from the bring-back-common-sense-adctl dept.
Google engineers have proposed changes to Chromium which would completely break content-blocking extensions, including various ad blockers, ostensibly for "security" reasons.
Per The Register:
In a note posted Tuesday to the Chromium bug tracker, Raymond Hill, the developer behind uBlock Origin and uMatrix, said the changes contemplated by the Manifest v3 proposal will ruin his ad and content blocking extensions, and take control of content away from users.
Content blockers may be used to block ads, but they have broader applications. They're predicated on the notion that users, rather than anyone else, should be able to control how their browser presents and interacts with remote resources.
Manifest v3 refers to the specification for browser extension manifest files, which enumerate the resources and capabilities available to browser extensions. Google's stated rationale for making the proposed changes is to improve security, privacy and performance, and supposedly to enhance user control.
"Users should have increased control over their extensions," the design document says. "A user should be able to determine what information is available to an extension, and be able to control that privilege."
But one way Google would like to achieve these goals involves replacing the webRequest API with a new one, declarativeNetRequest.
[...] Hill, who said he's waiting for a response from the Google software engineer overseeing this issue, said in an email to The Register: "I understand the point of a declarativeNetRequest API, and I am not against such API. However I don't understand why the blocking ability of the webRequest API – which has existed for over seven years – would be removed (as the design document proposes). I don't see what is to be gained from doing this."
Hill observes that several other capabilities will no longer be available under the new API, including blocking media elements larger than a specified size, disable JavaScript execution by injecting Content-Security-Policy directives, and removing the outgoing Cookie headers.
And he argues that if these changes get implemented, Chromium will no longer serve users.
The Register points out that this will not just affect Google Chrome and Chromium, but also Chromium based web browsers such as Brave Browser and Microsoft Edge.
(Score: 3, Interesting) by Apparition on Wednesday January 23 2019, @03:23PM (2 children)
gHacks published an article [ghacks.net] this morning with news that Opera has also gotten into the "block the ad-blockers game," currently only with search engines.
It feels like it is nearing endgame for web browsers that rely on advertisers for money.
"Now that Microsoft has finally folded and Chromium rules the web, what are you going to do? Run Firefox? Pfft. Watch as we break YouTube [dailydot.com] on non-Chrome browsers. Then what are you going to do?"
(Score: 2) by eravnrekaree on Wednesday January 23 2019, @03:33PM (1 child)
Edge is a completely proprietary browser and would have also adopted these ad-blocker blockers as well, so had Microsoft had not cancelled Edge's engine, you would still have all of these problems, Edge was no antidote to this. You could not fork Edge either since it was closed source, so Edge was no solution whatsoever. The fact is, Chromiums open source, why not just fork?
(Score: 2, Informative) by Anonymous Coward on Wednesday January 23 2019, @06:50PM
The codebase is a huge nasty POS.
(Score: 3, Insightful) by Anonymous Coward on Wednesday January 23 2019, @03:45PM (6 children)
Then why are you using chromium? You would be better off with one of the Firefox forks.
(Score: 2) by ikanreed on Wednesday January 23 2019, @03:50PM (3 children)
Not that firefox development hasn't gradually drifted into a place where they're tightly bound to a narrow revenue stream from sources whose interests don't align with Firefox's users'.
Closed source was clearly never the problem with proprietary software, it was always profit motive.
(Score: 1, Touché) by Anonymous Coward on Wednesday January 23 2019, @05:22PM (1 child)
While your user name is "ikanreed", this obviously does not mean that you can read. Because otherwise you would have noticed that the parent didn't suggest using Firefox, but one of the Firefox forks.
(Score: 4, Interesting) by ikanreed on Wednesday January 23 2019, @05:47PM
I wanted to pedantically defend my position because I had considered that when I made my post and decided the downstream effects from pulling changesets being easy still influences them the way chrome basically decides chromium's features.
But you know... that's a totally fair point and worth more than a pedantic disagreement.
(Score: 1, Insightful) by Anonymous Coward on Thursday January 24 2019, @12:56PM
Profit motive leads to problems, yes, but so does software being "closed source" in general. It just gives the developers far too much power over the users, since they have no freedoms when using the non-free software. Profit motive may lead developers to actively abuse users, but even if they didn't, denying users their freedoms is an abuse in and of itself.
(Score: 4, Disagree) by Apparition on Wednesday January 23 2019, @06:14PM (1 child)
The problem with the Mozilla Firefox forks is that they are all run by one or two core developers, much like the systemd-less Linux distributions. Therefore, they are susceptible to the bus factor. Not only that, but they also can't keep up with all of the various Internet and web changes. Much like Pale Moon is still very reliant on Mozilla for code, with the Basilisk browser being based on Aurora even though one of the primary original reasons for Pale Moon in the first place was to skip Aurora.
