back to article Why are fervid Googlers making ad-blocker-breaking changes to Chrome? Because they created a monster – and are fighting to secure it

In a mild PR blitz, Google engineers this month insisted the ad giant's shake up of Chrome browser extensions won't kill advert blockers. Instead, we're told, Googlers are making the plugins safer. Those engineers have more work to do than it may seem. Setting aside for a moment Google's public filings about the revenue threat …

  1. tiggity Silver badge

    slippery liars

    Wherever I look

    If it's not Tory leadership hopefuls it's Google spokespersons

    Yes extensions have potential for nastiness (but so does the browser itself) - there's a few extension developers I trust to have my security

    / privacy interests at heart far more than Google do.

    1. Jamie Jones Silver badge
      Thumb Up

      Re: slippery liars

      I was thinking the same thing!

      I just posted a comment here, and as I was writing it, I was thinking it was very similar to the previous comment I made on the porn-ageid article.

    2. Anonymous Coward
      Anonymous Coward

      Re: slippery liars

      Indeed, here come the evangelists.

      The argument is spurious at best: "Why would you accept to be abused by anyone else than uncle Google? He gives you candy, and even if it hurts for some time afterwards, you know he's only doing it out of love."

  2. Jamie Jones Silver badge

    Dumbing down

    Assuming we are only talking about intentionally installed API's that have to be specifically granted their access (i.e. not any subverted install/exploit) then this is just further dumbing down in action.

    They are doing the same thing to Android. It's simply no longer possible to do many useful things without rooting (functionality that was not delegated to a specific permission, but completely removed)

    Oh, and their drive to turn Android into IOS (not relevent to the story, just another thing to moan about!)

    Just imagine if google had a monopoly on the unix market, they'd ban compilers "for our own good", and no system would be able to connect to anything but port 443 on a google-owned server.

    Still, Nanny knows best. Us kids should not speak unless we're told to.

    1. bombastic bob Silver badge
      Unhappy

      Re: Dumbing down

      wait until the browsers are NO LONGER OPEN SOURCE, for a fork of what they're up to that reverts it back to the way it was (for the convenience of the end-users) is likely to trigger some kind of knee-jerk control-freak response on SOMEONE's watch...

      it makes me want to write my own browser. something webkit based. Midori was ok until it became as 2D FLATTY McFLATFACE as Chrome and Firefucox...

      1. TechnicalBen Silver badge
        Facepalm

        Re: Deepfakes.

        Did you watch the regulatory forum on it? While a lot of the people there understood the system that allowed such technology, and the moral or social implications, some did not.

        "So should we ban them"? What, maths?

        "Should we stop people"? What, using maths?

        "So this technology is dangerous"? What maths and drawing pictures?

        Yes, deepfakes are horrible used in the wrong way (most ways with the exception of proper consensual movie/film/art production). But so are pens, paint and maths. All those things (fake images) were done since images were a thing. Before then it was fake stories around a campfire. Yes, the speed and quality have changed, but the fundamental problem is the same, not different.

        Sadly, the same here, the fundamental problem is any option for a function on a browser, can be used for good or bad. Plaintext only?

        1. Jamie Jones Silver badge
          Happy

          Re: Deepfakes.

          ""The laws of Australia prevail in Australia, I can assure you of that," he said on Friday. "The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia." - Malcolm Turnbull - Australian Prime Minister

      2. Jamie Jones Silver badge

        Re: Dumbing down

        Bob, yes, that mission creep is their way of doing things...

        Chromium will start to lag behind chrome.... as AOSP has started to lag behind Android... Not much good having open source if all the needed bits are closed.

        I've noticed google has recently changed their "minimalistic" search interface to be crappy with text browsers... Try using 'w3m' to do a google search these days ....

        1. Charles 9 Silver badge

          Re: Dumbing down

          How do they get away with that without running afoul of disability and accessibility regulations?

          1. Jamie Jones Silver badge

            Re: Dumbing down

            Hmmm, I thought that just applied to public sector sites, but I was wrong (https://www.pinsentmasons.com/out-law/guides/disabled-access-to-websites-under-uk-law)

            imdb.com fails big time. In fact, most sites do...

      3. dbtx Bronze badge

        midori

        I hadn't heard of this. I went to their site; at the moment, it seems to be almost entirely useless, like it's gone live despite being right in the middle of being redesigned. It has no mention of code or even a GitHub link and the Community is a Spanish forum with 11 members. It doesn't seem to want to help me even download it. This must be fallout from merging with the Astian Foundation; I never heard of that before today and it probably doesn't matter. -sigh- They do manage to hint at the browser 'being renewed' so I guess that's what you're talking about. Or maybe you just have flat & featureless *everything* due to non-functioning style engines on GTK3 which Midori also now uses, I don't know. That's all kind of disappointing, anyway.

  3. lvm
    Big Brother

    What was that saying about liberty and safety by a certain Mr Franklin?

    1. dbtx Bronze badge
      Trollface

      "We can dance, if we want to."

  4. Anonymous Coward
    Anonymous Coward

    At some point, they'll have to sell Chrome - and Google search ...

    I'd happily pay £12 - maybe £24 a year if I could have an ad-free Chrome and a Google search that ignored paid for results.

    I call it "the Netflix model". I pay Netflix for their content, and NOT to have ads.

    And if Google won't - or can't - fill that niche, then eventually someone else will.

    I'm mildly surprised Google haven't offered an "Enterprise Google" for enormocorps anyway.

    1. Claptrap314 Silver badge

      Re: At some point, they'll have to sell Chrome - and Google search ...

      Your eyeballs are worth far more than $24/year to Google, though...

      1. baud Bronze badge

        Re: At some point, they'll have to sell Chrome - and Google search ...

        If I'm not seeing 24 $ worth of ads in a year, no.

        1. whitepines Silver badge
          Boffin

          Re: At some point, they'll have to sell Chrome - and Google search ...

          If I'm not seeing 24 $ worth of ads in a year, no.

          It's not just ads though. It's monetizing you, tracking your purchases through third party site integrations you have no control over (since it's a site backend link, not something in the browser), monitoring your phone and location, etc. That is probably where the real money is made -- even if you never see a single ad, companies will pay big bucks for access to that kind of market research. Full stop.

      2. jmch Silver badge

        Re: At some point, they'll have to sell Chrome - and Google search ...

        "Your eyeballs are worth far more than $24/year to Google, though..."

        difficult to find exact stats, but there are over 2 billion active Android users, and at least 1 billion on each of GMail, Google Maps, Chrome, Search and YouTube. Granted there will be lots of overlap but it's going to be very few users of iPhones or desktop/laptop-but-no-smartphone who don't use at least 1 of those. Given there's more than 1/2 billion active iPhones worldwide, it's a fairly safe estimate that Google has over 2.5 billion users over all their services.

        Google's *advertising* revenue in 2018 was 116 bn USD (total was 136 but for the purposes being discussed, ad revenue is more pertinent).

        So average revenue per user (ARPU) is about $46. Of course since adverts chase more affluent targets for revenue, Google probably make quite a bit more than that from more tech-savvy users, who are likely to be both richer and spend more time online on average.

