|
Storm One posted:Chrome will probably cripple uBO and all other ad-blockers soon. And guess who will follow their masters? https://blog.mozilla.org/addons/2018/10/26/firefox-chrome-and-the-future-of-trustworthy-extensions/ quote:So I would like to publicly invite Google to collaborate with Mozilla and other browser vendors on manifest v3. https://old.reddit.com/r/firefox/comments/aithmh/raymond_hill_creator_of_ublock_origin_ubo_and/eerce78/ quote:We should stop being surprised. Mozilla has been following Chrome for years now. There's no reason to think that they'll do anything else. quote:Mozilla already changed their whole addon API to be more compatible with Chrome. If Chrome now changes their extension API, Mozilla has to decide if they want to break this compatibility paid for by many man-hours, or follow Chrome and change the Firefox addon API in the same way. Mozilla has already showed that they wont hesitate to screw the addon developers if they are in the way of their goals.
|
# ? Feb 3, 2019 16:09 |
|
|
# ? Jun 5, 2024 20:13 |
|
FRINGE posted:And guess who will follow their masters? If they do, then the Web is dead.
|
# ? Feb 3, 2019 16:16 |
|
FRINGE posted:And guess who will follow their masters? The Mozilla guy saying it has privacy benefits is correct (due to how new adblockers would work) but he points out that the filter limit is too low and also he isn't on the team working on addons. It's just some random Mozilla guy. There is no reason to believe Mozilla is going to try and kill all good adblockers.
|
# ? Feb 3, 2019 16:47 |
|
Storm One posted:Have you enabled privacy.resistFingerprinting? If so it overrides a number of other settings, one of which is site specific zoom, despite what about :config may tell you. That’d be it. Which is a surprise, because I have had it enabled for some time yet never noticed that site specific zoom was disabled. I am not sure whether maybe resistFingerprinting failed to override it as a bug until now, since I only came to notice it as soon as I upgraded. It could certainly be coincidence, though. As an aside, I’d prefer if resistFingerprinting went through and changed all those other about :config flags. Firstly so I knew what was going on, and secondly so that I could choose to re-toggle on my own choice of balance between fingerprinting resistance and features. Anyhow, thanks for solving that mystery for me!
|
# ? Feb 3, 2019 18:02 |
|
You may still control site specific zoom with extensions and keep using resistFingerprinting's other features but that does undermine its purpose.
|
# ? Feb 3, 2019 18:20 |
|
Mozilla has to realize, with Firefox's puny market share, that the vast majority of users are somewhat-advanced, that is, the type of people that choose to use it over the simplicity of Chrome. Those advanced users are the exact type to hate crap like auto-suggested extensions. Features like that are unlikely to pull anyone towards FF, so why bother creating them?
|
# ? Feb 3, 2019 19:38 |
|
Malloc Voidstar posted:Mozilla wanting Google to collaborate with them on the development of the web extension API makes total sense because they both use it and there's no standard. Saying "we want you to work on this with us instead of by yourself" is not Mozilla saying "we want to do literally everything you do". Have you followed Mozilla/Firefox over the last, what, three+ years?
|
# ? Feb 3, 2019 19:49 |
|
Lightningproof posted:Sorry for the basic question, but I can't seem to get an even vaguely-definitive answer anywhere else. If I use Chrome with uBlock Origin (with most filters turned on), uBlock Origin Extra, Decentraleyes, HTTPS Everywhere, and DNT on, is there really much of a privacy advantage from switching to Firefox? Depending on where I look, I either hear "Chrome just has worse default settings for user privacy but can be just as private as FF", or "Chrome contains in-built trackers you literally can't get rid of and the CIA laugh at your browsing history over lunch". In Firefox you can turn on first-party isolation: each domain you visit gets its own sandbox of cookies. Facebook can still set a nasty-tracker.com cookie, but no sites other than Facebook can read it. They can set their own nasty-tracker.com cookie if they want, which again, no other site can read. If that breaks things you need (it can interfere with things like single-sign-on, for obvious reasons), then you can do the same thing yourself in a more targeted way with container tabs. I don't believe Chrome has anything that compares to either of those, short of running multiple browser instances with different profiles. Firefox also has a setting to resist fingerprinting -- specifically, it always hands out the canvas fingerprint of Torbrowser, which is the most common fingerprint out there (since most others are unique). You can also turn off webRTC and webGL to prevent information leakage there, but that can probably be done on Chrome also.
