Bypassing Google's big anti-adblock update
(0x44.xyz)972 points by deryilz 2 days ago
972 points by deryilz 2 days ago
Never realized anything was happening as I was on Firefox, until I saw ads as my wife was browsing youtube despite installing ublock for her years ago.
My wife was pissed when I installed an adblocker for her - turns out she likes the ads.
I recently saw my GF's inbox, it's full of marketing emails, and when I told her she can unsubscribe or block them, she said she likes them as well.
There was a podcast I was listening to this week, and they were discussing the purpose of marketing emails, and they came to the conclusion that they're for women who actually open all of them lol. It was half sarcasm and pretty funny, not trying to by misogynist or something
YouTube recently started showing ads through uBO in Firefox.
On what platform? I've been using Firefox and uBO on Linux and Android for over a decade and never seen a YouTube ad.
Switched (back) to Firefox from Chrome years ago and haven’t looked back. Between uBlock and Privacy Badger my web experience is pretty good despite the endless assault on end users.
Could this be a subjective experience? Is it reproducible on multiple machines? And have you tried it with a new profile?
Well, many people have complained about this very issue, and it was actually from this [1] discussion that I learned that Firefox handles big PRs just fine. No amount of jumping through hoops, including creating a new profile, helped to make it work in Chrome.
Last time I used Edge (early this year), it asked me if I allowed to track me (the usual cookies message) when I opened a new tab, so while they still support Mv2, I'm not sure if it's the browser to use if you want some privacy and block ads.
I can’t help seeing ad blockers as fairless content consumption, like choosing to download films, musics and books without paying the creator and the distributor (VOD, MOD, concerts, libraries…). Sounds great for you but how would that work if everyone would do the same?
Although we all be happy to se more competition, using an ad blocker on Google sites (and G-add financed-sites) have no positive effect for the competitors.
Don’t take me wrong, I hate Ads and Google methods but we can’t all rob the same store and hope there will be infinite food on the shelves and that the next store will benefit from that.
Google doesn't exist in a vacuum. It's not written in the stars that Google must succeed. If Google's business model doesn't meet web users expectations then it's perfectly alright for Google to fail as a business. Businesses fail all the time.
Google is not special or different. Google can adapt or die.
Remember also that as Google has grown and captured more of the available attention and advertising dollars, other businesses that rely on attention and advertising such as free-to-air TV or print media have contracted and even failed. Google has shed no tears for them and, correspondingly, there's no need to shed tears for Google.
> Sounds great for you but how would that work if everyone would do the same?
I guess we would be free from companies such as Meta and Google? Where do I sign up?
You also seem to think that advertisement has no impact on alternative distribution methods. The fact that other viable options are scarce currently only shows that ad companies have a stranglehold on creative industries through their monopoly.
I sincerely hope that having produced a comment like that, you are not using ad blockers of any kind in any browser, including the reduced functionality Chrome uBlock Origin on manifest V3.
For me, ads broke the informal social contract between provider and end user years ago. Small, unobtrusive advertisements might've been okay, but ads eating an inordinate amount of my time and bandwidth, which exfiltrate my personal information, and which are served to me via SEO tricks and dark patterns are not okay. If sites want to ban me for not viewing their ads, fine. In the meantime, I won't lose any sleep over using my adblocker.
For you, if you are lecturing us on the moral imperative of viewing ads, then you better be viewing those ads yourself rather than only espousing cheap rhetoric.
This is a comical view. If protection of downloadable material that someone wants you to pay for, is removed by an ad blocker, then that is broken by design. Make a website that is suitable to sell things, is the solution.
Sorry, I skipped some part while writing. Edited to make sense.
Running ad blockers for me is a matter of principle. The amount of tracking and telemetry that exists on the Internet is 1. massively invasive from a privacy perspective and 2. massively wasteful from an energy, bandwidth and time perspective.
If you have something worth selling, then sell it.
I principally agree with you. But in reality, the ad-funded model has failed. It failed a long time ago.
There were never any restrictions placed on it, so it became a self-sustaining downward spiral to the current state of things. When I see the internet without an ad-blocker it is completely unusable. Quite frankly, I would most likely stop using most of the internet altogether if I couldn't block ads.
So what is the alternative? Same as always: paid services. A service / platform can either work out a pricing model that works for people, or it shouldn't / can't exist in that form.
Some people will argue that they'd rather have ads and also content for free and that's fine. Maybe some people can tolerate them. I cannot. I find them to be as close to experiencing physical pain as possible. It's like pure mind-poison and I will bend over backwards to avoid ads.
I am waiting for the age of smart-glasses to begin so that I can filter out ads in real-life as well. I simply never, ever, under any circumstances want to see any advertising ever.
If I want a product or service, I'll go search for it. I don't need anything to be suggested to me. And this is just my battle-hardened mind. I daren't think of what ads do to un-developed, children's minds.
It should be the government's responsibility to severely restrict advertising until it nearly doesn't exist. But that's not the world we live in, so I have taken matters into my own hands.
Most people are not thinking deeply about the nuances. But it seems fair: Google take away thing, for fake reason, Google bad.
It seems to me that adblocking adoption increases the more companies actively fight it/ramp up their advertising and drown us in it. I mean you have Microsoft injecting ads straight into their OS last I heard (correct me if I’m wrong) and they even charge for windows.
People clearly will live with ads but there is a point where it becomes way too much and some people simply won’t tolerate it at that point.
>They decided it wasn't a security issue, and honestly, I agree, because it didn't give extensions access to data they didn't already have.
So they admit that MV3 isn't actually any more secure than MV2?
I'd be shocked if anyone actually believes them. This article starts with the obvious conflict of interest. Of course letting an extension know what websites you visit and what requests are made is an insecure lifestyle. But I still do it because I trust uBO more than I trust the ad companies and their data harvesters.
No, MV3 really isn’t more secure. MV3 still allows extensions to inspect your requests — it just doesn’t allow extensions to block them.
It’s almost comical how weak the security/privacy argument for MV3 is. Chrome could have developed a sandboxed web request inspection framework to prevent data exfiltration, but they didn’t even try. Instead they nerfed ad blockers without adding any security.
I remember that another comical argument was performance. Supposedly, having extensions run in the background all the time is bad. So it's better to constantly, completely re-initialize them whenever an event wakes them up.
From https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-as...
>Keep in mind that uBO's own JavaScript-based network filtering engine has been measured to be faster than a well-known Rust-based filtering engine (though the measured difference back then was low single-digit µs, not something that will ever be perceivable by a end user).
I wish I could browse the web kinda like this but minus the human:
Make Signal video call to someone in front of a laptop, provide verbal instructions on what to click on, read to my liking, and hang up to be connected with someone else next time.
(EFF’s Cover Your Tracks seems to suggest fresh private tabs w/iCloud Private Relay & AdGuard is ineffective. VMs/Cloud Desktops exist but there are apparently telltale signs when those are used, though not sure how easily linkable back to acting user. Human-in-the-loop proxy via encrypted video calls seems to solve _most_ things, except it’s stupid and would be really annoying even with an enthusiastic pool of volunteers. VM + TOR/I2P should be fine for almost anybody though I guess, just frustrated the simple commercial stuff is ostensibly partially privacy theater.)
https://stallman.org/stallman-computing.html section "How I use the internet" ?
One of the main goals of MV3 seems to be nullifying protection against tracking URLs. Most of the discussion about adblocking technically "still working" under MV3 misses this point. It doesn't matter if you're actually served ads or not, when when your underlying habits can still easily be collected from the combination of fingerprints and tracking URLs.
> Most of the discussion about adblocking technically "still working" under MV3 misses this point.
Because it's a dishonest point. Ad blocking still works. All the same ads can still be removed from the page. Tracker blocking doesn't. This is still a huge problem for privacy. But while nearly everyone dislikes seeing ads that interrupt your content, people who actually care about tracking privacy are a much smaller group. The latter group are trying to smuggle concern for the latter issue by framing it as the more favorable issue to garner more support from the former.
I assume that those who care to block ads also care to block trackers, if they care about MV3 at all.
What I don't understand is why Google doesn't offer users the ability to add some extension ids into some whitelist to allow them using very sensitive permissions.
Force those extensions to have an prominent icon on the UI with a clear tooltip asking "did you install this yourself [No]" for easy removal, in case someone else did install it without you knowing.
There are so many ways to make this work, but they have zero interest in it.
I've started assuming bad intent after WEI, even though it was dropped.
I believe them. The restrictions are reasonable and appropriate for nearly everyone. Extensions are untrusted code that should have as little access as possible. If restrictions can be bypassed, that's a security bug that should be fixed because it directly affects users.
I also think uBlock Origin is so important and trusted it should not only be an exception to the whole thing but should also be given even more access in order to let it block things more effectively. It shouldn't even be a mere extension to begin with, it should be literally built into the browser as a core feature. The massive conflicts of interest are the only thing that prevent that. Can't trust ad companies to mantain ad blockers.
> Extensions are untrusted code that should have as little access as possible.
It's entirely possible to manually vet extension code and extension updates in the same way that Mozilla does as part of their Firefox recommended extensions program.
> Firefox is committed to helping protect you against third-party software that may inadvertently compromise your data – or worse – breach your privacy with malicious intent. Before an extension receives Recommended status, it undergoes rigorous technical review by staff security experts.
https://support.mozilla.org/en-US/kb/recommended-extensions-...
Other factors taken into consideration:
Does the extension function at an exemplary level?
Does the extension offer an exceptional user experience?
Is the extension relevant to a general, international audience?
Is the extension actively developed?
It's a logic I fully agree with. As the owner of the computer, you should of course be able to do whatever you want. The APIs should still be designed around sandboxing and security though.
I only trust free software, and only after I have read its source code and evaluated the distribution channel. I don't want proprietary obfuscated third party code running on my computer without some serious sandboxing and virtualization limiting access to everything. I went so far as to virtualize an entire Linux system because I wanted to play video games and didn't trust video game companies with any sort of privileged or low level access to my real Linux system.
Malicious actors are known for buying up popular extensions that are already trusted by their user base and replacing them with malware via updates. The proper technological solition to such abuses is to make them literally impossible. Exceptions can and should be made for important technologies such as uBlock Origin.
