Chrome's Adblocker controversy: Google raises maximum limit

Martin Brinkmann
Jun 13, 2019
Updated • Jun 13, 2019
Google Chrome

You have probably read a lot about the upcoming Manifest V3 for Google Chrome extensions and the controversy surrounding changes affecting ad-blockers and other extensions on the platform.

A first draft of Manifest V3 for Chrome extensions was published to the public in January 2019. Criticism erupted in force because one of the changes would cripple ad-blocking functionality of Chrome extensions.

Without going into too many details: content blockers on Chrome use an API called webRequest API to block certain elements on visited webpages. Google's plan back then was to make the API "read only" and move blocking functionality to a new API called declarativeNetRequest API.

One of the main problems with that API was that it had a fixed rules limit of 30,000; popular ad-blocking filter lists like EasyList have more than double the rules already so that it would become impossible to load all of the filters if the new Manifest file would be launched by Google. One of Google's claims, that extensions that would use the old API were impacting performance negatively, was refuted.

Raymond Hill, the creator of uBlock Origin and uMatrix, noted that the change would end his extensions for Google Chrome, and similar comments were made by other developers.

Google tried to address concerns in May by making slight modifications to the API. The company added an option to use 5000 dynamic rules but the overall consensus was that the limitations were still to limiting.

Companies that use Chromium as the core for their browsers, e.g. Brave or Vivaldi, were quick to note that they would find ways around the limit.

Google announced changes that it plans to make to the Declarative Net Request API that would raise the limit of the API to 150,000. Google noted as well that it is investigating options actively to include other methods that could help extension developers leverage the API better.

We are actively exploring other ways to expand this API, including adding methods to get feedback about matched rules, and support for richer redirects leveraging URL manipulation and regular expressions. Additionally, we are currently planning to change the rule limit from maximum of 30k rules per extension to a global maximum of 150k rules.

Google notes that the proposed changes were never designed to "prevent or weaken" ad blockers on the Chrome platform and that Google's main motivation behind the change was to "give developers a way to create safer and more performant ad blockers".

Another argument that Google brings forward to validate the API change is that the API has been abused in the past by malicious developers to access user "credentials, accounts, or personal information".

The argument is puzzling considering that Google announced previously that it will remove only the blocking part of the webRequest API when Manifest V3 launches. It would seem that  malicious extension developers may still use it to access user data by monitoring requests.

Developers have voiced other concerns as Google focuses on a rules-based approach only. Any functionality that is not rules based might not be supported by Chrome extensions if the changes launch in the current form.

Now You: What is your take on Google's announcement?

Chrome's Adblocker controversy: Google raises maximum limit
Article Name
Chrome's Adblocker controversy: Google raises maximum limit
Google revealed plans to modify the controversial Manifest V3 for Chrome extensions to better address concerns voiced by Chrome developers.
Ghacks Technology News

Previous Post: «
Next Post: «


  1. ULBoom said on June 14, 2019 at 8:23 pm

    Google’s an Ad company and they own Chromium. They can do whatever they want. They’d be kind of stupid to hurt their ad revenue. They call Chrome a browser based user ad data collector or similar in their quarterly financials. If users get something good from Chrome, it’s not because Chrome is no longer a data collector.

    They may as well limit filters to infinity; the number means nothing.

    1. DeathToGoogle said on July 7, 2019 at 12:53 pm

      Google shut down Syrian state media immediately before the liberation of Idlib, the final battle against ISIS. Google shut down PressTV, Iran’s state media, immediately after America sent its warships to the gulf.

      Earlier this month, in one devastating algorithmic stroke, Google removed many of the top natural health and health freedom websites from their organic search results — some losing as much as 99% of their traffic. Natural, google is anything but. Google wants you dead.

      Search for “Paradise Stolen – Episode 3 -The Myth of Overpopulation” you will not find it in Googles search results. Then try DuckDuckGo.

      Type in “men can” and see what shows up in the suggestions. They are turning Google into cable TV, so people will naturally go elsewhere. Don’t be surprised if they attempt to lobby governments to block all other search engines at the ISP level. They have already admitted they are going to meddle in Americas upcoming elections, just as Facebook has been all around the globe. They are one of the gravest threats to the human species and to innovation..

      Google, Facebook, and the rest of the spyware/adware PUP’s are bound to become the next myspace digital ghetto.

      I am glad I have switched to FireFox months ago. Where there is ad’s there is also a security risk as malware nearly always masquerades as ads, and this is the number one cause for infection online.

      #Boycott, divest, and sanction them, break them up and jump ship

      1. DeathToGoogle said on July 7, 2019 at 1:03 pm

        Break up Google, just as the co-founder of Facebook said “Break up Facebook like they broke up democracy.” You’ll need yandex to find that.

        Wikipedia co-founder Larry Sanger is calling for a decentralized internet and a boycott of social media while his own brain child is accused of corporate-like intrusion into the community’s self-governing domain.

        “Humanity has been contemptuously used by vast digital empires. Thus it is now necessary to replace these empires with decentralized networks of independent individuals, as in the first decades of the Internet.”

        Lets get it on.

  2. John IL said on June 14, 2019 at 12:42 pm

    As I read Google’s proposal this would have shored up some needed security for API’s in the browser. Not a bad thing, but the side effect would mean it may break some ad blockers. So we choose now to be less secure because of saving our precious ad blockers?? Isn’t it up to the ad blocker developers to work to support better security API’s?

    1. Steve#99 said on June 14, 2019 at 5:36 pm

      @John IL

      You are being tricked by google’s PR devices. Knowledgeable tech types believe that manifest v3 is intended to protect google’s ad revenue, not users. Interesting facts can be found in google’s SEC filings located here:

      Exhibit A) “New and existing technologies could affect our ability to customize ads and/or could block ads online, which would harm our business.
      Technologies have been developed to make customizable ads more difficult or to block the display of ads altogether and some providers of online services have integrated technologies that could potentially impair the core functionality of third-party digital advertising. Most of our Google revenues are derived from fees paid to us in connection with the display of ads online. As a result, such technologies and tools could adversely affect our operating results.”

      Exhibit B) Now, compare the facts in Ref A against the item in the “Other” section of the SEC filing. Being extremely generous to google and allowing webRequest API to fit into consumer protection, we can note that…, “We believe that the amount or range of reasonably possible loss will not, either individually or in aggregate, have a material adverse effect on our business, consolidated financial position, results of operations, or cash flows.”

      The SEC filing addis facts to what we suspect about manifest v3; google wants to maximize future advertising profit, ahem, again which is in google’s words, “Most of our Google revenues are derived from fees paid to us in connection with the display of ads online”. Thus, manifest v3 is actually smart for google to do but overall very harmful to chrome users.

      Are cynical tech types being fair to google? imho, google has a very long and extensive track record of outright dishonesty to users and govt’s alike. Again imho, google wardriving is a great example of google’s dishonesty, privacy invasion, and illegal wiretapping. To see why one would conclude this, locate and read the un-redacted wardriving court documents and legal briefings if you really want to understand just how dishonest and awful google really is. Once you understand, imho, it is not difficult to conclude that manifest v3 will become just one more example of corporate dishonesty. The only unknown it is, what will the herd and diehard fantois do if it is put into chrome at full strength.

  3. Shadess said on June 14, 2019 at 12:20 pm

    Ad company put a lot of resources to make ~their browser the dominant one on the market, then makes blocking ads harder…hmmmmm.

    Hopefully at least some billions of fines coming googles way again but they’d need to be hit extraordinarily hard for them to actually learn.

  4. Slartybartfast said on June 14, 2019 at 5:41 am

    I’m sick of Google, they used to be a good company but you just can’t trust them anymore. Firefox doesn’t perform very well for me when I’ve got multiple tabs open so I’ve switched to Brave (degoogled privacy respecting Chromium) and am loving it. They just hired FanBoy (of FanBoys block lists) and since all of his work will be shared with everyone and not just Brave, this is good for everyone. Source:

    1. Anonymous said on June 17, 2019 at 9:28 pm

      “Brave will be contracting with Ryan Brown (aka “FanBoy” of “Fanboy Adblock Lists”) to support his work maintaining EasyList and EasyPrivacy.”

      SHIT ! This is terrible news ! A browser with a business model centered on advertising has contracted the main author of the previously community maintained ad and tracker blocking lists powering ublock origin and many other blockers ! They found the weak spot and destroyed the independence of those lists ! Everyone has his price, I guess. Be ready to hear a lot of “Brave pays me but it doesn’t mean that it influences my decisions in any way”…


      I think that we’re going to have to fork those soon.

    2. Benjamin said on June 14, 2019 at 7:25 am

      unfortunately the business model of brave relies on their own advertising network and contracted content producers… what they are doing is, just like big brother google, to keep all other advertisers outside their sphere while trying to let own content in… i wonder how they are able to generate a revenue stream to employ that many people? The brave browser might be free but it is by no means gratis… and open source does not mean that there is any democracy in there.

  5. Anonymous said on June 13, 2019 at 11:29 pm

    The facts show Google, Microsoft, and facebook are liers and can not be trusted.
    They are a threat to our privacy. They should make the online ad system safe from malware and tracking so that users would not need to use adblockers and websites with good content would get paid for showing ads. But their greed and lack of respect for users privacy and security is destroying the online ad system and many content that depends on it.
    Maybe it was better if Google had not raised the limit and caused a mass migration to Firefox, Brave or Vivaldi. I hope that will still happen, because the change will still cause privacy problems in Chrome and Chromium.
    I often encourage other people to limit their use of products from Microsoft, Google and Facebook.

  6. Benjamin said on June 13, 2019 at 9:35 pm

    my ublock origin setup says, 172,770 network filters + 170,000 cosmetic filters and with my personal usage behaviour there is a more than 95% of each filter list actively used… so i am close to the limits of ublock origin…

    still, the outright stealing of peoples data is for me a criminal activity since few of them use an opt in system. they simply take what is available and hide behind shady legal constructions.

  7. John Fenderson said on June 13, 2019 at 5:02 pm

    “Google notes that the proposed changes were never designed to “prevent or weaken” ad blockers on the Chrome platform and that Google’s main motivation behind the change was to “give developers a way to create safer and more performant ad blockers”.”

    That’s incredibly hard to believe. So hard to believe that I think it’s a PR lie.

  8. Bobby Phoenix said on June 13, 2019 at 4:53 pm

    I just need bad ads/domains blocked. I use about 30,000 rules. I don’t see any ads that I would need blocking on sites I visit. What’s everyone else needing so many rules to block ads for?

    1. Iron Heart said on June 13, 2019 at 9:01 pm

      To block all ads, including the supposedly harmless ones.

  9. Steve#99 said on June 13, 2019 at 4:06 pm

    I see google as an absolute privacy threat in much the same way microsoft has become and amazon is becoming. Thus, I like to keep my machine safe from these stalkers, especially when I use Chromium & Iradium. I use every tool available, using dnscrypt & ublock rules like these…

    If you don’t use dnscrypt (or, even if you do, hosts entries keep your dnscrypt logs cleaner and block the tracking & stalking faster), you can add entries like those below to your C:\Windows\System32\drivers\etc\hosts file. Instead of, I use unique ip addys. This allows me to monitor attempted connections if ever need be.

    1. Kubrick said on June 14, 2019 at 11:26 am

      I am curious that you chose chromium when you see google as a privacy threat and iradium i have never even heard of..Chromium connects to google servers straight off the bat when opened so your logic seems odd.How are you averting your ISP provider just out of interest.?

      The more you try to hide the more visible you become.You actually look more suspicious this way.

      1. Steve#99 said on June 14, 2019 at 3:52 pm

        Iridium is a Chrome Clone I use for general browsing (originally I misspelled the name in my post). I use Chromium strictly for email, which is only allowed access to my single work email IP and no other IPs. I don’t use any of google’s services so I can block all of google with windows 7 firewall (aka W7FW). I will be returning to Firefox soon, as soon as the bitter feeling leaves me because.. well… allowed user control in Chrome is 100% awful.

