Still will be moving away from Chrome. I have to figure out how to parse this for my phone because some mobile site features seem to only cooperate with Chrome (and the Firefox browser leaves a lot to be desired for me).
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
PiHole is actually a poor substitute for modern extension-based ad-blocking. A considerable amount of ads are hosted from the domain you're trying to browse these days. Since PiHole is domain based blocking, you're either going to get everything, or nothing, on some sites.
I get it that blocking ads denies them revenue (it's why I try to patreon where I can to offset that for sites that deserve it, including PA). However they're still an incredibly dangerous attack vector and the fact that Google doesn't appear to be spending better time to create some sort of actual safe ad venue/technology (and say, roll it into Chrome) and get people on board with it instead baffles me. It's not like adblocking has only just been a thing.
I get it that blocking ads denies them revenue (it's why I try to patreon where I can to offset that for sites that deserve it, including PA). However they're still an incredibly dangerous attack vector and the fact that Google doesn't appear to be spending better time to create some sort of actual safe ad venue/technology (and say, roll it into Chrome) and get people on board with it instead baffles me. It's not like adblocking has only just been a thing.
This is absolutely true.
The thing that really bothers me is when people try to claim "But OUR ads are safe!!", which is patently untrue. No one goes through every ad with a fine toothed comb. No one constantly monitors ads after approval to ensure that they haven't been changed.
Proper, safe ad serving is possible, but it would require meticulous human interaction and moderation. And we can see how willing companies like Google and Twitter are to do that.
Until something drastic changes, I assume ads are malicious and I will do anything and everything to exclude them from my computer.
I get it that blocking ads denies them revenue (it's why I try to patreon where I can to offset that for sites that deserve it, including PA). However they're still an incredibly dangerous attack vector and the fact that Google doesn't appear to be spending better time to create some sort of actual safe ad venue/technology (and say, roll it into Chrome) and get people on board with it instead baffles me. It's not like adblocking has only just been a thing.
This is absolutely true.
The thing that really bothers me is when people try to claim "But OUR ads are safe!!", which is patently untrue. No one goes through every ad with a fine toothed comb. No one constantly monitors ads after approval to ensure that they haven't been changed.
Proper, safe ad serving is possible, but it would require meticulous human interaction and moderation. And we can see how willing companies like Google and Twitter are to do that.
Until something drastic changes, I assume ads are malicious and I will do anything and everything to exclude them from my computer.
People serving ads don't even know what ads they're serving. Half the time the ad CDNs are leasing slots to other CDNs; even if they do vet all their own ads, they don't vet the ads of their partners, or their partners' partners.
+4
Options
OrcaAlso known as EspressosaurusWrexRegistered Userregular
I get it that blocking ads denies them revenue (it's why I try to patreon where I can to offset that for sites that deserve it, including PA). However they're still an incredibly dangerous attack vector and the fact that Google doesn't appear to be spending better time to create some sort of actual safe ad venue/technology (and say, roll it into Chrome) and get people on board with it instead baffles me. It's not like adblocking has only just been a thing.
This is absolutely true.
The thing that really bothers me is when people try to claim "But OUR ads are safe!!", which is patently untrue. No one goes through every ad with a fine toothed comb. No one constantly monitors ads after approval to ensure that they haven't been changed.
Proper, safe ad serving is possible, but it would require meticulous human interaction and moderation. And we can see how willing companies like Google and Twitter are to do that.
Until something drastic changes, I assume ads are malicious and I will do anything and everything to exclude them from my computer.
People serving ads don't even know what ads they're serving. Half the time the ad CDNs are leasing slots to other CDNs; even if they do vet all their own ads, they don't vet the ads of their partners, or their partners' partners.
It's ad networks all the way down until you get to the asshole that will try to install a keylogger on your machine.
And even when it isn't, it's ad networks tracking every page, mouse movement, keypress, and delay across all the websites they have access to so they know at least what you're reading, if not your interests.
