Technology

37585 readers

316 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago

MODERATORS

[email protected]

399

Chrome will block one of its biggest ad blockers (www.pcworld.com)

submitted 1 month ago by [email protected] to c/[email protected]

103 comments fedilink hide all child comments

uBlock Origin will soon stop functioning in Chrome as Google transitions to new browser extension rules.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 209 points 1 month ago (8 children)

The ad company blocking an ad blocker is totally about security

- Google stans

[–] [email protected] 23 points 1 month ago* (last edited 1 month ago) (6 children)

But they're not blocking ad blockers. They're restricting a huge attack surface which has the side effect of making it harder to build ad blockers. With this change, extensions can "only" alter/inspect/redirect/block 30,000 domains if they use the webRequest API. That's not enough to build uBlock Origin with, but at least there's limit now.

Google should add a specific ad blocking API (though I suppose that name would run afoul of market competition laws, so maybe they'd need to workshop that stuff info "content enhancers" or whatever) before removing the ability for extensions to hide/block/redirect/alter arbitrary requests, but the way extension's currently work is pretty terrible.

It's all fun and games if uBlock Origin uses this API, but if one of your other extensions get bought out by a Chinese malware company, you'd be wondering why "save downloads to Nextcloud" and "remove Google search bar from the browser home page" were able to steal all the money out of your checking account and open several credit cards in your name.

Google's approach sucks, but in my opinion other browsers should show stronger warnings when installing extensions with access to everything you do in a browser (and outside it, if you screen share).

I don't really care about Chrome, Chrome users can just download another browser if they don't like ads. I do care about the risks in other browsers, and browsers need to do a lot better communicating and compartmentalising this risk to end users.

[–] [email protected] 27 points 1 month ago (1 children)

"For the security" is starting to sound a lot like "for the children". I hope this works out better than secure boot. When these new ideas emerge that have, let's call them, "side effects" like disabling ad-blockers or preventing Linux from being installed I am suspicious.

[–] [email protected] 5 points 1 month ago (1 children)

Google clearly shows their intent by not providing an alternative API for content filtering, but that doesn't mean there are no security concerns. Malicious extensions have become so prevalent that Mozilla had to switch to only permitting signed extensions (despite community outroar) because shitty companies were inserting their extensions into the users' profile directory without permission and breaking websites and even Firefox itself in some cases.

Secure Boot requires the user to be able to turn it off, so if it gets in the way of anyone, it's implemented wrong. Microsoft has a weird certification system for "super duper secure" laptops or whatever they call it where only their private key is loaded, but that's a small amount of expensive business laptops.

If anything, Secure Boot is an example of the "just let me turn it off if I want to" crowd making computers less secure for the majority because Microsoft allows booting a whole bunch of Linux distros on supposedly locked-down systems, which has been proven to make other attacks possible (like that recent one on Lenovo laptops where a Linux boot disk could insert a fingerprint into the fingerprint reader that would unlock TPM-based encryption).

Nobody is preventing you from installing Linux through secure boot. In fact, you can take control of your secure boot settings and prevent anyone from installing Windows on your computer without your password.

[–] [email protected] 13 points 1 month ago* (last edited 1 month ago)

if google cared, they'd vet ads and ad links, and guarantee their safety and security.

if google cared, they'd put a stop to seo 'optimizers' and scammers scoring top positions on serps.

but google doesn't care about anything other than their profits and share price.

adblockers can affect both of those. they're using the weak cover of 'security' enhancement to neuter them.

existing adblockers provide more safety and security than what can be realized by the shift to mv3.

load more comments (4 replies)

load more comments (5 replies)