Would that rip off the how-do-we-fund-the-web bandaid, forcing new solutions? Worry about the interim where some publishers would presumably cease to exist. And who would remain afloat—those with proprietary apps, as Zucky as they are, I’d guess…
UBO is absolutely incredibly important. Figure you might know more than me about how journalists and reviewers and the like can still earn a keep in a world with adblockers built in to every browser.
> Would that rip off the how-do-we-fund-the-web bandaid, forcing new solutions?
Absolutely. The web is mostly ad funded. Advertising in turn fuels surveillance capitalism and is the cause of countless dark patterns everywhere. Ads are the root cause of everything that is wrong with the web today. If you reduce advertising return on investiment to zero, it will fix the web. Therefore blocking ads is a moral imperative.
> Worry about the interim where some publishers would presumably cease to exist.
Let them disappear. Anyone making money off of advertising cannot be trusted. They will never make or write anything that could get their ad money cut off.
People used to pay to have their own websites where they published their views and opinions, not the other way around. I want that web back. A web made up of real people who have something real to say, not a web of "creators" of worthless generic attention baiting "content" meant to fill an arbitrary box whose entire purpose is to attract you so that you look at banner ads.
I get what you mean and I think we align here, but I trust the uBlock team infinitely more than I trust Google to make my own extension decisions. I know there's a subset of regular users who fall for all manner of scam, but Manifest V3 doesn't even solve any of those issues, the majority of the same attack vectors that existed before still exist now, except useful tools like uBlock can no longer do anything since they got deliberately targeted.
Besides, there's ways of having powerful extensions WITH security, but this would obviously go against Google's data harvesting ad machine. The Firefox team has a handful of "trusted" extensions that they manually vet themselves on every update, and one of these is uBlock Origin. They get a little badge on the FF extension store marking them as Verified and Trusted, and unless Mozilla's engineers are completely incompetent, nobody has to worry about gorhill selling his soul out to Big Ad in exchange for breaking uBlock or infecting people's PCs or whatever.
This comment reads as if those villains have to provide explanations. Bitch they are Google they ask the questions. If they want they can pirate everything then sell it to make some cash, the stupid laws that we have to follow don't apply to them.
IMO those organizations should pay the taxes for all the people in the country they're being used at. This will create the best incentive for them to succeed.
An adblocker is a firewall for your brain. Google should have no say over what I consume and when and with for instance youtube being pretty much unavoidable their monopoly position is abused by forcing you to pay for it. Doubly so because of the bait-and-switch, I'm fine with platforms that start off being ad supported, I'm not fine with platforms that become huge on piracy that are free to use by everybody and not an ad in sight and then when bought out suddenly you end up as a captive lemon to be squeezed.
Switching costs for consumers are pretty low. Though I'd agree that for producers, it is hard to compete anywhere else.
That's not really true. Youtube is the de-facto means through which a lot of companies and even governments communicate important information to the general public. It took the place of a lot of public broadcasting and documents supplied in paper form. This is highly annoying but hardly a choice on the part of the recipients.
> Adblockers basically need webRequestBlocking to function properly. Pretty convenient (cough cough) for a company that makes most of its revenue from ads to be removing that.
Why does this keep getting repeated? It's not true.
Anyone can use uBlock Origin Lite with Chrome, and manifest v3. It doesn't just work fine, it works great. I can't tell any difference from the old uBlock Origin in terms of blocking, but it's faster because now all the filtering is being done in C++ rather than JavaScript. Works on YouTube and everything.
I know there are some limits in place now with the max number of rules, but the limits seem to be plenty so far.
It depends on how you interpret the word "properly". There are ads and adblocker-detection techniques that can't be blocked by MV3-style static filtering.
If "properly" means "can block all ads" then you're wrong. If it means "can block some ads" then you're right. If it means "can block most ads" then you're currently right, but likely to become wrong as adtech evolves around the new state of play.
Don't forget Chrome launched with built-in popup blocking. Now we just have popunders, in-page popups, back-button hijacking etc. Ads, uh... find a way.
It is true though. Like, literally. Why do you think it is called Lite?
The statement was: "Adblockers basically need webRequestBlocking to function properly. "
This is demonstrably false, ublock lite proves that adblockers can work without it.
Whether or not ublock lite is missing functionalities because of MV3 is irrelevant to the original statement that adblockers need webRequestBlocking.
> This is demonstrably false, ublock lite proves that adblockers can work without it
uBO Lite is missing plenty of features: https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-as...
> Do you not agree that "properly" means "having all the functionality they had with MV2"?
Of course it doesn't, if MV2 provided a bunch of edge case stuff that doesn't matter for normal adblocking.
> So your argument is that if an extension could block even a single ad with MV3
That's a silly thing to say. No, it's that if it's blocking 99.9+% of ads it should definitely be considered to be functioning properly. Which uBOL definitely is.
Quibbling over whether it blocks 99.999% or 99.99999% is not relevant to whether it functions "properly". It clearly does.
> Whether or not ublock lite is missing functionalities because of MV3 is irrelevant to the original statement that adblockers need webRequestBlocking.
It can be relevant depending of how you define properly. If it depends on any of those functionalities that are missing, then it’s relevant.
> It is true though. Like, literally.
Doesn't seem true to me. If it's true, then why is uBlock Origin Lite functioning properly as an adblocker for me?
> Why do you think it is called Lite?
Because it's simpler and uses less resources. And they had to call it something different to distinguish it from uBlock Origin.
One of the most frustrating things about these discussions is that it-works-on-my-machine effect. Anecdotal evidence is easily surpassed by a deeper understanding of the mechanisms that are changing. Here's what the author of uBlock Origin says about its capabilities in Manifest V3 versus Manifest V2.
> About "uBO Lite should be fine": It actually depends on the websites you visit. Not all filters supported by uBO can be converted to MV3 DNR rules, some websites may not be filtered as with uBO. A specific example in following tweet.
You can read about the specific differences in the FAQ:
https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-as...
My personal take is if you're a pretty unsophisticated user and you mostly don't actually interact with the add-ons at all, Manifest V3 will probably be fine.
If you understand how ads and tracking work and you are using advanced features of the extension to manage that, then Manifest V2 will be much, much better. Dynamic filters alone are a huge win.
I believe that another change is that ad blockers cannot update as quickly now? If that is true, since ad blocking is a cat and mouse game, doesn't that make ad blocking with a delay less functional?
No, that's not true either. Updating rules is allowed. The restriction is about updating code.
Hmmm, according to this post [0], ad blocking lists must now be updated via store updates. Is that not the case?
[0] https://old.reddit.com/r/uBlockOrigin/comments/17as8o8/the_r...
So OP got Google to patch a harmless "issue" that could've been used by addon devs to bypass MV3 restrictions. Hope it was worth the $0.
Said bypass would exist for maybe a day max before getting nuked from orbit by Google. If anything, there was a non-zero chance OP would've gotten paid and he took it. I don't blame him.
I don't agree with this conclusion. Google is fully responsible for MV3 and its' restrictions. There's no reason to shift blame away from them.
Let's do a thought experiment: if OP hasn't reported it, what do you think would happen then? Even if different ad blockers would find it later and use it, Google would have still removed this. Maybe they'd even remove extensions that have (ab)used it from Chrome Web Store.
Indeed.
Perhaps a hobbyist would code “MV2-capable” MV3 adblocker for the fun of it, forking UBO or something, as a proof-of-concept. How much time would anyone spend on its development and who would install it when the max runway’s a few days, weeks, or months?
It seems someone's already done it. It requires some extra setup, but I managed to get it working on my machine.
Associated Show HN post from 5 hours ago: https://news.ycombinator.com/item?id=44543094
Google isn't any less responsible just because somebody else also did something bad. Blame is not a zero-sum game
If we think your line of argument to the logical extreme, then being upset at at somebody who ratted out a Jewish hideout to Nazis would shift blame away from Hitler. That's obviously absurd. Both are bad people, and one being bad doesn't make the other less bad. And if one enables the other being more bad then that makes both of them worse, it doesn't magically shift blame from one to the other
Yeah, that was my take as well. OP did some free work for a megacorp and made the web a little bit worse, because "security, I guess" ?
Good job.
I suppose that switching to Brave will be one of the best solutions after all. They have already comment this in June: https://brave.com/blog/brave-shields-manifest-v3
I've tried Brave a few times. Doesn't seem significantly different from Chrome. Chromium will likely still dominate future choices for web standards and Google will still control what implementations work on the biggest properties.
What makes Brave trustworthy enough for us to run our entire life through it? For me it's irreparably forever tainted by crypto grifting.
The 'crypto grifting' is something you can turn off completely, it's there as a way to make the browser sustainable without accepting payments from Google to make it the default search engine.
I'd argue its far more trustworthy than modern day Firefox/Mozilla, they're not exactly the second coming these days.
What makes Firefox more trustworthy?
That's kind of like saying "yeah this is a mafia pizzeria but you can come eat at hours when the goons aren't there". Besides, why does Brave need that much funding? All they make is a Chromium wrapper, Google does all the work for them. They're not really an actual alternative in that sense, they just stuff it full of adblock, crypto, and god knows what. There was even a thing recently where it autoinstalled a VPN.
Yeah it's true that Mozilla's mostly financed from Google's anti-antitrust payments, but at least they actually made something of their own and have a trustworthy track record three decades long as a non-profit and Netscape before that.
Non-profits get a tiny bit more leeway in my book. Brave is not one of them.
I don't "bypass" Chrome when they want to melt my brain with their business model, I use Firefox. I don't "bypass" Windows when they want to melt my brain with their business model, I use Linux. No idea why so many "hackers" doing "bypasses" can't instead take action that is simpler, long lasting, and easier. Do people need to jerked around 50 times for 20 years before realizing it will keep happening and their "bypasses" are just temporary bandaids?
"Because that's what it means to be a hacker."
Sure. But to me "hacking" this cat and mouse game is not very compelling. I feel like I've seen a thousand articles exactly like this over the years. This won't work in 4 months.
"It was patched in Chrome 118 by ..."
