[HN Gopher] Proxy Chrome extensions are not going to be usable i...
___________________________________________________________________
Proxy Chrome extensions are not going to be usable in MV3
Author : olso
Score : 172 points
Date : 2022-09-19 15:40 UTC (7 hours ago)
(HTM) web link (bugs.chromium.org)
(TXT) w3m dump (bugs.chromium.org)
| altdataseller wrote:
| Does this impact VPN extensions like Hola VPN ?
| easrng wrote:
| Hola essentially puts you in a botnet (Luminati/Bright Data),
| you shouldn't use it.
| altdataseller wrote:
| Yeah, I know :) I just want to know if it affects them,
| because I hope it does :)
| forgotusername6 wrote:
| Has someone tried to fix this themselves yet?
| olso wrote:
| Chromium team has not commented on this bug with 650+ stars
| (within top 10
| https://bugs.chromium.org/p/chromium/issues/list?sort=-stars...
| issues) in months
| [deleted]
| devwastaken wrote:
| It's cases such as these invalidate the "they're not acting
| with malice". Thousands of google employees see this stuff, and
| are clearly being told they can't talk about it.
| pessimizer wrote:
| You haven't applied Hanlon's Razor properly. They're just
| coordinating incompetence that they find beneficial, not
| being malicious.
| devwastaken wrote:
| Someone in authority said or inferred some version of
| "don't talk about this, don't get involved". That's
| malicious.
| GauntletWizard wrote:
| Sufficiently weaponized incompetence is indistinguishable
| from malice.
| babypuncher wrote:
| The act of weaponizing incompetence is itself malicious.
| kwhitefoot wrote:
| If you are coordinating the incompetence then _you_ are
| malicious even if the incompetent are not.
| mjrpes wrote:
| Chromium team replied as of 10 minutes ago to that thread
| (thanks to HN exposure):
|
| "I'm temporarily restricting comments to keep comments from
| turning into +1s while this is trending on Hacker News. If you
| have additional thoughts that you'd like to share with the
| Chromium team regarding this issue, please return in a few days
| to leave a comment (and apologies for the inconvenience)."
|
| "As a Chromium contributor that shares information about our
| progress on extensions issues, I sincerely apologize to
| extensions developers affected by this issue and the broader
| community for not sharing an update until now. I'm currently
| working on a "known issues" document for Manifest V3 that
| touches on several outstanding issues (including this one), but
| given the attention on this issue now, I'll quickly share our
| current thinking on this issue."
|
| "We have always intended to provide support for this
| functionality in Manifest V3 (for both user-installed and
| force-installed extensions), and have been iterating on
| different possible approaches. Our tentative plan (which is not
| yet finalized) is that the Manifest V3 version of this
| capability will require extensions to request a new permission
| scoped to intercepting authentication requests, but will
| otherwise allow extensions to handle these requests in a
| similar manner to how they do in Manifest V2."
|
| "The permission string and end user facing warning string have
| not been finalized yet. Also, we have not yet finalized how
| this new permission will interact with other permission grants,
| but extensions that currently have the webRequest permission
| and broad host permissions will likely not require an
| additional grant for this permission."
|
| "Finally, I want to note that before we can pursue this
| capability, we first need to resolve issue 1024211 (now
| formally marked as a blocker). We are actively working on
| 1024211 and aim to resolve both that issue and this one before
| January 2023."
| aftbit wrote:
| And after they specifically said:
|
| >Sorry no updates yet. Please star the bug if you wish to see
| this fixed sooner.
|
| Okay Google, we've starred the bug. Please fix now.
| concinds wrote:
| ">Sorry no updates yet. Please star the bug if you wish to
| see this fixed sooner."
|
| Translation: my manager is blocking this; please star this so
| have a better chance of changing his mind.
| MatthiasPortzel wrote:
| I think this is the real story here. Google pretends to be
| listening to real-world use-cases and user feedback and
| developing Chromium in the open, but at the end of the day,
| some manager has decided the millions of people using these
| extensions aren't worth supporting, and that's the end of the
| conversation.
| agilob wrote:
| opensource coming from Google, Amazon, Microsoft, OpenAI or
| even recent garbage coming from RedHat is just a nice
| facade. It's broken, it's locked to a platform, often no
| compiling instructions or out of date by 3 years with
| multiple bug reports. It's just a marketing move that came
| from Google early 00s' and then was widely adopted by MS:
| "Microsoft <3 OpenSouce - Contribute Here (for us for free,
| we can't be bothered to fix this TOP 10 bug or update
| documentation)".
| IshKebab wrote:
| It's not really any different for Firefox though is it? In
| fact it's not _really_ any different for any big open
| source project. Someone ultimately has the power to decide
| what features to develop and nothing forces them to listen
| to their users.
|
| Look at things like Firefox's Pocket integration, or like
| all of Gnome.
