AdGuard launches Manifest V3 compatible ad-blocker for Chrome

Martin Brinkmann
Aug 30, 2022
Google Chrome extensions
|
68

AdGuard, the company best known for its content blocking solution, launched what it calls the "world's first ad blocker built on Manifest V3".

adguard chrome manifest v3

Chrome and Chromium-based browser users who have not followed the news regarding the future of extensions in the browsers, may need a quick explanation to better understand what is going to happen in the coming months and years.

Google announced plans to release a new Manifest for extensions in 2018. Manifest V3 defines what extensions can and can't do in the Chrome web browser, and any other browser that implements it. Extension developers, privacy advocates and users criticized Manifest V3 shortly thereafter. The developer of uBlock Origin, who maintains one of the most respected content blockers, said that the release of Manifest V3 could mean the end uBlock Origin for Chrome.

ADVERTISEMENT

Some browser makers, including Mozilla, maker of Firefox, stated openly that they would not implement the limiting changes of Manifest V3. Google made some concessions, but went ahead with the launching of Manifest V3 in the company's Chrome web browser.

Starting in January 2023, extension developers may no longer publish new Manifest V2 extensions or update existing ones. From June 2023 onward, Manifest V2 extensions won't run in Chrome anymore.

In other words: extension developers need to update their extensions to be compatible with the new Manifest V3 or end development for Chrome. Some Chromium-based browsers may modify the default behavior to support Manifest V2 extensions, but most won't, probably.

AdGuard MV3 Browser extension

AdGuard published a new browser extension for Chrome and other Chromium-based browsers that is based on Manifest V3. Users of AdGuard do not need the extension, as the main solution runs system-wide.

Work on the extension started in mid-2021. The developers note that the new APIs of Manifest V3 caused a lot of headache during development. While they managed to produce a working content blocker based on Manifest V3, they concede that it has certain limitations that Manifest V2 content blockers did not have.

One of the main issues of Manifest V3 is that it imposes a fixed limit of 330,000 rules for all extensions installed in Chrome. Any one extension has guaranteed access to 30,000 rules. The number may sound like much, but when you realize that modern content blockers rely on tens of thousands of even hundred thousands of rules, the limitation becomes apparent right away.

Take uBlock Origin as an example. The default configuration of uBlock Origin uses 80435 network filters and 45243 cosmetic filters; that is already more than four times the minimum guaranteed rules limit. Users may add their own custom rules to many content blockers or subscribe to more rules listings. It is easy to reach the 330,000 rules limit with just one extension.

adguard mv3 browser

Now imagine that other extensions are installed that rely on rules. These compete with each other then when it comes to the limits.

Dynamic rules have an even stricter limit of 5000, which includes a limit of 1000 regular expression rules. When the limit is exceeded, only the first 5000 rules will be applied by the content blocker, while all other rules have no effect.

AdGuard MV3 Browser takes that into account. The developers have added warnings to the extension that inform users when the rules limitation is forcing the extension to reduce the number of rules that it supports. In fact, the developers note that even the basic filter lists, which is the primary list of AdGuard, may be disabled in the worst case, as it has more than 30,000 rules. For users, it can mean that the installed content blocker does nothing at all.

 

Closing Words

AdGuard's new browser extension for Chrome demonstrates that content blockers are possible under Manifest V3. Compared to Manifest V2 content blockers, Manifest V3 extensions can be less powerful due to the artificial rules limits of Manifest V3. Especially the competing part is troublesome, as extensions may stop working if rules limits are reached.

Most Chrome users may want to switch to another browser when Manifest V3 becomes the standard to get a reliable protection and not a chaotic one.

Now You: are you affected by Manifest V3?

Summary
AdGuard launches Manifest V3 compatible ad-blocker for Chrome
Article Name
AdGuard launches Manifest V3 compatible ad-blocker for Chrome
Description
AdGuard, the company best known for its content blocking solution, launched what it calls the "world's first ad blocker built on Manifest V3". 
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. ChromeFan said on August 30, 2022 at 1:35 pm
    Reply

    Am I affected? HELL NO.

    Chrome will continue to have ad blockers, for the people that want them. Google IS NOT prohibiting ad blockers, it welcomes them with open arms.

    Only Firefox fans have spread this misinformation, hoping their failing browser and dwindling userbase receives an influx of new users (dream on).

    That is not the only misinformation they have spread, ‘Google Chrome is a monopoly’. They don’t know what the definition of monopoly is, haha. They like to shift goalposts saying ‘Google Chrome has a engine monopoly’. No such thing, and you will be laughed out of court.

    Who’s the conspiracy theorists? You are.

    1. Tom Hawack said on August 30, 2022 at 2:27 pm
      Reply

      Am I affected by Manifest V3? Definitely not, given I do not use any Chromium browser even if, to quote the article, “Some Chromium-based browsers may modify the default behavior to support Manifest V2 extensions, but most won’t, probably.

      I’m running Firefox, I’m running uBlock Origin for Firefox, I don’t have to face Google’s Manifest V3.

      Is Google Chrome a monopoly? If you search for ‘Google Chrome monopoly’ you’ll find many, many answers, one of which states that Google, the company, looks more like an oligopoly (whilst Google, the search engine, inherently a simple monopoly) : [https://fourweekmba.com/is-google-a-monopoly/]

      But, after all, no one forces anyone to use Google and its various “services”. Of course may be mentioned some Google practices and above all Google brainwashing which manages to hold such strong market shares. All GAFAM companies do as well, i.e. Microsoft and its unethical behavior to push users to upgrade to Windows 10 : remember?

      I’ll stick to my belief, shared by many users, that GAFAM companies are the worst which ever happened to the Web, with a nevertheless lesser anger concerning Microsoft : they started it all, it’s only after that the company failed to be respected.

      There’s a new generation of users who understand what the Web is nowadays and provide talented developers to find alternatives to practically all Web services which are managed with one main policy : market share, whatever it takes to achieve that.

      So its up to each of us to choose : either follow the leaders, be tracked, be used… or adopt the new enlightened generation which strives for a free Web, but free in terms of your privacy before all.

    2. Sopota said on August 30, 2022 at 3:36 pm
      Reply

      “ Google IS NOT prohibiting ad blockers, it welcomes them with open arms.”

      Google is an advertising company, are you sure they like ad blockers so much?

    3. TelV said on August 30, 2022 at 6:14 pm
      Reply
    4. Iron Heart said on August 30, 2022 at 6:15 pm
      Reply

      @ChromeFan

      > Google IS NOT prohibiting ad blockers, it welcomes them with open arms.

      Nah, come on. Google hates adblockers, but they can’t do away with them entirely, as the user hemorrhage would be massive if they did (obnoxious ads on YouTube alone would make sure of this). So they go with crippling them, so while they technically still allow adblockers, in reality they reduce their effectiveness via insufficient upper rule limits.

      From a security perspective, users should be supportive of the Manifest V3 changes. The webRequest API uBO dev @gorhill is so fond of allowed extensions to directly intercept the connections the browser establishes, and to manipulate them. uBlock Origin used these capabilities for good, but do you know who else used them? A large swath of the malware and spyware extensions installable on Chromium! The webRequest API is optimal for spying on users and for redirecting them to malicious websites. If you keep it, you are basically shitting on very basic security concepts and you indicate that you don’t care about malware. Mozilla chose to keep it in Firefox, which is questionable.
      The new declarativeNetRequest API is an improvement insofar as extensions now “hand” their rules to the browser itself which then does the blocking according to those rules. This will eradicate spyware extensions! The asshole move of Google was to limit the total numer of rules that can be applied though; this really was done to cripple adblockers and not much else. Actually, the declarativeNetRequest API with no rule limit would be the optimal solution…

      Now, I don’t think this issue is as big as the Firefox community wants it to be (for obvious reasons that you pointed out). No native adblocker will be affected because those do not use extension APIs at all, so the native adblockers of Brave, Vivaldi, Bromite etc. will continue to work. I use Brave and I don’t an extension to do the adblocking for me. Not to mention that all systemwide adblockers like Blokada, AdGuard Desktop or network-wide adblockers like Pi-Hole are still available too.

      I don’t know what the Firefox community thinks will come out of this for them. Those that never had an adblocker still won’t care, those that use one will still have a limited one and will probably not even notice a difference, and those that need a potent adblocker still have other options like Brave because Firefox needs to come into play(!?). Chrome on Android never supported ANY extension to begin with, and how did Firefox do on Android? If anything, this will help Brave since it is known as the adblock browser basically. I think this is not a good change for Chrome users, but that the migration that FF promoters and fans hope for also certainly won’t happen. Just my two cents.

      1. Iron Heart said on August 30, 2022 at 6:17 pm
        Reply

        *before Firefox needs to come into play

      2. owl said on August 31, 2022 at 12:59 am
        Reply

        > The webRequest API is optimal for spying on users and for redirecting them to malicious websites. If you keep it, you are basically shitting on very basic security concepts and you indicate that you don’t care about malware. Mozilla chose to keep it in Firefox, which is questionable.
        The new declarativeNetRequest API is an improvement insofar as extensions now “hand” their rules to the browser itself which then does the blocking according to those rules. This will eradicate spyware extensions! The asshole move of Google was to limit the total numer of rules that can be applied though; this really was done to cripple adblockers and not much else. Actually, the declarativeNetRequest API with no rule limit would be the optimal solution…

        Mozilla’s Manifest v3 FAQ | Mozilla Add-ons Community Blog
        https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-firefox-recap-next-steps/
        Mozilla will maintain support for blocking WebRequest in MV3. To maximize compatibility with other browsers, we will also ship support for declarativeNetRequest. We will continue to work with content blockers and other key consumers of this API to identify current and future alternatives where appropriate. Content blocking is one of the most important use cases for extensions, and we are committed to ensuring that Firefox users have access to the best privacy tools available.

      3. Iron Heart said on August 31, 2022 at 10:19 am
        Reply

        @owl

        > Mozilla will maintain support for blocking WebRequest in MV3.

        How is that a good idea? How is granting extensions the ability to eavesdrop on all connections, and to change their destination at will, sane? Next to uBlock Origin, this is also the favorite capability of malware and spyware. The sane approach is what the declarativeNetRequest API does, minus the artificial rule limit obviously.

    5. fart knocker said on August 30, 2022 at 8:47 pm
      Reply

      are you illiterate? did you ignore the entire article describing the arbitrary limits google is putting on adblockers?

    6. Anonymous said on August 31, 2022 at 12:17 am
      Reply

      “Google IS NOT prohibiting ad blockers, it welcomes them with open arms.”

      That’s quite a bit of a stretch there, bud.

    7. Trey said on August 31, 2022 at 1:01 am
      Reply

      ChromeFan would have a better reception if their posts didn’t come off as belligerent troll bait.

    8. owl said on August 31, 2022 at 3:57 am
      Reply

      As ChromeFan has already declared, sympathizers justify their pet theory (cultivated values) by trivializing or perverting “what they do not want to believe” or by shifting the argument to their rivals. No good argument (logic) can be accepted by such sympathizers (ideas). History has proven this.

      Well, ChromeFan is the same kind of punk who “makes defiant statements out of a need for approval.” but they are so wildly outlandish that no one will listen.
      Such vile discourse, but it gets replies because “we must admonish the trolls and keep the flames under control”.
      Nonetheless, I admire Tom Hawack’s response.

      Gresham’s Law, “Bad money drives out good money.”
      Google drives out everything else.
      A compilation of historically universal examples is a “maxim” or “theorem”, which can always be substituted for and applied to them.

    9. Anonymous said on August 31, 2022 at 4:07 am
      Reply

      Effective troll. Its a pity some won’t learn from it.

    10. Yash said on August 31, 2022 at 10:34 am
      Reply

      One of my favourite parody accounts along with twitter.com/noncething. Always makes me laugh.

    11. grinch said on September 3, 2022 at 7:42 pm
      Reply

      That sounds like a fanboy ngl

  2. cdr said on August 30, 2022 at 2:47 pm
    Reply

    My home is protected by pi-hole.

    My android devices are also protected by Blokada.

    My router provides pfBlockerNG as an automatic failover if pi-hole drops temporarily.

    I don’t use Chrome, anyway.

    1. rp1 said on September 7, 2022 at 4:14 am
      Reply

      It’s the utube ads that are a little trickier to block.
      I’ve tried to leave Chrome before, but I keep coming back.

  3. Tony said on August 30, 2022 at 3:53 pm
    Reply

    Personally I don’t use Chrome. Google does too many dumb things with their products that annoy me, and they constantly make dumb decisions (like M3). Firefox runs much better than Chrome does (though Chrome handles scrolling better).

    That said, network protection switched from extension-based protection to multi-pronged protection a while ago. uBo, as great as it is, never should be your only protection.

    Use Pihole or Adguard Home, Next DNS, ControlD, or the new Adguard DNS, and a dedicated firewall that can block direct IP connections for those apps (Google) that will try to skip DNS and go directly to their pre-configured IP address.

    Google can’t prevent us from blocking connections, try as it may.

  4. ECJ said on August 30, 2022 at 4:01 pm
    Reply

    “…In fact, the developers note that even the basic filter lists, which is the primary list of AdGuard, may be disabled in the worst case, as it has more than 30,000 rules. For users, it can mean that the installed content blocker does nothing at all.”

    What a PITA the changes Google have made with Manifest V3 is.

    It would be better to ditch Chrome and Edge altogether and use Brave or Vivaldi. As these have blocking capabilities built directly into the browsers, they are unaffected by the Manifest V3 changes. And as they don’t rely on third-party extensions (and the dangers that can also bring) they are a more robust solution anyway.

    I’m not sure what companies will do though, they have a bit of a dilemma:

    If they use Chrome or Edge, the blocking capabilities are going to be limited and their users may end up clicking on malicious ads that are not blocked. In addition, if the uBlock Origin developer follows through with no longer supporting Chromium browsers once Manifest V2 is removed, then they are no longer going to be able to manage the content blocker via Group Policy like they currently can with uBlock Origin.

    I can’t see them adopting Firefox, as we live in a Chromium/Safari world now and companies are not going to want to deal with support calls when websites don’t work properly. Also, their own internal systems are mostly only tested against Chrome and Safari due to too low market share of Firefox.

    I also can’t see them adopting Brave due to all the crypto crap. It’s also not possible to control Brave Shields using Group Policy like you can with uBlock Origin.

    And DNS level blocking or operating system level blocking don’t have the same capabilities as browser level blocking.

  5. Coriy said on August 30, 2022 at 4:59 pm
    Reply

    One thing I don’t understand is why this affects Chromium, and Chrome, both. But then I didn’t understand why Google forced FLoC and now Topics on everyone. Isn’t it monopolistic to force Microsoft, Vivaldi, Brave, etc. to use their ad revenue platforms to enrich Google?

    Though depending on how Manifest V3 affects Bromite, I may permanently switch to a Firefox Variant on Android.

    1. Iron Heart said on August 30, 2022 at 5:06 pm
      Reply

      @Coriy

      The change is implemented in Chromium, of which Chrome is technically a closed source fork. Other forks include Edge, Brave, Opera, Vivaldi etc. Forks receive the change when they merge new upstream code into their downstream fork.

      As for why it‘s not monopolistic: The Chromium open source code is provided as is, nobody is forced to use it. If other companies use it and disagree with changes, they can disable them or patch them out. By the way, not even all Chromium-based browsers together would be a monopoly, because Safari and Firefox exist.

    2. fart knocker said on August 30, 2022 at 8:52 pm
      Reply

      i just want to add that while these changes do affect adblock extensions for all chromium browsers, some of them (brave and vivaldi) implemented their own adblockers that work differently from extensions and they aren’t affected by these changes

  6. Mystique said on August 30, 2022 at 5:28 pm
    Reply

    Nothing new here, just google going out of their way to make seemingly subtle changes to the detriment of its users.

    Whoever thinks feels that Google welcomes adblockers with open arms is sadly delusional. If you cannot concede that is a fact on the desktop platform then you just have to look towards the mobile platform for your answers as many adblockers and many other apps are banned on the google play store and google makes people jump through hoops to install such addons outside of the google play store to push your basic people out of seeking elevated rights to make the correct changes to claim some rights back.

    I will do you better. I commented with some detail instructions including tools, apps, tweaks, etc on a popular channels video regarding android and ungoogling yourself and my comment was blocked and deleted by youtube and not the channel itself.
    Let’s no kid ourselves here, google are out for themselves and their partners.

  7. albresc said on August 30, 2022 at 5:41 pm
    Reply

    chromefan:
    shut up.

    enough said.

    1. nicolaasjan said on August 30, 2022 at 6:05 pm
      Reply

      @albresc
      First I didn’t see his comment.
      Then I remembered I made a rule some time ago in uBlock Origin :) :

      http://www.ghacks.net##.opacity–90.comment-item__header:has-text(ChromeFan):upward(.comment-item)

      1. nicolaasjan said on August 30, 2022 at 6:11 pm
        Reply

        [Edit]
        That is without http://.
        This blog added it automatically…

  8. TelV said on August 30, 2022 at 5:47 pm
    Reply

    I don’t understand what Google is trying to achieve with these restrictions. What purpose does Manifest V3 serve other than to expand their monopoly in the browser market.

    Once upon a time Google Chrome was strictly anti-extensions like adblockers. Now it looks like they’re returning to their roots.

    By the way: anyone using Firefox, but doesn’t like Photon’s floating tabs, have a look at Floorp which has many styles built-in one of which is a Chrome-like UI: https://i.postimg.cc/zvjW363q/Floorp-chrome-like-UI.png

    Floorp download: https://floorp.ablaze.one/download/

  9. Kukumba said on August 30, 2022 at 6:43 pm
    Reply

    If Ungoogled Chromium hops on this s**tshow, I will just ditch it and use any other browser that ublock origin will still function on. It’s that simple. Same with Kiwi on android. I don’t give a s**t about the browser, all I care about is the content and if the content is ads then it’s a crap browser. End of story. Let’s see how this plays out for Google, I think they have seriously overestimated their superpowers.

    1. Anonymous said on August 30, 2022 at 11:02 pm
      Reply

      It’s a good thing AdGuard got a head start on this. I’m sick and tired of major tech businesses abusing their customers. This is how Google abuses its dominance, and it must be stopped. Unfortunately, no one with real power will do anything about it.

    2. Iron Heart said on August 31, 2022 at 10:28 am
      Reply

      @Kukumba

      > If Ungoogled Chromium hops on this s**tshow

      It will, since it depends on Chromium upstream and does not have the development resources to do anything about it. In terms of extensions supported, it will only have Manifest V3 extensions. That being said, they do discuss alternative solutions like adopting Bromite’s native adblocker or Brave’s native adblocker:

      https://github.com/ungoogled-software/ungoogled-chromium/issues/662

      Same goes for Kiwi, they will probably adopt a native adblocker in response to this.

      Currently, the most powerful native adblocker is the one of Brave. Brave is also ungoogled:

      https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)

      Brave on the desktop supports all Chromium extensions including uBlock Origin now (which you can use exclusively too since you can disable the native adblocker). Brave on Android has no extension support yet, just the native adblocker supported there for now. Look into this, as it will continue to have quality adblocking post-Manifest V3. Cheers.

  10. fart knocker said on August 30, 2022 at 8:48 pm
    Reply

    if you care at all about your adblock you should already be on firefox or brave

  11. IgnoredFeedback said on August 30, 2022 at 9:23 pm
    Reply

    Technology and the internet seem more and more deceptive every day. Everything is designed to force you to watch commercials. Hopefully the limitation will be bypassed by someone. Maybe the limits can be modified by the developers of other Chromium browsers. Manifest V3 should be abandoned. This poor tactic does not benefit the end user. I hope Mozilla will honor their commitment and maintain Manifest V2 in place.

  12. Anonymous said on August 30, 2022 at 9:41 pm
    Reply

    Well, a week ago they were still saying how “Google is removing adblockers”, now people are like “well it will work but it has many limits”.

    Adguard has been opened about the developing of the MV3 prototype since a year ago and said the biggest problem is the limits, Adguard makes their own lists so they won’t suffer too much it is the single non-paid maintainers the ones that will get affected.

    Seems like Adguard in the future will be the only decent adblocker though, even today they are great but it consumes more CPU than uBlock. But Gorhill hasn’t even started to build a MV3 uBlock I think, I really doubt. So it seems only developers who adapt will do it fine.

    This manifestv3 change is better and faster, but not perfect and maybe forks can make it better, or maybe users can make Google understand that limits might be a problem in some cases.

    People still talk and complain but haven’t even installed the extension to see if this first release of MV3 works as expected or not.
    They just want to say “oh 5000 is not enough” and that’s it.

    Firefox is going manifestv3 anyway, eventually they will remove the WebRequest API as well. Most developers will start updating their extensions to MV3 just like when Firefox removed their Extensions whatever name they had and developers had to move to Webextensions because Google was smarter to go that way from beginning.
    Some browsers kept supporting the old Firefox extensions, even today! but what do you think happened? well Developers went webextensions that didn’t just support the old ones anymore.

    Of course Firefox is in a worst position today, so they don’t matter, while Chrome has grown more and more and Chromium/Blink based browsers, so, what will the smart thing for developers to do? well, move to Manifestv3 and then see what forks can do about limits and all that. Some like brave will support manifestv2 because of enterprise but it will not work that well in the big picture, because Gorhill will just then release firefox only extensions unless he just finally starts understanding that he has to move and go full MV3 quickly or become firefox only.

    Even Opera has to rush to even support MV3 in their store and talk about it and how they will do it, they are still not even doing the discussion like if most developers used their service and would be like “I will only upload an Opera mv2 version”. Many extensions have restrictions because of Google like downloading from youtube, and developers still upload the same extension to Edge, Opera and Chrome stores, so it is silly to think supporting manifestv2 is the future only because Brave and niche browsers do it and not the ones with the big marketshare like Chrome.

    1. owl said on August 31, 2022 at 12:50 am
      Reply

      > Firefox is going manifestv3 anyway, eventually they will remove the WebRequest API as well.

      Official announcement regarding “Manifest v3” to be applied to Firefox
      2019/09/03
      Manifest v3 in Firefox: Recap & Next Steps | Mozilla Add-ons Community Blog
      https://blog.mozilla.org/addons/2019/09/03/mozillas-manifest-v3-faq/
      2022/05/18
      Mozilla’s Manifest v3 FAQ | Mozilla Add-ons Community Blog
      https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-firefox-recap-next-steps/
      Mozilla will maintain support for blocking WebRequest in MV3. To maximize compatibility with other browsers, we will also ship support for declarativeNetRequest. We will continue to work with content blockers and other key consumers of this API to identify current and future alternatives where appropriate. Content blocking is one of the most important use cases for extensions, and we are committed to ensuring that Firefox users have access to the best privacy tools available.

    2. Anonymous said on August 31, 2022 at 4:02 am
      Reply

      Shut up.

      1. Iron Heart said on August 31, 2022 at 10:30 am
        Reply

        > Shut up.

        High quality response right there. /s

      2. owl said on August 31, 2022 at 10:58 am
        Reply

        @Iron Heart,
        > Shut up.
        High quality response right there. /s

        His (Anonymous said on August 31, 2022 at 4:02 am) reply is addressed to Anonymous (Anonymous said on August 30, 2022 at 9:41 pm), not me (owl said on August 31, 2022 at 12:50 am).
        In other words, it’s here:
        https://www.ghacks.net/2022/08/30/adguard-launches-manifest-v3-compatible-ad-blocker-for-chrome/#comment-4546926

        Take a good look at that posting history (UTC).
        (Furthermore, if you’re checking RSS, you’ll see that the reply is clearly addressed to Anonymous.)

  13. GNU Linux Sophistication said on August 31, 2022 at 12:25 am
    Reply

    @ChromeFan

    > Google IS NOT prohibiting ad blockers, it welcomes them with open arms.

    This google cheerleader is more delusional than what Iron Heart is lol.

    > dwindling userbase receives an influx of new users (dream on).

    Firefox being in the 3% category is actually kind of a positive. Using popular software can be a negative, Using less popular software like Firefox can be better because

    Reason 1 = Less bloat like chromium based browsers = less lines of code = Less attack surface = safer browser.

    Reason 2 = Less popular = less attack surface = safer browser.

    Reason 3 = Only FOSS browser with a browser different engine maintained by a large well paid development team.

    Reason 4 = Less security problems than chromium based browsers.

    Reason 5 = No manifest v3 to cripple superior ad blockers like UBO.

    @Iron Heart

    > From a security perspective, users should be supportive of the Manifest V3 changes. The webRequest API uBO dev @gorhill is so fond of allowed extensions to directly intercept the connections the browser establishes, and to manipulate them.

    You know nothing about security as you give terrible security advice by promoting the idea that javascript enabled in a chromium browser is safe lol, it is a security and privacy nightmare.

    What would you know about security? Your advice is terrible.

    > Mozilla chose to keep it in Firefox, which is questionable.

    Because Mozilla is the only opposition to google based browsers worth mentioning.

    > those that need a potent adblocker still have other options like Brave because Firefox needs to come into play(!?). Chrome on Android never supported ANY extension to begin with, and how did Firefox do on Android? If anything, this will help Brave since it is known as the adblock browser basically. I think this is not a good change for Chrome users, but that the migration that FF promoters and fans hope for also certainly won’t happen. Just my two cents.

    You mean Brave the ad browser built on bloated chromium code-base? The chromium code-base which has a massive attack surface for cybercriminals, has clipboard issues and being a google project where google and M$ have the most commits to the chromium project, because they use it to build the code for their closed source crap Chrome and Edge?

    The chromium fork Brave, with Brave Ads, an ad network. Lol. As consumers browse, they are presented with advertisements. Oh, but it is opt in they say, but no still no option for a Brave browser without the ad network crypto mechanism bloat lol.

    Brave is and will always be an absolute joke to anyone looking for a hardened privacy and security browser.

    Oh but android? It always comes back to the android OS with your arguments. Who gives a damn about privacy invasive android? Smartphones are a dream come true for oppressive regimes like China where they develop ID software on smartphones. Custom roms lol. That still promotes use of smartphones.

    Smartphones are the most privacy invasive dystopian style device that was ever invented. Smartphones also have a history of having absolute terrible security such as them being vulnerable to Pegasus spyware. Cams, mics, bluetooth, IMEI, Wifi, no ethernet, not exactly a privacy device.

    The world got a lot more dystopian and less private since the arrival of smartphones and social media.

    @ Anonymous

    > Firefox is going manifestv3 anyway, eventually they will remove the WebRequest API as well.

    Reference that and provide a source? You can’t.

    Mozilla seems to be taking a different approach in implementing Manifest V3 than Google Chrome. They are likely not going to be limiting the scope of ad blockers and privacy extensions like googles version of Manifest V3. Mozilla will likely maintain support for blocking WebRequest in MV3.

    Only google cheerleaders like Iron Heart and ChromeFan would think that Mozilla does not care about privacy extensions when the mozilla addons website is literally full of privacy extensions for FF and recommended by them.

    1. Iron Heart said on August 31, 2022 at 10:56 am
      Reply

      @Anonymous123’s new nick

      > Reason 1 = Less bloat like chromium based browsers = less lines of code = Less attack surface = safer browser.

      That’s not how it works, LOL. Sorry, but if a browser with less lines of code has shoddy security practices it will be inherently more insecure, “lines of code” is not how this is measured. “Lines of code” also don’t mean bloat since this does not necessarily affect CPU or RAM usage.

      > Reason 2 = Less popular = less attack surface = safer browser.

      As I alluded to in a prior post, you can’t have it both ways. The more people adopt Firefox (which is what you want, isn’t it?), the less this will be true. This apart from the fact that security via something not being used much is generally frowned upon in the whole IT community, since it is just a bad excuse for shoddy security practices at the actual code level.

      > Reason 4 = Less security problems than chromium based browsers.

      Less used and thus less audited is not the same as “more secure”. Tired of having to explain this to you, you don’t want to understand it.

      > Reason 5 = No manifest v3 to cripple superior ad blockers like UBO.

      Hardly relevant because extensions are not the only means of adblocking. And the webRequest API is a security issue waiting to be resolved.

      > You know nothing about security as you give terrible security advice by promoting the idea that javascript enabled in a chromium browser is safe lol, it is a security and privacy nightmare.

      I don’t advise anyone on what to do or not to do with JavaScript. I just said that disabling it entirely is impractical and infeasible for most people, which is clearly true.

      > Because Mozilla is the only opposition to google based browsers worth mentioning.

      Opposition that gets all of its money from Google and has never taken the high road on any important issue, no thanks.

      > being a google project where google and M$ have the most commits to the chromium project

      Yes, and? Most of the code is harmless and aimed at making the browser work in the first place. Chromium can be audited and where there are privacy issues, those are taken seriously and taken care of by other projects like Brave or Bromite.

      Btw, I don’t inherently trust the Google subdivision Mozilla more than Google or MS, necessarily. Having read their oddly similar “vision” for the web, I mean.

      > because they use it to build the code for their closed source crap Chrome and Edge?

      Yeah, there are closed source forks of Chromium like Edge or Chrome. There are also open source forks of Chromium like Brave. The former are not my concern, as I don’t use them.

      > The chromium fork Brave, with Brave Ads, an ad network.

      You don’t know how Brave’s ads work. Those are matched locally via local algorithm, the ad matching happens on the device if you opt in. “Ad network” implies that sensitive data is sent to outside servers which is 100% not true.

      > Oh, but it is opt in they say

      Yeah, of course. That’s also why there is no Brave Rewards-free version of Brave. It provably doesn’t do anything unless you opt in. You can actually verify this as well since Brave is open source.

      > Brave is and will always be an absolute joke to anyone looking for a hardened privacy and security browser.

      It’s more private than Firefox. Also more private than custom installations of Firefox. More secure as well. Definitely not a joke. If it is, what does that make Firefox?

      > It always comes back to the android OS with your arguments.

      It’s the most used mobile OS after all.

      > Smartphones are a dream come true for oppressive regimes like China where they develop ID software on smartphones.

      Most of that stuff is also possible on PC.

      > Custom roms lol.

      Laughing at a possible solution, smart guy.

      > That still promotes use of smartphones.

      People use what they want to use. You need to work with what’s there, not with castles in the sky. Whatever improves the privacy of people is a win for me.

      > Smartphones also have a history of having absolute terrible security such as them being vulnerable to Pegasus spyware.

      Similar vulnerabilities and spyware solutions exist for PCs.

      > Cams, mics, bluetooth, IMEI, Wifi, no ethernet, not exactly a privacy device.

      All true for most PCs as well. And Ethernet is private? The IP address leaks, and the MAC address also leaks. It’s not inherently more private than home WiFi.

      > Mozilla will likely maintain support for blocking WebRequest in MV3.

      Terrible decision in terms of security, the declarativeNetRequest API without rule limit is the sane approach. This is the kind of shoddy security practices at Mozilla that you are constantly denying, right there.

      > Only google cheerleaders like Iron Heart

      You are making a laughing stock out of yourself by always repeating this nonsense. People following my comments here unbiased know that I strongly disagree with indiscriminate data collection and bad privacy policies of entities like Google. However, I have no reason not to use ungoogled versions of their open source code like Brave, Bromite or GrapheneOS, LineageOS. The ungoogled versions differ from the products Google offers in that no privacy issue can be demonstrated for them. That way, I am denying Google their source of income which is built on data collection and data processing / profiling. That I need to use a Google-dependent browser like Firefox as opposed to Brave to achieve these ends can’t be rationally demonstrated.

      > This google cheerleader is more delusional than what Iron Heart is lol.

      Thank you for the flowers. I happen to be more rational than you are, I think.

      1. owl said on August 31, 2022 at 2:20 pm
        Reply

        @Iron Heart,
        > @Anonymous123’s new nick

        I am outraged at you.
        Why are you phrasing it that way?
        Your reply is addressed to GNU Linux Sophistication.

        Can you not see that his past postings are by a different person than @Anonymous123?
        Simply put, GNU Linux Sophistication is a Linux user at heart and does not use Windows.
        Anonymous123, on the other hand, is a Windows user.
        Can’t you even tell the difference?
        You should be more calm.
        If you continue like this, you will be considered @ChromeFan equal.

      2. Yash said on August 31, 2022 at 6:01 pm
        Reply

        @owl

        Well I find your comments detailed, insightful and informative.

        But but but @ChromeFan is a parody account unlike Iron Heart. That parody account winds people up, which well hence a parody avatar.

      3. Iron Heart said on August 31, 2022 at 7:36 pm
        Reply

        @owl

        Well he uses the very same language and arguments like Anonymous123, down to phrases I mean. Silly me for assuming that it is the same guy, especially since the nicks appeared so close a timeframe after each other. I just stuck with his old nick – I know, an outrage!

        The next time he morphs into yet another nick, I will make sure to make the transition as well ASAP, gotta keep up with the news after all. Sorry for inadvertently offending you in Anonymous123’s stead, you seem like a concerned citizen who stands up for his peers uncalled for even though they don’t say anything in their own defense.

        And “equal to X”, I have some not-so-nice comparisons to make in regards to your comments as well, I am just afraid the totally not biased mod won’t let me spell it out… At least the thoughts are still free, I guess.

    2. Robert Wellock said on September 2, 2022 at 11:19 am
      Reply

      I’m not sure if this reply will be placed in the correct location within the thread (sub discussion) itself. However, I surf nearly all of the time without JavaScript enabled. So I’m probably within the estimated one percent of people that do that regularly. Some people use “Ad blocking” tools that also filter certain selective JavaScript occurrences, i.e. partial blocking.

      The rare times when I actually have to enable JavaScript; I’ll temporarily allow only certain scripts to run. The reason I have JavaScript disabled is mainly for performance reasons as well as potential security concerns, etc. Unfortunately a lot of JavaScript is misused or simply poorly implemented.

      A funny thing happened… Graceful degradation died and JavaScript almost became mandatory.

  14. VioletMoon said on August 31, 2022 at 12:48 am
    Reply

    Okay, the following site helps tremendously in understanding what is going on with the change from MV2 to MV3:

    https://grantwinney.com/what-is-manifest-v3-and-why-is-google-pestering-me/

    Is Adguard the only company making an application for system wide ad/tracker blocking? If so, why? Because under the “old” system of MV2, it was much easier to code an extension? Maybe.

    My guess is we will see more “Adguard” apps, and maybe the developer of uBlock Origin will create an app instead of a browser extension.

    A quick install of Adguard and disabling uBlock and DDG Privacy Essentials resulted in the same number of ads being blocked. Changing DNS to another privacy DNS may have helped.

    Not too worried because what it really means for the consumer, the web surfer, is a number of new products, proprietary and open source, that will work on the system lever rather than the browser level.

    Others have mentioned the ease of blocking ads at the Router Level.

    So . . . Google blunders again.

    “Anyone willing to learn MV3 will be able to cross-upload to the Firefox store. Anyone unwilling can continue with MV2, still upload to the Firefox store, and encourage friends and family to use Firefox. I like that Mozilla admits what Google will not—that rewriting extensions is going to suck, and everyone knows it.”

  15. Anonymous said on August 31, 2022 at 4:22 am
    Reply

    Google wants to shed the blame for slow response times caused by extensions. That seems like a worthy thought. Why is that decision not down to the individual. For example, “this extension runs more than 330,000 rules and may significantly impact performance. Do you wish to proceed”.

    Some would trash Google in any case and all the band-wagon jumpers will join in. Google does this type of thing because they are forced to protect their reputation from the people who are happy to spread other people’s claims with no verification of fact.

    Do you try to stand in the way of a mindless 10 ton boulder rolling down a slope or prevent it rolling in the first place?

  16. Rex said on August 31, 2022 at 4:22 am
    Reply

    Me over here meanwhile, with Pale Moon and not having to deal with any ChromeZilla bullshit of this kind.

    1. m3city said on August 31, 2022 at 8:49 am
      Reply

      @Rex
      I was there for few years. Left PM when it was not accepted at my banks site. And while it doesnt have “chromezilla bullshit” it does have it’s own – especially media playback. And at least in my case it’s visually choppy on news sites full of media and links. Funny, it behaves like that on a very modern PC, while Palemoon is really nice on an old laptop – compared to FF.

    2. Anonymous said on August 31, 2022 at 12:53 pm
      Reply

      Enjoy your Pale Meme.

  17. Tom Hawack said on August 31, 2022 at 11:09 am
    Reply

    @Iron Heart “I strongly dislike…”. Quite emotional for a so-called iron heart.

    Facts clearly show that there is undoubtedly a generation of users who refuse an increasingly privacy invasive digital environment and propose a new paradigm : whether we like it or not is secondary. What remains essential is the direction we intend to adopt, each one of us. Calmly. I think that the attitude of refusing better on the ground it’s not perfect is unproductive and that seeking for the flaw in progressive quests and solutions, undermining a state of mind all in liberation of today’s inquisitive Web, is truly relevant of absent minds. My comment is no scoop!

    1. Tom Hawack said on August 31, 2022 at 11:30 am
      Reply

      This was a reply to “Iron Heart said on August 31 2022 10:22:08” which obviously has been removed but remains present in Ghacks Comments’ RSS.

      Iron Heart’s comment was in reply to Tom Hawack :

      ———-
      > or adopt the new enlightened generation which strives for a free Web

      Adopting what, Deplatformingfox?

      > free web

      …would be inherently decentralized, which Mozilla likes to call the “decentralized web of hate” because there are no more powerful entities controlling it and thus censoring it. Too bad.

      I strongly dislike your ad pieces by now.
      ———-

      Without this precision readers may wonder what’s been going on.

  18. Manuel said on August 31, 2022 at 12:15 pm
    Reply

    Just use Pi-Hole or NextDNS. Problem solved.

    1. Anonymous said on August 31, 2022 at 12:54 pm
      Reply

      Just use a better browser than Chronium. Problem solved.

      1. owl said on August 31, 2022 at 1:58 pm
        Reply

        High quality response right there. /s

        On behalf of @Iron Heart, who praised you, this thread is a comment from me,
        https://www.ghacks.net/2022/08/30/adguard-launches-manifest-v3-compatible-ad-blocker-for-chrome/#comment-4546969

    2. Anonymous said on August 31, 2022 at 11:18 pm
      Reply

      You will still see ton of ads. Pi-Hole or NextDNS are only DNS based blocking and not at web request level. In browser blockers are much superior.

  19. GNU Linux Sophistication said on August 31, 2022 at 12:24 pm
    Reply

    @Iron Heart

    > Sorry, but if a browser with less lines of code has shoddy security practices it will be inherently more insecure, “lines of code” is not how this is measured. “Lines of code” also don’t mean bloat since this does not necessarily affect CPU or RAM usage.

    chromium based browsers have a history of shoddy security, have you seen the latest chrome news? 24 security issues.

    You know absolutely nothing about programming.

    More lines of code creates a larger attack surface. Chromium based browsers are as big as an OS, far larger than firefox.

    > The more people adopt Firefox (which is what you want, isn’t it?), the less this will be true. This apart from the fact that security via something not being used much is generally frowned upon in the whole IT community, since it is just a bad excuse for shoddy security practices at the actual code level.

    Pretending that Firefox a browser partly written in safer programming language like rust does not have good security? Your arguments are stupid. Even if Firefox was more popular it would still have way less of an attack surface than chromium based browsers. Chromium has around 35 million lines of code over 10 million more than Firefox which is in low 20’s.

    Your arguments are getting destroyed by people everywhere here. I seen a recent comment where you were made to look stupid yet again, by attempting to correlate that the clipboard security issues in chromium based browsers were comparable to about:config settings in Firefox like the “dom.event.clipboards.enabled setting which can easily be turned off. Chromium clipboard issues have no fixes.

    > Less used and thus less audited is not the same as “more secure”

    ? Do you live in the real world and not make belief fantasy scenarios? In the real world chromium browsers are less secure due to being a monopoly, larger attack surface etc. That is what matters. The evidence says that chromium browsers get more security issues.

    > And the webRequest API is a security issue waiting to be resolved.

    Because google said so? The same google that wants to limit power of ad blockers like UBO.

    I said it previously and i will say again, you would get banned from any FOSS privacy community. YOu even talk shit about gorhill.

    > I just said that disabling it entirely is impractical and infeasible for most people, which is clearly true.

    You speak for most people? Who made you the leader of most people? Check your ego.Who exactly do you think you are?

    > Opposition that gets all of its money from Google and has never taken the high road on any important issue, no thanks.

    Mozilla has other streams of revenue besides a google search deal, VPN deals etc, they did take the high road by not fully adopting manifest V3.

    > Most of the code is harmless

    chromium code harmless? Code bigger than an OS, constantly getting patched. The delusion is real in you.

    > Btw, I don’t inherently trust the Google subdivision Mozilla more than Google or MS, necessarily. Having read their oddly similar “vision” for the web, I mean.

    Mozilla is not an ad-tech company or a greedy OS monopoly like M$.

    Lol at google subdivision.

    > Yeah, there are closed source forks of Chromium like Edge or Chrome. There are also open source forks of Chromium like Brave. The former are not my concern, as I don’t use them.

    You do realize that Brave uses the chromium code base? All chromium based browsers share similar security issues?

    Example? Look at the clipboard issue, you foolishly believe that google programming does not matter to Brave browser, how ignorant are you? You also realize that Brave waits for patches from google who maintains the chromium code with most commits?

    > You don’t know how Brave’s ads work. Those are matched locally via local algorithm, the ad matching happens on the device if you opt in. “Ad network” implies that sensitive data is sent to outside servers which is 100% not true.

    Brave is an ad browser, it still profits from crypto and ads.

    With all the clipboard issues in chromium, broken tor windows in brave, i trust nothing they say. Brave was known to be redirecting users through affiliate links for certain search queries.

    The most annoying thing about Brave is not the ads, it is the fact they use the chromium engine.

    > It’s more private than Firefox.

    Tor is hardened Firefox. Tor is regarded as the most private browser.

    Nothing is more private than hardened Firefox or forks of it like Librewolf, Tor.

    Brave on android is irrelevant as smartphones are not designed to be privacy devices. I guess people foolishly believe they can be privacy devices though.

    But then again look at what china does with smartphones. Tik Tok? LOL

    Look at what happened in countries like germany with ID pass on smartphones. Lol.

    Not dystopian? Think again!

    > It’s the most used mobile OS after all.

    Mobile OS = TRACKING Device. IMEI etc.

    > Most of that stuff is also possible on PC.

    Lol, you think china compels citizens to carry around desktop PC when showing their ID like with a phone?

    You are much more than ignorant than i thought possible.

    > Laughing at a possible solution, smart guy.

    Custom roms do not stop tyrannical governments wanting to implement ID passes combined with smartphones.

    You do not understand that or where certain big tech is heading with software on phones tied into digital ID Systems and medical history.

    > People use what they want to use. You need to work with what’s there, not with castles in the sky.

    Yes, enjoy camera and mic smartphone, bluetooth and IMEI. Your choice after all.

    > Similar vulnerabilities and spyware solutions exist for PCs.

    Pegasus is way worse because people being so addicted to smartphones almost never let smartphones out of their sight.

    > All true for most PCs as well. And Ethernet is private? The IP address leaks, and the MAC address also leaks. It’s not inherently more private than home WiFi.

    Do you even know what IMEI actually means? IMEI is a feature used on mobile devices not desktop. You have no idea what you’re talking about. Cams, Mic, bluetooth are easily removed from a desktop computer not a mobile device.

    Ethernet is far more private than using WIFI And much faster too.

    > Terrible decision in terms of security,

    You know nothing about security, look at what you said about desktop PC? They have IMEI TOO? you are a joke.

    > You are making a laughing stock out of yourself

    Desktop computers are the same as mobile devices IMEI? It is you that is the laughing stock. Do you think people are as poorly educated as you are? I see you win no arguments on here, most people who actually take the time to argue with you make you look like you know nothing about what you attempt to talk about.

    > Thank you for the flowers. I happen to be more rational than you are, I think.

    Nice try Iron Heart, at least do some reseach before you type and not just rely on your pure ignorance. I do not think you have an idea of how ignorant you are.

    > That I need to use a Google-dependent browser like Firefox as opposed to Brave to achieve these ends can’t be rationally demonstrated.

    Google-dependent Brave has to rely on google for chromium patches.

    At least MOzilla actually does not need google for patches.

    Your ignorance is off the charts.

    1. owl said on September 1, 2022 at 2:04 am
      Reply

      @Iron Heart,
      > @Anonymous123’s new nick

      If the name of commenter (handle) is clearly stated, you should reply to the post with the correct address.
      Not with the mangled nickname “@Anonymous123’s new nick”, but with GNU Linux Sophistication.
      Your behavior as a regular commenter will affect (propagate) other newcomers. It is the minimum common sense to maintain moderation (standard) in the community.

    2. Iron Heart said on September 1, 2022 at 10:20 am
      Reply

      @”GNU Linuy Sophistication”

      Are you done writing always the same comment? It is getting tiresome, always the same strawmen, always the same pseudo-bullet points, and always the same source: Trust me, bro.

      Much of your post should be labeled as “opinion” or “ideology”, but you present it as god-given facts I should accept just like that, which is highly ridiculous and doesn’t lead anywhere.

      > chromium based browsers have a history of shoddy security

      Reality check: Not more or less so than any other browser. Shoddy security is when you lack several key exploit mitigations, which a certain browser does lack, and it’s not Chromium.

      > have you seen the latest chrome news? 24 security issues.

      This info is completely without value as long as you don’t provide further context. Stop with the sensationalism.

      > More lines of code creates a larger attack surface.

      More lines of code don’t mean more entry points for intruders necessarily. Yeah, sure, I am the one not knowing anything about programming.

      > Pretending that Firefox a browser partly written in safer programming language like rust does not have good security?

      Reality check: None of the most attacked parts of Firefox are actually written in Rust.

      > Even if Firefox was more popular it would still have way less of an attack surface than chromium based browsers.

      Firefox for most OSes widens the attack surface by its very presence, because a version of Chromium is usually preinstalled. Firefox adds further unnecessary code that can be attacked.

      And more lines of code don’t means wider attack surface unless new entry points emerge. But I already mentioned that, right? More lines of code can also be used for better security. For example, perhaps Mozilla should add some lines of code that add actual site isolation, for a change. In the current Fission, contrary to Chromium, sites can still share the same process = amateur hour. You wouldn’t even need the non-trivial escapes you need on Chromium to hack Firefox, it just shares the process like that. Ridiculous, and that is supposedly more secure? Get your facts straight.

      > Your arguments are getting destroyed by people everywhere here.

      Can’t seem to remember, but OK. Certainly not by you.

      > I seen a recent comment where you were made to look stupid yet again, by attempting to correlate that the clipboard security issues in chromium based browsers were comparable to about:config settings in Firefox like the “dom.event.clipboards.enabled setting which can easily be turned off.

      Firefox promoters actually made a laughing stock out of themselves by insinuating that only FF uses a permissioned clipboard, which is clearly not true. Read access requires user permission in both FF and Chromium, and Chromium grants write access automatically, but so does Firefox too according to Mozilla’s own docs.

      > In the real world chromium browsers are less secure due to being a monopoly, larger attack surface etc. That is what matters.

      You can’t have it both ways. Saying it for the third time now. Firefox either stays irrelevant, which means a nominally (likely not actual, haha) lower number of security issues because nobody even gives a fuck, or you can destroy the evil “monopoly” (You don’t know what that means either, but even I need to pick my battles here and there…) and have Firefox being relevant again, but then you will no longer have an excuse for being 5 years behind Chromium in terms of security.

      > The evidence says that chromium browsers get more security issues.

      Your “evidence” is primitvely counting security issues, giving zero thought to relative popularity, how heavily audited the codebase is, how hard it actually was to create security breaches etc. If that’s “evidence”, consider rethinking this.

      The more popular browser will always nominally have a higher number of security issues due to incomparably more scrutiny it receives, this does not mean that the actual base code is less secure. You like your fallacies and non-sequiturs, so I don’t expect you to understand this at all. The fact that Firefox lacks several key exploit mitigations, i.e. that they are not even nominally present, indicates that the actual base code cannot possibly be more secure, even if you wanted it to be.

      > Because google said so?

      No, because most malware extensions actually use the webRequest API.

      > I said it previously and i will say again, you would get banned from any FOSS privacy community.

      I doubt it. Yeah, maybe the Firefox and Linux crew would hate on me like they do here, but I am used to that. The privacy community has a high opinion of projects like GrapheneOS, Bromite, and even Brave. Higher than your opinion for sure. Not everyone thinks that fully auditable and modifiable code is unusable just because Google or whoever else happened to write it. Most people are saner than that, i.e. they are not ideologues.

      > YOu even talk shit about gorhill.

      gorhill likes his extension of course and doesn’t want to do a major rewrite, so he advocates for the webRequest API. That he leaves out the possibility of misuse is on him, not on me.

      > You speak for most people? Who made you the leader of most people?

      OK then, ask around. Ask people on the street whether or not they have disabled JavaScript. Can’t wait for the results of your survey!

      We both know that most people don’t have JavaScript disabled for compatibility reasons, but if you can weaponize something against me, I suppose anything goes… Even common sense and common knowledge is being weaponized. Sad.

      > Mozilla has other streams of revenue besides a google search deal, VPN deals etc

      LOL, nope. Their rebranded Mullvad VPN is nothing compared to what they get from Google. 80%+ of Mozilla’s annual income is Google money, the rest are other, more regional search deals. Would be surprised if the VPN is even 1% or their income. Foolish is what you are.

      > they did take the high road by not fully adopting manifest V3.

      Remains to be seen. Even if so, this would come at the price of keeping the highly questionable webRequest API that allows extensions to eavesdrop and to redirect connections as they see fit. Field day for malware.

      > chromium code harmless?

      Yeah dude, most code in there just exists to make the browser work in the first place, and not to spy on you. Believe it or not. There are privacy issues, but these are not the entire codebase and are taken care of by projects like Brave. I know this hurts your sensationalism, but that’s the facts.

      > Mozilla is not an ad-tech company
      > Lol at google subdivision.

      They fully depend on ad money from Google.

      > You do realize that Brave uses the chromium code base? All chromium based browsers share similar security issues?

      I never said that Brave substantially differs from other Chromium-based browsers in terms of resistance against exploits. You made that one up as you went along.

      > Look at the clipboard issue, you foolishly believe that google programming does not matter to Brave browser, how ignorant are you?

      It matters for the development process, but most major issues are mitigated. The clipboard issue is not a major issue, it was assigned priority level 4 (P4) by Brave Software and that’s where it really belongs.

      > You also realize that Brave waits for patches from google who maintains the chromium code with most commits?

      If upstream aims to fix it, no need to maintain a custom patch. Smart.

      > Brave is an ad browser, it still profits from crypto and ads.

      Nice goalpost moving you did there. First accusing Brave of being an “ad network”, which is not true since it does opt-in local ad matching, now you have a problem with “the ads” in general. I tell you what: By default, Brave is ad-free. You need to opt-in first for the ads to show. Nobody forces you to, but should you opt-in, it never becomes a privacy issue.

      Mozilla does the same thing for the Pocket articles on the New Tab Page, btw, the local matching I mean, just in Firefox’s case it is opt-out instead of opt-in and I would also consider these articles to be ads / promo content. I also consider them to be propaganda, judging from their usually highly politicized content. No, thank you, dear hypocrite.

      > broken tor windows in brave

      Long since fixed, this happened due to their implementation of CNAME uncloaking for the native adblocker. Historical issues are boring, and the Tor window was never a main feature of Brave to begin with. “Ah oh, the gimmick feature had a bug for a short time! Ahhhhhh!” – Come on, that’s ridiculous even by your fairly low standards.

      > Brave was known to be redirecting users through affiliate links for certain search queries.

      Referral links are great because they are a privacy-preserving way for the browser to earn income. Shame that they stopped under the fake pressure of what I believe were actually Firefox users on Twitter. Generic referrals can’t uniquely identify anyone and this was therefore never a privacy issue for the user. This issue also didn’t happen on search, it happened on Binance.

      What does happen for every single Google search though is that Firefox adds its very own referral to the URL as part of the Google search funding deal. This alters the URL as well and is essentially a redirect, but I never hear anyone talking about it. Maybe because it’s not a privacy issue, same like it was not a privacy issue on Brave. But when Brave does it, it’s the big baddie of course, LOL. I can’t, my sides hurt!

      Also a historical issue by the way.

      > The most annoying thing about Brave is not the ads, it is the fact they use the chromium engine.

      It’s a positive from the POV of their users.

      > Tor is hardened Firefox. Tor is regarded as the most private browser.

      Tor differs from Firefox. It is based on ESR and comes preconfigured, and users are not meant to alter the default configuration at all, as to maintain a uniform fingerprint. You can’t compare it to your Firefox install which you modified according to obscure guide XYZ, and which suffers major version fragmentation every four weeks (contrary to ESR, which is what Tor uses) that does happen to impact the fingerprint. That you even make this comparison shows me that you have no clue. That Tor is private by default does not mean that your Firefox install is private. Your Firefox install sucks by default and modifying it will not achieve Tor-level privacy either.

      > hardened Firefox

      Ah yes, I too think that the crowd of people doing that, and which you attempt to hide within, is very large. Oh wait, I don’t. I actually believe that it is very small and that your tinkering is not actually fixing anything.

      > Brave on android is irrelevant

      According to you, or what? You complain about me supposedly speaking for others (when trying to apply common sense), but what do you do here? News flash: The majority of all internet traffic comes from mobile devices. This has also been the case for years now.

      > china

      Bad enough for the people there, however, I don’t live there.

      > china, germany

      Listen, the laws some countries pass that require you to have XYZ software on your device are bad, but this is a political issue of these nation states. This needs to be dealt with politically and / or legally, but it does not mean that the base tech is inherently compromised. For example, if some countries mandate contact tracing, this does not mean that it is a general Android issue that must affect all countries. You confuse the laws and decrees of specific states with the base tech, which is inherently inconsistent and local.

      > Mobile OS = TRACKING Device.

      Any mobile device can give accurate movement profiles depending on the network it connects to. A notebook would normally scan for all available WiFi networks when on the go, and this can also create a profile of movements, and very accurately at that. And notebooks don’t run mobile OSes, so you are not actually dealing with the mobile OS as such as much as you deal with “mobile” the form factor… Which you won’t do away with. People want to use devices on the go, that’s just how the world runs these days. You are delusional, friend.

      > IMEI

      …gives nothing away that the MAC address doesn’t already, in terms of what the network sees, and your PC also has a MAC address, whether it’s on WiFi or uses Ethernet. And that doesn’t even consider fingerprinting. Nice scarecrow though, I’ll give you that.

      > Custom roms do not stop tyrannical governments wanting to implement ID passes combined with smartphones.