(Score: 1, Funny) by Anonymous Coward on Wednesday January 23 2019, @10:43PM
Looking for free shit? Beggars can't be choosers.
If you don't want to be a slave to Google or Mozilla, man up and hack on your own browser.
(Score: 2) by Ken_g6 on Wednesday January 23 2019, @03:52PM (1 child)
This seems to be a complementary API to webRequest. I see no indication from the linked documents that the webRequest api is going away. Each API has pros and cons, from what I can see.
I do see changes happening to webRequest. It now requires host permissions. [thehackernews.com] That means the end user can limit where an extension is used - or not limit it. Starting in Chrome 72 it will also be harder to modify referrers or cookies. [chrome.com] But nothing webRequest does now is being entirely forbidden (unless the end-user requests it.)
(Score: 5, Informative) by Ken_g6 on Wednesday January 23 2019, @04:01PM
Ah, I found it. It's not in API documentation, but in a Google docs proposal for Manifest V3:
(Score: 0) by Anonymous Coward on Wednesday January 23 2019, @04:02PM
Just in case, Firefox wasn't an example of this strategy being applied by Google - now you have it.
(Score: 5, Informative) by zocalo on Wednesday January 23 2019, @04:08PM (13 children)
If you don't have a home server to do that kind of stuff on, just get a Raspberry Pi and install Pi-Hole already. Mobile's a bit more of challenge, unfortunately, but there are still workarounds that don't require a rooted phone (more if you have), and if you VPN through your home network you can still get most the benefits of the above, including uBlock/NoScript style support, plus more security on free-WiFi networks.
Also, is there anyone left who *still* thinks Google isn't evil? That's a pretty obnoxious list of usage cases for potential adverts they're going to be preventing from being blocked, and there's only one reason why Google wouldn't want user's having control over them I can see - making Google money.
UNIX? They're not even circumcised! Savages!
(Score: 2) by Runaway1956 on Wednesday January 23 2019, @04:16PM (6 children)
I'm still thinking that maybe Google is still less evil than Microsoft and Facefook. They are busily eroding my remaining faith in them.
(Score: 4, Interesting) by zocalo on Wednesday January 23 2019, @04:44PM (4 children)
Could be an interesting poll and discussion, come to think of it...
UNIX? They're not even circumcised! Savages!
(Score: 2) by Mykl on Wednesday January 23 2019, @10:35PM (1 child)
Apple's "evilness" is an interesting subject of debate.
On the one hand, they love their walled gardens. These achieve two purposes:
On a related note, Apple has gone pretty hard on privacy and security. And they should - it's a strong differentiator between themselves and Google. Since they don't rely on selling their users' data to survive, they can offer products that protect their customers - something that people are prepared to pay a premium for. Phone security, Apple Pay transaction privacy, and others. These things are good things, and I have no problem with Apple benefiting from offering services that protect their customers' privacy
(Score: 0) by Anonymous Coward on Thursday January 24 2019, @01:01PM
Since iOS is proprietary, how do we know it respects users' privacy? And, even if it does now, how do we know it will continue to do so? Since the software does not respect users' freedoms, users will have no recourse if Apple becomes even more abusive than they already are, other than to stop using the software entirely.
(Score: 2) by fido_dogstoyevsky on Thursday January 24 2019, @12:55AM
... aka the ELE (Evil League of Evil)
... about which one is Bad Horse?
It's NOT a conspiracy... it's a plot.
(Score: 2) by stretch611 on Thursday January 24 2019, @06:30AM
While the others are evil too, I do not think that Microsoft has mellowed.
After all, they have forced updates in Win 10, they are slurping more data then ever before under win10, and they even deceived people to upgrade to their masterwork of data slurping by making Win10 a "security upgrade" forcing people to opt-out instead of opt-in to the upgrade and using deceptive language to trick people to upgrade. And of course the upgrade now in the first year and get it for free... to make people want to upgrade while they can... only to never charge a fee after the year.
Now with 5 covid vaccine shots/boosters altering my DNA :P
(Score: 3, Funny) by c0lo on Wednesday January 23 2019, @10:58PM
FTFY
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 5, Interesting) by DannyB on Wednesday January 23 2019, @04:44PM
Clearly Google is evil.
It is still a matter of degree.
Compare to: Facebook, Oracle, Microsoft, SCO, Apple, FoxNews, Monsanto.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 5, Informative) by Sourcery42 on Wednesday January 23 2019, @05:21PM
DNS66 does a good job of blocking ads system wide on android, provided you can spare the VPN interface. No root or modding required, other than side loading an app from f-droid.
https://f-droid.org/en/packages/org.jak_linux.dns66/ [f-droid.org]
(Score: 2, Interesting) by Anonymous Coward on Wednesday January 23 2019, @10:55PM (1 child)
From what I've read, these changes will destroy NoScript and uBlock as well. And I simply will not use a browser without JavaScript blocking. I have to do it from time to time on collegue's computers at work, and I don't understand how anyone can stand that shit.
(Score: 3, Interesting) by c0lo on Wednesday January 23 2019, @11:00PM
Use the Tor browser, they have to still maintain script-blocking capabilities.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 1, Interesting) by Anonymous Coward on Thursday January 24 2019, @05:45AM
Bear in mind that google (as well as Moz IIRC) have recently been making mumblings on switching browsers to internal DNS-over-HTTPS lookups rather than allowing you to use system DNS; ostensibly so that your ISP and other men-in-the-middle can't snoop on your DNS requests...
https://developers.google.com/speed/public-dns/docs/dns-over-https [google.com]
... but this will of course likely have the side effect of thwarting any attempt to stop ads by DNS manipulation (e.g. hosts file, custom DNS zones, most proxy configurations) as well as requiring a lot more work if you want to actually inspect the DNS traffic of your browser (since you'll effectively need to MitM the connection between the browser stack and the remote HTTPS/DNS server).
I dare say that if implemented google might let you turn it off if you know about it, but I'll continue to trust them about as far as I can spit them.
(Score: 0) by Anonymous Coward on Tuesday January 29 2019, @09:09PM
Have you tried using a Raspberry Pi and Pi-Hole?
Which one did you get? From where? How much? Is there any issues with having 2 ethernet jacks on it?
With case? Without?
How does it compare to a standard computer?
Some of us may be needing this kind of thing now, so it would be useful to know.
It's a pity laptops don't come with 2 ethernet jacks.
(Score: 4, Insightful) by Runaway1956 on Wednesday January 23 2019, @04:13PM (7 children)
That we can block servers at the router. That means ad-servers, googleanalytics, the many MStelemetry servers, and so much more.
Your browser doesn't control your router (yet, at least) so those of us who demand that WE control our "experience" will still have control.
(Score: 2, Insightful) by Anonymous Coward on Wednesday January 23 2019, @06:05PM (1 child)
oh but many vendors are expecting people to configure the edge devices in a mobile application that runs on iOS or Android *only*.
Telnet/ssh/https from something else (modern desktop or whatever) is not the focus.
just you wait--features you had will be removed, or at least, your ability to access them will be grayed out and then gone--also for security reasons.
my favorite security reasons so far have been encrypting the data coming from my computer being sent to google and microsoft and other companies that... that I never packaged data up to send to them, and now, stuff is being sent in an encrypted form, ostensibly to prevent someone else from seeing it. someone like the user.
(Score: 3, Interesting) by Anonymous Coward on Wednesday January 23 2019, @06:19PM
Been running a home firewall since mid 90’s first on 386 now p2 professor. Tossed in n the 17,000 black hole tracking sites. I am 99% ad free. New servers pop up everyday. In the firewall all 60 home devices are ad protected.
Hell but out a small app on the machine being the dns for the phone can be done (Interal vpn ;). Simple and quick.
The big issue is is chrome going to bypass dns.?? Dns-over-http. That will break the internet and chrome will be a fully walled garden. Destining the first niter still freedom
(Score: 2) by RS3 on Wednesday January 23 2019, @07:08PM
Yes, that and it should be fairly easy to make software that would insert itself into the network packet flow and function as a packet filter. That said, some of the crap comes with the datastream you want, so...
But hopefully someone will build a browser, based on open-source chromium, that will continue to give us the plugin functionality and control we want.
(Score: 0) by Anonymous Coward on Wednesday January 23 2019, @08:43PM (3 children)
That isn't as easy as you think. On many pages, adblockers have to redirect googleanalytics and other javascript to avoid breaking the pages.
(Score: 4, Insightful) by Runaway1956 on Thursday January 24 2019, @12:43AM
That is true and untrue. See, when I find a page that is "broken", a make some very small effort to load it again. On a rare occasion I'll make two or three efforts. If the page won't load, then I view it as "the site is broken" and move on. Maybe I'll type some search terms, and find an alternative page that offers same/similar material, or maybe not. But, I don't view it as "my filters broke the internet". It's more "Those dumbasses should have designed their page better". And, at the end of the day, I simply do not feel deprived that ten, or ten thousand pages failed to load.