        So, would you pay about $80-100/year for ad-free Google search, Chrome, Gmail, maps, Android, Youtube?

        1. Claptrap314 Silver badge

          Re: At some point, they'll have to sell Chrome - and Google search ...

          That's a bit of a poser. Let's see. I don't use Chrome. Or Gmail. No smart phone. Maps maybe once a week. Google search once a month. Youtube, once a week. All incognito with UMatrix & ABP.

          Nah, I'd manage.

    2. whitepines Silver badge
      Devil

      Re: At some point, they'll have to sell Chrome - and Google search ...

      I call it "the Netflix model". I pay Netflix for their content, and NOT to have ads.

      Maybe call it something else (is there even a subscription service these days that doesn't require insane amounts of DRM and is still ad-free?). Netflix requires Widevine, only runs on specific devices, and at least last I saw mates try to use it was most definitely shoving unstoppable ads for its own stuff down the wire.

      1. Anonymous Coward
        Anonymous Coward

        Re: Works on Linux.

        Also, adds for their own stuff? Yeah, that was really annoying. I don't mind the adds. I hated 2 things. Banner adds taking up the entire screen, and no "close" option, you HAVE to scroll down/across to remove them. Banner adds taking up the whole screen and autoplay.

        But there was a Block Netflix Autoplay extension/noscript IIRC.

    3. Czrly

      Netflix is a BAD example, however.

      I understand the point that you're trying to make but you chose a very poor example: Netflix is extremely hostile to the consumer.

      If Netflix wasn't hostile, it would consider the user's interests. Consider me, for example: 99% of the time I open Netflix, I want to continue watching where I left off. This simple use-case is probably the single most difficult thing to do on Netflix because the list of stuff that you were watching is placed randomly on the page and the landing page features automatically playing trailers, with sound, and prioritises advertising other content to you.

      They do this because they are not consumer oriented. They are Netflix oriented and Netflix' survival relies on the consumer being hooked into the binge-watching pattern -- in previous decades, there was the channel-flipping pattern which wasn't so very different.

      If a search engine like Google followed the Netflix model, they absolutely would NOT show you the most useful search results at the top of the page. Instead, the useful results would be placed randomly on the page and other things would be placed above them -- things that kept you on the search engine and hindered you from getting on with what you wanted to do.

      Also, the content you would want to find would be randomly removed, unannounced, while you were still using it, never to return. Suddenly, StackOverflow and Wikipedia results would cease to be returned. Searching for those would yield pages "similar to" them.

      1. Roopee
        Coat

        Re: Netflix is a BAD example, however.

        I watch Netflix nearly every day and have no problem finding where I left it, in fact usually it's already the highlighted program, and if I'm part way through it always gives the option to resume or start again.. Also I don't see those annoying Android-style trailers, though I do agree that the continual randomisation of my watch list is really frustrating.

        I watch Netflix on an Apple TV in case you were wondering, and can't recommend it highly enough, in fact both Netflix and the ATV. It isn't what I originally bought the device for but it is certainly the main thing I use it for now. I've never bought any content from Apple and doubt I ever will.

        Mine's the one with a dinky aluminium remote in the pocket.

  5. big_D Silver badge

    Or, simply...

    move ad-blocking outside the browser to the DNS level.

    On my mobile PCs I have all the major tracking, advertising, malware and Facebook sites (the later around 1,500 on its own) blocked in my hosts file.

    At home I have a more extensive list, using Pi-Hole.

    1. LDS Silver badge

      Re: Or, simply...

      You still have a window between a malicious side/ad appears in the wild, and the moment it is blocked. Extensions that do block whatever is not allowed protect you from such kind of threats. And remember some applications can bypass our host file, and even the DNSes you set. Moroever, it could be hard to block contents going through a CDN.

      1. Anonymous Coward
        Anonymous Coward

        Re: Or, simply...

        I found an interesting script that will regect IP addresses by their AS number in IPtables:

        /usr/bin/whois -h "whois.radb.net" -- '-i origin AS32934' | \

        egrep "^route:" | \

        awk '{print $NF}' | \

        sed -r 's/(.*)/iptables -I OUTPUT -d \1 -j REJECT/' | \

        sudo -s source /dev/stdin

        # In this example, the AS number belongs to our "friends" at Facebook

        There are caveats to this of course and as always, YMMV

      2. jmecher

        Re: Or, simply...

        >And remember some applications can bypass our host file, and even the DNSes you set

        Apple seems to be one (bad) example here.

        I'm forcing everything inside the internal network to go through the pi-hole I set up for this purpose - the (company issued) iphone 5s can't find apple store, and other apps running on the phone report no internet. Imbecils.

    2. Rich 11 Silver badge

      Re: Or, simply...

      Or, simply

      I always worry when someone uses the word 'simply' like that*.

      Defence in depth is a concept worth understanding. No single measure will catch everything forever.

      *Unless it's me using it, of course ;-)

    3. jelabarre59 Silver badge

      Re: Or, simply...

      Or just DON'T use Google Chrome. There are plenty of other options, and we shouldn't be allowing Google Chrome to become "MSIE6 version2".

      1. big_D Silver badge

        Re: Or, simply...

        I don't use Chrome and I don't use Google for search.

      2. frankk

        Re: Or, simply...

        Ever heard of Google Analytics?

        1. bombastic bob Silver badge
          Devil

          Re: Or, simply...

          "Ever heard of Google Analytics?"

          yeah they're permanently banned in my NoScript config

        2. big_D Silver badge

          Re: Or, simply...

          Banned on my DNS and blocked by NoScript.

    4. sqlrob

      Re: Or, simply...

      That's nowhere near a complete solution. There's plenty of ads or other annoyances that come from the same domain as the site.

      1. big_D Silver badge

        Re: Or, simply...

        That doesn't bother me as much. I'm not blocking adverts per se, I have nothing against them, in general. I'm against the external sites tracking me across the internet and delivering malware to my device.

        1. Michael Wojcik Silver badge

          Re: Or, simply...

          Agreed. Unless the advertisement actually interferes with reading the page or is otherwise particularly obnoxious, I'm perfectly happy to get advertisements. I accept ads in print media - I even look at them sometimes. I have one of those cheap Amazon Kindles "with special offers", which actually has a very nicely unobtrusive advertising mode (full-page ad on the screen when the device is turned off, and banner ad at the bottom of the home page; no ads when a book is open). I've probably purchased a dozen or so books over the years based on those ads, and on the whole I'm pleased with the results.

          Advertising is a model I can live with, when it's just advertising. I'll accept a recommendation system that uses data I've given to that vendor - notably my purchases (and ratings, on the rare occasions I bother to rate something). Obtrusive advertising, ubiquitous tracking, third-party surveillance, and malware are not acceptable.

          And no, I don't use Chrome, except on very rare occasions (e.g. to confirm that some idiot has broken their website in a browser-specific manner).

        2. Cavehomme_ Bronze badge

          Re: Or, simply...

