restic’s rest-server append-only mode unfortunately doesn’t prevent data deletion under normal usage. More here: https://restic.readthedocs.io/en/stable/060_forget.html#secu.... Their workaround is pretty weak, in my opinion: a compromised client can still delete all your historic backups, and you’re on a tight timeline to notice and fix it before they can delete the rest of your backups, too.
This page seems designed to direct attention anywhere but the meat of the issue: are the moon details in Samsung photos derived from sensor data alone, or also external photos? To me, the answer is clear: Samsung can’t produce this result unless they also ingest external, high res moon photos. Yet Samsung frames it as “enhancing details”, not “adding details”, clearly implying the details in question were already there in some form.
Right, disappearing messages aren’t a safeguard against a malicious recipient, they’re a blast radius limiter on future device compromise on either end.
The abandoned plan was perceptual hashing, which should return the same hash for very similar photos, while the new one is a checksum, which should return the same hash only for identical photos. I don’t think that invalidates the point, but it does seem relevant. It certainly makes it much less useful for CSAM scanning or enforcing local dictator whims, since it’s now trivial to defeat if you actually try to.
The big difference is with photos end-to-end encrypted, Apple can't (by choice nor force) have human "content reviewers" look at photos to inspect them for unlawful content, as was the intention under Apple's 2021 plan [1] after a threshold of 30 hash matches was met.
Although it was starting on CSAM material, it wasn't clear which other illegal activities Apple would assist governments in tracking. In countries in which [being gay is illegal](https://www.humandignitytrust.org/lgbt-the-law/map-of-crimin...), having Apple employees aid law enforcement by pointing out photographic evidence of unlawful behaviour (for example, a man hugging his husband) would have been a recipe for grotesque human rights abuses.
With photos encrypted, Apple can't be pressured to hire human reviewers to inspect them, and thus cannot be pressured by governments that enforce absurd laws to pass on information on who might be engaging in "unlawful" activities.
>The abandoned plan was perceptual hashing, which should return the same hash for very similar photos . . .
Is there any proof they actually abandoned this? NeuralHash seems alive and well in iOS 16[1]. Supposedly the rest of the machinery around comparing these hashes to a blind database, encrypting those matches, and sending them to Apple et al. to be reviewed has all been axed. However that's not exactly trivial to verify since Photos is closed source.
Anything over a network can be decrypted and inspected with a MITM proxy (manually adding its root certificate to the trust store), as long as only TLS (no application-level encryption) is being used.
There are a multitude of ways to inspect the decrypted traffic of your own device, whether it's a jailbroken iPhone provided by Apple to the security community or a non-kosher jailbroken device. People inspect this traffic all the time.
> . . . as long as only TLS (no application-level encryption) is being used.
Therein lies the rub: the payload itself is protected by an encryption scheme where the keys are intentionally being withheld by either party. In the case of Apple's proposed CSAM detection Apple would be withholding the secret in the form of the unblinded database's derivation key. In the case of Advanced Data Protection the user's key lives in the SEP, unknown to Apple.
By design the interior of the "safety vouchers" cannot be inspected, supposedly not even by Apple, unless you are in possession of (a) dozens of matching vouchers and (b) the unblinded database. So on the wire you're just going to see opaque encrypted containers representing a photo destined for iCloud.
I felt this way for a while, but I’d like to offer another angle: maybe it’s like saying “Every company eventually hires tall people. Some have no tall people, but it’s just a matter of time. Tall people are really an unstoppable force.” The missing piece is also observing short people (ad-free offerings), which you’d notice are not being eliminated, are also prevalent, and also “infect” everything. I think the unstoppable force being felt here is just statistics: ads are often an option, companies make a lot of decisions, it’s statistically inevitable that some of those will be ads, unless the company has some strong aversion to ads, which most don’t.
The never-ending chain has bothered me too. I realized that if there is a theory of everything, it needs to prove itself. As far as I know, that’s a logical contradiction. Maybe resolving that contradiction is the door to moving forward. Is the concept of a “theory of everything” invalid? Is modern logic insufficient to find it?
Don’t mistake this for victory. Google’s standard playbook when forcing things people don’t like is to spread the action out over a longer timeframe, exhausting the media and keeping the final blow mostly out of the news, and exhausting our individual outrage and will to keep fighting. It works every time, and it’ll work again if we become complacent again. Until and unless Google meaningfully commits to never neuter ad blockers, it’s still critical and urgent that we switch to Firefox.
I mean, it's not just Google that does this nor is this an Alphabet invention. This is merely Assimilation 101. The "Chinese patience" towards heterogeneous minority groups and their customs is a commonly referenced one, but this "boiling the frog" is really the only way to guarantee things change while mitigating serious rebellion.
Another good example is how the Rashidun Caliphate granted conquered Zoroastrian Persians Dhimmi or "people of the Book" status. I'm sure it seemed kind at the time since Zoroastrianism is obviously not "of The [Abrahamic] Book". This merely postponed persecution of the unconverted until such a time as they were disperse, weak and with less sovereign resolve. They got a worse and worse deal as the centuries wore on.
I'm not justifying Google here, but this is really every hegemon's SOP: corporate, tech or cultural.
I'm just as mad with Microsoft forces me to use a Windows account after juggling the slow creep Mojang deprecation, when Mozilla gives you fewer and fewer ways to install apps outside of their extension store until it's a Nightly-only feature, or when [your favorite app] is acquired by [your least favorite company] and starts down a path you'd *never expect*. It's all garbage.
Sorry for getting out of topic somewhat, But how many users would benefit if Mozilla gives many more ways to install extensions from unfederated source? That sounds like browser malware disaster from 2010s to me
It was a slow boiling. Today, there's no way to install an unsigned extension in Firefox at all, you now have to use Developer Edition binaries. For a company that says the end user should be the decider and hold the keys, Mozilla sure likes limiting our options. There was a way to place them in a directory for awhile, then a cli flag, then an about:config flag, then a few other inconvenient options that ultimately ended up being snuffed out.
Even Chrome has a flag you can flip and install an unpacked extension from file. Sending this stuff up to Mozilla for them to grace or relegating developers and corporate users to some unbranded or esoteric dev binary is offensive to the end user IMO. I mean, it's not even federation, just centralization. Sure you can host it on your webpage, but it needs to be signed by the mother ship either way.
Firefox removed "about:config" from Firefox on android as well. Maybe we'll get a cli flag escape hatch for a year when they do the same on desktop. Not trusting the end user in the name of security is not a Google-only play despite all the Moz Marketing.
This has been Mozilla's MO for a while now. They even did it with add-ons on Firefox for Android. First they allowed add-ons. Then they took them away but promised that they will open up soon. Then the locked them down some more.
These days I don't use Firefox because I want to, but because it's the least worse choice.
I'm confident their hostile behavior towards user control is one of the reasons why they're hemorrhaging users. And no, giving users way to change UI colors not control. It's a fucking pacifier and an insult.
Google also likes to provide a feature flag to re-enable the old feature for a few versions. Parts of the community happily re-enable the feature, hence the media doesn't pick up on any outrage. By the time the feature flag is removed, it's a stale story.
This has happened so many times in recent years, I've grown tired of warning people about it. It's such a simple trick but almost everyone falls for it.
> as we shift our focus to Manifest V3. This change will give Chrome users increased safety and peace of mind while browsing and installing extensions by providing more transparency and control over permissions, adding stricter protocols for accessing resources outside the extension’s context, and ensuring that extensions work well on all devices
It sounds like government gobbledygook, with even more lies (there are no extensions on Chrome on mobile, so what "all devices" means is anyone's guess).
I often wonder what goes on in the mind of people writing this. Are they happy? Why did they choose to work in tech instead of some administration, if BS is their thing? Is it just for the money?
If you think of privacy solely as reducing the risk of an extension going rogue and leaking data - then sure, MV3 is a win.
But if you include the issue of sites sharing data, then reducing the ability of extensions to use advanced heuristics to block advertising and tracking may cause more harm than good.
There are plenty of users who understand that extensions are extremely powerful, thoroughly vet the organizations that have the capacity to update those extensions, and are also required to visit numerous less-trusted websites (and in a modern age of advertising technology, that's practically all of them) whose data sharing practices they cannot vet. MV3 will be a net negative for the privacy of those users.
Now, it may be reductive to say that those users, and that privacy threat model, matter more than others. But it is equally reductive to pretend that MV3 is a universal good.
It’s the equivalent of an airport security policy - as I mentioned before, to reduce risk. Which, both in that analogy and here, can indeed be part of a defense-in-depth. But such a policy is not without tradeoffs, and it cannot be evaluated in a vacuum.
It seems Google (or maybe just some of the employees?) derive pleasure from taking things that were working just fine and then breaking them so my life is harder.
It's almost a yearly occurrence at this point -- some thing that, once upon a time in the past I spent effort on configuring so that I could have a happy experience with my computer, will now be announced deprecated forcing me to comply with some new edict from on high with absolutely no benefit for me.
Please stop doing this. Stop "fixing" things. I'm an engineer too, I know building new things is fun, but there is also honor in maintaining well functioning things and not making other people's lives unnecessarily hard.
I bet that, now that I finally have mutt working again with Google's newest incarnation of authentication, there's a team within Google excited about breaking it in 2 years.
So, here's the hidden secret to Google: every inexplicably stupid move they've ever done can be described in terms of promo packets.
Every duplicate messaging app? That's someone's promo packet item.
Every ground-up incompatible API rewrite? Also a promo packet.
Google produces new work purely to satisfy itself. Their hierarchy forms its own internal economy where promotions are purchased with headline-grabbing actions that fool managers into thinking they provide business value. We'll call this "Googlestan".
Yes, this occasionally causes problems in the external, "real" economy. Writing message apps as disposable products means you don't have an answer to iMessage or Whatsapp. Breaking APIs every 3 months makes Google Cloud a nonstarter for anything other than easily-migrated guest OSes with a more sensible deprecation policy.
But that's how Google was built, and how Google will continue to be built, because all hierarchies have a rule zero: self-preserve. You cannot build a new Google without disenfranchising the people who currently know how to game the current Google, and those people will instinctively fight against an engineering culture they do not understand.
The only exceptions to this are the core economic vehicles between Googlestan and the outside world: Search, Chrome, and Android. Note how each one of these products have a dramatically more conservative roadmap, with a reasonably minimized number of breaking changes. Hell, Chrome specifically calls breaking changes "interventions", because they're that serious about not making them. These products form a moat around Googlestan that protects the country from invaders, so they themselves are isolated from the kinds of people who would gank them for the sake of a promo packet.
[0] If you're wondering, "how does Google internally handle breaking changes everywhere without boiling the ocean"... the answer is that they have an automated ocean-boiling machine that lets them rewrite the entire Google code corpus whenever an API breaks.
<super tiny>I must be stupid, but... what's a promo packet? I never worked for any of the FAANGs (other than once, at Lab126 and accidentally inventing the worst thing ever) so I don't know all the lingo</>
Even though I'm simply trying to guess from context without actually knowing, everything you just said sounds both accurate and hilariously well put.
Edit: WOW. I had no idea that's how things (even used to) work within those companies. A packet of materials you submit to get promoted. I'm almost bowled over with laughter.
That explains everything.
Here in the normal world, I get promoted by... being good at my job. Asking for it as part of a performance review, typically one I negotiate for as part of my employment, also helps.
Promo packets were an attempt at a way to figure out how to promote people when you had thousands of good engineers and they couldn't figure out how to decide who had most earned it. You didn't trust their manager, they had a limited resource of 'money' to give. Maybe it was a bureaucratic approach, a little like the army?
I think this is an inevitable thing that happens when you have huge orgs with a limit on who can be promoted, there's not enough reward for everyone. I don't know how to do it. Trust managers doesn't scale, people reward their friends or whatever. Microsoft faced this too, but they didn't have a packet approach, it seemed like the senior managers decided, without having a paper trail like that.
To be clear, it's just you making a list of things you accomplished, because otherwise your boss is going to have to dig through their email to figure it out, and they may miss something / get something wrong which will hurt you. The lingo might be specific to FAANG but the practice isn't, including the part where you do "unnecessary" work to try to pad the packet.
> at Lab126 and accidentally inventing the worst thing ever)
Lab126 created some of the first e-ink technology, right? Is the Kindle, or e-ink screens, or e-ink patents, the worst thing ever... or is there something else I should know about in this space?
> Lab126 created some of the first e-ink technology, right? Is the Kindle, or e-ink screens, or e-ink patents, the worst thing ever... or is there something else I should know about in this space?
There's a lot to unpack in that sentence. Care to elaborate?
In my defense, I said it was a horrible idea at the time, we'd have to stream everyone's audio to the cloud to get the keyword spotting to work...
Also, Lab126 did not create e-ink! E-ink came out of the Media Lab long before the first kindle.
I'm glad that they're finally making one with a stylus, when I was there (more then a decade ago) there was a prototype tablet you could write on that had a brilliant new sort of user interface.
"collection of material you submit to support your case for promotion", it's actually not even a thing anymore which adds another layer of irony here, and he is dead wrong (see my other reply).
It's easy to bamboozle yourself from the obvious "maybe people are incentivized to do things to get promoted and perhaps even unnecessary things" to wild unrelated fantasies of how this could explain decisions you don't agree with
> The only exceptions to this are the core economic vehicles between Googlestan and the outside world: Search, Chrome, and Android. Note how each one of these products have a dramatically more conservative roadmap, with a reasonably minimized number of breaking changes.
I'd add Google Maps and Google Mail onto this list.
This isn't true and I don't even particularly care if you think it is and you're a fellow Googler. I know for a fact it isn't.
There's some trivial truth to it, of course, but specific assertions are laughably false and more complicated than you are claiming.
I very much would like to reiterate this sort of thing is unhealthy, the point I was making was people moralize while assigning grand motives to a large # of uncoordinated actions about decisions that are obviously more complicated in real life if you were making them. This sort of is a perfect exercise in that
Then can you explain to us why does google do self-owns such as 10 messenger apps?
Promo-driven development and a bias towards greenfield is something that many engineers in other large tech companies are familiar with, and articles such as this are written by former googlers frustrated with the promo system: https://mtlynch.io/why-i-quit-google/ . Put two and two together and it seems like a likely explanation in light of no additional information and a meme is born.
I come from a company that has a google derived promo system, and I believe it when promo driven development can explain a lot.
Especially when that system values certain things like new 'innovations' vs important maintenance. Or tech leadership of multi-team projects which leads to forcing migrations on the rest of the company to get multi-team points vs. a seamless backwards compatible one done behind the scenes not being a multi-team project, so you don't get promoted for doing it. Or valuing mindless metric number go up over a more thoughtful review of the real impact which, gasp, might not involve some numbers sometimes.
These systems also change very slowly and are hard to change overall. I think google still does 5 leetcode interviews back to back, right? Despite them being shown they're not very good indicators of real job performance?
I had a google interviews loop, 2 out of 3 weren't leetcode related questions. the 3rd was a easy medium bfs. one of questions drilled into teSt driven development and etc.
The problem is (as always) a lack of regulation in the tech industry. We've taught Big Tech that the only way to 'innovate' is to perform profane moneymaking rituals at the expense of the end user, and the shareholders are always asking for more.
The average Google engineer's job is no different from anyone else working in a sufficiently large company. Their job isn't 'press the big evil switch on MV3', but rather 'MV3's staging branch is failing tests, go fix it'. The evil comes from perverse bureaucratic incentive, so it leaves me kinda ruffled to see people blaming the engineers on HN of all places. I can imagine some pinstriped upper-management prick at FAANG reading this thread in their penthouse and laughing their ass off.
> We've taught Big Tech that the only way to 'innovate' is to perform profane moneymaking rituals at the expense of the end user, and the shareholders are always asking for more.
> The evil comes from perverse bureaucratic incentive..
I think you're entirely right. I have nothing else to add, other than that I've always thought this, it's not a new change of opinion.
I guess I don't see any conflict between my comment and yours?
Yes, I know that "Their job isn't 'press the big evil switch on MV3', but rather 'MV3's staging branch is failing tests, go fix it" -- I've worked in software my whole career too. :)
> so it leaves me kinda ruffled to see people blaming the engineers on HN of all places.
I also know that it isn't some nebulous cloud above which is where designs come from, but other employees. I also know, from experience, that if you're a valuable enough engineer within an org or a project, and you significantly oppose a proposed feature or change coming from the suits, it's not gonna happen. What are they gonna do, code it themselves?
> I can imagine some pinstriped upper-management prick at FAANG reading this thread in their penthouse and laughing their ass off.
> I also know, from experience, that if you're a valuable enough engineer within an org or a project, and you significantly oppose a proposed feature or change coming from the suits, it's not gonna happen. What are they gonna do, code it themselves?
I’ve had high success rate effecting significant course changes in several roles, at several distinct jobs. One of the things I emphasize to mentees is that their word and will is powerful, more than in most IC roles. Even so, the error in your reasoning here is obvious to me, especially applied to such large companies. Your chance of success effecting a course change is high, but the company may value your contributions less than they value the course they want to keep. They may also be in a position to hire people whose talent and compliance are more valuable than your own.
What are they gonna do? They’re gonna find someone else among hordes of applicants to do what you won’t.
Holding out because you are the only person who can make a change doesn't work as well with a company like Google with many overlapping developers.
Those plans come from management layers above not from the co-worker beside you. Blaming the developers when it usually starts with a vp trying to increase some metric for bonus time missing the key point that it is the organizational culture that demands, forbids and sets the rules for how employees operate. It starts at the top because if the ceo did not promote based in metric scores increasing the vp wouldn't create projects developers work on that the end user hates.
Not sure why you decided to bring up Apple. People decide to buy into the Apple ecosystem.
I didn't decide to buy into the Chrome ecosystem. I just have to use it because of the marketshare. And I'm on Gentoo running a personal build of Chromium.
Manifest v3 is pure evil. Don't get it twisted. There's no ambiguity here. It's just a cash grab.
Anyone working on it on the Chrome team should feel shame.
I'm a firefox user and have no love for Google, but I disagree with this. No one is forcing you to use Chrome. This is also a good test for Mozilla/Brave to show if they truly stand by the principles they profess to defend. If Chrome did everything right we would not have needed Firefox/Brave for the reasons they currently exist. And if they follow suit, I hope the community will take a long hard look at the state of the browsers and try to fork Firefox or build something new.
I think it's pretty absurd that this is the level of discourse on this subject. "pure evil" and "just a cash grab" aren't substantive criticisms, nothing in your post is actually informational.
The reality is that ad blockers will continue to work to a significant extent that they do today. Engage with that, put some information with merit into your posts.
It makes the adblockers fight with one hand behind their back, tilting the balance in the cat and mouse game towards the attackers.
Google is an empire built on advertising: scams and malware, so their evil has always been present. But right now we have an easy way to protect ourselves. Manifest v3 is exposing that evil to technologically-minded people.
I will have to switch my parents over to Firefox or Brave to keep them safe online.
I’m curious what parts of the internet you visit that you do not see all the ads for scams, shock ads, and other malicious things. There’s a reason that “one weird trick, doctors hate it!” is a meme. It’s utterly rampant. If I open YouTube without an adblocker there’s often some kind of snake oil salesman that pops up. Or a cult.
