[livre]

I find it ironic that the only API Google decided to cripple was the one used for adblocking when there are countless of ways to exfiltrate data from an extension. I share the same pessimistic view as Nicksil with respect to Firefox, this is the direction Mozilla has been going with other parts of the browser.

Edit: I know Mozilla said they are waiting for a better alternative, but any alternative that can be proposed will end up being less powerful than what we currently have.

[matheusmoreira]

Google's new extension interfaces are reasonable though. They really are more secure. I want extensions to have as little access as possible.

uBlock Origin just happens to be important and trusted enough that these limitations should not be imposed on it.

[handrous]

If they're serious about keeping uBlock Origin around, and aren't just stalling while intending to remove what it needs eventually, they should agree to the new API for extensions ASAP... but make uBlock Origin part of the browser, and bring it under their wing (to whatever extent the author's willing for that to happen).

Now that would be an interesting and pro-user move that sets their browser apart from others.

But it might piss off Google a little too much, which is probably why they've not made that or a similar move long before now. One of FF's earliest differentiators, before it was even called Firefox, was a form of ad-blocking, after all (pop-up and pop-under blocking, which at the time mostly meant blocking really annoying ads)

[shawnz]

I don't think this would be the best thing to do for uBO users. This creates the possibility that the "Firefox internal uBO" could diverge in functionality from the one maintained by gorhill and get neutered by Mozilla managers.

I think it is ultimately necessary due to the incentives at play that the adblocking technology can be delivered by any third party.

[handrous]

If other major browsers are cutting off critical functionality for it, the concern may be moot.

As long as Mozilla aren't themselves in ad sales/brokerage I wouldn't be worried about a browser shipping an ad-blocker, as far as incentives go. Google doing it, that'd be concerning. Mozilla? Good.

[EDIT] though actually this is another case of their relationship with Google being kinda crippling, since that does introduce a conflict of interest... which is part of why Google does it, I'm sure.

[kbenson]

> But it might piss off Google a little too much

Forget Google, you might just get blocked by UserAgent from a lot of sites if they know Firefox has ad blocking and the default config is to block all their advertising.

There's a fine line between the status quo, pushing the envelope, and jumping so far ahead you end up being counterproductive.

[matheusmoreira]

> you might just get blocked by UserAgent

Just pretend to be Chrome.

[kbenson]

The point is that it would be the death knell for whatever chunk of the market Firefox has been able to retain. That it would cause almost no problem to the people in this discussion as they know how to circumvent it is irrelevant, as we don't make up enough people to actually make a difference.

If you're saying Firefox should just pretend to be Chrome by default, well what more sign is needed to indicate irrelevance than being able to be shunned without consequence and having to pretend to be another.

[matheusmoreira]

> If you're saying Firefox should just pretend to be Chrome by default

Yes. I think user agents should not even be identifiable to begin with. Browsers should always pretend to be the most common browser at all times. This improves privacy and also prevents websites from discriminating against users.

Ideally there should be absolutely no way to detect which browser the user is running.

> well what more sign is needed to indicate irrelevance than being able to be shunned without consequence and having to pretend to be another

Being shunned is a good thing. Firefox is user-centric and therefore actively hostile to abusive websites. It stops just short of directly threatening their business models, a stance I think they should grow out of.

The fact they want to block it is evidence that it's working. It's not a sign of irrelevance, it's a sign the industry is taking us very seriously and actively working to undo our progress. We must develop and deploy every possible countermeasure to prevent them from doing so.

[ufmace]

I'd rather not make any one adblock extension the single blessed one that's included with browsers and given exclusive permission to actually block ads reliably. Browser makers and extension authors have gone bad before and surely will again. We need to retain the ability for anyone insufficiently satisfied with ad blocking effectiveness to be able to fork and deploy as a new extension with the same access to the browser as the last one.

[Wowfunhappy]

> but make uBlock Origin part of the browser, and bring it under their wing (to whatever extent the author's willing for that to happen).

Great, and now websites are actively incentivized to not support Firefox, because they'll know Firefox users generate zero advertising revenue by default.

[matheusmoreira]

Why would a site have to explicitly support Firefox? The HTML that works on Chrome should work equally well in other browsers. This is the whole point of web standards.

[Wowfunhappy]

In theory, sure. Realistically, websites of any complexity at all need to be tested in different browser engines. There's almost always something that works in one browser but not another.

[matheusmoreira]

> but make uBlock Origin part of the browser, and bring it under their wing

I totally agree with this. At this point uBlock Origin's technology is so important and essential it should be a standard feature of every browser. I've posted this many times before. People usually say that uBlock Origin is better off independent because Mozilla is funded by Google.

[nuker]

uBlock Origin is better off independent because Mozilla is funded by Google.

[matheusmoreira]

I don't disagree. I think the conflict of interest is troublesome.

As far as browser technology is concerned, extensions like uBlock Origin are so important they should be part of every browser. I would like to see even deeper integration and more powerful filtering features. I do agree that we need the right incentives for such a thing to happen. We can't have an advertising company in charge of ad blocker code.

[yjftsjthsd-h]

Except that the new interfaces don't stop an extension from recording all of your activity, they only break blockers.

[freediver]

Browsers already have mechanism to let the user chose if they want the extension to access certain APIs. Another way to do this whole thing would be to simply require special permission for webRequest API that the user can then chose to assign for uBO for example.

[jackewiehose]

> Google's new extension interfaces are reasonable though. They really are more secure. I want extensions to have as little access as possible.

Maybe then just don't install the extension -> voila, zero access given! Of course this is a stupid advice because obviously you want the working extension for some reason. Just like others want their extension to be able to do whatever it needs to get its job done.

[refulgentis]

I wonder if it's because it's the one API that gets a full firehose log of every single ask my browser makes for data

[Nullabillity]

The asynchronous API is still around and still gives you the firehose. Removing the synchronous API only locks out adblockers.

[livre]

It is possible that that's the explanation but stopping just one API only affects people/extensions willing to follow the rules (uBlock Origin for example) while the bad players will just change a few lines and begin using other APIs. The end result is people are less protected because they have crippled adblockers and data can still be exfiltrated, and worse than that, malicious ads can't be prevented from loading anymore.

[rasz]

Of course not. Google is leaving that one in place, they are specifically killing possibility of cancelling requests.