockers so Google can extract more revenue from their advertisement business?

Do we have any evidence to support these claims?

If Google actually wanted to cripple adblockers, why wouldn't just ban them outright and remove addons used for adblocking purposes from the Chrome extension store, or completely remove APIs that allow for content blocking? Why would they develop a new extension API that still allows you to block ads at all?

Why isn't it possible that the new APIs might have actual benefits and exist for legitimate reasons?

I understand that companies suck and exist solely to serve themselves, and I fully support being skeptical, but I think users here are way too quick to jump on the hate train and start slinging FUD. Maybe you are right and Google is trying to cripple adblockers, but I'm not so sure yet and would like to see others at least consider an alternative perspective.

Outright killing adblocking will reduce Chrome's market share significantly. Enough that Chrome may lose its position as the top browser. Its a terrible business decision that can kill Chrome or atleast give a chance for someone else to take their position. Why would they do that?

Crippling enough that most people won't notice is a viable business decision. Introducing a security benefit, inserting a self interest(crippling adblocks while providing vastly inferior alternative) which won't be noticed by most people but they are being secretly compromised behind the scenes since less ads are blocked and are being tracked more effectively is a profitable business tactic. Bringing a benefit along with a profit tactic compromising customers and pretending the said compromise is as big of a detriment to the consumer, which it is not, is whats going on. Is this so hard to see? Its not a FUD but the profiting parties trying to sway the opinions.

> Outright killing adblocking will reduce Chrome's market share significantly.

I doubt it from market share of Android Chrome https://gs.statcounter.com/browser-market-share/mobile/unite...

> If Google actually wanted to cripple adblockers, why wouldn't just ban them outright and remove addons used for adblocking purposes from the Chrome extension store, or completely remove APIs that allow for content blocking? Why would they develop a new extension API that still allows you to block ads at all?

They already did all this on the most popular version of Chrome. It seems very reasonable to assume their desired state is to match that version across all platforms.

Isn’t that unrelated as it’s about the proxy issue and not the adblocking issue?

Applications are open for YC Winter 2024

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact