I am dumbfounded that uBlock Origin, arguably the single most important extension in modern web browsing, and one that makes millions of lives easier by making their web experience bearable at all, all of this depends on one single person, working for free.
Now there's also the list maintainers, who also work for free. Still makes you wonder about how the world works. There's probably many other similar instances. In any case, I think these people deserve more recognition than they currently do and we shouldn't take anything they do for granted.
We should also thank Firefox for having adblockers at the time when Chrome was released. Otherwise Google wouldn't have felt the need to add an adblocker extension API in the first place.
Having adblocker extensions was one of the things that allowed Google to get Firefox users to switch at the time.
Ever wonder why Mobile Chrome doesn't have extensions or adblockers? Because it didn't have to compete with Firefox to gain marketshare.
From a selfish POV isn't it better as an adblock user that other users don't use adblock? Then they unwittingly subsidize your pleasant ad free experience.
I get what you mean, but I wish more people used Adblock so that more sites would be forced to switch to contextual non-surveillance advertising. I'd get to support sites more while maintaining privacy.
As more people switched to contextual ads, the ecosystem for it would also improve and rates would hopefully increase (for smaller sites).
Because adblockers depend on things coming from 3rd party ad servers doing instant auctions for ads based on user profiles. They do it client side because the latencies involved vs doing it server side are far less.
With non-surveliance based ads, they can make the ads completely indistinguishable from normal content in their CMS and make it look like first party content and server side based. And since the user info will be minimal beyond an IP, it will mostly be content based vs. user based. They can even do things like podcasts & youtubes videos do with sponsorships that come with the content.
They don't do it because it doesn't make as much money as the current status quo and would require more work to integrate if it was offered.
From a selfish point of view, I care more about the benefits to me brought by Firefox having a bigger market share and Mozilla having more influence on the development of the web, than the benefits brought to me by other people looking at ads.
I can second this. Along with "Popup Blocker (strict)" and "HTTPS Everywhere", the web is a lot less annoying. But Firefox on Android has some basic issues: the tabs go dead/unresponsive on some JS heavy websites.
Why do you need a strict popup blocker? I honestly can't remember the last time I got a popup ad, but there are useful popups every once in a while (oauth logins, etc). It seems more annoying than anything.
I found Firefox + uBlock almost unusable on my Pixel 2XL and use Brave. But I'm glad the options exist at all... I just wish more hardware was more open at Manufacturer End of Live (when they stop updating). So that third parties could continue support better. There's definitely a need for right to repair laws at this point.
Was probably close to launch, almost 2 years ago now... I've been pretty happy with Brave overall, and also found Firefox UI a little frustrating by comparison so didn't worry too much to retry since.
Could very well be better now... I've tended to try FF on most platforms about once a year as my main browser. I do tend to test in it for dev though. My current app doesn't really have a mobile target (mainly deals with scanned images, so desktop is primary).
FWIW, coming from Chrome, the Firefox mobile UI was very frustrating to me also for about two weeks 'til I got used to it. Now it feels familiar and seamless.
Thanks for reminding me about this. I kept thinking "Google Chrome on Android is unbearable because of all the ads", and your post reminded me I could do something about it. Just installed Firefox + muBlock Origin. Thanks!
I've been using Firefox mobile for years and really love it. It's always been a vastly better experience than Chrome. I usually use DNS based adblockers on my phone though; AdAway+rooting via magisk.
Without rooting, you can use the VPN blocking provided by AdGuard. It has some paid features (like ad blocking in apps), which it sometimes reminds about, but otherwise I am happy to use both Chrome and Firefox for Android without advertisements.
Gesture tab switching (swiping on the top bar) is the killer feature for me. I use Firefox but with great sacrifice, because swiping is so ingrained in my workflow.
I really want to switch for this reason, but I've naively come to rely on Chrome's saved passwords feature. What I really need is a tool to migrate my saved passwords from Google to Firefox or some other service.
lastpass has a lot of import / export options as far as I remember, so that might be a good place to start... but once you get them imported you should be able to export them to another service easily enough.
ive moved to bitwarden a few months ago and it is far superior and a lot less bloated than lastpass.
Is there a way to increase the font in firefox? Maybe an addon? That is my only gripe with it. I know I can use Reader mode and even increase the font at the OS level but I would rather not do that.
No, other browsers on iOS are basically wrapping Safari. If you want ad blocking on iOS, you have to use an app that uses the content blocker API. My favorite is 1Blocker X, which seems to be pretty well reviewed as well.
As mentioned in another comment, iOS doesn't allow extensions. But Firefox Focus works quite well, and comes with a content (ad) blocker. Any content blocker you enable in Settings.app is used by all browsers.
uBlock Origin seems to have ~15 million active users between Chrome and Firefox (source https://en.wikipedia.org/wiki/UBlock_Origin#uBlock_Origin). If it only spared us 10 seconds a day on average (probably a super conservative estimate), it would save the equivalent of an average human life (~70yrs) every 15 days!
(And given that probably at least 70% of users don't use an ad blocker, it's infuriating to think what's the "human" cost of ads on the web alone...)
uBlock saves my laptop battery and CPU when web browsing, by a lot. It has an older core2 CPU that can easily churn at 40% just staring at a page where some ads aren't blocked. That and the cpu fan spins up to high. Turn on uBlock, and CPU use goes to zero. uBlock saves electricity and is therefor good for the environment. I'd say we're all obligated to use it ;)
Try to watch a playlist on Youtube without a add blocker. Its insane the length and amount of commercials. A add blocker save you much more then 10 secs a day.
Which is also expensive. In Canada, it's 12$/m, but in includes original shows, YouTube Music, and a bunch of things I would never use. I would gladly pay a couple bucks a month to remove ads, but the fact that it's more expensive than it needs to be and includes so much more than I care about makes me not want to.
It's expensive when the alternative is free. Particularly since that free alternative is WAY better. Paying youtube only stops the ads on youtube. uBlock Origin does much much more than that. I'd sooner give gorhill 12/month, but he won't take my money.
This stuff adds up fast. $10/mo for YT Premium, $15/mo for Spotify, $15+/mo for Netflix. You are looking at almost $500 per year in subscription services alone, not even counting your phone bill.
There are definitely a few OSS that don't get anymore as much love as they deserve. VLC and OBS are two example of programs that are so damn good, even paid alternatives hardly can compete.
OBS is interesting because not only is it one of the best programs available for what it does (and cross platform to boot, which is huge), but it's also a catalyst for making people an absurd amount of money.
Pretty much every top streamer uses it. I wouldn't be surprised if OBS was responsible for generating over $75 million worth of earnings for just the top streamers on Twitch in the last few years, then there's Twitch's cut on top of it. That's going by 1 article saying just the top 10 streamers alone earned $20 million last year alone.
OBS is one of those products where I bet if they put up a Kickstarter asking for support they would end up raising a few million. Come to think of it now, I wonder if Twitch has tried to buy / fund OBS in the past.
OBS could make a lot of money by offering a few premium features for an annual donation. Something like a more advanced banner editor, or an animation engine.
It’s amazing software and I would like to see the developers and the organization thrive and be sustainable for the long term.
Honestly, streaming aside, before OBS there really wasn't any way to record your webcam except the shitty proprietary webcam application. Similarly, for screen recording, most people used Fraps or Taxi, both of which were very limited.
Maybe the lack of human resources is offset by the lack of managerial bottleneck (you can just get stuff done and solve problems immediately with your keyboard without the need for weekly meetings or approval from some non-caring boss)? I've always been astounded too.
The end of the book 'The PayPal Wars' gives fascinating context on how development just completely dies in a corporate environment. They went from being able to roll major new features in a weekend to requiring months just to schedule a meeting to discuss a font change. It's a fascinating read when we now look back at how PayPal just stagnated under Ebay's ownership.
I think twitter is a few thousand total employees, a fraction of that is engineers.
And a good chunk of it is maintaining & improving a large throughput backend system that is one of the top 10 in the world in terms of size and data volume.
And on top of that, an even smaller fraction is the people who think of and implement new front end things that you would interact with and think of the app changing. Like a lot of companies, it's probably a 10:1 ratio as far as backend:frontend people there are at the company.
As to why twitter changes so little, the company itself doesn't really understand why it's successful, so there is a lot of conservatism inside of it to not screw with the golden goose.
I'm not sure they are comparable.
One force of VLC is that it litteraly runs everywhere.
MPC-HC only works on windows, so it's not comparable. mpv has also a lot of target platforms, but not as much as VLC. It's really nice though, and I think a bit of competition is good.
VLC runs everywhere, but do you really need something that runs everywhere literally? Is this like the old hat trick of running Doom on your fridge? I'm content using mpc-hc on Windows and mpv on Linux/Mac. What else is there?
I was pretty die hard against VLC (i've moved everything I do to mpv wrappers once MPC-HC became abandonware) but I'd give vlc another chance if you haven't looked at it in a while. It's come a long way if your opinions were founded nearly a decade ago like mine were.
If I recall correctly, he trusted one of his maintainers too much, and that is the reason he no longer contributes to uBlock (his original project), but rather created uBlock origin.
The fact that there is no easy way to make this into a money project probably led to his relying so much on such a maintainer.
Part of the issue seems to be that the devs that actually value an OSS project don't have any way to persuade the company they work for to contribute to the project. If there was some way to be able to create a tier where a company would pay $12/month and be able to "something which benefits the company ?? bugfixes ??" - something support related or somehow, many of these projects (timezone, adblocker, ssh, even things like Matrix) could be funded.
I've disabled uMatrix for private windows, so it's just a regular right click -> "Open Link in Private Windows", done. uBlock still blocks the most obvious stuff, but the site is displayed "as intended".
The biggest and most important lists
(Easylist and its localizations) are heavily maintained by eyeo GmbH, the company behind AdBlock Plus. It might be a community project but in reality it's more like Chromium or Go.
Not really, no. The lists themselves are ultimately less interesting than the technology used to run them; there are other lists, and if easylist soured, a community-sourced alternative could be made relatively easily.
I actually doubt that. Finding the right rules is quite a bit of work and hobbyists will only look for such stuff for so long until they get bored. Programming can be fun but adding the nearly but not exactly the same rule to a filter list for the 2,000th time will eventually get tedious. Especially if you are playing a cat and mouse game and you are the (unpaid) cat and the mouse has quite strong incentives to get paid.
Doesn't that argument work for the plugin too. I mean most people using uBlock Origin probably started with Adblock (and maybe moved to ABP), or uBlock.
You can achieve similar results with pihole, or hosts file managers.
Back in the day I used a local proxy tool, Proximator or something.
AFAIK uBo isn't doing anything particular unique technologically (which doesn't mean I'm not grateful, nor that anyone could make it).
> You can achieve similar results with pihole, or hosts file managers.
You can't. uBO has contextual information for each network request, something not available to external content blocking solutions.
For example, many filters are meant to apply only on specific domains or whether they are 1st- or 3rd-party, and for this to work you need to know from which origin a network request is fired.
Also, uBO has an advanced-user mode that let you create rules to override filters in static filter lists; allows to work in default-deny mode; or even allows to work with no static filter lists at all. Contextual information is key to advanced-user mode features.
I use element filtering to strip Google News links off of the search page on the offhand chance I can't find something on DuckDuckGo and have to go back to it.
How would this make the uBlock Origin project like Chromium? The lists work and if the bigger lists choose not to block everything you'd like, you can simply enable additional lists. It's just a data source.
Okay, sure. I interpreted it as the OP referring to the extension itself since the grandparent post was primarily talking about being impressed with it being run by a single person.
Also keep in mind that the entire problem exists because it was created by thousands of people working in the advertising industry. It's frustrating how often people have to solve problems created by other people.
Just like how we have to have to spend billions cumulatively on computer security related products, because some people are trying to make a few million ransoming workstations and sending spam.
Is there a way to donate to the uBlock Origin project? If you want to imagine what the world would be like without uBlock, just try turning it off for a day. That's horrifying.
gorhill refuses out of principle to take donations. This is a passion project for him, and he wishes to maintain the freedom to stop working on it at any time without feeling "obligated" to continue.
There used to be a rich history of one-man products maintained selflessly by their creators, even up until the early 2010's. Entrepreneurship and business assholes destroyed that -- we gave this up when we made tech so easy to use that every brother and their mother got on board. Now tech is too big, with too much money, that it cannot help but attract sharks that buy up these sorts of things and then destroy them
Tech should just be for tech people! Mothers and brothers be damed!
I get the frustration, but shouldn’t we be working towards models that allow for better compensation for creators rather than ... well I’m not exactly sure what you’re advocating for here ...
Better compensation for creators is not going to stand up to a multi-million or multi-billion-dollar buyout. Much of the western world has this crazy fascination with tech for the sake of tech, and it is that fascination and subsequent vulnerability that attracts the personalities that have been systematically pillaging all the great things that tech -- particularly lone-wolf individuals -- have built over the years.
It'd be really cool to see more barriers to entry limiting people's ability to access some tech, and limiting the size of businesses that are built around it. The internet was much better when it belongs to and was embraced by nerds, and not the general public, for example.
Our modern world is too complicated for most folks and now we have to build things so overly simplified that it is nearly impossible to be a power user or do advanced tasks when everything is reduced to single-button, shitty-app solutions in the cloud maintained by megacorps with more money than God
Nah, he'd probably make enough to buy a few beers.
Maybe he could make $thousands per month spending serious time on self-marketing begging effort, but I wouldn't blame him if he wasn't interested in that
There are at least two revenue sources on uBlock Origin...
The software is free-to-use yes, but it doesn't mean that gorhill won't put money in his pockets.
Just read Microsoft will allow ad blocker extensions (May build one in) in their new Chromium browser. Looks like I’m going to rewind 13 years and use IE again(IE of today).
Such a stupid move by the do no evil company! Now they do no stupid too.
The bright side of Google's anti-ad-blocking efforts is that ad-blocking is clearly no longer just an insignificant blip on their radar. There must be enough users of ad-blockers now to start to significantly affect their bottom line.
There might even be a critical mass of people who are against advertising to attempt to make some legal headway on this issue in Washington. Just as there has been legal action against telemarketers, there might be something on the legal front that can be done against online advertisers, who could be considered just as much or even more of a nuisance than telemarketers ever were. In addition, online advertising has repeatedly been a vector of malware, and perhaps companies which try to circumvent or forbid ad-blockers could have some legal consequences -- and, if not, perhaps laws could be introduced to make such consequences a reality.
IANAL, and this is just a pipe dream of mine at the moment -- but plenty of pro-consumer legislation has been made over the years. Perhaps the dawn of an unsolicited-advertising-free world is upon us.
> There must be enough users of ad-blockers now to start to significantly affect their bottom line.
I host a bunch of websites, and about five years ago I stuck adsense adverts on them. Due to the decent traffic I was earning about £80/month and that was stable for 3-4 years.
This year, and last year, I instead earned about £100/year, despite having much more traffic/visitors, and more "aged content". When I get a chance I'll rebuild all the sites and drop the adverts. Adblockers - which I use myself - have rendered them almost pointless.
He keeps calling this a false positive. It's not. Easylist is a list of ads. That is an ad. The ad is listed on the list of ads. He seems baffled by the idea that someone could be against the concept of advertising in general.
Hunt is under the impression that he has a right to force Web clients to consume content like he wants to after it has left his server. This is, of course, not how the Web works, and he should know better. There is no point in getting upset about it and then writing a blog entry. Content blocking is a direct consequence of past abuse. He must understand even though he thinks he does nothing wrong, the bar of acceptability for people who subscribe to content blocker update lists – after past abuse – is: no distraction at all.
Having a peace of mind without advertisement intruding into it is a human right. I would be glad if someone could find for me that article making that legal argument.
> He must understand even though he thinks he does nothing wrong, the bar of acceptability for people who subscribe to content blocker update lists – after past abuse – is: no distraction at all.
Simple solution for you then: Don't visit sites with advertising. By repeatedly visiting sites with advertising, you're basically saying, "I want all this content but I'm not willing to support them financially."
So he added an ad to his site and it got added to a list of ads. What's noteworthy here, besides the fact that he doesn't understand what ad blockers are for?
This is the whole point of those filter lists. Otherwise I would have to remove his ad manually, which is undesirable.
I can only speak for myself: but it seems to me that most people aren't against advertising, only the magnitude of advertising and the tracking that goes with it.
AdBlock should be about making the internet tolerable again instead of the cesspit it's slowly becoming, but it's exasterbating the problem.
Very interesting. I wonder if it's possible to get around by randomizing the element class after each reload - sounds like renaming it worked temporarily.
Similar for my blog/site (>20 years old). But, it used to pay me my hosting costs + a computer component upgrade. Now I get a few pence here and there, an order of magnitude less.
So now it costs me to run it (excluding time considerations of course) whilst before it paid for itself.
Also with sites like Stack Exchange I tend to use them for what I blogged before (computer fixes mainly), so most of my new content nowadays is UGC on other people's sites too. Personal stuff goes on Facebook, on the whole.
DMCA was hard to get people upset about. It was all new stuff that most people didn't understand or care about. This was before Napster, even.
People clearly care about net neutrality, and they would/do also care about browser ad blocking. At this point it's clear to people what the issue is and how it affects them. Taking something away from people is much more painful than preventing them from getting it in the first place.
Even if there could be enough lobbying pressure to seriously propose such a law, it would be deeply unpopular and have difficulty passing.
I always thought a good answer to this was "well I'd think about copying a car if I could..."
How sweet would that be? Friend gets a car, I make a copy of it at zero cost!
I guess the standard answer to that would be "but you're depriving the manufacturer of money to cover the costs of providing the car in the first place"
Which is reasonable, but I'd have to question their business model if their manufacturing costs are so high and yet I can copy it for free ...
Nah, the standard answer isn't reasonable. They're depriving themselves of that money by choosing a business model that matches neither the customer needs nor physical reality.
In hopes it'll one day turn into a catchphrase: no one is entitled to have a particular business model working for them forever.
In fairness I'd give them that much. There is a quid pro quo between me having a need, and a business providing that need. If it's not commercially viable for a business to then perhaps my need may go unfulfilled.
What irks me is that such a gracious outlook leaves me open to being gouged by profiteers.
I believe they tried, but it basically never made it out of committee as it's basically the same as banning people from using a highlighter on a book. It became very very clear that not only was it not enforceable but trying to go after the people supplying the adblocker would run into serious human rights issues.
It's already copyright infringement. In USA Fair Use probably does the necessary; but in UK I'm pretty sure it's infringing (you've modified the work without permission).
They're more likely to outlaw adblocking than they are outlaw advertising. Frankly I fear we're nearing the end of a golden age, where those in the know have an incredibly easy time blocking ads with a simple extension while our content providers are funded by the ignorant tech commoners watching ads. I don't want a future where ads are baked right into the YouTube video stream and articles refuse to load until they get confirmation the ads have been downloaded from an ad server.
The funding to produce the media people want to consume has to come from somewhere. If it’s not baked into the video stream, it will be baked into the video itself, aka product placement.
Watch any new movie or TV show, and it’s unbearable to see the videography just to catch a car logo or drink logo. Shame. There’s even been full on descriptions by the actors of a car’s features, basically a commercial within the dialogue of the media.
My solution is to stop consuming it, not that I consumed a lot to begin with, but there’s no other option.
banners and logos obscuring the view, and often mantling plot critical visual details are what turned me off cable and satellite feeds. i just wait until the disc is being sold and enjoy it sans banners. thats not available with the net.
here the state law defines ANY unauthorized access to any computer system as felony, that includes snooping unsecured systems or MANIPULATING FUNCTIONALITY.
You know it's funny, I was watching horrible bosses last night, and was thinking just this. Some fairly blatant product placement for a major car manufacturer.
It didn't spoil the movie though, and in fact the bare-facedness of it even added some humour (-:
I don't think product placement is soooo bad. It's up to you if you're making a movie to make it fit. If you don't it detracts from the quality of your movie which to me seems a good enough motivator to get it right.
We are not helpless in this and we should not just lie down and accept our fate.
On what grounds and by what rationale could adblockers be possibly outlawed? If you cannot answer this question reasonably, then please don't even mention this as a reasonable possibility.
Put the ads in the browser -- not the content. Change chrome to show the ads in the client like an ad supported software, then make it speak a new dmca:// protocol.
> The bright side of Google's anti-ad-blocking efforts is that ad-blocking is clearly no longer just an insignificant blip on their radar. There must be enough users of ad-blockers now to start to significantly affect their bottom line.
I think the issue is that shareholders want to see significant year-over-year growth, something that isn't sustainable in the long-term. We're merely being seen as an untapped market than can keep the needle moving for a few more years.
I like capitalism, but I think it's entirely unreasonable for shareholders to expect such gains in perpetuity. After all, there's a finite amount of money that can be extracted from any user. The trendline will inevitably start to level off after a period of time, and I'm frustrated by the fact that this eventuality has negative connotations associated with it.
Here's a thing: the shareholders may very well know not to expect gains in perpetuity, but surely something could be done to boost growth just this last time? Given how much money is at stake, plenty of extreme things can be done before the particular growth source is exhausted. And we all have to suffer the collateral damage.
Isn't the surveillance/telemetry problem still as much of a problem as it was on day zero? As far as I know, it hasn't been removed nor lessened. As far as I remember, it is absolutely overreaching, collecting your name, email address, browsing history, searches, application usage and more.
> As far as I know, it hasn't been removed nor lessened.
IIRC they lessened it by some ε > 0 in 1803. [1]
> As far as I remember, it is absolutely overreaching, collecting your name, email address, browsing history, searches, application usage and more.
Some of these seem more alarming than others. Where are each of these pulled from? If you have a Microsoft account they already have your name and address. Most people use Chrome and I assume Windows isn't sending that info to Microsoft (although this does make me worry for those who use IE/Edge). Searches and application usage I haven't heard explicitly but those would worry me more.
> Microsoft also keeps a copy of your full-disk encryption key.
Wasn't this only when you had a Microsoft account or something? We can debate how they shove MSAs down users' throat (I want to punch my computer when they do that too), but as far as the FDE key is concerned, I feel like those who don't want this also wouldn't want to use a Microsoft account for their logins to begin with?
I'm almost entirely certain that the storing the Bit locker FDE key in your Microsoft account is an optional choice presented during the BitLocker setup.
Recently due to a firmware upgrade losing the key I had to do the disable/enable dance for Bitlocker and you need to store the key somewhere removeable (usb stick etc) which is enough of pain I just went for a Microsoft account.
You can remove them easily enough from a Microsoft account.
I'm not sure of the details anymore, I was going by my memory.
But to respond to your overall point, there are probably hacks around each of the things I've mentioned, but the point is that I don't feel like using an OS that does these things is a reasonable alternative for me. Particularly because who knows what other kinds of aggressive changes are being concocted for the future. I try to make this point to my family and friends too and they seem to agree.
Yup, and all the Turn Off Telemetry toggles are all placebos. I think the only solace one can find from constant phoning home is with the LTSC version of Windows 10, but Microsoft makes it very inaccessible to a home user.
There's also a few custom installers/scripts that people have written to disable the telemetry via PowerShell that are floating around, but I think their up-to-date-ness varies from author to author.
> Seriously guys, if the last time you used Windows was a few years ago it is time to give it a another shot.
What's the point? They do it all the time when things start going bad. It'll turn to garbage as soon as they have enough of mindshare. Why be among the ones who run back and forth?
If the WSL is the only reason windows is a decent development workstation, then why not just use Linux in the first place? What unique factor is Windows offering here?
In a word, drivers. We’ve come a long way since the dark days of the 90s, but hardware support on Linux still lags far, far behind Windows. This shows up in all sorts of ways on a daily basis. Graphics drivers, I’m looking at you Nvidia, are noticeably buggier and slower. Lots of little random errors crop up that are simply unfixable because the hardware mfr isn’t interested. Example: My USB controller resets itself every 15m for some reason. And good luck getting sleep/hibernate to function correctly unless you went out of your way to choose a hardware combination that is known to properly handle PM on Linux (I’m talking every peripheral here). For server-class stuff you’re generally in good shape but desktop Linux is still mostly an afterthought.
Being able to run two OS'es at the same time seamlessly is pretty cool. Many programs I use are either Windows or Linux exclusive so it saves me a lot of time rebooting compared to double-booting.
It was a long time ago I had reason to start Windows specific software, but even back then wine did a really good job. It even had functionality for things like running IE versions in parallel, good for the frontenders in the team. And development hasn't slowed down since then.
I would rather not fuck with the OS on my Surface. Not only does it have a bunch of oddball hardware that may or may not have fully-functional drivers on Linux, but Windows has a really good touchscreen UX that I'd rather continue using.
If I need to do serious work, I'll snap the keyboard on and open WSL, but for anything else, I'll detatch the keyboard and just browse the web with Edge.
Agreed. The problem with a mission statement like “do no evil” is that in today’s pluralistic world (especially in the west), there’s no generally agreed-upon definition of evil.
Philosophically, defining “evil” requires defining “good” first, and a definition of “good” depends entirely on one’s notions of origin, meaning, morality, and destiny — one’s worldview.
In google’s case, it’s probably better business to simply remove the motto than to risk offending large groups of people in the quest for philosophical rigor.
> there’s no generally agreed-upon definition of evil.
Philosophically, yes. But moral relativity does not hold well due to the existence of culture. For western countries, no one can defend the morality of slavery or genocide. While those are pretty extreme, we have also collectively (democratically) decided that screwing over customers for your own profit is also not moral and should not be allowed. That's why antitrust law exists.
Yes, but only for as long as Google allows them to do it in their Chrome mod. Microsoft will keep away from centain Chrome features in Chromium as long as all they need to do is to turn them off. i.e. stay on the same trunk but without certain optional element. Key here is - optional elements. If Google will change something that will require to branch Chromium (and I mean really branch, with internal changes) to stay away from such changes, I highly doubt that MS will do it. They don't wan't or can't to maintain a separate different browser as they already shown with Edge.
Isn't Microsoft selling ads too? I believe they do (that's why bing was created). If so, I don't trust their ad blocking initiative any more then google's. Maybe in short term, as they want to steal users from Chrome, but in longterm, they'll in same position as google is now.
It is difficult to assess which company is more 'good' or 'evil' nowadays. Microsoft did a lot of good by competing with UNIX in the 90s (Windows NT was cheap compared to UNIX). They also did bad with their embrace & extend and other anti competitive behavior.
Microsoft is a much older company who recently transitioned from being a proprietary software company selling licenses to a company who sell that but who also do services such as cloud (Azure) and who also do all kind of FOSS and tracking (Windows 10).
I fear the future is going to be that the poor are paying with their privacy/time/focus (as a result of advertising and tracking), while the rich buy licenses to pay off the licenses. Heck, it is already like that. My Scrabble clone application (Wordfeud) costs ~3 EUR in the Play Store. The free version costs nothing, but shows ads (not sure about tracking). I figured 3 EUR is a good deal for me for a perpetual license to never see ads. However, 3 EUR for me could be a lot of money for someone who's more poor than me.
A little know fact about IE8 is that it came with a built in content blocking mechanism appropriately called Tracking Protection way back in 2009. IIRC it was the first browser to come with ad blocking built in, although not turn on by default. Opera came with content blocking a bit later.
IE9 improved on it with what I think is one of the most impressive feature to this day. It had a heuristic tracking protection that block trackers once it's detected at a certain re-occurrence counts that you can config. So in theory it doesn't need to subscribed to an ad list like all browsers do today.
IE took a lot of crap deservedly so, but that overshadowed a lot of pioneer works that later browsers adopted.
Speaking for Tracking Protection on IE, the Easylists TPL lists on the official IE gallery site is severely outdated[1] (Last updated Nov 7, 2017)
This page from filterlists.com[2] offers an updated collection of TPL lists
there was a reddit ama where someone asked about adblockers and they said:
"we occasionally hear requests for a built in ad blocking experiences in Edge. For most users, we find that extensions (combined with strong defaults around tracking prevention) are the best option here because you can choose from a variety of experiences and defaults, but we absolutely want to hear from you if you think this should be built in."
The quoted bit was about a built-in ad blocker specifically. I think the real major point is:
“There are a couple components I want to touch on here - As mentioned elsewhere, we're still evaluating the adblock Manifest V3 changes, so we're not quite ready to commit to a statement one way or another on that issue.”
And:
“Second, we're committed to a strong extension ecosystem, including ad blocking. We're still evaluating some of the latest changes here in Chromium, but we're committed to the customer scenario as a principle. To be clear, we will not artificially restrict ad blocking for business reasons related to advertising.”
That's mostly fluff. Google also says they're not restricting ad blocking for business reasons, but for performance, and they haven't banned all ad-blocking, just forced addons to use their new mechanism, so they can still claim to support an ecosystem that includes ad-blocking.
My only issue is that chrome is great bec I can have multiple profiles on the same windows user account, but that’s kinda anathema to the paradigm of how Microsoft wants us to use Edge.
I use chrome profiles the same way ppl use Firefox containers, my only hope is that edge builds something similar.
I’ve also been using Vivaldi, I love it but I’m worried about using duh a small project that is still dependent on chromium.
Apart from the frankly horrendous political views of the founder, they have claimed to collect donations for creators who have never signed up for this.
And, the business concept of blocking other people's ads and showing you their own is pretty despicable in its own right.
It's become a pattern across many Google assets. The massive price increase of the Maps API, the order of magnitude limitations placed on the YouTube API, and now the neutering of ad blocking on Chromium. Google built an empire, and now they're cashing in their chips. I can't say I blame them, but they are no longer a platform that enables innovation. So now my only question is what's next? Which Google product will be the next to transform into an anaconda in their attempts to squeeze cash from their customers. Personally, I'm rethinking everything from Gmail to Android.
The funniest thing is, I would happily pay Google a reasonable amount each month to have access to their service! Caveat being that they agreed to drop all tracking and adverts, of course. But I love Gmail, Drive, Youtube and, most of all, Maps and Earth!
As things stand, though, if I gave Google any money, I'd be essentially wasting my time, because all I'd get in return would be dubious 'premium' features.
When it comes to at least Gmail and Drive, they do have a paid option with contracts preventing them from using your data for tracking, and it removes advertisements within those applications.
This is a link with more information. I imagine any of the paid tiers of Google Suite are covered by these standards, but I am not a representative of Google.
https://gsuite.google.com/security/?secure-by-design_activeE...
"Google does not collect, scan, or use your data in G Suite services for advertising purposes and we do not display ads in G Suite. We use your data to provide G Suite services, and for system support, such as spam filtering, virus detection, spell-checking, capacity planning, traffic routing, and the ability to search for emails and files within an individual account."
I switched to openStreetMap over two years ago now and I havnt looked back. it could be hit and miss depending on where you live though. it really depends on how much contributors are (or were) in your area.
there doesn't seem to be any google earth replacement around but then again its not really that important to have one, not for me anyway as its mostly something i just browse for entertainment every now and again
I recently considered cloud backup for my photos; could easily have paid for 2TB of Google Drive however Google's reputation in the past couple of years has really nosedived (in my eyes). I don't trust them anymore, they'll just eff up most things I like - eventually.
So went with the Norwegian Jottacloud. Looks quite good, performs well even from down under - uploaded 1.1TB in just a few days.
I have a lot of RAW images; their photo browser displays them fine, however they could do well to update the navigation a bit as it is cumbersome to jump say 15 years back in time.
Edit: It's still amazing to see my collection of NEFs and phone dumps (I clean our phones once or twice a year by moving all photos to the NAS) organised by time, extracted from the dark depths of my NAS drive folder hierarchies.
The Youtube API restrictions are completely ridiculous, you use up the entire daily allocation by searching 3 times, or viewing like 10 video metadata blobs.
They might as well just scrap the free API completely, because its now worthless.
I've just noticed Safari is stuck at 1.16 and I've been using a fork.
Anyone here uses Safari as their main browsing tool and has a good alternative? I mean 1.16 seems to do the job just fine, but if it falls behind too far...
+1 ! Loving the pihole setup myself. Optimized the dnsmasq & raspbian network a little bit. I have 248,000 hosts on block list. Can you share your block lists if you can ?
Sorry just catching up. Just the regular Linux network sysctl optimizations. Not all of them may apply to Raspbian or the hardware you are running it on.
Lots of ad-supported sites and services could/would be replaced by something free and volunteer-driven—and in some cases probably a little worse, in others, a little better, than their existing commercial counterparts—if ads just went away tomorrow. There's low motivation to do so now because you're "competing" with deep-pocketed ad-supported orgs for users, but if a gap opened up due to ads no longer being viable, it'd be filled. In some cases the alternatives already exist, they're just not well-trafficked and are somewhat neglected. Maintainers/supporters and users would flow in and they'd quickly grow and improve if the commercial alternatives died.
We've seen the open web and protocols stagnate because capturing users to spy on them is so lucrative, and open protocols make it harder to capture them. The open web would be revived without all the ad money and (consequent) developer time going into that capture effort.
Nah, I just remember what it used to be like. Most of the stuff that's valuable's not that expensive to run. Some of it's fairly decentralizable. The part that makes it difficult and expensive is centralization and control. File distribution's solved and practically free to the distributor if you just want to publish and don't care about retaining control, counting views, and so on. Anyway the sites with the highest costs (video and audio files) tend to be the ones that could probably survive on subscriptions and "native" ads.
Static content, sure. But what about a dynamic site that gains a lot of popularity? Think someone making a reddit knockoff back when the reddit's main source code was open. It could be set up and maintained in a single person's spare time, but if the site got popular, the server power needed to maintain it would get astronomical for a single person.
> Nah, I just remember what it used to be like.
A lot of "what it used to be like" worked because the Internet had a much smaller audience. In the late '90s and early '00s, social media barely existed at all. There was a time when most of the people online were techies, now everyone with a phone made within the last 10 years has access to the Internet.
Each site doesn't need to be all sites if you're not trying to capture an audience for moat-building and data collection. A lot of stuff that's not popular now, like federation or identity services not tied to advertisers (that one Mozilla had, for instance) providing unified multi-site login would be more popular, necessarily, without ads subsidizing free-but-spying options.
Just speculating, but reddit would probably be replaced by several sites (hundreds of popular ones, perhaps, thousands of less popular ones), many of which might permit login or shared feeds or something via the aforementioned means. RSS is still a thing, for that matter. You can also get by with much leaner sites even without going as far into old-school territory as HN and Craigslist, when you're not chasing marketing fads and adding tons of tracking JS and all kinds of other junk, so payload sizes don't need to be as large as they are.