Or already?
>But I don't know how to make an adblocker, so I decided to report the issue to Google in August 2023. It was patched in Chrome 118 by checking whether extensions using opt_webViewInstanceId actually had WebView permissions. For the report, I netted a massive reward of $0. They decided it wasn't a security issue, and honestly, I agree, because it didn't give extensions access to data they didn't already have.
The effort to overcome the community's chance at discovering the workaround?
It was never going to last long enough anyways, being sure to get patched as soon as any adblocker uses it.
It's however still interesting in the sense that it might be fairly trivial to change, so chances are the next adblockers are going to ship executable that wrap chrome, modifying something like that at launch, allowing their extension to make use of it.
Obviously Google is going to hate it when random popular extensions start nagging users to download and install "companion" software in order to work, since that will train users to not think twice about these things and bypasses legitimate security efforts.
But Google made their own bed - and that of their users. Now they all get to lie in it together.
> use Linux
except that for a majority of users, windows is where their applications are at - such as gaming, word processing, or some other thing. Sure there are replacements (somewhat) for each of those categories, but they are not direct replacements, and require a cost of some kind (retraining, or a substitute quality). This is esp. true for gaming, and it's only recent that gaming has made some inroads via the steam deck (steamOS), which isn't available to a general PC (only handheld PCs with AMD processors iirc).
People who say "just switch" to linux hasn't done it for their family/friends.
> except that for a majority of users, windows is where their applications are at - such as gaming, word processing, or some other thing.
Until you switch to linux you won't understand how inferior your windows setup always was.
It's hard for us to tell you what you are missing out on, you simply need to experience it.
I mostly game in a Windows 10 VM running on my Linux desktop computer. Single keypress to switch to Linux workspace.
This is not because Linux gaming is horrible broken, but rather it gives me a fully separate leisure desktop, and my main Linux desktop is work only.
It also gives me 100% compatibility, unlike wine.
> People who say "just switch" to linux hasn't done it for their family/friends.
When we say so here, we are telling you to switch.
Nobody should be forcing anything on friends/family.
I always suggest MacOS for friends/family for ease of support. I would never recommend Windows to anyone.
> I mostly game in a Windows 10 VM running on my Linux desktop computer. Single keypress to switch to Linux workspace.
Apologies for hopping on this thread with off topic question, but would you mind describing your setup?
I haven’t tried this in years, but last time I did I had trouble getting pass-through to some of my hardware, in particular my nvidia card.
Agree with your approach 100%!
> I mostly game in a Windows 10 VM running on my Linux desktop computer. Single keypress to switch to Linux workspace.
> This is not because Linux gaming is horrible broken, but rather it gives me a fully separate leisure desktop, and my main Linux desktop is work only.
> It also gives me 100% compatibility, unlike wine.
You would get a fully separate leisure desktop if you were running Linux in that VM so it sounds like you are running Windows in the VM because Linux gaming is not adequate.
I'm not the person you replied to, but I'm in a situation where I want GPU passthrough to Linux guests. The problem is that the Looking Glass guest application for linux is unmaintained. This makes it impossible to have the same setup but with a linux guest instead of Windows.
If you want to have GPU accelerated video output from a guest vm to a linux host, the only way is with a Windows guest (to the best of my knowledge). If you just need compute then that is different.
Of course it depends on what you're playing, but VM gaming is not 100% compatible, lots of anti cheats will ban VM users and it's a cat and mouse game to not get detected.
Can you comment more on your VM setup? Can it utilize the GPU properly? Any performance or compatibility issues with running windows in a VM? Etc.
That's so much less true nowadays,
Web has become the default platform, where most people run most of their app/spend most of their time. Even Microsoft has had no choice but to embrace it, and Outlook (as in, the one from Microsoft office) is now a web first app (normal outlook is rebranded "classic" and we all know where this is heading, for better or worse). In a way, that makes switching OS much easier.
If you add to that that Windows itself is getting major visual overhauls from version to version (sometimes even within) it's not like sticking with it protects you from having to learn different UX paradigms and habits.
And regarding gaming, well, linux with Proton runs games faster than Windows nowadays, that's how little Microsoft cares about gamers/how good Valve is (depending on how you look at it), but the fact of the matter remains.
I was going to post a rant on drivers in Linux, but on my newest Lenovo laptop Linux Mint/Ubuntu off the shelve driver support is actually complete and Windows 10 (unsupported by Lenovo) extremely lacking (no wifi driver, no lid driver, no proper standby). And there's no way I'm going to start using Windows 11.
So yeah, maybe this is the year of Linux. After decades on this planet :p
Thinkpad E14, same experience. Windows 11 installer doesn't even see the wifi card, under Ubuntu everything works ootb.
> (steamOS), which isn't available to a general PC
Most of its secret sauce is either in Proton or upstreamed into Wine, DXVK, SDL, etc. All available to a general PC.
Unless your focus is competitive online games, which often come with Windows-only anti-cheats, you've got a huge catalogue of great games playable on Linux distros. I did the switch about four months ago and I'm not missing Windows, the only pain point has been Nvidia drivers and I'll be solving that by switching vendors.
