back to article As netizens, devs scream bloody murder over Chrome ad-block block, Googlers insist: It's not set in stone (yet)

Following uproar from developers and netizens over proposed changes to Chrome that threaten to break content and ad blockers, and knacker other browser extensions, Google software engineer Devlin Cronin has offered reassurance that the plans aren't set in stone. "This design is still in a draft state, and will likely change," …

  1. Gene Cash Silver badge

    Translation

    > We are working with extension developers to strive to keep this breakage to a minimum

    "We'll send 'em an email to fix their shit and use the new API or we'll delist their extension"

  2. Pascal Monett Silver badge
    WTF?

    Stop adblocking to protect me ?

    Bullshit. Adblocking is what protects me. That, and NoScript.

    You want me to resume seeing ads ? Fine, I have a solution for you : create an ad language that does not include popus or popunders, flashing gifs, access to my hard disks or RAM, or any sort of metacommands whatsoever. Show an image, place text on it, and then FUCK OFF.

    Make ads conform to that and I will need no adblocker. Until you do (aka hell freezes over), I will use a browser that allows me to block ads and control JavaScript.

    And if you're not one of them, tough.

    1. W.S.Gosset Bronze badge

      Re: Stop adblocking to protect me ?

      Precisely.

      In particular, the egregious use/abuse of javascript by meta-ad providers seeking all sorts of "cleverness" for their Metrics etc. brings browsers to their knees if you have more than a handful of windows open. And then your entire machine grinds to a halt.

      You can watch your CPU idling on 5% and no disk activity, while your mouse is frozen and occasional little bursts of alterations/movement happen on any visible browser windows.

      Ads I don't have a problem with -- every site needs to feed itself. Hijacking my machine and turning it into an expensive plastic brick I DO have a problem with.

      My newspaper has ads. This in no way prevents me reading it, nor does it prevent me from writing a letter or getting a document out of the filing cabinet and reading it ; I am not glued motionless to my chair. The same is not true on my computer if I use the "modern"-ad-supported web: all normal activity is periodically crippled or even suspended.

    2. heyrick Silver badge

      Fine, I have a solution for you

      Simpler solution.

      Chrome, uninstall.

      If the browser will no longer permit one to control what does and does not arrive/enter/run, then simply ditch it.

      1. Joe W

        Re: Fine, I have a solution for you

        Except that World and Dog are switching to chromium as the browser engine. Effectively this monoculture breaks the web. As people warned...

      2. jelabarre59 Silver badge

        Re: Fine, I have a solution for you

        Simpler solution.

        Chrome, uninstall.

        Exactly. Although it probably won't affect me much. I'll just continue to use Waterfox as I always have been. And for entertainment I'll continue sending nastygrams to websites that fail to work under Firefox/Waterfox.

  3. Franco Silver badge

    Worlds biggest slinger of ads wants to hamstring most adblockers. Not suspicious at all.

    If Google are doing this, as they claim, to try and limit rogue extensions, then I'm calling bullshit. Yes, rogue extensions are an issue but the browser providers then need to do a better job of keeping their stores clean, as Google claims to do with their app store.

    As an aside, almost every app on my Android phone that I have concerns over regarding excessive permissions is an Android system app. I would love someone at Google to explain to me why every time I get a phone call (yes, those are still a thing) the Play Services app pops up a warning telling me that it can't function without access to my contacts, calendar, location and pretty much everything else.

    1. DougS Silver badge

      Perhaps Google could explain

      Exactly how that specific API that is used by privacy enhancing extensions is being misused by rogue developers? If they cannot offer any reasonable explanation for this, then their motives become clear.

  4. Version 1.0 Silver badge

    "Not set in stone yet"

    Come on - when was anything at Google ever set in stone? Google has the corporate morals of a ten day old tape-worm. Essentially they will do whatever they think will pay off for them at some point.

    1. Snake

      Re: Doing whatever

      But, but - we Do No Evil! Think of the children! Our ad systems are a fundamental benefit to mankind! And they do your laundry on off days, too!

      1. Sebastian A

        Re: Doing whatever

        "Don't be evil" was scrapped as their corporate motto a while back if I remember correctly.

        Should be a pretty good indicator of their intentions, right there.

    2. A.P. Veening

      Re: "Not set in stone yet"

      Even if it were set in stone, stone can be broken, there is enough precedence. For an example, I refer to Exodus (the first set of the Ten Commandments).

      1. Rafael #872397
        Coat

        Re: "Not set in stone yet"

        You're right -- I recall that there were three stones with 15 commandments but one of those broke.

        1. Wade Burchette
  5. Bush_rat
    Flame

    My Machine, I Decide What Runs

    https://www.youtube.com/watch?v=p1F7hZzIckA

  6. GrapeBunch

    Metal poisoning

    I have not used Chrome in years. Though I do use Chromium-based Opera and Vivaldi. They have operated well, where Chrome didn't. The scary change seems to be targeted at Chromium, so I wonder to what extent Opera and Vivaldi will be able to go against the flow, and to what extent they will go against the flow.

  7. Radelix

    welp....

    back to Firefox until if/when they fuck it up.

    On a more seriousish note, I wonder if this will inspire more DIY setups among those of us who are technically inclined. Considering that you largely cannot trust anything that you haven't put together yourself.

    I am, of course, not talking about handcrafting your own firewall from only artisinal bits on the finest of organic silicon, but more of a pfSense on a pi lovingly shoved into our own and acquaintances networks. The purpose of course being to starve the beast just enough to get it to correct its attitude.

    1. ThatOne Silver badge
      Terminator

      Re: welp....

      Sorry, but do you seriously rely on the sufficiently "technically inclined" to "starve the beast"?

      Out of the many millions of people using the Internet, how many are capable (and willing!) to build and maintain a DIY filter on their home networks? Not everyone using a browser is a seasoned network admin.

      Besides, installing and maintaining a filtering Pi on all their friends' and relatives' homes might become a full time job for the 1% who can actually do it... IMHO some will do it, most won't, at least not for long.

      1. doublelayer

        Re: welp....

        Unfortunately, this is exactly the problem. I have such a filter on my network. I'd like to install that on my parents' network. One of the aforementioned parents actually wants that, because they do not like ads. However, I haven't done it. The reason: I do not live close to their house, so when they find a way for the system not to work, I'll have to do over-the-phone tech support to instruct a technically-unaware person how to fix an embedded Linux system. You may say that the system would be able to handle most error conditions, and on that you would be right. I don't doubt that it could probably fix itself on most unusual network activity. Unfortunately, these would be some scenarios under which it wouldn't be so capable:

        1. Someone pulls the power on it, and doesn't recognize that.

        2. Someone needs an SD card, and removes the one running the pi (yes, I do think someone would do that. I have a specific person in mind.)

        3. Someone disconnects power at an inopportune time, and the SD card is corrupted. The other version of this is that power fails but something went wrong and the SD card was corrupted anyway.

        4. Something goes wrong with their home network, and the technically unaware choose to use the reset button under the theory that that will fix their problem (they have done this before, thankfully I had a backup config for the device from when I set it up the first time).

        5. They want to administer their own system, and ask me for the access. It is their network, so I'd have to give them access. I would then be kept up at night answering questions about whatever they used their access to break.

        You might respond that this shouldn't stop me, because even if the device breaks, they're no worse off than they are now. Unfortunately, the history of managing those systems says otherwise. Every time something stops working, even though I didn't have anything to do with the problem or in some cases set it up, they will complain to me. These are the people who refuse to use a Linux machine, even as a backup. They may ask me to assist with a problem, but they will also take advice I give and do the things I exhorted them not to do. For example, one of them strongly dislikes Google and complains about them, yet continues to use Chrome, Google search, and gmail. You figure that out; I have told them about Firefox, duckduckgo, and for that matter ad-blocking extensions multiple times. This is a quagmire I don't need to walk into.

        1. Jack of Shadows Silver badge

          Re: welp....

          I live with another family and the situation is exactly the same. I've set up my own VPN'ed channel into the cable router and everything I do is invisible to them and they are equally invisible to me. Took awhile but I did finally convince them that I know nearly nothing about Windows 10. I'm keeping the fact that Server 2016 and 10 do share some similarities to myself. Having no cell phones in my life keeps me out of trouble in that regard. It's pretty much self-preservation now.

          [No one, after they take one look at any of my computers, even the Windows ones, wants to use one of mine. Bizarre is a good start on their desktops.]

        2. Kiwi Silver badge

          Re: welp....

          The reason: I do not live close to their house, so when they find a way for the system not to work, I'll have to do over-the-phone tech support to instruct a technically-unaware person how to fix an embedded Linux system.

          Tools like OpenVPN (allowing you to remove an open SSH port) or perhaps Teamviewer (locked down as tight as you can, perhaps starting/stopping on a schedule) might be a bit of an aid there, but that doesn't solve the other issues.

          I recently put a Pi into operation at a certain place, and to stop SD card tampering it's in a box with some other nasty looking electronics. The fact that they do nothing is only known to me, the look is the key and that'll keep prying hands well away ((I should've had one of the larger caps charged, as a backup in case prying hands got tempted anyway). Putting network gear away into a roofspace or closet can help a lot, especially if the wifi router they can access is secondary to the network and behind the pi etc so you can get in remotely.

          But still there are those people for whom that setup will only last but a day. For those cases I provided the number of a 'helpful friend'. Not someone I wanted bothering me so I figured I'd solve a couple of issues, the "friend's" insistence on trying to contact me and the rellies insistence on hands-on knowledge of things of which I said "It's working perfectly now, don't touch". (they break it, I'm too far away and too busy to fix it, so they have to deal with Jim - and, well, Jim's great in rare short doses).

      2. Radelix

        Re: welp....

        Sadly, no. There are not enough of the technically inclined that even care enough to "starve the beast". This is more a dream of the people taking back what they shouldn't really have provided in the first place. I am guilty of that as well since Chrome ran Gmail and youtube well, I said fuck it. For myself, I am going to try to unfuck it.

      3. Kiwi Silver badge
        Childcatcher

        Re: welp....

        Besides, installing and maintaining a filtering Pi on all their friends' and relatives' homes might become a full time job for the 1% who can actually do it... IMHO some will do it, most won't, at least not for long.

        There's a couple of solutions to that.

        One, make the system sufficiently self-maintaining and simple to fix (perhaps using your own form of repository system). This can reduce the actual amount of time needed per person to a few minutes a month, maybe less.

        Another - constantly berate your family and friends for how stupid they are and how little they value your time, how much more superior you are to them. Remind them you're so busy you don't even have time for a weekly shower (try seaweed juice (the stuff you put on plants) dabbed on your clothing for the odoriferous effect without the lack of hygiene), and you're there only because you cannot tolerate such worthless idiots accessing the internet without someone much more skilled there to take responsibility for watching over their actions and making sure they don't hurt themselves, like a parent should watch a 2year old. Thus guaranteeing you will have few people to worry about!

        1. doublelayer

          Re: welp....

          "Another - constantly berate your family and friends for how stupid they are and how little they value your time, [...] and you're there only because you cannot tolerate such worthless idiots accessing the internet without someone much more skilled there to take responsibility for watching over their actions [...] [t]hus guaranteeing you will have few people to worry about!"

          Thanks for the suggestion. I think that sounds like a wonderful alternative to just not doing it and letting them decide whether they want the system.

          If you think that is the attitude that we have, you are not getting the point of our posts. We are not saying that people lack the responsibility to run technology or use the internet. We are saying that some of them lack the knowledge necessary to maintain a self-run DNS server to block hosts themselves and possess other attributes that make support more difficult. Take my post, where I stated that my parents might easily manage to disable such a system in a way that would make it difficult. This is not because my parents have any specific problems. I greatly respect them, and there are many things they can do very well that I cannot do well at all. Unfortunately, Linux administration is not one of those things.

          It is not because they disrespect me or my work that this would be problematic; it is because it is complex and I don't need to spend the large amount of time that I predict support will require. If I lived close to them, where I could quickly come over and repair anything, I would likely set it up if they requested. If I could be assured that there would be no hardware interference, I would also set it up. The reality, however, is that the system would probably be interfered with, and I would either have to spend a much longer time repairing it than it would take if I could do so myself, or the users would have to put up with the system being down for a longer time. That does not provide enough benefits to the user or to me as support for the system in that situation to be worthwhile.

    2. BlartVersenwaldIII
      Black Helicopters

      Re: welp....

      Bear in mind that something else google (and others) want to do For Our Protection is bypass system DNS and have chrome talk to DNS servers directly over HTTPS:

      https://developers.google.com/speed/public-dns/docs/dns-over-https

      https://en.wikipedia.org/wiki/DNS_over_HTTPS

      There are legitimate reasons for wanting to pass DNS queries in encrypted form, but this will also have the effect of neutering DNS-based ad blocking solutions external to the browser such as pi-hole or pfBlockNG - your browser will only talk to the DNS servers it's configured to talk to. It will also make it much harder to see what DNS traffic is occurring - you would essentially need a browser API to do be able to do that directly, as I suspect any implementation would fail if it detected any attempts to MitM the SSL (so you couldn't intercept the DNS by spoofing an 8.8.8.8 on your local network for example since it wouldn't have the requisite google cert).

