I thought Apple were way out in front when it came to tracking and whatnot...
My wife uses a MAC at home and was complaining about how slow our internet was (70Mb down... not slow) a while back.
She mainly looks at news sites and when I saw what she was looking at I knew the problem wasn't the internet connection.
The entire page, apart from a tiny bit in the middle, was cluttered with moving shit!
I installed uBlock Origin and... the result was fantastic: pages loaded in a fraction of the time.
When she realised that the articles were a tiny proportion of the downloaded crap she realised she'd been missing out for so long.
Once, when the MAC went back for repair, it was replaced with a new one and OMG the horror when she fired up Safari and it had no blocker... UBlock Origin to the rescue.
I agree with one of the other comments on here: The web is utterly unusable without it.
Apple is trying to thread the needle. They want to allow content blocking, but they do not want to allow content blocking plugins to see and potentially report on what sites you visit.
Personally, I’m totally cool with the trade-off of having less capable ad blocking functionality, if I can be sure my web plugins aren’t a security or privacy risk.
It's a very popular project on GitHub with many developers scrutinizing any changes to the codebase. Fears of uBlock Origin being a "security or privacy risk" based on code in the extension are unfounded.
It's not whether uBlock Origin is a security risk, it's whether the APIs it's using are a security risk, lest they fall into the hands of a less benign actor.
(I also wish they'd kept the APIs open, just stating the other case.)
>Why does everyone else know better than the user what the user should be doing?
See windows and the malware infested ecosystem. People obviously don’t know what they’re doing, and/or don’t have the time vet every little action they do on their computer.
I'm sympathetic to concerns about people who don't know what they're doing, but if I'm a Safari user, I have to value keeping myself safe first. This change makes ordinary users safer, but makes power users less safe.
I understand why Apple is doing it. But I'm still going to advise responsible owners to ditch Safari and pick a browser that will do a better job of blocking trackers.
The problem is that all of the spyware says exactly the same thing. If the API exists, ordinary users are going to be asked to make huge security decisions with no effective way to tell whether the vendor (or the new owner who just bought it) is being honest.
> I'm sympathetic to concerns about people who don't know what they're doing, but if I'm a Safari user, I have to value keeping myself safe first.
This change still means that Firefox will have better adblocking and privacy tools than Safari. It's a tradeoff -- and if I'm a user that's already conservative about granting extensions permissions, I don't see how I get any benefits from this. I only get the downsides in the form of less effective blockers.
Ka-Block actually advertises itself as being less effective than uBO. It's selling point is that it's a simpler extension that blocks fewer ads and trackers, under the assumption that this is good enough and on it'll on average be faster because of the reduced overhead.
> Some ads will get through this filter, and that's ok. We already have extensions that block every ad that's ever appeared on the web with a completionist zeal that must be admired.[0]
If you're blocking ads just to make pages load faster, Ka-Block is probably fine. If your primary goal is to protect your privacy, you shouldn't be using Ka-Block.
For privacy concerns, I would imagine that preventing the methods of tracking is much safer and more effective in the long-run than blocking the trackers themselves. Apple seems to be pushing pretty heavily on that front.
Definitely agreed. But nobody (including Apple) is going to pull that off for a pretty long while.
In the meantime, it's useful to be able to do things like block all third-party AJAX requests and whitelist them on the fly on a per-site basis, or intercept CDN requests for common libraries and redirect them to locally hosted versions.
Extensions like UBlock Origin may be a band-aide, but sometimes band-aides are useful if you're waiting for an open wound to heal. In the same way, when I give people privacy advice, I'm optimizing for things they can do right now.
To be clear, I agree, I just didn't think GP was fairly stating the alternate case.
As an aside, no one is stopping you from binary patching Safari on macOS, provided you don't mind turning off SIP. The nice API just isn't there anymore.
I suspect that from Apple's (and Google's, and to some extent Mozilla's) point of view this is all about the computer doing what its user tells it to do — 'its user,' unfortunately, being Apple, Google or Mozilla. We the people using the computers aren't adults capable of making our own decisions and being responsible for the consequences, but rather livestock farmed either directly (Apple) or indirectly (Google & Mozilla( for money.