          Latest Firefox has anti tracking built in, kills most annoying adverts too.

    5. JohnFen Silver badge

      Re: Or, simply...

      "move ad-blocking outside the browser to the DNS level."

      There is quite a lot that must be done inside the browser, though, such as script blocking.

    6. DougS Silver badge
      FAIL

      Simply my ass

      Advertisers work around far more complex methods of blocking ads than that. What is your "simple" method going to do when they use IP addresses instead of hostnames to reference the ads?

      It only works today because about 0.1% of people do ad blocking via hosts files / DNS. Once it crept out of the shadows enough for advertisers to notice, they'd step around it as easily as one might step around a dog turd in the park.

      1. bombastic bob Silver badge
        Pirate

        Re: Simply my ass

        "What is your "simple" method going to do when they use IP addresses instead of hostnames to reference the ads?"

        a not-so-simple method involving:

        * RDNS and regex filters

        * content scanning (somewhat smart-filter type scanning, "looks like an ad" or "has tracking in it")

        * blacklists (including nation boundaries for entire IP address ranges)

        but yeah, simple methods only work until the bad guys decide they'll stop using simple methods, and then the spy-vs-spy cold war begins

      2. JohnFen Silver badge

        Re: Simply my ass

        "What is your "simple" method going to do when they use IP addresses instead of hostnames to reference the ads"

        That would actually make things a lot easier, because you could just configure your router to refuse to send traffic to those IP addresses.

        1. DougS Silver badge

          Re: Simply my ass

          Nevermind that they could easily rotate through IP addresses and use a new one regularly, optionally sharing them with content during that rotation, so you can't block a specific IP or assume that a certain netblock is all ads. i.e. when they put them inside Amazon's or Akamai's cloud, you lose any ability to block them.

          Any strategy that depends on blocking a connection is doomed to fail. As is one that tries to snoop the content to determine if it is ad related, since like everyone else they will use HTTPS for everything in the future.

          There really is no alternative in the long run but looking at the page source, and relying on a third party to provide blocklists.

          1. JohnFen Silver badge

            Re: Simply my ass

            "Any strategy that depends on blocking a connection is doomed to fail."

            True, if that's the only thing you're doing. It is a very valuable piece of a larger security stance, though.

            "As is one that tries to snoop the content to determine if it is ad related, since like everyone else they will use HTTPS for everything in the future."

            That problem is why I've set up a man-in-the-middle proxy specifically to retain visibility into my data streams.

            1. DougS Silver badge

              Re: Simply my ass

              That problem is why I've set up a man-in-the-middle proxy specifically to retain visibility into my data streams.

              How exactly do you do that for connections which you don't have a certificate for?

              1. JohnFen Silver badge

                Re: Simply my ass

                The usual way -- glossing over technicalities, I have the cert for my proxy installed in everything that needs to use HTTPS. All HTTPS traffic gets routed to the proxy, and an HTTPS connection is established between the client and the proxy using that cert. The proxy establishes an HTTPS connection to the real destination, using the appropriate cert for that (just like a browser would do). At that point, the proxy is just relaying the datastream between the client and the real destination and has complete access to the decrypted datastream without allowing any unencrypted traffic over the network.

                The downside of this is that you can't make any HTTPS connections until you have installed the proxy's cert. But it's a tiny downside, as installing the cert is simple.

    7. whitepines Silver badge
      Big Brother

      Re: Or, simply...

      move ad-blocking outside the browser to the DNS level.

      Unless you can compile and run your own browser after inspecting the sources, sorry, doesn't work that way. DoH made sure of that --- even if you MITM all traffic, the genie is out of the bottle. Custom resolution protocols over HTTP are quite feasible, protocols even a MITMing firewall may not be able to detect without constant updates and analysis.

      And, quite candidly, looking at the history of DRM what would happen if the revenue was seriously threatened by technical means is that new DMCA-style law would be passed criminalizing MITMing and blocking the ad traffic to "protect the Internet" or some such nonsense. Precedent is already set to invade one's flat when corporate revenue is on the line for BBC (TV license) and Hollywood (HDCP/AACS) content, do you really think extending such law to criminalize ad blocking would be that far fetched?

      Maybe the law wouldn't even have to be extended -- just send the encryption key in the ads and encrypt the page content. Presto -- blocking the ads and decrypting the page puts you afoul of some of the most draconian legislation on the planet by breaking an effective DRM system.

      1. JohnFen Silver badge

        Re: Or, simply...

        "protocols even a MITMing firewall may not be able to detect without constant updates and analysis."

        This can be overcome by using deep packet inspection. I haven't gone that far, but if people start engaging in this sort of activity, I'll have to decide between setting up a DPI system or ceasing to use the web entirely.

    8. Chet Mannly

      Re: Or, simply...

      I just use Adguard DNS servers. Couldn't be simpler and haven't seen an ad since.

      1. Still Confused

        Re: Or, simply...

        I use Adguard on my Macs and don't get bothered by ads - actually, I get surprised by how many ads there are when I use somebody else's browser. But then, neither do I use Chrome. Safari gets a lot of flack but it's never given me any bother, other than the occasional site that still insists on IE (at which point, if I need to view that page, I fire up my Win10 VM). More often than not, though, I just move on.

        Oh, and my default search engine is DuckDuckGo - despite it's naff name. I don't know if it delivers as thorough a search result as Google (or Bing) but, again, it's not Google.

      2. Anonymous Coward
        Anonymous Coward

        Re: Or, simply...

        I tried AdGuard until i realised it’s a Russian outfit.

    9. bombastic bob Silver badge
      Pirate

      Re: Or, simply...

      "move ad-blocking outside the browser to the DNS level."

      year ago, before I had a NAT setup, I had written an HTTP proxy server. It included some simple DNS filtering, such as anything with "ads.x.x" got immediately re-directed to localhost

      It makes me want to write my own browser, with a regex DNS pre-processor to bypass DNS entirely (for everything that is caught by the blacklist or "not on the white list", whichever). And if I wanted to be really slick, I'd RDNS every direct IP address request, too, and filter THOSE with the regex as well...

      but anyway - none of this is all that hard to do, assuming that the web browsers and their plugin APIs have NOT been deliberately designed and/or obfuscated to PREVENT it...

  6. Forget It
    Go

    Why not whitelist uBlockOrigin as it is apparently recognized as Doing No Evil

    1. Pascal

      The issue with that approach is that eventually the "Do No Evil" add-on you trust could be automatically updated to a "Do Much Evil" version by various means: Hacking of the dev pipeline by an external actor or rogue developer, acquisition of the add-on owner by an entity you would not trust anymore, etc.

    2. Charlie Clark Silver badge

      You could argue that this is similar to the "enterprise-only" approach. You could introduce some kind of certification scheme where only certified extensions get access to the API. Leaves Google open to all kinds of challenges because it makes them the "gatekeepers", but would at least remove the uncertainty.

      On a different note: are they ever going to do anything about the naming of extensions? There are currently 4 extensions with "u block" in their title and similar logos, at least two of which look like fairly suspicious fellow travellers. Quis custodet custodes?

      1. LDS Silver badge

        In this scenarios, extension should be vetted by a separate entity from Google. Let's face it, as long as the browser (or the mobe OS) is the entry point into users' lives, it's essential for any business built on profiling users to control those entry point and avoid anything that can block their slurping. MS is attempting the same even with its desktop OS.

        Google has no real incentive in policing the store - on one side it's pure costs and no revenues, on the other if users can easily find real script/ad blockers it impacts hard its business. Actually "beware of the extensions!" could work at Google's advantage.

        1. Charlie Clark Silver badge

          Google has no real incentive in policing the store

          Oh, I don't know. As long as it's a store and Google has the keys then Google can be held liable. It would just take a little of legislation to give regulators sufficient powers to make this so. And I am inclined to follow Google's arguments, or at least give them the benefit of the doubt, over this that the API is an exploit waiting to happen. They know only too well how easy it is to convince users to click through screens in order to get something for free…

          It also wouldn't surprise me if Google isn't working on a GDPR-compliant ad system.

          1. whitepines Silver badge
            Unhappy

            Oh, I don't know. As long as it's a store and Google has the keys then Google can be held liable.

            I wish. What happens in reality is Google makes you agree to waive all damages etc. to get access to the store, with the threat of being banned from Google services permanently if you do dare to sue.

            The house Google wins in the end, guaranteed.

            1. Anonymous Coward
              Anonymous Coward

              Some rights to sue cannot be blocked by contract because they're guaranteed by the law itself which takes precedence over contracts..

      2. frankk

        Google is already the gatekeeper. Have you ever tried to publish an extension in their store? Or tried to use one without publishing it?

        Basically, it ain't running if Google ain't said so.

  7. J. R. Hartley Silver badge

    The title is no longer required.

    How I long for a post-Google world.

    1. jpo234

      Re: The title is no longer required.

      If you don't like it, don't use it. Simple.

      1. J. R. Hartley Silver badge
        Facepalm

        Re: The title is no longer required.

        As per icon.

      2. RyokuMas Silver badge
        FAIL

        Re: The title is no longer required.

        "If you don't like it, don't use it. Simple."

        By that argument, that's over 75% of the web that can't be used without a tracker-blocker.

        1. Anonymous Coward
          Anonymous Coward

          Re: The title is no longer required.

          > that's over 75% of the web that can't be used without a tracker-blocker.

          It's the crap part of the web anyway. Good riddance.

          1. sqlrob

            Re: The title is no longer required.

            The 75% that includes The Register. Any reason you're still commenting here?

            1. WolfFan Silver badge

              Re: The title is no longer required.

              Other than the fact that he’s a troll?

            2. stiine Silver badge

              Re: The title is no longer required.

              Because i block scripts from doubleclick.net (and every other ad network.) I've also figured out how to block google's inline ads (for google.com with scripts disabled) which was a bastard and a half....Its like they compressed 6MB of code into one 83 line 209k incomprehensable block.. In fact, I think they've rewritten it multiple times to prevent having to use 2-letter variable names unless they must.

              1. bombastic bob Silver badge
                Linux

                Re: The title is no longer required.

                firefox with noscript on all of the time works for blocking nearly all of the ad/tracker crap. And in those rare cases where I _MUST_ do something "scripty" I do the following (on a FreeBSD or Linux machine).

                1. make sure I've run Xorg with the -listen_tcp option [or some equivalent thereof]. This is sort of required for me, because I like to do embedded dev across a network, and not even try to use a tiny screen like for an RPi as a development platform...

                2. xhost +localhost (naturally) - this lets you connect from localhost.

                3. from a terminal on the desktop, 'su - otheruser' where 'otheruser' is as guest level as you can make it

                4. in the shell as 'otheruser' export DISPLAY=localhost:0.0

                5. then 'firefox http://whatever/ &' as 'otheruser'

                7. make sure the browser DESTROYS ALL HISTORY ON EXIT, from cookies to cache, and especially passwords

                this has no obvious performance (or other) issues when playing videos, or doing anything ELSE the browser needs to do, in order to properly display any content, access any web service, etc.

                Yeah, FreeBSD and Linux (with Xorg, *NOT* Wayland) are AWESOME in being able to share the desktop like this and run in the context of a user that doesn't have any cached info on what you've been doing...

                1. Duncan Macdonald Silver badge

                  Re: The title is no longer required.

                  Easier option - virtual machine running an image of a Linux Live CD - no local storage - no shared folders. Start it up - access the dodgy site - close it down. With no access to persistent storage, any malicious scripts cannot do any real damage.

                  1. Charles 9 Silver badge

                    Re: The title is no longer required.

                    Wanna bet? Ever heard of a hypervisor attack, aka a "red pill"?

                  2. JohnFen Silver badge

                    Re: The title is no longer required.

                    VMs are not bulletproof, and that approach doesn't do a lot to prevent tracking.

                    1. Graham Cobb

                      Re: The title is no longer required.

                      I use Tails in the VM, using a read-only, standard Tails iso image with no customisation.

                      Good for limiting tracking but it does have some serious constraints: (i) limited to the software Tails bundles, and (ii) many sites aren't happy with Tor access.

                  3. Captain Obvious

                    Re: The title is no longer required.

                    Why not simply use Kali Linux off a USB drive - boot off that. You can easily refresh it back to original state. Then the attack vector is severely limited. It is what I do!

                    1. Charles 9 Silver badge

                      Re: The title is no longer required.

                      Then they'll use the Kali Linux as a springboard to get to your hardware. Remember all those firmware attacks which can easily be made nuke-proof?

      3. JohnFen Silver badge

        Re: The title is no longer required.

        I really, really wish it were that simple.

      4. Anonymous Coward
        Anonymous Coward

        Re: The title is no longer required.

        If you don't like it, don't use it. Simple.

        So says someone who has no idea to what extent Google extracts information.

        To completely avoid Google you'd have to (amongst other things) 1) never phone anyone who has an Android mobile 2) don't let anyone have your name or contact details in their contacts list, 3) never use your credit card (depends on country), 4) don't run a WiFi access point within proximity of anyone else with an Android or Chrome device, 5) never use a web browser with JavaScript enabled (there's ways to track users other than cookies), 6) never buy anything advertised on Google services (because otherwise you're funding Google).

        Google collect a lot of data about you through other peoples' equipment, even if you have no direct relationship with Google. You've not been giving them permission to do so, but they do it anyway claiming that if it's been done this way it's not your data. They know your name, address, email, phone number, browsing habits (irrespective of browser used), where your mobile is (if you run a WiFi hotspot on it), where you work, and you're paying them regardless of whether or not you like it. Here in the UK that's adding up to about £100 per wage earner per year, through the cost of online advertising being passed on to the consumer.

        1. bombastic bob Silver badge
          Meh

          Re: The title is no longer required.

          "If you don't like it, don't use it. Simple."

          "So says someone who has no idea to what extent Google extracts information."

          or no concept as to what effect a MONOPOLY has on the free market. In short, "go elsewhere" is no longer an option, and the existence of the monopoly PREVENTS competition from providing alternatives.