      1. Radelix

        Re: welp....

        *pours whiskey into morning coffee.

        I like the idea of security, but I like the idea of agency more.

      2. Symon Silver badge
        Big Brother

        Re: welp....

        Just in case you're one of the 1%ers ...

        For DNS check out :-

        https://www.quad9.net/

        pfSense :-

        https://www.linuxincluded.com/configuring-quad9-on-pfsense/

        https://www.linuxincluded.com/block-ads-malvertising-on-pfsense-using-pfblockerng-dnsbl-old/

        https://www.linuxincluded.com/using-pfblockerng-on-pfsense/

        Blocklists for pfSense:-

        https://forum.netgate.com/topic/119186/firehol-level-1-list-blocking-lan-resources/25

        HTH someone.

      3. Kiwi Silver badge
        FAIL

        Re: welp....

        It will also make it much harder to see what DNS traffic is occurring

        When I was doing front-line stuff one of the things we looked for on a suspect machine was who it was talking to, and logging DNS queries helped, as did logging which IP's they tried to talk to.

        Most of the time it was stuff like Win7 getting stuck talking to update servers or AV software innocently (yet annoyingly) using up resources, or other simple harmless oddities. But at times we could see stuff going on that would point us to a bit of malware that had somehow escaped notice or detection, and of course traffic NOT going through our DNS server told us of things amiss.

        Thanks Google, yet another tool for security, minor as it may be, now going thanks to your desire to rain more ads on people already saturated.

  8. Jack of Shadows Silver badge
    IT Angle

    Coming on the heels of a recent decision by a "well-beloved corporation," did Microsoft have any input on this? Perhaps a prodding one? I was already wondering that before I hit this article. Probably nothing.

    1. Kiwi Silver badge
      Pint

      Sometimes great evil happens because bad actors conspire together.

      Sometimes it happens because good actors get it wrong.

      And sometimes evil just happens.

      We can rule out the second option in this case (nothing good left at google, and little good left at MS).

      I can't answer your question, but a few of --> might help you to be less interested in the subject :)

    2. Franco Silver badge

      Coming on the heels of a recent decision by a "well-beloved corporation," did Microsoft have any input on this? Perhaps a prodding one? I was already wondering that before I hit this article. Probably nothing.

      I would doubt it. Not for any reasons of trust in Microsoft, but if Microsoft wanted this change as well Google would have made sure the world knew about it so that the ensuing shit storm would hit them too.

  9. emullinsabq
    Go

    commit suicide if you want...

    I'm not screaming bloody murder. I don't mind because there are lots of options on lots of levels to do what I want. Think I need your revised extension system? Wrong. Think your browser marketshare is secure? Wrong. Think I'm going to waste more time submitting bug reports or trying to convince you of anything? Wrong.

  10. DougS Silver badge

    Google doing this might actually HELP Chrome dominate

    Website owners don't like people blocking ads, and since Chrome already has a dominant browser share website owners simply have to design their sites for Chrome and stop caring how they look using Firefox or Safari, on the assumption that most people using those browsers are "freeloaders".

    1. Wexford

      Re: Google doing this might actually HELP Chrome dominate

      That's a pretty risky assumption, given most users are lazy and will just move on to the next (read: competitor's) site rather than taking action of any kind.

    2. Kiwi Silver badge
      Holmes

      Re: Google doing this might actually HELP Chrome dominate

      I've watched many large sites rise and suddenly fall, as if they're on the Simpson's escalator to nowhere.

      I've seen the same for software, with browsers for example. Not too long back Chrome as unknown and another had an unassailable lead. But that browser fell out of favour, and Chrome swallowed up the ground seemingly overnight.

      When people get sick of very annoying ads and not being able to manage other content in a convenient fashion, Chrome will no longer be convenient to use. Others are waiting in the wings, watching the mistakes of the big leaders and biding their time. Customer laziness only protects you for so long.

      1. Carpet Deal 'em

        Re: Google doing this might actually HELP Chrome dominate

        The problem with the analogy is that Google used a number of avenues to promote Chrome that alternatives just don't have - avenues such as getting companies offering free downloads to bundle it with their software, advertising it on one of the most trafficked web pages in the world, etc. It also got a massive, lightning-in-a-bottle boost when other large sites pushed it hard due to the newly-appointed Mozilla CEO having donated to a PAC in favor of traditional marriage years before he took the helm.

        As it stands, almost all the competitors have nothing but word-of-mouth to spread by - and most of those are still Chromium skins. The few exceptions are Firefox forks, but their userbase tends to be disgruntled Firefox users; converting Chrome users isn't typical. We might see this monoculture broken, but HTML5 has allowed it to embed itself much deeper than IE6 did.

  11. Czrly

    Alternatives with support for `--app`?

    I use Firefox for browsing and research but I do have a build of an ungoogled fork of Chromium sitting in a folder just because of the `--app` command-line switch. It has uBlock Origin installed (an extension that I consider mandatory, these days) and I use `--app` to launch a tonne of sites as "applications" without having to install any local software.

    For example, I have shortcuts for Slack, Skype (web), Trello, Spotify, our corporate Jenkins and GitLab instances. Each shortcut is pinned to my Windows taskbar and that gives me close enough to a native experience: separate windows, without address bars and toolbars, all in the alt-tab carousel.

    Without --app, these would all be lost in amongst the mess of tabs in my browser!

    --app is grand because it means you can have a sufficiently application-like experience without another piece of bloat installed and automatically phoning home and updating itself, along with its inevitable security holes. Want to "uninstall" something? Simply delete the shortcut that launches it. In the future, with PWAs, I can imagine that --app will only become more useful.

    I guess that this change will affect all the Chromium offspring. Sadly, probably that includes Vivaldi, even. So... is there anything that's NOT Chromium-based that provides something like Chromium's --app mode? (Would be great if Firefox would add that! I would only need one browser installed.)

  12. adam 40

    There is always the old fashioned way

    Edit /etc/hosts (or whatever it is on your O/S)

    Add (sic) lines like

    ads.google.com 127.0.0.1

    Not much they can do about that one....

    P.S. CAPTCHA on el Reg? WTF!!!!

    1. hayzoos

      Re: There is always the old fashioned way

      "Not much they can do about that one...."

      They can implement their own DNS client in Chromium/Chrome instead of using the one from the OS. This can then ignore the "/etc/hosts (or whatever it is on your O/S)" and always resolve anything google.com. They can even decide to encrypt it so a network based filter cannot interfere with google.com hosts name resolution.

      BTW it was mentioned earlier in the comments - DNS over HTTPS.

      1. doublelayer

        Re: There is always the old fashioned way

        You could theoretically run your own DNS system that periodically checks all the domains you don't want, and then modifies your firewall to block any address that shows up. However, the better response should they prevent normal DNS is to stop using the thing.

  13. idoxde

    Ok Google,

    - point the gun at your foot

    - aim

    - FIRE!

  14. taz-nz

    Embrace, extend, and extinguish

    Google has succeeded where Microsoft failed, Google now has effective control over the internet, they will continue to use the dominance of their websites and Android to cripple the performance and compatibility of competing browsers on their platforms. They will continue to spam anybody visiting their sites that Chrome is the solution to all the browser performance issues.

    1. Kiwi Silver badge
      Thumb Up

      Re: Embrace, extend, and extinguish

      They will continue to spam anybody visiting their sites that Chrome is the solution to all the browser performance issues.

      I don't get that spam. Maybe because I seldom visit google sites, google doesn't get to load their BS JS on my system, and adblocking/piholing takes care of the rest :)

  15. Kiwi Silver badge
    Coat

    "banning extension developers from using obfuscated code"

    That's me out then. Most of the time I re-visit my own code I spend hours staring at a line wondering "WTF does this do????"

    Where other coders are concerned? Furgeddaboutit!

    (BTW, I cannot change the flow of time simply by slapping my car into reverse - at least not without some minor changes to the engine. Please stop using the marketfreak newspeak "moving forward" phrase in place of the more appropriate "in the future" or similar terms! The article writer my be a yank and thus somewhat linguistically-challenged, but El Reg should be better than this coming from ol' Blighty!)

  16. 10forcash

    I suspect there has been some dabbling in the code already, On two installations of Opera X64, scriptsafe has become decidely flaky - letting stuff through that it has previously blocked with a message saying something along the lines of 'Scriptsafe has recently been reloaded'.... I was exclusively useing PaleMoon but that has become increasingly clunky and has broke some addins - particularly NoScript. Opera also takes a dogs age to load & invades RAM like the Germans did with France (in common with other Chromium variants). Since this announcement and using Googly derived products not sitting at all well with me, I've moved back to Firefox ESR, aside from the lack of migation help, it's fine. Loads faster, no fuckaroundery with addins and crucially (as far as i'm aware) no googlyness involved.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019