And again, protocols could evolve. Something new similar to IPFS (though probably not actually IPFS) might reach production-ready status fast if there were a real need to distribute load. There are half-formed solutions to a lot of this waiting in the wings, just without much interest outside people who are into them for their own sake, because there's no audience for a somewhat-worse, much-less-addictive, spyware-free Facebook or Twitter, for instance. Community-driven alternatives have a nigh-hopeless battle while they're up against a money-spigot of ad dollars. Lots of developers who might help out with them don't, for that reason.
I mean hell chat was pretty decent and kinda mostly open for a while, but now it's fragmented into private services again, driven largely by the data-hoarders. Less open than even the AIM/ICQ days. Google's trying to do the same thing to email and the Web itself, largely in the name of "saving" them. Take away the ad dollars, the demand will shift away as those services shutter or start charging money, and open standards and enthusiast sites will take back over. Governments, in some cases, maybe (maps/navigation seems like a good one). No apocalypse, just a hiccup. Except for the dragnet spying companies.
As much as Advertisers want to be able to use their own domains to be able thwart fake clicks, this approach leaves them open to ad blocking. At what point with the wish to deliver ads outweigh the want to measure user engagement? Once ads are slipstreamed, adblockers are going to have to get a lot more aggressive, more like antivirus scanning for code signatures.
Thanks to the team (and especially Ray) for keeping us free of performance bogging, malware delivering scripts.
That wouldn't be the worst future though. In my head, once the adverts are being hosted on the website domain, there'd be a lot more incentive to a) NOT deliver malware, and b) NOT have those wearisome video/sound/flashing/js-heavy adverts.
Think of the impact if the site is blocked by the browser's red malware warning UI (Google's safe browsing or smartscreen in IE) because a compromised file was hosted on the main domain.
It is much harder to get the site whitelisted once it has been compromised since it is on the same domain.
In my job, we had a site domain that was falsely flagged as malware-infected and it took about a few days before it was confirmed as removed (it is not automated apparently). It was never made clear why it was flagged in the first place but it scared us and we had to isolate any downloadable files (installer, ads, etc) away from the main domain as much as possible.
> At what point with the wish to deliver ads outweigh the want to measure user engagement?
It could be argued that self selection from advertisements makes ad campaigns more cost effect per impression/click. If a person wants to block ads they might be less influenced/willing to purposefully click on adverts.
The other end of the stick is that website owners cant be trusted to self report metrics which influence payout.
This polyfill is useful if you want your Firefox-based extension to seamlessly run as a Chromium-based extension.
However uBO's code base was primarily that of a Chromium-based extension (it predates Firefox WebExtensions), and Firefox extensions API does not require a polyfill to run Chromium-based extensions.
So roughly I just needed both `chrome` and `browser` references to access the same API, the long term goal being to opportunistically replace all instances of `chrome` with `browser` (I find the later more vendor neutral).
I'd argue that it's not exactly "better", but more that it just makes different tradeoffs.
Using a full well-written* dependency for something not part of your "core competency" (even something seemingly trivial) is often a better choice in my opinion. That dependency will often know the "unknown unknowns" to you since their "whole purpose" is solving that one issue.
In this case, and from what I can see from my VERY small glance at the code, I'd argue using a polyfill would be a better choice in this situation. The polyfill has cross-browser tests, ensures compatibility, continually tests against new browser versions and will alert you and shield you from things if they change, download size is less of a worry for extensions and most of it no-ops away in 100% supported browsers, and it's maintained by mozilla.
Obviously there might be additional reasons why the uBlock origin developer isn't using it, it might be super overkill for his needs, he might consider the browser API part of his "core competency" and therefore shouldn't be relying on 3rd party code for it. I'd trust him more than myself here since I know so little about the domain. And I had a similar question to the GP commenter of why he decided to avoid the polyfill.
Your little saying isn't a useful answer, and the dig at "modern javascript developers" is not only unnecessary but also a real annoyance for me because it's used to dismiss just about every opinion while providing no real reasoning why you think that way. If you think a little copy is better, explain why! Don't just put down a group and leave without giving out any useful information!
* A "well written" dependency meaning something well tested, has a solid development team or dedicated person, and has somewhat widespread usage. Obviously it will differ depending on your needs.
> I'd argue that it's not exactly "better", but more that it just makes different tradeoffs.
Yes, it makes tradeoffs that are different, and those tradeoffs are different in that they're better. Often, not always. That's the statement in a nutshell.
> Using a full well-written* dependency for something not part of your "core competency" (even something seemingly trivial) is often a better choice in my opinion.
If it's outside your core competency, you can't really judge if a dependency is well-written. Popularity is an entirely unreliable quality metric. "Well-tested" also means nothing, a lot of people write completely useless unit tests but still fail on integration. How much time are you going to spend researching and vetting the code and the development "team" for that "seemingly trivial" dependency? How about writing a few lines of code and building a little bit of understanding instead? You can still use other people's code as a reference, even copy parts of it.
> That dependency will often know the "unknown unknowns" to you since their "whole purpose" is solving that one issue.
Sure, a few lines of code may have unknown unknowns. You know what else has? Other developers. Unbeknownst to you, "the team" could be the left-pad guy, who turns out to be "political". "The team" could be the guy that just hands over an unmaintained repository to a cryto-thief from China. That one took several weeks to get noticed by the community.
You start with one little dependency for one use-case, you end up with hundreds if not thousands of dependencies. You realistically have no capacity to deal with this in a diligent manner.
One could argue that by using "modern Javascript" with its pathological reliance on micro-dependencies, one has already given up control to the hive of random developers anyway, so one more dependency wouldn't hurt. I probably would agree with that. That doesn't mean every Javascript program would be better off this way.
>If it's outside your core competency, you can't really judge if a dependency is well-written.
Of course you can. I can not understand the details of something like the webextensions surface area, but still can look at the polyfill and understand that it's well written, that the tests aren't useless, that the popularity isn't faked, and that the maintainer is worthy of trust.
Nothing is foolproof, but I'd be much more willing to put things that I don't fully understand into someone else's hands who claims to have a lot of experience and has a lot of support from people who do understand that thing. Especially when the alternative is to trust myself who verifiably doesn't understand the thing.
>How much time are you going to spend researching and vetting the code and the development "team" for that "seemingly trivial" dependency?
That's a really good question! For me it depends on the project. A core project which has access to a lot of PII or is an important part of our infrastructure, i'm going to spend quite a while vetting a dependency. I might see what else the author has written, I might see how they release, how long they've been in the game, how their tests look, past PRs and issues, release cadence, backwards compatibility, and more. For an extra utility that is not critical? I might spend like 15 minutes, or even less depending on what it is doing and how widespread it's usage is. Looking at the chances of me getting a malicious developer or a very broken update that I didn't test against or see is much smaller than the chances that I'll write a bug and not test it, or I'll not fully understand a domain and will add subtle bugs into it, and won't even know how to test it correctly.
>Other developers.
And that's a risk that many are willing to take quite often. You can't completely rid yourself of dependencies. You can't 100% vet all 3rd party code, and you can't run entirely on first party code. It's not possible. So you trust some things here and there, you lock down dependencies so they don't update unless you say to, you review things and limit the scope of permissions. All things you should be doing anyway. Yes, it's a tradeoff, but it's one that the vast majority of code I've written is more than safe to make, especially when the author of a library is also the author of the browser it will be running in...
>You start with one little dependency for one use-case, you end up with hundreds if not thousands of dependencies. You realistically have no capacity to deal with this in a diligent manner.
But we do! That's what dependency managers are for! I can seamlessly replace dependencies, even several layers deep. I can scan and get diffs on changes, I can easily audit the dependency tree to determine if known vulnerabilities are found and either remove the library or update it. Again, it won't work in 100% of cases, but you aren't going to write 100% correct code yourself either.
>One could argue that by using "modern Javascript" with its pathological reliance on micro-dependencies, one has already given up control to the hive of random developers anyway, so one more dependency wouldn't hurt. I probably would agree with that.
Using 3rd party dependencies is a far cry from "giving up control to the hive of random developers". Just like how you using a browser to post this comment which relies on a compiler which uses tools written in python which relies on a python interpreter which itself relies on another compiler which relies on OS libraries which rely on more and more and more isn't trusting the "hive of random developers" either. There are checks, there are audits, there are tools to manage that at just about every step. Javascript has them as well.
There's being careful, and there's being paranoid. Sometimes paranoid is needed, and I do actually agree with a lot of your arguments if they apply (For the love of god don't use one-line dependencies, don't use dependencies written by an author with an agenda who has shown themselves willing to delete/maliciously-break packages, don't just add dependencies without any review or oversight or testing), AND I do agree that the JS ecosystem takes it a bit far (although I'm not fully on-board with if it's a bad thing entirely yet), but don't just throw out statements like "a little copying is better than a little dependency". That's how you get dogmatism which just swings the pendulum in the other direction and we end up with unmaintainable statically-compiled messes with vulnerabilities that can't be found and patched on any realistic timeframes.
> Of course you can. I can not understand the details of something like the webextensions surface area, but still can look at the polyfill and understand that it's well written, that the tests aren't useless, that the popularity isn't faked, and that the maintainer is worthy of trust.
No you can't, at least not in the general case. You can trust Mozilla because it's Mozilla, but ultimately that's an "argument from authority".
> Looking at the chances of me getting a malicious developer or a very broken update that I didn't test against or see is much smaller than the chances that I'll write a bug and not test it, or I'll not fully understand a domain and will add subtle bugs into it, and won't even know how to test it correctly.
Perhaps, but unless the code you are writing is "safety-critical", those "low chances" are outweighed by the fact that a malicious actor can do far more damage than some bug you introduced.
Also, you have to multiply those low chances with the large amount of micro-dependencies that you might bring in through this attitude.
> You can't 100% vet all 3rd party code, and you can't run entirely on first party code.
Of course you can, unless you count the runtime environment as third-party code, which I don't.
> But we do! That's what dependency managers are for!
Yeah, well. Believe that if you must.
> Just like how you using a browser to post this comment which relies on a compiler which uses tools written in python which relies on a python interpreter which...
This is a slippery slope argument. I think there's a distinction to be drawn here.
CPython doesn't have a lot of dependencies, certainly no micro-dependencies. The amount of contributors is rather small and changes are extensively vetted. The standards for browsers are similarly high.
Your average NodeJS project, on the other hand, pulls in a thousand packages from a thousand authors, supposedly vetted by the community - but not really.
> don't just throw out statements like "a little copying is better than a little dependency". That's how you get dogmatism...
It's a proverb, I didn't make it up. I put in the "Often" just to make it sound less dogmatic. You took it out again, presumably so that your long diatribe doesn't look so misplaced.
>No you can't, at least not in the general case. You can trust Mozilla because it's Mozilla, but ultimately that's an "argument from authority".
I'm not saying absolute trust, I'm saying I trust them to write a better polyfill for extensions than I will. An argument from authority is okay when the alternative is an "argument from ignorance". I know I don't know the details, and I'm trusting someone who literally writes the runtime to know it better than me.
>Perhaps, but unless the code you are writing is "safety-critical", those "low chances" are outweighed by the fact that a malicious actor can do far more damage than some bug you introduced.
>Also, you have to multiply those low chances with the large amount of micro-dependencies that you might bring in through this attitude.
I'm genuinely curious about this, because from my point of view the number of times that I've encountered a malicious actor is extremely small and is often dealt with within days if not hours. The number of times that i've encountered my own vulnerable code is much more common. And with non-malicious bugs/vulnerabilities the number is similar. It could be just because I find my own bugs easier, but I really think there is something to relying and trusting that the community is going to be able to do something better, faster, and more correctly than I will be able to. Add on the npm audit system which is constantly scanning and notifying about known vulnerable dependencies means I'll be able to find and solve bugs and vulnerabilities much faster than if I had written even most of it myself.
I'd love to see some actual studies done that aren't just relying on anecdotes to see how things really shake out, but I'm not sure how that would even work as there are so many other confounding factors here that make it really hard to make a hard rule about these things (there is a lot of garbage code on the internet and across most package managers, any study would need to separate the "nobody should ever use this" from the "looks good at first glance" code, and at that point you're just making an automated code reviewer...)
>This is a slippery slope argument. I think there's a distinction to be drawn here.
I completely agree, but often drawing those distinctions is arbitrary. You may draw it at the runtime, I tend not to because a runtime (or the tools that make the runtime, etc...) often have much more ability to cause problems than any runtime library does. Counting "number of dependencies" is extremely hard, because like I said cpython does have quite a lot of dependencies, it just depends on where you draw the line. cpython's compilation depends on quite a lot of smaller tools, and the compilers they support and use depend on even more. As you get further down the stack things slow down and are often vetted much more, but that itself doesn't mean much as the "payoff" for a malicious actor to get into it is often equally greater.
And even if you do draw the line at the runtime or compiler, does that mean that the JS dependencies in my package.json that are dedicated to compilation and building don't count toward your numbers? And if you don't count the transitive dependencies for something like cpython, then it seems disingenuous to include them in your statements about how a node package pulls in thousands of dependencies. And if you draw the line at some dependencies being "okay" and others not based on number of authors, dependencies, the amount of vetting, and more, well you're doing exactly what I was advocating for above!
>I put in the "Often" just to make it sound less dogmatic.
That is fair, and I did remove it from the quote. But I started this whole thing because you didn't describe the reasoning behind why you felt that way, and without the why it is literally just dogmatism.
And to be honest I still don't feel you've given a great answer for it besides the idea that as the number of some dependencies goes up the risk of a malicious actor goes up. Which I don't necessarily disagree with! I guess I just draw the line at a different spot. For me the risk of a malicious actor is miniscule compared to the risk of not completing the project from having to write so much code to avoid dependencies, writing bugs in domains that I don't understand, or copying code into my codebase that I don't fully understand breaking the dependency link that I can use to do automated scanning of. Not in every project, but in most.
> I'm not saying absolute trust, I'm saying I trust them to write a better polyfill for extensions than I will.
But that's not even the scenario here. You have the choice between bringing in a couple of lines of code you wrote yourself, or another dependency. Sure, in this case the vendor is entirely trustworthy and presumably competent. That's not the general case.
Let's say it was the general case, is it still worth increasing the complexity of your program for that little piece of functionality? Can you judge the runtime cost at all? What about bundle size? (Not applicable in this case, but still) Does the integrating the polyfill cause more work over a simpler solution?
Those are rhetorical questions, I don't want to keep on with the walls of text. The point is, the argument doesn't stop there.
> Counting "number of dependencies" is extremely hard, because like I said cpython does have quite a lot of dependencies, it just depends on where you draw the line.
CPython itself only has a handful of dependencies (libc, libffi, openssl, zlib, maybe a couple more) and almost all of them are optional. I'm drawing the line at actual dependencies of the program, not the operating system or the compiler (though neither GCC nor LLVM have a lot of dependencies either) or the basic build tools that ship with basically any UNIX-like system.
However, even if we added them all up I doubt we would have more "units" (programs, libraries) than in your average NodeJS project.
> And even if you do draw the line at the runtime or compiler, does that mean that the JS dependencies in my package.json that are dedicated to compilation and building don't count toward your numbers?
It doesn't matter, you're probably fucked either way.
The lack of support is in the other direction - Safari doesn't support uBlock Origin anymore. The only way to block ads is with Apple's Content Blocking API, which is fundamentally not how uBlock Origin works.
Safari lets extensions precompile a list of patterns to block and then it does the actual blocking. The extension never sees your browsing history or network requests.
Safari also has a limit, and it's low enough that plugin developers have had to split their work into multiple parallel plugins or even into standalone macOS applications.
uBlock Origin uses the WebExtension API that is common to Chromium/Firefox. Going forward, Safari for iOS/macOS will only support Apple's Content Blocking API.
Part of the logic is that many extensions are very dangerous to users: the Grammarly extension, for example, vacuums up everything you type and sends your history to their servers. Most normal people don’t realize the trouble they can get into when installing extensions. Extensions can be as privacy destructive as anything on the web.
1. The job of Safari isn't to be everything to everyone.
2. Most tech enthusiasts just install Firefox or Chrome anyway.
3. Your web browser is by far the most critical aspect of computer security for most users. It controls the entire trust chain between yourself and your online bank. Your browser validates the security certificates. Your browser decides what to do with the passwords you enter. Your browser decides what to show in the address bar.
4. We know that most casual web users have suffered great privacy violations from dodgy add-ons, either by disguising itself as a useful tool or via drive-by installation. This isn't a hypothetical fear. It's very real.
5. Apple's unique selling point is privacy and security. Anything they can do to ensure that your grandmother's browser isn't compromised should be prioritised and applauded.
6. You can add untrusted extensions using the Extension Builder by obtaining a free cryptographic certificate from Apple. It's not trivial but it's just the right amount of onerous to stop your grandmother from being defrauded.
I don't know anything about that specific extension, but ...
Isn't that exactly the sort of thing the Apple walled garden is supposed to protect against? Surely anything that functions as a key logger and browsing history recorder violates their terms of service?