(Score: 2) by Reziac on Thursday January 24 2019, @02:39AM (1 child)
I haven't let googleanalytics run anything since shortly after the damn thing first showed up (blocked in HOSTS and denied in NoScript). Originally because it caused a huge lag in page loads; later for the obvious reasons. Don't know of any sites this breaks. I must be doing it wrong.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 0) by Anonymous Coward on Thursday January 24 2019, @03:45AM
Or your web habits are not the same as everyone else's on the planet. For example, avianca.com did not work for years if you blocked google analytics. But if you don't believe me, just look through uBO's "unbreak" list or EasyList for how they handle the various trackers.
BTW, "denying" a script in NoScript actually serves and runs what NoScript calls "surrogates" (other called them "neutered") in many cases, including Google Analytics. This is precisely because they break pages when truly denied.
(Score: 5, Insightful) by Thexalon on Wednesday January 23 2019, @04:43PM (10 children)
One of the major motivators of Richard Stallman and his GNU project was to ensure that software could be altered as needed to make sure it worked for its users rather than against its users. It was 30 years ago when he raised the issue, and he's still right about the nature of the problem. His main mistake was in thinking that they wouldn't work to embed that stuff at the hardware level too, so pay attention to that when deciding what hardware to buy.
Say what you will about Firefox, and there's a lot you can say against it, no matter what they do it's still possible to say "Fork you, Mozilla!" and make your own version that removes the parts you don't like. There are at last check several forks out there that were created for precisely this purpose. Consider using them.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 1, Informative) by Anonymous Coward on Wednesday January 23 2019, @05:18PM (7 children)
Except the web is actively breaking around them. It's now weekly that I have to switch to something Chrome-based, despite having up-to-date Firefox forks, to complete some desirable web task.
(Score: 2) by Thexalon on Wednesday January 23 2019, @07:52PM (4 children)
Are we returning to a world of "This site is best viewed in Internet Explorer 6"? That would be truly depressing.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by MostCynical on Wednesday January 23 2019, @08:34PM (3 children)
Some of the pseudo-privatized parts of the australian Government (Australia Post parcel tracing, in particular) have websites that just don't work even on vanilla versions of some mobile browsers.
Screwing around can sometimes trigger a pop up suggesting you install an app, but the page itself just doesn't load.
Lainess means they likely tested two or three desktop browsers and the app. Budget restraints meant testing mobile browsers was "out of scooe" (hey, moile users can use the app!)
If they had the "works best on..." message, it would be *slightly* less annoying, as you'd see they had thought about it.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 0) by Anonymous Coward on Wednesday January 23 2019, @10:25PM (2 children)
Some of the pseudo-privatized parts of the australian Government (Australia Post parcel tracing, in particular) have websites that just don't work even on vanilla versions of some mobile browsers.
For JavaScriipt-free parcel tracking you can use the following websites (which support many carriers in addition to Australia Post):
https://packageradar.com/ [packageradar.com]
https://en.trackitonline.ru [trackitonline.ru]
(Score: 3, Insightful) by MostCynical on Wednesday January 23 2019, @11:00PM (1 child)
Yes, ther are work-arounds, but they shouldn't be neccesary
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 0) by Anonymous Coward on Thursday January 24 2019, @03:28PM
Is there something wrong with the device you are using to post with?
You seem to keep dropping letters out of the posts.
(Score: 3, Insightful) by fido_dogstoyevsky on Thursday January 24 2019, @01:02AM
But remeber that it's THE WEB that's broken, not your preferred browser.
It's NOT a conspiracy... it's a plot.
(Score: 2) by Reziac on Thursday January 24 2019, @02:44AM
Lately when I need a "modern" browser for those cranky sites that won't play nice with SeaMonkey, I've been using Borealis instead of Chrome. (Sometimes Borealis works better, too.) Now if only addons worked.... cuz the browser itself is fast and beautiful. (Basically portable FF60 in a retro wrapper, with actual menus.)
Main site downloads were not working last I checked, but I get it from this guy who is doing XP-compatible builds of various browsers:
http://rtfreesoft.blogspot.com/2019/01/weekly-browser-binaries-20190119.html [blogspot.com]
And there is no Alkibiades to come back and save us from ourselves.
(Score: 3, Interesting) by darkfeline on Thursday January 24 2019, @05:27AM (1 child)
Last I checked, Chromium was just as FOSS as Firefox. There are in fact many forks of Chromium that "removes the parts you don't like".
RMS is in fact wrong. Most people don't care to alter software, and of those that do care, most do not possess the skills or time to do so even if the software is FOSS.