I get it that blocking ads denies them revenue (it's why I try to patreon where I can to offset that for sites that deserve it, including PA). However they're still an incredibly dangerous attack vector and the fact that Google doesn't appear to be spending better time to create some sort of actual safe ad venue/technology (and say, roll it into Chrome) and get people on board with it instead baffles me. It's not like adblocking has only just been a thing.
This is absolutely true.
The thing that really bothers me is when people try to claim "But OUR ads are safe!!", which is patently untrue. No one goes through every ad with a fine toothed comb. No one constantly monitors ads after approval to ensure that they haven't been changed.
Proper, safe ad serving is possible, but it would require meticulous human interaction and moderation. And we can see how willing companies like Google and Twitter are to do that.
Until something drastic changes, I assume ads are malicious and I will do anything and everything to exclude them from my computer.
Plain image banner ads are the limit for what you could be sure is safe (as a vendor, and only because you can sanitize images easily)
jesus fuck looks like the update is already in place? ublock isn't catching like 30% of ads right now for some reason for me
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
edited May 2019
I haven't seen any change in behavior yet, but I keep my Chrome in a Sandbox and it can't update itself without manual intervention.
It looks like the Developer and Beta Channel versions of Chrome have updated in the last 24 hours, but the last Stable version update was the 21st. What version of Chrome are you currently on?
EDIT: Nevermind, Chromium will be the first to get fucked! Yay!
Which means my lovely Vivaldi browser is turbo-fucked.
That really sucks because if I were to have switched away from chrome it probably would have been to vivaldi (I was a long time opera holdout until they jumped ship to chromium and china).
+1
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
EDIT: Nevermind, Chromium will be the first to get fucked! Yay!
Which means my lovely Vivaldi browser is turbo-fucked.
That really sucks because if I were to have switched away from chrome it probably would have been to vivaldi (I was a long time opera holdout until they jumped ship to chromium and china).
Well I guess before I started primarily browsing on mobile I was a big Firefox fan. I assumed Google wouldn't actually follow through but I guess they probably don't actually make that much money from chrome compared to ads. Also what does this mean for chrome books? Are they just stuck with ads?
EDIT: Nevermind, Chromium will be the first to get fucked! Yay!
Which means my lovely Vivaldi browser is turbo-fucked.
That really sucks because if I were to have switched away from chrome it probably would have been to vivaldi (I was a long time opera holdout until they jumped ship to chromium and china).
Ah geez, I just switched to Opera because of this hullabaloo. So the only realistic option is Firefox then?
I mean, I get why the sites who put up notices about adblockers put them up.
I mean, I trust the sites. But you know who I don't trust? The jackhole ad networks and ad providers who seem more interested in making $$$ instead of making sure their shit is safe.
I'll be interested in putting up with ads when I can trust the people behind them- which is why I always keep AdBlockPlus and NoScript enabled no matter what.
Firefox installed. It has a semi-dark mode by default so good for it. Bookmarks are moved. LastPass is signed in, uBlock is running.
I mean really, that's it right? It's running great.
Hasn't LastPass had some issues historically? I know that they have 2FA but I've never been comfortable with the security they have in place over passwords/etc. I feel like KeePass or 1Password have been better.
With the Manifest V3 proposal, Google deprecates the webRequest API’s ability to block a particular request before it’s loaded. As you would expect, power users and extension developers alike criticized Google’s proposal for limiting the user’s ability to browse the web as they see fit.
Now, months later, Google has responded to some of the various issues raised by the community, sharing more details on the changes to permissions and more. The most notable aspect of their response, however, is a single sentence buried in the text, clarifying their changes to ad blocking and privacy blocking extensions.
"Chrome is deprecating the blocking capabilities of the webRequest API in Manifest V3, not the entire webRequest API (though blocking will still be available to enterprise deployments)."
Google is essentially saying that Chrome will still have the capability to block unwanted content, but this will be restricted to only paid, enterprise users of Chrome. This is likely to allow enterprise customers to develop in-house Chrome extensions, not for ad blocking usage.
This will significantly neuter the ability of extensions to effectively block ads in-browser. When this goes through, I would consider Chrome to be a significantly larger attack surface. Ads remains the primary vector of malware transmission - Even from (ESPECIALLY from) sites you trust.
