Don’t mistake this for victory. Google’s standard playbook when forcing things people don’t like is to spread the action out over a longer timeframe, exhausting the media and keeping the final blow mostly out of the news, and exhausting our individual outrage and will to keep fighting. It works every time, and it’ll work again if we become complacent again. Until and unless Google meaningfully commits to never neuter ad blockers, it’s still critical and urgent that we switch to Firefox.
I mean, it's not just Google that does this nor is this an Alphabet invention. This is merely Assimilation 101. The "Chinese patience" towards heterogeneous minority groups and their customs is a commonly referenced one, but this "boiling the frog" is really the only way to guarantee things change while mitigating serious rebellion.
Another good example is how the Rashidun Caliphate granted conquered Zoroastrian Persians Dhimmi or "people of the Book" status. I'm sure it seemed kind at the time since Zoroastrianism is obviously not "of The [Abrahamic] Book". This merely postponed persecution of the unconverted until such a time as they were disperse, weak and with less sovereign resolve. They got a worse and worse deal as the centuries wore on.
I'm not justifying Google here, but this is really every hegemon's SOP: corporate, tech or cultural.
I'm just as mad with Microsoft forces me to use a Windows account after juggling the slow creep Mojang deprecation, when Mozilla gives you fewer and fewer ways to install apps outside of their extension store until it's a Nightly-only feature, or when [your favorite app] is acquired by [your least favorite company] and starts down a path you'd *never expect*. It's all garbage.
Sorry for getting out of topic somewhat, But how many users would benefit if Mozilla gives many more ways to install extensions from unfederated source? That sounds like browser malware disaster from 2010s to me
It was a slow boiling. Today, there's no way to install an unsigned extension in Firefox at all, you now have to use Developer Edition binaries. For a company that says the end user should be the decider and hold the keys, Mozilla sure likes limiting our options. There was a way to place them in a directory for awhile, then a cli flag, then an about:config flag, then a few other inconvenient options that ultimately ended up being snuffed out.
Even Chrome has a flag you can flip and install an unpacked extension from file. Sending this stuff up to Mozilla for them to grace or relegating developers and corporate users to some unbranded or esoteric dev binary is offensive to the end user IMO. I mean, it's not even federation, just centralization. Sure you can host it on your webpage, but it needs to be signed by the mother ship either way.
Firefox removed "about:config" from Firefox on android as well. Maybe we'll get a cli flag escape hatch for a year when they do the same on desktop. Not trusting the end user in the name of security is not a Google-only play despite all the Moz Marketing.
This has been Mozilla's MO for a while now. They even did it with add-ons on Firefox for Android. First they allowed add-ons. Then they took them away but promised that they will open up soon. Then the locked them down some more.
These days I don't use Firefox because I want to, but because it's the least worse choice.
I'm confident their hostile behavior towards user control is one of the reasons why they're hemorrhaging users. And no, giving users way to change UI colors not control. It's a fucking pacifier and an insult.
Google also likes to provide a feature flag to re-enable the old feature for a few versions. Parts of the community happily re-enable the feature, hence the media doesn't pick up on any outrage. By the time the feature flag is removed, it's a stale story.
This has happened so many times in recent years, I've grown tired of warning people about it. It's such a simple trick but almost everyone falls for it.
> as we shift our focus to Manifest V3. This change will give Chrome users increased safety and peace of mind while browsing and installing extensions by providing more transparency and control over permissions, adding stricter protocols for accessing resources outside the extension’s context, and ensuring that extensions work well on all devices
It sounds like government gobbledygook, with even more lies (there are no extensions on Chrome on mobile, so what "all devices" means is anyone's guess).
I often wonder what goes on in the mind of people writing this. Are they happy? Why did they choose to work in tech instead of some administration, if BS is their thing? Is it just for the money?
If you think of privacy solely as reducing the risk of an extension going rogue and leaking data - then sure, MV3 is a win.
But if you include the issue of sites sharing data, then reducing the ability of extensions to use advanced heuristics to block advertising and tracking may cause more harm than good.
There are plenty of users who understand that extensions are extremely powerful, thoroughly vet the organizations that have the capacity to update those extensions, and are also required to visit numerous less-trusted websites (and in a modern age of advertising technology, that's practically all of them) whose data sharing practices they cannot vet. MV3 will be a net negative for the privacy of those users.
Now, it may be reductive to say that those users, and that privacy threat model, matter more than others. But it is equally reductive to pretend that MV3 is a universal good.
It’s the equivalent of an airport security policy - as I mentioned before, to reduce risk. Which, both in that analogy and here, can indeed be part of a defense-in-depth. But such a policy is not without tradeoffs, and it cannot be evaluated in a vacuum.
It seems Google (or maybe just some of the employees?) derive pleasure from taking things that were working just fine and then breaking them so my life is harder.
It's almost a yearly occurrence at this point -- some thing that, once upon a time in the past I spent effort on configuring so that I could have a happy experience with my computer, will now be announced deprecated forcing me to comply with some new edict from on high with absolutely no benefit for me.
Please stop doing this. Stop "fixing" things. I'm an engineer too, I know building new things is fun, but there is also honor in maintaining well functioning things and not making other people's lives unnecessarily hard.
I bet that, now that I finally have mutt working again with Google's newest incarnation of authentication, there's a team within Google excited about breaking it in 2 years.
So, here's the hidden secret to Google: every inexplicably stupid move they've ever done can be described in terms of promo packets.
Every duplicate messaging app? That's someone's promo packet item.
Every ground-up incompatible API rewrite? Also a promo packet.
Google produces new work purely to satisfy itself. Their hierarchy forms its own internal economy where promotions are purchased with headline-grabbing actions that fool managers into thinking they provide business value. We'll call this "Googlestan".
Yes, this occasionally causes problems in the external, "real" economy. Writing message apps as disposable products means you don't have an answer to iMessage or Whatsapp. Breaking APIs every 3 months makes Google Cloud a nonstarter for anything other than easily-migrated guest OSes with a more sensible deprecation policy.
But that's how Google was built, and how Google will continue to be built, because all hierarchies have a rule zero: self-preserve. You cannot build a new Google without disenfranchising the people who currently know how to game the current Google, and those people will instinctively fight against an engineering culture they do not understand.
The only exceptions to this are the core economic vehicles between Googlestan and the outside world: Search, Chrome, and Android. Note how each one of these products have a dramatically more conservative roadmap, with a reasonably minimized number of breaking changes. Hell, Chrome specifically calls breaking changes "interventions", because they're that serious about not making them. These products form a moat around Googlestan that protects the country from invaders, so they themselves are isolated from the kinds of people who would gank them for the sake of a promo packet.
[0] If you're wondering, "how does Google internally handle breaking changes everywhere without boiling the ocean"... the answer is that they have an automated ocean-boiling machine that lets them rewrite the entire Google code corpus whenever an API breaks.
<super tiny>I must be stupid, but... what's a promo packet? I never worked for any of the FAANGs (other than once, at Lab126 and accidentally inventing the worst thing ever) so I don't know all the lingo</>
Even though I'm simply trying to guess from context without actually knowing, everything you just said sounds both accurate and hilariously well put.
Edit: WOW. I had no idea that's how things (even used to) work within those companies. A packet of materials you submit to get promoted. I'm almost bowled over with laughter.
That explains everything.
Here in the normal world, I get promoted by... being good at my job. Asking for it as part of a performance review, typically one I negotiate for as part of my employment, also helps.
Promo packets were an attempt at a way to figure out how to promote people when you had thousands of good engineers and they couldn't figure out how to decide who had most earned it. You didn't trust their manager, they had a limited resource of 'money' to give. Maybe it was a bureaucratic approach, a little like the army?
I think this is an inevitable thing that happens when you have huge orgs with a limit on who can be promoted, there's not enough reward for everyone. I don't know how to do it. Trust managers doesn't scale, people reward their friends or whatever. Microsoft faced this too, but they didn't have a packet approach, it seemed like the senior managers decided, without having a paper trail like that.
To be clear, it's just you making a list of things you accomplished, because otherwise your boss is going to have to dig through their email to figure it out, and they may miss something / get something wrong which will hurt you. The lingo might be specific to FAANG but the practice isn't, including the part where you do "unnecessary" work to try to pad the packet.
> at Lab126 and accidentally inventing the worst thing ever)
Lab126 created some of the first e-ink technology, right? Is the Kindle, or e-ink screens, or e-ink patents, the worst thing ever... or is there something else I should know about in this space?
> Lab126 created some of the first e-ink technology, right? Is the Kindle, or e-ink screens, or e-ink patents, the worst thing ever... or is there something else I should know about in this space?
There's a lot to unpack in that sentence. Care to elaborate?
In my defense, I said it was a horrible idea at the time, we'd have to stream everyone's audio to the cloud to get the keyword spotting to work...
Also, Lab126 did not create e-ink! E-ink came out of the Media Lab long before the first kindle.
I'm glad that they're finally making one with a stylus, when I was there (more then a decade ago) there was a prototype tablet you could write on that had a brilliant new sort of user interface.
"collection of material you submit to support your case for promotion", it's actually not even a thing anymore which adds another layer of irony here, and he is dead wrong (see my other reply).
It's easy to bamboozle yourself from the obvious "maybe people are incentivized to do things to get promoted and perhaps even unnecessary things" to wild unrelated fantasies of how this could explain decisions you don't agree with
> The only exceptions to this are the core economic vehicles between Googlestan and the outside world: Search, Chrome, and Android. Note how each one of these products have a dramatically more conservative roadmap, with a reasonably minimized number of breaking changes.
I'd add Google Maps and Google Mail onto this list.
This isn't true and I don't even particularly care if you think it is and you're a fellow Googler. I know for a fact it isn't.
There's some trivial truth to it, of course, but specific assertions are laughably false and more complicated than you are claiming.
I very much would like to reiterate this sort of thing is unhealthy, the point I was making was people moralize while assigning grand motives to a large # of uncoordinated actions about decisions that are obviously more complicated in real life if you were making them. This sort of is a perfect exercise in that
Then can you explain to us why does google do self-owns such as 10 messenger apps?
Promo-driven development and a bias towards greenfield is something that many engineers in other large tech companies are familiar with, and articles such as this are written by former googlers frustrated with the promo system: https://mtlynch.io/why-i-quit-google/ . Put two and two together and it seems like a likely explanation in light of no additional information and a meme is born.
I come from a company that has a google derived promo system, and I believe it when promo driven development can explain a lot.
Especially when that system values certain things like new 'innovations' vs important maintenance. Or tech leadership of multi-team projects which leads to forcing migrations on the rest of the company to get multi-team points vs. a seamless backwards compatible one done behind the scenes not being a multi-team project, so you don't get promoted for doing it. Or valuing mindless metric number go up over a more thoughtful review of the real impact which, gasp, might not involve some numbers sometimes.
These systems also change very slowly and are hard to change overall. I think google still does 5 leetcode interviews back to back, right? Despite them being shown they're not very good indicators of real job performance?
I had a google interviews loop, 2 out of 3 weren't leetcode related questions. the 3rd was a easy medium bfs. one of questions drilled into teSt driven development and etc.
The problem is (as always) a lack of regulation in the tech industry. We've taught Big Tech that the only way to 'innovate' is to perform profane moneymaking rituals at the expense of the end user, and the shareholders are always asking for more.
The average Google engineer's job is no different from anyone else working in a sufficiently large company. Their job isn't 'press the big evil switch on MV3', but rather 'MV3's staging branch is failing tests, go fix it'. The evil comes from perverse bureaucratic incentive, so it leaves me kinda ruffled to see people blaming the engineers on HN of all places. I can imagine some pinstriped upper-management prick at FAANG reading this thread in their penthouse and laughing their ass off.
> We've taught Big Tech that the only way to 'innovate' is to perform profane moneymaking rituals at the expense of the end user, and the shareholders are always asking for more.
> The evil comes from perverse bureaucratic incentive..
I think you're entirely right. I have nothing else to add, other than that I've always thought this, it's not a new change of opinion.
I guess I don't see any conflict between my comment and yours?
Yes, I know that "Their job isn't 'press the big evil switch on MV3', but rather 'MV3's staging branch is failing tests, go fix it" -- I've worked in software my whole career too. :)
> so it leaves me kinda ruffled to see people blaming the engineers on HN of all places.
I also know that it isn't some nebulous cloud above which is where designs come from, but other employees. I also know, from experience, that if you're a valuable enough engineer within an org or a project, and you significantly oppose a proposed feature or change coming from the suits, it's not gonna happen. What are they gonna do, code it themselves?
> I can imagine some pinstriped upper-management prick at FAANG reading this thread in their penthouse and laughing their ass off.
> I also know, from experience, that if you're a valuable enough engineer within an org or a project, and you significantly oppose a proposed feature or change coming from the suits, it's not gonna happen. What are they gonna do, code it themselves?
I’ve had high success rate effecting significant course changes in several roles, at several distinct jobs. One of the things I emphasize to mentees is that their word and will is powerful, more than in most IC roles. Even so, the error in your reasoning here is obvious to me, especially applied to such large companies. Your chance of success effecting a course change is high, but the company may value your contributions less than they value the course they want to keep. They may also be in a position to hire people whose talent and compliance are more valuable than your own.
What are they gonna do? They’re gonna find someone else among hordes of applicants to do what you won’t.
Holding out because you are the only person who can make a change doesn't work as well with a company like Google with many overlapping developers.
Those plans come from management layers above not from the co-worker beside you. Blaming the developers when it usually starts with a vp trying to increase some metric for bonus time missing the key point that it is the organizational culture that demands, forbids and sets the rules for how employees operate. It starts at the top because if the ceo did not promote based in metric scores increasing the vp wouldn't create projects developers work on that the end user hates.
Not sure why you decided to bring up Apple. People decide to buy into the Apple ecosystem.
I didn't decide to buy into the Chrome ecosystem. I just have to use it because of the marketshare. And I'm on Gentoo running a personal build of Chromium.
Manifest v3 is pure evil. Don't get it twisted. There's no ambiguity here. It's just a cash grab.
Anyone working on it on the Chrome team should feel shame.
I'm a firefox user and have no love for Google, but I disagree with this. No one is forcing you to use Chrome. This is also a good test for Mozilla/Brave to show if they truly stand by the principles they profess to defend. If Chrome did everything right we would not have needed Firefox/Brave for the reasons they currently exist. And if they follow suit, I hope the community will take a long hard look at the state of the browsers and try to fork Firefox or build something new.
I think it's pretty absurd that this is the level of discourse on this subject. "pure evil" and "just a cash grab" aren't substantive criticisms, nothing in your post is actually informational.
The reality is that ad blockers will continue to work to a significant extent that they do today. Engage with that, put some information with merit into your posts.
It makes the adblockers fight with one hand behind their back, tilting the balance in the cat and mouse game towards the attackers.
Google is an empire built on advertising: scams and malware, so their evil has always been present. But right now we have an easy way to protect ourselves. Manifest v3 is exposing that evil to technologically-minded people.
I will have to switch my parents over to Firefox or Brave to keep them safe online.
I’m curious what parts of the internet you visit that you do not see all the ads for scams, shock ads, and other malicious things. There’s a reason that “one weird trick, doctors hate it!” is a meme. It’s utterly rampant. If I open YouTube without an adblocker there’s often some kind of snake oil salesman that pops up. Or a cult.
Now, I use private browsing, so I get the “default” experience. Perhaps you don’t use private browsing and so your targeting is really honed in. Perhaps you only see sensible ads for sensible people, a sensible wallet or a sensible car. If that is the case then fine, but if the only way to use the internet is logged in to Google and with everything tracked, then that is unacceptable to me.
> The reality is that ad blockers will continue to work to a significant extent that they do today.
Completely false. Compare the difference between uBlock Origin on Firefox MV2 vs uBlock Origin Lite MV3 on Chrome and there's a massive loss of functionality.
Funny how Mozilla manages to vet the code of some of the more popular extensions for their "recommended" extensions program with far fewer financial resources.
>curated extensions that meet the highest standards of security, functionality, and user experience. Firefox staff thoroughly evaluate each extension before it receives Recommended status.
I'm still bitter that Google permanently removed my @gmail.com with your dark pattern migration to business email. With no option to move back? You guys lost half of my Google Drive, Photos history. But it's cool. That's life.
And then you moved me to legacy workspace to appease me.
And then months before you tried again to migrate my legacy workspace email to paid, which another Google employee said it's free forever. I'm willing to pay anything on your valuable service but those dark patterns is what really pisses me.
“This ruins ad blockers”, “this is so they don’t have to make REAL ad blockers work”, “they want a 30% cut of VPN money instead”, “this will cause cancer”.
OK, not the last one. But people literally posted here on HN that Apple was killing people by not letting Flux on the iPhone.
Considering how much information “normal“ ad blockers can see, I’m not against this. I like Apple’s approach (and understand this to be similar).
Calling for objectivity is probably not the first thing people want to do when discussing a company building a giant world-wide spying machine. In addition to logic, humans employ sentiment, emotions, and feelings and there isn't anything wrong with doing that.
There’s a big “yet” attached to Apple not profiting from the proliferation of ads - from what I’ve read, since they pushed the “ask app not to track” change, Apple has been pushing hard for more widespread adoption of their own advertising platform.
Make no mistake, Apple does not care about your privacy — only about moving the ad money out of Google’s pocket into their own.
I sort of see it the other way around. To me Google is an advertisement company first, and if you use Google products then you know your privacy data is how you pay for those products. With Apple and Microsoft you're paying for the product, but you're now also getting your privacy data sucked into their growing advertisement business.
I personally think the use of privacy data is a waste of resources, and that companies like duckduckgo have the longer end of the stick. Because it makes more sense to me, that I get advertisements for a robot vacuum cleaner when I'm searching for one, and not the 3 months after I buy one, but then there is a trillion dollar advertisement industry to prove me wrong. So who knows. But what pisses me off is that companies sell you a product, and then also include advertisement and privacy data harvesting in it, like that Samsung TV article that was on here recently. Or how Windows "home or whatever the non-enterprise edition is called" now sometimes installs pre-installers for things like candy crush or Minecraft without asking you to do so... Like what the hell?
I don't want you to read this as a defence for google, but at least they are sort of honest about the evil they do.
I'm not sure any of these sleazy moves will have the desired outcomes for these companies. I don't want to use linux, I did once, but I like my technology to work right out of the box with no effort to make it so or to maintain it, which is why I'm in the Apple ecosystem these days, but the ways things are heading, I think the only future will be linux, and trying to find appliances that aren't add-infested.
"I was factually incorrect Apple generates about 1% of their annual revenue from ads"
Why play silly games to make 4 billion dollars seem small?
I could play this game in the other direction and say "Apple generates more money from ads now than 99% of the companies ever make over their entire existence"
In truth, 4 billion dollars is a lot of money.
More to the point of this discussion, when you ask them, they want it to be a very significant part of their business. They talk about it on earnings calls all the time!
It's not like they are hiding it!
Which sort of totally blows up the idea that they don't care.
We're talking about whether they profit, and whether it matters to them and the business.
You said they do not.
"One of these companies profits by the proliferation of ads and the other does not."
That was wrong. They make a lot of money from it and they have said it is an important part of their future.
Rather than just say you were wrong, you instead try to paint it as not mattering by using percentages, when again, it is a lot of money and apple themselves say it matters a lot
Just accept that what you said was mistaken, and do better next time. What you are doing now just makes you look bad and unable to learn and grow.
I admitted that my original comment was factually incorrect. It was wrong. I said that.
However, the point has always been about the comparison between Google and Apple. Given that their total revenues are of different size, how can we reasonably compare them?
What if we add a 3rd competitor to the arena? Let’s look at Outbrain. They’re a digital advertising marketplace w/ $256M annual revenue. By your argument, $256M << $1B — therefore we should take Apple to care more about their advertising business than Outbrain do about theirs?
Percentages are important because a company is less likely to risk 99% of their business to double 1% of their business than to risk 33% of their business to double the other 66%
While the orders of magnitude here are evocative, it's worth noting that Apple has a pervasive culture of "we deserve our cut of any transaction that goes through any of our platforms, and we will (mis)use our power to enforce that" stemming from when Jobs had to bring the company back from the brink of bankruptcy. See current battles on allowing alternative payment processors in iOS apps (to the point that even when ordered by courts to allow them, they added a 27% commission on alternate payment processors)
Apple is rapidly running out of growth room in new physical people to sell phones to, and is starting to significantly switch focus to new ways of extracting rent from existing customers through "services" and similar.
Both companies profit from ads when you claim one did not. If you’re looking at the percentage revenue projections from ads Apple’s has been growing faster than Google’s.
It's as though nobody realizes extensions can be created or purchased by sketchy actors and that this is a huge security risk when the extensions request "all access to all sites." OK, so when setting up an account's username and password and are provided 2FA codes or recovery codes -- those can all be compromised. How can you know an extension is compromised? It's almost impossible to tell with certainty.
Things like "The Great Suspender" incident get ignored and folks assume no other extensions have the same problems.
And what in MV3 solved all of that? It still allows enough to do a lot of damage.
Regardless of that, at some point you have to trust software. You can't expect everyone to read every line of code and compile all the software by themselves.
Yes, I trust plenty of software and I'm not suggesting that extensions are bad in theory. Extensions being able to silently inject code and ownership to change at any time is a pretty bad security model. We can agree that there are _bad_ security models, right?
It's the sum of the parts in changes from manifest V2:
- no arbitrary code injection via executeScript, must be a file now
- no more remote code
- no more arbitrarily getting selected text or highlighted text on a tab
- declarativeNetRequest instead of intercepting requests
- explicit listeners on the page to help detect bad actors (vs just arbitrary JS running on the page)
Even ignoring ad blocking - with those rules stuff like Tampermonkey which is totally legit can no longer work with execute script. You also lost a lot of functionality by losing DOM, having to rely on the broken lifetime of a Service Worker instead of persistent background page .
It took Google three to four years to acknowledge that the community is completely correct with its criticisms, and that MV3 is garbage designed by people who have no knowledge on how people write extensions and which abilities they actually use.
They're finally adding features that should have been there years ago. The new scripting API which brings back arbitrary scripts, in a new form, the offscreen documents API, and hopefully they'll eventually implement limited event pages which are somewhat solving the background page lifetime and DOM issues (which are already implemented by Mozilla and Safari I believe). Obviously, everything was decided hastily in the last second so all of the features are supposed to be completed by "around" October 2022, just two months before the original MV2 cutoff.
I've also read some of the extension working group transcripts, it's pretty sad how Google/Chrome has no accountability and almost zero transparency.
>actors and that this is a huge security risk when the extensions request "all access to all sites."
sure but that's my choice, that's why it's an extension. Paternalism of telling me what to do with my browser is silly merely because something is potentially dangerous. The entire internet is potentially dangerous. Clicking on a link or installing a piece of software is dangerous.
You're an adult, make responsible choices about whose extension to install instead of demanding that Google strangle you with security policies which at the end of the day serves only one purpose which is to extend their control over the user experience.
These are a bunch of straw man arguments against what I said. There is a difference between clicking a link and an extension being able to read the contents of pages you visit -- like your bank records or credentials.
Some of these "choices" aren't actually _made_ by anyone. Even with trust of an author, if remote code is being used and a domain or server is hijacked, then the remote code could be replaced. It's a lose-lose problem for Google and not addressing this problem means worse security for casual users. The boogeyman that they will remove useful extensions is antithetical to their behavior so far.
if (casual) users is what Google was concerned about that'd be easy to solve. They could ship a full ad-blocker with Chrome that renders third party extensions obsolete and there'd likely be no v3 debate, because those are the extensions primarily impacted by the design choices made.
The entire debate we're having rests on the fact that they're not integrating this functionality (despite this being technically trivial) because it's in conflict with their entire business model. Which is the only reason people have to reach for third party extensions in the first place.
It's very bizarre that your response is nothing more than a complete deflection - "what about Apple?!", but then you go on to accuse others of being reductionist and lacking honesty.
That's because while Apple has monetary incentive to keep up the walled garden it really does have provide value to apple customers. I know google is selling everything and the farm about me when I use thier services. If apple wants my business they'll keep on doing what they're doing, I don't see ads on their platform and haven't seen any credible reports they're selling everything they know about me to the government and anyone who will pay $$ for that. I hastled myself for years keeping a rooted phone with trimmed down Android OS in various forms, but it was a lot of work. With apple I just buy a phone and use it and don't have to worry them selling me out every step I make or allow apps to rifle through my files and photos.
I give Apple (and MSFT in the Gates/Ballmer days) money, and in return they don't try to spy on me. Google, current MSFT and Meta all want to give me free stuff and then make up the difference with ads. It's not complex as to why I am more likely to believe Apple when they say something is privacy enhancing and distrust Google.
> Until and unless Google meaningfully commits to never neuter ad blockers, it’s still critical and urgent that we switch to Firefox.
Google doesn't want ad blockers to exist, the evidence is not that they make the majority of their revenue from ads. It's that the most popular version of Chrome already has 0 ad blocking capability! Ad blocking and extensions are legacy features.
I went to a lot of trouble preparing for a post GAFYD/Workspace future (I have a legacy free one from way back that's in active use for four family email accounts). Then they changed course and let me keep it after all. Death by slow boil, or they'll let me stay on it for another 10+ years?
I left GAFYD just days prior to them relenting and let people stay on it.
I regretted the decision for a while afterwards, but i've since realized i don't want this shutdown threat hanging over my head. Thanks for the 10+ years of hosting but i don't have to be treated like this, I'm better off without them.
Meh. One day everyone will open Chrome, realize adblock doesn't work, wonder what happened, and switch.*
Do you really think Google is on some vendetta against adblock? Adblock has lived on the Chrome webstore for a decade, and many, many, many copies have appeared too. Google could have easily nuked any of them but hasn't.
MV3 is not about adblock. Maybe one day the web will turn into some WASM-driven advertising shitshow, but we're thankfully a long way from that.
*Google knows this, which is why they haven't stopped ad-blocking.
Yes, I think it's about Adblock. Chrome has a huge percentage of the browser market (they killed ie/edge as non chromium options!) and will never be as hedgemonic as now. So now is when you strike back at ad blockers if you're an ad company.
I don't see any other reason for the features they killed to be killed. Specifically the preload hooks that ad blockers used.
How do you got to conclusion that the change in features essential for adblocking, in browser by company that main revenue is ads, is not about adblocking?
"But they did not nuke it before" is not an argument btw. They didn't had utter market dominance before in case you somehow fucking forgot.
Maybe they didn't make the move until now, because they an tolerate a minimal amount of ad blocking in their user base (e.g. for PR purposes). Or maybe they were not dominant enough until now. Or maybe the user base has reached the critical mass of ignorance and brainwashing.
> Sponsored Images: Striking, high-definition images that are featured in the Brave new tab image rotation. Advertisers have the opportunity to feature their brand prominently in this coveted space in front of millions of consumers.
"Fuck Google, have Brave shove ads in your face instead!"
I’ve been using brave for years and never seen an ad on new tabs. New tabs typically have an image of mountains or some scenery, with a summary of the number of ads blocked and bandwidth saved because of those blocks.
Yes it is, and extensions for Brave are installed through the Chrome Web Store, as are extensions for other chromium based browsers like Edge. There's no escaping the manifest v3 event horizon for extension developers.
Other commenters mentioned that they will continue to support MV2 and are even planning to stand up their own extension store that offers MV2 extensions after Google stops allowing them in their store.
Parts of the supporting code have, and Apple still plans to roll that feature out. We are mid-rollout. They probably won’t make any other announcements about it. You’ll know it’s complete when they announce e2e encryption for iCloud Backup.
They said some stuff after the backlash, but they never retracted or renounced their plan. Indeed, portions of the code are now in the current released OS.
I think that code is there to support their new feature where it does on device scanning of photos sent to minors via iMessage, which is not reported to Apple.
Example: In Chrome 69, Google made it so that each time you sign in and use a Google service like Gmail, Maps or YouTube, your Google account will be automatically logged in to the Chrome browser.
There were outrage but Google had provided a flag to turn it off. It was in chrome://flags/#account-consistency.
Thanks! I didn't know I could turn that off. I "solved" it by wrapping chrome with my own home grown tooling to maintain multiple parallel profile directories, so I could run "work chrome" and "chrome for gmail" and "chrome for web browsing". Of course, now I use firefox for all 3 so I don't have the problem anymore... :)
Its a paranoid reading of the normal launch process.
Behind the scenes every major change like that is a flag that's deployed first off then slowly flipped to default true as a rollout so that it's as low risk as possible of unintended damage / failure.
This was actually the update and app behaviour that pushed me off of chrome back to firefox. been using firefox for all my browsing needs since. No issues.
I’m confused. I have a normal google account which I sign into chrome with and I have a google apps google account through my university. When I sign into google properties with my university account I remain logged into chrome on my personal account.
"Until and unless Google meaningfully commits to never neuter ad blockers, it's still critical and urgent that we switch to Firefox."
Why would Google ever commit to keep ad blockers working, unconditionally. It makes no sense.
I use Firefox in sometimes on mobile. I use Chrome for online banking and shopping. This usage is an extremely small portion of web use for me. (Does that make me an "actual user" under the Google employee's definition.) The majority of the time using the web I do not use a popular browser from a "tech" company. I use simpler software I can edit and compile myself, quickly and easily. I have all the "features" I need.
As such, 99% of the time I never see any ads. Google can do whatever it wants with Chrome. I still see no ads. I am not using it.
Unless and until one considers that there are other ways to access the web besides those dictated to us by "tech" companies, then one cannot seriously claim to be trying to avoid advertising. Firefox is funded by Google and other "search provider" profits from advertising services. Mozilla is against some forms of online tracking, but they are absolutely pro-advertising. I just watched their "Chief Security Officer" state this on video to the FTC earlier in the month. Are we supposed to believe there is some "standoff" between Mozilla and Google (or any other "tech" company, i.e., "search provider") over advertising. That would be pure fantasy. Mozilla (Corporation)^1 is like any other "tech" company. It has no business plan. It has nothing to sell that could sustain it as an employer of software developers. It only has its position as an intermediary, to assist with online advertising, in Mozilla's case to assist by sending search traffic to Google, and whatever else is required by their royalty agreements with "search providers".^2
2. Mozilla even sells its own advertising services:
Advertising revenues - Mozilla also offers advertising services in three formats. The first is the New Tab advertising service, which places links to sponsored content when a new tab is opened in the Firefox web browser. The second format is through Pockets email product, Pocket Hits. Pocket Hits may include paid advertisements, which are placed in email newsletters that get delivered to global Pocket users. Lastly, Mozilla also sells web advertisement spots on content that Mozilla licenses and syndicates from publisher partners across the web.
Along with a "service" to remove advertising:
Subscription revenues -
Included in a Pocket Premium subscription are features like full text search on saved articles, removal of advertising from Pocket properties, the ability to create unlimited highlights and the ability to create a permanent library of everything a user has saved.
For me, playing both side of the coin, charging for advertising services and charging for advertising removal services, does not rank high on the scale of company integrity. But this sort of "playbook" seems quite common for "tech" companies. For example, Google does it with YouTube ("YouTube Red", now "YouTube Premium").
<< Why would Google ever commit to keep ad blockers working. It makes no sense.
We are the end users of this software and, while clearly a minority, we do expect things to work. If a useful feature is being neutered, it is considered bad for the users. Thankfully, Google is not, yet, in a position where it can just force its adoption. Thankfully, there are still other options ( including some recent moves creation of non-G and non-F browser; and interesting variants of Chrome ).
Those vocal end users ( and that includes me ) want things in one specific way. For two different reasons:
1. I recently was forced to browse net without adblockers and it was a horrid experience. I pity the poor souls that live without them.
2. I still basically do everything tech related around the house. If Google starts being annoying, I will drop it like a hot potato. Thankfully, I am not longer local tech guy for my extended family.
In other words, it still makes sense for Google to appease the people, who do the work of converting and then supporting their software, because people sure don't call Google, when it raining ads.
By the by, didn't we go through the exact period with infinite pop-up ads and agreed that it was a really bad idea? Why would anyone think users want it back?
The postponement was practically inevitable. Manifest v3 is a slow moving train wreck. Extension developers know it isn't ready and won't be ready by January.
Happy holidays to me, I can kick this can down the road too.
Deadline is still January if you want the featured badge or if you want to work in all the channels of Chrome. Seems like for most developers the deadline is the same.
As a news website you don't NEED to use AMP. You'll just never appear in Google's news carousel, and won't be at the top of the news search results anymore. Sorry :(
Way too risky for devs to ignore the deadline and possibly get de-ranked from store search results.
Are you listed on the store? My company’s is unlisted and just part of the onboarding documentation. I think in my case nobody would give two craps about the badge.
I think this has to change and may just be an outdated part of the timeline that hasn't been updated yet. After all, this item is still on the timeline too: "Enterprise policy can let Manifest V2 extensions run on Chrome deployments within an organization." But that doesn't make any sense anymore, because V2 will no longer be disabled on the stable channel in January, so there's not even a need for an enterprise policy to keep V2 extensions running.
It wouldn't make any sense to let V2 extensions keep running until June but disallow updates. What about security issues? They have to allow security updates.
> January 17, 2022: New Manifest V2 extensions will no longer be accepted by the Chrome Web Store. Developers may still push updates to existing Manifest V2 extensions, but no new Manifest V2 items may be submitted.
> January 2023: The Chrome browser will no longer run Manifest V2 extensions. Developers may no longer push updates to existing Manifest V2 extensions.
So V2 would be disabled in the stable channel simultaneously with the end of updates, in January 2023.
Only a special enterprise policy could keep V2 extensions running for a while after that time.
Thanks for the dv punishment check, @Barkingcat. You could've done a drive-by downvote, but you at least also left a comment, which I appreciate.
I was about to hop in the car and didn't have time to Google it, and pre-cognitvely figured others might also like to know without needing to also actively search it 100x, collectively.
Looking at my comment history, it's clear I frequently do research things myself and post a thorough comment in an effort to educate as well as inform others about terminology in HN discussions.
Please strive to be generous in your interpretations of others.
Please strive to be generous in your interpretation of my comment as well - likewise.
There are 3 posters including me replying to your question re what channels are, 2 including the same link. Hopefully that answers your question! (and by that I mean that I hope you didn't interpret that to be me sending you to a mistaken answer? if that's what you were refering to?)
That link is indeed genuinely from google.
I did downvote, but people also downvoted my comment as well, so I don't treat downvotes or upvotes as that important, sorry if that made you feel any other way.
The important thing is : did you get the answer to your question?