          If it were gasoline, he'd be screaming a lot louder. "Don't use it" he says? Or maybe buy something OTHER than gasoline or diesel fuel or whatever your car runs on? Good luck doing THAT... Or what about FOOD? If it were FOOD and we were told "if you don't like it don't eat it"... yeah right.

          And now we come to 'Teh Intarwebs' which pretty much everyone needs to be on these days, for many reasons from employment to paying taxes. NOT being on the internet is like NOT having a telephone.

          "Go elsewhere" and "don't use it" just don't apply.

          1. J. R. Hartley Silver badge

            Re: The title is no longer required.

            Well said

          2. Charles 9 Silver badge

            Re: The title is no longer required.

            "or no concept as to what effect a MONOPOLY has on the free market. In short, "go elsewhere" is no longer an option, and the existence of the monopoly PREVENTS competition from providing alternatives."

            Whatever happened to "Go AWAY" or "Doing WITHOUT"? It's not like Google has control of the air or water yet.

        2. JohnFen Silver badge

          Re: The title is no longer required.

          And don't forget 7) Never buy anything with a debit or credit card, and never use "loyalty" cards.

      5. Michael Wojcik Silver badge

        Re: The title is no longer required.

        If you don't like it, don't use it.

        Not using the world is awkward.

        1. Anonymous Coward
          Anonymous Coward

          Re: The title is no longer required.

          Whatever happened to, "Stop the world! I wanna get off!"

  8. Rich 2

    Ok, so it's useful and dangerous at the same time

    ...so why not just implement an internal (to the browser) whitelist for the operation, so a user can explicitly allow application to use it that he/she trusts (like, say uBlock), and disallow all others.

    Wouldn't this solve the problem?

    1. silent_count

      Re: Ok, so it's useful and dangerous at the same time

      No, it patiently does not solve the problem! Your suggestion would still allow the ungrateful peasants to circumvent the sole purpose of their existance. Namely, to sit passively and consume whatever messages their advertiser overlords deem appropriate after, of course, said overlords have paid their tithe to Google.

      Oh. You were considering the problem from the perspective of the filthy peasants. Well done you! How forward-thinking. No, we don't give a damn about them and the so-called problems in their inconsequential lives.

      1. Anonymous Coward
        Anonymous Coward

        Re: Ok, so it's useful and dangerous at the same time

        The peasants are also idiots. "Extension 'FreeStuff4U' wants access to: modify your DNA, empty your bank account, commit you to indentured servitude. [Approve because you have no idea what any of this means] [Ignore this warning and click whatever button says 'Yes' because it says Free in the name]"

        No amount of warnings will stop a large number of users from doing stupid things and then blaming the browser for letting them. If they even realize it's the browser.

        1. Roopee
          Headmaster

          Re: Ok, so it's useful and dangerous at the same time

          "If they even realize it's the browser"...

          Conversation I had recently with a client (abbreviated):

          Me: how do you access your email?

          Her: it's just there on a button when I start my computer.

          Me: oh, I thought you were using webmail, do you know what your email program is called?

          Her: it's just a button that I click, it says email, you helped me put it there.

          Me: according to my notes from my last visit you are using Internet Explorer as your browser, is that what you're using for your email?

          Her: it's not a browser it just says BT email.

          ...and so it goes on while I work out that she uses a desktop shortcut (which I made for her about 3 years ago) to open her BT webmail in IE (but "not in a browser").

          So after 3 more years of using a browser she still not understand/remember what a browser is, and is quite sure she isn't using one. She is not untypical of my clients, though perhaps at the dimmer end of a spectrum skewed slightly towards dim.

          Nothing that Google does or doesn't do will have much effect on the average person's susceptibility to the wiles of corporate marketing - they are simply cannon fodder for advertisers, and 'twas ever thus. Everyone who reads El Reg is well above average intelligence (simply by virtue of reading ability), but some of us seem to forget it, and/or we're not all above average common sense!

        2. RyokuMas Silver badge
          Facepalm

          Re: Ok, so it's useful and dangerous at the same time

          "Ignore this warning and click whatever button says 'Yes' because it says Free in the name"

          The irony of this statement is that Google pretty much got to where the are by the same mechanic as this hypothetical extension...

    2. bombastic bob Silver badge
      Mushroom

      Re: Ok, so it's useful and dangerous at the same time

      "Wouldn't this solve the problem?"

      kinda like noscript, but managing script blocking on a per-site basis when too many ABusers of the web (known as "developers") *FEEL* as if it's ok for a web page to LOAD CANNED 'CONTENT' AND MASSIVE SCRIPTS FROM EVERYWHERE ELSE IN THE UNIVERSE just to "view content" on that ONE site, such that it's hard to find the right magic to block them when 'temporarily allow' must be hit SEVERAL TIMES to get it to work [because each script brings THAT MUCH MORE CRAP in with it, requiring EVEN MORE 'allows', yotta yotta yotta].

      it's why I've resorted to using a sanitized browser environment for those "special" sites [meant pejoratively] that for some reason I must use, such as ordering electronic parts for business reasons, or looking at someone's cat video link pasted into an IRC channel so I can flame them for posting stupid crap that required ENABLING JAVASCRIPT to view...

      grump grump grump javascript grump grump - I can go on all day on this

      and what's WORSE, is that, for a contract, I had to UN-JAVASCRIPT a couple of important pages because "web developer" (who should be shown the window by the BOFH) *FELT* (again with the FEEL 4-letter F word) that client-side scripting was needed, except it took over a second to total up a bunch of numbers and display the results, even noticeably flashing the occasional 'NAN' in the total (much to the irritation of boss and supervisor), even after FIRST rendering the entire page with zero values, making the system look SLOW and CLUNKY and UNPROFESSIONAL. My re-factor (now that 'web developer' is out of the way) used PHP to do all of that server-side, by embedding things like <?php print $var; ?> where he had '0' stuck in there (and then dynamically changed that by assigning DHTML with JQUERY of all things) and amazingly, it is so blisteringly fast [compared to that javascript abortion on the client] that you don't notice ANY delay at all, on an embedded device even. [and I had written all of the back-end, mostly in C, and hand-held him with super-simple php 'glue' pages to cough up the data values in his desired format, go fig, while he took 4 times longer than he should have to create the things, though we all admit they have a nice overall 'pretty' appearance...]

      Anyway, javascript is *SO* overrated. Its inventor needs a session with me, a cluebat, and a cat-5-o-nine-tails. Or the BOFH, accompanied by "It's over here, by the window..."

      1. Captain Obvious

        Re: Ok, so it's useful and dangerous at the same time

        So tell us how you really feel :)

  9. LDS Silver badge

    So malicious extension shoud be blocked, but not malicious ads and code?

    Let's start from a premise - they made the browser so powerful and so outside the scope of being a "browser" that it became an OS, moreover an OS that every time downloads code from an external source and runs it locally - with all the implied risks.

    Just like in a classic OS you need drivers to try to intercept malware before it gets a chance to be executed - the same drivers that could be used to utterly p0wn a system - in a browser you need the same level of access to intercept bad code before it's executed. Evidently is up to the user to be careful what is given a so much powerful access to the system.

    I'm deeply sorry if the same approach can be used to block all that crap that is online advertising and telemetry - and more and more users are finding it's the right thing to do when you don't simply supply ads, but behind that you collect more and more information about the user - which is spyware whatever the reason you do it.

    It's evident that as long as the biggest internet companies revenues are ads- and slurp- driven, there's a big conflict of interests between making systems secure and the slurping activities.

    There's no technological solution - only a legislative ones, which pass through separating ads business from controlling what code runs on users' systems - including the browsers.

    1. Charles 9 Silver badge

      Re: So malicious extension shoud be blocked, but not malicious ads and code?

      So what happens when the big money can control the lawmakers?

  10. Anonymous Coward
    Anonymous Coward

    Another fine exemple of dichotomy we have here

    Same like a gun that can be used to attack or to defend, electricity that can be used to power your iPhone or the electric chair, clean drinking water that can drown you and so on.

    As for allowing the user to decide and authorize the extensions, forget it! It's hopeless. Less than 10% of users really do understand (or care about) what happens inside their phone of PC or how they work.

  11. Anonymous Coward
    Anonymous Coward

    Over looking the ovbious lol

    Chrome itself is the spyware, but they get people to argue over the plug ins lol.

    Chrome logs all; request, pages hit, data entered - for Marketing purposes (you agreed to it). Yet people are crying about what it lets others do and not.

    The closest I can see this is; If a fox brought lice with it when it broke into your hen house and ate all your chickens eggs. You have to kill the fox, not just the lice. But all anyone talks about is the lice. Why not get rid of both.

  12. TeeCee Gold badge
    Facepalm

    "...because it's so useful."

    So is having all your servers configured with the root password set to "root123", but you don't allow this under any circumstances and everyone has to live with any inconvenience caused.

    The fact that something's useful is no excuse for having it if it's also a glaring security hole.

  13. John Savard Silver badge

    Definitely it is a problem if malicious extensions to Chrome are easy to write. But it is also a problem if effective ad blockers are not available for Chrome. The obvious solution is to improve security as they're doing, but to allow all users, not just enterprises, to allow trusted extensions to be installed having the use of the full API.

    There is no excuse for doing otherwise - from my personal perspective. Unfortunately, the sad fact is, many people using computers don't know when they can enable certain permissions, when they've found a source of software they can trust - and of course they'll complain when something goes wrong.

    Why isn't it possible to block ads effectively and have no access to anything that can be used maliciously? Probably for good reasons, and not just because of vulnerabilities and flaws in the browser - a degree of control over what the user sees is needed that can be misused for spoofing. So maybe this isn't all about Google's ad revenues, as people first thought.

    1. Charles 9 Silver badge

      So IOW, how do you save Joe Stupid from taking the rest of us with him?

  14. JLV Silver badge

    I have made jokes in the past about Google being a Mr. Wolf who wants to outlaw strong locks on sheepsheds. Cuz fire hazard, you know.

    FWIW though, I’ve been listening for a while to the Risky Business security podcasts. Breaches and leaks is their bread and butter.

    They briefly mentioned the v3 webrequest brouhaha and... weren’t at all supportive of the current permission for that particular browser function, deeming it way too unconstrained.

    (That podcast seems on good terms with Google, having recently interviewed, very friendly-wise, the Chronicle guys.)

    Good to see an article that is both cynical of what Google is up to but also wants to examine if there is any validity to their concerns. FWIW, if I had to choose between having ads or lower browser security, I’d pick ads. Every time. (Ads bring in their own security risks mind you).

    Might be what’s needed is 2-tier trust model, with extensions hitting extra sensitive spots getting external audits, blocking on code updates(to avoid malicious updates). And a special authorization action by the user. Dunno.

    Do know that mixing regulator and first beneficiary role, as Google is the position of, is inherently a bad idea. They will always have an incentive to un-throttle ads and those are their primary revenue source.

    Might a divesture of Chromium to a foundation help?

  15. IT Hack

    FF

    Bit annoying it hits Firefox as well.

  16. Anonymous Coward
  17. edris90

    More security theater.

    Every time we get close to people waking up and realizing the truth "if it's on the net , it will be compromised". We get all this fud once again sound the same old idea that we can patch or code around basic realities.

    how many times are we going to run through the same old rigmarole of pretending the new phix won't make any bit of difference to those with the motivation and resources to circumvent them.

    Instead of success by secrets we should make plans to obtain success despite disclosure or access. When everyone finds out your dirty secrets what's your plan to make it not matter?

    That's the philosophy we should be operating by.

    All security inevitably fails if enough attention and motivation is thrown at of it. Then the embarrassment of yet another security failure. helps to brush everything under the rug. read trick the public into trusting an fundamentally insecure model And repeat the same old broken record

    1. Charles 9 Silver badge

      "Instead of success by secrets we should make plans to obtain success despite disclosure or access. When everyone finds out your dirty secrets what's your plan to make it not matter?"

      Turn it into praise. Recall the man who said, "I could shoot someone in broad daylight on FIfth Avenue and be praised for it." He now resides in The White House.

      Put bluntly, as a comedian once said, "You can't fix Stupid." What isn't being said is that Stupid threatens to take the rest of us with it, forcing us to fix it. So how do you fix what cannot be fixed before we all end up on the way to Hell in a handbasket? And no, culling isn't an option because the obvious retort will be either, "You first!" or "Even if it's your parent or child?"

      1. dbtx Bronze badge

        before we all end up...

        No, it's already too late for that and it was inevitable anyway.

  18. Doctor Syntax Silver badge

    "There is no CVE issue here because extensions are opt-in, and what they can do is disclosed to the users choosing to install them,"

    That depends the honesty of whoever writes the description and the freedom from bugs of what's being described.

  19. JohnFen Silver badge

    What we need

    I think what we need is two sorts of browser. A dumbed-down one (the direction that both Chrome and FIrefox are taking their offrerings) that protects careless or clueless users, and a browser for those of us who want actual power.

    Also, I can't help but wonder when OS makers are going to decide that applications have to be neutered because they have enough power to be abused as well.

    1. Roopee

      Re: What we need

      I'm pretty sure that's what we've got - Pale Moon with NoScript anyone? I use it all the time but wouldn't for a minute suggest that combination to the vast majority of my IT Support clients - NoScript itself is quite literally beyond comprehension for most people.

      1. JohnFen Silver badge

        Re: What we need

        I'm currently using Waterfox with NoScript, so I'm with you there, but I wonder if these are long-term solutions. I'm already avoiding upgrading Waterfox because the new release includes changes that introduce compatibility issues with some old extensions.

  20. DougS Silver badge

    Letting people write code means they can write evil code

    You can either let them write and run anything (the Windows approach) let them write stuff but require approval (the Apple App Store approach) only allow "blessed" apps to run (the corporate locked down PC approach) or remove all the APIs that you think can be dangerous (the Java approach)

  21. Matthew "The Worst Writer on the Internet" Saroff
    Meh

    So, is Firefox Going to Incorporate Manifest V3?

    For all the other browsers out there, (Edge shortly) they are Chromium based, so they have no choice, but Firefox does not.

    Whave theri statements been on the webrequest API?

    Disclosure, I wrote a FF addon, though it does not touch on this issue at all.

  22. This post has been deleted by its author

  23. TheSkunkyMonk

    One way ticket

    I know there isnt many things humanity can agree on but can we atleast accept these marketing folk aren't doing the world any good and we'd be a lot better off with out them, anywhere, on the planet and they should all go and shoot themselves for the sake of humanity. Back on topic, if a site doesn't work with noscript&ABP enabled I simply just don't use that site, advertisers are just as bad as bankers.

    1. Charles 9 Silver badge

      Re: One way ticket

      "I know there isnt many things humanity can agree on but can we atleast accept these marketing folk aren't doing the world any good and we'd be a lot better off with out them..."

      Nope. The Sheeple (who LOVE the ads) outnumber us.

  24. Updraft102 Silver badge

    Yes, you've created a monster with your ridiculously powerful addon APIs, Google.

    That's why all of us who used Firefox for the addons were so "thrilled" when that Chrome addon model was forced on us. To Firefox users, the "ridiculously powerful" addons are a neutered joke compared to what we used to have.

    I don't expect any old program I find somewhere out on the web to be automatically safe and trustworthy. It has to be vetted as best you can before it deserves any level of trust, but computers are made to run programs, and without them, it's just a bunch of useless circuit boards. Safety is inherently at odds with function, and you have to find a balance.

    In the same way, I don't expect any old addon to be automatically safe and trustworthy. Especially with the older Firefox addons, they have to be treated like independent programs in and of themselves. I need these addons to do things that are inherently UNsafe, because the base browser isn't good enough, and in the case of Firefox, hasn't been for a lot of years (since they started copying Chrome). Chrome never has been good enough, and even with its' "ridiculously powerful" yet still too weak addons, there's no way to fix this with extensions.

    Security is hard. Most users of technology do not and will not understand it. They have no desire to, and many will actively resist being educated. They'll never learn to spot an obvious phishing email or to not run random executables. They'll never read a UAC or other security prompt and actually think of what the computer's trying to ask. They'll never put the slightest effort into vetting anything, let alone addons. This is a basic conundrum of computing. Does everything have to be designed down to the lowest common denominator? Does everything have to be locked down to iPad level to protect the less savvy among us from doing something stupid, while the rest of us just accept that we're being locked out of our own devices (and made to watch whatever ads the likes of Google wants us to, and to be tracked to whatever extent they wish) for the greater good?

    If we lived our lives by essentially banning everything that can't be done with nearly perfect safety, we wouldn't do very much. I guess we can forget electrical appliances; electricity is a safety hazard. So are all sources of heat, so I hope people who live in cold climates have a lot of blankets. Forget transportation, of course. Cooking food... now that's a real problem. It has a safety benefit in killing pathogens in the food, but it requires expending energy, and that's not safe. Running water also has a mixture of benefits and liabilities... what are we to do if we expect to have perfect safety and be able to get by without ever an occasional thought about what we're doing?

    I guess life's just too unsafe to even attempt. Life itself isn't safe. Nothing about it is safe. If we want to be safe, as much as is humanly possible, we have to think about what we're doing, not just expect someone else to do the thinking for us during the product design stage and make every single thing that is ever made is perfectly idiot proof, so that we can be allowed to act like idiots.

    I liked old Firefox because it was not safe, and I liked Windows prior to 10 (relative to something like iOS) because it was not safe. Now I use Linux, which is safer than Windows, but definitely not safe. Nothing powerful is safe. I could have perfect protection from malware by making sure a given device is unplugged and has any batteries disconnected, but it would also reduce its usefulness to zero. Anything that makes it more powerful than total uselessness makes it less safe.

    1. Charles 9 Silver badge

      "This is a basic conundrum of computing. Does everything have to be designed down to the lowest common denominator?"

      YES, because (1) You can't fix Stupid, and (2) if you don't stop them, they'll take the rest of us with them.

      "what are we to do if we expect to have perfect safety and be able to get by without ever an occasional thought about what we're doing?"

      Um...die young, as in the old days? If you put your perspective and mine together, you end up with a third inevitability in life besides death and taxes: dilmemmas. Everyone wants everything, yesterday.

  25. Anonymous Coward
    Anonymous Coward

    I'm starting to hate Google to the point where I would consider buying Rupert Murdoch a beer!

  26. pavel.petrman Bronze badge

    There is one thing the webRequest API is used for

    and that thing is blocking slurpers and privacy breakers. That is the single purpose of uMatrix. You must do it in the browser itself, it's impossible to do it meaningfully in the firewall and it is impractical to do it on the OS level (uMatrix would need to raise the level of its integration and complexity to that of an antivirus). Given that Google is present in almost every page anyone chooses to load (even Twitter can't seem to do without Google Analytics, for fax ache) and people are becoming aware of what the data slurping business actually entails, one would expect that exactly the type of extension API in question will be gaining in importance in months and years to come. So yeah right, protecting users from potential future malicious something, that must be it.

  27. Czrly
    Stop

    Let's stop complaining about Chrome.

    There is nothing wrong, here. There is nothing wrong with the choices Google are making with Chrome / Chromium. All is fine. In a way, this is actually the best, possible outcome.

    WHY? Am I crazy? Did I drink the koolaid?

    Chrome is now the de-facto standard for the web and it is everywhere. Once it makes its way into the default Windows browser, it will be everywherer. At the same time, do not doubt for a second that the advertising industry will defend its ability to advertise to the death and they ARE prepared to salt the ground and raise the villages. They do not give one shite about any consumers, us technically-minded wonks, or about rules or privacy or about playing nicely.

    If they can shove their content at the ignorant or indifferent majority, however, they will cease to care about the niche. For niche users, there is Firefox and Firefox still supports proper ad-blocking. (If you don't like Firefox, fork it and fix it. There exists an alternative to Chrome.)

    So lets let the advertising bastards have Chrome. That's a tonne better than forcing them into a corner and driving the invention of a new way of advertising on the web -- a method that can't be easily blocked in ANY browser. It's also better than forcing them to lobby for legislative defences against ad-blocking. Legislation would affect other browsers and US legislation would likely affect the world.

    Meanwhile, let us focus on the only thing that any of us really should care about: the unblockable ads in Chrome should NOT be allowed to be malicious. That power simply shouldn't be available through any API.

    After all, us Reg. readers don't care if our users get a headache from all the flashing banners and popups on their screens -- we care when we have to fix their malware problems from those. We also care that we get to browse without those -- and we still do... just not in Chrome.

    1. JoeySter

      Re: Let's stop complaining about Chrome.

      The whole reason half, perhaps more (depends whole you look at it), of extensions are made is because people can't implement various legitimate facilities (which may also be down to performance as well as features) with the security restrictions in place otherwise for web development.