I disagree that that's the majority of users.
The majority of users either use only web applications, or web applications and Microsoft Office.
The true majority of users are on mobile.
Windows is only unreplaceable for gamers. Which is fine, because Windows is a toy anyway.
> Microsoft Office
Doesn't even exist anymore. She's "365 Copilot" and web-first now.
>Windows is only unreplaceable for gamers.
And quite a few musicians. When they make my software for Linux - and, it works ootb - I/ we'll be willing to change.
I don’t know. Eventually you read enough of this stuff and you would rather the next breath be, take leadership on a real solution. To me it’s a “sequitur” to say, the biggest fuck you is to convince people to stop using Chrome, not to fix bugs for their extremely highly paid engineers for free.
I switched to Firefox, but I'm unfortunately stuck to Windows for professional work. I need several high profile software to get proper Linux support before I can make that jump.
When I eventually go indie, though: I am 100% making use of a Linux workflow.
>Do people need to jerked around 50 times for 20 years before realizing it will keep happening and their "bypasses" are just temporary bandaids?
Sadly, yes. The networkign effect is extremely strong. Twitter was complained about even before musk, but it still too 3 years before people really started considering the move. emphasis on "consider": because twitter still has a lot of foot traffic for what it is in 2025.
I get what you're saying, but the problem is the software does 90% of what I want really well and I like that they do that 90% super well and I want to keep that.
In your Windows vs. Linux example, Linux just doesn't do a lot of things very well on the UI/UX side of things (e.g., window management, driver support, an out of the box experience). Knock Windows all you want, but it honestly does quite a few pretty important things very well.
So that's why I'll spend some time to resist the negative changes.
>In your Windows vs. Linux example, Linux just doesn't do a lot of things very well on the UI/UX side of things (e.g., window management, driver support, an out of the box experience).
That judgement confuses me a lot. Window management, drivers and out of the box experience has been much better in Linux for the last 10 years in my experience. Sure, there are some companies that don't ship drivers for Linux or the configuration software is not fully fledged. Window management has almost always been better in Linux, but of course depends on the WM. Windows innovated one nice feature in Vista (aero snap) which most desktop environments has implemented since.
If you install Fedora, Ubuntu or Linux Mint, what are you lacking from that out of the box experience? Generally no driver installation needed, and no cleaning up of bloatware.
With regard to window management, this will certainly depend on the distro. Ubuntu's WM has been quite good I'll admit, but that seems to have occurred in only pretty recent versions in the past 5 years or so. My previous experience with Ubuntu had the window management closer to the experience that MacOS provides (albeit slightly better). Ultimately, this point is subjective, so maybe it wasn't the best example.
Driver support is still a very big problem in my opinion, especially if you're a laptop user. There was a lot of tweaking with power configuration that I needed to do to prevent my laptop running Ubuntu 22.01 from dying in 2 hours. Additionally, trackpad drivers were horrendous, which made two-finger scrolling next to impossible to do with any sort of accuracy. Hardware accessories like printers, keyboards, etc. are still a gamble.
You're right though that it has gotten a lot better, but it's these little things that prevent most users from making the switch.
Have you ever used Linux with high DPI monitors? Windows handles them OK since Windows Vista, and really well since 8. I've seen the classic Windows XP bug of measurements not being scaled and labels being cut off on modern Linux.
How about mixed DPI multi monitor setups? Great since Windows 10. On Linux, you're screwed. X doesn't support this. Wayland does, but not all apps work well with that, and not all apps and GPUs support Wayland.
People like the service/product, but don't like cost.
So the solution is mental acrobatics while using a backdoor for access.
I get it, and mostly agree, but sometimes consumers don’t have much choice with browsers and OSs; moreover, most consumers are simply technologically ignorant or agnostic of those things. Many users don’t even know exactly what a browser or OS is, and they just want to live their lives scrolling through tiktok or getting work done.
> No idea why so many "hackers" doing "bypasses" can't instead take action that is simpler
Because hacking is about solving hard and unnecessary problems
Another advantage of this approach is that collectively it applies pressure against such toxic business models. This pressure can have an outsized impact for the number of people that do it because it skews towards technical people who will naturally influence their area of expertise more than the same number of lay users.
Not everyone has your luxury of being able to choose their tools.
The article is clearly not intended as an ad-blocking tutorial, it is an article about security research and API weirdness.
Sure, it inspires ad blocking meta-discussion, but if you're complaining that the author has a strategically suboptimal approach to blocking ads then you have missed the point.
For me, I like being able to set a default font/size/colour for all websites as an override. Chromium browsers don't do that out of the box.
I like that it quarantines most of Facebook's shenanigans with cookies and the like.
I can't compare Brave's adblock to uBlock Origin, but it's probably good enough.
The "crypto bullshit" which is a notice on the start page with an option to permanently remove and turn it off.
I swear people slating Brave here haven't actually even installed it.
Oh and its opensource, not like theres anything hiding in the shadows here, you can go and look at the code behind how its all working for yourself if you're that paranoid.
Bro it’s for the fun and interest of figuring it out. That’s what hackers do. The writer obviously knew it’s a “temporary bandaid” — they notified Google about it themself.
