[bryanculver]

What I think they're saying is that with Adblockers, they can phone home which ads they block, URLs they see, etc.

Content blockers impose rules at the outset and the rule generator won't see what the URLs/content actually is.

The way I would think of it would be like "let me see what you're seeing and I'll let you know what to let through" vs "here are a list of things you shouldn't let through but I don't need to know about what the hit rate actually is".

Although I could be misunderstanding the implementation.

[skizm]

While true with some, I believe uBO is a list implemented client-side, right? Other ad-blockers can and do phone home and let through ads that have paid, but uBO just has the EasyList filter installed locally and blocks those URLs. That was my impression at least, I never personally went through the source code.

[pwinnski]

I trust uBO and roughly zero others. In fact, uBO has to remind people at every opportunity to avoid certain others. It is all the others, now and in the future, that are prompting Apple to do this, and the one well-behaved extension is unfortunately suffering as a result.

I mourn the loss of uBO, but I'll take that tradeoff knowing that I can relax knowing that my family and friends aren't going to end up using some intrusive nightmare of an "ad-blocker" with Safari.

[dpkonofa]

This is exactly it. Even if a malicious extension gets through, they have access to nothing on the user side. It's not a fair trade off but, in my opinion, it is a worthwhile one.

[squeaky-clean]

> That was my impression at least, I never personally went through the source code.

That's the rub though. There's nothing but trust preventing them from including some spyware in the next automatic update. Actually not even trust, whoever has account access to publish for uBlock could have their account hacked and someone malicious could inject spyware into a version of the extension.

[fouric]

Trust is everywhere in computer security. You trust Google to not deliver a backdoored version of Chrome to your machine when you download a binary instead of building from source. You trust them to not break the law and leak your personal data to third parties or discriminate against you based on the content of your emails.

I trust Raymond Hill more than I trust Google.

[pilif]

This isn't as much about what existing extensions do today but all about what potential extension could be doing tomorrow.

If an extension doesn't get full access to all the pages you are reading, it can't do bad things with that access when the extension's owner inevitably changes (see the fight between uBlock and uBlock Origin for example) and spyware features are added.

[jtbayly]

Even if it is, it doesn’t matter. The problem Apple faces is how to prevent the other bad actors from abusing their API. The answer they’ve settled on is remove those capabilities from the API. Another answer would be to leave the capabilities but somehow only grant access to them to “trusted” parties.

I’m sure that would have gone over really well, too. /s

[cptskippy]

In the later scenarios, what assurance does the Ablocker have that their requests are respected? I could easily see a scenario where an Adblocker says "Hey Chrome block all requests to ads.google.com" and Chrome saying "Sure thing buddy" then completely ignoring that request.

[Angostura]

The same assurance you have that the browser wouldn’t simply inject its own ads into all pages.

[TylerE]

There's really nothing at all preventing Chrome from doing that today if they wished... they can manipulate the page before and after the Adblocker sees it.

[zie]

SHHH!!! That's for Chrome 100 ;P

I agree it's totally possible they would do that, but one could figure it out pretty easily with a touch of detective work.

[cptskippy]

And then what? Google will say that it's protecting critical functions from breaking and to piss off. Suddenly Google is a monopoly in the ad space because they have the predominant browser and let through only their ads.

[zie]

they arguably are effectively a monopoly now. Them doing things like this isn't remotely new. They just got caught tracking everyone's smart TV usage. Nothing will happen to them until:

1) the Government decides to intervene.

2) Users give up and start using different services.

I'm pushing for #2, but then I switched off like a decade ago, when I saw the writing on the wall.

[ummonk]

Were they tracking smart tv usage or were smart tv manufacturers using google apis to store their tracking data?

[zie]

Both it seems:

"The most prevalent tracker, Google's doubleclick.net, showed up in 975 of the top 1,000 Roku channels, with Google analytics trackers showing up in 360, the researchers found." - https://arstechnica.com/tech-policy/2019/09/studies-google-n...

[ryandrake]

Adblocker apps/extensions don't require that assurance. The user requires this assurance, and if the browser ignores the user's wishes, the browser is the application that should be held accountable by users.

[cptskippy]

How is the user to know if it's the AdBlocker or the Browser though? It's a he-said-she-said kind of situation with the AdBlocker and the Browser potentially pointing the finger at each other.

This setup gives the Browser/Maker plausible deniability when they act badly.

[saagarjha]

Browsers and extensions aren't black boxes; it's easy to inspect them for this kind of behavior.