    2. Mike VandeVelde

      RAZE

      raze.

  28. psychochief
    Big Brother

    i dont know why so many folks use chrome its a data slurping monster, i use vivaldi which is so much quicker than chrome and DuckDuckGo for search, give then a go folks.

  29. Fat_Tony

    So if we know the problem, what's the solution?

    Is there any practical solution for your normal everyday user?

    Moving to iOS is a different flavour of the same google juice and it's not completely possible to avoid google. Do people just have to suck it up until regulation does or doesn't come along at some point in the future?

    1. Anonymous Coward
      Anonymous Coward

      Re: So if we know the problem, what's the solution?

      Afraid so. Price of admission, much as junk phone calls from outside your jurisdiction, bulk mail, and billboards.

  30. JoeySter

    The problem here is that extensions are *meant* to be pretty much unconstrained. While there might be areas for improvement, to allow extensions to do things working only within the limit of what they need, ultimately beyond that limiting them tends to limit their utility.

    It's a bit of a joke because just to process of downloading an application such as chrome or any other has the same problem. It's not really avoidable. It's a bit like complaining that the bank manager has access to the vault. Workers at the canning factory can put what they like into the mix.

    The problem has to be solved at the root. You'd think that might be possible with a centralised and regulated repository but apparently Google's ability to curate is limited. That's a problem in itself.

    1. Charles 9 Silver badge

      "The problem has to be solved at the root."

      But the root has the greatest motivation to cheat. And cheating is part of human nature.

      Basically, the problem is intractable, because in the end, it involves a level of trust that CAN and WILL be betrayed.

    2. JLV Silver badge

      See, I respectfully fundamentally disagree with you here. There is no need for “all extensions” to be unconstrained. GreaseMonkey or Pinboard.in’s bookmarking are useful without having to mess with HTTP headers or rewriting responses(DOM manipulation is fine). In almost any sensitive context, be it espionage, OS security, healthcare, the notion of need-to-know/need-to-access is front and center. I don’t much trust Google’s motivations, true. But to claim that all extensions need to know everything all the time is specious and flies against all IT security experience.

      I’d much rather have extensions with limited, granular, rights. If uBlock or Noscript need extra ones, then I’ll carefully think if I need them and maybe research how many users they have since how long. only then would I go along with “do what you want”.

      More and more we are getting hit with malicious software from trusted sources. Be it app stores, corrupted vendor downloads, malicious software for JS/Python on npm/Pypi, whatever. Extensions are just another possible ingress point and their effect on browser security should be carefully gauged.

      I’d go as far as saying we ought to have the capacity to block most extensions on certain of our domains: the risk when doing online banking outweighs the benefits in almost all cases.

      I repeat though: don’t trust Google one bit here.

      1. Charles 9 Silver badge

        That's you. What about Joe Stupid who wouldn't know a bad site if it bit them in the face? AND can take the rest of us with them?

        1. JohnFen Silver badge

          "AND can take the rest of us with them"

          How can they do that?

          1. Charles 9 Silver badge

            One easy example. Even if you never touch Facebook with a 39 1/2-foot pole, if someone who knows you (could be as remote as a sister of a friend of a friend, it doesn't matter) DOES and start associating you with his/her profile or tagging pictures with you in them, Facebook has the proverbial foot in the door. They're too remote for you to know about their activities, yet they can still affect you. That's why I say almost no one really lives in isolation and that the things you do can affect others, even without your knowledge. There's always someone out there who relies on you in some way.

  31. rftcrusher

    Everytime Chrome asks to save a password, I say NO, and it saves it anyways. I use a password manager. So for my sensitive logons, I use a different browser and let chrome have the secondary sites, that mean nothing to me.

  32. Sssss

    Things done wrong through these API's are crimes done on other people's property, and in other countries. Enabling these things is collusion. Things won't really change until criminal sentences start being handed out. Handed out by bucket loads for all historical crimes. That compensation be seized at that time across employees according to their culpability... This including des collusion by investors and shareholders...

    We could say, that 10-90% of your time spent on the internet productively is wasted by illegitimate schemes of damage such as these. That is amount peelr year of damage costs, no company can afford.

    Companies should only make money in legitimate ways. All this stuff needs to be closed down. If they can't make enough money in non targeted advertising (not harassing people, but having advertising either in general, or related to the content being viewed) they should charge for services, or give up.

    All advertising should be optional. They should not force people to watch advertising, that is Slavery, or Steal their privacy, that is Theft and Stalking. These are crimes. What a person does on their machine is their right and ownership, beyond others control, except Legally. Prosecution rather then subversion and illegal or unwarranted control, is the desired way of addressing people doing wrongs on their machines.

    Contracts forcing people to share information unwarrantedly, are unfair contracts under contract law, and challengeable to be changed. Unreasonable contracts forcing people are Slavery, and coercion. Those forcing such contracts, and writing them, should be prosecuted under the Criminal law, as well as the civil.

    Api's that enable explicitly bad behaviour require their use by others to address such behavior. But would we need such API's if they were not available! Api system should be by privilege only to the sole benefit of the user owner. The user who uses has ownership of their privacy, the user that's owns, has ownership of the system, but the system intellectual property owner has rights to his/her intellectual property's secrecy, but no right to trade secret as revealed. Designing a system like this protects people from harm.

    To protect people, they further need to put in options for things like add blocking, and to nominate optional services to carry this out, by blocking rather then substituting, on a permission by permission grant basis. That user privacy is not shared, that information fed back about page exploits is truly anonyminised with untraceability in a fashion better than Tor. That the company providing security options, or any app, has no idea what the user is doing, except that the user pays money, and even that should be anonymisable. That no manufacturer's account is required to download and use apps on a device, only payment, which maybe tied to a device and transferred.

    You can 100% not rely on an app store to handle security. App behaviour after installation can be used to circumnavigate security. You can see funny business in relying on app sutures to protect privacy.

    That all apps are required to operate with whatever permissions the users decides to give them, without harassing users for permission, or be removed from stores. If denial of a permission makes an app unusable, it is up to the owner. That maximum permission auto granted for an App, is the minimum for that app type. That the users preferences for apps, app types and apps, further automatically restricts this. That the user has manual overrides for general, app types and individual apps, where they may with user verification, increase or further decrease app permissions live (I have been trying to get them to do these things for years, since the first time I suggested user definable permissions which latter became the user definable permissions we have had). Permissions are to be fine grained, including firewall like permissions. Permissions are not to be used to hide further permissions underneath them, as is now done, where it appears you give little permission, but in reality covertly a lot, even undefined to the user. Such covert behaviour is to be regarded as illegal subversion in order to make a illegal gain to privacy or stalking.

    Security should identify file and data patterns acceptable, and repair, wipe and or replace as necessary (I have been trying to get them to do that too). This will remove injected code, and hopefully injected data, and corruption.

    All apps and components are to sandboxed in such a way, that they are the only things in their address spaces.

    1. Charles 9 Silver badge

      You forget about Joe Stupid. The best things in life are FREE to them, and they outnumber us.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019