Your computer is a desk weight without the (or an) OS and software that runs on it. Each os/or software package down to libraries make trade offs that restrict their usage from general purpose to a specific set of functionality. It is impossible to write a line of functioning code without constraining the concept of "general purposes" as you have implied above -- each line of code does "something" not "Everything" by its very nature.
So long as it’s not sold. It’s happened before - a popular ad blocker is bought up for millions of dollars by an ad agency, and turned into an already installed vehicle for new ads.
I see nothing about “free and open source” which prevents this.
One malicious push/release effectively enables every user on browsers that have not transitioned to the passive list/filter model of blocking to be completely owned.
It is not about intent, it is about the many many extensions out there that use this feature set for good intent, but inherently open the risk of a full on traffic funnel should they be exploited * the number of users for each of them.
I don’t see why Safari can’t block extensions from sending data to remote servers. Seems like a pretty basic thing, so we have more powerful tools and not the privacy risks
They can do that for apps because apps are compiled and submitted. The expressly do not allow for dynamic code execution within apps to keep functionality from changing after their review.
That cannot be "just replicate"d for javascript extensions.
> That cannot be "just replicate"d for javascript extensions.
This is false too. If extensions aren't allowed to communicate with the internet and can't auto-update themselves, then they also can't run arbitrary code without the user's consent.
Apple is doing reviews for extensions, and also tightening up the APIs at the same time. At least on the Mac you've got alternatives if you're willing to make a different trade off. iPhone users and ChromeOS users are stuck.
Count me as another one who really doesn't understand how others can stand the unfiltered "Modern Web", although I use a combination of JS whitelisting, HOSTS file, and a filtering proxy, so I might be on the extreme end.
I've had to help others, whose computers did not have such blocking software (and they might not want to), and had to physically put my hand over parts of pages "cluttered with moving shit" in order that it would not distract me and allow focusing on the content itself. These people are also the ones who tend to miss details in instructions and seem to blindly ignore things like (actually important) notifications and warning messages, which leads me to wonder if their natural state of mind while reading pages is so distracted that they have trouble focusing.
It’s not like Safari is blocking all ad blockers like Google Chrome did... its more of deprecating & removing APIs that can be abused to track users browsing history by disguising itself into a browser extension.
Safari provides an alternative API that allows content blocking, that IMHO is better considering that
* it doesn’t allow leaking browsing history
* it runs in native code (not js like alternative ad blockers) so much fast
In a way, Apple is doing this to protect user privacy.
Can you even begin to imagine how much of the Internet's total bandwidth is used on adware/shovelware/crapware? And crazier still, how much of the world finds most of the web completely unusable as a result?
Imagine trying to browse modern web pages on a dial-up speed connection. Many sites now completely refuse to load until you load their JS, which calls some external JS, which then renders the page. I run almost every web page without JS and Cloudflare is the number 1 reason for not being able to access a page.
I remember a while ago I had to use the internet on my girlfriend’s laptop. I have been using adblockers for a long time and I had no idea how bad the internet really is. All the ads and other stuff are unbearable to me.
Apple isn't ending ad blockers. They're ending the specific API that uBlock Origin uses. For instance, I use 1Blocker on Mac and iOS and it does a great job of blocking ads using the still-supported APIs.
I thought Apple were way out in front when it came to tracking and whatnot...
My wife uses a MAC at home and was complaining about how slow our internet was (70Mb down... not slow) a while back.
She mainly looks at news sites and when I saw what she was looking at I knew the problem wasn't the internet connection.
The entire page, apart from a tiny bit in the middle, was cluttered with moving shit!
I installed uBlock Origin and... the result was fantastic: pages loaded in a fraction of the time.
When she realised that the articles were a tiny proportion of the downloaded crap she realised she'd been missing out for so long.
Once, when the MAC went back for repair, it was replaced with a new one and OMG the horror when she fired up Safari and it had no blocker... UBlock Origin to the rescue.
I agree with one of the other comments on here: The web is utterly unusable without it.