Sounds like Google will still move towards what they were planning but will likely just take a bit more time and more versions to get there (as the outrage subsides).
From my perspective, the biggest improvement in their proposal would have been the increased privacy and security users would receive with adblockers that use the proposed scheme.
Under the current scheme, any Chrome adblocker can see all of the pages that users browse; a potentially huge privacy hole.
At least with the proposed scheme, adblocker extensions wouldn't have had access to a user's browsing history. This is the same approach that Safari uses with its content blocker API.
Yes, the Safari approach has more limitations, but it is also significantly better from a privacy perspective.
> Under the current scheme, any Chrome adblocker can see all of the pages that users browse; a potentially huge privacy hole.
I hate that argument if it's used to cripple the users ability to have full control of their own devices. It is NOT a privacy hole when you install software that has access to your data. If you don't want that, don't install that software. If you don't trust that software, don't install it.
Google isn't removing any ability to observe, log, and forward information about requests, in any way.
So the privacy angle is pure bullshit.
They are removing, among other things, the ability to dynamically cancel requests, and replacing it with a declarative API. That limits how well an adblocker can function.
When users try to install a Chrome extension, the browser is telling them what permissions it needs, e.g. the capability to read browsing traffic. So you could just decline the installation and install a different ad blocker that works without that permission.
"At least with the proposed scheme, adblocker extensions wouldn't have had access to a user's browsing history."
No, that's not true. They aren't removing onBeforeRequest() and friends. They are only removing the "cancel" function in it.
Extensions can still log and forward every request.
The only tiny kernel of truth here is that an extension that only asks for the declarative API permissions couldn't do that.
I doubt there will be any popular blocker that only asks for that declarative API. They still need access to onBeforeRequest() for any sort of heuristics to allow the user to add/change rules based on page behavior.
Also, separately, extensions can inject JS into the DOM. So they can do anything that Google Analytics can do anyway. Like track visited pages.
As per the quotes in other comments on this article, it sounds like the 'observational' functionality of the API is staying, so this doesn't seem like a win from a privacy perspective at all.
At some point, new ads the system can't block will surface. The adblocker will become less and less useful, and Google will have no incentive to improve it.
There is already a big difference between even existing adblockers. E.G: some show youtube ads.
And I'm much more worry about the privacy concern from many random ads poping unexpectedly, than from one extension that the entire community get to vet.
A better example of how this could be done is iOS keyboards. They’re run in a sandbox (by default), and they have no internet access. An ad blocker could be sandboxed like this. Sure, such a sandbox can be bypassed by intentionally leaking bits through keyboard input or, in the case of an ad blocker, exactly which requests are blocked, but that would be very obvious nefarious behavior.
I like that idea, but it would be hard to pull off. The extension API, for example, allows for messaging between background scripts and content scripts. So you could make a proxy of sorts. And messaging is not the only hole you can poke. They would essentially have to redesign the whole extension API. To the point where no interesting extensions would be possible.
Surely there could be a content blocker script that simply can’t send messages anywhere. It gets access to web requests and to IndexedDB or something similar. It can receive messages from other extension scripts for updates, perhaps.
The Safari approach is next to useless, because it can be easily circumvented. That many publishers don't do it, that's only because they don't have the know-how or because they don't want to piss off what's still a minority.
Note that the browser is the "user agent", acting on behalf of the user and extensions are for extending the capabilities of the user agent. The browser should be yours and should do what you tell it to do.
Users only need one or two extensions that they need to trust. Can't you trust uBlock Origin? If no, given its open source nature and the people that work on them, then why can you trust Chrome and Google more?
The privacy angle is a complete red herring.
Yes, Chrome's Store is filled with spyware, but that's Google's fault for having a broken review process. Firefox (addons.mozilla.org) does not have the same problem, in spite of the fact that Firefox lacked permissions until the Quantum release.
> Under the current scheme, any Chrome adblocker can see all of the pages that users browse; a potentially huge privacy hole.
Isn't there solution to have the blocker send a limited list of declarative block-rules of a particular style?
Why not just let the adblockers pass in an uncapped quantity of javascript that will run in some kind blocking context, but be sandboxed from any external outgoing communication? That would give the flexibility of the current adblockers, but still plug the privacy hole.
From my perspective, the biggest improvement in their proposal would have been the increased privacy and security users would receive with adblockers that use the proposed scheme.
Under the current scheme, any Chrome adblocker can see all of the pages that users browse; a potentially huge privacy hole.
At least with the proposed scheme, adblocker extensions wouldn't have had access to a user's browsing history. This is the same approach that Safari uses with its content blocker API.
Yes, the Safari approach has more limitations, but it is also significantly better from a privacy perspective.