77
submitted 1 year ago by corbin@infosec.pub to c/technology@lemmy.ml
all 26 comments
sorted by: hot top controversial new old
[-] SkyNTP@lemmy.ml 39 points 1 year ago

This article replaces the "Google is cracking down on ad blockers" mantra with "Google is consolidating control by restricting general purpose computing as the model of security".

Honestly, I'm not sure this is a better look. It's true that this is "more secure", in the sense that it limits the power afforded to malicious extensions, but it completely ignores the collateral damage. It strips the power individuals have to enact their own policies, instead having to go through Google to accomplish the same thing.

Honestly, this is just another step in the direction of WebDRM and centralized control. This is more erosion of what made the Internet great. It's just one more step of turning the Internet into a TV set.

Fuck. This. Shit. Give me back web 1.0.

[-] amio@kbin.social 4 points 1 year ago

it completely ignores the collateral damage

I don't think so. I try to not be overly "conspiratorially minded" but I'd 100% believe in a millisecond that the "collateral damage" is the point all along here. Google is pushing constantly for more control and this is just another item in the long-ass list. After massive pushback on Manifest 3, they "cancelled" it a while back and now they're right back pushing it again.

[-] jol@discuss.tchncs.de 3 points 1 year ago

I'm honestly surprised that YouTube hasn't enforced DRM all these years. Is it that technically complex?

[-] floofloof@lemmy.ca 24 points 1 year ago* (last edited 1 year ago)

It’s incredibly easy to see these changes as Google clamping down on ad blockers to protect its monopoly in online advertising. I don’t think that’s necessarily the case: Google knows as well as I do that a total crackdown would give governments like the European Union and United States more ammo for antitrust lawsuits. It would also be a motivator for more people to switch browsers, which would weaken Google’s browser monopoly. The stated claims about security benefits also make sense...

If Google wanted to crack down on adblockers without risking an antitrust lawsuit in the EU, they might look to introduce features that undermine adblockers as a plausibly unintended side effect of some other valid goal, like security. That's what this looks like. Without access to internal communications no one can prove that Google intended the effect on adblockers, but it's certainly convenient for them, while plausibly deniable.

[-] corbin@infosec.pub 6 points 1 year ago

There are malicious extensions found in the chrome web store pretty frequently, and if I was making one, I would definitely use the API that lets me man-in-the-middle all network requests. So google’s statement that 40% or whatever of malicious extensions use that API seems plausible to me.

You could definitely make the argument that Google should just do a better job of reviewing extensions, but that alone also wouldn’t be a 100% solution. Google definitely messed up with the original rule limits, though. If chrome is more optimized then surely it must be able to handle just as many (if not more) rules than uBO.

[-] jol@discuss.tchncs.de 2 points 1 year ago

You could implement a permissions system that is comprehensive and granular enough to not allow random extensions to intercept network requests. Also, basically Google is then admitting their extension moderation is crap.

[-] ReversalHatchery@beehaw.org 1 points 1 year ago

I doubt they have "messed it up". Just as intended.

[-] kewko -4 points 1 year ago

What is the point of your comment? Everybody and their grandmother (including the bycicles and the EU) understands the point of Google's changes. There's no need to prove shit. Chrome is a choice, doesn't come on any platforms as default (that support extensions). Personally I changed back to FF when they first announced these changes a few years back.

[-] Zerush@lemmy.ml 0 points 1 year ago* (last edited 1 year ago)

Also FF will be affected by V3 and require some changes to avoid V3, at least if Mozilla can leave the contract, as intended, with Google as the main sponsor until 2024, otherwise it will have to abide by its conditions. The only which can't avoid it, is the user of Chrome itself. The devs of most other companies are already working to show the middlefinger to Google, in the EU anyway. Vivaldi has an inbuild ad/trackerblocker which can use remote lists that are not affected, out of reach of Google, no need of the Chrome Store for this, also no need of Tampermonkey, Greasymonkey u other extensions to install scripts as extensions itself, if needed.

[-] kewko 4 points 1 year ago* (last edited 1 year ago)

Implemeting support for v3 is not the same as dropping web request blocking API from v2... Google pays to Mozilla for service they provide having them as default search engine - it's not a sponsorship...