I'm fairly confident that this doesn't happen in Mozilla's addons repository. As I recall from the Stylish incident (Stylish is a similar browsing history stealing extension) they were not allowed to put this extension in AMO with the history stealing code, but it was left untouched in the Google Play store.
Same. It's absolutely garbage that it requires a Mac App -- while there's workarounds for now, how much longer until they don't work either. It's a shame because I quite like Safari as a browser. Oh well, more incentive to switch back to Firefox!
I love uBlock Origin. I wish I could donate to gorhill, and I'm actually kind of annoyed he wont even put up a paypal me link or something.
That said, I've noticed more and more sites are starting to do the ad blocker detection and not allowing you to see the content until you white list them. It started with a simple body {overflow:hidden} and a modal box, but they are now truncating their content.
And I don't mind a site advertising, they have to make their money somehow, but I don't like how the modern ad-tech is so kludgy.
Has the author of uBlock origin said what the plans are post-this-change? Should Chrome actually follow through with what it says it will do, the performance of uBO will drop overnight. Is this acceptable? Will development continue?
Still stuck on the previous version. The store shows 1.20, but even switching to "developer mode" in the Chrome extension overview and clicking on "Update" (button) and restarting the browser had no effect. Still the old version.
After reading the comments on the linked blog article, frantically hitting the "Update" button (in developer mode) many times indeed helps! I had clicked it quite a few times already, but "normally", going crazy and hitting it a lot and quickly indeed lead to the update occurring.
Wow, what a crazy user interface that requires users to go berserk on the buttons...
I would strongly advise not using Pale Moon—for numerous reasons specific to that particular distribution (which aren't interesting enough to repeat here) but mostly for reasons that apply to all minor web browser projects; particularly ones based off old code:
— How quickly will serious vulnerabilities be patched?
Given the project is so small, I wouldn't trust their future response to be rapid even if they have been in the past. Right now most security fixes come in the form of merging upstream security fixes from Mozilla. As their code base becomes increasingly divergent to the Firefox head, merging in upstream security fixes will become increasingly difficult and increasingly cumbersome.
— How much do you really trust these developers?
I don't think many people realise just how important your browser is when it comes to trust. When you access online banking, your browser is in ultimate control of the entire trust chain. Your browser validates the security certificates. Your browser decides what to do with the passwords you enter. Your browser decides what to show you in the address bar.
— What's wrong with Firefox 67+ anyway?
The one thing everyone seems to cite when they say they use Pale Moon or Waterfox is that they still support the older extension system. The reality is all important extensions were unaffected. And while some genuinely useful extensions were lost in the transition (e.g. DownThemAll) most should be standalone applications anyway.
I have found that, as much as Moonchild & Tobin can be difficult, I trust their judgment far more than I do Mozilla's. I want to be in control of my browser, I want to determine what gets downloaded and uploaded from my PC. They tend to be on that side.
Also, my problems with the browser product itself are simple: the UI is awful and cannot be meaningfully fixed, and multi-process programs cause my computer to hang (so I set up a script to auto kill them). Pale Moon respects me as a User, not as an ad profile for Google.
I would never trust the judgement of the most important piece of software on my computer to a small group of tinkerers maintaining a fork of someone else's massively complicated and deeply outdated source code. I don't care who they are—if they don't have a big enough reputation on the line, there's no reason to trust them.
I'm sure your cousin is super trustworthy, but that doesn't mean anyone should put him in charge of the armoured vehicles division of a bank.
Besides, it's a lot easier for a microscopically small and individualistic outfit like Pale Moon to never disappoint you compared to a large, managed entity like Mozilla which has disclosure policies and hundreds of employees each with their own priorities and agenda.
The day I consider my WWW browser the most important software on my PC is the day I go back to dialup. Frankly, I agree with your base theory - that's why the important software on my PC is Windows and MSOffice, rather than *nix and Open or Libre Office. I moved off the OO/LO platform a little after the split, because compatibility was an issue.
But for a limited use program like a browser, yeah, I want the people who won't disappoint me.
Using Firefox from that sell-out developer with zero respect for power- and geek users.. from the developer who rather wants to attract Chrome/simple users and not supporting their own target user-base..
Mozilla is morally wise a totally unacceptable developer. They have been on the good side in the past, but what is left is almost as disgusting as Google itself... the Google - which Mozilla tries so hard to become itself.
I rather would use Pale Moon before i would touch Mozilla Firefox - Mozilla which killed almost all customization options just to be able to be as attractive to Chrome users as possible.
In fact, i also would use Vivaldi every day over Firefox. Mozilla has turned into a greedy sell-out developer with zero respect for power- or geek users!
The problem with this narrative is that it is entirely fictional. The web extensions addons that have replaced the old style are just as featureful and Mozilla has done a good job of providing the functionality to build powerful addons.
Example Pentadactyl -> Tridactyl, noscript, ublock origin, stylus.
I'm not clear where you are coming from with the "greedy" accusation nor where you get off calling them sell outs. Based on what?
Your refrains betray "reduced to 180 characters" level of understanding of the matter and I strongly suggest you gain a more complete understanding of technical and business matters before attacking people who are producing so much value for the open source community.
A set of instructions that would allow the end user to build
something cannot be subject to any copyright license insofar as it doesn't actually contain the software that is bound by said license.
The unofficial patches are presumably by definition not copyright the project considering they are written by a third party.
This is kind of how multiple source based packages work. Nothing is being distributed by the repo save instructions the end user does the fetching and building.
Normally people do a small amount of research before attacking volunteers who are providing free labor to make their package more broadly available.
An example dialog could have been opened like so.
"We at the Pale Moon project prefer that distributions package as close as possible to the default experience to ensure that all users have the same experience and aid in troubleshooting. Can we talk about the patches that are being distributed with Pale Moon to see if they are really needed for our product to work on your OS?"
If no agreement can ultimately be reached respectfully ask for it not to be distributed but use the know how generated to add a forum post "Building on OpenBSD" not burning any bridges AND actually profiting from the experience.
Instead Pale Moon devs appear to have learned nothing from the interaction.
I've noticed that you didn't bother to address the technical reasons whatsoever. Your browser is probably the best vector into your system and malware no longer just screws up your system. It's now common for malware to encrypt your files and hold them for ransom.
In effect an out of date firefox means that malware authors can use up to date firefox's security fixes to target users using old software that perforce is vulnerable to the same attacks. This needn't be specifically targeted at JUST palemoon users. All users of out of date firefox represent a possible victim pool with attractively low security.
> I've noticed that you didn't bother to address the technical reasons whatsoever.
It's right there, bellow the "crappy, out of date, insecure, janky browser" unfounded claims, open the two links I've provided and you'll see that ALL the technical reasons are covered extensively.
I don't think there is an updated one. For the brief period when I had used Basilisk, I used an old version of uBlock Origin (downloaded from the Mozilla website).
Too bad it only targets Chrome webextensions. No support for people still using the Firefox version of Firefox instead of the modern Chrome style Firefox.
Pre quantum being unsupported and therefore by dint of lacking security updates insecure will end up with 0.1% marketshare. This is probably why nobody cares. You are of course free to maintain a fork for you and the other 28 users.
I can understand being upset that firefox removed support for non-webextension extensions, but I can't really understand someone who evidently chose to remove the webextensions support themselves and then complains that some extensions stopped working.
I am dumbfounded that uBlock Origin, arguably the single most important extension in modern web browsing, and one that makes millions of lives easier by making their web experience bearable at all, all of this depends on one single person, working for free.
Now there's also the list maintainers, who also work for free. Still makes you wonder about how the world works. There's probably many other similar instances. In any case, I think these people deserve more recognition than they currently do and we shouldn't take anything they do for granted.
We should also thank Firefox for having adblockers at the time when Chrome was released. Otherwise Google wouldn't have felt the need to add an adblocker extension API in the first place.
Having adblocker extensions was one of the things that allowed Google to get Firefox users to switch at the time.
Ever wonder why Mobile Chrome doesn't have extensions or adblockers? Because it didn't have to compete with Firefox to gain marketshare.
Firefox mobile on Android with uBlock origin is currently a vastly superior experience to Chrome.
And the Redirect AMP to HTML [1] addon, I enjoy my AMP-free life.
[1]: https://addons.mozilla.org/en-US/firefox/addon/amp2html/
And you can redirect any website (say, a news site to an archive.org copy) with the Redirector addon:
https://addons.mozilla.org/en-US/firefox/addon/redirector/
Thank you! I didn't know this AMP redirect extension existed. Installing immediately!
This is an amazing find. I hate AMP sites.
Thanks you so much!
There are also a couple of link-cleaning add-ons that are really nice if you want to reshare links opened through, say, Facebook
(not on mobile, so not sure which one I'm using)
Ad blocking on android really is Firefox's killer app. I'm surprised it isn't more popular just because of this.
From a selfish POV isn't it better as an adblock user that other users don't use adblock? Then they unwittingly subsidize your pleasant ad free experience.
I get what you mean, but I wish more people used Adblock so that more sites would be forced to switch to contextual non-surveillance advertising. I'd get to support sites more while maintaining privacy.
As more people switched to contextual ads, the ecosystem for it would also improve and rates would hopefully increase (for smaller sites).
What makes you think that ad blockers wouldn't also block contextual ads?
Because adblockers depend on things coming from 3rd party ad servers doing instant auctions for ads based on user profiles. They do it client side because the latencies involved vs doing it server side are far less.
With non-surveliance based ads, they can make the ads completely indistinguishable from normal content in their CMS and make it look like first party content and server side based. And since the user info will be minimal beyond an IP, it will mostly be content based vs. user based. They can even do things like podcasts & youtubes videos do with sponsorships that come with the content.
They don't do it because it doesn't make as much money as the current status quo and would require more work to integrate if it was offered.
From a selfish point of view, I care more about the benefits to me brought by Firefox having a bigger market share and Mozilla having more influence on the development of the web, than the benefits brought to me by other people looking at ads.
I think a lot of people don't realise it's there. Isn't Chrome installed by default on most devices?
Average Joe users don't know about it. Mozilla never advertised the 'no ads on mobile' feature at all.
I can second this. Along with "Popup Blocker (strict)" and "HTTPS Everywhere", the web is a lot less annoying. But Firefox on Android has some basic issues: the tabs go dead/unresponsive on some JS heavy websites.
Why do you need a strict popup blocker? I honestly can't remember the last time I got a popup ad, but there are useful popups every once in a while (oauth logins, etc). It seems more annoying than anything.
Some blogs have scripts that hijack clicks.
I found Firefox + uBlock almost unusable on my Pixel 2XL and use Brave. But I'm glad the options exist at all... I just wish more hardware was more open at Manufacturer End of Live (when they stop updating). So that third parties could continue support better. There's definitely a need for right to repair laws at this point.
What kind of issues did you run into? And how long ago was this?
I use FF Nightly with uBlock Origin on my Pixel 2 XL in addition to Blokada, and it works just fine.
Was probably close to launch, almost 2 years ago now... I've been pretty happy with Brave overall, and also found Firefox UI a little frustrating by comparison so didn't worry too much to retry since.
Could very well be better now... I've tended to try FF on most platforms about once a year as my main browser. I do tend to test in it for dev though. My current app doesn't really have a mobile target (mainly deals with scanned images, so desktop is primary).
FWIW, coming from Chrome, the Firefox mobile UI was very frustrating to me also for about two weeks 'til I got used to it. Now it feels familiar and seamless.
Thanks for reminding me about this. I kept thinking "Google Chrome on Android is unbearable because of all the ads", and your post reminded me I could do something about it. Just installed Firefox + muBlock Origin. Thanks!
I've been using Firefox mobile for years and really love it. It's always been a vastly better experience than Chrome. I usually use DNS based adblockers on my phone though; AdAway+rooting via magisk.
Without rooting, you can use the VPN blocking provided by AdGuard. It has some paid features (like ad blocking in apps), which it sometimes reminds about, but otherwise I am happy to use both Chrome and Firefox for Android without advertisements.
Check out Blokada. It's a free open source app that does the same thing.
Gesture tab switching (swiping on the top bar) is the killer feature for me. I use Firefox but with great sacrifice, because swiping is so ingrained in my workflow.
I really want to switch for this reason, but I've naively come to rely on Chrome's saved passwords feature. What I really need is a tool to migrate my saved passwords from Google to Firefox or some other service.
You can easily migrate to any of the browser independent password managers: 1Password, BitWarden, LastPass, etc.
https://www.mozilla.org/en-US/firefox/switch/
lastpass has a lot of import / export options as far as I remember, so that might be a good place to start... but once you get them imported you should be able to export them to another service easily enough.
ive moved to bitwarden a few months ago and it is far superior and a lot less bloated than lastpass.
Is there a way to increase the font in firefox? Maybe an addon? That is my only gripe with it. I know I can use Reader mode and even increase the font at the OS level but I would rather not do that.
Does it exist / work on iOS?
No, other browsers on iOS are basically wrapping Safari. If you want ad blocking on iOS, you have to use an app that uses the content blocker API. My favorite is 1Blocker X, which seems to be pretty well reviewed as well.
As mentioned in another comment, iOS doesn't allow extensions. But Firefox Focus works quite well, and comes with a content (ad) blocker. Any content blocker you enable in Settings.app is used by all browsers.
i prefer Firefox Focus
Yes, this.
uBlock Origin seems to have ~15 million active users between Chrome and Firefox (source https://en.wikipedia.org/wiki/UBlock_Origin#uBlock_Origin). If it only spared us 10 seconds a day on average (probably a super conservative estimate), it would save the equivalent of an average human life (~70yrs) every 15 days! (And given that probably at least 70% of users don't use an ad blocker, it's infuriating to think what's the "human" cost of ads on the web alone...)
uBlock saves my laptop battery and CPU when web browsing, by a lot. It has an older core2 CPU that can easily churn at 40% just staring at a page where some ads aren't blocked. That and the cpu fan spins up to high. Turn on uBlock, and CPU use goes to zero. uBlock saves electricity and is therefor good for the environment. I'd say we're all obligated to use it ;)
Try to watch a playlist on Youtube without a add blocker. Its insane the length and amount of commercials. A add blocker save you much more then 10 secs a day.
Fwiw, "ad" is short for "advertisement" which has one "D".
But it adds to the viewing time :)
You can pay for a YouTube premium account which doesn't have ads.
Or you can use youtube-dl[1] to download youtube videos without ads.
[1] - https://rg3.github.com/youtube-dl/
...or you can use Invidious which just serves videos from YouTube without ads and no almost no JS :)
https://github.com/omarroth/invidious https://invidio.us/ (one of the hosted instances)
Which is also expensive. In Canada, it's 12$/m, but in includes original shows, YouTube Music, and a bunch of things I would never use. I would gladly pay a couple bucks a month to remove ads, but the fact that it's more expensive than it needs to be and includes so much more than I care about makes me not want to.
$12/m is not expensive for most people living in Canada.
It's expensive when the alternative is free. Particularly since that free alternative is WAY better. Paying youtube only stops the ads on youtube. uBlock Origin does much much more than that. I'd sooner give gorhill 12/month, but he won't take my money.
This stuff adds up fast. $10/mo for YT Premium, $15/mo for Spotify, $15+/mo for Netflix. You are looking at almost $500 per year in subscription services alone, not even counting your phone bill.
That's why I use YouTube Music for $15/mo which includes Ad free Youtube + Music streaming for 5 family members.
I fully expect google to decouple the YT ad free portion (they already decoupled YT Red), but until then it's a reasonable value prop.
Not in all countries.
Don't forget the added stress adverts cause.
it is way more. more like up to 50 million.
There are definitely a few OSS that don't get anymore as much love as they deserve. VLC and OBS are two example of programs that are so damn good, even paid alternatives hardly can compete.
OBS is interesting because not only is it one of the best programs available for what it does (and cross platform to boot, which is huge), but it's also a catalyst for making people an absurd amount of money.
Pretty much every top streamer uses it. I wouldn't be surprised if OBS was responsible for generating over $75 million worth of earnings for just the top streamers on Twitch in the last few years, then there's Twitch's cut on top of it. That's going by 1 article saying just the top 10 streamers alone earned $20 million last year alone.
OBS is one of those products where I bet if they put up a Kickstarter asking for support they would end up raising a few million. Come to think of it now, I wonder if Twitch has tried to buy / fund OBS in the past.
FYI OBS' main developer has a Patreon with $1.4k/month https://www.patreon.com/obsproject and an annual budget (for the entire project) of $90k through OpenCollective https://opencollective.com/obsproject
Seems like pennies considering how widespread OBS is used
Yes, and it isn't like the people using it wouldn't pay for software, before OBS became widespread people used Dxtory and Fraps - both paid products.
OBS could make a lot of money by offering a few premium features for an annual donation. Something like a more advanced banner editor, or an animation engine.
It’s amazing software and I would like to see the developers and the organization thrive and be sustainable for the long term.
Honestly, streaming aside, before OBS there really wasn't any way to record your webcam except the shitty proprietary webcam application. Similarly, for screen recording, most people used Fraps or Taxi, both of which were very limited.
OBS seems so insane to me. The devs do amazing work delivering a high quality product and creators make millions with their software.
I wish someone would campaign a bit for the devs and support the development of OBS with all that money made from streaming with OBS.
VLC is what got me interested in the free software biz to begin with.
I wondered how it was even possible, found out they made whole OS-es in a similar manner, been a linux user for over 15 years now.
Maybe the lack of human resources is offset by the lack of managerial bottleneck (you can just get stuff done and solve problems immediately with your keyboard without the need for weekly meetings or approval from some non-caring boss)? I've always been astounded too.
The end of the book 'The PayPal Wars' gives fascinating context on how development just completely dies in a corporate environment. They went from being able to roll major new features in a weekend to requiring months just to schedule a meeting to discuss a font change. It's a fascinating read when we now look back at how PayPal just stagnated under Ebay's ownership.
I’ve also long wondered what Twitter’s thousands of software developers do all day. Their product certainly hasn’t gotten any better.
I think twitter is a few thousand total employees, a fraction of that is engineers.
And a good chunk of it is maintaining & improving a large throughput backend system that is one of the top 10 in the world in terms of size and data volume.
And on top of that, an even smaller fraction is the people who think of and implement new front end things that you would interact with and think of the app changing. Like a lot of companies, it's probably a 10:1 ratio as far as backend:frontend people there are at the company.
As to why twitter changes so little, the company itself doesn't really understand why it's successful, so there is a lot of conservatism inside of it to not screw with the golden goose.
MPC-HC and mpv are much better than VLC.
I'm not sure they are comparable. One force of VLC is that it litteraly runs everywhere.
MPC-HC only works on windows, so it's not comparable. mpv has also a lot of target platforms, but not as much as VLC. It's really nice though, and I think a bit of competition is good.
VLC runs everywhere, but do you really need something that runs everywhere literally? Is this like the old hat trick of running Doom on your fridge? I'm content using mpc-hc on Windows and mpv on Linux/Mac. What else is there?
No need to compare, they're all amazing for what's mostly volunteer work.
I feel like mpv is the vim of video players: minimalist keyboard-oriented interface. I prefer it over VLC, but wouldn't recommend it to non-techies.
I think it's fine to compare projects when going beyond "which one is the bestest".
I was pretty die hard against VLC (i've moved everything I do to mpv wrappers once MPC-HC became abandonware) but I'd give vlc another chance if you haven't looked at it in a while. It's come a long way if your opinions were founded nearly a decade ago like mine were.
Nope they're not, they used to for recent codecs it's not the case anymore.
If I recall correctly, he trusted one of his maintainers too much, and that is the reason he no longer contributes to uBlock (his original project), but rather created uBlock origin.
The fact that there is no easy way to make this into a money project probably led to his relying so much on such a maintainer.
Part of the issue seems to be that the devs that actually value an OSS project don't have any way to persuade the company they work for to contribute to the project. If there was some way to be able to create a tier where a company would pay $12/month and be able to "something which benefits the company ?? bugfixes ??" - something support related or somehow, many of these projects (timezone, adblocker, ssh, even things like Matrix) could be funded.
Something like uBlock I'd imagine it's worth supporting for some brands just to be associated with by name.
Like a VPN service, or such.
> I am dumbfounded that uBlock Origin, arguably the single most important extension in modern web browsing
Also it's recommended[0] to install uMatrix[1] or eMatrix[2] side-by-side with uBlock Origin.
[0] http://news.ycombinator.com/item?id=17361827
[1] https://github.com/gorhill/uMatrix
[2] https://forum.palemoon.org/viewtopic.php?f=46&t=21561
I have used uMatrix for quite a while and honestly it's a huge pain in the ass. I wind up just opening a different browser for certain web pages
I've disabled uMatrix for private windows, so it's just a regular right click -> "Open Link in Private Windows", done. uBlock still blocks the most obvious stuff, but the site is displayed "as intended".
You can turn off uMatrix for a specific site.
For some reason it still blocks iframes even when off
Recommended why, and by whom?
[0] http://news.ycombinator.com/item?id=17361827
The biggest and most important lists (Easylist and its localizations) are heavily maintained by eyeo GmbH, the company behind AdBlock Plus. It might be a community project but in reality it's more like Chromium or Go.
Not really, no. The lists themselves are ultimately less interesting than the technology used to run them; there are other lists, and if easylist soured, a community-sourced alternative could be made relatively easily.
I actually doubt that. Finding the right rules is quite a bit of work and hobbyists will only look for such stuff for so long until they get bored. Programming can be fun but adding the nearly but not exactly the same rule to a filter list for the 2,000th time will eventually get tedious. Especially if you are playing a cat and mouse game and you are the (unpaid) cat and the mouse has quite strong incentives to get paid.
Doesn't that argument work for the plugin too. I mean most people using uBlock Origin probably started with Adblock (and maybe moved to ABP), or uBlock.
You can achieve similar results with pihole, or hosts file managers.
Back in the day I used a local proxy tool, Proximator or something.
AFAIK uBo isn't doing anything particular unique technologically (which doesn't mean I'm not grateful, nor that anyone could make it).
> You can achieve similar results with pihole, or hosts file managers.
You can't. uBO has contextual information for each network request, something not available to external content blocking solutions.
For example, many filters are meant to apply only on specific domains or whether they are 1st- or 3rd-party, and for this to work you need to know from which origin a network request is fired.
Also, uBO has an advanced-user mode that let you create rules to override filters in static filter lists; allows to work in default-deny mode; or even allows to work with no static filter lists at all. Contextual information is key to advanced-user mode features.
I use element filtering to strip Google News links off of the search page on the offhand chance I can't find something on DuckDuckGo and have to go back to it.
It's a great feature that would be impossible with something like pihole. `has-text` is very powerful.EasyList/EasyPrivacy and other lists are maintained by volunteers, not by Eyeo GmbH.
How would this make the uBlock Origin project like Chromium? The lists work and if the bigger lists choose not to block everything you'd like, you can simply enable additional lists. It's just a data source.
It makes the list like chromium, not ublock origin.
Okay, sure. I interpreted it as the OP referring to the extension itself since the grandparent post was primarily talking about being impressed with it being run by a single person.
First thing I install in any browser.
I always mention it to neighbors (who still don't use one..)
Massive thanks to everyone involved
I send a small mental thanks to Raymond almost every day - his impact is stunning when you think of it
yeah, because of him, everytime I use ublock-less chrome on android I get angry, thanks a lot gorhill ! ;)
I suppose you know it, but Firefox on Android supports add-ons! It's amazing.
Firefox focus is worth a try. built in ad blockers, the ability to block javascript, private browsing is the default. Good stuff.
There's also, I believe, a regular firefox for android which I think does do extensions.
I do use focus as my default browser :) it's indeed lovely
True, it is fantastic imho. I run ith with ublock Origin.
Give Brave a shot. It's Chromium with an ad blocker, privacy blocker, and HTTPS Everywhere built in!
Don't, especially because it's Chromium and because it's from an ad company.
Also keep in mind that the entire problem exists because it was created by thousands of people working in the advertising industry. It's frustrating how often people have to solve problems created by other people.
Just like how we have to have to spend billions cumulatively on computer security related products, because some people are trying to make a few million ransoming workstations and sending spam.
And thousands of people are working in the ad industry because so many people want internet content for free.
Is there a way to donate to the uBlock Origin project? If you want to imagine what the world would be like without uBlock, just try turning it off for a day. That's horrifying.
gorhill refuses out of principle to take donations. This is a passion project for him, and he wishes to maintain the freedom to stop working on it at any time without feeling "obligated" to continue.
> and we shouldn't take anything they do for granted.
You can say that again
"Ublock collaborators gorhill and Deathamns leave the project" (2015)
https://news.ycombinator.com/item?id=9308439
This is the whole reason why we have uBlock "Origin" and not (only) "uBlock".
If anything, the split was because one of the uBlock contributors tried to monetize it for his own benefit only.
https://en.wikipedia.org/wiki/UBlock_Origin
That was after gorhill decided to pass the project to Chris.A, the real reason of the split was different. https://www.wilderssecurity.com/threads/ublock-a-lean-and-fa...
There used to be a rich history of one-man products maintained selflessly by their creators, even up until the early 2010's. Entrepreneurship and business assholes destroyed that -- we gave this up when we made tech so easy to use that every brother and their mother got on board. Now tech is too big, with too much money, that it cannot help but attract sharks that buy up these sorts of things and then destroy them
Tech should just be for tech people! Mothers and brothers be damed!
I get the frustration, but shouldn’t we be working towards models that allow for better compensation for creators rather than ... well I’m not exactly sure what you’re advocating for here ...
Better compensation for creators is not going to stand up to a multi-million or multi-billion-dollar buyout. Much of the western world has this crazy fascination with tech for the sake of tech, and it is that fascination and subsequent vulnerability that attracts the personalities that have been systematically pillaging all the great things that tech -- particularly lone-wolf individuals -- have built over the years.
It'd be really cool to see more barriers to entry limiting people's ability to access some tech, and limiting the size of businesses that are built around it. The internet was much better when it belongs to and was embraced by nerds, and not the general public, for example.
Our modern world is too complicated for most folks and now we have to build things so overly simplified that it is nearly impossible to be a power user or do advanced tasks when everything is reduced to single-button, shitty-app solutions in the cloud maintained by megacorps with more money than God
My guess is if he were to start accepting donations he could do it full-time as his main job. Guess he doesn't want that.
Nah, he'd probably make enough to buy a few beers.
Maybe he could make $thousands per month spending serious time on self-marketing begging effort, but I wouldn't blame him if he wasn't interested in that
Maybe a good start could be sponsoring the maintainer since GitHub added the feature?
It's not that people don't want to give him donations. He doesn't want any.
For a while, openssl was maintained almost for free. That truly boggles the mind.
I'm hoping that Mozilla's upcoming paid browser will open a market for browsers and browsing software.
Well, if something is distributed for free but developed by someone who doesn't work for free then it serves the interests of the one who is paying.
Yes, but in a good way.
AFAIK that's exactly why the primary developer of uBlock forked uBlock (from it's rough new owner) into uBlock Origin and chose not to seek donations.
...to not have any obligations regarding the community.
It's just that in this case, the owners intention to have a great content blocker does seem to align with the needs of many other users.
Keep in mind that it's a product, not a service and open source, so no lock-in. The project being rarely forked shows the satisfaction of its users.
"for free".
There are at least two revenue sources on uBlock Origin... The software is free-to-use yes, but it doesn't mean that gorhill won't put money in his pockets.
Why resort to innuendos when you can just ask directly whether I "put money in [my] pockets"?
What are these revenue sources?
Just read Microsoft will allow ad blocker extensions (May build one in) in their new Chromium browser. Looks like I’m going to rewind 13 years and use IE again(IE of today).
Such a stupid move by the do no evil company! Now they do no stupid too.
EDIT: Here is link... https://www.forbes.com/sites/kateoflahertyuk/2019/06/16/micr...
The bright side of Google's anti-ad-blocking efforts is that ad-blocking is clearly no longer just an insignificant blip on their radar. There must be enough users of ad-blockers now to start to significantly affect their bottom line.
There might even be a critical mass of people who are against advertising to attempt to make some legal headway on this issue in Washington. Just as there has been legal action against telemarketers, there might be something on the legal front that can be done against online advertisers, who could be considered just as much or even more of a nuisance than telemarketers ever were. In addition, online advertising has repeatedly been a vector of malware, and perhaps companies which try to circumvent or forbid ad-blockers could have some legal consequences -- and, if not, perhaps laws could be introduced to make such consequences a reality.
IANAL, and this is just a pipe dream of mine at the moment -- but plenty of pro-consumer legislation has been made over the years. Perhaps the dawn of an unsolicited-advertising-free world is upon us.
> There must be enough users of ad-blockers now to start to significantly affect their bottom line.
I host a bunch of websites, and about five years ago I stuck adsense adverts on them. Due to the decent traffic I was earning about £80/month and that was stable for 3-4 years.
This year, and last year, I instead earned about £100/year, despite having much more traffic/visitors, and more "aged content". When I get a chance I'll rebuild all the sites and drop the adverts. Adblockers - which I use myself - have rendered them almost pointless.
You can always do a direct ad deal if it's the right niche. Better privacy for your users and it's impossible to block.
> [...] and it's impossible to block.
That's not entirely true. Troy Hunt had (and still has) that[1], and his banner got added to EasyList none the less.
[1]: https://www.troyhunt.com/ad-blockers-are-part-of-the-problem...
He keeps calling this a false positive. It's not. Easylist is a list of ads. That is an ad. The ad is listed on the list of ads. He seems baffled by the idea that someone could be against the concept of advertising in general.
Hunt is under the impression that he has a right to force Web clients to consume content like he wants to after it has left his server. This is, of course, not how the Web works, and he should know better. There is no point in getting upset about it and then writing a blog entry. Content blocking is a direct consequence of past abuse. He must understand even though he thinks he does nothing wrong, the bar of acceptability for people who subscribe to content blocker update lists – after past abuse – is: no distraction at all. Having a peace of mind without advertisement intruding into it is a human right. I would be glad if someone could find for me that article making that legal argument.
> He must understand even though he thinks he does nothing wrong, the bar of acceptability for people who subscribe to content blocker update lists – after past abuse – is: no distraction at all.
Simple solution for you then: Don't visit sites with advertising. By repeatedly visiting sites with advertising, you're basically saying, "I want all this content but I'm not willing to support them financially."
A much simpler solution is to keep visiting them.
That's a false dichotomy if I've ever seen one. Operators should choose a way to support themselves financially without the advertisements plague.
So he added an ad to his site and it got added to a list of ads. What's noteworthy here, besides the fact that he doesn't understand what ad blockers are for?
This is the whole point of those filter lists. Otherwise I would have to remove his ad manually, which is undesirable.
I can only speak for myself: but it seems to me that most people aren't against advertising, only the magnitude of advertising and the tracking that goes with it.
AdBlock should be about making the internet tolerable again instead of the cesspit it's slowly becoming, but it's exasterbating the problem.
Troy made a step in the right direction.
Very interesting. I wonder if it's possible to get around by randomizing the element class after each reload - sounds like renaming it worked temporarily.
Similar for my blog/site (>20 years old). But, it used to pay me my hosting costs + a computer component upgrade. Now I get a few pence here and there, an order of magnitude less.
So now it costs me to run it (excluding time considerations of course) whilst before it paid for itself.
Also with sites like Stack Exchange I tend to use them for what I blogged before (computer fixes mainly), so most of my new content nowadays is UGC on other people's sites too. Personal stuff goes on Facebook, on the whole.
Is it definitely ad blockers or have rates also dropped?
I would think it's more likely they legislate against us, i.e. making it a crime to circumvent advertising (see: circumventing DRM).
DMCA was hard to get people upset about. It was all new stuff that most people didn't understand or care about. This was before Napster, even.
People clearly care about net neutrality, and they would/do also care about browser ad blocking. At this point it's clear to people what the issue is and how it affects them. Taking something away from people is much more painful than preventing them from getting it in the first place.
Even if there could be enough lobbying pressure to seriously propose such a law, it would be deeply unpopular and have difficulty passing.
You wouldn't download a car, you wouldn't block an ad! :)
As always: I would download a car if I could :).
Fun fact: the line of the ad was twisted by internet people for meming purposes. The actual line is "You wouldn't steal a car".
I always thought a good answer to this was "well I'd think about copying a car if I could..."
How sweet would that be? Friend gets a car, I make a copy of it at zero cost!
I guess the standard answer to that would be "but you're depriving the manufacturer of money to cover the costs of providing the car in the first place"
Which is reasonable, but I'd have to question their business model if their manufacturing costs are so high and yet I can copy it for free ...
Nah, the standard answer isn't reasonable. They're depriving themselves of that money by choosing a business model that matches neither the customer needs nor physical reality.
In hopes it'll one day turn into a catchphrase: no one is entitled to have a particular business model working for them forever.
In fairness I'd give them that much. There is a quid pro quo between me having a need, and a business providing that need. If it's not commercially viable for a business to then perhaps my need may go unfulfilled.
What irks me is that such a gracious outlook leaves me open to being gouged by profiteers.
So copying it is!
I believe they tried, but it basically never made it out of committee as it's basically the same as banning people from using a highlighter on a book. It became very very clear that not only was it not enforceable but trying to go after the people supplying the adblocker would run into serious human rights issues.
Yep, this is what greedy corporations are willing to do to protect their profit margins.
It's already copyright infringement. In USA Fair Use probably does the necessary; but in UK I'm pretty sure it's infringing (you've modified the work without permission).
I wish them good luck with that.
They're more likely to outlaw adblocking than they are outlaw advertising. Frankly I fear we're nearing the end of a golden age, where those in the know have an incredibly easy time blocking ads with a simple extension while our content providers are funded by the ignorant tech commoners watching ads. I don't want a future where ads are baked right into the YouTube video stream and articles refuse to load until they get confirmation the ads have been downloaded from an ad server.
The funding to produce the media people want to consume has to come from somewhere. If it’s not baked into the video stream, it will be baked into the video itself, aka product placement.
Watch any new movie or TV show, and it’s unbearable to see the videography just to catch a car logo or drink logo. Shame. There’s even been full on descriptions by the actors of a car’s features, basically a commercial within the dialogue of the media.
