top | item 21026627

(no title)

What I think they're saying is that with Adblockers, they can phone home which ads they block, URLs they see, etc.

Content blockers impose rules at the outset and the rule generator won't see what the URLs/content actually is.

The way I would think of it would be like "let me see what you're seeing and I'll let you know what to let through" vs "here are a list of things you shouldn't let through but I don't need to know about what the hit rate actually is".

Although I could be misunderstanding the implementation.

discuss

skizm|6 years ago

While true with some, I believe uBO is a list implemented client-side, right? Other ad-blockers can and do phone home and let through ads that have paid, but uBO just has the EasyList filter installed locally and blocks those URLs. That was my impression at least, I never personally went through the source code.

pwinnski|6 years ago

I trust uBO and roughly zero others. In fact, uBO has to remind people at every opportunity to avoid certain others. It is all the others, now and in the future, that are prompting Apple to do this, and the one well-behaved extension is unfortunately suffering as a result.

I mourn the loss of uBO, but I'll take that tradeoff knowing that I can relax knowing that my family and friends aren't going to end up using some intrusive nightmare of an "ad-blocker" with Safari.

squeaky-clean|6 years ago

> That was my impression at least, I never personally went through the source code.

That's the rub though. There's nothing but trust preventing them from including some spyware in the next automatic update. Actually not even trust, whoever has account access to publish for uBlock could have their account hacked and someone malicious could inject spyware into a version of the extension.

pilif|6 years ago

This isn't as much about what existing extensions do today but all about what potential extension could be doing tomorrow.

If an extension doesn't get full access to all the pages you are reading, it can't do bad things with that access when the extension's owner inevitably changes (see the fight between uBlock and uBlock Origin for example) and spyware features are added.

jtbayly|6 years ago

Even if it is, it doesn’t matter. The problem Apple faces is how to prevent the other bad actors from abusing their API. The answer they’ve settled on is remove those capabilities from the API. Another answer would be to leave the capabilities but somehow only grant access to them to “trusted” parties.

I’m sure that would have gone over really well, too. /s

cptskippy|6 years ago

In the later scenarios, what assurance does the Ablocker have that their requests are respected? I could easily see a scenario where an Adblocker says "Hey Chrome block all requests to ads.google.com" and Chrome saying "Sure thing buddy" then completely ignoring that request.

Angostura|6 years ago

The same assurance you have that the browser wouldn’t simply inject its own ads into all pages.

TylerE|6 years ago

There's really nothing at all preventing Chrome from doing that today if they wished... they can manipulate the page before and after the Adblocker sees it.

zie|6 years ago

SHHH!!! That's for Chrome 100 ;P

I agree it's totally possible they would do that, but one could figure it out pretty easily with a touch of detective work.

ryandrake|6 years ago

Adblocker apps/extensions don't require that assurance. The user requires this assurance, and if the browser ignores the user's wishes, the browser is the application that should be held accountable by users.