Saying that, I've done some more recent research and Google has already softened their stance on requests blocking with current manifesto proposal of up to 5k dynamic rules with a proposal to extend up to 30k being popular.Sources: https://developer.chrome.com/blog/improvements-to-content-filtering-in-manifest-v3/ proposal: https://github.com/w3c/webextensions/issues/319#issuecomment-1682073791

[-] Zerush@lemmy.ml -1 points 1 year ago* (last edited 1 year ago)

Well, Mozilla recive money from Google, not only to use it as default search engine, it's way deeper, so Mozilla send data to Alphabet, googleanalytics and googletagmanager, as said, if you create an account in Mozilla, Google also receive this data.

The Firefox save browsing API is also from Google, the same which also in the Cromiums, which in Vivaldi can be desactivated in the settings, like other Google APIs left to the user choice. Extern sponsores never are a good idea, it gives other the power to make decisions for the own brand. I hope that Mozilla manages to finish this contract next year, as intended.

Yes, Google can limit the lists which use adblocker extensions, eg uBO, but not the lists itself used by others. Anyone can use the filterlist he want. I think that also FF will be forced in the future to use an inbuild adblocker.

[-] kewko 3 points 1 year ago

To be clear Google has no direct way to force FF to do shit. The reason Google is implementing v3 is to disrupt adblocking (by dropping v2 APIs) the reason Mozilla is supporting v3 is to make life easier for extension Devs. They don't have to comply with same restrictions

[-] Zerush@lemmy.ml 0 points 1 year ago

Mozilla don't make life easier for the devs, these must anyway change to V3, yes or yes, or their extensions will stop working and die, that simple.

[-] kewko 2 points 1 year ago* (last edited 1 year ago)

Firefox safe browsing API is also from Google

It is, however it doesn't send data to google. Browser receives the list of all unsafe pages and checks against it locally

[-] Zerush@lemmy.ml 1 points 1 year ago

Not at all, the API also send Data to Google, its not a simple list hosted by the Browser but by Google. At least I've desactivated it, because the adblocker do the same, if you use eg uBO, it also wikk block webs with malware or fraudulent content, because these are also in the blocklists, so the save browsing API isn't really needed. Better sending data to GitHub as to Google.

[-] ReversalHatchery@beehaw.org 9 points 1 year ago

How conveniently the author had failed to mention all the downsides of uBlock Origin Lite. At least they have given a link to the page that explains the differences, but they still write like "it's nothing major" because "I haven't seen any difference". Yes, because 1. you're blind! 2. you care only about blocking ads, not trackers and data mining, which activities are not visible on the website itself!

[-] corbin@infosec.pub 0 points 1 year ago

I did say the element zapper was missing. uBO Lite is using the same default filterlists as uBO, which includes some trackers: https://github.com/uBlockOrigin/uAssets

[-] ReversalHatchery@beehaw.org 1 points 1 year ago* (last edited 1 year ago)

I did say the element zapper was missing.

I didn't mention the zapper. Though I agree that is a great tool, along with the picker which is then probably also gone.

uBO Lite is using the same default filterlists as uBO

Uses the same defaults, which are only updated after a new release gets through google's addon review process, in an environment where often quick changes are needed for the addon to work effectively. Its much easier to get thorugh a firewall that is only updated once every few or even more days, than one that automatically obtains the updates every half a day.

What about the lists that are not enabled by default, and custom lists added by the user? As I understand, they are not a thing anymore.

Did I understand it right that that according to this and this FAQ entry, neither of the lists have site specific rules, as it is not possible to have them anymore?

[-] nao@sh.itjust.works 3 points 1 year ago

Ok so the adblock situation on chrome might get worse, but it might not be as bad as bad as some anticipated.

But is there any advantage of using chrome?

[-] potemkinhr@lemmy.ml 3 points 1 year ago

Right off the top of my head I can think of two:

  • best chance sites are working as intended, including DRM compatibility
  • probably best integration with streaming solutions and integration with other apps
[-] rob299@bookwormstory.social 1 points 1 year ago* (last edited 1 year ago)

See the problem with despite googles intention of protecting their own ads is that now users in theory can't block all of Googles competing ad networks due to the limited filter rules.

this post was submitted on 23 Nov 2023
77 points (95.3% liked)

Technology

35120 readers
13 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS