To anyone who is concerned by this change, I recommend taking a look at μBlock Origin [1,2]. It's blazingly fast, very flexible, and under active development. I made the switch about a year ago and it has served me very well.
Just be sure NOT to install "U Block For Origin", by www.z1z2z3z4.com, which is currently the top hit if you search the Chrome extensions store for 'ublock'.
I don't know what it does, but I bet it's not good.
This is what happens when you have an "app store" with no approval or review process. Google should be cracking down on this, just like those ads they were displaying[1] which would serve up malware-infected versions of Firefox whenever someone searched for "Firefox".
I reported an issue with spoofing on the Google play store about 6 months ago. They told me there was no timeframe for the fix, and no fix yet as far as I'm aware. Maybe if I post it here someone from google will do something...
Just so everyone is aware, you can use any email address as your company email address on the google play store without verification. This means when looking at an app, you see the email is support@legitcompany.com and think it's from them, but it's not.
A lot of people lost bitcoins because of the malicious ad problem. Somebody spoofed blockchain.info and stole a bunch of credentials... The entire bitcoin subreddit reported it, yet 2 months later it was back up.
Question for HN: back in the Napster days, were there likewise Napster clones ("napster"?) that purported to allow peer to peer music downloads but in fact had malware properties?
I don't remember any, but then again, I don't know when I (or most people) would have come across them if such a thing existed. If you wanted Napster, you just went to napster.com and downloaded it. There wasn't a gameable walled-garden app store like you have to go through to get uBlock Origin.
There were (and still are) sites hawking anything popular - games, porn, desktop apps, etc. If someone was lucky, they ended up with a bunch of adware slowing their computer down. Worse scenarios involved things like programs which would surreptitiously hang up your dialup connection and redial the equivalent of a 900 number in some country where the scammer could pay off the local police.
Search for something like "flash update" on non-Google/DDG search engines and look at the top ads if you want the general feel.
I don't think stuff like that became popular until BitTorrent and other distributed filesharing protocols and clients came about. Lots of people were tricked into installing malware while trying to download warez and porn, though.
The only disadvantage, if one could call it that, is that uBlock Origin does not have a version for Safari, which uBlock has. I have read a bit about the controversies between uBlock Origin vs. uBlock. I prefer uBlock Origin wherever available.
I know uBlock has a version for Safari, which I mentioned in my comment. However, uBlock Origin does not, which I also mentioned. Is there something unclear about what I said above?
Both uBlock Origin and uBlock have similar code bases because they were "born" from the original uBlock (now called uBlock Origin).
My only problem with it is that it blocks Google hangouts and Facebook messenger. I haven't figured out a way to make those work while it's enabled.
Edit: not sure why I'm getting downvoted. Apparently this is an issue, as gorhill mentions, when selecting the leaky IP option. They should make the implications much clearer.
Did you click the setting "Prevent WebRTC from leaking local IP addresses"? If so, this will prevent Hangout from working. Reference issue: https://github.com/gorhill/uBlock/issues/757
Love the app, by the way. It's the single reason I have Firefox on my Android device instead of Chrome.
Do you happen to know WHY the leak breaks Hangouts? I'm assuming Hangouts now leverages the webRTC for connection--that's fine. But I was under the impression that the local IP leak was an unintended side-effect of webRTC, not a 'required component', if you will. Does having that checkbox on effectively break ALL webRTC components, or is it something specific with Hangouts' implementation?
> I was under the impression that the local IP leak was an unintended side-effect of webRTC, not a 'required component'
Same here. My understanding is that the breakage of Hangout is unintended, as the original Chromium issue for the IP address leakage states[1]:
> This change causes WebRTC traffic to be forced through the same path that HTTP traffic would, i.e. the traffic follows the default route to the destination site.
In other words the purpose of the setting is strictly to prevent IP address leakage, not to prevent WebRTC from working.
For me it was mostly those building up a slow rage, and then an audio ad was what actually pissed me off enough to drop whatever I was doing and install it.
FF for Android just works amazingly poorly for me.. not to mention I really like chrome's tabs now coming up under the task list separately, instead of the tab-like interface.
I tried FF on my phone, simply for uBlock, but it was just too sluggish to actually use.
I may try that again... I last tried regular release a couple months ago.. some sites and the ads are so horrible in mobile without an ad blocker... but firefox was way too sluggish.
Do ublock has a mode/plugin that enable me to select objects on a HTML page for custom blocking? For adblock I use Element Hiding Helper which I use rather often.
I like uBlock a lot. With default deny 3rd party, or even some other settings enabled, I find it breaks the back button often, or I have to reload the page at google to search again. ANyone else have these issues.
Actually, the most annoying was on google because it would lock up occasionally and if I typed a new query in, i would have to reload. I was using ublock origin on mozilla firefox. I just upgraded to El Capitan and changed some settings so I will try to give it a go again.
I haven't the faintest idea how to use it besides just setting it and forgetting it. I tried digging in settings and whitelisting and whatnot but couldn't get it working.
Because it was already sold to a dubious company with relations to the Ad industry several years ago, and extorted 30 million US$ out of advertisers like Google.
AdBlock is not to be confused with Adblock Plus. The creator of AdBlock claims to have been inspired by the Adblock Plus extension for Firefox, which is itself based on another extension called Adblock. But otherwise AdBlock is unrelated to the other efforts.
Okay this is why we have registered trademarks. You're telling me that Adblock, Adblock Plus, and AdBlock are three separate things? What the hell? I just assumed they were all the same thing until now.
I kept rereading OP's comment and looking for the difference between Adblock and AdBlock. It wasn't until your comment that I noticed the capital B in Block.
Trademarks FTW. Great example of confusion in the marketplace.
On a technicality (which is what trademark attorneys deal in), your point falls to the same fallacy. The product Adblock is an "Advertisement blocking engine" or the like. "Adblock" is a made-up word and therefore likely eligible for trademark. (Or it was before the namespace got polluted with all the variants.)
"made up word" is overly generous. It's the word "ad" followed by the word "block". "ad block" is a valid description of what it does, equivalent to "advertisement blocking". You only put the word "engine" in there to fake there being a difference. Microsoft wouldn't be able to get a trademark on "Operatingsystem".
especially in the light of how, some years ago, their lawyers swooped down like hawks on a Canadian named Mike Rowe who put up a "Mike Rowe Soft" consulting business and web site.
"AbiWord" is a single word, which may be a factor. They might have trouble if it were "Abi Word" or "Word by Abi" or even "Word". It's implausible that another entity could market a competitor of Word (or Windows) by naming it e.g. "Apple Word" or "Apple Windows". I'm going to bet that all the common permutations are trademarked by MSFT.
Also, I'm guessing Abi's limited reach is a factor. If Abi was suddenly taking a meaningful share of usage, they would probably get an angry lawyer letter.
You do not need to have a trademark registered to have trademark rights: you only need to be able to show that people associate the name with your brand.
TM are not automatic (unlike copyright at least in USA since 1978 Copyright Act) and they are fairly expensive and require vigilance (more $$$) to keep valid.
ABP also introduced an Acceptable Ads option a few years ago that triggered the creation of a fork called AdBlock Edge without that option. Adblock Edge was recently discontinued in favor of uBlock Origin [1], which has a much smaller memory footprint and is faster.
Because uBlock Origin ships with the default filter lists, so that it can work immediately out of the box without having to remotely fetch these filter lists at launch time (updated versions of these lists will be automatically fetched some time after launch).
It's not uncommon that the remote servers hosting the lists fail to respond, which would cause the extension to "malfunction" if this happened after first install -- these lists are key for the proper functioning of the extension (at least in its default out-of-the-box settings). I want the extension to work properly immediately after 1st install.
The size of uBlock Origin as downloaded from AMO or Chrome store is ~1.5 MB (because it's compressed). The compressed package would be ~650 kB without the 3rd-party lists (the content of these lists are not javascript code).
Javascript size is a weird metric, and the plot is useless without context. The plot does not even state for which browser the metric was collected (or is it the repository size? That would be completely useless, as uBlock's and uBlock origin's repositories include versions for different browsers.) Because when I add the sum of all .js files in uBlock's repository, I get 1.08MB. Heck, the whole src and platform directories combined are 2.8MB, and that includes both the Chrome and the Firefox version! Can you point to a source for that plot?
Why my comment has -4 points? I simply stated the truth, everybody can measure size of JS of these extensions. I did not count default filter list to size of JS, I only counted actual JS code and uBlock origin has simple more JS code than both Adblock and Adblock plus.
If I lied I would understand the downvotes but I didn't lie. I was also surprised that uBlock origin is bigger than adblock, especially when it's name sounds like something much much simpler and smaller but the fact is that size wise they are practically the same.
Possibly because in reality the resources consumed while at rest (disk storage) are magnitude less important than the resources consumed while running (memory/CPU cycles).
I switched Firefox from Adblock Plus to uBlock Origin on several different machines, the oldest being a 2007 vintage Core 2 Duo laptop Win 7, which lets 3 gigabytes of the machine's 4 be used. I couldn't tell any subjective difference in any of the installations.
If I have to formally measure the response time difference in response in an interactive app, it's below the don't care threshold.
It would be unbelievably obvious, yet ironic, if the "anonymous" buyer of Adblock ended up being an ad company. Why else would they want to remain anonymous?