Now, I use private browsing, so I get the “default” experience. Perhaps you don’t use private browsing and so your targeting is really honed in. Perhaps you only see sensible ads for sensible people, a sensible wallet or a sensible car. If that is the case then fine, but if the only way to use the internet is logged in to Google and with everything tracked, then that is unacceptable to me.
> The reality is that ad blockers will continue to work to a significant extent that they do today.
Completely false. Compare the difference between uBlock Origin on Firefox MV2 vs uBlock Origin Lite MV3 on Chrome and there's a massive loss of functionality.
Funny how Mozilla manages to vet the code of some of the more popular extensions for their "recommended" extensions program with far fewer financial resources.
>curated extensions that meet the highest standards of security, functionality, and user experience. Firefox staff thoroughly evaluate each extension before it receives Recommended status.
I'm still bitter that Google permanently removed my @gmail.com with your dark pattern migration to business email. With no option to move back? You guys lost half of my Google Drive, Photos history. But it's cool. That's life.
And then you moved me to legacy workspace to appease me.
And then months before you tried again to migrate my legacy workspace email to paid, which another Google employee said it's free forever. I'm willing to pay anything on your valuable service but those dark patterns is what really pisses me.
“This ruins ad blockers”, “this is so they don’t have to make REAL ad blockers work”, “they want a 30% cut of VPN money instead”, “this will cause cancer”.
OK, not the last one. But people literally posted here on HN that Apple was killing people by not letting Flux on the iPhone.
Considering how much information “normal“ ad blockers can see, I’m not against this. I like Apple’s approach (and understand this to be similar).
Calling for objectivity is probably not the first thing people want to do when discussing a company building a giant world-wide spying machine. In addition to logic, humans employ sentiment, emotions, and feelings and there isn't anything wrong with doing that.
There’s a big “yet” attached to Apple not profiting from the proliferation of ads - from what I’ve read, since they pushed the “ask app not to track” change, Apple has been pushing hard for more widespread adoption of their own advertising platform.
Make no mistake, Apple does not care about your privacy — only about moving the ad money out of Google’s pocket into their own.
I sort of see it the other way around. To me Google is an advertisement company first, and if you use Google products then you know your privacy data is how you pay for those products. With Apple and Microsoft you're paying for the product, but you're now also getting your privacy data sucked into their growing advertisement business.
I personally think the use of privacy data is a waste of resources, and that companies like duckduckgo have the longer end of the stick. Because it makes more sense to me, that I get advertisements for a robot vacuum cleaner when I'm searching for one, and not the 3 months after I buy one, but then there is a trillion dollar advertisement industry to prove me wrong. So who knows. But what pisses me off is that companies sell you a product, and then also include advertisement and privacy data harvesting in it, like that Samsung TV article that was on here recently. Or how Windows "home or whatever the non-enterprise edition is called" now sometimes installs pre-installers for things like candy crush or Minecraft without asking you to do so... Like what the hell?
I don't want you to read this as a defence for google, but at least they are sort of honest about the evil they do.
I'm not sure any of these sleazy moves will have the desired outcomes for these companies. I don't want to use linux, I did once, but I like my technology to work right out of the box with no effort to make it so or to maintain it, which is why I'm in the Apple ecosystem these days, but the ways things are heading, I think the only future will be linux, and trying to find appliances that aren't add-infested.
"I was factually incorrect Apple generates about 1% of their annual revenue from ads"
Why play silly games to make 4 billion dollars seem small?
I could play this game in the other direction and say "Apple generates more money from ads now than 99% of the companies ever make over their entire existence"
In truth, 4 billion dollars is a lot of money.
More to the point of this discussion, when you ask them, they want it to be a very significant part of their business. They talk about it on earnings calls all the time!
It's not like they are hiding it!
Which sort of totally blows up the idea that they don't care.
We're talking about whether they profit, and whether it matters to them and the business.
You said they do not.
"One of these companies profits by the proliferation of ads and the other does not."
That was wrong. They make a lot of money from it and they have said it is an important part of their future.
Rather than just say you were wrong, you instead try to paint it as not mattering by using percentages, when again, it is a lot of money and apple themselves say it matters a lot
Just accept that what you said was mistaken, and do better next time. What you are doing now just makes you look bad and unable to learn and grow.
I admitted that my original comment was factually incorrect. It was wrong. I said that.
However, the point has always been about the comparison between Google and Apple. Given that their total revenues are of different size, how can we reasonably compare them?
What if we add a 3rd competitor to the arena? Let’s look at Outbrain. They’re a digital advertising marketplace w/ $256M annual revenue. By your argument, $256M << $1B — therefore we should take Apple to care more about their advertising business than Outbrain do about theirs?
