Hacker News new | past | comments | ask | show | jobs | submit | sho's comments login

> having wealth is a social responsibility in itself

We even have a word for this, noblesse oblige. It used to refer to the aristocracy, but I don't see much difference between the aristocracy of old and the moneyed classes of today.


What about being smart?

If you're smart you regularly walk through life seeing people hurt each other by letting screwed-up systems fester.

Even if you're really callous and rational about opportunity cost, you can only walk by so many systemic-equivalents of burning buildings before you're eventually like, "damn it, okay I'm going to save this kid but just this once".

Being smart and systems-aware in today's world is like walking by a burning building every day with very long, fireproof arms. "Noblesse" is the wrong word but something like this is a thing. Mathiness oblige?


> I'm really curious how dystopian we actually are

No idea how widespread it is, but in Singapore airport the system is tightly integrated. You are "tagged" when you check in, and "tagged out" as you board, with your appearance associated with your intended flight details. If you miss your flight or otherwise spend too much time in the secure zone, you are highlighted in the system and will eventually be approached. Arriving passengers are also given a time limit to take their next action, be it clear immigration or enter transit, and lingering will also trigger a response.

All in the name of safety and security but I can't help but feel a measure of discomfort with it all.


Fun fact: ~80% of Singaporeans live in public housing and all the entryways to those buildings are filled with (offical) police security cameras, including two in each lift. The cameras extends to the nearby carparks, carpark gantry (to ID the driver), bus stops (and on the bus) so all movement can be monitored. Private housing do not have such police security cameras because the estate is gated and have their own security guards, not that crime is much of an issue there. Dystopia for the masses?


> Dont tell people to change. Its a red flag of intellectual bankruptcy.

But people do have to change. The core problem is a transition from:

- sources being few and somewhat reliable (traditional media), and had reputations to uphold - normal people faced significant barriers to sharing information widely

to a world in which neither of those constraints still holds. And there's no going back, no putting the genie back in the bottle. It turns out that when you give everyone unlimited communication, it exposes weaknesses in how people and societies consume and manage information that were present before but didn't have the environment they needed to materialize. Well, they have that environment now.

There's no going back really unless you want to clamp down on free sharing of information and the "peer to peer internet" in general. People will just have to change their relationship to information. It will take time, but I'm sure we can manage.

Social media and ad tech certainly aren't helping but the root cause is basically technological change and unless you want to roll that back, targeting the companies won't fix it.


We had free sharing of information on the internet before algorithms supercharged ragebait to farm engagement.


> sources being few and somewhat reliable (traditional media)

How do we actually know they were reliable, and not just the only game in town?


It doesnt make sense how this is sustainable. Just because it has existed for the last 20-25 years doesnt mean anything.

TikTok and Twitter are evidence such systems are not as stable as people think.

The paradigm shift where everyone is allowed broadcast is only possible due to Ad Tech injecting Ads everwhere and at all points in time. And then convincing everyone all this ever expanding Ad inventry has value no matter how much this inventry grows.

This facade is holding for a couple of reasons that have nothing to do with the value of the Ads, or for the need for all to have broadcast capability.

They tell Kamala Harris just outspend Trump on Ads and you have a shot and she does. She looses and no one complains about the billions in Ad spend. Why? The answer is exactly the same as asking why did everyone get into sub prime mortgages?

Another reason facade is holding is there are only 2 options for huge reach Alphabet and Meta. If Pepsi increases spend, ad execs immediately call up Coke and tell them to match it. Whole bunch of corps are trapped in this hamster wheel.

Then there is the great strategy of AT&T, Comcast, Amazon, Apple etc who all got into running their own content factories to "bundle" "cross sell". This creates all kinds illusions about the real value of content.

Meanwhile Netflix, Disney etc representing people who can actually pay for content have topped out at a few hundred million globally.

So people who say we cant go back dont fully know where we have reached.


“This is the new balance of power, Randy."

"You can't seriously be telling me that governments are threatening to--"

"The Chinese have already done it. They cut an older cable--first-generation optical fiber--joining Korea to Nippon. The cable wasn't that important--they only did it as a warning shot. And what's the rule of thumb about governments cutting submarine cables?"

"That it's like nuclear war," Randy says. "Easy to start. Devastating in its results. So no one does it."

"But if the Chinese have cut a cable, then other governments with a vested interest in throttling information flow can say, 'Hey, the Chinese did it, we need to show that we can retaliate in kind.' "

"Is that actually happening?"

"No, no, no!" Avi says. They've stopped in front of the largest display of needlenose pliers Randy has ever seen. "It's all posturing. It's not aimed at other governments so much as at the entrepreneurs who own and operate the new cables.”


Wow, good catch. Forgot about this part!


You should definitely work on the "what on earth is this" experience for first time users. I have no idea what I'm looking at. If I had to guess, I'd say someone's private Mastodon server.


I'm probably in the same category of old school internet vets with strong negative opinions about spam, but I think that well-targeted, high- or at least some-effort commercial outreach is OK if it's done well and isn't annoying. What turns email into spam isn't just what it is, it's how it's done.

I've hired people who cold emailed me - in the right way. I delete without reading cold emails that seem to be bulk sent. There is a difference.


I think James May made a great point when he said it's not about range, it's about quick and ubiquitous charging. I wouldn't mind if my vehicle could only travel 300km... if I could have the confidence I'd be able to stop and top it up in just a couple of minutes no matter where I was.

Faster charging would really make all the difference.


The problem with fast charging, at least here in Ireland, is that it's significantly more expensive than petrol. Our family moved back from an EV to PHEV because we get the benefit of 90+% of our journeys being for free (from solar charging at home), but that last 10% is petrol that is always available.

There's also nothing more miserable than being stuck in a queue for a fast charger with a colicy baby. I've offered people cash to get to the front of the queue, although no-one's ever accepted money when they understand why.


> I wouldn't mind if my vehicle could only travel 300km... if I could have the confidence I'd be able to stop and top it up in just a couple of minutes no matter where I was.

This is called a motorcycle! Mine can do 260-280km on a gas tank, still does huge trips. Once batteries work like gas, you're absolutely right.


> Mine can do 260-280km on a gas tank, still does huge trips.

How is this a motorcycle specific feature?


Cars are not built with such tiny tanks


Eh I much prefer my Model 3 to my wife’s Mach-E because of the longer range it has. Even with fast chargers on the motorway it’s inconvenient to have to stop regularly to charge and delays your journey. 450km is nice for the Netherlands; if I had 500-600km range then I’d only ever need to charge at home which is way better.


For me 500km range is also the sweet spot. But it needs to be real range, like including heating in winter or AC in summer.

And while I only usually drive 300-350km in one piece, I don't want to buy a car where I have to fear that a drive of this sort ends up waiting to be towed because of battery degradation (500km will realistically be 450km in a few years), or because I missed the last charging station or got stuck in traffic with heating running, and the remaining few km dwindle in front of me.

It's rational to fear your phone being under 20% when you still need it. It's just as rational to have 20% buffer when charging your car battery.


Real range at motorway speed that is 120km/h in summer. My current cheap ICE has atleast 450 km total including 350 km or so at 120. Which to me would be sweet spot. I could get to nearest big cities and airports there and then back. And only have to think refuelling or charging in couple of days after.

In the end that is only two about 2 hour drive stints. And really spending time on those stints instead of getting to destination or being home later...


Not really. if your choice is a better ICE car at the same price point, why get an EV that has to stop intermittently and has failure modes like broken chargers. It has to be as good. And better


Thankfully they are often better. 95% of new car sales are EVs in my area.

It took a few years to get there, people don't necessarily know immediately what they like best.

https://elbilstatistikk.no/


Norway is an absolute outlier, driven exclusively by tax incentives.

In the rest of the EEA, EVs sales are plummeting.

https://www.acea.auto/pc-registrations/new-car-registrations...


Do you have a source about “exclusively“?


Have you looked at the taxes versus incentives for EVs vs ICEs in Norway? If you need a new car and one is triple the cost (because the other is exempt from fees) what are you going to buy?

But yeah, it's for the environment, surely. Reverse the policy and see what happens.


I agree it's a strong incentive, but I'm not sure it's the only one. One example was during the cold wave last winter. ICE owners struggled quite a bit more than EV owners. You also have the problem that ICE vehicles are quite slow and laggy, unless you spend a lot of money on performance ICE vehicles but then they usually tend to be loud and uncomfortable.


Good and better by which metrics?

Different people have different requirements.


Yeah, the amount of issues I hear about with chargers not working, and everything relying on using some app? I'm not installing a smartphone app to charge a battery! So far I'm not feeling too tempted about electric vehicles. I'll be happy to find something that avoids these shortcomings though!


It's not a technology issue, it's a service issue. If ICE cars were invented today, you'd need an app at a gas station too.


No doubt. I hope there's more pushback against that crap.


EU regulations require charging stations to accept card payments by 2027.


Nice, that's really good to hear! Hopefully other jurisdictions follow the lead there!


> extensions have to predefine the rules for blockin

And there's a limit of 5000 such rules.


The limit is 330000 rules:

"Based on input from the extension community, we also increased the number of rulesets for declarativeNetRequest, allowing extensions to bundle up to 330,000 static rules and dynamically add a further 30,000." https://blog.chromium.org/2024/05/manifest-v2-phase-out-begi....


even if it was infinite that wasn't really the issue, you can't express the algorithms uBlock Origin is using as a static list


Given the size and complexity of modern ad malware I doubt if 330,000 rules is enough, so why limit it?


Hopefully this is the inflection point for Chrome. Despite all their made-up "security" reasons, everyone knows this is solely about making adblock less effective. For many users, adblock is what makes chrome bearable - and if they make it unbearable, then those users will leave. Slowly but surely.

Google seems much too sure of itself making this change. I hope their arrogance pays off just the same as Microsoft's did with IE.


Agreed on hoping this is the inflection point, but only partial agreement that it's about adblock. For sure Google wants adblock to die, but I think it goes even deeper than that.

I think it's part of a much bigger trend in tech in general but also in Google: Removing user control. When you look at the "security" things they are doing, many of them have a common philosophy underpinning them that the user (aka device owner) is a security threat and must be protected against. Web integrity, Manifest v3, various DoH/DoT, bootloader locking, device integrity which conveniently makes root difficult/impossible, and more.

To all the engineers working on this stuff, I hope you're happy that your work is essentially destroying the world that you and I grew up in. The next generation won't have the wonderful and fertile computing environment that we enjoyed, and it's (partly) your fault.


