But the design document only mentions retaining the old API for features that aren't possible with the new API, such as onAuthRequired. So it would still cripple uBlock
I really like the point the uBlock maintainer's make:
"Extensions act on behalf of users, they add capabilities to a user agent, and deprecating the blocking ability of the webRequest API will essentially decrease the level of user agency in Chromium, to the benefit of web sites which obviously would be happy to have the last word in what resources their pages can fetch/execute/render."
I'm just waiting for the time until websites won't load at all unless you have hardware DRM turned on that will take all of your control away.
>Extensions act on behalf of users, they add capabilities to a user agent, and deprecating the blocking ability of the webRequest API will essentially decrease the level of user agency in Chromium
This is off-topic, but I felt the same way about most data privacy problems. It was my own browser that was giving out the information and I would still like to see better control over it by default. Data privacy laws are simply a bandaid that don't help at all against malicious actors.
Ah yes, I used Firefox' reader mode, but some news sites now don't even properly support that. I may have to remind myself not to go on those sites anymore as well.
> Firefox' reader mode, but some news sites now don't even properly support that
All sites which are on Google Amp. Google, whenever it can, "helpfully" gives me the amp site and then I have to find and click the link to the actual site to get to the "readable" version.
Excuse me, but I believe using a google website to get to content negates the whole discussion over how to prevent webscale surveillance by advertising companies.
In other words, if your "solution" to the problem as outlined in the OP involves google, you already lost.
I'm just waiting for the time until websites won't load at all unless you have hardware DRM turned on that will take all of your control away.
My money is on news sites and other paywall sites doing that first. How long before they stop letting us "open in new private window"? Washington Post doesn't even allow that anymore -- a shame too, since I haven't read a single one of their articles since then.
Extensions should act on behalf of users but, like websites, some don't. A questionable or poorly-maintained extension can do more damage than any single website, and browsers can support user agency by replacing APIs with better ones: an effective declarative API for content blocking would majorly speed up extensions like uBlock Origin and make it harder for other extensions to follow users around the web.
That said, we should all fight for changes that let extensions like uBlock maintain feature parity.
Disclaimer: I'm both a Chromium developer and a uBlock Origin user and speak only for myself.
If you create a superior api (esp w/regards to speed) people will naturally move to extensions which use that api. Then once usage of the old api has dropped significantly, you can deprecate the old api.
It has been proven time and time again, that that's at best only partially true. There are two factors:
If they have something working with one API, they have to have a good reason to re-implement it with a new API. It may be 'fast enough' and reliable, so why go through all that pain?
Or, it's just the long tail of API consumers (e.g. site on the web). Some things aren't maintained and updated, but they don't go away.
I would gladly live in the universe which is a smoking bomb crater of questionable and poorly-maintained browser extensions, than be a wealthy rock star in any universe of amazingly performant extensions, but which are using a browser API which has denied my right to self-determination on my own computer, effectively taking away my ability to say "no" to actions which are then forced upon me. This is like a kind of information rape. And here the suggested "alternative" of static, declarative, JSON-only filters means no programmatic ability to veto requests before they happen. It is effectively forcing users to leap before they look. And this completely arbitrary limit on the number of filters -- and it is completely arbitrary -- is the same kind of neutering mechanism, forcing me to "prioritize" a small number of request vetoes. In other words, it's forcing me choose the manner in which the rape happens.
I think this is the core difference motivating this change: do extensions necessarily act on behalf of users? If that were true, there'd be no such thing as extension malware.
Is it perhaps time to return to using external tools such as Privoxy, Pi-Hole and the like? Privoxy appears to still be around, and (I think) was originally at the forefront of user-managed web controls.
Once the browser reaches its natural Borg-self, transparent user-level tools will be all that provide a semblance of control. Well that, and Firefox.
If a website shows a popover ad, it might be a first-party script putting up a modal, then a third-party iframe with the ad inside that modal.
Blocking at the network layer will leave the iframe blank, but the modal will still be present. It's not such a good user experience, especially for less savvy users who might be confused by a mysterious blank modal.
That's what the DNS-over-HTTPS is about - so your local DNS won't be consulted, instead it will be drowned in the HTTPS traffic. Remember, SNI is going to be encrypted too, so your router cannot distinguish DNS and regular traffic.
What if someone would create a pull request to implement unlock origin natively inside chromium, instead of an extension. If such a PR met all technical criteria, would Chromium project accept it?
Next to no one uses Chromium. The integrations usually start in Chrome, leaving Chromium pure, allowing Opera etc to forge their own path. This is a disturbing trend to change the course of the project, likely due to Edge being based on Chromium.
I bet a decent chunk of the MS engineers lobbied to adopt Gecko instead of Chromium when they decided to move away from EdgeHtml. I wonder what the reasoning was for not going that route, it seems like a huge miss and a total acceptance of a browser monoculture.
Is there a chance that Google's changes here might disrupt Brave's integration into Chromium? I mean, they might be using this WebRequest API to do their built-in blocking.