Well, I suddenly feel smug about switching to Vivaldi a few years ago. At best, depending on how the API is handled, it might bypass it.
At worse, it'll be easier to migrate off a Chromium browser anyway.
With the Manifest V3 proposal, Google deprecates the webRequest API’s ability to block a particular request before it’s loaded. As you would expect, power users and extension developers alike criticized Google’s proposal for limiting the user’s ability to browse the web as they see fit.
Now, months later, Google has responded to some of the various issues raised by the community, sharing more details on the changes to permissions and more. The most notable aspect of their response, however, is a single sentence buried in the text, clarifying their changes to ad blocking and privacy blocking extensions.
"Chrome is deprecating the blocking capabilities of the webRequest API in Manifest V3, not the entire webRequest API (though blocking will still be available to enterprise deployments)."
Google is essentially saying that Chrome will still have the capability to block unwanted content, but this will be restricted to only paid, enterprise users of Chrome. This is likely to allow enterprise customers to develop in-house Chrome extensions, not for ad blocking usage.
This will significantly neuter the ability of extensions to effectively block ads in-browser. When this goes through, I would consider Chrome to be a significantly larger attack surface. Ads remains the primary vector of malware transmission - Even from (ESPECIALLY from) sites you trust.
Well, I suddenly feel smug about switching to Vivaldi a few years ago. At best, depending on how the API is handled, it might bypass it.
At worse, it'll be easier to migrate off a Chromium browser anyway.
I've been monitoring Vivaldi devs responses on their forum. They're very much just watching the Chromium debate from the sidelines and will make decisions based on what happens.
They're officially stating they intend to support content blockers, they just don't know what that looks like right now. I think they're hoping Chromium devs go a different direction.
I suspect this is probably going to "cost" more than google cares to admit. I would wager it looks like it improves their metrics but the sheer amount of data they're going to lose access is probably actually ends up costing money, though, that stuff doesn't show up on a spreadsheet like the rest of it does, so it's hard to quantify.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
With the Manifest V3 proposal, Google deprecates the webRequest API’s ability to block a particular request before it’s loaded. As you would expect, power users and extension developers alike criticized Google’s proposal for limiting the user’s ability to browse the web as they see fit.
Now, months later, Google has responded to some of the various issues raised by the community, sharing more details on the changes to permissions and more. The most notable aspect of their response, however, is a single sentence buried in the text, clarifying their changes to ad blocking and privacy blocking extensions.
"Chrome is deprecating the blocking capabilities of the webRequest API in Manifest V3, not the entire webRequest API (though blocking will still be available to enterprise deployments)."
Google is essentially saying that Chrome will still have the capability to block unwanted content, but this will be restricted to only paid, enterprise users of Chrome. This is likely to allow enterprise customers to develop in-house Chrome extensions, not for ad blocking usage.
This will significantly neuter the ability of extensions to effectively block ads in-browser. When this goes through, I would consider Chrome to be a significantly larger attack surface. Ads remains the primary vector of malware transmission - Even from (ESPECIALLY from) sites you trust.
Well, I suddenly feel smug about switching to Vivaldi a few years ago. At best, depending on how the API is handled, it might bypass it.
At worse, it'll be easier to migrate off a Chromium browser anyway.
I've been monitoring Vivaldi devs responses on their forum. They're very much just watching the Chromium debate from the sidelines and will make decisions based on what happens.
They're officially stating they intend to support content blockers, they just don't know what that looks like right now. I think they're hoping Chromium devs go a different direction.
I bet that rolling back the changes that the chromium team are introducing will be very much non-trivial and would mean supporting an independent fork of chromium indefinitely.
+3
Options
Inquisitor772 x Penny Arcade Fight Club ChampionA fixed point in space and timeRegistered Userregular
Looks like Brave has committed to forking these changes, and uBlock Origin has committed to supporting Brave if they do so.
I suspect this is probably going to "cost" more than google cares to admit. I would wager it looks like it improves their metrics but the sheer amount of data they're going to lose access is probably actually ends up costing money, though, that stuff doesn't show up on a spreadsheet like the rest of it does, so it's hard to quantify.