      Actually the contact tracing / Covid ID uses Google Play Services, and is not built into AOSP, which is what Custom ROMs build on. Whether you run Google Play Services on Custom ROMs is on you. I do urge everyone to comply with the local laws though, at least via a secondary device.

      > Yes, enjoy camera and mic smartphone, bluetooth and IMEI. Your choice after all.

      With the exception of IMEI (which gives nothing away that the MAC address wouldn’t already), these are also built into most PCs. Not sure what you want to hear from me here.

      > Pegasus is way worse because people being so addicted to smartphones almost never let smartphones out of their sight.

      Now you criticize how people supposedly use their devices, which is a very sweeping statement (Speaking for everyone again?), considering that you know absolute zilch about how each individual uses his or her device. Fact is, similar spyware exists for desktop OSes and it’s arguably worse because people still have most of their private and work documents on PC.

      > Ethernet is far more private than using WIFI And much faster too.

      It has the same leaks that WiFi does, so no. Faster maybe – unrelated reasoning.

      > Google-dependent Brave has to rely on google for chromium patches.

      Open source patches for free? Done deal!

      > At least MOzilla actually does not need google for patches.

      They need Google in order to even exist, LOL. And in actuality, they do use Google code in the browser at several points, most notably in their extension APIs which stem from Google. Inform yourself!

      Tired of reading the always same comment, have you nothing else in store? You are wasting my time, big time.

  20. Anonymous said on August 31, 2022 at 2:36 pm
    Reply

    As People have been mentioning System Blockers like Pi-Hole or Portmaster are getting way more valuable with this, as they cant be blocked.

  21. Coriy said on August 31, 2022 at 3:16 pm
    Reply

    I’ve got new news for everyone. Google is altering its Play Store policies. Starting the first of November (1Nov2022) all VPNs available from the Play Store must not block ad traffic. https://www.theregister.com/2022/08/30/google_play_vpn_rules_changed/ has more.

    So yes, Google is a monopoly several times over. It may not be a pure monopoly, but it is still a monopoly. And as regards ads, since it’s forcing (unless others want to spend some time removing all of the necessary code) every other Chrome based browser will continue to help provide Google with Ad-Revenue via the ads services.

  22. Zuburtha said on August 31, 2022 at 4:38 pm
    Reply

    Maybe the ublock origin developer can make a great ad/malware-blocking hosts file instead? I could use one since the MVPS hosts file seems to be abandoned.

    1. Tom Hawack said on August 31, 2022 at 5:54 pm
      Reply

      @Zuburtha, you’ll find numerous blocking lists (including in the HOSTS format) at [https://filterlists.com/]

  23. ServiceDeskTiliDie said on August 31, 2022 at 8:44 pm
    Reply

    So, the concerns regarding AdGuard and Russia are no longer a thing?
    I can’t remember if it was this site or another where the comments section(s) kept bringing it up…

    1. Mystique said on September 1, 2022 at 9:15 am
      Reply

      First I have heard of it.

      I wish Admuncher was still a thing and was continuously developed. It was pretty great for it’s day.
      Anyone have any further details of this Adguard/Russia thing?

      We can all admit that this special rule could have been averted but Google themselves decided to add this artificial number limit themselves when it was not necessary beyond just being a troll to cripple adblockers.

  24. GNU Linux Sophistication said on September 1, 2022 at 12:45 pm
    Reply

    @Iron Heart

    > Shoddy security is when you lack several key exploit mitigations

    It is chromium browser codebase that is lacking as it is not written in RUST like Firefox is.
    Firefox has full sandboxing and site isolation mechanisms built into the browser.

    Your argument is an erroneous one that you got from an outdated misleading and inaccurate blog that is based on opinions only.

    > This info is completely without value as long as you don’t provide further context. Stop with the sensationalism.

    News articles about chromes security issues and security patches are verry valuable. Thank you Ghacks.

    > More lines of code don’t mean more entry points for intruders necessarily. Yeah, sure, I am the one not knowing anything about programming.

    Anothrer erroneous argument from you. More lines of code creates a larger attack surface. YOu know nothing about programming, even reading your posts i know for sure that you do not understand programming to a high degree.

    > None of the most attacked parts of Firefox are actually written in Rust.

    Rust is a safer programming language, it makes Firefox a safer stronger browser.

    > Firefox for most OSes widens the attack surface by its very presence, because a version of Chromium is usually preinstalled. Firefox adds further unnecessary code that can be attacked.

    In that case, it would be chromium codebase that would be the less secure browser installed because Firefox has better security. Btw Firefox is installed by default on most LInux distros because chromium is not really liked in the foss community.

    > And more lines of code don’t means wider attack surface

    Erroneous statement. You are clutching at straws.

    > Mozilla should add some lines of code that add actual site isolation,

    Erroneous statement, highly misleading inaccurate misinformation as Firefox has full site isolation and sandboxing.

    > Firefox promoters actually made a laughing stock out of themselves

    No comment.

    > 5 years behind Chromium in terms of security.

    Erronneous statement and belief. Firefox is written in safer programming language RUST. It is chromium that is lacking not Firefox, the statistics prove that.

    No, because most malware extensions

    Most malware extensions are in the google play store, read the news.

    > The privacy community has a high opinion of projects like GrapheneOS, Bromite, and even Brave.

    That may be correct, but people who started FOSS like Stallman dislikes smartphones.

    > gorhill likes his extension of course and doesn’t want to do a major rewrite, so he advocates for the webRequest API. That he leaves out the possibility of misuse is on him, not on me.

    You advocate for more limitations of UBO by wanting googles Manifest V3 TO BE STANDARD.

    You would be laughed out of any good privacy community.

    > The clipboard issue is not a major issue, it was assigned priority level 4 (P4) by Brave Software and that’s where it really belongs.

    It is a major issue.

    > If upstream aims to fix it, no need to maintain a custom patch. Smart.

    Brave depends on google for patches.

    > Brave of being an “ad network”

    Brave browser is an ad browser. Opt in or not, it is still an ad browser when opted into ads.

    > What does happen for every single Google search though is that Firefox

    Google search can be easily changed to an alternative search engine in Firefox settings.

    > Tor differs from Firefox.

    Firefox has many settings found in Tor. Privacy resist fingerprinting is one example.

    Tor is built on Firefox code.

    > tinkering is not actually fixing anything.

    Hardened Firefox is more private and secure.

    > Any mobile device can give accurate movement profiles depending on the network it connects to. A notebook would normally scan for all available WiFi networks when on the go, and this can also create a profile of movements

    Comparing mobile devices to notebooks is a stupid comparison. People use smartphones in public more as they are lighter and smaller than notebooks.

    > With the exception of IMEI (which gives nothing away that the MAC address wouldn’t already), these are also built into most PCs

    Erroneous statement, false inaccurate misleading information.

    IMEI is not a feature of desktop tower computers. IMEI is primarily a mobile phone thing.

    > it has the same leaks that WiFi does, so no. Faster maybe – unrelated reasoning.

    Incorrect information.

    Wifi turned off on a device makes the device more secure, airplane for example, ethernet is safer as it does not rely on RADIO.

    > They need Google in order to even exist, LOL

    Erroneous statement. Mozilla has survived without google search engine deals in the past.

  25. brightspark said on September 1, 2022 at 3:57 pm
    Reply

    ghacks, the blog where comments are longer than the actual article. :).

    1. ShintoPlasm said on September 1, 2022 at 10:48 pm
      Reply

      Lol.

  26. Michael Barrett said on September 1, 2022 at 6:34 pm
    Reply

    To: MARTIN BRINKMANN, Author of the article

    You say, “Users of AdGuard do not need the extension, as the main solution runs system-wide.” The only products that AdGuard makes that run “system-wide” are for Android. AdGuard’s new browser extension is for Chrome and other Chromium-based browsers running on the desktop. I believe an edit is inline.

    1. Michael Barrett said on September 1, 2022 at 6:51 pm
      Reply

      Edit: Android, iOS and Windows. Sorry. My bad.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.