        I use belts and suspenders so… uBo is my first line of defense, I use the stock filters and a long list of my own custom entries such as,, etc. I don’t fill my host file with allot of entries, mostly used to block frequent offenders – to keep the dnscrypt logs clean. Next defense is dnscrypt, which allows wildcards but can be difficult to fine tune at first. I use far-reaching wildcard filters that would probably ruin most people’s machines, such as: *google* *redirector* *telemetry* *beacon* *pixel* *windows* *microsoft* (one filter per line btw). For the rare occasion I have to go to microsoft, google, etc I have single click macros that auto insert whitelist filters, restart the dnscrypt service, and disable corresponding W7FW rules. A corresponding reverse macro reverses the whitelisting. I also use an obsolete enterprise tool that gives complete control over what programs can execute and where, what ports are blocked, and blocks dir/file activity. I customized it so when enabled, my machine cannot change any system dirs/files, cannot execute apps outside those dirs, and cannot access the internet except through a handful of trusted or controlled tools like browsers/curl/fzilla/etc.

        You raise concerns of looking suspicious but I’m not worried at all. First, my internet life is boring & tech oriented. Besides, google et al never get that chance to be suspicious because as far as these corporations are concerned, my machine does not exist and never connects to them. As far as my ISP, I use dnscrypt and do occasionally use a vpn when some privacy is desired. Care must be taken when using dnscrypt and an openssl vpn together. You have to manually break your local dnscrypt connection once a vpn connection is established. Once broken, a new dnscrypt socket will be established through the vpn. Otherwise if the original connection is not broken, all dns lookups will be local through your real IP. Not a big deal, but it is leaked dns data. Note1, if you use a vpn client like torguard or nord, those clients very effectively take care of all routing details for you, but you’ll loose dnscrypt during that vpn session. Note2, the dnscrypt/openssl issue requires hard & manually forced openssl settings and most machines will never be effected by this issue. Using openssl defaults, it does a fine job with routing much the same way as torguard/nord does.

        Contrary to corporate wishes (aka greed), users can take complete control of their machines, even while using the most privacy intrusive browser Chrome and harmful OSs like Windows 10 (which I would never use either of btw). It just requires about 10 hours of work to fully understand very effective tools like uBo, dnscrypt, W7FW, and other related tools. Once setup, your settings are easily portable and can be carried from computer to computer, so a few hours of smart work up front goes a very long way through the decades and across machines.

        PS: Other tools like wireshark allow us to measure the effectiveness of our settings. But, we don’t need hightech, our humble senses can warn us, even a switch is a good tool. If we see allot of blinking while not using our machines, and we have windows update disabled, we might have a problem. Is our machine idle but the hard disk is going crazy? we have a problem (probably a service that needs disabling. Related, I always delete every file/folder inside this folder: C:\Windows\System32\Tasks\ Lookup what that dir is, to understand. I also disable the tasksch service. My view is, I might loose some things but gain privacy and control. A windows defender task is in there, which I don’t use, so think & proceed with care). Fan running hot?, probably a crazy script or a cryptominer… etc These are all indicators our machine is signaling to us but tools like wireshark and procexp inform us with understanding and facts.

        My personal fav dnscrypt tool here:

        uBo defaults are highly effective, enhancing the privacy of the masses. But there is allot of info avail on how to customize it

        procexp, tcpview,, etc, ironically from microsoft (but really MarkR)…

        The below fw rule’s quote marks will probably get mangled due to html formating, but in the U.S., a windows 7 firewall rule like the one below will effectively block your machine from ever connecting to google. So, no matter what dns undetected whitelisting google sneaks into chromium, this blocks your machine from contacting google. Once installed, google will not know you exist. However, say goodbye to youtube, gmail, translate, google dns, and google search, et al.

        I’m not a privacy nut and enjoy youtube and use google user content, maps, & translate every now and then. To do so I simply use firefox and temporarily disable the below GoogleBlock rule.

        netsh advfirewall firewall add rule name=”GoogleBlock” dir=out action=block enable=yes remoteip=,,

      2. steve#99 said on June 14, 2019 at 7:01 pm

        oooops, think openVPN above where I wrote openSSL, had openSSL on my mind.

    2. Hershes said on June 13, 2019 at 11:05 pm

      Interesting idea. I use Dan Pollock host file from

    3. Steve#99 said on June 13, 2019 at 4:09 pm

      oooops, remove http:// from any blocking entries, I don’t know how they got in there. Also sorry, due to the list I didn’t realize that was going to be so long.

  10. Toomuchtalk said on June 13, 2019 at 3:53 pm

    Google wants more adds and data from users. What is not to understand ?