| TheChaplain wrote:
| It's not about support, it's a money issue. Adblocking
| doesn't generate money, so out it goes.
| TedDoesntTalk wrote:
| But we are talking about proxy extensions, not ad block
| extensions.
| bakugo wrote:
| Last time I tried to use onAuthRequired in Chrome I found that it
| was already broken in some contexts. I think it's pretty clear
| that Google is on track to phase out extensions completely within
| the next decade.
| olso wrote:
| Finally, chromium people have spoken
| https://bugs.chromium.org/p/chromium/issues/detail?id=113549...
| scoopertrooper wrote:
| Looks like we caught someone's attention:
|
| > I'm temporarily restricting comments to keep comments from
| turning into +1s while this is trending on Hacker News. If you
| have additional thoughts that you'd like to share with the
| Chromium team regarding this issue, please return in a few days
| to leave a comment (and apologies for the inconvenience).
|
| > As a Chromium contributor that shares information about our
| progress on extensions issues, I sincerely apologize to
| extensions developers affected by this issue and the broader
| community for not sharing an update until now. I'm currently
| working on a "known issues" document for Manifest V3 that touches
| on several outstanding issues (including this one), but given the
| attention on this issue now, I'll quickly share our current
| thinking on this issue.
|
| > We have always intended to provide support for this
| functionality in Manifest V3 (for both user-installed and force-
| installed extensions), and have been iterating on different
| possible approaches. Our tentative plan (which is not yet
| finalized) is that the Manifest V3 version of this capability
| will require extensions to request a new permission scoped to
| intercepting authentication requests, but will otherwise allow
| extensions to handle these requests in a similar manner to how
| they do in Manifest V2.
|
| > The permission string and end user facing warning string have
| not been finalized yet. Also, we have not yet finalized how this
| new permission will interact with other permission grants, but
| extensions that currently have the webRequest permission and
| broad host permissions will likely not require an additional
| grant for this permission.
|
| > Finally, I want to note that before we can pursue this
| capability, we first need to resolve issue 1024211 (now formally
| marked as a blocker). We are actively working on 1024211 and aim
| to resolve both that issue and this one before January 2023.
|
| https://bugs.chromium.org/p/chromium/issues/detail?id=113549...
| AlexanderTheGr8 wrote:
| Not trying to throw ML at the wall, but could it be used for this
| problem (considering all other options seem to be failing)?
|
| As far as I understand, after MV3, ad blockers won't be able to
| use a long list of ads to remove them.
|
| How about using a simple ML algorithm to detect whether the
| request is a genuine one or an advertisement? I am sure that
| getting training data wouldn't be too hard (all the ad lists that
| will get useless after MV3 are good data).
|
| I don't make chrome extensions so I don't completely know how MV3
| will cripple ad blockers.
|
| Any feedback would be appreciated!
| GolegN wrote:
| alcover wrote:
| So.. Chrome is too big to fork. Then why don't we make a bare-
| bones OSS no-DRM browser with only a subset of JS and CSS and
| promote at the same time an old-school webring of 'virtous'
| websites.
|
| If it catches on (and it could since it'd be free and _fast_ ),
| maybe some big sites would evolve to advertise themselves as
| 'virtous'.
| 3np wrote:
| dillo.org
|
| More recently, Ladybird, which was discussed last week:
| https://news.ycombinator.com/item?id=32809126
| TremendousJudge wrote:
| I don't get it, Firefox already exists and is a complete OSS
| reimplementation of everything Chrome does (and works better
| imo). Only thing to do is convince sites to test more on
| Firefox. This strategy worked last time around.
| alcover wrote:
| I've been using Firefox forever but the problem is - it's now
| too big. Because it's - like you mention - following Chrome.
| To stay relevant, FF implements all the bloat Chrome churns
| out. Even worse, it's tempted to follow Chromes' extension
| manifest to stay compatible.
|
| So I meant it looks like a lost battle. And it may be better
| to reboot to a smaller, nifter browser that a small
| team/community can handle.
|
| edit: and of course cut all ties with Google financing.
| jeffbee wrote:
| Firefox gives up 40-60% of the performance of Chrome on my
| platform, using common browser benchmarks. I don't see
| Firefox as a substitute good for Chrome. It has much worse
| performance, worse security, and lacks features I want. Its
| performance is equivalent to using Chrome on an 8-year-old
| CPU. The only thing it has going for it is being perceived as
| counter-cultural, despite the fact that it is 100% funded by
| Google.
| reciprocity wrote:
| Your claim is that you suffer a _40 to 60_% performance
| impact by using Firefox from Chrome? Would you like to try
| that again? I see egregious comments like this of Firefox
| every so often and I always have to wonder if the last time
| people making these remarks actually used Firefox was in
| the pre-Quantum era (assuming one charitable
| interpretation). To claim that its performance is
| equivalent to using Chrome on a CPU from 2013 is
| disingenuous at best.