I actually don't think it will. I think the enthusiasts they're losing are already folks who were feeding less data, and comparatively they'll get a lot more value from non-enthusiasts who had figured out ublock.
I suspect this is probably going to "cost" more than google cares to admit. I would wager it looks like it improves their metrics but the sheer amount of data they're going to lose access is probably actually ends up costing money, though, that stuff doesn't show up on a spreadsheet like the rest of it does, so it's hard to quantify.
I actually don't think it will. I think the enthusiasts they're losing are already folks who were feeding less data, and comparatively they'll get a lot more value from non-enthusiasts who had figured out ublock.
You can get a lot of data than what ublock gives you. Tracking where the mouse goes on a page, what it clicks on, how long it stays there, how long you stay on the page, etc are also highly valuable to advertisers. Whether chrome tracks that right now is questionable, I know there's some JS packages that aren't really adblocked that do it.
Plus all the people like you and me who handle installing things on our friends/family's computers and give advice are going to be very vocal about this and cause people to move away.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
Standing reminder that whatever browser you use, it's highly recommended to equip it with a javascript blocker operating on a whitelist. This is in addition to an ad blocker.
Will it make browsing more difficult? Yes. Will it block all snooping/malicious javascript elements? No - some will be locally hosted.
I have Google Container and Facebook Container running. Also HTTPS Everywhere and, if you're a PC gamer, Augmented Steam is cool but you probably already had both of those on Chrome.
I just wish Firefox on Android wasn't so clunky on the forum here. (Or generally. But mostly here.) It seems a far cry from the desktop browser I love. At least it can still run extensions, though (and has a pull to refresh one since that's not in the actual browser).
I have Google Container and Facebook Container running. Also HTTPS Everywhere and, if you're a PC gamer, Augmented Steam is cool but you probably already had both of those on Chrome.
I just wish Firefox on Android wasn't so clunky on the forum here. (Or generally. But mostly here.) It seems a far cry from the desktop browser I love. At least it can still run extensions, though (and has a pull to refresh one since that's not in the actual browser).
FF on Android is getting a major overhaul that should noticeably boost performance sometime within the next year. It’s currently in maintenance mode until that happens.
I get it that blocking ads denies them revenue (it's why I try to patreon where I can to offset that for sites that deserve it, including PA). However they're still an incredibly dangerous attack vector and the fact that Google doesn't appear to be spending better time to create some sort of actual safe ad venue/technology (and say, roll it into Chrome) and get people on board with it instead baffles me. It's not like adblocking has only just been a thing.
This is absolutely true.
The thing that really bothers me is when people try to claim "But OUR ads are safe!!", which is patently untrue. No one goes through every ad with a fine toothed comb. No one constantly monitors ads after approval to ensure that they haven't been changed.
Proper, safe ad serving is possible, but it would require meticulous human interaction and moderation. And we can see how willing companies like Google and Twitter are to do that.
Until something drastic changes, I assume ads are malicious and I will do anything and everything to exclude them from my computer.
All it would require is sites serving their own ads instead of contracting it out, and/or a regulatory structure to ensure safe operators.
Neither of which is the status quo obviously, but it wouldn’t require anything more than business to be slightly less miscreant (I know, lol)
it was the smallest on the list but
Pluto was a planet and I'll never forget
So I take firefox is he current recommended browser these days. In that vein, what's the optimal setup to minimize snooping and possible virus/malware infection? I know nothing is full proof, but with Chrome being a pile of shit now, I kind of need a new browser and since I'm stuck using FB to keep track of some friends, I'd like to at least make sure I can quarantine the fucking thing.
Sadly, we're probably waiting for a bunch of the republican rat fuckers to be forced out of office because they are a big obstacle towards getting some ground rules set. I'm getting really annoyed with the number of websites that try to guilt trip me into turning of adblockers, refuse to let you do anything until you do and the ones that insist you have to load up a bunch of shit cookies (often times the cookies they want loaded aren't needed for their site, it's just shit to track your behavior for their advertisers).