Is this on Linux? Do you have an example of a website where Yubikey does not work? I'm curious, because I use Firefox on Linux for years, also for work, and never hit a site where my Yubikeys would not work. (I'm also using Google Meet regularly for work from Firefox without problems)
Yes, Linux.
No site works for me. Facebook, Google, none of them work. Even the demo at https://demo.yubico.com/webauthn-technical/ does not work.
I'm with you with this idea but relying on firefox is not much better. I use PWAs a lot and Firefox decided that PWAs are not worth implementing or maintaining their past implementation.
I still use firefox 70% of the time but this is wrong and go against what the users want.
+1 to this. This is probably the only thing that keeps me from ditching Chrome/Brave and going back to Firefox.
Yep. That and stuff like the filesystem API. That thing is so useful for apps like excalidraw, photopea, etc,. They really need to implement it.
They should at least implement it behind a feature flag, if they feel like virtue signalling how they're oh-so-concerned for the privacy implications. (while simultaneously launching an ads business in the backdrop)
Billions of non-programmers, who have no idea what an extension manifest even is, use Chrome.
Great, except firefox is pretty bad nowadays.
Not their fault of course, with people not testing websites on non chrome derived browsers.
> except firefox is pretty bad nowadays.
Pretty bad as in that isn't true?
Firefox is the option that doesn't intentionally leave users vulnerable to hostile adtech. Firefox is the option with containers. Past that it is performant and reliable under a wide variety of user loads and platforms.
or Pretty bad as in Firefox+forks are better than the alternatives?
It is true that some unfortunate default options were recently added to Firefox configs.
Those options are unfortunate because they are variants of anti-user options baked into Chromium - options created to keep Chromium users susceptible to big-tech's worst intentions.
Those "default options" are precisely "intentionally leav[ing] users vulnerable to hostile ad tech" (e.g. PPA). It's built into the browser and on by default. Mozilla have very explicitly stated they believe ads are critical for the web. It is still better the chrome though (and a patch set like librewolf is better still).
How? Seriously, I keep seeing this argument against using Firefox, but as a long time user I fail to see any glaring issues with it.
The only websites that break for me are those I broke on purpose by using ad-block.
> I keep seeing this argument against using Firefox, but as a long time user I fail to see any glaring issues with it.
No glaring or usability issues.
What happened is that Firefox added some defaults that mimic a tiny bit of Chromium browser behavior.
Recommend extensions as you browse
Recommend features as you browse
Send technical and interaction data to Mozilla
Allow websites to perform privacy-preserving ad measurement
> trouble on Firefox can be counted on a single hand
*over the course of a few years, seriously.
In particular, it's sad to encounter such a rare issue only to then discover its true origin - Firefox implemented a necessary functionality according to spec, whereas Chrome decided to do its own thing. Case in point video streaming with Motion JPEG, Firefox dispatches events on every frame and uses a lot of resources, but Chrome decided not to do that, against the spec.
I set my default choice to pro-privacy (Firefox) and occasionally give it up to some Chromium variant if I depend on a functionality and a website justifiable needs it. The disruption to my workflow here is such a minor thing compared to what I gain usability wise, especially in the long run. I would never treat a software program like some religion, and it saddens me that even computer-savvy people do just that.
> the number of website that ever gave me trouble on Firefox can be counted on a single hand
Also important is that they tend to be Google assets like Gmail.
I've switched to Firefox 3 years ago now after using Chrome for a decade. The list of things I missed from chrome:
- Tab grouping, now added in Firefox as of a few months ago
- built-in translation services. Firefox is slowly introducing this, but its missing many languages. In the meantime, a translation extension works fine.
- Google products operating better... but the issue here is obvious and outside of Firefox's control.
- various micro quirks from random sites I might find during research. Nothing functionality breaking, just clear examples where there was likely hard coded chrome user agent business.
- the occasional extension on Chrome that didn't have a Firefox port. This happened maybe 4 times total.
so, 2 things that are fixed (or close to), one anti-competitive measure, and the 2 smallest nitpicks I could imagine. I don't know what the fuss is that justifies Firefox being considered vastly inferior to Chrome these days. Even thsoe small issues are far offset by the ability to have proper adblock. Using Adblock on Chrome for my work computer is miserable.
Firefox has been my main browser for almost 10 years and I haven't encountered any challenges other than availability of plugins, but even that has been a very rare issue.
Haven't missed Chrome once since switching to https://brave.com/
The point is you don't need to worry about manifest v3 interfering with ad blockers, because Brave has an ad blocker built into the browser. Also makes it a good Chromium-based option for mobile, since you can't install extensions on Chrome mobile at all.
In the "cons" column, Brave is still a for-profit and has a bunch of features that continue to give some people the ick. In the "pros" column, there's a bunch of "how to debloat Brave" content showing how to improve the default kitchen-sink confifguration. https://www.youtube.com/watch?v=W6cKFliWW6Q
Not being able to run Twitch on it has me switch for brief periods.
Heh, funny, Twitch was the primary reason I installed Brave because it was being glitchy on Firefox (at the time years ago - no longer the case). I've never had trouble with Twitch on Brave.