With that said, I fall into that camp so I greatly prefer using FOSS, but I am irrelevant in the Total Perspective Vortex.
Join the SDF Public Access UNIX System today!
(Score: 2, Insightful) by Anonymous Coward on Thursday January 24 2019, @01:11PM
That is irrelevant, and you greatly underestimate the importance of community. Even if you do not know how to alter software, or don't have the time, you can benefit from others' contributions. In addition, since free software respects users' freedoms, the software is much less likely to abuse users, because abuses can be spotted and forked much more simply. Proprietary software, however, has a long and dark track record of abuse.
(Score: 5, Insightful) by Azuma Hazuki on Wednesday January 23 2019, @04:48PM (14 children)
As annoying as this is, and certainly neither easy nor free as just installing UBO is, if it comes to that, I will build the Pi Hole (see here: https://pi-hole.net/) [pi-hole.net] if it comes to this. If these weaselly motherfuckers want to escalate the war, fine; let's see them get through THAT.
I am "that girl" your mother warned you about...
(Score: 2) by nobu_the_bard on Wednesday January 23 2019, @08:17PM (1 child)
Blocking at this level, doesn't allow me only allow ads on websites that I approve of receiving the ads for, does it?
(Score: 5, Informative) by edIII on Wednesday January 23 2019, @08:57PM
I'm not sure that is precluded with pi-hole. You probably can white-list some domains. Then again, if those ads you wish to allow are also coming from problematic advertisers, then you would be unwise to allow it. Even if it contributed to content creators you wish to support.
The problem isn't just advertising and how we support content creators, it's also very much the mass surveillance that goes along with it, and the routine transmission of malware using the advertising distribution networks. If we could successfully sue these network for millions each time an unvetted advertisement gets through, than I might tone down the security concerns. However, they are largely unaccountable to the people they hurt.
If you wish to support somebody, write to them and encourage them to join Patreon or something. I personally find this perverted comic [oglaf.com] enjoyable and they don't thrust advertisements down my throat, and have other methods for me to support them. Including Patreon.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 5, Insightful) by edIII on Wednesday January 23 2019, @08:50PM (8 children)
DNS-over-HTTPS may present quite a problem if it is implemented inside Chrome/Chromium without the option to specify the DNS server. Imagine all DNS requests sent directly to 4.4.4.4 wrapped up in SSL certs you don't control. Then pi-hole won't work anymore. We need a full intercepting proxy that can also be a SSL middleman to strip away the protections that would stop us from moderating content.
The browser was the best place to do that because of SSL, but if the major browser developers are bunkering down, then we need forks fast. If they're willing to declare war against ad-blocking plugins, then I believe they would be willing to wrap up all the DNS requests in SSL in a way we don't control as well. This isn't just about ads, but ads being used to transmit malware. Something the big guys continually avoid accountability for, even though it costs consumers millions of dollars in repair fees constantly.
Man, we really need a FOSS browser that is several components:
Ideally it would have a backend component running on something like a Raspberry Pi all the way up to a high end server capable of serving many frontend "clients" on different devices. A frontend running on your Android phone could have VPN connectivity to the backend server to protect you while mobile.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 4, Interesting) by Azuma Hazuki on Wednesday January 23 2019, @08:58PM (4 children)
Jesus Christ, that is *evil.* Whose idea was that, DNS over HTTPS?
To see our best tools for liberty and defense, the SSL and HTTPS standards, used against us as weapons is a special kind of tragedy...
I am "that girl" your mother warned you about...
(Score: 1, Interesting) by Anonymous Coward on Wednesday January 23 2019, @11:31PM
https was a defense for liberty? Not since the net got it in its mind to make it the enforced standard of all and browsers started warning you about insecure browsing, even for things that had absolutely no requirements for security. Quite the opposite of liberty.
(Score: 2) by darkfeline on Thursday January 24 2019, @05:42AM (2 children)
Spoken with the proud wisdom born from technical ignorance. Plain DNS notoriously suffers from many security problems: lack of trust, lack of privacy. DNSSEC only covers a small part of the problem. DNS-over-HTTPS is necessary to fully fix the problems with DNS.
https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ [mozilla.org]
Join the SDF Public Access UNIX System today!
(Score: 2) by Azuma Hazuki on Thursday January 24 2019, @06:41AM (1 child)
I know of the problems with DNS, thank you. But if DNS over HTTPS allows this sort of hijacking to happen, maybe we ought to be investigating another means of securing it. Don't assume so quickly.
I am "that girl" your mother warned you about...
(Score: 3, Interesting) by darkfeline on Thursday January 24 2019, @09:24AM
DoH is a protocol which has nothing to do whether it is implemented natively within a program. Any program can implement its own DNS to "hijack" resolution from the OS resolver. This has nothing to do with DoH.