My solution is to stop consuming it, not that I consumed a lot to begin with, but there’s no other option.
banners and logos obscuring the view, and often mantling plot critical visual details are what turned me off cable and satellite feeds. i just wait until the disc is being sold and enjoy it sans banners. thats not available with the net.
here the state law defines ANY unauthorized access to any computer system as felony, that includes snooping unsecured systems or MANIPULATING FUNCTIONALITY.
You know it's funny, I was watching horrible bosses last night, and was thinking just this. Some fairly blatant product placement for a major car manufacturer.
It didn't spoil the movie though, and in fact the bare-facedness of it even added some humour (-:
I don't think product placement is soooo bad. It's up to you if you're making a movie to make it fit. If you don't it detracts from the quality of your movie which to me seems a good enough motivator to get it right.
We are not helpless in this and we should not just lie down and accept our fate.
On what grounds and by what rationale could adblockers be possibly outlawed? If you cannot answer this question reasonably, then please don't even mention this as a reasonable possibility.
Lobbying from the advertisers?
I personally don’t think it’s very likely, for one thing I expect most of the staff at the likes of Google run an adblocker.
Put the ads in the browser -- not the content. Change chrome to show the ads in the client like an ad supported software, then make it speak a new dmca:// protocol.
This is a problem for the advertisers, they don’t want their most valuable prospects walled off by adblockers.
My guess is we will see much more sponsored content as a response to this.
> The bright side of Google's anti-ad-blocking efforts is that ad-blocking is clearly no longer just an insignificant blip on their radar. There must be enough users of ad-blockers now to start to significantly affect their bottom line.
I think the issue is that shareholders want to see significant year-over-year growth, something that isn't sustainable in the long-term. We're merely being seen as an untapped market than can keep the needle moving for a few more years.
I like capitalism, but I think it's entirely unreasonable for shareholders to expect such gains in perpetuity. After all, there's a finite amount of money that can be extracted from any user. The trendline will inevitably start to level off after a period of time, and I'm frustrated by the fact that this eventuality has negative connotations associated with it.
Here's a thing: the shareholders may very well know not to expect gains in perpetuity, but surely something could be done to boost growth just this last time? Given how much money is at stake, plenty of extreme things can be done before the particular growth source is exhausted. And we all have to suffer the collateral damage.
> Looks like I’m going to rewind 13 years
Well if you had asked your typical HN developer a few years ago whether they'd be using a Microsoft code editor ...
+ Microsoft tool for compiling to JS
+ Microsoft Public/Private Git Hosting :-)
Lets not forget WSL. I just got the WSL2 upgrade - it turns a Windows 10 desktop into a quite decent software developer workstation.
Seriously guys, if the last time you used Windows was a few years ago it is time to give it a another shot.
Isn't the surveillance/telemetry problem still as much of a problem as it was on day zero? As far as I know, it hasn't been removed nor lessened. As far as I remember, it is absolutely overreaching, collecting your name, email address, browsing history, searches, application usage and more.
Microsoft also keeps a copy of your full-disk encryption key. <https://theintercept.com/2015/12/28/recently-bought-a-window...
> As far as I know, it hasn't been removed nor lessened.
IIRC they lessened it by some ε > 0 in 1803. [1]
> As far as I remember, it is absolutely overreaching, collecting your name, email address, browsing history, searches, application usage and more.
Some of these seem more alarming than others. Where are each of these pulled from? If you have a Microsoft account they already have your name and address. Most people use Chrome and I assume Windows isn't sending that info to Microsoft (although this does make me worry for those who use IE/Edge). Searches and application usage I haven't heard explicitly but those would worry me more.
> Microsoft also keeps a copy of your full-disk encryption key.
Wasn't this only when you had a Microsoft account or something? We can debate how they shove MSAs down users' throat (I want to punch my computer when they do that too), but as far as the FDE key is concerned, I feel like those who don't want this also wouldn't want to use a Microsoft account for their logins to begin with?
[1] https://windowsreport.com/windows-10-v1803-privacy/
I'm almost entirely certain that the storing the Bit locker FDE key in your Microsoft account is an optional choice presented during the BitLocker setup.
Recently due to a firmware upgrade losing the key I had to do the disable/enable dance for Bitlocker and you need to store the key somewhere removeable (usb stick etc) which is enough of pain I just went for a Microsoft account.
You can remove them easily enough from a Microsoft account.
It definitely is. It’s not even very prominent - you have to intentionally click on it.
I'm not sure of the details anymore, I was going by my memory.
But to respond to your overall point, there are probably hacks around each of the things I've mentioned, but the point is that I don't feel like using an OS that does these things is a reasonable alternative for me. Particularly because who knows what other kinds of aggressive changes are being concocted for the future. I try to make this point to my family and friends too and they seem to agree.
Thanks for the link though, I'll take a look.
Yup, and all the Turn Off Telemetry toggles are all placebos. I think the only solace one can find from constant phoning home is with the LTSC version of Windows 10, but Microsoft makes it very inaccessible to a home user.
There's also a few custom installers/scripts that people have written to disable the telemetry via PowerShell that are floating around, but I think their up-to-date-ness varies from author to author.
> Seriously guys, if the last time you used Windows was a few years ago it is time to give it a another shot.
What's the point? They do it all the time when things start going bad. It'll turn to garbage as soon as they have enough of mindshare. Why be among the ones who run back and forth?
If the WSL is the only reason windows is a decent development workstation, then why not just use Linux in the first place? What unique factor is Windows offering here?
In a word, drivers. We’ve come a long way since the dark days of the 90s, but hardware support on Linux still lags far, far behind Windows. This shows up in all sorts of ways on a daily basis. Graphics drivers, I’m looking at you Nvidia, are noticeably buggier and slower. Lots of little random errors crop up that are simply unfixable because the hardware mfr isn’t interested. Example: My USB controller resets itself every 15m for some reason. And good luck getting sleep/hibernate to function correctly unless you went out of your way to choose a hardware combination that is known to properly handle PM on Linux (I’m talking every peripheral here). For server-class stuff you’re generally in good shape but desktop Linux is still mostly an afterthought.
> you went out of your way to choose a hardware combination that is known to properly handle PM on Linux
This is no different than with windows. Except that more vendors sell you windows compatible pre-built systems. With macos the situation is far worse.
If you want more Linux enables hardware it will help to vote with your wallet and buy hardware from manufacturers that do provide support for Linux.
no different ... except...
very funny
Being able to run two OS'es at the same time seamlessly is pretty cool. Many programs I use are either Windows or Linux exclusive so it saves me a lot of time rebooting compared to double-booting.
It was a long time ago I had reason to start Windows specific software, but even back then wine did a really good job. It even had functionality for things like running IE versions in parallel, good for the frontenders in the team. And development hasn't slowed down since then.
I would rather not fuck with the OS on my Surface. Not only does it have a bunch of oddball hardware that may or may not have fully-functional drivers on Linux, but Windows has a really good touchscreen UX that I'd rather continue using.
If I need to do serious work, I'll snap the keyboard on and open WSL, but for anything else, I'll detatch the keyboard and just browse the web with Edge.
The last time I used windows was last week.
It's still awful.
Sure, all you have to do is install some extra software and then it's almost passable as a decent Linux.
It's not a great selling point. Not everyone thinks it's productive to switch operating systems once in a while.
but, why? I use Windows 10 and Server all the time and I hate it.
What I really like about using "code" on Ubuntu is the nostalgia.
# name that assumes no other apps exist, check
# randomly freezes, check
# doesn't produce a log without jumping through hoops, check
Seriously though, I only just started using it, looks great ;o)
It is not quit clear what exactly they think regarding ad blocking. Edge team AMA on reddit: https://www.reddit.com/r/IAmA/comments/c094uf/hi_reddit_were...
> Looks like I’m going to rewind 13 years and use IE again(IE of today).
Why not using Firefox?
Google has every incentive to believe ads and user surveillance is not evil
Agreed. The problem with a mission statement like “do no evil” is that in today’s pluralistic world (especially in the west), there’s no generally agreed-upon definition of evil.
Philosophically, defining “evil” requires defining “good” first, and a definition of “good” depends entirely on one’s notions of origin, meaning, morality, and destiny — one’s worldview.
In google’s case, it’s probably better business to simply remove the motto than to risk offending large groups of people in the quest for philosophical rigor.
> there’s no generally agreed-upon definition of evil.
Philosophically, yes. But moral relativity does not hold well due to the existence of culture. For western countries, no one can defend the morality of slavery or genocide. While those are pretty extreme, we have also collectively (democratically) decided that screwing over customers for your own profit is also not moral and should not be allowed. That's why antitrust law exists.
And do they agree with you. Google actually dropped the motto sometimes in Q3 2018.
https://abc.xyz/investor/other/google-code-of-conduct/
ctrl + f "don't be evil"
> And remember… don’t be evil, and if you see something that you think isn’t right – speak up!
Yes, but only for as long as Google allows them to do it in their Chrome mod. Microsoft will keep away from centain Chrome features in Chromium as long as all they need to do is to turn them off. i.e. stay on the same trunk but without certain optional element. Key here is - optional elements. If Google will change something that will require to branch Chromium (and I mean really branch, with internal changes) to stay away from such changes, I highly doubt that MS will do it. They don't wan't or can't to maintain a separate different browser as they already shown with Edge.
I've been running it on the Edge Chromium Dev build for a few weeks now, works great!
Well, that's exciting! I didn't know there was a build [0]!
[0] https://www.microsoftedgeinsider.com/en-us/
Ditto. Google Meets didn't work for a while, then it did. Now it also has a dark theme.
I've swapped to Edge Beta on my PCs and Brave on my Android.
Since it keeps being misquoted: the motto was "don't be evil", not "don't do evil".
Isn't Microsoft selling ads too? I believe they do (that's why bing was created). If so, I don't trust their ad blocking initiative any more then google's. Maybe in short term, as they want to steal users from Chrome, but in longterm, they'll in same position as google is now.
They probably do, but Microsoft isn’t an ad company like Google, so that danger is probably fairly existential to them.
It is difficult to assess which company is more 'good' or 'evil' nowadays. Microsoft did a lot of good by competing with UNIX in the 90s (Windows NT was cheap compared to UNIX). They also did bad with their embrace & extend and other anti competitive behavior.
Microsoft is a much older company who recently transitioned from being a proprietary software company selling licenses to a company who sell that but who also do services such as cloud (Azure) and who also do all kind of FOSS and tracking (Windows 10).
I fear the future is going to be that the poor are paying with their privacy/time/focus (as a result of advertising and tracking), while the rich buy licenses to pay off the licenses. Heck, it is already like that. My Scrabble clone application (Wordfeud) costs ~3 EUR in the Play Store. The free version costs nothing, but shows ads (not sure about tracking). I figured 3 EUR is a good deal for me for a perpetual license to never see ads. However, 3 EUR for me could be a lot of money for someone who's more poor than me.
A little know fact about IE8 is that it came with a built in content blocking mechanism appropriately called Tracking Protection way back in 2009. IIRC it was the first browser to come with ad blocking built in, although not turn on by default. Opera came with content blocking a bit later.
IE9 improved on it with what I think is one of the most impressive feature to this day. It had a heuristic tracking protection that block trackers once it's detected at a certain re-occurrence counts that you can config. So in theory it doesn't need to subscribed to an ad list like all browsers do today.
IE took a lot of crap deservedly so, but that overshadowed a lot of pioneer works that later browsers adopted.
Speaking for Tracking Protection on IE, the Easylists TPL lists on the official IE gallery site is severely outdated[1] (Last updated Nov 7, 2017) This page from filterlists.com[2] offers an updated collection of TPL lists
[1]https://www.microsoft.com/en-us/iegallery
[2]https://raw.githubusercontent.com/collinbarrett/FilterLists/...
Ad blockers (including uBO, unofficial build) have been working on Edge Dev from day 1
Link?
there was a reddit ama where someone asked about adblockers and they said:
"we occasionally hear requests for a built in ad blocking experiences in Edge. For most users, we find that extensions (combined with strong defaults around tracking prevention) are the best option here because you can choose from a variety of experiences and defaults, but we absolutely want to hear from you if you think this should be built in."
https://www.reddit.com/r/IAmA/comments/c094uf/hi_reddit_were...
The quoted bit was about a built-in ad blocker specifically. I think the real major point is:
“There are a couple components I want to touch on here - As mentioned elsewhere, we're still evaluating the adblock Manifest V3 changes, so we're not quite ready to commit to a statement one way or another on that issue.”
And:
“Second, we're committed to a strong extension ecosystem, including ad blocking. We're still evaluating some of the latest changes here in Chromium, but we're committed to the customer scenario as a principle. To be clear, we will not artificially restrict ad blocking for business reasons related to advertising.”
That's mostly fluff. Google also says they're not restricting ad blocking for business reasons, but for performance, and they haven't banned all ad-blocking, just forced addons to use their new mechanism, so they can still claim to support an ecosystem that includes ad-blocking.
Agreed. It doesn’t mean much, but I thought I would just point out the actual relevant bits even if they don’t hold much weight.
Do you have a link to that?
My only issue is that chrome is great bec I can have multiple profiles on the same windows user account, but that’s kinda anathema to the paradigm of how Microsoft wants us to use Edge.
I use chrome profiles the same way ppl use Firefox containers, my only hope is that edge builds something similar.
I’ve also been using Vivaldi, I love it but I’m worried about using duh a small project that is still dependent on chromium.
Try also Brave. It is fully open source and based on Chromium.
In https://news.ycombinator.com/item?id=20096868 You asked: > Anyone uses FreeBSD on laptop? How is your impressions?
I do since years and here are the tips you may find useful if You would also like to run FreeBSD on the desktop.
https://vermaden.wordpress.com/freebsd-desktop/
... and please stay away from Project Trident or TrueOS or Lumina, they are from from being ready.
... eventually GhostBSD is quite OK.
... sorry for hijacking the 'Brave' thread but I am not able to reply to the original comment (time).
Don't. Brave has so many problematic sides. Just stay away from that one.
Go on?
Apart from the frankly horrendous political views of the founder, they have claimed to collect donations for creators who have never signed up for this.
And, the business concept of blocking other people's ads and showing you their own is pretty despicable in its own right.
Chromium Edge allows multiple profiles just like Chrome.
This is good news.
Thank you gorhill.
>> Free. Open source. For users by users. No donations sought.
After Chrome API changes announcement uBlock Origin news at HN became more popular than before. I like it.
It's become a pattern across many Google assets. The massive price increase of the Maps API, the order of magnitude limitations placed on the YouTube API, and now the neutering of ad blocking on Chromium. Google built an empire, and now they're cashing in their chips. I can't say I blame them, but they are no longer a platform that enables innovation. So now my only question is what's next? Which Google product will be the next to transform into an anaconda in their attempts to squeeze cash from their customers. Personally, I'm rethinking everything from Gmail to Android.
The funniest thing is, I would happily pay Google a reasonable amount each month to have access to their service! Caveat being that they agreed to drop all tracking and adverts, of course. But I love Gmail, Drive, Youtube and, most of all, Maps and Earth!
As things stand, though, if I gave Google any money, I'd be essentially wasting my time, because all I'd get in return would be dubious 'premium' features.
When it comes to at least Gmail and Drive, they do have a paid option with contracts preventing them from using your data for tracking, and it removes advertisements within those applications.
https://gsuite.google.com/
Thanks for the link! The website is a bit opaque. Would you happen to know if the Basic suite already includes tracking prevention and no advertising?
This is a link with more information. I imagine any of the paid tiers of Google Suite are covered by these standards, but I am not a representative of Google.
https://gsuite.google.com/security/?secure-by-design_activeE... "Google does not collect, scan, or use your data in G Suite services for advertising purposes and we do not display ads in G Suite. We use your data to provide G Suite services, and for system support, such as spam filtering, virus detection, spell-checking, capacity planning, traffic routing, and the ability to search for emails and files within an individual account."
I switched to openStreetMap over two years ago now and I havnt looked back. it could be hit and miss depending on where you live though. it really depends on how much contributors are (or were) in your area.
there doesn't seem to be any google earth replacement around but then again its not really that important to have one, not for me anyway as its mostly something i just browse for entertainment every now and again
drive/docs/photos seems to be their next move
google recently changed the way photos synced with drive
that and the aggressive android push
https://www.engadget.com/2019/06/12/google-drive-google-phot...
I recently considered cloud backup for my photos; could easily have paid for 2TB of Google Drive however Google's reputation in the past couple of years has really nosedived (in my eyes). I don't trust them anymore, they'll just eff up most things I like - eventually.
So went with the Norwegian Jottacloud. Looks quite good, performs well even from down under - uploaded 1.1TB in just a few days.
I have a lot of RAW images; their photo browser displays them fine, however they could do well to update the navigation a bit as it is cumbersome to jump say 15 years back in time.
Edit: It's still amazing to see my collection of NEFs and phone dumps (I clean our phones once or twice a year by moving all photos to the NAS) organised by time, extracted from the dark depths of my NAS drive folder hierarchies.
The Youtube API restrictions are completely ridiculous, you use up the entire daily allocation by searching 3 times, or viewing like 10 video metadata blobs.
They might as well just scrap the free API completely, because its now worthless.
I've just noticed Safari is stuck at 1.16 and I've been using a fork.
Anyone here uses Safari as their main browsing tool and has a good alternative? I mean 1.16 seems to do the job just fine, but if it falls behind too far...