  11. Anonymous said on June 13, 2019 at 3:20 pm

    546,682 network filters + 233,447 cosmetic filters

    I can’t and also never comeback to chrome :D
    Also i think the new api will prevent optimizations that ublock do.
    My ublock use 20 MB Memory with this much filters in firefox.

    (All my filters also are from many source, i didn’t used some big bloated lists like energised :3)

    1. ULBoom said on June 14, 2019 at 8:11 pm

      That’s a huge number. I have around 100,000 plus another 30,000 or so in hosts file. Ads, social media, privacy, malware, phishing.

      You may want to reconsider your strategy, at some point too much protection, replicated protection, makes browsers slow dramatically. You only need one of everything.

    2. Iron Heart said on June 13, 2019 at 9:07 pm

      Mozilla will implement this, too. Wait and see.

    3. Anonee said on June 13, 2019 at 8:05 pm

      @Anonymous, Jesus christ, over 780,000 filters in uBlock alone?
      What did you do, just turn on every list you saw?

    4. Rick said on June 13, 2019 at 6:01 pm

      Too many sources, I think. I wonder if you’re shooting yourself in the foot there. 800K is 4x what I have–with no ads or tracking.

  12. fedup said on June 13, 2019 at 3:11 pm

    Over the years I have see Google make changes to their services and browser and they always trot out the security flag as a reason of implementing changes. Its like politicians trotting out safety of children whenever they want to pass snooping laws.

    Google over the years has removed them from following current session only cookies so that when a browser set a cookie for the current session that once that session was terminated you were logged out. They then removed the option on Gmail account login screen to not keep you logged in to your account because it supposedly confused their users. Ya right Google. It does not make something true if you say it enough times. Now you have to remember to logout of Gmail account before you close your browser if you want to keep your Gmail or other Google account secure.

    Personally Google wants to be able to track you whenever you use your computer.

  13. Moonchild said on June 13, 2019 at 2:32 pm

    Why isn’t Chromium leaving this limit out of its code? This limit is very much a Google Chrome (commercial) decision that should not reflect on the Open Source Chromium core.
    That way it also won’t impact Chromium-based alternatives.

    1. John Fenderson said on June 13, 2019 at 5:04 pm


      I think it’s because they actively want to limit the effectiveness of such extensions to the greatest degree that they can, and making the changes to Chromium is a big part of that.

      1. Iron Heart said on June 13, 2019 at 9:03 pm

        @John Fenderson

        That’s not to say browsers like Vivaldi and Brave won’t just lift that limit for good.

      2. John Fenderson said on June 14, 2019 at 1:14 am

        @Iron Heart:

        I’m sure they will, but doing that will bring similar issues as Firefox forks that want to retain the old extension system have. Eventually, they’ll have to either become fully independent products or accept the new limitations.

  14. GoogleDomination said on June 13, 2019 at 2:25 pm

    150k, darn my ublock lists hovering around 130-140k and thats just ublock.

    Add other content blockers/bypassers/cachers/etc. like Decentraleyes, Universalbypass, Nano Defender, Tampermonkey Scripts, P.Badger, etc…

  15. Pseudonym said on June 13, 2019 at 11:35 am

    uBlock Origin needs 155,000 entries for me. And uMatrix 91000 entries. But I use Firefox anyway.

  16. Deo et Patriae said on June 13, 2019 at 11:29 am

    Currently I use on my Ublock 60.000 filters. I’m pretty sure they could make it 30.000 because by now many filters are deprecated, but that requires A LOT of job. I don’t think the creators would take such a massive undertake. Unless they start creating new lists only with the essential and best filters. Also unlikely. What I don’t find unlikely is that we, the people, find a way again.

    If nothing will work, too bad I will lose my beloved Edge Chromium. I’l go to Edge with Nano Blocker which is based on Ublock but get regular updates.

  17. Let's make Google just a search engine again said on June 13, 2019 at 11:25 am

    Google can come up with as many sugarcoated lies they want, the truth is that they underestimated the power of the internet and their plan backfired in spectacular fashion. This megad**k move by a superd**k company would have caused a monumental mass-migration to other, BETTER, browsers. A migration that actually should take place even without Google playing God and abusing their monopoly..