And all of this is ignoring that Chromium is FOSS so you can replace any hypothetical hard coded DNS server.
Blah blah technical ignorance.
Join the SDF Public Access UNIX System today!
(Score: 1, Interesting) by Anonymous Coward on Thursday January 24 2019, @03:22AM
You will end up having to do what corporate proxy servers do. Create your own cert and man in the middle the thing.
(Score: 0) by Anonymous Coward on Thursday January 24 2019, @10:15AM
But ... think of the children! All our (basically government-mandated) ISP adult site blocking is done by DNS restriction. If google pull dns-over-https, they might fall foul of the law.
(Score: 1, Interesting) by Anonymous Coward on Thursday January 24 2019, @03:31PM
i've hated handing over any control to the browser. vpns over https/ssl dependent on the browser have been the worst! the tab crashes and oh look your connection depending on it is ruined and the far side hasn't timed out yet! try back later.
i would far prefer a NIC dependent solution that let the users or administrators of the topology control where dns queries go and how that gets encrypted and what happens if that fails.
treat the browser like an application, don't treat it as a dependency.
(Score: 0) by Anonymous Coward on Wednesday January 23 2019, @10:51PM (1 child)
Does anybody else know about this Pi Hole thing? On the surface it sounds quite intriguing. However, I'm a bit hesitant to give all my DNS traffic to a third party unknown place.
Can anybody else vouch for this?
(Score: 0) by Anonymous Coward on Thursday January 24 2019, @02:46PM
"give all my DNS traffic to a third party"
You're already doing that if you're using ISP caching DNS servers, or most of the "open" DNS servers, since they sell your data to whoever is willing to pay.
The way to get around that is to install a fully recursive resolver. There is one w/ maradns that works. It adds about 1/3rd of a second to page loads on average. Of course if everybody did this it would crash the root servers. So it isn't a scalable solution. But if you want privacy in your DNS, you're pretty much going to contribute you're little piece to DOS'ing ICANN.
This is really a legal problem more than it is a tech problem. DNS caching is switched data between parties unrelated to the ISP. With common cairrage what they do is felony wiretapping. But we don't have that because of Pai is a criminal.
The DNS over https thing is a land grab. Everybody knows DNS is deprecated. They are localizing it because they plan on proprieterizing it at the OS level. Essentially this gives them control over the registrars. Which is to say, the fact that you haven't seen half a dozen registrars get together and design a secure portable DNS over IPV6, means that they are going to all be subsidiaries of Comcast and AT&T here in the next several years.
(Score: 0) by Anonymous Coward on Monday January 28 2019, @01:34PM
Next up: both the dns requests and the content will be tunneled to bypass the OS and firewalls to make sure turd party content is loaded
Combined with removing plugin access to the DOM ads will dominate the internet tubes once again!
(Score: 3, Funny) by tangomargarine on Wednesday January 23 2019, @04:59PM
extension system to switch to WebExtensions. Oh wait...
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 4, Interesting) by nobu_the_bard on Wednesday January 23 2019, @05:00PM (3 children)
What security and privacy problems do they say it addresses in particular?
I am generally in agreement this sounds like a bad idea as presented, but I only see vague descriptions like "Google's stated rationale for making the proposed changes is to improve security [...]" in the linked postings. It is easy to argue against something so vague.
I don't know how long it will take me to find what problem Chromium changes are aimed at solving, so I ask here as perhaps someone is more knowledgeable. I don't mean "what problem are we interpreting them to be solving" (like "ad revenue") but what are they actually documenting the reasoning as? Are there a lot of ad blockers going rogue or what?
(Score: 2) by Pino P on Wednesday January 23 2019, @05:34PM (1 child)
"Security" to block extension publishers from snooping on users' browsing history perhaps?
(Score: 2) by nobu_the_bard on Wednesday January 23 2019, @06:50PM
The proposal here: https://docs.google.com/document/d/1nPu6Wy4LWR66EFLeYInl3NzzhHzc-qnk4w4PX-0XMw8/preview#heading=h.t5tc5efl7rfz/ [google.com]
That document doesn't explain the specific circumstances but seems to suggest a processing speed concern (from poorly written extensions using the API) as well as a privacy concern (from all extensions using this API being able to examine all traffic).
I was interested in something like, was there a recent discussion about rogue uses of this API, like maybe some well known extension abusing it to sabotage the browser's speed, deliberately or not?