So I was actually trying out uBlock Origin Lite [1] (the MV3 compatible version) as my daily driver for the past week and I must say it's not that bad. I had to manually enable content access for a handful of sites but doing so on an opt-in basis and getting more performant experience on 98% of other sites is actually something I'm going to use going forward even if MV2 compatibility gets pushed further into the future.
I wonder how long things will stay that way though, when sites will tailor their tracking/ad annoyances to exploit the MV3 limitations. I really wouldn't want to opt into every single site I visit.
Most websites don't bother with antiadblock because current adblock can handle that. Once most people are using crippled ad blockers that can't bypass antiadblock, they'll implement the antiadblock.
There isn't much incentive right now to make ad delivery that can't be blocked in mv3. I'd bet once mv2 is gone you will suddenly start seeing ads not blocked because it's impossible to block with declarative rules.
It's really validating to see someone post their actual experience with MV3 adblocking, because the constant stream of misleading headlines saying "Google is banning adblocking" on low-expertise places like reddit has become a pet peeve of mine. Almost no one involved in those discussions actually know how adblockers work, and are just copying and pasting sub-par reporting, which itself is just poorly-informed fluff around attempts to rephrase comments from gorhill.
MV3 adblockers are still going to, broadly, work fine, if slightly worse than before. There's slightly more concern over privacy blockers, but as usual it gets more clicks to mislead users about something they care about (adblocking) rather than get them to really care about privacy.
> MV3 adblockers are still going to, broadly, work fine, if slightly worse than before.
I just don't think this is true, ad blocking will be substantially degraded and, more importantly to certain companies involved, the ability to block tracking cookies and request metadata will be almost entirely removed.
> just poorly-informed fluff around attempts to rephrase comments from gorhill.
gorhill's comments here indicate many issues remain with MV3 and that it still fails to meet his own requirements.
> gorhill's comments here indicate many issues remain with MV3 and that it still fails to meet his own requirements.
How do you figure? Gorhill actually states that there are many improvements only possible because of V3. What's also said is that for some features in the future there's further investigation required. And the last thing said in that comment is:
> Many users of uBO will dislike the limitations of uBOL when compared to uBO. There is no point complaining about it, it's just not for you, it's meant for another kind of users -- you do not have to use it.[..] but I want to offer an option for those who use uBO as an install-and-forget blocker without ever interacting with it.
I think you're kind of mischaracterizing the comment.
> Gorhill actually states that there are many improvements only possible because of V3.
I think that's a charitable - to the Chrome team - misunderstanding of an artificial limitation they've imposed. The improvements are possible without MV3:
* declarativeNetRequest is implemented today, they could expose it in MV2
* nothing prevents Google Chrome from continuing to offer the current onBeforeRequest API as a permission extensions can request in MV3
* nothing prevents Google Chrome from working with developers like gorhill, who are sensitive to performance concerns as you'll see below, to develop more powerful APIs that fit within a security and performance profile that satisfies end users, gorhill, and the Chrome team.
On performance: While many of the performance improvements are made possible with a declarative API, uBlock Origin uses WebAssembly for an extremely performant fully dynamic blocking implementation that has almost no impact on battery life. (I believe other experiments have shown that blocking these requests yields increases in battery life, even.) You can see some benchmarks here that were posted from his experimentation: https://raw.githack.com/gorhill/uBlock/master/docs/tests/hns...
On security: gorhill has proven that he's capable of writing WebAssembly to implement highly performant and sandboxed checking of dynamic filters. WebAssembly is in fact the perfect technology for a "declarativeNetRequest" to use. Could Chrome cut the Gordian knot of enabling performant and safe ad blocking extensions with an API that registers a WASM program as web request filter?
The program could be limited to pass/fail/redact actions, where redact would involve removing headers, query parameters, trailing path parts. That is, "utm_campaign=..." could be removed, but the extension would not have a side channel for injecting information into requests.
>more importantly to certain companies involved, the ability to block tracking cookies and request metadata will be almost entirely removed.
Right, that's precisely what I mean. Trackers are a privacy issue, not an "ad" issue.
>I don't know if users of ad blockers make this distinction.
Contrary to what people on HN think, the absolute majority of users care little about tracking and a lot about whether there's a huge banner ad in the middle of their content. MV3 does comparatively little to affect the latter (which can be removed through cosmetic blocking). Most users use adblockers purely to get rid of ads.
>gorhill's comments here indicate many issues remain with MV3 and that it still fails to meet his own requirements.
Right, that's my point. Tech news sites just running specifically gorhill's comments through an "underpaid intern" filter and then printing them, without actually explaining or probably even understanding them. Gorhill is complaining loudly because it makes his specific software worse, and everyone interprets this as "Google getting rid of adblockers".
You are here to tell us when posed with the question "do you want to block trackers who do nothing but slow down your browsing" users would go "no thank you, only the ads"?
That is of course nonsense. Ad blockers can block trackers with much the same mechanisms and it's just a pure and utter improvement at no cost.
> MV3 adblockers are still going to, broadly, work fine, if slightly worse than before.
Why would anyone accept going to a "slightly worse" situation? We're literally going backwards in terms of functionality and we should just accept this?
The new API reduces the damage a malicious extension can cause.
Sandboxing extensions is a good thing, not a bad thing, and if the price is only a slightly less effective adblocker, then I am totally ok with the change.
I tried the "lite" Ublock on my work laptop, on the relatively uninformed opinion that MV3 really is safer than MV2 in terms of a rogue extension being able to reach in and steal your secrets (am I wrong?)
An immediate test with Youtube gave pre-roll ads. Oh well. But a later Youtube visit, and all since, have been like Ublock Origin - ads gone, preroll, superimposed and in-video ad breaks. I have no idea how all this works and frankly am glad I don't have to. But yes, of course, Youtube may change in the future to precisely sidestep the MV3 limitations of ad blockers.
I don’t care that they’re wrong, I care that this miscategorization helped the issue reach “the public” and rightly caused some finger pointing and users switching away from Chrome.
That’s a good thing. Sensationalism works and we all want content blocking to be as effective as possible. While “it still works”, it’s not as good or as efficient as the MV2 version.
It's one thing to degrade service quality for the greater good of the userbase (see spectre/meltdown exploit mitigations for example), and it's another thing entirely to do so to the detriment of your userbase.
What you're saying here is the equivalent of me stepping on your brand new shoes and then saying "what... They still work fine!".
No, if you have a single extension that needs to block requests using manifest v3, you're not going to run into the problem that everyone's been pointing out.
They also disallow updates to MV2 extensions in January, which effectively kills them off: "Chrome Web Store stops accepting updates to existing Manifest V2 extensions"
True, but you can issue updates to existing extensions with MV2. As someone who has two MV2 extensions, this transition is a much bigger deal for existing extensions than new ones.
What do you mean meme storm? Switching to Firefox makes you immune to annoying changes like this... I honestly don't understand why more people, especially on hn, haven't switched over still.
As a Firefox user, articles like this are just noise, not a possible attack on my personal privacy. When was the last technical scandal with Firefox? Adding an optional bookmarking service? How are people still defending chrome?