Percentages are important because a company is less likely to risk 99% of their business to double 1% of their business than to risk 33% of their business to double the other 66%
While the orders of magnitude here are evocative, it's worth noting that Apple has a pervasive culture of "we deserve our cut of any transaction that goes through any of our platforms, and we will (mis)use our power to enforce that" stemming from when Jobs had to bring the company back from the brink of bankruptcy. See current battles on allowing alternative payment processors in iOS apps (to the point that even when ordered by courts to allow them, they added a 27% commission on alternate payment processors)
Apple is rapidly running out of growth room in new physical people to sell phones to, and is starting to significantly switch focus to new ways of extracting rent from existing customers through "services" and similar.
Both companies profit from ads when you claim one did not. If you’re looking at the percentage revenue projections from ads Apple’s has been growing faster than Google’s.
It's as though nobody realizes extensions can be created or purchased by sketchy actors and that this is a huge security risk when the extensions request "all access to all sites." OK, so when setting up an account's username and password and are provided 2FA codes or recovery codes -- those can all be compromised. How can you know an extension is compromised? It's almost impossible to tell with certainty.
Things like "The Great Suspender" incident get ignored and folks assume no other extensions have the same problems.
And what in MV3 solved all of that? It still allows enough to do a lot of damage.
Regardless of that, at some point you have to trust software. You can't expect everyone to read every line of code and compile all the software by themselves.
Yes, I trust plenty of software and I'm not suggesting that extensions are bad in theory. Extensions being able to silently inject code and ownership to change at any time is a pretty bad security model. We can agree that there are _bad_ security models, right?
It's the sum of the parts in changes from manifest V2:
- no arbitrary code injection via executeScript, must be a file now
- no more remote code
- no more arbitrarily getting selected text or highlighted text on a tab
- declarativeNetRequest instead of intercepting requests
- explicit listeners on the page to help detect bad actors (vs just arbitrary JS running on the page)
Even ignoring ad blocking - with those rules stuff like Tampermonkey which is totally legit can no longer work with execute script. You also lost a lot of functionality by losing DOM, having to rely on the broken lifetime of a Service Worker instead of persistent background page .
It took Google three to four years to acknowledge that the community is completely correct with its criticisms, and that MV3 is garbage designed by people who have no knowledge on how people write extensions and which abilities they actually use.
They're finally adding features that should have been there years ago. The new scripting API which brings back arbitrary scripts, in a new form, the offscreen documents API, and hopefully they'll eventually implement limited event pages which are somewhat solving the background page lifetime and DOM issues (which are already implemented by Mozilla and Safari I believe). Obviously, everything was decided hastily in the last second so all of the features are supposed to be completed by "around" October 2022, just two months before the original MV2 cutoff.
I've also read some of the extension working group transcripts, it's pretty sad how Google/Chrome has no accountability and almost zero transparency.
>actors and that this is a huge security risk when the extensions request "all access to all sites."
sure but that's my choice, that's why it's an extension. Paternalism of telling me what to do with my browser is silly merely because something is potentially dangerous. The entire internet is potentially dangerous. Clicking on a link or installing a piece of software is dangerous.
You're an adult, make responsible choices about whose extension to install instead of demanding that Google strangle you with security policies which at the end of the day serves only one purpose which is to extend their control over the user experience.
These are a bunch of straw man arguments against what I said. There is a difference between clicking a link and an extension being able to read the contents of pages you visit -- like your bank records or credentials.
Some of these "choices" aren't actually _made_ by anyone. Even with trust of an author, if remote code is being used and a domain or server is hijacked, then the remote code could be replaced. It's a lose-lose problem for Google and not addressing this problem means worse security for casual users. The boogeyman that they will remove useful extensions is antithetical to their behavior so far.
if (casual) users is what Google was concerned about that'd be easy to solve. They could ship a full ad-blocker with Chrome that renders third party extensions obsolete and there'd likely be no v3 debate, because those are the extensions primarily impacted by the design choices made.
The entire debate we're having rests on the fact that they're not integrating this functionality (despite this being technically trivial) because it's in conflict with their entire business model. Which is the only reason people have to reach for third party extensions in the first place.
It's very bizarre that your response is nothing more than a complete deflection - "what about Apple?!", but then you go on to accuse others of being reductionist and lacking honesty.
That's because while Apple has monetary incentive to keep up the walled garden it really does have provide value to apple customers. I know google is selling everything and the farm about me when I use thier services. If apple wants my business they'll keep on doing what they're doing, I don't see ads on their platform and haven't seen any credible reports they're selling everything they know about me to the government and anyone who will pay $$ for that. I hastled myself for years keeping a rooted phone with trimmed down Android OS in various forms, but it was a lot of work. With apple I just buy a phone and use it and don't have to worry them selling me out every step I make or allow apps to rifle through my files and photos.
I give Apple (and MSFT in the Gates/Ballmer days) money, and in return they don't try to spy on me. Google, current MSFT and Meta all want to give me free stuff and then make up the difference with ads. It's not complex as to why I am more likely to believe Apple when they say something is privacy enhancing and distrust Google.
