# Manifest v3 and the future of ad blocking on Chromium



## NapoleonWils0n (Jun 3, 2019)

According to 9to5google Google is deprecating the blocking capabilities of the webRequest API in Manifest V3, not the entire webRequest API (though blocking will still be available to enterprise deployments).

So the question is will adblocking extension like umatrix and ublock origin continue to work on Chromium or do we need to switch to Firefox,
which regularly loses in the Pwn2Own competition compared to Chrome and Chromium which have a much better record.

Not to mention the recent issue with an expired certificate that stopped all Firefox extension from working until Mozilla pushed a update to fix the issue

Does this mean we have choose between using a less secure browser "Firefox" to use adblocking extensions,
or use Chromium with no adblocking extension and rely on external adblocking measure like using dns adblocking


----------



## Phishfry (Jun 3, 2019)

NapoleonWils0n said:


> Does this mean we have choose between using a less secure browser "Firefox"


I use SeaMonkey because it is community built. Regardless I have every widget turned off and clear everything yet it leaves no cookies, but complete directories of sites I have visited. In these directories are databases.

Why on earth would a web browser need an sqlite database at all? Let alone one for each website I visit.
Browsers have went off the rails and we need an true alternative.
The future of browsing looks bleak.


----------



## Sevendogsbsd (Jun 3, 2019)

Probably just a way to manage cache but I agree, keep what is relevant to that site and dump the rest. No point in keeping a large cache around anymore - this was relevant maybe when we all had dial-up.


----------



## sol289 (Jun 3, 2019)

NapoleonWils0n said:


> Does this mean we have choose between using a less secure browser "Firefox" to use adblocking extensions,
> or use Chromium with no adblocking extension and rely on external adblocking measure like using dns adblocking


About Pwn2Own, quote from wikipedia: 

_In 2016, Chrome, Microsoft Edge and Safari were all hacked.[62] According to Brian Gorenc, manager of Vulnerability Research at HPE, they had chosen not to include Firefox that year as they had "wanted to focus on the browsers that [had] made serious security improvements in the last year".[63]

In 2017, Chrome did not have any successful hacks (although only one team attempted to target Chrome), the subsequent browsers that best fared were, in order, Firefox, Safari and Edge.[64]

In 2018, the conference was much smaller and sponsored primarily by Microsoft. Shortly before the conference, Microsoft had patched several vulnerabilities in Edge, causing many teams to withdraw. Nevertheless, certain openings were found in Edge, Safari, Firefox and more.[65] No hack attempts were made against Chrome,[66][67] although the reward offered was the same as for Edge.[68] While many Microsoft products had large rewards available to anyone who was able to gain access through them, only Edge was successfully exploited.
_
I don't see where Chrome security THAT MUCH better than Firefox's. And if you think about privacy issues with Chrome, and then compatibility issues (Google make services that works in Chrome but not in some Chromium-based browser (in russian), then this and this), then maybe Chrome is not that much better than Firefox?

But when you think about something vs something, think money behind it. Firefox is less _something (what exactly? not security as we see) _than Chrome as much as FreeBSD have less, say, hardware support than Linux, isn't it? It's all about money behind Chrome and Linux and lack of those behind Firefox and FreeBSD.


----------



## drhowarddrfine (Jun 3, 2019)

Browsers have a lot of things going on and to keep track of. History, passwords, cookies, addons, local storage of data, and on and on.


----------



## zirias@ (Jun 3, 2019)

A browser was a tool to view hypermedia documents written in HTML. The hypermedia character of the documents directly lead to the name "browser" -- browsing means following links. But, nowadays, browsers evolved towards being an "application platform" -- this started with strictly server-side application logic, where browsers were still just displaying documents, but soon evolved into distributed or even client-only applications with the browser providing the execution environment. HTML is no longer just used for documents, it is (combined with CSS and Javascript) a generic UI-description.

You may dislike this, but it definitely can't be stopped any more. There are advantages to this -- you can provide an application through hosted services, without giving any user physical access to the core of the business logic, and without worrying about the client's platform. And there are disadvantages -- a modern browser is a beast. On my build jail, www/chromium takes more build time than editors/libreoffice, a full featured office suite. This might look insane, but when you remember that a browser nowadays provides a platform for all kinds of applications, it starts to make some sense.


----------



## Beastie (Jun 3, 2019)

Phishfry said:


> I use SeaMonkey because it is community built. Regardless I have every widget turned off and clear everything yet it leaves no cookies, but complete directories of sites I have visited. In these directories are databases.
> 
> Why on earth would a web browser need an sqlite database at all? Let alone one for each website I visit.
> Browsers have went off the rails and we need an true alternative.


Because it's arguably easier (although not as transparent) to manage than plaintext conf files for storing things like cookies, history, bookmarks, website preferences, etc. and surely more efficient for storing thousands of cached files as compared to having hundreds of subdirectories and files. Try deleting these databases then setting history and cache limits to 0 if possible and see what happens.



Phishfry said:


> The future of browsing looks bleak.


It's been bleak for quite a while


----------



## Phishfry (Jun 3, 2019)

What I don't care for is the deceptive wording. I have my settings to clear everything on exit.
The browser is not obeying my directives.

Maybe this is why user profiles are in an esoteric directory name. Harder to type so you won't bother to look.


----------



## Phishfry (Jun 3, 2019)

I do understand that we have no registry, So any browser settings might need a database.
Bookmark files can become too large for plain text so I will accept a db there.
But when I see a file named places.sqlite I wonder what's up with that.
When I see that certain websites can cause a database to be written on my machine it is puzzling and discomforting.


----------



## CraigHB (Jun 3, 2019)

NapoleonWils0n said:


> According to 9to5google Google is deprecating the blocking capabilities of the webRequest API in Manifest V3, not the entire webRequest API (though blocking will still be available to enterprise deployments).



Sounds like FF might be in my future, or something standalone that works at the network level.  Honestly, without ad-blocking the web would be almost unusable for me.  It's become like network television where it's fifty percent ads.


----------



## Phishfry (Jun 3, 2019)

Zirias said:


> You may dislike this, but it definitely can't be stopped any more.


Well when I get fed up with it I use www/netsurf  but lets get real here, That is not an alternative or I would have switched.
I need something that tries to render pages correctly.


----------



## Phishfry (Jun 3, 2019)

How stupid is it for Google to do this in light of a Anti-Trust investigation in their host country.
Maybe they think enterprise/government exemption will make it OK....


----------



## drhowarddrfine (Jun 3, 2019)

Phishfry said:


> When I see that certain websites can cause a database to be written on my machine it is puzzling and discomforting.


Web sites don't have control of that database and it's sandboxed within the browser.



Phishfry said:


> I need something that tries to render pages correctly.


The major browsers render pages correctly. The usual problem is the web site author, not the browser.


----------



## itsthosestonesman (Jun 8, 2019)

Google is an advertising company.  They make their living by delivering ads to users and profiling users.  Surprise surprise, they want to lessen the effectiveness of adblocking software.  There was a long discussion on  this recently on slashdot here https://developers.slashdot.org/sto...ify-why-its-restricting-ad-blockers-in-chrome.  Anyway. there's a few things you can do.  Dump chrome and switch to firefox (while it still uses a separate codebase).  Use ublock origin/noscript.  Install a customised hosts file that blocks all the unwanted sites on your machine.  A couple of good examples are https://someonewhocares.org/hosts/hosts and https://github.com/StevenBlack/hosts/blob/master/hosts.  Both of these hosts files are actively maintained so you can download periodically to update the blacklist.  A better solution along the same lines is to use a pi-hole as your gateway, this has the advantage of protecting your mobile devices as well: https://pi-hole.net/.  Of course hosts file blocking has some limitations because it is not as fine-grained as blocking inside the browser itself using an extension, but it looks like the best option available at present.  And in regards to firefox, I live in hope that the waterfox team https://www.waterfoxproject.org/  will decide to support FreeBSD at some point.  Waterfox is a firefox fork removes all the firefox telemetry junk that it is desirable to switch off in firefox.  Remember mozilla's main financial sponsor is google (or was).  One other thing you can do is use the lovely open source links browser http://links.twibright.com/, which is available in the links2 package in FreeBSD.  If you run it with links -g you get full graphics.  Very fast and nice, and no javascript.  Obviously not good enough for many things but good enough for some things and no ads.


----------



## itsthosestonesman (Jun 8, 2019)

Just for fun I tried logging in to this forum using the links browser.  Sadly the site detected javascript not running and refused to let me log in.  It's a shame the forum can't run over pure html.  I guess that's just how web software is nowadays.


----------



## itsthosestonesman (Jun 8, 2019)

This https://github.com/StevenBlack/hosts is a better link to Steven Black's ad blacklist hosts file.


----------



## CraigHB (Jun 10, 2019)

Chrome has some low level settings not available through the normal user interface.  Will it be possible to enable blocking there?  There's even a few not shown in the chrome://flags section that I use to disable some things.

In any case that's not a bad thing if I must switch to Firefox, been threatening to get away from Chrome for some time.  Google doesn't rate any better than Microsoft in my book, would rather avoid their products, though I don't always.

Edit:  Doing more reading on the subject it looks like there will be Chromium forks once this V3 manifest becomes active.  So that might be a good option when the poop hits the fan.  Much as I don't like to admit, I do like Chrome better and its engine is most supported by web developers having the majority market share.


----------