I am also concerned because this could conceivably affect tools like certain antivirus extensions in some deployments. Being able to load an extension that blocks bad pages as part of the local antivirus has been very handy as an additional layer over top DNS filtering. A couple of times it caught something using a trick to evade the DNS filter. Could live without this but it'd be unfortunate to lose a tool.
(Score: 2) by MostCynical on Wednesday January 23 2019, @08:36PM
Securing google's revenue stream. Very important, that.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 4, Insightful) by jasassin on Wednesday January 23 2019, @05:02PM (1 child)
I'll be using the last version of Chrome that supports UBO.
I knew UBO was too good to last. Someone makes something cool, and an army of douchebags finds a way to ruin it.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 0) by Anonymous Coward on Friday January 25 2019, @04:00AM
Sounds like it is time to download the installer files for all of the good plugins before they are pulled
Build an archive somewhere for them.
(Score: 2, Insightful) by Anonymous Coward on Wednesday January 23 2019, @05:56PM (1 child)
That a company that relies on advertising for 100% of its revenue stream does not have you (joe browser user) interests in mind when it creates a web browser.
Ad blockers becoming too popular directly effect said companies bottom line.
Therefore, why are you still using a browser created by a company that relies on advertising for its revenue stream. Their interests are not your interests, and never will be.
Delete Chrome, switch to Firefox. It will soon be the only way you can continue to block those pesky advertisements.
(Score: 0, Disagree) by Anonymous Coward on Wednesday January 23 2019, @11:14PM
But yes, it is quite high.
And while i hate ads as much as the rest, it IS their product, so they get to do what they want with it. We get to choose another product.
(Score: 2, Interesting) by splenolymph on Wednesday January 23 2019, @05:57PM (1 child)
They will probably solve this problem, their engineering talent is quite dedicated.
(Score: 2) by Kalas on Wednesday January 23 2019, @10:25PM
It had a quite a few nifty and perhaps unique features, like some tab grouping scheme I don't know the name for (1) and a load timer in the URL bar, and the home screen displayed how many ads and trackers were blocked along with the estimated total time saved by not loading ads or 3rd party scripts.
I don't understand all the technical changes below the surface but it seems like it's just one more browser developer shafting the user to better serve their customers. Hell, in at least one version they even preloaded ~250 ads of their own to show preferentially over a site's navite ads! Check their wikipedia page if you don't believe me. I don't remember if they're doing that in the current version but their actions ruined a fine browser. I found it shocking that any browser dev had the gall to preload ads in the browser, much less one with such a reputation for adblocking. I wish I could find another that lets me group tabs like that. I think it also supported tab stacking but that's not the same and I never saw much use for it.
(1) - those bars below the tabs you see here. [catbox.moe] That's insanely useful for someone who spends half his day stumbling through Wikipedia, clicking 3 new links before I close the current article. Each of those secondary tabs held another bar of tabs (20, 50 or 100) you could switch between as needed. Chrome-like browsers effectively limit how many tabs you can use because you can't scroll through or expand the tab bar in any way that I know of.
(Score: 2, Interesting) by Anonymous Coward on Wednesday January 23 2019, @07:26PM
Didn't take long to show their true colors.
Is somebody surprised? I guess not. And also this is why other browsers decided to just use chromium for their browsers. Behind closed doors they are all compromised and owned by (((them))).
(Score: 4, Interesting) by Anonymous Coward on Wednesday January 23 2019, @08:38PM (1 child)
You cannot install an adblocker, script-blocker, user-agent changer in an app.
You cannot clear cookies & history & tracking in an app.
With a browser, a few plugins, a little knowledge about cookie/tracking management, and a good VPN you can surf the web at least semi-anonymously as long as you do not log into sites.
Google does not want you to do that.
(Score: 1) by nitehawk214 on Thursday January 24 2019, @05:21AM
Yeah, thats been the case on mobile for years. Everyone wants you to install their shitty app that has less functionality and more bugs than their webpage.
And absolutely no security or privacy.
"Don't you ever miss the days when you used to be nostalgic?" -Loiosh
(Score: 4, Touché) by c0lo on Wednesday January 23 2019, @11:04PM
... and you laughed at me for using lynx [wikipedia.org].
(grin)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Insightful) by Arik on Wednesday January 23 2019, @11:05PM
If laughter is the best medicine, who are the best doctors?
(Score: 1, Insightful) by Anonymous Coward on Wednesday January 23 2019, @11:12PM
Here soon it wont even be worth bothering with unless you want to buy something, or be bought.
(Score: 3, Interesting) by stormreaver on Thursday January 24 2019, @12:19AM (2 children)
I use Firefox for just about everything, but there is still the possibility for it to be infected by this same type of anti-user malice. Surely I'm not the first one to consider the notion of removing ad-blocking responsibility from the browser, and placing it into a proxy between the operating system and the browser.