There are a few more that people sometimes run, such as uMatrix and NoScript. Those require more manual intervention and don't necessarily make you any safer unless you know what you're doing. There are also anti-adblock extensions such as Nano Defender, but the author for uBlock Origin isn't a big fan of how they work, so caveat emptor.
It's one of those "raaaaah google is spying on me!" type addons I think.
E: I think that one in particular bundles things like jquery and all that locally and uses those instead of the CDN based ones google provides that a lot of people use.
bowen on
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
I block cdns using noScript since there's no telling if a cdn is actually legit or not. Of course, then I have to play the guessing game when I'm on an unfamiliar site as to which cdn to allow.
"Simple, real stupidity beats artificial intelligence every time." -Mustrum Ridcully in Terry Pratchett's Hogfather p. 142 (HarperPrism 1996)
0
Options
Inquisitor772 x Penny Arcade Fight Club ChampionA fixed point in space and timeRegistered Userregular
...why would you run an extension to disable CDNs? Do you enjoy websites being down constantly?
Are you referring to Decentraleyes? If so, that's not how it works. It replaces commonly-used CDN resources with an auditable, open-source and Mozilla-vetted local library that is stripped of any source mapping or modification.
It prevents "trusted" CDNs from tracking where you go (which is the cost you pay for "free" CDN delivery), and it prevents untrusted CDNs from running whatever the hell they want just by virtue of declaring that they are a CDN that is giving you a script you need to run a webpage. Ideally these domains are prevented from connecting in the first place by virtue of uBlock Origin, but it's not a terrible idea to simply preclude them from trying by not needing to download from a CDN in the first place because you have a local resource already available.
It also actually makes browsing faster because you have a local library of commonly-used stuff and don't need to download them from somewhere else the first time you encounter them.
Posts
Still will be moving away from Chrome. I have to figure out how to parse this for my phone because some mobile site features seem to only cooperate with Chrome (and the Firefox browser leaves a lot to be desired for me).
This is absolutely true.
The thing that really bothers me is when people try to claim "But OUR ads are safe!!", which is patently untrue. No one goes through every ad with a fine toothed comb. No one constantly monitors ads after approval to ensure that they haven't been changed.
Proper, safe ad serving is possible, but it would require meticulous human interaction and moderation. And we can see how willing companies like Google and Twitter are to do that.
Until something drastic changes, I assume ads are malicious and I will do anything and everything to exclude them from my computer.
People serving ads don't even know what ads they're serving. Half the time the ad CDNs are leasing slots to other CDNs; even if they do vet all their own ads, they don't vet the ads of their partners, or their partners' partners.
It's ad networks all the way down until you get to the asshole that will try to install a keylogger on your machine.
And even when it isn't, it's ad networks tracking every page, mouse movement, keypress, and delay across all the websites they have access to so they know at least what you're reading, if not your interests.
Fuck malware vectors spy networks ad networks.
Plain image banner ads are the limit for what you could be sure is safe (as a vendor, and only because you can sanitize images easily)
3DS: 0473-8507-2652
Switch: SW-5185-4991-5118
PSN: AbEntropy
It looks like the Developer and Beta Channel versions of Chrome have updated in the last 24 hours, but the last Stable version update was the 21st. What version of Chrome are you currently on?
Which means my lovely Vivaldi browser is turbo-fucked.
That really sucks because if I were to have switched away from chrome it probably would have been to vivaldi (I was a long time opera holdout until they jumped ship to chromium and china).
This was me, too. Gosh dang do I miss Opera
PSN:Furlion
Ah geez, I just switched to Opera because of this hullabaloo. So the only realistic option is Firefox then?
I mean really, that's it right? It's running great.
Steam | XBL
I mean, I trust the sites. But you know who I don't trust? The jackhole ad networks and ad providers who seem more interested in making $$$ instead of making sure their shit is safe.
I'll be interested in putting up with ads when I can trust the people behind them- which is why I always keep AdBlockPlus and NoScript enabled no matter what.
