Chrome update to kill ad blockers will affect other plugins
An update to Chrome which appears intended to kill the use of ad block plugins will impact extensions in other categories.
The change would restrict Chrome's script blocking capabilities to the new DeclarativeNetRequest API instead of the old webRequest API.
Raymond Hill, Author of the uBlock Origin and uMatrix ad blockers, said in a bug report:
“If this (quite limited) declarativeNetRequest API ends up being the only way content blockers can accomplish their duty, this essentially means that two content blockers I have maintained for years, uBlock Origin ("uBO") and uMatrix, can no longer exist.
Beside causing uBO and uMatrix to no longer be able to exist, it's really concerning that the proposed declarativeNetRequest API will make it impossible to come up with new and novel filtering engine designs, as the declarativeNetRequest API is no more than the implementation of one specific filtering engine, and a rather limited one (the 30,000 limit is not sufficient to enforce the famous EasyList alone).
While Google now has other sources of revenue, its main business is still advertising. Chromium engineers claim the change is to improve security.
Andrew Meyer, a Chromium engineer, commented:
"This change _IS NOT INTENDED TO GIMP AD BLOCKERS_. Rather, it is designed to make them faster and more secure. (Yes, even despite the limitations that might impact uBlock.)
The new proposed content blocking API _is not final_ and can/will be changed."
You can make up your own mind whether the change is more business or security-orientated.
Developers of extensions in other categories have chimed in on how the change will affect their plugins – most notably, anti-malware software intended to prevent users from accessing malicious sites and downloading infected files.
Jouni Korte, Senior Software Engineer for F-Secure, said:
"In addition to ad blocking this seems to affect also security software that rely on extension capabilities of dynamically blocking https traffic that is rated as malicious or otherwise harmful for user.
This includes pages spreading mal/spy/whateverware, but also for example parental control type of functions, i.e. protecting (child) user from content categorized as harmful/unwanted for him/her."
With enough kickback from developers and users, it could be reversed. The problem now faced is the amount of influence Google has in the browser market through Chromium.
Chrome is the world’s most popular web browser, but most of its competitors also use the Chromium engine such as Vivaldi, Opera, and more.
One major alternative, Microsoft Edge, said it would be dropping its EdgeHTML engine in favour of Chromium this year.
Apple device users have access to Safari and their WebKit engine, but the last remaining major alternative for other platforms is Mozilla’s Firefox and their Gecko/Quantum engine.
Privacy-advocates Mozilla voiced concern that Microsoft’s decision to drop the development of EdgeHTML and switch to Chromium hands too much power to Google.
In a blog post, Mozilla CEO Chris Beard wrote:
"The ‘browser engines’ — Chromium from Google and Gecko Quantum from Mozilla — are ‘inside baseball’ pieces of software that actually determine a great deal of what each of us can do online.
They determine core capabilities such as which content we as consumers can see, how secure we are when we watch content, and how much control we have over what websites and services can do to us.
Microsoft’s decision gives Google more ability to single-handedly decide what possibilities are available to each one of us."
Beard acknowledged that from a business perspective, Microsoft’s decision could make a lot of sense. It’s difficult to be profitable fighting Google with its existing uptake, resources, unique assets, cash, and talent.
We can’t say Mozilla didn’t warn us Google could use its Chromium influence to attempt such changes that would benefit its business.
Interested in hearing industry leaders discuss subjects like this? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.