It is important, I think, to understand that personal computing is just one part of the picture. "Enterprise" environments (governments, businesses, large organizations, etc.) have demanded many of these "features" even before Google started implementing them. Your workplace, by and large, does not want you, the replaceable person who happens to be sitting at the keyboard, to be in full control of the device that they own and which is connected to their network. Often this is made more explicit by the device just being a "thin client" or other totally locked down narrow viewport to some other computer you can't even touch. It sucks and the general trend of workplaces trusting their employees less and less has been demeaning and degenerative to the point of often fostering self-fulfilling prophecies of mistrust (don't trust anyone => get untrustworthy people => bad things happen => don't trust anyone => ...).

However, it is important to also understand that the employee is not the only stakeholder. Government agencies answer to legislators, nonprofit management answer to donors, corporate management answer to investors, etc. There are layers of compliance that must be considered as well (internal policies, external regulations, different insurance costs, etc.). It is unsurprising that these fewer but generally deep-pocketed entities have an outsized influence on the market compared to more numerous but less moneyed end users. If you refuse to serve the former, you may quickly find yourself out of business.


Then they could have made Mv3 an option to turn on by sysadmins who lock down their browsers. If you aren’t locking down your users browsers then that’s on you. I mean at worst they could have made mv2 opt-in and most people would have highly curtailed their complaints of “I’ll jump ship to _____________” . People don’t like it when features are removed especially when there are viable alternatives like, adding a special tier of review to get mv2 approval for your extension, opt-in/out as discussed, easy access by sysadmins to turn it on/off. Instead google pulled a bully “so, pencil-neck, what are you gonna do about it?” instead. They are tone-deaf and see themselves as the new 800lb silverback on the block.


I was mostly commenting on the "broader trend" aspects and the assignment of primary blame to implementing engineers.

There's another problem with Chrome, which is that nobody is actually paying for it. So the big corps move features along there only in the sense that they won't adopt it or will drop it otherwise. I don't think the big corps are pushing for Mv3 but they also probably don't care that it arrives either. Conversely, I wager Google estimates nearly nobody will revolt and leave Chrome over the loss of Mv2. It hurts ad-blocker developers and it hurts the most conscious users, but Chrome is a marketing product targeted at mass adoption first and foremost. I personally hope their estimation is wrong and the current browser monopoly breaks, but this may not yet be the breaking point.

Even if that happens, Chrome eagerly adopting enterprise policy support may keep it on life support in that environment, though.


Well to some extent they did make it Mv3 an option, not forever but for an extra few months, with that enterprise policy flag. Enterprises used their weight to demand not a more secure browser, but an extra flag to allow them to keep running old software longer. Enterprises too are treated as a security threat by Google, who still plans to depreciate Mv2 format, forcing them to move to "more secure" extensions.


Ironically, the FBI recommends using an ad blocker: https://news.ycombinator.com/item?id=41483581


A lot of enterprises run MITM on all HTTPS connections and can just block the ad-serving domains or even remove the ads from the page without any help from the browser. Ad blocker extensions are a low-infrastructure solution that's more useful for home users and small companies.


> It sucks and the general trend of workplaces trusting their employees less and less

You get what you pay for. Seeing that employee retention is frowned upon.


The technologies themselves are mostly a good idea. The problem is that the companies designing them also like to abuse them.

Take, for example, hardware attestation on android. There's not really any serious issue with this feature, it can be used to ensure your device is not compromised. This is for example how GrapheneOS enables its use with the auditor application.

But, on the other hand, Google abuses the feature to ensure that you are running a google signed OS if you want to use Google Pay. Meanwhile you can use banking apps which also use hardware attestation (although, from their perspective, they don't use enough of it to ensure it isn't being spoofed, and even then...) without any problem on GOS. Moreover, before Google Pay completely killed all of its competition, it was possible to even find third party banks which would provide you with the ability to pay with your phone without using google pay.

Likewise, secure boot is a great concept if you want to be more sure about the integrity of your laptop throughout its lifetime. But some companies have abused it to force you to use Windows. If you want to set up your own signing keys for secure boot, you end up having to deal with poorly managed UEFI keys from third parties which weaken the security of your machine. The feature, as it's implemented, is rarely designed with helping end user's secure their machines. But the core of the design is fine.

I think limiting root on a phone is also a really good idea, the issue is that Google likes to give themselves and their "system apps" special privileges. If APIs were exposed to allow you to bless your own applications with the right permissions, you would probably not care so much about root restrictions.

So all in all, fundamentally, most of these features are fine. They're genuinely great for security. But the main problem is how they're abuse by the companies in control and how little effort is put into allowing power-users to use those features for their own benefit.


No disagreement here, although if past experience has proven anything I think it's that companies will abuse whatever "security features" they can to accomplish their objectives. It reminds me a lot of the old adage, "the same wall can keep people in just like it can keep people out."

When the OS is fundamentally in the user's control, they are limited in what they can do, but when the OS disregards it's owners preferences/desires and enforces it's creators desires.

Minor thing actually:

> If APIs were exposed to allow you to bless your own applications with the right permissions, you would probably not care so much about root restrictions.

I absolutely agree with this in theory, but in practice I'm not sure it would ever work because they just aren't going to put in the work to build and maintain APIs for things they don't care about, and there would be a very long tail of things to do (and sometimes those things are legitimately a lot of work). Call recording being a classic example.

But all in all, I very much agree. I love those features when they are in my control on my devices. Biggest issue is, they virtually never are and the number of occurences is trending down.