Security (not privacy): Firefox has shown in Pwn2Own contests and in security circles that it is not as secure as Chrome. Mainly because of overall security architecture and sandboxing techniques involved (remember the Chrome comic, I think even current Firefox has not implemented all security sandboxing which Chrome had from day 1). Firefox is trying to catch up but is overall behind. So there you have your technical disadvantage. I feel personally saver to visit unknown sites with a current Chrome based browser than with Firefox.
Also if you compare from a fingerprinting side of view then Brave is better than Firefox+uBlock (and all privacy lists involved). You can compare that easily between your Firefox and Brave here: https://coveryourtracks.eff.org/
For me personally I also don't want to miss Chromecast capabilities (it's a nice system and unfortunately there is no good alternative) in my mobile browser.
It's an imgur thing. It disables controls on every interaction with the video by doing `.controls = false` on the video element.
Chrome seems to ignore this attribute being set to false and continue to show controls anyway, which appears to be a spec violation from my reading of it. Of course it ends up being a desirable behavior in this case.
Switching to Firefox means accepting ads built-in to the browser, something that (AFAIK) Google has never done. You can, I suppose, go find the settings one by one and disable all the places they appear, but Mozilla can (and has) introduced new on-by-default ads with version upgrades, so that only lasts so long as your current browser version is supported.
I mean, sure it's great that ad blockers still work, but let's not pretend that Firefox is some kind of bastion of pro-user sentiment.
Absolutely true. That's why I use Librewolf. I can control updates when I want them via my system package manager. The developers don't really maintain a separate browser from firefox, just a distribution that removes Mozilla trackers and a few user hostile decisions (like those ads). Works very well for me!
> You can, I suppose, go find the settings one by one and disable all the places they appear
It's like one setting in about:config
> Switching to Firefox means accepting ads built-in to the browser, something that (AFAIK) Google has never done
Google might not build ads into the browser, but if you use it as they intend and log into the account all of your activity gets tied to your account. I would rather have pocket then not be able to sign into a google account without google signing it in across the browser
> I mean, sure it's great that ad blockers still work, but let's not pretend that Firefox is some kind of bastion of pro-user sentiment.
Yeah mozilla has a shitty track record I'll admit and firefox is a lower quality product, but at the end of the day it's still the lesser of two evils
Exactly - pocket is only one source of ads at this point. They keep adding them from different sources. I've actually compiled Firefox without Pocket for years now, and I still got ads in the browser after an update.
> Switching to Firefox makes you immune to annoying changes like this
Unfortunately it does not, as other replies and plenty of HN Firefox posts demonstrate.
> I honestly don't understand why more people, especially on hn, haven't switched over still.
There are several important areas where Firefox is lacking. Automation on macOS is one of them (it’s the sole major browser without AppleScript support) but in every thread I see people complaining of something different.
I use neither Firefox nor Chrome. I don’t want to support Google, but it’s also not feasible to use Firefox as my daily driver or to support it in the tools I release.
Actually even firefox is switching to V3 and deprecating V2, they are keeping request blocking (main problem with v3) but why are they just following google?
It used to be that firefox would copy chrome's ui, then they started copying the extensions, then they eliminated their better extensions. Now I expect they will fully embrace the latest gimped api from google.
"During the third quarter of 2021, the average global adblocking rate was estimated at 37 percent. Vietnam and China were top of the class, with a respective adblocking penetration rates of 44.7 and 43.7 percent. This was followed by 41.7 percent of surveyed Indonesians and 40.4 percent of surveyed South Africans admitting to using software blocking online advertising. In the United States, 34.2 percent of internet users said they used adblockers."
It's a wrong assumption. Installing chrome requires no brains and google pushing it hard. A tool from my Motherboard maker would install chrome and make it default if you don't go into "advanced" install. You can end up with chrome as a default browser without knowing it. Shit, our work MDM policy installs Chrome on every work laptop.
What’s not speculative is that adblockers have to be constantly maintained to remain effective. As websites find new circumventions, adblockers respond with fixes.
Manifest v3 freezes the capabilities of adblockers in time (it regresses them). Perhaps it’s sufficient for today’s ads but over time websites will take advantage and the effectiveness of adblockers will wither: websites have a financial incentive to circumvent all those chrome users.
I don't think the meme-storm has anything to do with it. Desktop Linux is constantly memed, for example at times when MS does something stupid with Windows, and yet, Linux adoption is minor on desktops. People being loud, and putting their word in action are two very different things.
I really tried to give Firefox a go last week because of the threat of losing UBlock Origin.
I almost committed, but there is a many-years-old bug in Firefox that they haven't fixed which won't let you use alternate audio devices for webrtc, which made it so I couldn't use google meet with my headphones.
Can you link to the bug? I'm down to using Chrome _only_ for google meet at work, now that all my streaming services work just fine in FF.
Isn't it curious how audio works fine when it's from Netflix, Hulu, Amazon Prime, etc but when using a Google property (Google Meet) suddenly it doesn't work under Firefox... curious indeed.
Perhaps you've already tried this, but if not then I'm optimistic this will fix it for you:
- go to about:config page in Firefox (load it like you would a website with URL 'about:config', and accept the warning to proceed with caution)
- paste 'media.setsinkid.enabled' into the search bar at the top
- default setting is false, click the button on the right to toggle it to true
- reload google meet, hopefully you'll now be able to choose non-default audio output (I think non-default microphone can be chosen even without this toggle?)
That's a relic of the way in which the bug you linked to was fixed, and there is a (still open) ticket requesting that the default by changed from false to true here: https://bugzilla.mozilla.org/show_bug.cgi?id=1498512
(edit: there's one comment in that bug I linked saying that audio worked with Google Meet's pre-call test noise, but not on an actual call itself. I can't test myself right now, but if I've raised hopes falsely then apologies!)
I never liked chrome because it required me to set a proxy via command line arguments or system wide. Never understood why they don’t give me an option like firefox within the settings to set a proxy, but at the same time chrome allowed *extensions* to set proxies.
The extension support is because Google relies on an extension to do a lot of their zero trust stuff https://cloud.google.com/beyondcorp though I don't think they use proxies anymore.
> Starting in June in Chrome 115, Chrome may run experiments to turn off support for Manifest V2 extensions in all channels, including stable channel.
They're giving themselves wiggle room on this instead of saying they're just straight up going to turn it off (or even committing themselves to starting to phase it out at that point).
Also, they're showing support for MV2 extensions through Jan 2024, as long as they're marked Private. That's huge — I'm considering scrapping our update for now and just waiting to see how this all unfolds until then. Most of our users come from our website, and I can just link them to Private instances of our extension in the Store. (Also, our extensions are fairly mature, and we can go a year without submitting an update.)
I have no need to be Google's guinea pig as they sort out this mess!
firefox has a real good chance to make it back once again. all the chrome derivates wont be able to manage a fork on their own so they should jump ship and build on firefox. I have read about how firefox is PITA to build but we have stuff like waterfox that are a homebrew type setup so if they can do it, surely opera or brave with their VC funding and ad dollars can surely change the look and feel of firefox for their use.
I also feel bad because the management of firefox has long since sold out to google so they WILL find a way to fuck this opportunity up. I am certain of it.
