uBlock Origin 1.40 Update introduces a workaround to block YouTube ads that were loaded at Chrome startup
Recently, some users chimed in about a similar problem with uBlock Origin in Chrome. The open-source ad blocker let some YouTube ads through in Google's browser. But this didn't happen all the time, only in specific scenarios, like when leaving a YouTube tab as the last active tab, and closing the browser. Upon reopening Chrome, the ads came through.
A member of uBlock Origin's team, who was investigating the issue, proposed a change, to make tabs reload after the ad blocking plugin is ready to filter the web requests. That could be a potential solution for stopping the ads before they could be delivered. But, Raymond Gorhill, the creator of the add-on, said that making tabs reload unconditionally would be a bad idea, especially if the user has hundreds of tabs. Imagine if all the tabs reloaded simultaneously, that could result in chaos.
uBlock Origin 1.40 Update prevents YouTube ads from loading when Chrome starts
Gorhill suggested that the extension should only reload when a network request has been made by the tab. The developers worked with this in mind, and introduced a commit at the add-on's repo. They have enabled a feature that was previously being tested, it's referred to as suspendTabsUntilReady. The new version of the add-on, uBlock Origin 1.40 brings the fix for the YouTube ads at Chrome startup.
With the change, uBlock Origin will reload active tabs when Chrome is launched, while ignoring the tabs that were inactive/suspended. The update for the extension also includes a couple of other improvements for the My Filters Editor's auto-complete functionality, scriplets, defusers, and the issue reporter. Pop-up filtering now supports a new scriptlet, window-close-if. The update is not yet live on the Chrome webstore, Opera Addons store and Microsoft Store, but is already available on Firefox's AMO.
This YouTube ad issue isn't new per se. A few months ago, Opera browser's default ad blocker had the same problem. After reading user reports, I observed the same pattern when I tested the browser. It was generally agreed by the tech community that YouTube was changing the way ads were delivered, as a counter-active measure to prevent ad blockers from throttling ads. The issue was patched in a later version of Opera.
Google will stop supporting Manifest V2 extensions in 2023, to force developers to shift to Manifest V3 sans the webRequest blocking API. But the search giant is already messing with ad blocking. When support for V2 ends, it will effectively break the functionality of adblockers, including uBlock Origin for Chrome. Many users are worried about it, and are hoping the extension will somehow work in the browser after the dreaded change is forced upon developers. Can you blame them for being concerned? Here's an interesting article by the EFF, that talks more about the technical details of Manifest V3.
Fortunately, there are alternatives that you may want to consider switching to. Vivaldi and Brave have confirmed they will not implement V3 in their browser, and Mozilla will implement its own version of Manifest V2 with the ability to perform cross-origin requests, it will continue supporting V2 for a year after it has been deprecated. As for Microsoft Edge, I recommend reading about recent issues circling the browser, before deciding if you should switch to it.
Have you been getting YouTube ads on Chrome with uBlock Origin?
Yes I noticed this YouTube ads-not-blocked issue last week with Chrome and uBlock 1.39.2. I also noticed that YouTube ads were still effectively blocked in Vivaldi with uBlock 1.40. So Chrome users might consider switching to Vivaldi for watching YouTube.
The main question here is of course: why is this a problem? It’s a problem because the ads in YouTube are way too intrusive. Most people probably would have no problem at all when Youtube restricted itself to inserting static ads at the top of their pages. But the injected video ads in YouTube interfere with the actual content. These ads often even disturb, interrupt and thereby diminish the user-contributed content in a way, and to an extent, that’s by most of us felt to be not just irritating but insufferable.
As long as some ad-supported media do not have the wisdom to restrict themselves to more acceptable ways of advertising (and thereby, in fact, reaching a wider audience) this kind of cat-and-mouse game between ad-pushing media and ad-blocking consumers will continue. I fear that this is not a win-win, but rather a lose-lose game.
Might actually consider switching away from Chrome permanently, not just for watching YouTube. Would be nice if enough people would switch away for good and send a message via declining market share.
Well, enough said for me!
uBlock Origin works best on Firefox – https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-best-on-Firefox
Henk with Vivaldi 5.0.2497.32 the latest Ublock update has come no further than 1.39.2?
The same goes for Google Chrome 96.0.4664.110 stble (64 bt vrsn).
I have tried both to update right now but still there stuck in the Ublock version 1.39.2.