|
# ? Feb 3, 2019 22:46 |
|
orcane posted:Have you followed Mozilla/Firefox over the last, what, three+ years? The guy on reddit is also a supreme idiot: Yes, let's block uBO from being able to do anything so that more credential-stealing javascript gets run on the main context. This is a good engineering tradeoff to make and also I appear to have eaten nothing but lead paint my entire life. Also, let me tell you exactly how much fun that cookie-forgetting bug was when you deal with websites that require devices be confirmed by someone who isn't me just trying to login and get my work done.
|
# ? Feb 5, 2019 05:28 |
|
If you, like me, are worried Firefox will go with Google and kill adblockers maybe consider getting adguard for your computer. It basically functions like a pihole, but only on your computer and not on your network; can even hide your IP kinda. I got rid of uBlock to see if adguard can handle ads without ublock and it works great!
|
# ? Feb 5, 2019 16:44 |
|
It's gonna rule when Chromium has 90% market share and strongarms HTML6 into including DRM. Pages coming as compiled and signed binaries, streamed from the server and there's nothing anyone can do to filter/block content.
|
# ? Feb 5, 2019 17:20 |
|
xamphear posted:It's gonna rule when Chromium has 90% market share and strongarms HTML6 into including DRM. Pages coming as compiled and signed binaries, streamed from the server and there's nothing anyone can do to filter/block content. Just use IE/Edge then. They'll be slow to adapt and the implementation will be full of exploitable bugs.
|
# ? Feb 5, 2019 18:12 |
|
Ola posted:Just use IE/Edge then. They'll be slow to adapt and the implementation will be full of exploitable bugs. Edge is switching to Chromium.
|
# ? Feb 5, 2019 18:37 |
|
Seems like this is the perfect time to bring back KHTML
|
# ? Feb 5, 2019 18:39 |
|
Nalin posted:Edge is switching to Chromium. Then the final hope is that HTML6 looks ugly and the Apple turtlenecks refuse to take part. If that too fails, summon the meteors.
|
# ? Feb 5, 2019 18:40 |
|
overmind2000 posted:Seems like this is the perfect time to bring back KHTML Ola posted:Then the final hope is that HTML6 looks ugly and the Apple turtlenecks refuse to take part. If that too fails, summon the meteors. The situation is worse than you think. By this time next year, there's going to be WebKit (Chrome, Safari, Opera, Edge) with like 90% share and then Firefox hovering on the brink of irrelevance. Yay!
|
# ? Feb 5, 2019 18:57 |
|
xamphear posted:KHTML is what turned into WebKit... I know, they should go back to square one and try again
|
# ? Feb 5, 2019 18:58 |
|
overmind2000 posted:I know, they should go back to square one and try again "Sure, it's an insane amount of work, and the big players throw up barriers left and right (iOS doesn't allow other browsers, Edge is preinstalled on Win10, Android and Chromebooks come with Chrome preinstalled, Google pushes Chrome hard at anyone who dares visit google.com or youtube in a different browser), but if we play our cards right, we might be able to make no money and have nothing to show for it!" In theory, this is what Firefox and Mozilla are already positioned to do, but lol. Even with a browser ready to go, they're unable to maintain double digit market share. Edit: Not that I blame Mozilla entirely for this. Google has spent a lot of money in the last decade creating the exact circumstances that we're seeing now. Their investment in Chrome will pay off nicely. That said, Firefox's performance going to utter poo poo right at the time Chrome was getting popular, and Mozilla kicking the can down the road for YEARS was really bad. xamphear fucked around with this message at 19:11 on Feb 5, 2019 |
# ? Feb 5, 2019 19:07 |
|
All web browsers are, and have always been, absolutely terrible. It's pretty remarkable really.