(Score: 2) by Apparition on Thursday January 24 2019, @02:04AM
AdGuard [adguard.com] does that for Windows and macOS at a price.
(Score: 0) by Anonymous Coward on Thursday January 24 2019, @08:11AM
Maybe sometime will come up with a container for the browser that firewalls just the browser traffic
(Score: 3, Insightful) by Apparition on Thursday January 24 2019, @02:03AM (4 children)
A Firefox developer posted on Reddit [reddit.com] believes that the Manifest v3 is "reasonable."
Mozilla Firefox may not be as safe as I hoped.
(Score: 2, Interesting) by nitehawk214 on Thursday January 24 2019, @05:19AM
If I have to choose between potentially insecure browser extensions using obscure cpu bugs and not having adblock or script block... I know which one I will pick.
"Don't you ever miss the days when you used to be nostalgic?" -Loiosh
(Score: 0) by Anonymous Coward on Thursday January 24 2019, @08:48AM (1 child)
The real problem here is morons use blacklists. How dumb can you be to think you could list all the bad domains online??! There must be millions of bad domains with thousands new springing up every single day. The majority of the internet is evil and there to abuse you, to extract value from your movements and actions. I wouldn't want to administer that mole farm. It's simply impossible. Using a blacklist might give you a warm fuzzy feeling of doing something but all you really got was false feeling of security (and apparently large memory requirement too).
The only sane way is to use a whitelist. Block everything and the give special privileges to only what you need and want.
This shit should be built into the browser to begin with, so no extension would be needed. Like somebody said above, you should only need to install some extension to enable them to spy you and get astronomical memory usage...
Of course, google will never do that because their business model is spying, sadly like most of the web today.
/rant
(Score: 0) by Anonymous Coward on Sunday January 27 2019, @01:43PM
Black lists are not moronic. They are an old way to manage a known problem. Same as a standard firewall and domain level filtering.
True, they are hard to manually maintain. A lot of people don't know to install a filter such as pi-hole.
Get a grip. We need to help people become technically self sufficient. We all benefit.
(Score: 0) by Anonymous Coward on Thursday January 24 2019, @11:46AM
Show me the stats. Prove it.
I have never read such bullshit since I last looked at a vendor's contract proposal.
FFS.
The machine I am using has 4 CPUs, 16GB ram, and the only top it runs hot is when I game. Performance? Seriously? Get screwed. It's a web site.
If anything, there is a decrease in performance as a bunch of scripts run that would otherwise be blocked, and a bunch of files downloaded and data sent across the network that otherwise would not happen. I can prove this. UMatrix shows me the content that is disallowed. I can use F12 Dev Tools with and without the blocking to show how much slower it is. So. Prove it.
As for security, well, I only load plugins I trust. I own this PC. I chose this. I wear it if I am wrong. Don't remove my ability to make decisions away for myself from me. Stop "helping" me in a way that I don't need.
(Score: 2, Interesting) by nitehawk214 on Thursday January 24 2019, @05:17AM (2 children)
SoylentNews might be the only website that isn't either a static dead site from a decade ago or a tangled mess of 3rd party scripts.
uMatrix is the only thing that makes the web usable for me.
"Don't you ever miss the days when you used to be nostalgic?" -Loiosh
(Score: 0) by Anonymous Coward on Thursday January 24 2019, @10:23AM (1 child)
Not many sites come up as all green in uMatrix.
I still can't figure out why everyone likes to load javascripts from third party sites. If anything happens, your site stops working. Wtf.
(Score: 1) by nitehawk214 on Monday January 28 2019, @10:22PM
Not just all-green, but no third party scripts at all. It is amazing.
"Don't you ever miss the days when you used to be nostalgic?" -Loiosh
(Score: 0) by Anonymous Coward on Saturday January 26 2019, @12:36AM
At least they haven't devolved into this insanity.
(Score: 0) by Anonymous Coward on Sunday January 27 2019, @01:51PM
People churned from Firefox to Chrome.
Chome offered a stable plugin system that would respect user choice.
All heck broke loose when Firefix and later Palemoon broke hundreds of plugins. A lot of it still isnt fixed.
I don't understand the problem. Why Jetpack is so bad. Why rewriting a plugin for a different browser is so bad.
(Score: 0) by Anonymous Coward on Sunday January 27 2019, @01:56PM
The place I work for has a couple of in house plugins. One of them works similar to adblocker plugins. What now if that can't work.
If this breaks productivity work flows then switching browser will be the only option.
This kind of crap does not look good in a corporate environment.