Orion supports Firefox and Chrome browser extensions natively. Whether you prefer getting them from the Chrome Web Store or Firefox Add-Ons, your extensions are just a click away.
Is there a good (more objective? less emotional?) breakdown of the issues with, and I assume also the benefits of, Manifest V3?
So far all I've heard is that it'll destroy ad-blocking, except that it sounds to me like the ad-blocking abilities it has are fairly close to Apple's content blocking abilities, and while ad-blocking on iOS isn't perfect, it's still a thriving ecosystem.
I made my first foray into web extensions with mv3 on chromium recently. I thought, maybe it's fine since I have nothing to unlearn. Nope. mv3 is terrible and nothing works. Every example of something I want to do is in mv2 and doesn't work at all in mv3. The attempt has killed any desire I have to write a webextension at all.
MV3 comes from a legitimate concern for user security. Every time I visit my Mom she has some Chrome extension that steals all her traffic and reads every page and reports back to some shady company. It's a huge problem for ordinary users, it's just that ad blockers legitimately do the same thing as far as the browser is concerned, so it's a hard balance to strike. If you do nothing, random people lose key personal information. If you do something, HN complains about how it's a conspiracy to make them see more ads.
As always, it's probably a little from column A and a little from column B, but mostly column A with the "unfortunate" side effect of column B. Google has had years to remove ad blockers from the extension marketplace, for example, and they'd need to write a lot less code relative to MV3.
Not building uBlock Origin into Chrome was the mistake they made here. Once there is a known-good ad-blocker built in, nobody cares about extensions anymore. (Except for the steal-your-data extensions, whose authors are definitely amongst us on HN.)
> Google reviews every extension and update on the Chrome Web Store
Absolutely not true. No one has the manpower to actually review/understand all the code that is being pushed to the store. Extensions are automatically approved after a few minutes.
Mozilla tries but it's more of a spot check after the extension is being published.
I work for a company whose primary product is an extension. From my experience it's quite random; sometimes an update will pass 'review' a few hours after submission (never a few minutes, but it's clearly not being reviewed in any depth) and other times it will be held up for a few days, a week, or up to 15 days recently. It seems to be a lottery, where your chances of a manual review are increased by requiring certain permissions and other factors the chrome gods decide are risky. In our case they have rejected updates several times for spurious reasons, like claiming we do not use the notifications permission although we asked for it - even though use of the `.notifications` method on the chrome javascript api was visible in our code.
I think GPs point stands - whether or not they actually review every update, they make the claim that extensions are reviewed, and they're reviewed often enough that they should be able to catch genuinely dangerous extensions.
It depends on how new the extension is, probably. It does occasionally get stuck in review, but definitely not "every extension and update". Mozilla tried to do that and had to backtrack a few years ago.
Google could disable extensions completely and your claim would still be true. It's clear that MV3 does notcome from a legitimate concern for user security, because Google could solve security issues without destroying a large part of the extension ecosystem.
It might also solve issues with security, but Google's complete refusal to work with the community to find common ground shows what they're really after.
These things should be optional. As a user, I'm confident enough that I can download software and run it without any major problems. Even if it turns out to be malicious, I know how to get rid of it.
Most users are not like this. They really do benefit from a restricted experience. That's why app store and extension restrictions should exist.
The problem is when engineers go all in on the restrictions, and completely abandon the other set of users. This is software, it can have an infinite number of knobs and customisations. It's not a table, which can only have a fixed number of legs.
It's likely not a sincere concern for user security, or eg google could grant ublock origin and a handful of others permanent mv2 access. And nobody else. Or require stringent whitelisting. etc. There's no rules here except the ones google chooses to impose.
Does anyone know if MV3 will affect add-ons such as Greasemonkey/Violentmonkey, Stylus. It'll be pretty hard to live without those on the web as it is now.
Obviously uBO and noScript would be bigger losses, but those seem to be taken care of on Firefox and some other Chromium browsers.
There's so many bad awful downgrades to life in MV3. The amount of issues & unsolved cases grows significantly month after month, but the only commits to the webextensions spec are meeting notes, where problems & horrors are abundant & vicious. Nothing is improving, nothing is getting better, no visible progress to heal or help is apparent visible or coming. This is a deathmarch project and it will never ever emerge from this valley of death, will never restore a fraction of what it in it's total ignorance took away.
This isn't an evil move, it's just a dumb one. The kerfuffle over adblockers is obvious & huge, but ultimately MV3 will definitely do something to make adblocking acceptable. Google is not going to make themselves look like a monster; this is perhaps the only "good" (one giant neutral nothingburger on both sides) news.
But my god, the other people being hit with various degredations are in such a hell-grade nightmare pickle. Userscript extensions are still fully hosed (ed: recent movement in issues spotted[1]!). Running dynamic code via Function (a common speed optimization for performance critical JS systems) or eval is still outlawed. Extensions lifecycle is far less clear & persistent than it used to be, and there's thousands of people who simply don't have an extension runtime to hold state for them anymore. Extensions used to be able to use a wide variety of "page" style APIs which are all now suddenly missing and "limited event pages"[2] and "offscreen pages"[3] arent making visible progress.
Meanwhile there's seemingly no visible advantages to users here. This 24th hour rewrite of what a webextension is (right before it's specified (rather than a tacit slowly evolved semi-agreement)) seems to serve a primarily abstract/rarely-experienced security concerns, while reducing extension power enormously. There's been no one to negotiate this trade-off. Extension developers have gotten nothing, users have gotten nothing, and extension capabilities have shrunk enormously. Personally I'd like to see the proprietary closed extension-store maintainers do a more active job of weeding out, helping us see good from bad, or giving us tools to peer-moderate, rather than simply shutting the door on the most critical user-agency boosting system, at the most critical 24th hour.
There's endless web spec discussions that go on, but this is the most enormous & massive re-negotiation of power the web has ever seen. So far, it's going poorly for everyone except the extensions-store operators, who seem chiefly to be concerned about making their jobs easier in the future, by making extensions far less capable. I can feel real & good intent underneath that: this isn't being done because of bad will. But the visible effects, the impact, is cruel: how could short lifecycle service workers with far less api & far less capability[4] be seen as anything less than a boldfaced theft of user-agency? To be honest: it's unclear how such a deeply impotent position as this was ever proposed or considered. Change is super hard, change management is hard, but this was not a good footing to start on.
Adblocking will be ok. This isn't evil. But this is for sure a much deeper, far more complicated fiasco of the highest & most critical importance to the web.
Has Brave announced how they're dealing with this change? I've been using it for years and am generally happy, though I've been trying Orion recently to get vertical tab support.
They also apparently will stand up their own MV2 store after Google's deprecation is complete.
> During the deprecation period, we can keep this functionality via patch (since it's there for Enterprise). After V2 is pulled from store, we'll need to stand up our own extension store for manifest v2
I just renamed update.exe (chrome complains about that when you boot it once), simple if you can live without the eternal update cycle they (FMAANG) are pushing down our throats since hardware does not improve anymore.
Todays websites are overengineered, but they load fine over multiple sockets (without HTTP/2.0 TCP head-of-line bottleneck), also I have 1GB/s symmetric.