|
# ? Feb 6, 2019 17:35 |
|
xamphear posted:It's gonna rule when Chromium has 90% market share and strongarms HTML6 into including DRM. Pages coming as compiled and signed binaries, streamed from the server and there's nothing anyone can do to filter/block content. Good news, google's drm has been broken. And also the concept of drm is flawed.
|
# ? Feb 6, 2019 23:21 |
|
Wheany posted:Good news, google's drm has been broken. And also the concept of drm is flawed.
|
# ? Feb 7, 2019 03:29 |
|
The idea, I think is similar to how Twitch does its ads* and how Youtube keeps talking about doing: part of the content stream itself so they can't be blocked. You download and load everything, ads and trackers included, or you get nothing. That would defeat blockers, host files, piholes, etc. because it's all an irremovable part of the main content. *Twitch's can be defeated with streamlink and the like, but the tradeoff is more of a feed delay.
|
# ? Feb 8, 2019 00:33 |
|
Kerning Chameleon posted:The idea, I think is similar to how Twitch does its ads* and how Youtube keeps talking about doing: part of the content stream itself so they can't be blocked. You download and load everything, ads and trackers included, or you get nothing. That would defeat blockers, host files, piholes, etc. because it's all an irremovable part of the main content. I think that to serve complete webpages as an encrypted blob that only a DRM-compliant browser can unpack and view, you'd have to drop the CDN system that makes the web work these days. Or have an insane amount of processor power available, because the edge you're requesting a page from would need to look at it and fetch all the resources itself before packaging it up, on the fly. Twitch livestream ads are unblockable because it's a live feed. Youtube trying to do the same thing is possible... But they'd have to do more than just stitch the ad into a video stream. They'd also need to refuse to serve the rest of the video for 30 seconds (time kept on youtube's servers, not the unreliable browser). That means they can't pre-load and the viewing experience gets much worse. And serving vids this way isn't free -- twitch has a much higher per-viewer load. DRMing the web to own the adblockers is unrealistic. Converting all of youtube to a livestream format is realistic, but has enough downsides that google hasn't done it. Instead they're cutting back the power of extension-based ad blocking using the market dominance of chrome.
|
# ? Feb 8, 2019 04:14 |
|
But would a DRM-based blob still fetch all the resources from the local browser? I.e. you can't modify the document but your computer still connects to content.com to get the content and shittyads.com for the ads. Because then it would become an OS-level cat and mouse game with blocking URLs/IPs. But if the web server does all the fetching, then stitches it together in an immutable pdf-like document which you can either view or not, the cost of running web servers will sky rocket because they suddenly do all of your processing plus the external bandwidth in addition to serving it to you. An unintentional benefit will be that surfing will be very fast and mobile battery time will be great. In the mean time I just hope someone can invent a good pay-per-view scheme that is cost effective, not based on Bitcoin and practical in use, so the whole ad based web can start going away. Ola fucked around with this message at 11:32 on Feb 8, 2019 |
# ? Feb 8, 2019 11:13 |
|
Ola posted:In the mean time I just hope someone can invent a good pay-per-view scheme that is cost effective, not based on Bitcoin and practical in use, so the whole ad based web can start going away. Can't wait to (pay to) read the horror stories of people's internet bills being in the thousands because their kid kept opening that one video that had a huge price tag.
|
# ? Feb 8, 2019 11:27 |
|
It doesn't have to be perfect, even if it's running locally - making it much harder to adblock would reduce the percentage of users running blockers by a great amount. I don't think this is something we'll see in the near future, but it's certainly conceivable.