Anyway,


> I absolutely agree with this in theory, but in practice I'm not sure it would ever work because they just aren't going to put in the work to build and maintain APIs for things they don't care about, and there would be a very long tail of things to do (and sometimes those things are legitimately a lot of work). Call recording being a classic example.

I thought about this a bit and I think that at the end of the day, the entire OS is just a bunch of these APIs. And I do think there's even a market for these APIs, they just don't want to set that precedent, I don't think it has anything to do with it being a lot more work than anything else they expose. They already have some very privileged APIs you can bless some apps (e.g. think of MDM) except not for everything and in the case of the MDM APIs it's very difficult to use it as a normal end-power-user.


> To all the engineers working on this stuff, I hope you're happy that your work is essentially destroying the world that you and I grew up in.

I recently quit my job, developing among others the means to "protect" media using DRM. While this was not a primary motivation, I'm glad to somewhat clean my hands.

The technology (dubbed Common Encryption) is a bunch of smoke and mirrors that a childishly easy to hack around. Yet clearly aimed against good faith consumers.


That's a good job - people who don't like DRM (you) get more money, and the bad DRM is a distraction that delays the implementation of good DRM.


On the other hand, even weak DRM trains users to accept it while power users are less likely to rally against it if they can find workarounds for themselves. So you don't really end up delaying the implementation of good DRM but helping prime its acceptance.


> To all the engineers working on this stuff, I hope you're happy that your work is essentially destroying the world that you and I grew up in.

That was a world where the user base was much more limited and devices were less capable. Now we have children, grandparents, educated, and uneducated users with access to web connected devices. These devices now contain everything about you. Compromise of a device can destroy someone’s life.

Not only that, but compromise of a device can cause collateral damage to other devices on the same network.

We now have to cater to every user. Not just to the technologically adept. Look at what people believe on social media. The bar is so low to con people into compromising their device.


The problem is one of balance.

Write insecure software and you'll get screwed by hackers. Write secure locked down software nobody can touch or modify, and you'll get doubly screwed by a large corporation that wants to pound every penny they can out of your bloody corpse, upto the point your device is compromised by the corporation who can do whatever they want, but you cannot tell.

There is no win situation here, there are only trade offs.


Still a shit poor pathetic excuse to screw over the userscript/grease monkey users.

The browser is called a user agent, but this shift to absolute security no matter what, no say about it is a shift to native apps, is a shift to the developer is in control, is a shift to this being Google and the sites browser, not ours, and that being done unilaterally with nearly no opt outs is the sort of mega tectonic shift that ruins this magical special unique place in software where users had some say in what was happening. We cannot pander to imagined ever worsening users forever.

It feels like the things being done in the name of security are really building an immense prison. The work being done to allow verified age and identity checking ranks up there highly in the this corals humanity, area, not giving us agency.


> Still a shit poor pathetic excuse to screw over the userscript/grease monkey users.

Tampermonkey still works fine with MV3

> We cannot pander to imagined ever worsening users forever.

The most popular software/hardware will always pander to the most users. That’s why they’re the most popular.

You can’t complain about the most popular option pandering to the most users. Well, you can complain, but you might be in the minority of the users.

> It feels like the things being done in the name of security are really building an immense prison.

I get that, but we are running so much untrusted code on our machines now. Applications that use thousands of dependencies with the hope that someone spots a bad actor.


The prohibitions against running code dynamically are quite severe. It took a long long time & there's some work to make sure userscript/contrntScript extensions aren't totally shit out of luck (after years and years of delay & nothing), but whole domains of extension - anything where you run code on the fly - have been outlawed.


> That was a world where the user base was much more limited and devices were less capable. Now we have children, grandparents, educated, and uneducated users with access to web connected devices. These devices now contain everything about you. Compromise of a device can destroy someone’s life.

Kids these days have much worse computer skills BECAUSE of the locked up platforms they are exposed to from a young age. Meanwhile two decades ago my non-technical grandpa learned to use a real PC just fine in his old age. Don't underestimate regular users ability to deal with technology when there is a will.


> Compromise of a device can destroy someone’s life.

So in order to prevent a hypothetical hacker bogeyman from getting our data we gladly entrust it to corporations that actively squeeze every possible cent out of it by, among other things, giving access to it to other corporations and uncountable "partners" that will feed us content with the goal of psychologically manipulating us into buying things we don't need, or thinking things someone else wants us to think, destroying the very fabric of society in the process.

I somehow find all of that delusional, our acceptance and support of it nightmarish, and trust hackers to be less diabolical in their schemes.

Computers should serve us, not the other way around. The solution to these problems is tech education, not tech babysitters.


I get why they built in all of those protections; the vast majority of tech users are not knowledgeable about the details of the stuff they use. And I think a big chunk of those that are, overestimate their own abilities, knowledge, and control. They all need to be protected against themselves.

That said, I don't like that the choice is being taken away. If you do want to tinker at that level with the technology you own, you should be given the choice. By all means make it not obvious how to get there - like, have people reboot their computers while playing Twister on their keyboards with interesting key combos, but give them the option.


yes, iOS now restricts Apps from getting blanket access to their contacts, photos, and even clipboard. On the one hand, it does protect the user from malicious Apps that trick users into giving blanket access. On the other hand, they could have atleast done it like location access - where user still has an option to give blanket access. It is not fair that Siri is the only one that can access these things now.


That's literally how iOS works today. If I go into Settings > Privacy & Security > Photos, I can give apps None, Limited Access, or Full Access. Same with Contacts, same with the clipboard (where the per-app choices are Ask, Deny, or Allow).

> It is not fair that Siri is the only one that can access these things now.

That would be true if it was, but it isn't.


It can. You can still give apps access to all of it with a single press.

And manifest v3 makes things a bit more tedious but not impossible. There are other adblockers which still function just fine


Their incentive is really to make the Chrome Web Store a tractable problem with minimal human effort. That's about 75% of the incentive. You can't actually make any guarantees at the CWS level regarding safety of audited code if the API allows audited code to execute non-audited code.

> To all the engineers working on this stuff, I hope you're happy that your work is essentially destroying the world that you and I grew up in.

May I be blunt? I grew up in it, so yes. I am. I was there for the Windows virus wildfires. I was there for the malware distribution schemes. I was there for the first wave of enshittification. For the dotcom crash. For the spam wars. For the search engines that didn't work. For the JavaScript injection attacks. For the world where "nobody knew you were a dog" as long as you didn't talk like yourself. I couldn't trust most of my relatives to use a computer the way we had to use them in the late '90s / early aughts. That's not a problem now.

For all its flaws, the modern system is cleaner, simpler, faster, and better for end users and no longer requires them to be super-nerds (and meanwhile, open and malleable devices are still there for the super-nerds to play with and work with). This was the goal---to make computers something that benefit everyone, not just the technorati and the priest-class.

May the past become a foreign country, hard for the modern mind to comprehend. May it always be so.


You should stop seeing the Browser as a software as a program that's controlled by the user. This idea was over when Microsoft started to display ads in the file manager program (explorer).

The modern Web Browser is an advertisement terminal. If Google would manage to eliminate having to serve content, they would certainly do it.


I think it's part of a much bigger trend in tech in general but also in Google: Removing user control. When you look at the "security" things they are doing, many of them have a common philosophy underpinning them that the user (aka device owner) is a security threat and must be protected against.

IMHO that's actually part of an even bigger societal trend. "You will own nothing and be happy."

The ones in power want to control everyone and turn them into mindless sheeple to be exploited and milked. It's not just tech. There's another comment around here that mentions features being requested by large corporations and governments.


> and it's (partly) your fault

Punching down into a brutal labor environment instead of punching up into a Congress which was blatently bought off to foment this outcome? Odd choice.


Adblock doesn’t only make Google Chrome bearable, it makes the internet bearable. I recently uninstalled my Adblock for testing purposes. Most websites nowadays are just ads with a little bit of text in between


I'd like to think that's true, but I don't know, because people seem to have a very high tolerance for advertisements. Surprisingly so. I have a very low tolerance, and do what I can to get rid of them. But then, every once in a while I use someone else's computer and see how they live with them. I say "I can show you how to get rid of those ads," but they usually just don't care enough to do it. I bet the majority of people are like that—maybe the vast majority—and Google is probably making the same bet, but with even more information. My prediction is that if (God willing) Chrome loses significant market share, it'll be for some other reason than this.


> Hopefully this is the inflection point for Chrome.

Here is one empirical data point.

I switched over to Firefox this morning and will advocate for it.

I've considered it for a while, but I never felt motivated to make the switch. It took me a good half hour to set it up the way I like it.


This is sort of like planting trees. I cut bait on chrome when they first announced they were dropping/impacting adblockers. For the most part, things are good enough the only time I spin up chrome is confirming something renders as expected on a personal site. Firefox works well enough for streaming and surfing.


The widespread adoption of Chrome was largely driven by word of mouth, people like you and I installing it on our friend's/relative's computers and telling them it was safer/faster/better.

Nothing stops us from doing the same thing again. I've been recommending Firefox to all my family/friends/colleagues for years (ever since I've seen the writing on the wall for Chrome). While Firefox isn't perfect, it's in a much better place than Chrome is, and meets the the needs of nearly 100% of people.


>The widespread adoption of Chrome was largely driven by word of mouth

No, it was driven by having a banner in the most privileged spot of the Internet, Google.com (the most visited site in the world with 0 ads on the homepage) saying that was faster and more secure than the alternatives. In fact Firefox benefited from some free ads on Google.com against Internet Explorer before Google developed Chromium.


The other aspect, somewhat memory-holed, was that Chrome was automatically installed as shovelware if you went to install Adobe Flash for IE or Firefox:

https://www.reddit.com/r/chrome/comments/23jnmy/why_is_chrom...

This kind of not-freely-given consent was key to Chrome's growth.


Chrome was bundled with so many installers. Google probably spent billions shoving Chrome into any machine they could.


Tellingly, that very bundling is how Sundar got into the spotlight at Google.


It was kind of both, depending on the timeline. Early on it was word of mouth, then Google saw they had momentum and they capitalized on it with the banners and aggressive marketing.


It was a long time ago but I'm 99% sure that there was a banner for Chrome on Google.com since the first public release.


So many replies in this sub thread opining authoritatively. Share your source. Did you have access to the data on Chrome's user growth and which marketing campaigns were the sources of which users?

From my perspective, all of you are saying a lot of things as if you know them to be true, but you have no idea whether they're true or not; really, you just find them to be plausible.


Is this really something particular to this thread? I feel like most comments on HN are "opining authoritatively".


They were pushing from the very start. They knew the potential of taking over the browser market share.