|
| Firefox is not just perceived as 'counter-cultural', its
| importance lies in the fact that not using Chrome and
| similar browsers is also a vote not to support a browser
| monoculture online.
| jeffbee wrote:
| I invite you to try Safari, Chrome, and Firefox on an
| Apple Silicon CPU right now. Firefox is the slowest of
| these by a HUGE margin.
| nklmilojevic wrote:
| Not only the slowest, it also uses the most energy of all
| browsers on Mac. Scrolling the old Reddit spikes the CPU
| to 10x more than Brave.
| JohnFen wrote:
| Firefox may work great for many people, but it certainly
| doesn't for me. I finally gave up completely on it late last
| year.
| jhasse wrote:
| Something like Ladybird? https://github.com/SerenityOS/ladybird
|
| I think it wants to implement all of JS eventually though.
| alcover wrote:
| it wants to implement all of JS
|
| ES6 why not. But the whole _Web API_ is crazy. Bluetooth ?
| Barcode ? Geolocation ? What the hell. Let 's go back to a
| _documents_ web.
|
| Also small JS engines already exist, like QuickJS.
| aeharding wrote:
| It's extremely frustrating how Google is ignoring this issue. So
| much for developer relations.
| nitrixion wrote:
| This type of decision has fully cemented that Google is an
| advertising company. Every decision they make is to benefit
| advertisers regardless of how it affects users and developers.
| ridiculous_fish wrote:
| How does this decision benefit advertisers? Honest question.
| JohnFen wrote:
| It greatly restricts how effective ad blockers can be.
| TedDoesntTalk wrote:
| Proxy extensions are not the same as adblockers.
| guilhas wrote:
| 2 years without a reply, maybe it's a feature.
|
| Could they be afraid of a surge in proxy Adblock extensions since
| they are trying to cripple the local ones?
| staticassertion wrote:
| A proxy extension requires rewriting arbitrary requests on the
| fly, which is removed from V3 as a general capability.
| TedDoesntTalk wrote:
| > A proxy extension requires rewriting arbitrary requests on
| the fly
|
| That is completely incorrect. A proxy extension routes
| requests through a proxy server. It does not rewrite
| anything.
| staticassertion wrote:
| OK and presumably it does that by taking a request for an
| address A and _rewriting_ part of it so that it actually
| goes to B with some additional headers to indicate how to
| forward it.
|
| edit: Apparently I've hit my HN rate limit so I can't
| reply! Thanks Dang.
|
| As for the proxying, obviously something has to rewrite the
| address that the request is going to. Depending on the type
| of proxy (ex: HTTP CONNECT) you may also have an
| x-forwarded-by header set. It sounds like Chrome never
| allowed you to do this manually, cool TIL.
| TedDoesntTalk wrote:
| I mean, you are just completely wrong. It does not
| rewrite the request. It does not change headers. There is
| an API that allows the extension to set a proxy server
| destination:
|
| https://developer.chrome.com/docs/extensions/reference/pr
| oxy...
|
| And that API does not change the request, either. That is
| not how proxying works.
| ltbarcly3 wrote:
| You don't know what you're talking about. You should stop
| before you embarrass yourself further.
| yegor wrote:
| As a proxy extension developer, this is absolutely maddening.
| We're forced to choose between auth-less open proxies (bad), or
| baking in a wacky authentication scheme through a side channel
| (also bad). MV3 drops in 2.5 months, and will leave tens of
| millions of proxy extension users unable to use products they
| paid money for.
|
| This is all on top of the many other issues with MV3 that Google
| is pushing under the guise of "improving performance".
| aftbit wrote:
| Have any of the Chromium forks committed to maintain MV2 into
| the future? Having functioning extensions while maintaining the
| other features that people like from the browser could help
| pull some marketshare from Google Chrome. Probably just
| dreaming though...
| Caspy7 wrote:
| None that I'm aware of but Firefox has committed to
| maintaining the more powerful MV2 content blocking APIs that
| Google is removing.
| TedDoesntTalk wrote:
| Brave has committed to MV2 but they will need their own
| store first because the chrome web store is kicking out MV2
| extensions. So far, they don't have their own store.
| yoasif_ wrote:
| They have explicitly _not_ committed: https://twitter.com
| /BrendanEich/status/1534905779630661633
|
| > We could fork them back in at higher maintenance cost.
| No point in speculating -- I don't write checks of
| unknown amount and sign them, and Google looks likely to
| keep V2 support for a year (thanks be to "enterprise").
| rasz wrote:
| V3 will improve performance of ads division.
| yegor wrote:
| Where is EU when you need them with their anti-trust
| litigation. Google is pulling a 2000s Microsoft.
| eastendguy wrote:
| There is an easy alternative: Use Firefox
| naikrovek wrote:
| that doesn't fix the problem, though.