Setup a Pi-Hole and don't depend on browser-level but network-level ad blocking.
Note DNS ad blocking is a very limited subset of what browser-level blockers support. Better than nothing but certainly not a replacement.
With the changes coming to Chrome, is there a most realistic option than network-level blocking?
Firefox?
Couldn't one just use a hosts file, eg with Gas Mask?
https://github.com/2ndalpha/gasmask
(And btw, uBlock origin can do more than block certain IPs)
Hosts files need to be set up per device, and some devices don't implement hosts files.
That's all great, but not particularly useful when you need to use your laptop on a network you don't control.
I use a Pi-hole on my home network, and on other networks, I use a VPN home and manually specify the Pi-hole as my DNS server.
+1 ! Loving the pihole setup myself. Optimized the dnsmasq & raspbian network a little bit. I have 248,000 hosts on block list. Can you share your block lists if you can ?
What optimisations, please?
Not OP, but FWIW I'm just using standard lists (you asked, I'm not sure what use it is): https://raw.githubusercontent.com/StevenBlack/hosts/master/h... https://mirror1.malwaredomains.com/files/justdomains http://sysctl.org/cameleon/hosts https://zeustracker.abuse.ch/blocklist.php?download=domainbl... https://s3.amazonaws.com/lists.disconnect.me/simple_tracking... https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://hosts-file.net/ad_servers.txt
Sorry just catching up. Just the regular Linux network sysctl optimizations. Not all of them may apply to Raspbian or the hardware you are running it on.
What's the advantage of Pi-Hole over ubound?
I use AdGuard but it is no uBlock Origin.
The paid version is even better than uBlock Origin.
Would you mind elaborating? What does it have that uBlock Origin doesn't?
I use AdGuard too. It does the job.
AdGuard or even 1Blocker if you're willing to spend cash
Does anyone know about the status of the Safari port?
That hasn't seen a release since 1.16 in April 2018.
https://github.com/el1t/uBlock-Safari/releases
I've found the same. I honestly can't get uBlock Origin to work well on any of my browsers lately.
It's crazy how good uBlock is and everything it blocks.
What happens if more of the Internet learns about this extension? Subscriptions for all sites? Some other business model?
You probably mean uBlock Origin, not uBlock.
Lots of ad-supported sites and services could/would be replaced by something free and volunteer-driven—and in some cases probably a little worse, in others, a little better, than their existing commercial counterparts—if ads just went away tomorrow. There's low motivation to do so now because you're "competing" with deep-pocketed ad-supported orgs for users, but if a gap opened up due to ads no longer being viable, it'd be filled. In some cases the alternatives already exist, they're just not well-trafficked and are somewhat neglected. Maintainers/supporters and users would flow in and they'd quickly grow and improve if the commercial alternatives died.
We've seen the open web and protocols stagnate because capturing users to spy on them is so lucrative, and open protocols make it harder to capture them. The open web would be revived without all the ad money and (consequent) developer time going into that capture effort.
For the rest, yeah, probably subscriptions.
You're a little too optimistic, IMO.
Running a website has costs. Even if it can be run by a single person in their spare time, servers and bandwidth costs money.
Nah, I just remember what it used to be like. Most of the stuff that's valuable's not that expensive to run. Some of it's fairly decentralizable. The part that makes it difficult and expensive is centralization and control. File distribution's solved and practically free to the distributor if you just want to publish and don't care about retaining control, counting views, and so on. Anyway the sites with the highest costs (video and audio files) tend to be the ones that could probably survive on subscriptions and "native" ads.
Static content, sure. But what about a dynamic site that gains a lot of popularity? Think someone making a reddit knockoff back when the reddit's main source code was open. It could be set up and maintained in a single person's spare time, but if the site got popular, the server power needed to maintain it would get astronomical for a single person.
> Nah, I just remember what it used to be like.
A lot of "what it used to be like" worked because the Internet had a much smaller audience. In the late '90s and early '00s, social media barely existed at all. There was a time when most of the people online were techies, now everyone with a phone made within the last 10 years has access to the Internet.
Each site doesn't need to be all sites if you're not trying to capture an audience for moat-building and data collection. A lot of stuff that's not popular now, like federation or identity services not tied to advertisers (that one Mozilla had, for instance) providing unified multi-site login would be more popular, necessarily, without ads subsidizing free-but-spying options.
Just speculating, but reddit would probably be replaced by several sites (hundreds of popular ones, perhaps, thousands of less popular ones), many of which might permit login or shared feeds or something via the aforementioned means. RSS is still a thing, for that matter. You can also get by with much leaner sites even without going as far into old-school territory as HN and Craigslist, when you're not chasing marketing fads and adding tons of tracking JS and all kinds of other junk, so payload sizes don't need to be as large as they are.
And again, protocols could evolve. Something new similar to IPFS (though probably not actually IPFS) might reach production-ready status fast if there were a real need to distribute load. There are half-formed solutions to a lot of this waiting in the wings, just without much interest outside people who are into them for their own sake, because there's no audience for a somewhat-worse, much-less-addictive, spyware-free Facebook or Twitter, for instance. Community-driven alternatives have a nigh-hopeless battle while they're up against a money-spigot of ad dollars. Lots of developers who might help out with them don't, for that reason.
I mean hell chat was pretty decent and kinda mostly open for a while, but now it's fragmented into private services again, driven largely by the data-hoarders. Less open than even the AIM/ICQ days. Google's trying to do the same thing to email and the Web itself, largely in the name of "saving" them. Take away the ad dollars, the demand will shift away as those services shutter or start charging money, and open standards and enthusiast sites will take back over. Governments, in some cases, maybe (maps/navigation seems like a good one). No apocalypse, just a hiccup. Except for the dragnet spying companies.
It already happened in a way. uBlock Origin is the the version maintained by its founder that stays in line with the original vision.
https://news.ycombinator.com/item?id=14335190
Blocking of ad-blocking?
This is a game of cat-and-mouse which I don't think companies want to spend time playing.
As much as Advertisers want to be able to use their own domains to be able thwart fake clicks, this approach leaves them open to ad blocking. At what point with the wish to deliver ads outweigh the want to measure user engagement? Once ads are slipstreamed, adblockers are going to have to get a lot more aggressive, more like antivirus scanning for code signatures.
Thanks to the team (and especially Ray) for keeping us free of performance bogging, malware delivering scripts.
That wouldn't be the worst future though. In my head, once the adverts are being hosted on the website domain, there'd be a lot more incentive to a) NOT deliver malware, and b) NOT have those wearisome video/sound/flashing/js-heavy adverts.
Why? It's not like the user can distinguish the two, so in term of giving a bad image, it's essentially the same.
Think of the impact if the site is blocked by the browser's red malware warning UI (Google's safe browsing or smartscreen in IE) because a compromised file was hosted on the main domain.
It is much harder to get the site whitelisted once it has been compromised since it is on the same domain.
In my job, we had a site domain that was falsely flagged as malware-infected and it took about a few days before it was confirmed as removed (it is not automated apparently). It was never made clear why it was flagged in the first place but it scared us and we had to isolate any downloadable files (installer, ads, etc) away from the main domain as much as possible.
AFAIK, Google Safe Browsing will show that warning on your site even if the malware came from a third-party domain.
But what's easier to remove; your site or the third party links on the website?
I don't remember third party domains being problematic to remove compared to the first party stuff?
> Once ads are slipstreamed, adblockers are going to have to get a lot more aggressive, more like antivirus scanning for code signatures.
Adblockers also do CSS blocking. Look at how uBlock origin blocks the (included in the page HTML) ads on google.com.
> At what point with the wish to deliver ads outweigh the want to measure user engagement?
It could be argued that self selection from advertisements makes ad campaigns more cost effect per impression/click. If a person wants to block ads they might be less influenced/willing to purposefully click on adverts.
The other end of the stick is that website owners cant be trusted to self report metrics which influence payout.
Is there a good short answer for why uBlock is using constructs like this:
if ( self.browser instanceof Object ) { self.chrome = self.browser; } else { self.browser = self.chrome; }
Instead of using a polyfill like that one https://github.com/mozilla/webextension-polyfill?
This polyfill is useful if you want your Firefox-based extension to seamlessly run as a Chromium-based extension.
However uBO's code base was primarily that of a Chromium-based extension (it predates Firefox WebExtensions), and Firefox extensions API does not require a polyfill to run Chromium-based extensions.
So roughly I just needed both `chrome` and `browser` references to access the same API, the long term goal being to opportunistically replace all instances of `chrome` with `browser` (I find the later more vendor neutral).
This may sound shocking to "modern Javascript" developers:
Often, a little copy is better than a little dependency.
More often, a little copy is better than a large dependency.
I'd argue that it's not exactly "better", but more that it just makes different tradeoffs.
Using a full well-written* dependency for something not part of your "core competency" (even something seemingly trivial) is often a better choice in my opinion. That dependency will often know the "unknown unknowns" to you since their "whole purpose" is solving that one issue.
In this case, and from what I can see from my VERY small glance at the code, I'd argue using a polyfill would be a better choice in this situation. The polyfill has cross-browser tests, ensures compatibility, continually tests against new browser versions and will alert you and shield you from things if they change, download size is less of a worry for extensions and most of it no-ops away in 100% supported browsers, and it's maintained by mozilla.
Obviously there might be additional reasons why the uBlock origin developer isn't using it, it might be super overkill for his needs, he might consider the browser API part of his "core competency" and therefore shouldn't be relying on 3rd party code for it. I'd trust him more than myself here since I know so little about the domain. And I had a similar question to the GP commenter of why he decided to avoid the polyfill.
Your little saying isn't a useful answer, and the dig at "modern javascript developers" is not only unnecessary but also a real annoyance for me because it's used to dismiss just about every opinion while providing no real reasoning why you think that way. If you think a little copy is better, explain why! Don't just put down a group and leave without giving out any useful information!
* A "well written" dependency meaning something well tested, has a solid development team or dedicated person, and has somewhat widespread usage. Obviously it will differ depending on your needs.
> I'd argue that it's not exactly "better", but more that it just makes different tradeoffs.
Yes, it makes tradeoffs that are different, and those tradeoffs are different in that they're better. Often, not always. That's the statement in a nutshell.
> Using a full well-written* dependency for something not part of your "core competency" (even something seemingly trivial) is often a better choice in my opinion.
If it's outside your core competency, you can't really judge if a dependency is well-written. Popularity is an entirely unreliable quality metric. "Well-tested" also means nothing, a lot of people write completely useless unit tests but still fail on integration. How much time are you going to spend researching and vetting the code and the development "team" for that "seemingly trivial" dependency? How about writing a few lines of code and building a little bit of understanding instead? You can still use other people's code as a reference, even copy parts of it.
> That dependency will often know the "unknown unknowns" to you since their "whole purpose" is solving that one issue.
Sure, a few lines of code may have unknown unknowns. You know what else has? Other developers. Unbeknownst to you, "the team" could be the left-pad guy, who turns out to be "political". "The team" could be the guy that just hands over an unmaintained repository to a cryto-thief from China. That one took several weeks to get noticed by the community.
You start with one little dependency for one use-case, you end up with hundreds if not thousands of dependencies. You realistically have no capacity to deal with this in a diligent manner.
One could argue that by using "modern Javascript" with its pathological reliance on micro-dependencies, one has already given up control to the hive of random developers anyway, so one more dependency wouldn't hurt. I probably would agree with that. That doesn't mean every Javascript program would be better off this way.
>If it's outside your core competency, you can't really judge if a dependency is well-written.
Of course you can. I can not understand the details of something like the webextensions surface area, but still can look at the polyfill and understand that it's well written, that the tests aren't useless, that the popularity isn't faked, and that the maintainer is worthy of trust.
Nothing is foolproof, but I'd be much more willing to put things that I don't fully understand into someone else's hands who claims to have a lot of experience and has a lot of support from people who do understand that thing. Especially when the alternative is to trust myself who verifiably doesn't understand the thing.
>How much time are you going to spend researching and vetting the code and the development "team" for that "seemingly trivial" dependency?
That's a really good question! For me it depends on the project. A core project which has access to a lot of PII or is an important part of our infrastructure, i'm going to spend quite a while vetting a dependency. I might see what else the author has written, I might see how they release, how long they've been in the game, how their tests look, past PRs and issues, release cadence, backwards compatibility, and more. For an extra utility that is not critical? I might spend like 15 minutes, or even less depending on what it is doing and how widespread it's usage is. Looking at the chances of me getting a malicious developer or a very broken update that I didn't test against or see is much smaller than the chances that I'll write a bug and not test it, or I'll not fully understand a domain and will add subtle bugs into it, and won't even know how to test it correctly.
>Other developers.
And that's a risk that many are willing to take quite often. You can't completely rid yourself of dependencies. You can't 100% vet all 3rd party code, and you can't run entirely on first party code. It's not possible. So you trust some things here and there, you lock down dependencies so they don't update unless you say to, you review things and limit the scope of permissions. All things you should be doing anyway. Yes, it's a tradeoff, but it's one that the vast majority of code I've written is more than safe to make, especially when the author of a library is also the author of the browser it will be running in...
>You start with one little dependency for one use-case, you end up with hundreds if not thousands of dependencies. You realistically have no capacity to deal with this in a diligent manner.
But we do! That's what dependency managers are for! I can seamlessly replace dependencies, even several layers deep. I can scan and get diffs on changes, I can easily audit the dependency tree to determine if known vulnerabilities are found and either remove the library or update it. Again, it won't work in 100% of cases, but you aren't going to write 100% correct code yourself either.
>One could argue that by using "modern Javascript" with its pathological reliance on micro-dependencies, one has already given up control to the hive of random developers anyway, so one more dependency wouldn't hurt. I probably would agree with that.
Using 3rd party dependencies is a far cry from "giving up control to the hive of random developers". Just like how you using a browser to post this comment which relies on a compiler which uses tools written in python which relies on a python interpreter which itself relies on another compiler which relies on OS libraries which rely on more and more and more isn't trusting the "hive of random developers" either. There are checks, there are audits, there are tools to manage that at just about every step. Javascript has them as well.
There's being careful, and there's being paranoid. Sometimes paranoid is needed, and I do actually agree with a lot of your arguments if they apply (For the love of god don't use one-line dependencies, don't use dependencies written by an author with an agenda who has shown themselves willing to delete/maliciously-break packages, don't just add dependencies without any review or oversight or testing), AND I do agree that the JS ecosystem takes it a bit far (although I'm not fully on-board with if it's a bad thing entirely yet), but don't just throw out statements like "a little copying is better than a little dependency". That's how you get dogmatism which just swings the pendulum in the other direction and we end up with unmaintainable statically-compiled messes with vulnerabilities that can't be found and patched on any realistic timeframes.
> Of course you can. I can not understand the details of something like the webextensions surface area, but still can look at the polyfill and understand that it's well written, that the tests aren't useless, that the popularity isn't faked, and that the maintainer is worthy of trust.
No you can't, at least not in the general case. You can trust Mozilla because it's Mozilla, but ultimately that's an "argument from authority".
> Looking at the chances of me getting a malicious developer or a very broken update that I didn't test against or see is much smaller than the chances that I'll write a bug and not test it, or I'll not fully understand a domain and will add subtle bugs into it, and won't even know how to test it correctly.
Perhaps, but unless the code you are writing is "safety-critical", those "low chances" are outweighed by the fact that a malicious actor can do far more damage than some bug you introduced.
Also, you have to multiply those low chances with the large amount of micro-dependencies that you might bring in through this attitude.
> You can't 100% vet all 3rd party code, and you can't run entirely on first party code.
Of course you can, unless you count the runtime environment as third-party code, which I don't.
> But we do! That's what dependency managers are for!
Yeah, well. Believe that if you must.
> Just like how you using a browser to post this comment which relies on a compiler which uses tools written in python which relies on a python interpreter which...
This is a slippery slope argument. I think there's a distinction to be drawn here.
CPython doesn't have a lot of dependencies, certainly no micro-dependencies. The amount of contributors is rather small and changes are extensively vetted. The standards for browsers are similarly high.
Your average NodeJS project, on the other hand, pulls in a thousand packages from a thousand authors, supposedly vetted by the community - but not really.
> don't just throw out statements like "a little copying is better than a little dependency". That's how you get dogmatism...
It's a proverb, I didn't make it up. I put in the "Often" just to make it sound less dogmatic. You took it out again, presumably so that your long diatribe doesn't look so misplaced.
Your mileage may vary.
>No you can't, at least not in the general case. You can trust Mozilla because it's Mozilla, but ultimately that's an "argument from authority".
I'm not saying absolute trust, I'm saying I trust them to write a better polyfill for extensions than I will. An argument from authority is okay when the alternative is an "argument from ignorance". I know I don't know the details, and I'm trusting someone who literally writes the runtime to know it better than me.
>Perhaps, but unless the code you are writing is "safety-critical", those "low chances" are outweighed by the fact that a malicious actor can do far more damage than some bug you introduced. >Also, you have to multiply those low chances with the large amount of micro-dependencies that you might bring in through this attitude.