> Until and unless Google meaningfully commits to never neuter ad blockers, it’s still critical and urgent that we switch to Firefox.
Google doesn't want ad blockers to exist, the evidence is not that they make the majority of their revenue from ads. It's that the most popular version of Chrome already has 0 ad blocking capability! Ad blocking and extensions are legacy features.
I went to a lot of trouble preparing for a post GAFYD/Workspace future (I have a legacy free one from way back that's in active use for four family email accounts). Then they changed course and let me keep it after all. Death by slow boil, or they'll let me stay on it for another 10+ years?
I left GAFYD just days prior to them relenting and let people stay on it.
I regretted the decision for a while afterwards, but i've since realized i don't want this shutdown threat hanging over my head. Thanks for the 10+ years of hosting but i don't have to be treated like this, I'm better off without them.
Meh. One day everyone will open Chrome, realize adblock doesn't work, wonder what happened, and switch.*
Do you really think Google is on some vendetta against adblock? Adblock has lived on the Chrome webstore for a decade, and many, many, many copies have appeared too. Google could have easily nuked any of them but hasn't.
MV3 is not about adblock. Maybe one day the web will turn into some WASM-driven advertising shitshow, but we're thankfully a long way from that.
*Google knows this, which is why they haven't stopped ad-blocking.
Yes, I think it's about Adblock. Chrome has a huge percentage of the browser market (they killed ie/edge as non chromium options!) and will never be as hedgemonic as now. So now is when you strike back at ad blockers if you're an ad company.
I don't see any other reason for the features they killed to be killed. Specifically the preload hooks that ad blockers used.
How do you got to conclusion that the change in features essential for adblocking, in browser by company that main revenue is ads, is not about adblocking?
"But they did not nuke it before" is not an argument btw. They didn't had utter market dominance before in case you somehow fucking forgot.
Maybe they didn't make the move until now, because they an tolerate a minimal amount of ad blocking in their user base (e.g. for PR purposes). Or maybe they were not dominant enough until now. Or maybe the user base has reached the critical mass of ignorance and brainwashing.
> Sponsored Images: Striking, high-definition images that are featured in the Brave new tab image rotation. Advertisers have the opportunity to feature their brand prominently in this coveted space in front of millions of consumers.
"Fuck Google, have Brave shove ads in your face instead!"
I’ve been using brave for years and never seen an ad on new tabs. New tabs typically have an image of mountains or some scenery, with a summary of the number of ads blocked and bandwidth saved because of those blocks.
Yes it is, and extensions for Brave are installed through the Chrome Web Store, as are extensions for other chromium based browsers like Edge. There's no escaping the manifest v3 event horizon for extension developers.
Other commenters mentioned that they will continue to support MV2 and are even planning to stand up their own extension store that offers MV2 extensions after Google stops allowing them in their store.
Parts of the supporting code have, and Apple still plans to roll that feature out. We are mid-rollout. They probably won’t make any other announcements about it. You’ll know it’s complete when they announce e2e encryption for iCloud Backup.
They said some stuff after the backlash, but they never retracted or renounced their plan. Indeed, portions of the code are now in the current released OS.
I think that code is there to support their new feature where it does on device scanning of photos sent to minors via iMessage, which is not reported to Apple.
Example: In Chrome 69, Google made it so that each time you sign in and use a Google service like Gmail, Maps or YouTube, your Google account will be automatically logged in to the Chrome browser.
There were outrage but Google had provided a flag to turn it off. It was in chrome://flags/#account-consistency.
Thanks! I didn't know I could turn that off. I "solved" it by wrapping chrome with my own home grown tooling to maintain multiple parallel profile directories, so I could run "work chrome" and "chrome for gmail" and "chrome for web browsing". Of course, now I use firefox for all 3 so I don't have the problem anymore... :)
Its a paranoid reading of the normal launch process.
Behind the scenes every major change like that is a flag that's deployed first off then slowly flipped to default true as a rollout so that it's as low risk as possible of unintended damage / failure.
This was actually the update and app behaviour that pushed me off of chrome back to firefox. been using firefox for all my browsing needs since. No issues.
I’m confused. I have a normal google account which I sign into chrome with and I have a google apps google account through my university. When I sign into google properties with my university account I remain logged into chrome on my personal account.
"Until and unless Google meaningfully commits to never neuter ad blockers, it's still critical and urgent that we switch to Firefox."
Why would Google ever commit to keep ad blockers working, unconditionally. It makes no sense.
I use Firefox in sometimes on mobile. I use Chrome for online banking and shopping. This usage is an extremely small portion of web use for me. (Does that make me an "actual user" under the Google employee's definition.) The majority of the time using the web I do not use a popular browser from a "tech" company. I use simpler software I can edit and compile myself, quickly and easily. I have all the "features" I need.