| naikrovek wrote:
| Google have been doing this for 10+ years and people are
| only now starting to see it, it seems.
|
| the Microsoft antitrust trial original verdict was reached
| in 1999 by the way (appeals kept it alive a bit longer,
| though, into 2001). you are probably referring to the 1990s
| Microsoft, I imagine.
| staticassertion wrote:
| Doubtful. I suspect that Google Adsense ads will continue to
| be blocked post-V3.
| SquareWheel wrote:
| You're correct. MV3 blockers work fine against Adsense, as
| expected.
| rasz wrote:
| Blocking is detectable. uB doesnt block, it shims its own
| version of js.
| staticassertion wrote:
| I'm not sure what you mean.
| CodesInChaos wrote:
| If you block third party javascript files (e.g. google
| analytics) other code required for the website to
| function correctly might fail, since it relies on that
| third party javascript. So uBlock doesn't block certain
| javascript files, and instead replaces them by its own
| version which contains dummy functions that avoid those
| errors.
| staticassertion wrote:
| OK that doesn't have to do with blocking Google AdSense
| ads nor does it have to do with proxying so I'm kind of
| confused.
| flutas wrote:
| >OK that doesn't have to do with blocking Google AdSense
| ads nor does it have to do with proxying so I'm kind of
| confused.
|
| When a website wants to load an ad, it uses
| javascript[0]. The website can call a function in the
| included javascript file and tell AdSense "hey load an
| ad". If you simply block the JS file the website can
| break due to trying to call functions that don't exist.
|
| uBlock (supposedly, I haven't verified this) instead of
| blocking the JS instead replaces it with it's own
| version. That version just basically says "yeah sure
| cool" whenever the website tries to display an ad, but
| doesn't actually do anything.
|
| [0]: https://support.google.com/adsense/answer/9274516
| londons_explore wrote:
| Is there really nowhere else to store Auth information in a
| synchronous datastore?
|
| For example it looks like you could use a lambda function with
| the Auth info pre-bound...
| iLoveOncall wrote:
| If there is one group of people I will never feel bad for, it's
| the VPN / proxy vendors.
|
| They've been doing false advertising for years on every
| channel, making consumers pay for absolutely useless products.
| preinheimer wrote:
| There's absolutely terrible players in the space.
|
| We're also in the space, I don't think we're selling useless
| products, or falsely advertising.
|
| Our customers use our proxy servers to test applications that
| use your IP address to show you localized content (IP
| Location, GeoIP, etc). We're in 80+ countries 250+ locations
| globally.
|
| Being able to switch your location with a browser plugin
| makes it just a few clicks, and _much_ faster than switching
| VPN endpoints. You also get to proxy just your browser
| traffic (or even just traffic against a few specific domains)
| rather than all the traffic on your machine. So your
| Spotify/Slack/Outlook connections can all run normally, and
| you're only proxying the site you want to test from somewhere
| else.
|
| This change is terrible for us. Especially so because users
| flipping around between different proxies is a major use
| case. A user needing to re-enter their credentials for each
| unique proxy server is much worse than just once.
| altdataseller wrote:
| How are you planning to adapt to the change?
| z0ccc wrote:
| There are many legitimate use cases of VPN's. Also there are
| many VPN companies that don't do false advertising such as
| Windscribe, mullvad or iVPN.
| iLoveOncall wrote:
| > There are many legitimate use cases of VPN's
|
| Yes of course, but that probably represents less than 10%
| of the customers (I'm being extremely generous on purpose,
| it's probably 0.1%) of your usual NordVPN and co.
|
| > don't do false advertising such as Windscribe
|
| "Stop tracking and browse privately" and "block annoying
| advertisers from stalking you online" proves you wrong.
| VPNs don't stop trackers.
|
| > don't do false advertising such as Mullvad
|
| "Evade hackers and trackers". Sure.
|
| > don't do false advertising such as iVPN
|
| Hey looks good actually, they indeed don't claim to block
| trackers or anything else, just change your IP /
| geolocation.
| TedDoesntTalk wrote:
| > Hey looks good actually, they indeed don't claim to
| block trackers or anything else, just change your IP /
| geolocation
|
| Add FoxyProxy to that list of no false advertising,
| please
| z0ccc wrote:
| > Yes of course, but that probably represents less than
| 10% of the customers.
|
| Lol how did you come up with 10%? Did you just make it
| up?
|
| > VPNs don't stop trackers.
|
| Windscribe (and other VPN's) can block trackers.
| https://blog.windscribe.com/how-r-o-b-e-r-t-
| works-76d6274460...
| sebzim4500 wrote:
| A huge portion of VPN users do it to get around geo-
| blocking, which has not been falsely advertised.
| scoopertrooper wrote:
| VPNs are quite useful in the UK. A fair number of sites are
| blocked by ISPs for various reasons.
| [deleted]
| altdataseller wrote:
| Why will auth-less open proxies be bad?
| z0ccc wrote:
| VPN providers won't be able to verify if a user paid for the
| service.
| TedDoesntTalk wrote:
| Not just VPN providers or other paid services. Open proxies
| on the internet are bad for everyone.
| z0ccc wrote:
| What are the other issues with open proxies?
| TedDoesntTalk wrote:
| They are usually hosted by malware installed on a
| vulnerable system. And if they are SOCKS proxies (vs http
| proxies), then they can send send spam using the IP
| address of the infected device.
| miohtama wrote:
| Cyberattacks use open proxies to amplify the attack/hide
| their source.
| ajross wrote:
| Authorization and access control are different problems.
| You can use ssh to create a auth-free SOCKS5 pipe, for
| example (lots of us do this every day), but that's not an
| "open proxy" because it's e.g. listening on ::1 or on the
| internal network interface, etc...
| progval wrote:
| Does your extension work on Firefox? If yes, have you
| considered explaining the situation to your users to encourage
| them to move to Firefox?
| lmm wrote:
| Firefox has a much worse history than Chrome when it comes to
| breaking extensions.
| djfobbz wrote:
| I checked out both of your sites Windscribe.com and
| ControlD.com...I will be signing up as a paid customer! Thank
| you for you this.
| yegor wrote:
| Nice, thanks! If you have any question you can always email
| me at my HN username @ either domain.
| TedDoesntTalk wrote:
| This also breaks proxy authentication in very popular
| extensions like FoxyProxy.
| quotemstr wrote:
| Could you run an auth-free proxy on localhost that in turn
| forwards traffic to a remote proxy that does require auth? You
| could have your intermediate proxy expose a local interface for
| configuration.
| olso wrote:
| This is one of possible solutions, but requires a native app
| to be installed. Extension would no longer be standalone.
| mastazi wrote:
| I keep seeing sentences like "MV3 is approaching", "when MV3
| drops in x months", but the reality is that MV3 is already here
| and affecting extensions!
|
| New extensions that use MV2 have been prevented from being added
| to the store since last January [1] and this has already affected
| some extensions which, as a result, have to be installed manually
| [2][3]
|
| The time to switch to Firefox is right now.
|
| [1] https://developer.chrome.com/docs/extensions/mv2/
|
| [2]
| https://github.com/libredirect/libredirect/issues/45#issueco...
|
| [3] https://libredirect.github.io/faq.html#chrome_web_store
| preinheimer wrote:
| It's telling that the last action from a google employee on the
| list was ... removing themselves from the notification list.
| somat wrote:
| Are proxy extensions just a hook to set the http_proxy?
|
| I always have a hard time with chrome. because where firefox has
| a config area to set the proxy chrome wants to use an environment
| variable. so do these proxy extensions fill this missing config
| gap?
| HellsMaddy wrote:
| Manifest V2 deprecation is likely going to break extensions that
| inject userscripts, like Tampermonkey [0] and SurfingKeys [1].
| The Chrome team has been rather unhelpful. They've promised to
| add support for power-user tools like these in MV3:
|
| dotproto from the Chrome team commented on May 27 [2]:
|
| > @mon-jai, the short answer is no, I don't have any updates to
| share. That said, I'll reaffirm that we plan to support
| userscript managers in Maniest V3 before the Manifest V2
| deprecation.
|
| But the deprecation is approaching and the Chrome team hasn't
| released any more information about this AFAIK. These extensions
| are going to require large refactors to support MV3 and they
| can't meaningfully start until the Chrome team elucidates how
| script injection will work. With MV2 deprecation coming so soon,
| I worry there won't be enough time.
|
| [0]: Manifest V3: examine the effects * Issue #644 *
| Tampermonkey/tampermonkey:
| https://github.com/Tampermonkey/tampermonkey/issues/644
|
| [1]: Migrate to Manifest V3 * Issue #1821 * brookhong/Surfingkeys
| - https://github.com/brookhong/Surfingkeys/issues/1821
|
| [2]:
| https://github.com/Tampermonkey/tampermonkey/issues/644#issu...
| lizardactivist wrote:
| I don't know the full scope of consequences and Google's
| reasoning for this, but I'm going to guess it's either done under
| the false pretenses of improving performance, or improving
| security. Could there possibly be a positive outlook for
| improving ad revenue as well?
|
| Time to settle with Firefox.
| altdataseller wrote:
| Does anyone know when MV3 will be released, or when this will
| start to impact a large # of users?
| ajayyy wrote:
| MV2 will be disabled by default Chrome in January 2023, and the
| flag to reenable it will be removed in June
| TedDoesntTalk wrote:
| Google's own top 10 extensions with over 10 million users is
| still on MV2.
| btown wrote:
| Does this mean that (non-open-proxy) VPNs will no longer be
| usable on a per-Chrome-profile basis? So one would need to either
| route all traffic through a VPN at the OS level, or none at all?
| olso wrote:
| You can still authenticate via basic auth popup, but you can't
| automate it (UX friendly). There are some workarounds mentioned
| in the bug comments, but they are workarounds with their own
| issues.
| andrewliakh wrote:
| It looks like they did this on purpose, otherwise they won't
| ignore such an important issue.
| superkuh wrote:
| I don't want to pile on here but everyone who used Chromium while
| pretending they weren't supporting google's Chrome monopoly,
| pretending Chromium was something else, are getting the only
| outcome that was possible. It was entirely predictable from the
| start and if you play stupid games you win stupid prizes.
| vlunkr wrote:
| And the stupid prize is what? You might have to use a different
| browser? Doesn't seem that serious to me.
| tinus_hn wrote:
| As long as there _is_ a different browser, of course.
| pkulak wrote:
| The stupid prize is that by the time you decide it's time to
| use a different browser, Firefox and Safari have been
| rendered totally unusable by developers only targeting Chrome
| because that's all they have to do.
| LegitShady wrote:
| I use firefox every day without issue.
| lolinder wrote:
| I use it every day as my primary browser, but there's
| definitely been an increase in applications that will not
| work except on Chrome. It's not text content that's ever
| the issue, it's SaaS products.
| vlunkr wrote:
| It's your anecdote vs. mine, but this is not my
| experience. I find that Chrome is better for Google Meet
| (not surprising.) Other than that FF is fine. In the last
| 4-5 years have become increasingly similar and easy to
| support as a developer.
| [deleted]
| croes wrote:
| And then you realize all the web sites are optimized for
| chrome and you have problems using other browsers
| dvngnt_ wrote:
| google maps is the only site that just didn't work
| croes wrote:
| And it was just a YouTube bug that killed EdgeHTML
|
| https://news.ycombinator.com/item?id=18697824
| lolinder wrote:
| Out of the ones that you use, maybe (I've actually never
| had a problem with Google Maps). There are several
| applications that I have to use for work that either
| don't work on Firefox or have limited functionality,
| Slack being one of them (huddles only work in Chromium or
| in the Electron app).
| JohnFen wrote:
| And what would that different browser be? Aside from Firefox,
| which has become essentially unusable to me.
| jerheinze wrote:
| It's not like no one was making warnings about this.
| pkulak wrote:
| And every time there's a bunch of replies about how great
| Brave is, and everyone should just use that... Chromium
| wrapper.
| jorvi wrote:
| To be honest, I don't understand why people keep acting
| like Google has control over Chrome(ium) with some iron
| fist. It's dual open license. Microsoft is contributing so
| many patches that they have a decent amount of sway over it
| already. If Google ever truly steps over the line,
| Microsoft will just fork it and everyone will swap their
| upstream to Microsoft-Chromium..
| TremendousJudge wrote:
| I don't think Microsoft has any incentives to protect
| users.
| imbnwa wrote:
| Brave has publicly declared support for Manifest v2 in
| perpetuity, no? They even seem to be pondering how to
| distribute v2 extensions post-sunset in Google Chrome[0]
|
| [0]https://github.com/brave/brave-browser/issues/15187
| cpeterso wrote:
| Maintaining out-of-tree patches for a project as large
| and quickly-changing as Chromium will be a lot of work. I
| know someone who worked on Amazon's Silk browser team and
| they had an engineer (rotation) working working full-time
| to keep their Chromium fork up to date within Google's
| upstream. Brave doesn't have nearly the resources that
| Amazon does.
| UberFly wrote:
| Yea you've seen it tried in projects like Waterfox and
| Palemoon and it eventually becomes too much to deal with.
| (Following the old Firefox addons system that is)
| TremendousJudge wrote:
| Yeah it's clear that was never going to work -- the whole
| point of dropping the old addons was making big
| architectural changes that weren't possible with the old
| APIs. You can't merge the new architectural changes and
| the old APIs without running into the issues they were
| trying to avoid by removing the old APIs in the first
| place.
| marwis wrote:
| There are few projects and companies that do exactly
| that, including CEF open source project. Perhaps they
| should join forces and make a joint OpenChromium project.
| Caspy7 wrote:
| https://twitter.com/BrendanEich/status/153489341457924915
| 2
|
| > Brave will support uBO and uMatrix so long as Google
| doesn't remove underlying V2 code paths (which seem to be
| needed for Chrome for enterprise support, so should stay
| in the Chromium open source). Will Google Chrome Web
| Store really kick them out over V2? We will host if
| needed.
|
| https://twitter.com/BrendanEich/status/153490577963066163
| 3
|
| > > I'd be interested to hear a plan for Brave on what
| will happen if upstream removes the code paths needed for
| pre-v3 ad blockers.
|
| > We could fork them back in at higher maintenance cost.
| No point in speculating -- I don't write checks of
| unknown amount and sign them, and Google looks likely to
| keep V2 support for a year (thanks be to "enterprise").
| imbnwa wrote:
| I see my misunderstanding, they're specifically
| maintaining the webRequest interface
| Caspy7 wrote:
| I think you're thinking of Firefox.
| yoasif_ wrote:
| > I see my misunderstanding, they're specifically
| maintaining the webRequest interface
|
| They aren't specifically maintaining anything. Brave's
| CEO doesn't "write checks of unknown amount[s] and sign
| them".
| jacooper wrote:
| Mozilla only has themselves to blame.
|
| I'm going to repost a previous comment here.
|
| > https://news.ycombinator.com/item?id=32741481
|
| > I used to refuse Chromium for the Same reason.
|
| > But honestly it already happened, Firefox is already
| irrelevant.
|
| > Mozilla is mis-managed organization that is funded to
| avoid anti-trust investigations, they dont fully push for
| privacy because they are afraid of google, do out of touch
| changes, and focus on political advocacy.
|
| > Compare that to brave, which builds its own independent
| search engine, ad network, and has privacy by default in
| its products.
|
| >There is no hope that Mozilla and Firefox will change the
| status-quo anytime soon, Firefox is losing users at crazy
| rate, and Mozilla is absolutely failing to do anything to
| change Firefox's destiny towards irrelevance.
|
| > Brave is almost everything Mozilla should've been.
|
| > Actually do what they sey, no hidden google analytics in
| their products, no unique ID for each installer downloaded,
| push for privacy by default and independence from big tech,
| not being shy from google, because they are their only
| income.
|
| > I would argue, that if Mozilla wants to turn its course
| around with their "limited resources" it should drop gecko,
| and anything irrelevant to the users experience.
|
| > Fork Chromium, the best web engine out there by a mile,
| and remove any anti-privacy / anticompetitive code, while
| still taking advantage of the huge development resources
| directed to chromium from many parties, and maybe Mozilla
| can also influence Chromium's development.
|
| > Start pushing privacy by default, its the reason brave is
| gaining users at such a rapid pace, its a browser I
| recommend to everyone, as just by installing it they
| already are much more private than with chrome.
|
| > What matters is the users experience, its why brave is
| growing
| teawrecks wrote:
| I'm out of the loop. I've been using FF for years without
| any issues across multiple OSes and devices. I plan to
| continue doing that. I simply don't understand the
| negative sentiment I see about it, it's served me very
| well.
| TedDoesntTalk wrote:
| Someone warned years ago that proxy extensions would no
| longer be feasible on Chromium? I must have missed that
| message.
| lucideer wrote:
| > _Someone warned years ago that <insert extremely specific
| thing>_
|
| No, the gp said:
|
| > _while pretending they weren 't supporting google's
| Chrome monopoly_
|
| Monopoly means Google's interests will be served rather
| than the user's. This means taking away things that are of
| value to users / users losing control over features / etc.
| Like proxy extensions, yes.
| jerheinze wrote:
| Not that explicitly, but many warned about Google abusing
| their power if it started hitting their profits.
| moffkalast wrote:
| I'm more interested why it isn't possible to just fork the
| thing and maintain a version that's plugin enabled. Isn't
| Chromium completely open source?
|
| Especially for Brave, Vivaldi, Opera, etc.
| AshamedCaptain wrote:
| Developer effort.
| moffkalast wrote:
| Don't underestimate the power of spite.
| AshamedCaptain wrote:
| Spite is at times my main source of motivation, and still
| leaves me physically uncapable of following the rate of
| breakage of upstream Firefox (i.e. I cant keep my patches
| up to date), which I'm assuming it's actually a more
| sensible upstream when compared with Google.
| Macha wrote:
| I actually think not - the few third party gecko browsers
| abandoned ship to webkit/blink/chromium over the years
| marwis wrote:
| In addition to what others said, forks are not allowed to
| use Google services such as Chrome Sync or Translate.
| josefx wrote:
| >Isn't Chromium completely open source?
|
| No, especially not if you want to watch videos, the DRM
| plugin is a binary blob that only Google approved
| browsers get to run.
|
| Then there are all the Google services that will break in
| unexpected ways in your browser, sometimes just because
| your user agent isn't identical to Chromes if past
| reports from Firefox users are any indication. Basically
| expect to be shit on by the biggest internet giant around
| at ever possible corner.
| whoisthemachine wrote:
| Firefox supports all DRM content I have come across,
| clearly there are ways to implement DRM that don't
| involve Google.
| josefx wrote:
| Open Addons an Themes, click on Plugins, by default you
| should see a line that says "Widevine Content Decryption
| Module provided by Google Inc." . Note the Google Inc. .
