Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Wednesday January 23 2019, @03:12PM   Printer-friendly
from the bring-back-common-sense-adctl dept.

Google engineers have proposed changes to Chromium which would completely break content-blocking extensions, including various ad blockers, ostensibly for "security" reasons.

Per The Register:

In a note posted Tuesday to the Chromium bug tracker, Raymond Hill, the developer behind uBlock Origin and uMatrix, said the changes contemplated by the Manifest v3 proposal will ruin his ad and content blocking extensions, and take control of content away from users.

Content blockers may be used to block ads, but they have broader applications. They're predicated on the notion that users, rather than anyone else, should be able to control how their browser presents and interacts with remote resources.

Manifest v3 refers to the specification for browser extension manifest files, which enumerate the resources and capabilities available to browser extensions. Google's stated rationale for making the proposed changes is to improve security, privacy and performance, and supposedly to enhance user control.

"Users should have increased control over their extensions," the design document says. "A user should be able to determine what information is available to an extension, and be able to control that privilege."

But one way Google would like to achieve these goals involves replacing the webRequest API with a new one, declarativeNetRequest.

[...] Hill, who said he's waiting for a response from the Google software engineer overseeing this issue, said in an email to The Register: "I understand the point of a declarativeNetRequest API, and I am not against such API. However I don't understand why the blocking ability of the webRequest API – which has existed for over seven years – would be removed (as the design document proposes). I don't see what is to be gained from doing this."

Hill observes that several other capabilities will no longer be available under the new API, including blocking media elements larger than a specified size, disable JavaScript execution by injecting Content-Security-Policy directives, and removing the outgoing Cookie headers.

And he argues that if these changes get implemented, Chromium will no longer serve users.

The Register points out that this will not just affect Google Chrome and Chromium, but also Chromium based web browsers such as Brave Browser and Microsoft Edge.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by darkfeline on Thursday January 24 2019, @05:42AM (2 children)

    by darkfeline (1030) on Thursday January 24 2019, @05:42AM (#791076) Homepage

    Spoken with the proud wisdom born from technical ignorance. Plain DNS notoriously suffers from many security problems: lack of trust, lack of privacy. DNSSEC only covers a small part of the problem. DNS-over-HTTPS is necessary to fully fix the problems with DNS.

    https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ [mozilla.org]

    --
    Join the SDF Public Access UNIX System today!
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by Azuma Hazuki on Thursday January 24 2019, @06:41AM (1 child)

    by Azuma Hazuki (5086) on Thursday January 24 2019, @06:41AM (#791099) Journal

    I know of the problems with DNS, thank you. But if DNS over HTTPS allows this sort of hijacking to happen, maybe we ought to be investigating another means of securing it. Don't assume so quickly.

    --
    I am "that girl" your mother warned you about...
    • (Score: 3, Interesting) by darkfeline on Thursday January 24 2019, @09:24AM

      by darkfeline (1030) on Thursday January 24 2019, @09:24AM (#791155) Homepage

      DoH is a protocol which has nothing to do whether it is implemented natively within a program. Any program can implement its own DNS to "hijack" resolution from the OS resolver. This has nothing to do with DoH.

      And all of this is ignoring that Chromium is FOSS so you can replace any hypothetical hard coded DNS server.

      Blah blah technical ignorance.

      --
      Join the SDF Public Access UNIX System today!