I'm genuinely curious about this, because from my point of view the number of times that I've encountered a malicious actor is extremely small and is often dealt with within days if not hours. The number of times that i've encountered my own vulnerable code is much more common. And with non-malicious bugs/vulnerabilities the number is similar. It could be just because I find my own bugs easier, but I really think there is something to relying and trusting that the community is going to be able to do something better, faster, and more correctly than I will be able to. Add on the npm audit system which is constantly scanning and notifying about known vulnerable dependencies means I'll be able to find and solve bugs and vulnerabilities much faster than if I had written even most of it myself.
I'd love to see some actual studies done that aren't just relying on anecdotes to see how things really shake out, but I'm not sure how that would even work as there are so many other confounding factors here that make it really hard to make a hard rule about these things (there is a lot of garbage code on the internet and across most package managers, any study would need to separate the "nobody should ever use this" from the "looks good at first glance" code, and at that point you're just making an automated code reviewer...)
>This is a slippery slope argument. I think there's a distinction to be drawn here.
I completely agree, but often drawing those distinctions is arbitrary. You may draw it at the runtime, I tend not to because a runtime (or the tools that make the runtime, etc...) often have much more ability to cause problems than any runtime library does. Counting "number of dependencies" is extremely hard, because like I said cpython does have quite a lot of dependencies, it just depends on where you draw the line. cpython's compilation depends on quite a lot of smaller tools, and the compilers they support and use depend on even more. As you get further down the stack things slow down and are often vetted much more, but that itself doesn't mean much as the "payoff" for a malicious actor to get into it is often equally greater.
And even if you do draw the line at the runtime or compiler, does that mean that the JS dependencies in my package.json that are dedicated to compilation and building don't count toward your numbers? And if you don't count the transitive dependencies for something like cpython, then it seems disingenuous to include them in your statements about how a node package pulls in thousands of dependencies. And if you draw the line at some dependencies being "okay" and others not based on number of authors, dependencies, the amount of vetting, and more, well you're doing exactly what I was advocating for above!
>I put in the "Often" just to make it sound less dogmatic.
That is fair, and I did remove it from the quote. But I started this whole thing because you didn't describe the reasoning behind why you felt that way, and without the why it is literally just dogmatism.
And to be honest I still don't feel you've given a great answer for it besides the idea that as the number of some dependencies goes up the risk of a malicious actor goes up. Which I don't necessarily disagree with! I guess I just draw the line at a different spot. For me the risk of a malicious actor is miniscule compared to the risk of not completing the project from having to write so much code to avoid dependencies, writing bugs in domains that I don't understand, or copying code into my codebase that I don't fully understand breaking the dependency link that I can use to do automated scanning of. Not in every project, but in most.
> I'm not saying absolute trust, I'm saying I trust them to write a better polyfill for extensions than I will.
But that's not even the scenario here. You have the choice between bringing in a couple of lines of code you wrote yourself, or another dependency. Sure, in this case the vendor is entirely trustworthy and presumably competent. That's not the general case.
Let's say it was the general case, is it still worth increasing the complexity of your program for that little piece of functionality? Can you judge the runtime cost at all? What about bundle size? (Not applicable in this case, but still) Does the integrating the polyfill cause more work over a simpler solution?
Those are rhetorical questions, I don't want to keep on with the walls of text. The point is, the argument doesn't stop there.
> Counting "number of dependencies" is extremely hard, because like I said cpython does have quite a lot of dependencies, it just depends on where you draw the line.
CPython itself only has a handful of dependencies (libc, libffi, openssl, zlib, maybe a couple more) and almost all of them are optional. I'm drawing the line at actual dependencies of the program, not the operating system or the compiler (though neither GCC nor LLVM have a lot of dependencies either) or the basic build tools that ship with basically any UNIX-like system.
However, even if we added them all up I doubt we would have more "units" (programs, libraries) than in your average NodeJS project.
> And even if you do draw the line at the runtime or compiler, does that mean that the JS dependencies in my package.json that are dedicated to compilation and building don't count toward your numbers?
It doesn't matter, you're probably fucked either way.
This is great! Any plans for Safari support?
The lack of support is in the other direction - Safari doesn't support uBlock Origin anymore. The only way to block ads is with Apple's Content Blocking API, which is fundamentally not how uBlock Origin works.
Interesting, didn't know that - why wasn't there the same kind of outcry as for Chrome API changes?
Safari lets extensions precompile a list of patterns to block and then it does the actual blocking. The extension never sees your browsing history or network requests.
Sounds a lot like what Chrome is bringing in.
Chrome has a limit on the amount of the items in the list.
Originally, Google wanted to max at 30k items, but after the outry, they increased it to 150k.
For comparison, my uBlock has currently 101k of net filters and 49k cosmetic filters.
Safari also has a limit, and it's low enough that plugin developers have had to split their work into multiple parallel plugins or even into standalone macOS applications.
I guess because Safari is relatively unimportant in terms of market share. Not totally unimportant, but not quite the same league.
Probably because of lack of usage of Safari. It was covered in some circles: https://adguard.com/en/blog/safari-adblock-extensions.html
I'm running uBlock Origin 1.16 on Safari 12.1.1 right now, unless I'm mistaken.
Apple hasn't completed the Extension Gallery deprecation process, but it will be entirely unusable with Safari 13.
Ah, thanks, damn. Might be time to give Firefox another shot.
Pardon my ignorance, but I installed ublock via the App Store in safari and it seems to work fine, am I mistaken?
Edit: I see it’s ublock, not ublock origin. What’s the difference?
uBlock is an unmaintained fork of uBlock Origin: https://github.com/gorhill/uBlock/wiki/uBlock-Origin-is-comp...
If it's in the App Store, it's not even a fork, it's just some piece of software using the "uBlock" name.
Interesting. How do they differ fundamentally?
uBlock Origin uses the WebExtension API that is common to Chromium/Firefox. Going forward, Safari for iOS/macOS will only support Apple's Content Blocking API.
I absolutely detest the way Extensions in Safari are handled in Mojave. Is there any way to install them without the App Store?
Part of the logic is that many extensions are very dangerous to users: the Grammarly extension, for example, vacuums up everything you type and sends your history to their servers. Most normal people don’t realize the trouble they can get into when installing extensions. Extensions can be as privacy destructive as anything on the web.
That should be my choice, not Apple's. What if there's an addon I want to see everything I type?
Except:
1. The job of Safari isn't to be everything to everyone.
2. Most tech enthusiasts just install Firefox or Chrome anyway.
3. Your web browser is by far the most critical aspect of computer security for most users. It controls the entire trust chain between yourself and your online bank. Your browser validates the security certificates. Your browser decides what to do with the passwords you enter. Your browser decides what to show in the address bar.
4. We know that most casual web users have suffered great privacy violations from dodgy add-ons, either by disguising itself as a useful tool or via drive-by installation. This isn't a hypothetical fear. It's very real.
5. Apple's unique selling point is privacy and security. Anything they can do to ensure that your grandmother's browser isn't compromised should be prioritised and applauded.
6. You can add untrusted extensions using the Extension Builder by obtaining a free cryptographic certificate from Apple. It's not trivial but it's just the right amount of onerous to stop your grandmother from being defrauded.
I don't know anything about that specific extension, but ...
Isn't that exactly the sort of thing the Apple walled garden is supposed to protect against? Surely anything that functions as a key logger and browsing history recorder violates their terms of service?
I'm fairly confident that this doesn't happen in Mozilla's addons repository. As I recall from the Stylish incident (Stylish is a similar browsing history stealing extension) they were not allowed to put this extension in AMO with the history stealing code, but it was left untouched in the Google Play store.
Same. It's absolutely garbage that it requires a Mac App -- while there's workarounds for now, how much longer until they don't work either. It's a shame because I quite like Safari as a browser. Oh well, more incentive to switch back to Firefox!
Not the most up to fate, but exists: https://github.com/el1t/uBlock-Safari
This will no longer be usable on Catalina unless someone else takes up the charge. The problem afaik is similar to what Chrome has done.
I love uBlock Origin. I wish I could donate to gorhill, and I'm actually kind of annoyed he wont even put up a paypal me link or something.
That said, I've noticed more and more sites are starting to do the ad blocker detection and not allowing you to see the content until you white list them. It started with a simple body {overflow:hidden} and a modal box, but they are now truncating their content.
And I don't mind a site advertising, they have to make their money somehow, but I don't like how the modern ad-tech is so kludgy.
When will the planned changes to the Chrome API actually roll out to the public?
They'll be rolled out with Manifest V3 which as of last week was "still very much in development" https://groups.google.com/a/chromium.org/d/msg/chromium-exte...
The best estimates would be rolling out by next year, and enforced in probably 2 years. And they will probably change quite a lot until then.
I expect by the time anything actually ships, the API will be extended enough to allow most of uBlock Origin's functionality to stay.
Thanks for the great work!
Has the author of uBlock origin said what the plans are post-this-change? Should Chrome actually follow through with what it says it will do, the performance of uBO will drop overnight. Is this acceptable? Will development continue?
If you already have it do you need to manually install the new version?
It was updated automatically for me, both on Firefox desktop and Firefox for Android.
Still stuck on the previous version. The store shows 1.20, but even switching to "developer mode" in the Chrome extension overview and clicking on "Update" (button) and restarting the browser had no effect. Still the old version.
Update to my question: Someone wrote this blog post about this exact problem, even with this exact extension (dated September 25, 2018), and how to manually update the extension: https://www.ghacks.net/2018/09/25/how-to-update-chrome-exten...
UPDATE
After reading the comments on the linked blog article, frantically hitting the "Update" button (in developer mode) many times indeed helps! I had clicked it quite a few times already, but "normally", going crazy and hitting it a lot and quickly indeed lead to the update occurring.
Wow, what a crazy user interface that requires users to go berserk on the buttons...
Same here. Why won't it update to the new version?
"I see some Chrome/Chromium users wondering why they are not updated to uBlock Origin 1.17.0:
When I publish a new version of uBO, I deploy gradually, starting with 5% of users then increasing every day: 12%, 25%, 50%, 100%."
https://twitter.com/gorhill/status/1044670065889734657
Good to know. Thanks.
Cool. Is there a non-WebExtensions XUL version for us Pale Moon users?
I would strongly advise not using Pale Moon—for numerous reasons specific to that particular distribution (which aren't interesting enough to repeat here) but mostly for reasons that apply to all minor web browser projects; particularly ones based off old code:
— How quickly will serious vulnerabilities be patched?
Given the project is so small, I wouldn't trust their future response to be rapid even if they have been in the past. Right now most security fixes come in the form of merging upstream security fixes from Mozilla. As their code base becomes increasingly divergent to the Firefox head, merging in upstream security fixes will become increasingly difficult and increasingly cumbersome.
— How much do you really trust these developers?
I don't think many people realise just how important your browser is when it comes to trust. When you access online banking, your browser is in ultimate control of the entire trust chain. Your browser validates the security certificates. Your browser decides what to do with the passwords you enter. Your browser decides what to show you in the address bar.
— What's wrong with Firefox 67+ anyway?
The one thing everyone seems to cite when they say they use Pale Moon or Waterfox is that they still support the older extension system. The reality is all important extensions were unaffected. And while some genuinely useful extensions were lost in the transition (e.g. DownThemAll) most should be standalone applications anyway.
I have found that, as much as Moonchild & Tobin can be difficult, I trust their judgment far more than I do Mozilla's. I want to be in control of my browser, I want to determine what gets downloaded and uploaded from my PC. They tend to be on that side.
Also, my problems with the browser product itself are simple: the UI is awful and cannot be meaningfully fixed, and multi-process programs cause my computer to hang (so I set up a script to auto kill them). Pale Moon respects me as a User, not as an ad profile for Google.
Each to their own.
I would never trust the judgement of the most important piece of software on my computer to a small group of tinkerers maintaining a fork of someone else's massively complicated and deeply outdated source code. I don't care who they are—if they don't have a big enough reputation on the line, there's no reason to trust them.
I'm sure your cousin is super trustworthy, but that doesn't mean anyone should put him in charge of the armoured vehicles division of a bank.
Besides, it's a lot easier for a microscopically small and individualistic outfit like Pale Moon to never disappoint you compared to a large, managed entity like Mozilla which has disclosure policies and hundreds of employees each with their own priorities and agenda.
The day I consider my WWW browser the most important software on my PC is the day I go back to dialup. Frankly, I agree with your base theory - that's why the important software on my PC is Windows and MSOffice, rather than *nix and Open or Libre Office. I moved off the OO/LO platform a little after the split, because compatibility was an issue.
But for a limited use program like a browser, yeah, I want the people who won't disappoint me.
Using Firefox from that sell-out developer with zero respect for power- and geek users.. from the developer who rather wants to attract Chrome/simple users and not supporting their own target user-base..
Mozilla is morally wise a totally unacceptable developer. They have been on the good side in the past, but what is left is almost as disgusting as Google itself... the Google - which Mozilla tries so hard to become itself.
Why do you think normal users are not Mozilla's "target user-base"?
Pale moon is a bad product made by horrendous individuals.
For the technical reasons read
https://www.howtogeek.com/335712/update-why-you-shouldnt-use...
For the interpersonal reasons please see the lead developer acting like a spoiled child here.
https://github.com/jasperla/openbsd-wip/issues/86
Friends don't let friends use a crappy, out of date, insecure, janky browser.
I rather would use Pale Moon before i would touch Mozilla Firefox - Mozilla which killed almost all customization options just to be able to be as attractive to Chrome users as possible.
In fact, i also would use Vivaldi every day over Firefox. Mozilla has turned into a greedy sell-out developer with zero respect for power- or geek users!
The problem with this narrative is that it is entirely fictional. The web extensions addons that have replaced the old style are just as featureful and Mozilla has done a good job of providing the functionality to build powerful addons.
Example Pentadactyl -> Tridactyl, noscript, ublock origin, stylus.
I'm not clear where you are coming from with the "greedy" accusation nor where you get off calling them sell outs. Based on what?
Your refrains betray "reduced to 180 characters" level of understanding of the matter and I strongly suggest you gain a more complete understanding of technical and business matters before attacking people who are producing so much value for the open source community.
I agree with their technical choices, and I both understand and agree with their BSD position.
No, Pale moon is not bad product at all, as for the horrendous individuals, well that's wrong too.
>For the technical reasons read
https://forum.palemoon.org/viewtopic.php?p=135424#p135424
>For the interpersonal reasons please see the lead developer acting like a spoiled child here.
(btw mattatobin is not a lead developer, get your fact straight please)
https://forum.palemoon.org/viewtopic.php?p=134236#p134236
>Friends don't let friends use a crappy, out of date, insecure, janky browser.
https://forum.palemoon.org/viewtopic.php?t=21626
https://forum.palemoon.org/viewtopic.php?p=168679#p168679
A set of instructions that would allow the end user to build something cannot be subject to any copyright license insofar as it doesn't actually contain the software that is bound by said license.
The unofficial patches are presumably by definition not copyright the project considering they are written by a third party.
This is kind of how multiple source based packages work. Nothing is being distributed by the repo save instructions the end user does the fetching and building.
Normally people do a small amount of research before attacking volunteers who are providing free labor to make their package more broadly available.
An example dialog could have been opened like so.
"We at the Pale Moon project prefer that distributions package as close as possible to the default experience to ensure that all users have the same experience and aid in troubleshooting. Can we talk about the patches that are being distributed with Pale Moon to see if they are really needed for our product to work on your OS?"
If no agreement can ultimately be reached respectfully ask for it not to be distributed but use the know how generated to add a forum post "Building on OpenBSD" not burning any bridges AND actually profiting from the experience.
Instead Pale Moon devs appear to have learned nothing from the interaction.
I've noticed that you didn't bother to address the technical reasons whatsoever. Your browser is probably the best vector into your system and malware no longer just screws up your system. It's now common for malware to encrypt your files and hold them for ransom.
In effect an out of date firefox means that malware authors can use up to date firefox's security fixes to target users using old software that perforce is vulnerable to the same attacks. This needn't be specifically targeted at JUST palemoon users. All users of out of date firefox represent a possible victim pool with attractively low security.
> I've noticed that you didn't bother to address the technical reasons whatsoever.
It's right there, bellow the "crappy, out of date, insecure, janky browser" unfounded claims, open the two links I've provided and you'll see that ALL the technical reasons are covered extensively.
Yes
https://github.com/gorhill/uBlock/releases/tag/firefox-legac...
and here's the uBlock Origin Updater https://addons.palemoon.org/addon/ublock0-updater/
I don't think there is an updated one. For the brief period when I had used Basilisk, I used an old version of uBlock Origin (downloaded from the Mozilla website).
Too bad it only targets Chrome webextensions. No support for people still using the Firefox version of Firefox instead of the modern Chrome style Firefox.
There's no dev team here, its a single guy building something for free, if you want this to be supported on the older version of firefox, build it!
Pre quantum being unsupported and therefore by dint of lacking security updates insecure will end up with 0.1% marketshare. This is probably why nobody cares. You are of course free to maintain a fork for you and the other 28 users.
gorhill is such a trooper that he's actually still maintaining a Firefox-legacy version, latest release just a couple of weeks ago: https://github.com/gorhill/uBlock/releases/tag/firefox-legac...
Wow! I happily eat my words. I'm wrong. This is excellent. Thank you.
I can understand being upset that firefox removed support for non-webextension extensions, but I can't really understand someone who evidently chose to remove the webextensions support themselves and then complains that some extensions stopped working.