| heavyset_go wrote:
| Depends on the browser and platform. WideVine support on
| Firefox for Linux is limited, one of the biggest effects
| of this is that some video platforms refuse to serve up
| high definition video to Firefox users on Linux. Netflix,
| for example, will only allow you to watch video at 720p
| on Firefox for Linux. The existing WideVine support comes
| directly from Google.
| ElCheapo wrote:
| I mean, if the DRM wasn't a blob it would be open source.
| Andnif it were open source it wouldn't be DRM...
| josefx wrote:
| It could be controlled by a third party that isn't trying
| to dominate the browser market. And Google already caused
| issues years ago when it side loaded that plugin on open
| source distros and initially refused to provide an option
| to disable this behavior in chromium.
| heavyset_go wrote:
| It's possible to have DRM that's open source using
| cryptography.
| easrng wrote:
| Secure DRM requires that your device have keys that are
| burned-in that you can't access. It's impossible to have
| an open implementation of a non-broken DRM system.
| heavyset_go wrote:
| The amount of work it would take to fork Chromium and
| maintain a working secure browser with MV2 hooks into the
| browser internals would be so large that you'd need a
| dedicated team whose job it is to constantly backport
| upstream Chromium changes and ensure they still work with
| the old MV2 subsystem. That would take a lot of time and
| money.
| moffkalast wrote:
| Well you don't need to implement every stupid thing big G
| thinks should be in it, just the really critical stuff.
| Even if you freeze all features right now you'll probably
| still have a better renderer than gecko for 5 years into
| the future.
|
| I mean right now I bet a lot of people will simply not
| update to MV3 and continue using the last known MV2 build
| into perpetuity until certs break or something else. I
| sure intend to.
| heavyset_go wrote:
| Backporting from an entity that is hostile towards MV2
| makes me suspect that Google isn't going to play ball and
| make maintaining an MV2-compatible Chromium fork easy.
| ck2 wrote:
| btw just like there were enterprise-hacks for Windows v7 to keep
| it going, manifest v2 will still work if users can be taught to
| turn on "managed mode" in their Chrome
|
| extends v2 from January 2023 EOL until June 2023
| January 2023 Chrome stops running Manifest V2
| extensions Enterprise policy can let Manifest V2
| extensions run on Chrome deployments within the organization.
| June 2023 Manifest V2 extensions no longer
| function in Chrome even with the use of enterprise policy
| DanAtC wrote:
| MV3 sucks and all, but why do you need an extension to set up
| proxy settings? Is this in lieu of a whole-device VPN?
| TedDoesntTalk wrote:
| Yes
| perryizgr8 wrote:
| Can someone ELI5 what are proxy extensions? What are they
| supposed to do?
| e40 wrote:
| I use a HTTP/HTTPS proxy in Chrome (and Firefox) to work
| remotely and access internal things from my work network. The
| proxy I use has very nice features to allow "auto switching",
| meaning based on an regex I can use the proxy or go direct. The
| rules are ordered any way you want them.
|
| The proxy we all use at work is SwitchyOmega. Been using it for
| years and it's fantastic.
| TedDoesntTalk wrote:
| FoxyProxy is another popular one with millions of users.
| PostOnce wrote:
| Once upon a time many years ago, Chrome was marginally better
| than Firefox.
|
| That time has long since passed.
|
| I know, I switched from Firefox to Chrome and used it for a
| couple of years, but Firefox got better and Chrome got worse, so
| I've been back on Firefox for many years again now.
|
| If Chrome doesn't do what you want or what you like, use Firefox.
| It does everything Chrome does, and more.
| d3nj4l wrote:
| I like Firefox and am a loyal, long term user - used it before
| quantum kind of loyal - but it is by far the _least_ efficient
| browser on macOS with M1. In my rough personal testing Brave
| (based on chromium) is significantly more energy efficient,
| getting me up to 30% more battery time. I 'm not sure why, but
| it's making it harder and harder to justify sticking with FF.
| okasaki wrote:
| Bizarre. To me firefox looks like it's falling apart at the
| seams.
|
| Here's a new profile, just default zoom set to 150% (ublock
| origin installed system-wide)
|
| https://i.imgur.com/Z3MO8sr.png
|
| https://i.imgur.com/hgscGrb.png
|
| https://i.imgur.com/07QI1IU.png
|
| https://i.imgur.com/owZm12J.png
|
| What is even going on?
| s_ting765 wrote:
| I thought they were pushing it when they announced MV3, which
| would purposely can ad blockers. But this would finally put the
| nail to this coffin.
|
| Now I'm even more curious to see how badly Chromium bangles this
| migration to V3.
|
| I'm also curious as to why big internet advocacy organizations
| such as the EFF [0] have been quiet on this move.
|
| --
|
| Edit: It appears the EFF has spoken out about this a couple of
| times.
|
| [0] https://www.eff.org/deeplinks/2021/12/googles-
| manifest-v3-st...
___________________________________________________________________
(page generated 2022-09-19 23:01 UTC)