|
# ? Feb 8, 2019 11:28 |
|
Ola posted:But if the web server does all the fetching, then stitches it together in an immutable pdf-like document which you can either view or not, the cost of running web servers will sky rocket because they suddenly do all of your processing plus the external bandwidth in addition to serving it to you. An unintentional benefit will be that surfing will be very fast and mobile battery time will be great. The renderer still has to parse the blob so your processing requirements haven't changed, and your load times suffer because you have to download the full page blob before rendering instead of deferring some of it (e.g. some websites will wait on downloading images until you scroll closer to them on the page). Caching scripts and images is impossible so you waste more bandwidth navigating pages on a single website. You also run into load balancing issues because you cannot dynamically serve content from nearby CDNs if everything has to be secured into the binary blob. In short, there are no performance benefits from utilizing DRM blobs for web pages. You could maybe make an argument for a secured blob for things that want to be insulated from potentially malicious browser add-ons, such as a banking site, but at that point you might as well just use a dedicated app instead of your browser.
|
# ? Feb 8, 2019 11:36 |
|
isndl posted:The renderer still has to parse the blob so your processing requirements haven't changed, and your load times suffer because you have to download the full page blob before rendering instead of deferring some of it (e.g. some websites will wait on downloading images until you scroll closer to them on the page). You've completely changed my mind. Please let this come to pass so infinite scroll websites will die in the fires of hell where they belong.
|
# ? Feb 8, 2019 11:45 |
|
Geemer posted:Can't wait to (pay to) read the horror stories of people's internet bills being in the thousands because their kid kept opening that one video that had a huge price tag. If it's very badly made, that can happen. I rather make it good so it didn't. isndl posted:The renderer still has to parse the blob so your processing requirements haven't changed, and your load times suffer because you have to download the full page blob before rendering instead of deferring some of it (e.g. some websites will wait on downloading images until you scroll closer to them on the page). Caching scripts and images is impossible so you waste more bandwidth navigating pages on a single website. You also run into load balancing issues because you cannot dynamically serve content from nearby CDNs if everything has to be secured into the binary blob. In short, there are no performance benefits from utilizing DRM blobs for web pages. Yes, good points, but evaluating javascript and connecting to different servers, downloading ads etc, takes longer than simply "display this image data", if the ad has been selected server side. But it's much worse for the server and the total performance would probably go down for all parties yes. But if that's what Google wants to do, they could re-do web architecture as well, so they become the supreme unblockable ad supplier who can afford the performance hit and whose mobile devices mysteriously display their ads very fast but others' very slow.
|
# ? Feb 8, 2019 12:12 |
|
Geemer posted:You've completely changed my mind. Please let this come to pass so infinite scroll websites will die in the fires of hell where they belong. Hey! C'mon, now. Hell is too good for infinite scroll websites.
|
# ? Feb 8, 2019 15:16 |
|
Lambert posted:It doesn't have to be perfect, even if it's running locally - making it much harder to adblock would reduce the percentage of users running blockers by a great amount. I don't think this is something we'll see in the near future, but it's certainly conceivable. As long as adblocking is possible, it'll be easy for users to do it since the hard work will be done by the people maintaining the adblocker and the filter lists. The only real ways to defeat adblockers are 1) come up with a perfect solution that permanently kills them, 2) win the arms race against adblockers with imperfect but constantly-changing anti-adblockers, or 3) make it harder to distribute adblockers (e.g. making them illegal, crippling the webextension hooks needed to make a functioning adblocker).
|
# ? Feb 9, 2019 04:34 |
|
Avenging Dentist posted:As long as adblocking is possible, it'll be easy for users to do it since the hard work will be done by the people maintaining the adblocker and the filter lists. The only real ways to defeat adblockers are 1) come up with a perfect solution that permanently kills them, 2) win the arms race against adblockers with imperfect but constantly-changing anti-adblockers, or 3) make it harder to distribute adblockers (e.g. making them illegal, crippling the webextension hooks needed to make a functioning adblocker). #1 is trivial: just serve the ads from your domain/site, without any distinguishing attributes. You can kill images from the site, but that would kill basically all images, all media. Of course, that kills the "bid for ads for this user" feature as well. Oh well.
