[wbxrs]

I think this is a bad idea. Even though I personally block 3rd party trackers by default, breaking the web by default will cause problems.

Also, ad blocking will start being a problem when enough people start doing it. I still remember the days of no websites yelling at you for blocking their ads. Things are going to get much worse.

[keepmesmall]

"breaking the web by default"

It's not breaking the web, it's breaking part of the web's grasp on users. Is the web for people or is it there to use people?

"Ad blocking will start being a problem"

I live in the days where both all ads and all bullshit responses to my adblocker ("don't block my ads!!") are blocked; it's a breeze of fresh air. Sometimes a site tries to get around it and I block it permanently.

[eric-hu]

What do you use to block the requests to disable your ad blocker?

[darkpuma]

Between uBlock Origin and uMatrix in whitelist mode, you'll virtually never see those "disable your blocker" nags.

[keepmesmall]

uBlock Origin comes with anti-adblock lists; they're just disabled by default. I also use element picker mode.

Element picker mode is right at the edge of my patience, so I usually give up if it doesn't work. If I still really want something from the site I view source.

[Freak_NL]

Good. Let them yell, allow the system to break. I'm not convinced that the current status quo of paying for services via targetted advertising that amounts to quite a severe level of manipulation and tracking is tenable (nor desirable). Figure out something better.

The alternative is what we do now: a select group with tech savvy blocks advertisements, and lets the masses pick up the bill by 'accepting' ads and having their every movement online tracked.

[dmortin]

> Figure out something better.

There is no magical solution. The alternative is some kind of payment system.

And many people can't afford paying for each site they visit, so it would limit people's access to the net if there were paywalls everywhere.

Also, if sites can't show ads and not enough people subscribes then many sites will close which would lead to further concentration of the web. Small players would be eliminated, big players would still thrive.

Independent journalism would decrease while sites financed by rich companies and people could keep running and promoting the agenda of the rich players.

[Freak_NL]

If people can't afford paying, then it follows that they can't afford being advertised at in order to stimulate their consumption beyond what they actually need. If the answer to that is that people are of course in their right to ignore advertisements (as if that is possible), then by extension blocking them outright is morally defensible as well, and we are right back to where we are now.

Either that, or on-line advertising is not nearly as effective as advertisers think it is, and they are just subsidising the whole shebang while the Facebooks and Googles profit.

As for journalism: yes, that is tricky. Personally, I'm subscribed to one national quality newspaper (NRC in the Netherlands) as my main source of news and research journalism, and just today I've set up an annual subscription for €12 with the Guardian, which I visit occasionally as it is one of the few reliable British sources for news on the whole Brexit ordeal.

Ideally, I would pay a monthly flat fee that I can distribute at the end of each month to participating websites I've visited, but such a system would have to be fair to both the consumers and the publishing websites. If it just ends up a system with yet another FAANG-like Silicon Valley middleman that takes a 30% cut I'm not interested.

[dmortin]

> If people can't afford paying, then it follows that they can't afford being advertised

You know the answer to that. People can pay with their data, their interests. And if you put the question to people if they want a free web which sells their data or pay for every site then most people will choose the first.

[Freak_NL]

And what is that data used for, if not targetted advertising?

The data is a means to an end: the ability to provide advertisers with a way to reach very specific groups of people, and a way for advertising platforms to track not just the same user, but a very detailed user profile.

Knowing what people's interests are is worth diddly-squat until you use that knowledge to push ads to them that are likely to resonate with them.

[wbxrs]

>The alternative is what we do now: a select group with tech savvy blocks advertisements, and lets the masses pick up the bill by 'accepting' ads and having their every movement online tracked.

And I like it. I know it's selfish; I'm just speaking my mind.

Soon, there will be so many people blocking ads that many websites will simply become pay-per-view, and that's going to be bad for me.

[mirimir]

Then we work around that, with a Sci-Hub style approach.

[DCKing]

It's worth noting that historically that RFC 2109 and RFC 2965 specified that user agents should respect the user's privacy and not allow cross-server cookies. Since browsers have flat out ignored this recommendation since the beginning this never meant anything, and newer RFCs explicitly allow the default. But if we had been a little more prescient this mess could have been avoided.

It's also worth noting that anecdotically, blocking all third party cookies and running an adblocker has not lead to "breaking the web" in my personal use. I can count any issues I encountered on one hand, and I've run this setup for years. It might me that my internet use is weird (I don't believe so) but it makes me feel the consequences for users for this is overblown.

[sometimes42]

It's not for lack of prescience. Lou Montulli (the guy who created cookies) realized that third-party cookies were being used for tracking and advertising early on and made the decision to not to break them. I think his reasoning [1] has stood up well too.

[1] https://web.archive.org/web/20170421064522/http://www.montul...

[PhantomGremlin]

breaking the web by default will cause problems

Doesn't Safari already do this (or something like this)?

Safari works pretty well on most web sites. So what will Firefox be doing differently that will "break" the web?