I've always wondered what happens if a browser extension gets taken over by an entity someday that puts in bad code after millions of people have it installed and it gets auto-updated.
Sure it's open-source and will get noticed eventually, but there will be days if not weeks of exposure.
Same thing for all those android apps you have installed. If it doesn't add permissions, you'll never get a warning that something has really changed.
That's what's funny about some of our security mechanisms today...for instance the browser tries to help you ensure that this is the site you really meant to reach but it has no information about whether the site is under "new management" (which you tend to care about for something like a restaurant).
Maybe companies should be mandated to update their key stores every time they change their board members, say, so that the old keys are revoked and you must take some action to "approve" of the new people running the company.
It'd also be kinda neat if you could somehow tag your trust conditional on a content hash of the service's ToC or Privacy Policy.
It'd be rather impractical in today's world, although maybe machine readable policy formats would make matching easier additions/deletions of key items rather than just a text hash.
Balancing the user effort of reading and flagging each policy term (and considering all the weird implications of each change) vs the utility of being notified would be tricky though.
Maybe some sort of collaborative/curated lists of 'substantial T&C changes' similar to adblocker filterlists could be produced? (Or maybe they already are?)
This is why Mozilla addon updates get reviewed before getting pushed out to users. It's not foolproof, but it's designed to at least have a chance of catching this sort of issue.
With the [Opera addons catalog](https://addons.opera.com), every update goes through a moderation process to prevent this kind of situation from happening (which is one of the reasons why we encourage everyone to install extensions from the official addons catalog site rather than from other sources).
by Google ads do you mean ads on Google? Or AdSense ads placed across the web (AFS? AFC?)? or do you mean AdSense + Doubleclick (DFA, DFP, ...) + AdExchange + AdMob + I could go on for a long while. Bottom line is google, more than anyone else, has a lot of skin in this game.
This is one reason why Google should stop asking you to update all software automatically (and they are asking you, what seems like, multiple times a day?).
I'm glad to see this here. I saw this update yesterday, and the text was so typical of a company-acquisition-I-should-not-trust.
Excerpt: "I believe this is a great thing for you users". Yet this is not accompanied by anything that suggests how users will possibly benefit from any of this.
Can someone suggest alternatives to Adblock that aren't controlled by dubious/secret/obviously-sketchy third parties?
I use NoScript, a free plugin for Firefox. It's a little more technical than I was used to, but since this is HN, that shouldn't be a problem for most readers.
When I say "a little more technical", I don't mean it's not usable. It's very user-friendly and works like a charm.
BE VERY CAREFUL!!! I already used another popular extension, after a few months it was sold and the new owner just started to send EVERY PAGE users visited to his own servers!! This extension was blocked by Google, but it was waaaaaay too late and they was able to collected a lot of data from users like me.
Having been using Adblock for Safari for some time now, I'm a little apprehensive about this development. Thankfully, Adblock Plus (see above - distinct from Adblock) exists for Safari:
> Curious why I can't offload this task to a DNS server?
DNS doesn't provide nearly enough precision for ad blocking. Many servers serve both ads and content. Random example: some sites host actual non-ad video content on doubleclick.
Last time I looked through EasyList, it had some comments explicitly mentioning that they can't just block all of doubleclick because some sites (such as news sites) host their content videos there.
Would putting it on the DNS work as expected? Hypothetical Example: Two websites have google ads WebsiteA and WebsiteB. I want to support websiteA by allowing google ads on there but not on WebsiteB. The only way to allow google ads to WebsiteA would be from the DNS which would also allow google ads to WebsiteB.
Let's hope they trademark the name... After reading the comment above about Adblock, AdBlock, and Adblock Plus, it would be much easier to know exactly what product the news is about.
Except uBlock Origin is actually the one you want, not uBlock itself. Some sort of drama with the creators, one of them split off and made uBlock Origin which is a better iteration.
As mentioned elsewhere in this discussion AdBlock is not Adblock Plus. The second link you posted is for the Adblock Plus source code.
Unfortunately at the moment the AdBlock Git repository is not public, but I have set up this unofficial one that tracks the changes between each zip published on their releases page. https://github.com/kzar/watchadblock
Nah, people just need to go back to treating their adblocking software and their ruleset provider as separate things.
Either your adblocker blocks what you tell it to, or it doesn't. There's not a lot of room for fishy behavior.
The rulesets are where things are open to opinion and there are grey areas and they need a lot more maintenance and there's a lot of opportunity for abuse.
EasyList and AdBlock shouldn't be synonymous, and users should be aware that they can opt to use something other than EasyList, and that they can make their own rules.
[1] https://github.com/gorhill/uBlock [2] https://chrome.google.com/webstore/detail/ublock-origin/cjpa...