    1. Apparition said on June 14, 2019 at 6:45 pm

      What better browser? The only two browsers that don’t use Chromium as a foundation are Mozilla Firefox and Apple Safari. As to them being better…

  18. Ray said on June 13, 2019 at 11:20 am

    It was coming all the way. They waited 10 years to push that through. Google is an ad company for god’s sake. Anything they do is to get to push ads to people. Accept it and use Chrome or use Firefox and at least choose which ads you want to see on the sites you like (eg Ghacks)

  19. Thorky said on June 13, 2019 at 10:43 am

    The Google-Gospel

    We are all in their, Googles, hands, we are all in their, Googles, hands
    We are all in their, Googles, hands – we are all in Googles hands

    Google’s you and me, sister, in their hands
    Google’s you and me, brother, in their hands
    Google’s you and me, parents, in their hands
    Google has the whole world in their hands.

  20. flash said on June 13, 2019 at 9:49 am

    God, what a mess. Google is going to make minimal changes to this thing for a long time and the average will be brainwashed by their willingness to compromise to user demands.

    Even so, 150k global rules aren’t enough and Google doesn’t understand that that’s isn’t even the real problem.

    First, I barely fit below that with 146,932 network filter rules currently, but if I were to use HTTPS Everywhere or any other privacy-related extension that comes with its own rule set, I’d hit the 150k.

    Second, too few people understand that, even though average users will still believe they are in control through their own filter lists, this change is going to GIVE THE AD BLOCKING POWER OVER TO GOOGLE and they can decide what blocking technique to implement and what not to. The greatest advantage of ad blockers as extensions has been that developers could react quickly to changes by ad publishers and do so platform independently. What do you want to bet that Google won’t care one iota about adding requested content blocking features to the API? I can already see how that is going to play out.

    For myself, I’ve already decided to quit any of the few Google products I still use once this change goes live and the old blocking webRequest API will be disabled. It’s not going to change anything for Google, but I’ll feel better not compromising my values.

    1. Mark said on June 14, 2019 at 11:30 am

      and to add/make clearer a fundamental part of this comment…. The webRequest API stops the elements from being download. Fullstop. Using the new API will allow google and to track you even if the ad is not displaying so they can still build that famous profile.

      And to make everybody remember that profile is who you are, what you do, how much you spend, where you are geolocated at least roughlky from your IP address or more accurately from your mobile, your movements on a laptop & mobile, where you visist restaurants, palces etc… your name, surname even potentially your credit card (google wallet or you pay for google photos etc…), your phone numbers from your google accounts recovery options, your friends phone numbers from android contact list sync to gmail/google and lots of others that I forget.

      Then they sell this to god knows who and make money on your back or they loose it via some hack which is only a matter of time :(

    2. Al said on June 14, 2019 at 9:24 am

      The limit is PER extension. And technically speaking, google’s own built in adblocker would block some of the sites already (no need to double up)

    3. Anonymous said on June 13, 2019 at 2:36 pm

      Exactly. It would be an error to focus only on the filter number limit, it’s not the only problem here.

      > Google notes that the proposed changes were never designed to “prevent or weaken” ad blockers on the Chrome platform and that Google’s main motivation behind the change was to “give developers a way to create safer and more performant ad blockers”.


      1. Kiddo said on June 13, 2019 at 9:16 pm

        Think of the children!

  21. Sigitas said on June 13, 2019 at 8:59 am

    Hmm, maybe i’ll return back from firefox then. Currently my ublock origin use ~130k rules.

    1. Ronald McMacky said on July 7, 2019 at 1:33 pm

      Looks like its time to migrate to FireFox. I’ve been a die hard Chrome user, but I’m tired of getting bombarded with ads on every site I go to. And when a site tells me I MUST disable my adblocker to read an article… I immediately leave that site.

    2. GoogleIsDead said on July 7, 2019 at 1:28 pm

      Yes, the moment yousers see an ad, you will switch to a browser that isn’t garbage

    3. Mr Stank said on June 13, 2019 at 6:01 pm

      I was thinking the same thing.

    4. Janne Granström said on June 13, 2019 at 5:49 pm

      why you wanted move from better browser to chrome?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.