Early chrome was driven by the fact that firefox was a piece of garbage. Firefox 3 was not good software, and had an unpleasant habit of totally crashing the entire browser regularly. Your only other popular choice was ie8. Also not great.

Later Google's ability to buy installs and put it on google.com came into play, but for at least the first 5 years and probably longer, chrome was a far faster, more secure, and more reliable choice. They also pioneered the multi-process model to isolate different components of the browser.


… isn’t that banner an ad?


Yeah, I feel like in general we on HN give ourselves way too much credit in terms of our ability to drive public opinion or affect purchasing/usage patterns among the public. The idea of the “nerd-led revolution” may have had some impact in the past, but I think the days of that are over. Large corporations now know what they’re doing in ways that they hadn’t figured out in the 2000s or even the early 2010s.


I swear I also remember it getting included in installation wizards for unrelated software (on Windows), so people would end up with Chrome/Chromium without even realizing it.


I’ve been out of the windows game for so long I forgot all that malware that was installed by various installer engines and was so relieved when I found portable apps and oldversion.com and ninite. And now I guess there are things like chocolaty that do similar things. Switching to Mac and Linux I don’t really miss it at all


The adoption of firefox was driven by word of mouth.

I still can't search on google with them trying to shove chrome down my throat


Did you miss the barrage of ads for Chrome that google played for literally years on the internet and television?


Yes. Thanks adblock!


I'd argue it won't make a dent in Chrome market share.

People who really care about this (tech minded people) are not using Chrome anyway, others (regular people) will switch to less powerful Manifest V3 adblockers that would probably be good enough and won't switch from Chrome.


Manifest v3 changes are pretty reasonable. Declarative filtering that prevents untrustworthy software from getting access to data is objectively a good thing.

It's just that uBlock Origin is so important and trusted it should have access to everything. Truth be told it should be literally built into the browser itself and deeply integrated with it. Only conflicts of interest prevent that. Can't trust an ad company to maintain ad blockers after all.


The problem isn't the declarative filtering per se. The problem is the draconian limit on the number of filters. Given that we can compile regular expressions to DFAs and evaluate them in O(len(url)) time no matter how many patterns we have, there's little reason to place an arbitrary cap on the sophistication of an extension's filtering.


There was already an established solution for running untrusted code - the WebAssembly engine sandbox. Data can't be exfiltrated if imported functions are forbidden, which would be very easy to verify via static analysis of the WASM module. All of this hullabaloo about Manifest v3 could have been avoided if the Chrome team did the sane thing and exposed an API for using a WebAssembly module for filtering.


I've been checking browser stat counters religiously, looking for evidence that this change is driving their numbers down. No luck so far.

Am I missing any? https://gs.statcounter.com https://analytics.usa.gov https://www.w3counter.com


The vast, vast, majority of normies I know use Google Chrome and use zero extensions.


> everyone knows this is solely about making adblock less effective

I thought I knew that.

Then I switched from uBlock Origin to uBlock Origin Lite in Chrome, which is compatible with Manifest v3. I was prepared for the horrible onslaught of ads, expecting at least a quarter would start getting through, ready to switch to Firefox...

...and didn't notice a single change. Not a single ad gets through.

And at the same time, loading pages feels a little faster, though I haven't measured it.

Which has now got me wondering -- what if Manifest v3 really was about security and performance all along?

Because if Google was using it to kill adblockers, they've made approximately 0% progress towards that goal as far as I can tell. If they really wanted to kill adblockers, they'd just, you know, kill adblockers. But they didn't at all.


This is just because Google was especially insidious about how they crippled ad blockers in v3.

Adblockers do multiple things:

1. Visibly block ads from the user

2. Block the user tracking that's attached to those ads

3. Protect the user from malware

4. Save bandwidth and cpu cycles by not loading all that junk

5. Allow control to users over how a webpage is displayed to them

Arguably uBlock Origin Lite can only accomplish some of #1 and a sprinkle of #2 now. And even those abilities are compromised by artificially low limits imposed by chrome in v3 that will eventually allow ad networks to overwhelm those limits and get ads through to users.

Google is 100% boiling the frog here and you/the average user is left in the pot unaware.


I don't think any of that is accurate though.

Manifest v3 blocks user tracking -- if the request is blocked, any tracking attached to it is blocked. I'm sure it's not 100% perfect, but it's certainly working well enough in practice.

And what malware are you talking about? If a request is blocked, it's blocked. It doesn't matter if it's an ad or malware.

Manifest v3 is better at #4, because the junk isn't loaded, and the blocking is more efficient in terms of CPU.

And then #5 I don't know what you're talking about. I use Stylus and Tampermonkey to customize webpages and they continue to work great.

So I just don't see the evidence that "Google is 100% boiling the frog here". That's what everyone was saying, but now that Manifest v3 has come out, I just see adblocking that continues to work and uses less CPU to do it.

I see a lot of fearmongering around Google, but now that the results are in with Manifest v3... they just don't seem true. You're making all these claims, but I just don't see the evidence now that we're seeing how it works in practice.


Explain to me how uBlock Origin can realistically go from 100,000 to 500,000 dynamic rules down to 30k rules(only 5k of those can be dynamic) in the Lite version without losing the ability to actually block everything?

These limits are easy targets for ad networks to overwhelm or outmaneuver.

    That's what everyone was saying
Everyone was saying that the new API is less capable than the old API at blocking things. DeclarativeNetRequest IS less capable; that's just a fact.

