Google will revise ad blocker-killing Chromium proposal
Google has decided to revise its proposed Chromium update that would have killed ad blockers and some other extensions.
The proposal, to restrict Chromium's script blocking capabilities to the new DeclarativeNetRequest API instead of the old webRequest API, caused a backlash from extension developers and users.
Chromium engineer Devlin Cronin provided an update on Google Groups following the outcry:
“I’d like to reiterate that all of these changes are still in the draft and design stage, as explicitly called out in the document and the tracking bug. The declarativeNetRequest API is still being expanded and is under active development, and the exact changes that will be implemented as part of Manifest V3 are not finalized. Feedback during this time is crucial, and we absolutely want to hear your comments and concerns.
Another clarification is that the webRequest API is not going to be fully removed as part of Manifest V3. In particular, there are currently no planned changes to the observational capabilities of webRequest (i.e., anything that does not modify the request). We are also continually listening to and evaluating the feedback we’re receiving, and we are still narrowing down proposed changes to the webRequest API.”
Developer first reported on Google’s proposal last month. Some criticised Google as wanting to kill off ad blockers as it damages the company’s primary source of revenue.
uBlock Origin developer Raymond Hill was among the most vocal against Google’s proposal, but he’s not alone. Developers of extensions not related to ad-blocking voiced their concerns about how it would impact them.
Jouni Korte, Senior Software Engineer for F-Secure, said:
"In addition to ad blocking, this seems to affect also security software that relies on extension capabilities of dynamically blocking https traffic that is rated as malicious or otherwise harmful for users.”
Chromium powers an increasing number of web browsers. Open web advocates Mozilla criticised Microsoft’s recent announcement that it would be switching to using Chromium for its Edge browser as handing too much power to Google.
Malicious extensions have taken advantage of some APIs in ‘Manifest V2’ introduced in 2012. Google is currently in the process of assessing what changes it can make in ‘Manifest V3’ to boost security and performance.
Replacing the webRequest API with the declarativeNetRequest API switches net filtering responsibilities from the extension to Chrome itself. In addition to security benefits, Google has said it boosts performance.
The team behind popular extension Ghostery criticised Google’s motives in a blog post:
"They pretend to do this for the sake of privacy and browser performance, however, in reality, users would be left with only very limited ways to prevent third parties from intercepting their surfing behaviour or to get rid of unwanted content.
Whether Google does this to protect their advertising business or simply to force its own rules on everyone else, it would be nothing less than another case of misuse of its market-dominating position.
If this comes true, we will consider filing an anti-trust complaint."
While this is not the end of the saga, it at least shows Google is listening. We’ll keep you posted on any further developments.
Interested in hearing industry leaders discuss subjects like this? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.
- » Linux Foundation and LISH publish latest open-source census with suggestions to boost security
- » Raspberry Pi 4 is now OpenGL ES 3.1 conformant, Vulkan incoming
- » GDC State of the Game Industry 2020: Key trends for the year ahead
- » SoundCloud repairs API-related security snafus after Checkmarx research