[currysausage]

Yes, it’s quite complex though: https://webkit.org/blog/category/privacy/

[userbinator]

I agree completely --- large organisations taking what are essentially political stances basically means war, and the only ones who lose in the end are the users --- because the opponents are just going to find more ways around it when there is such escalation. I wish the browser developers would just focus on implementing specs, and give users the choice of options. This paternalistic "we're doing this for you" attitude can't stop soon enough.

[happyvalley]

> I think this is a bad idea. Even though I personally block 3rd party trackers by default, breaking the web by default will cause problems.

How is this “breaking the web”? Honest question, I would not subscribe to that sentiment, but am interested in other points of view.

[wbxrs]

By default, unless the user has changed his settings, if a website tells a browser to load something, the browser should do so.

[PeterisP]

If there are some conflicts of interest between the user and the website, the browser (chosen by the user and put on user's device by the user) should be on the user's side, and work with them to ensure that the interests of the user are met - at the expense of website "desires". A browser is not a platform for websites to run on; a browser is a tool for the user to interpret the content provided by websites according to the user's wishes.

A prime example of "if a website tells a browser to load something" is popup windows - if a website tells a browser to open a dozen popups and popunders, then no, the browser should not do so. Earlier browsers did what the websites told them to do, and that was a horrible thing, so that's been changed.

[stordoff]

A browser is a user agent - it exists to serve the user. Its defaults should be chosen to best serve the interests of the user.

[zaarn]

What if the website told the browser to load malware?

Browsers in the modern web need to defend the user, not execute arbitrary instructions from random websites that nobody cares about.

[wbxrs]

A website cannot tell a browser to "load malware", unless we're talking about a exploit, which should be patched.

(Please don't say "if I send you a malformed png file you have to execute the exploit, otherwise your argument breaks down".)

[jfk13]

If I ask my User Agent to load a particular news article (for example), I am not intending to ask for a myriad companies to start monitoring my reading habits, social interactions, shopping, or anything else.

When I buy and read a newspaper, I don't expect the publisher to start following me everywhere and keeping a log of my life. When I read an article online, I shouldn't have to think about that either. But sites have so flagrantly abused the ability to deliver more than just the content I've deliberately requested, in order to track (and monetize) user behavior everywhere, that it's entirely appropriate for my User Agent to take steps to defend me.

I don't mind a site delivering some ads alongside the content I've asked for, just like I accept some ads in a printed magazine. But I don't expect my magazine to come with an embedded tracking device that will stick to me like a burr, even long after I've read the content and recycled the pages.

[stordoff]

How are you drawing a principled distinction between "if a website tells a browser to load something, the browser should do so" and "a website cannot load malware [except via an exploit]"? Clearly, asking the browser to load an EXE, or run this JavaScript that attacks website X, could be considered malware, so the line is fuzzier than 'if a website asks, a browser should load it'.

'We should patch exploits' and 'all things we would like to not load are considered exploits' seems to be rather begging the question. There is a class of things that use legitimate browser features, but we would prefer to not load by default.

[scrollaway]

Malware is software that is explicitly designed to disrupt, damage, or gain unauthorized access to a machine.

You are covering the unauthorized access but disrupting/damaging is absolutely possible using plain old HTML and JS.

Privacy advocates argue that it's not only possible but many trackers are guilty of exactly that.

So the browser is in fact blocking malware.

... And yes, if you think about it, that definition does apply to ads as well. Really says something doesn't it :)

[kirjavascript]

sure they can, unrequested crypto miners running in the background are malware

[yetihehe]

As opposed to requested crypto miners. I would gladly trade some processor time and energy so that I don't have to watch obnoxious ads.

[sjagoe]

I disagree. I think by default the browser should protect the user, and protect the user's privacy. The browser is an agent of the user, not an agent of the websites the user visits.

Edit: PeterisP says it much better in a sibling comment.

[tinus_hn]

Yeah, you lost that ‘right’ at the time when popup ads were popular.

[darkpuma]

> "I still remember the days of no websites yelling at you for blocking their ads."

I recommend updating your adblocker. I haven't seen that kind of crap in ages, because I block that stuff too.

[lcnmrn]

Third party cookies shouldn't exist in the first place.

[dvfjsdhgfv]

I partly agree with you: they should be an earned privilege that I agree to turn on for some websites, not something turned on by default. because there are some genuine use cases, such as single sign-on, that they're actually useful for.

[michaelt]

Eh, single-sign-on is easily fixed for most applications; just forward the entire window to the SSO provider, so the cookies are first-party, then forward back once they're logged in.

[kevlened]

I wish it was that simple.

If you can bounce through an SSO provider to set a first-party cookie, you can bounce through an ad tracker. Even with a heuristic that requires action on the interstitial, how do you distinguish between redirects to services like Google that support social login and ad tracking?

Separating SSO and ad tracking is nontrivial and may result in collateral damage.

[redwall_hp]

Third party scripts shouldn't exist either.

[ionised]

but it's not breaking the web, it's fixing it.