Ublock is open source, so you should be able to check out their GitHub and compile the latest yourself.
uBlock have reported that 1.40 is delayed for Chrome like browsers.
dont need Vivaldi for that, just use the Development version an test that
Any user who has hundreds of chrome tabs loaded has already created chaos . A developer who believes he has to protect such a user is in favor of sustaining chaos.
Hundreds of tabs are just an extreme example (the average user has no more than a dozen) and the protection of such users is not a point of this update at all.
Pointless off-topic philisophizing comments is what keeps the chaos going.
Chaos? Right now I have 7425 tabs in my main Firefox window. Only 33 of them are loaded, though. Then I have other 36 tabs in temporary windows that I won’t keep around, since I try to not reach 10k tabs. There is no chaos at all.
Any user who has “hundreds of open browser tabs” has already created chaos. Any developer who believes he must protect such a user is probably thinking of protecting his own poor work habits.
Seriously I don’t understand why they do not use bookmarks. The tab contents are not loaded just like bookmarks, they’re just hanging there making the tabs tiny and hard to click.
> Seriously I don’t understand
Different people have different habits. And different cognitive abilities to understand this diversity.
bookmark / speed dial is only for “frequently visited” stuff, also dont wanna clutter the ui with thousand of temporary bookmark entries / folders. imagine the click / scrolling through em.
nowadays “tab grouping / stacking” is a thing.
Cluttering UI? Just put them on one folder? Stacking thousand of tabs are not cluttering UI? It’s just beyond me lol.
dude…vivaldi tab stacking are compact…or tree style tabs…it look organized. heck 100 tab on chrome tab grouping are usable
scrolling everything in one folder? bruh…what about bulk opening? hundreds tab in 1 go? or open 1 by 1? click,click,click,scroll,click,scroll,scroll,click.
seriously, tab grouping/stacking + session restore is the way…while average user may not open much tab, doesnt mean others didnt.
its not beyond you bruh, you didnt try yet. also there a different between cluttered and organized
take vivaldi tab stacking as example, there is “two-level” option available, i can make 100 tab look like 4 tab only. it lacks title-ing tho so i just google the keyword & make that tab the first tab in stack.
correction : u can actually titled the tab stack. right click and then rename tab stack, cant believe it just pass by my eye before lol :). probably because others offer to name the stack/grouping first before actually do it.
Unless something has changed the way adblockers work it still makes all the requests and just blocks after the fact.
Any hosts/dns based solution will block the _Requests_ so nothing is sent to begin with.
This solution is sytem wide. All browsers, All apps. Anything connection sharing like HotSpot.
One hostfile to maintain and everything is covered equally.
Anything else is just playing whack-a-mole.
> Unless something has changed the way adblockers work it still makes all the requests and just blocks after the fact.
Ublock Origin intercepts these requests and blocks them from reaching the ad server. :)
Also, a hosts/dns based solution can’t block e.g. YouTube in-video ads, because they are hosted on the same domain.
Could uBlock devs not just create a localhost MITM websocket & HTTP[S] proxy and just use the webExtensions system to tell Chrome to use that proxy?
This way no more Manifest V3 & Ad blocking prevention tyranny.
OCSP, OCSP Stapling, CRL checks would be done by the MITM proxy.
Certificate Transpency lookups can be done by the MITM proxy.
Certificate Transparency is not required by Chrome if you do not use a publicly trusted root certificate.
Even if it was, you could safely disable it with a group policy since the MITM proxy would do it for you when facing publicly trusted root authority certificates.
Extented Validation checks can be done using it as well even though you will not get any EV indicator in the url bar when using your own certificates.
Same for TLS certificate verification.
Then the MITM proxy on localhost would generate a clone of the original certificate attributes but it will make it with its own private key.
The MITM proxy would prompt the user to trust a Root certificate generated on the user’s computer. It will be in the Current User certificates store.
Then whenever it wants a request blocked, instead of trying to block it uBlock should inject the ‘uBlock_MITM_Blocked: true’ header in it before letting it go.
Then the MITM proxy when it sees the request with this header will block it directly bypassing Chrome tyranny.
I mean, if Chrome does not let you block requests then instead of blocking it just use a standalone MITM proxy that blocks it for you.
Basically the method is that instead of blocking a request you inject a ‘MITM_Please_Block_That_Request’ HTTP header.
When the MITM proxy sees it the request is blocked.
This could be a quite intetesting concept should Google ever attempt to be your authoritarian digital nanny.