As such, 99% of the time I never see any ads. Google can do whatever it wants with Chrome. I still see no ads. I am not using it.
Unless and until one considers that there are other ways to access the web besides those dictated to us by "tech" companies, then one cannot seriously claim to be trying to avoid advertising. Firefox is funded by Google and other "search provider" profits from advertising services. Mozilla is against some forms of online tracking, but they are absolutely pro-advertising. I just watched their "Chief Security Officer" state this on video to the FTC earlier in the month. Are we supposed to believe there is some "standoff" between Mozilla and Google (or any other "tech" company, i.e., "search provider") over advertising. That would be pure fantasy. Mozilla (Corporation)^1 is like any other "tech" company. It has no business plan. It has nothing to sell that could sustain it as an employer of software developers. It only has its position as an intermediary, to assist with online advertising, in Mozilla's case to assist by sending search traffic to Google, and whatever else is required by their royalty agreements with "search providers".^2
2. Mozilla even sells its own advertising services:
Advertising revenues - Mozilla also offers advertising services in three formats. The first is the New Tab advertising service, which places links to sponsored content when a new tab is opened in the Firefox web browser. The second format is through Pockets email product, Pocket Hits. Pocket Hits may include paid advertisements, which are placed in email newsletters that get delivered to global Pocket users. Lastly, Mozilla also sells web advertisement spots on content that Mozilla licenses and syndicates from publisher partners across the web.
Along with a "service" to remove advertising:
Subscription revenues -
Included in a Pocket Premium subscription are features like full text search on saved articles, removal of advertising from Pocket properties, the ability to create unlimited highlights and the ability to create a permanent library of everything a user has saved.
For me, playing both side of the coin, charging for advertising services and charging for advertising removal services, does not rank high on the scale of company integrity. But this sort of "playbook" seems quite common for "tech" companies. For example, Google does it with YouTube ("YouTube Red", now "YouTube Premium").
<< Why would Google ever commit to keep ad blockers working. It makes no sense.
We are the end users of this software and, while clearly a minority, we do expect things to work. If a useful feature is being neutered, it is considered bad for the users. Thankfully, Google is not, yet, in a position where it can just force its adoption. Thankfully, there are still other options ( including some recent moves creation of non-G and non-F browser; and interesting variants of Chrome ).
Those vocal end users ( and that includes me ) want things in one specific way. For two different reasons:
1. I recently was forced to browse net without adblockers and it was a horrid experience. I pity the poor souls that live without them.
2. I still basically do everything tech related around the house. If Google starts being annoying, I will drop it like a hot potato. Thankfully, I am not longer local tech guy for my extended family.
In other words, it still makes sense for Google to appease the people, who do the work of converting and then supporting their software, because people sure don't call Google, when it raining ads.
By the by, didn't we go through the exact period with infinite pop-up ads and agreed that it was a really bad idea? Why would anyone think users want it back?
I listened to a lot of mic testing a few months ago, frustrated by the AirPods Pro Gen 1 too. My conclusion was that all wireless earphone mics are pretty bad, and you’re not going to sound good unless you hold the phone up to your cheek or use a headset. But if you just want the best you can get in wireless earphones, I think the Jabra Elite 7 Pro and Sennhesier Momentum 3 are both a step up from the AirPods Pro Gen 1. They sound cheaper and let in more background noise, but they don’t have that underwater sound, parts of your voice disappearing, or sporadic background noise amplification, making them more intelligible and less stressful on a call.
HN is overly dismissive of tech in Android devices. People should look up testing of Samsung’s current gen 108 MP sensor. It’s true that it doesn’t look sharper when displaying the whole image on a smartphone’s 3.5 MP screen or a 4K (8.3 MP) monitor, and that it’s not really 9 times sharper than a quality 12 MP, but those points miss the meaningful one: it actually is way sharper than the current gen iPhone, and it is very visible as soon as you blow up the image, zoom in, or significantly crop it.
This is something I love about Samsung and Huawei: they actually force Apple to make their cameras better and better instead of just following their usual obsessions like slimming and gluing everything together.
After thinking about this for a minute, I think the point wasn’t that people shouldn’t have fallen for this in particular, but to give everything a tint of uncertainty. It’s a pretty clear cut example of “no matter how believable it was, it can still be not even a little bit true”. In many contexts I’d call that a rather unproductive observation, but in the context of fake news, we have many people perceiving different realities built on a whole network of strong beliefs about what exists and what happened. Uncertainty about everything is probably actually exactly what’s needed to break free of a grip like that.
i.e. "the internet is full of lies" But that doesn't mean sources of truth do not exist. Sources of truth do exist, though, what is read online should be carefully considered. I mean, isn't that kind of the thinking around telling people to not clicking links in emails, text messages and generally stopping to ask whether a piece of information seems too outlandish to be true or too shocking? So yeah it's definitely felt like the internet is full of people who aren't "mature enough" to invest so heavily into the internet of late.
reply