No one was saying that adblockers would literally stop working, so it's beyond disingenuous to dismiss people's issues with these changes by just saying 'works for me'.

What evidence would you actually accept anyway? Do you need a leaked internal document from Google saying literally 'devs, go neuter adblockers' before you believe Google might have bad intentions surrounding people's ability to block ads and tracking?

If security and performance were the actual driving forces of DeclarativeNetRequest, then they would have simply added it in addition to the existing webRequest block functionality. uBlock Origin and most extensions would have happily moved the majority of their rules to the static list if it meant better performance and privacy while keeping around the webRequest blocks for the things that actually need it.

Google has gone from having only one nuclear-level option for influencing adblockers (aka delisting) to now having its boot softly pressed against their necks and plenty of levers to pull. And you want me to look at that and go, 'There's no direct evidence of malicious intention there... so perfectly normal and/or acceptable behavior by the world's biggest ad company'?


> Explain to me how uBlock Origin can realistically go from 100,000 to 500,000 dynamic rules down to 30k rules(only 5k of those can be dynamic) in the Lite version without losing the ability to actually block everything?

I will take this one.

First, your limits are out of date. The static minimum is 30k, but can now escalate to an order of magnitude higher depending on how many extensions are installed. The dynamic limit is now 30k, of which at most 5k can be "unsafe". Source: https://developer.chrome.com/docs/extensions/reference/api/d...

Second, even if the limits were correct: consider the possibility that 99% of those rules are irrelevant, out of date garbage that blocks nothing anymore but haven't been removed because there is neither process nor incentive on the extension dev's part to do so.

Ad uses pattern. UBO adds matching pattern. Ad switches to new pattern. Cat and mouse.

This happens widely, rapidly, and on an ongoing basis. The result is that the rule set is large and grows rapidly, but very little of it is actually useful day to day. From the user's perspective, the only cost is that the browser very slowly gets continually less performant, which they will not attribute to the extension.

This isn't hypothetical. I'm on the Chrome team. We analyzed the rule set contents. This is why we proposed the initial limits we did: they were plenty large enough to allow all the extensions we analyzed to do everything they actually wanted to do, if only you stripped the cruft.

The rule size increases since then primarily come out of a dialog process with ad blocking devs about their process and needs and what they see in the wild coupled with what we think we can manage to keep performant. There are compromises. I'm not on that team so I can't speak to details. But it's part of an honest attempt to have a dialog.

There are usually simple explanations for things, if people were truly willing to consider them without bias.


Google lifting the arbitrary rule count limit would go a long way towards building trust.


Thank you for providing this valuable explanation -- I haven't heard this perspective expressed elsewhere. The fact that old rules would never get deleted but continue to drain resources makes some design decisions make a lot more sense.


Now consider that the extra drain can be practically zero, and you get back to those decisions making less sense


One particularly pernicious outcome is that some ad blockers tout their rule set sizes as a feature, and users choose among blockers based on it, when if anything it is probably negatively correlated with blocker quality -- it's not necessarily a sign you're comprehensive so much as that you don't care about efficiency or cleaning up after yourself.

That's of course an oversimplification. But people who believe they're technically knowledgeable and adept are just as likely as other folks to fall for bullshit and be convinced to do things contrary to their own self interests. It's just a different type of bullshit.

No one wants to hear that, because we all want to tell ourselves that maybe everyone else is gullible, but WE'RE smart and rational. To a close approximation, though, none of us are.


> Explain to me how uBlock Origin can realistically go from 100,000 to 500,000 dynamic rules down to 30k rules(only 5k of those can be dynamic) in the Lite version without losing the ability to actually block everything?

I don't know and I don't have to. All I know is uBlock Origin Lite is still blocking everything. So it seems like 30K rules is plenty? Like it's not a meaningful difference for end users if it's blocking 99.99% vs 99.9999% of ads?

> No one was saying that adblockers would literally stop working

That's sure what it sounded like. That it would literally be so bad you'd have to switch browsers because of how degraded the experience would be.

> What evidence would you actually accept anyway?

The fact that the adblocking experience was significantly degraded for the average user -- e.g. that now 10% or 25% of ads were getting through.

> And you want me to look at that and go, 'There's no direct evidence of malicious intention there... so perfectly normal and/or acceptable behavior...

Yeah, pretty much. As far as I can tell, security and performance seem to justify the Manifest v3 changes. Occam's Razor says you don't need anything else. If you think there's malicious intention, then the onus of proof is on you.

I was told, time and time again, than Manifest v3 would result in an adblocking experience so bad that people would start switching browsers because of it, that Google was cracking down on adblockers to neuter them. Now that it's here and my adblocking works just as well, maybe even better (if it's sped up page loading times) -- then sorry, as far as I can tell the malicious intention was made-up.


> That's sure what it sounded like. That it would literally be so bad you'd have to switch browsers because of how degraded the experience would be.

> I was told, time and time again, than Manifest v3 would result in an adblocking experience so bad that people would start switching browsers because of it

Once enough ads catch up with the new limitations. Right or wrong, we're still too early for that.


uBlock lite can accomplish 2, 3, 4 completely. It's only #1 and #5 that are truly affected by v3. But those two were already pretty limited in chrominum browsers compared to firefox.


It can only accomplish #1 and #2 for 30k rules, most of which must de defined at the time of the extension release/update. As soon as that limit is exceeded an adblocker loses it's ability to accomplish #1, #2, #3, #4, or #5 effectively.