I can has cheezburger, yes?
I use nanodefender in addition to ublock origin. It prevents sites from detecting adblocking, although its installation setup is a bit more involved.
Hasn't LastPass had some issues historically? I know that they have 2FA but I've never been comfortable with the security they have in place over passwords/etc. I feel like KeePass or 1Password have been better.
Steam: CavilatRest
Well, I suddenly feel smug about switching to Vivaldi a few years ago. At best, depending on how the API is handled, it might bypass it.
At worse, it'll be easier to migrate off a Chromium browser anyway.
I've been monitoring Vivaldi devs responses on their forum. They're very much just watching the Chromium debate from the sidelines and will make decisions based on what happens.
They're officially stating they intend to support content blockers, they just don't know what that looks like right now. I think they're hoping Chromium devs go a different direction.
I bet that rolling back the changes that the chromium team are introducing will be very much non-trivial and would mean supporting an independent fork of chromium indefinitely.
That may give other chromium browsers a codebase to build off of if that is the case.
I actually don't think it will. I think the enthusiasts they're losing are already folks who were feeding less data, and comparatively they'll get a lot more value from non-enthusiasts who had figured out ublock.
You can get a lot of data than what ublock gives you. Tracking where the mouse goes on a page, what it clicks on, how long it stays there, how long you stay on the page, etc are also highly valuable to advertisers. Whether chrome tracks that right now is questionable, I know there's some JS packages that aren't really adblocked that do it.
Plus all the people like you and me who handle installing things on our friends/family's computers and give advice are going to be very vocal about this and cause people to move away.
Will it make browsing more difficult? Yes. Will it block all snooping/malicious javascript elements? No - some will be locally hosted.
But it's still a really good idea.
I just wish Firefox on Android wasn't so clunky on the forum here. (Or generally. But mostly here.) It seems a far cry from the desktop browser I love. At least it can still run extensions, though (and has a pull to refresh one since that's not in the actual browser).
Steam | XBL
FF on Android is getting a major overhaul that should noticeably boost performance sometime within the next year. It’s currently in maintenance mode until that happens.
All it would require is sites serving their own ads instead of contracting it out, and/or a regulatory structure to ensure safe operators.
Neither of which is the status quo obviously, but it wouldn’t require anything more than business to be slightly less miscreant (I know, lol)
Pluto was a planet and I'll never forget
Sadly, we're probably waiting for a bunch of the republican rat fuckers to be forced out of office because they are a big obstacle towards getting some ground rules set. I'm getting really annoyed with the number of websites that try to guilt trip me into turning of adblockers, refuse to let you do anything until you do and the ones that insist you have to load up a bunch of shit cookies (often times the cookies they want loaded aren't needed for their site, it's just shit to track your behavior for their advertisers).
battletag: Millin#1360
Nice chart to figure out how honest a news source is.
uBlock Origin
Decentraleyes
HTTPS Everywhere
Privacy Badger
Facebook Container
There are a few more that people sometimes run, such as uMatrix and NoScript. Those require more manual intervention and don't necessarily make you any safer unless you know what you're doing. There are also anti-adblock extensions such as Nano Defender, but the author for uBlock Origin isn't a big fan of how they work, so caveat emptor.
E: I think that one in particular bundles things like jquery and all that locally and uses those instead of the CDN based ones google provides that a lot of people use.
Are you referring to Decentraleyes? If so, that's not how it works. It replaces commonly-used CDN resources with an auditable, open-source and Mozilla-vetted local library that is stripped of any source mapping or modification.
It prevents "trusted" CDNs from tracking where you go (which is the cost you pay for "free" CDN delivery), and it prevents untrusted CDNs from running whatever the hell they want just by virtue of declaring that they are a CDN that is giving you a script you need to run a webpage. Ideally these domains are prevented from connecting in the first place by virtue of uBlock Origin, but it's not a terrible idea to simply preclude them from trying by not needing to download from a CDN in the first place because you have a local resource already available.
It also actually makes browsing faster because you have a local library of commonly-used stuff and don't need to download them from somewhere else the first time you encounter them.