The adblock causes a twitch stream error. I can watch until the first ad. This is annoying, so I switch to vanilla chrome.
Shields can be turned off right from the url bar as needed.
>Brendan Eich's hateful hands
LOL California Proposition 8 was pretty mainstream opinion back then. Maybe stop with the ex post facto persecution?
Hate can be popular but that still doesn’t make it right. He knew that he was spending money hoping to take away rights from people he knew, to tell some of them that their marriages shouldn’t be allowed, and did it anyway. That’s hateful regardless of how many other people joined him.
It's the top of the list because it works so well. I forget it's a different browser most of the time. I was able to turn off everything extraneous that I was concerned about. Brave is also Open Sourced.
I really don't care about crypto stuff. If you do, I can understand why that's a dealbreaker for you. But for me, it doesn't matter at all. I just turn the crypto features off and continue on my way.
The crypto part is an optional thing, which takes a split second to turn off - thats it. Once its off you are basically running chrome without the google call home, and with a built in adblocker unaffected by manifest v3.
It's also opensource so it's not like theres anything being hidden here.
Maybe take a look at Vivaldi, it's a continuation of the old Opera, with basically the same development team. It's the most user-friendly and configurable option at this moment, they're very responsive to feedback, and are the only organization that doesn't have some horrible privacy violations in the past (maybe excluding Apple, I don't know and don't care, 90% of users on this planet can't run Safari).
Also they are in Norway if you care about that sort of thing.
It's not FOSS, though, at least for now.
Would love to give Firefox a chance but one thing that stops me (apart from occasional website loading bugs) is inability to install PWAs. Not sure why it’s not implemented like it has been for a long time in Chrome and all its forks.
I have found a 3rd party extension that claims to facilitate this (0) but still feel uncomfortable to use this for privacy reasons.
(0) https://addons.mozilla.org/en-US/firefox/addon/pwas-for-fire...
If you really care, it's ok to just Firefox for the majority of your web browsing activities but use Chrome or a fork for PWA.
Although using Firefox increasingly means a worse experience, including:
* infinite loop of Cloudflare verification * inferior performance compared to Chrome (page loading, large page scrolling) * subtle bugs (e.g. audio handling) * WebUSB support
I have personally run into all of them. Some are under Firefox's control but others are not. I do still use Firefox for most websites unless it's technically not possible, but unfortunately the exception is happening more and more.
> * infinite loop of Cloudflare verification * inferior performance compared to Chrome (page loading, large page scrolling) * subtle bugs (e.g. audio handling)
The first two are likely due to extensions rather than the core Firefox. I find at least as many cases where it’s faster, and it usually uses less memory. The third one has high variability - I’ve reported enough bugs against all of the major browsers not to trust any of them but these days there are a lot of web developers who only test on Chrome and half of the time I find what appears to be a bug in Safari or Firefox it’s really an unnecessary reliance on something Chrome specific.
I don't run into CAPTCHA loops with Firefox. Have you tried changing your user agent to pretend to be Firefox on Windows or Mac? I've heard Linux users are more likely to be interpreted as bots.
The machine is on a corporate network, that's the issue. I don't have issues when
1) using Chrome/Edge on that same machine on corporate network 2) using Firefox on Linux on corporate network 3) using Firefox on Windows on my own machine at home
Unfortunately.
Firefox is awful. Both as a browser itself and as a base for other browsers. Such a shame that Zen didn't use Chromium :(
Your comment is pretty meaningless without more specifics.
I switched to Firefox again back in 2017, I have 0 issues with it. If anything it's faster and less resources hungry than chrome in my usage. The extension ecosystem is now arguably better with MV3 being rolled out to chrome.
Probably the only annoying thing was learning where the buttons are in the devtools. They're all still there, just laid out differently. It took about a week to get to grips with that.
What exactly makes you say it's an awful browser?
I use Zen everyday and a love it! I am glad they chose Firefox as a base, otherwise I would have skipped it. Firefox is stable, I open it when I boot my PC which runs for weeks and never think anything about it. On topic of ad blocking, I think that there are more ways to anoy users using ad blockers today despite of which browser someone uses, with ad block detection and blocking access. If your browser is build by a ad company, expect these changes. For this reason I won't use these browsers
Weird, Firefox blows Chrome out of the water. What do you smoke?
The smoke on the water!
More seriously, I'm a Firefox user since ~2006 but I'm about equally surprised by the statement that Firefox should blow Chrome/ium out of the water as that Firefox supposedly sucks. They're both browsers. I think Chromium is a bit faster in page rendering, whereas Firefox is more open, privacy-friendly, and customizable. Similar to how I wish consumers would not choose an anti-consumer organization (anyone who values a free market and general computation1 should not choose iOS), I think nobody should choose Chrome but, still, I can understand if someone does choose it because they've gotten used to how it works and they're not willing to change. It's about equal in practical functionality that 95% of people use, wouldn't you say? Or in what way is Firefox blowing Chrome out of the water?
¹ https://www.thekurzweillibrary.com/the-coming-war-on-general...
The best bypass is to use Firefox. uBlock Origin works best in Firefox:
https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...