|
# ? Feb 9, 2019 04:49 |
|
Volguus posted:#1 is trivial: just serve the ads from your domain/site, without any distinguishing attributes. You can kill images from the site, but that would kill basically all images, all media. Of course, that kills the "bid for ads for this user" feature as well. Oh well. That's not really a solution. Not only do you have to ensure that the ads are served from the same domain (and path) as legitimate images, you also have to ensure that there's no way to distinguish them by their position on the page. If you do that though, chances are good you'll run afoul of the FTC.
|
# ? Feb 9, 2019 05:41 |
|
Avenging Dentist posted:That's not really a solution. Not only do you have to ensure that the ads are served from the same domain (and path) as legitimate images, you also have to ensure that there's no way to distinguish them by their position on the page. If you do that though, chances are good you'll run afoul of the FTC. ? How come? What does the FTC have to do with this? Other than the fact that is entirely undesirable for a site to run its own advertising platform and nobody will ever do it, what other issues are with this approach?
|
# ? Feb 9, 2019 09:08 |
|
The Merkinman posted:DRM? In my browser? It's more likely than you think. Yes, and Google's DRM, Widevine, has been broken.
|
# ? Feb 9, 2019 10:34 |
|
Volguus posted:#1 is trivial: just serve the ads from your domain/site, without any distinguishing attributes. You can kill images from the site, but that would kill basically all images, all media. Of course, that kills the "bid for ads for this user" feature as well. Oh well. The bidding can happen on or behind the server before it serves the page and you can have new ways of displaying ads, like every picture is an animation that's either a still editorial picture or an alternating editorial and ad. It surprises me how little effort they put in to spoof the blockers really. I think it could be a great cat and mouse game that lasts for years.
|
# ? Feb 9, 2019 12:56 |
|
Ola posted:The bidding can happen on or behind the server before it serves the page and you can have new ways of displaying ads, like every picture is an animation that's either a still editorial picture or an alternating editorial and ad. I remember sites that were kinda doing that with flash, though not the rotating editorial / ads thing. But like you needed flash to see page content and then the same flash applet was used to show ads. Though this verges back on the FTC thing Avenging Dentist brought up: you have to clearly distinguish advertising. So if the ads are mixed in with real content at that level, you now have to review all the ads to make sure they're recognizably ads. Ola posted:It surprises me how little effort they put in to spoof the blockers really. I think it could be a great cat and mouse game that lasts for years. The ads don't pay enough to be worth playing cat. The internet advertising model moved away from per-view and to per-click or even to action tracking where they pay based on ads that lead to sales, so bending over backwards trying to force views is kinda pointless. What are the chances an ad-blocking user is gonna engage with an ad which makes it through his filter? Pretty low. This is why every site started doing video content, because video ads are (or were) back on the per-view payments.
|
# ? Feb 9, 2019 13:42 |
|
Klyith posted:This is why every site started doing video content, because video ads are (or were) back on the per-view payments. Also because advertisers lied about the number of views videos get
|
# ? Feb 9, 2019 14:33 |
|
Klyith posted:
Good points. In the case of fighting blockers, it might happen if passive users get blockers included in their phone, OS or browser, instead of frothing ad-haters like me who actively seek out blocking. Video content was promised to be the saviour of journalism etc, but it turned out to be wrong and they are not making nearly the amount of money they thought they would, plus it costs a lot more to produce. Facebook gets part of the blame for doctoring view numbers, as Wheany says. Big parts of the ad industry is troubled with fraud, lots of views and clicks are just bots orchestrated by ad sellers. It sucks for everyone involved, that's why a great content payment model is so sorely needed. It comes with its own set of complexities of course, one of many being that ads make for instance youtube videos "free" for everyone, including those in the third world who might otherwise struggle to take part in a paid model.
|
# ? Feb 9, 2019 14:54 |
|
|
# ? Jun 5, 2024 20:13 |
|
Every website should be ad-free and no paywall! I'm entitled to free content!!!1
|
# ? Feb 9, 2019 16:33 |