Regarding the safety of the root certificate private key for the MITM proxy, you can in theory cook up a malware that reads the MITM proxy’s private .pem file for the already trusted cert.
Then using it for capturing encrypted traffic.
But you could always use the concept that the MITM proxy is itself a folder locker service that only allows itself to read a folder (using callbacks, no ACLs).
When any process other than itself wants to access it access is denied.
You could use HIPS-like technology to block WriteProcessMemory, injection of DLLs into it etc as well.
I believe that eventually Google will remove uBlock Origin altogether alongwith all Manifest v2 extensions from the Chrome webstore.
Just like what Mozilla did with XUL addons.
And just like you are not allowed in Google Play to allow downloading of YouTube videos / create a YouTube client, Google will probably remove all addons that allow blocking of Google Analytics, AdSense, YouTube ads etc.
Also knowing that Google cans remotely blacklist any extension you already have.
When it does your extension is grayed out in the extensions manager and you cannot enable it anymore.
uBlock Origin developers should explore alternative options such as delegating important tasks that Chrome hinders to external out-of-browser programs that run outside the oppressive Chrome API.
Just drafting the general concept, the rest is probably better drafted by the uBlock devs themselves.
In Android we already use this very same concept for ad-blocking, since Android web browsers are trash for customisation, privacy and so on.
Only Firefox for Android supports uBlock Origin and even then you need to tweak all the about:config options.
Because Mozilla always sets nefarious settings like telemetry & extension blocklist check to the worst default value it cans have.
In Android the VpnService is used for hooking DNS requests & WebSocket, HTTP/S traffic.
When you want to escape a jail it’s hard to do it yourself.
Instead you should use the ‘API’ the jail provides to talk to a person outside the jail system.
Then the person outside the jail system will be able to assist you from outside, without jail restrictions in getting you out.
I believe this is how evasions are been done most of the time in history.
Well, now you want to escape the Google webExtensions jail?
You should lookup real-world history and you will find the solution that worked for people back in the time, and perhaps still works.
By the way, escaping jails using outside help is exactly what jailbreak refers to for iPhone devices when you use a PC to jailbreak them.
Things that would have been hindered using only untethered iOS was made possible using its vulnerabilities from outside the jail (with a PC).
Wow, another stream of consciousness revelation. Strange, these guys are usually active in the spring and fall.
Good points, but wrong on one thing. You can, and I do, run both ublock origin and uMatrix on Android in Kiwi Browser, well based on Chromium, of course, but it works, and much better than new Mozilla Android crap.
If you go to Devtools and check the network tab, you will see how it gets blocked before making any connection, you can even block script and domains out of the box with devtools and it works exactly how Adblockers do it because of the API.
If you want to see it, then use a firewall and check its logs, even native Windows Firewall will show you that, not easily but it can be done. you should see similar connection IPs being done in both logs, Devtools and Firewall, now if you add a rule to block all the scripts and images and css and anything that is not the website itself, then you will see less connections being allowed in firewall. Of course you need to do it well, like you have to take into account that the browser will have cache and all that, so the browser will not download stuff again. The easiest way to test it is have a simple website link, then open InPrivate tab, then open Devtools, clear the Firewalls log (so it can be easier to see since browser will have to connect to other IPs on start) then when everything is clear and nice and opened, visit the website and you should see it for yourself, then go to adblocker and block stuff, close browser and do the same thing and when you open the website you will not see the same connections.
And you should know that using hosts/dns to block Browser request is really not good, I mean, it can be done, but compared to an adblocker, there is really no benefit, first, it will be slower the more hosts you add and second, the point of using an adblocker is blocking connections that will be in the same domain, which means 1 IP will hold many elements of a website, yeah you can block it but you will also block stuff that has nothing to do with tracking you in a malicious way, of course, when you visit a domain, you are already giving your IP so blocking any 1p tracker is pretty much useless. Adblocker should be blocking the 3p trackers, that’s when it is useful, but a host will not make any difference from 1p vs 3p, it will not filter elements inside an IP, and a website might use different IPs, which means you need more IPs to block elements, when an Adblocker will use the address of the connection regardless of IP, so it will block better.
That’s why adblockers are important and why a firewall is not a good way to block anything in websites compared to an adblocker.
Still the very best, nothing compares to uBO.
Well Adguard adblocker is pretty good, it has really good advanced features and sometimes they are even easier to write rules for than with uBlock.
The problem is their advanced features sometimes consume a lot of cpu compared with uBlock and that’s why adguard is not better than it. But Adguard is pretty good too, unless you use the advanced rules that you probably don’t use in uBlock either in the first place.
Adguard HTTPS filtering is one way around manifest v3.
@common sense computing
Well, the solution is actually called Native Adblockers and then manifest v3 won’t matter, but even that, nobody knows how much will manifest v3 affect adblocking until people like Hill implement the manifest v3 stuff in uBlock.
anyway, the problem with native adblocker is that only Brave has made the job to try to be closer to uBlock, it still misses some advanced stuff like procedural cosmetics but Brave’s adblocker even implemented $redirect recently, also $redirect-url rule which uBlock didn’t want to implement because security risks but Brave controls it so you only have to trust them for that (ABP has it implemented as $rewrite and it is weird and it looks like it would create the issues the Brave tries to avoid).
Anyway, my point is the other browsers have terrible adblockers, Opera one is decent but still limited, I literally loaded a personalized list I have which works in uBlock and Brave with cosmetics and network filters and it didn’t work as great as I thought, like no cosmetics worked or anything.
So they are pretty basic, and they won’t be able to block advanced stuff.
Brave adblocker is literally the only Chromium one that can do CNAME Filtering, yeah, it is the reason “oh Brave is leaking your DNS data blabla” when using Tor and VPN etc etc but it is because they are the only ones who tried to workaround Chromium limitations by adding their own way to do cname filtering which is a new way of tracking you.
So if all browsers worked in a good native adblocker it would be the way to real way to fight and don’t care about manifestv3.
I’ve been using AdGuard for Windows for over a year now. Blocks all ads at a system level even before they get to the browser. Plus it offers a lot of other security features. v3? Who cares? LOL
Some people block ads on router level too..
The point is it’s easy to just install extensions to block ads and people only need to block ads in their browser.
If said browser can’t block ads anymore, expect people to move to other blocking alternatives.
I have a stripped version of Chromium and use AdGuard system, so no ads. If there were a way, Google would spray your face with ad juice and ads would appear in front of you where ever you went.
Wait! That’s the Metaverse! Demolition Man without robes.
This trick is not surprising considering YouTube’s Facebook style scummy algorithm. As an aside, I try to visit my Google Account page(s) and suffer through its deliberately confounding navigation to be sure they haven’t added a bunch of tracking junk.
Meanwhile, an extension called Eraser Button lets you clean collected data whenever you want, a good thing to hit before closing since Chromia close with everything saved, load it on open, then clean it if you have clean on close selected. No end to lying liars who lie in Techlandia.
I’d never consider using Chrome or Edge. If you must, maybe Brave or something from here:
One of the blue ones is best for most users. Even in those, you’ll spend a lot of time turning off the ever increasing junkware in the browser.
Hi, ungoogled chromium user here. Would appreciate you sharing all the settings you used to set up your stripped version.
“Google would spray your face with ad juice”.
The truth presented in a witty and well written wordsmith way. Thank you the laughter…
Yeah, it’s the issue with Edge Chromium too. I noticed the ads when waking up my system, and continuing on YouTube tab. The ads would comeback, and gone when refreshed the page.
Edge is great, but MS keeps degrading it with new features and updates. Brave is great on my macOS; no third party adblock ext required. The default built-in adblock works great. I’m thinking about switching to it on Windows. It’s basically just Chrome dressed for better privacy protection.
Will be interesting in 2023, when people WILL abandon Google Chrome because of this. Then we will all laugh our asses off when Google tries to convince everyone that ads are the best thing ever, please come baaaaaaaack….! Brave will be the winner here, and maybe even Firefox. Who knew. But if Google wants to shoot itself in the foot, be my guest. The second I have to watch even a microsecond long ad before watching anything on YouTube, and have no other options, then I stop watching YouTube. Double standards are great, first you host billions of illegal videos and then you want to monetize on that..oh and let’s not forget all the gazillion trillion illegal software, ebooks etc etc people find just because of your search engine, that you also monetize. Google is hypocrisy defined. Be evil.
Firefox is a pile of trash too nowadays.
Literally all the privacy-conscious people who used Mozilla not because it was good, but because they wanted to support the fight against abuse of privacy rights have all recognized that Mozilla turned into absolute shit.
They all now use either:
– Old Firefox
– Firefox for
– Different browser
– New Firefox with tons of tweaking, patching, deleting auto-updater etc.
Mozilla became exactly what they fought against.
They are corrupt.
They actively attack users with tons of garbage update after garbage update.
Users who resisted were punished by Mozilla deleting all the good addons from the AMO (XUL / XPCOM addons).
Also, users were very unhappy when Mozilla started abusing the extension blocklist system to remove extensions deemed ‘too aggressive’ in the fight against privacy abuse directly from the user’s extension list.
Even before WebExtensions developers of extensions were given a ransom demand by Mozilla that they either update their extension to the more recent and more restricted Firefox versions or their addon would be deleted from the AMO store.
Developers who refused the ransom had their addons removed from the addon store.
Developers who made ‘my punch in your face yeah, no please requested’ kind of extensions had their addons blacklisted.
Bullshit addons that automatically accepts all cookie banners were cheered and featured by Bullshitzilla.
Addons that told websites to fuck off and get a punch in their face with no pleasing (‘too aggressive’ extensions which worked in a totally different way) and simply blocked all tracking cookies, blocked the cookie banner script and hid all useless cookie modal without clicking accept were shamed, shunned, and blacklisted by Mozilla.
Mozilla had gone totally dumb with cheering the bullshit Do Not Track (DNT) HTTP header.
Do Not Track was a bullshit ‘feature’ fully endorsed by Mozilla (of course!) that told websites ‘please, please do not track me. Of course I give you all my data in the first place but please I trust you do not track me.’
Initiatives that aggressively punched tracking companies right in their faces by simply blocking all data from being sent to them were deemed ‘dangerous’, ‘hostile’, ‘threatening’ etc.
Still today mobile phone users are told that having root access on their devices is dangerous.
People with ‘aggressive’ devices that ‘do not correctly submit to full obedience’ are banned from banking apps, games such as Pokemon Go, social media such as Snapchat.
Corrupt organizations like Mozilla advise users to tell application developers ‘please I would like that you do not track me…’.
Generally they say ‘you need to go to the application’s settings and disable the use of your data for marketing purposes’.
Mozilla & such bullshit ‘non-profit’ orgs will never, ever suggest to people that they use e.g. XPrivacy to poison the tracking libraries of Android apps with fake IMEI, call log, contacts, fake geo-position etc.
Even the EFF (Electronic Frontier Foundation) is dumb as hell.
‘privacy self-defense’ of what? Of asking ‘please don’t track me?’ that’s the EFF just for you.
All they know how to say is tell dumb stuff like ‘please make it illegal to spy on people’.
If they were serious they would promote tools that actively attack tracking systems by poisoning them with fake data.
Or they would explain to people how to install a root solution & a root Firewall on their phones.
They would promote blocking & refusal to give sensitive data at the device level.
Mozilla is what I shame as a ‘permission-seeking obedient organization that wants to be given orders by the big bad boy tracking companies’.
Do not trust Mozilla, EFF, etc.
All trash. If you want to prevent tracking then either give fake data or block the data from being acquired in the first place.
Making it illegal to spy on people is bullshit.
It’s already illegal to kill people and guess what, people kill people!
Using trash like DNT to ask websites ‘please I request that you do not track me’ will give the websites heart attacks from laughing so much while they slap your browser so hard and dishonor your politely-expressed *request*.
Don’t just say ‘please do not track us it’s bad’, just make it practically impossible to track people in the first place!
Mozilla, is a full-blown authority-seeking, permission-asking, unquestioning, obedient organization.
They will not help you.
There’s a solid reason they get big bucks from Google & Microsoft even allowed Firefox to be on the Microsoft Store.
Ungoogled Chromium would NEVER be allowed on the Microsoft Store.
Because it disobeys tracking orders & protects people.
Firefox politely requests that it please does not get tracked but still gives all your data anyway.
Think about it…
I will never even donate to such ‘non-profits’.
My money is reversed for actual solutions such as XPrivacy, GPS spoofers, things that actively attack/jam the mechanics of the tracking solutions.
THAT is self-defense. Self-defense means fighting back.
Asking mommy regulators to please make it not allowed to spy on you… ahahahaha…
Take that EFF, take that Mozilla, useless non-profits.
Dump Mozilla where it belongs, in the bin.
You could even order them to jump in the bin themselves, they will obey you.
Ublock Origin is available in FF, not in Chrome
Ublock Origin 1.40, I mean