And if we are being honest about those limits, they have already been exceeded. Ublock origin is going from 100,000 to 500,000 dynamic rules to just 30k rules(only 5k of those can be dynamic) in the lite version.

Adblockers have absolutely been neutered in v3.


> ...and didn't notice a single change. Not a single ad gets through.

When I tried UBO Lite recently it couldn't block YouTube ads, not sure if that's impossible with Manifest V3, or if UBO Lite just isn't updated regularly like UBO to defeat the YouTube anti-ad-blocking updates.

Update: looks like it's fixed now, not bad :)


Youtube's adblocker-evasion and adblocker's youtube ad blocking has been a cat-and-mouse game since time immemorial.


The same Google that's currently in legal hot water for always hiding its true motivations so effectively that even lawyers can't get any relevant documents?


People seem to see what they want. And many seem to be blinded by Google hate and must find ways to be unhappy with all decisions they make. Google has publicly delayed v2 depreciation to ensure ad blockers worked well under v3.


Haven'y tested, is it blocking youtube ads?


If I remember right then the difference is more about ad-tracking/privacy than blocking. V2 allowed UBO to find and intercept the calls to the ad servers before the calls were made. Where V3+UBL still makes the calls it just doesn't display the results. So while you might not see the ads, the ads see you.


> Where V3+UBL still makes the calls it just doesn't display the results. So while you might not see the ads, the ads see you.

That's not what the docs say [1]:

  A single rule does one of the following:

  - Block a network request.
  - Upgrade the schema (http to https).
  - Prevent a request from getting blocked by negating any matching blocked rules.
  - Redirect a network request.
  - Modify request or response headers.
Does "block" not mean block? Can you provide a source? Or am I looking at the wrong docs? I'm searching online and can't find anything that says the request is still sent.

[1] https://developer.chrome.com/docs/extensions/reference/api/d...


On the contrary, MV2 used onBeforeRequest which let extensions see what requests you were making. They could then take that data and use it for malicious purposes.

MV3 doesn’t allow extensions to know what requests are being made, so extensions can’t use your data maliciously.

Requests to ads that are blocked are blocked.

I think you’re thinking of Privacy-preserving ad measurement which is an option in Firefox and Safari. https://support.mozilla.org/en-US/kb/privacy-preserving-attr...


> On the contrary, MV2 used onBeforeRequest which let extensions see what requests you were making. They could then take that data and use it for malicious purposes.

Which is something we know for a fact uBlock Origin doesn't do. It's open source, you can check the code yourself. MV3, on the other hand, doesn't do much to assure me that an addon isn't phoning home. Why not just give the user to ability to block network requests on a per-addon basis? Too difficult a task for the trillion dollar company? Or could it be that forcing users to switch to MV3 addons isn't about safety at all?


Doesn't onBeforeRequest still exist in Manifest v3? The thing that's been removed is the ability to block on it, not the ability to register handlers for requests.


It still exists, but now “ad blockers” can’t use the blocking API to record and forward metrics on hits. Ad blockers don’t even need the webRequest and webRequestBlocking permissions anymore.

Now, if an ad blocker has webRequest permissions it’s a red flag.

For example https://developer.chrome.com/docs/extensions/develop/concept... uses webRequest to send telemetry back to some remote server.


Thanks, I see how that can help.

With Manifest v3, let's say I'm an ad blocker and I want to get access to metrics not to violate privacy, but just to report them to the user (X domains blocked, Y out of Z requests blocked, etc). How would I get access to those metrics?


Separate permission for debugging only available for development essentially. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...

Otherwise, you can’t really without more invasive permissions.

https://stackoverflow.com/questions/74813523/chrome-extensio...


Oh wow, that's wild. Closing the loop on reporting things is such an important part of a trustworthy user experience.


but op wasn't talking about what extensions are seeing, but what the ad servers do. You haven't address their point at all


It makes things a bit more annoying? But in v3 you can still do everything you need to do to block ads


What makes you say the security reasons are made up?


I can take this question.

They removed webRequestBlocking, used mainly by adblockers, but left webRequest. The security implications are the same for both, but only the former is optimized for content blocking.


> making adblock less effective

adblocking still works just fine on Safari, which has been doing the same thing as Manifest V3 for years now.


Ad-blockers are not just about displaying the actual ads.

Does the Chrome blocks trackers even without ad-blocker Like Safari?


my adblocker on Safari blocks everything, including trackers. no idea about Chrome.


So, are you going to leave chrome then?


Yeah, I don't browse the web without an ad blocker.


I am very confused. Is this talking about NotebookLM (https://notebooklm.google.com/) or NotebookLLM (https://notebookllm.net/) or both? Something else? The article appears to consistently use LLM but link to LM, but the LLM site I linked has a podcast generator?

One of these projects has to change their name!


It's talking about NotebookLM, which recently added podcast generation and has been making the rounds for the last week or so. https://news.ycombinator.com/item?id=41693087

NotebookLLM was set up two days ago, presumably by "entrepreneurs" eager to monetize all the free fun people have been having with podcast generation in NotebookLM.


Noone said you cannot reuse the tailwind/nextjs template you used for crypto hustling if you genuinely feel you can move humanity forward.


Yeah, I figured it out. Doesn't help that the author constantly refers to it as NotebookLLM.

The .net version is really poor quality by comparison


Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: