AdGuard publishes the first ad blocker built on Manifest V3 (opens in new tab)

uBlock Origin is the only browser extension I use on Firefox, Even after loosing trust on browser extensions in general after witnessing a recommended Firefox add-on indulge in malicious activity[1] and reading numerous stories of how browser extension publishers with large number of users are routinely approached to integrate malware.

The reason why I cannot do away with uBlock Origin is because its not just an Ad-blocker as its philosophy states, I need it to make websites usable by blocking elements like auto pop-up news video player, Blocking side bars to resize the websites to preferred width (When playing videos), Disable tracking and often just to load the websites faster.

[1] https://web.archive.org/web/20210924045611/https://github.co...

thank you gorhill for making the internet a useable space.

How is it able to be free without seeking donations? Asking for a friend who's about to get into something.

How about simply not supporting chrome. I believe some responsibility for this lies with us developers. It was developers who made extensions for chrome. We as technologists recommended chrome to our friends and families. Without us chrome would likely not be in the position it is today and google could not dictate the terms like they do. Maybe it is time that extension authors abandon ship, and we recommend alternative browsers?

To those who argue that chrome is faster and therefore you prefer using it. You should ask yourself, what is more important to you, to see a website a few ms faster or preventing Google to to dictate how the Internet of the future works (apart from the fact that in my experience browser's are so close in performance, that I don't think anyone can consistently pick which browser their on).

I just wanted to say that you (content blocker devs) have been heard, maybe not by the majority of browser users but at least people like me are championing Firefox over webkit-based browsers precisely because to do otherwise would be to loose control of the web to FAANG, especially Google. I've been telling everyone who would listen about how Google leverages Chrom(e/ium) against user interests and have deployed Firefox to every friend & family user whose machines I support.

It's pretty hard to search bugzilla, so to save anyone else time, this is what I ended up finding (9 bugs) https://bugs.webkit.org/buglist.cgi?bug_status=UNCONFIRMED&b...

Regarding MV4: the WebExtensions working group has started to mention the term at some of their recent meetings, although details are scarce it seems MV4 will still retain JS code execution [1] [2].

[1]: https://github.com/w3c/webextensions/blob/main/_minutes/2022... (CTRL-F for "mv4")

[2]: https://github.com/w3c/webextensions/blob/main/_minutes/2022... (CTRL-F for "mv4")

> this is for the future MV4 when extensions will be dumbed down to sets of declarative rules.

I haven't heard of this plan. Do you have more information?

But these changes don't ensure that ads are displayed to users. This won't impact Google's ad revenue at all. At most it will negatively impact their revenue because the less powerful API will let the sketchier advertisers try to bypass the filters.

(In case anyone else didn’t realize or found it ambiguous, Kagi is their company.)

Orion also has a damn good ad-blocker already running by default.

Man, I used Privoxy back in the day and it was amazing. Now, however, you need to set up custom certs so that you can MITM yourself, plus those things can only look at the initial HTML without running any JS. I don't know how less effective that would make filtering, but it can't help.

I'd love to be proven wrong though! Right now I run DNS-based filtering because, no, it's not perfect, but I really like having network-wide blocking.

Proxy and ssl doesn't work for filtering (basically the same as dns).

Maybe some sort of "remote browser" remote desktop or browser-in-browser type thing will work.

Proxomitron was amazing, very advanced, and even worked with ssl. All preceding proxy apps were very weak

MV3 splits permissions into host permissions and classical permissions (tabs, storage, etc). Putting <all_urls> in your host permission list means that whatever the extension does, it can do it on all possible urls you may visit in the browser. In this sense, it's no different than in MV2.

What's different is the classical permissions. Previously you could use the webRequest permission to execute custom JS functions in response to network activity. In MV3 you must now write a declarative rule instead using the declarativeNetRequest permission. By moving from an imperitive model to a declarative one, Google now has exacting control over what ad blockers can and can't do.

Gorhill's argument is that the stated reasons for MV3 do not align with the implementation. The example he gives is that Google claims the new API is more private. However you still need <all_urls> so the extension is as un-private as its MV2 equivalent. The only difference is that now Google controls what blocking you're allowed to declare and how much of it you're allowed to do.

There's a similar community discovery where MV3 implementation is provably counter to Google's claims of performance enhancement - MV3 extensions need to rehydrate state every 5 minutes as Chrome shuts down their service worker and for highly active extensions such as ad blockers this is actually less performant than the MV2 implementation with a long-lived background.

Basically, Google is full of shit.

> Chromium is still an open project with guidelines for contribution

Hah. The default is to reject changes from the community. I would not pin my hopes on Chromium accepting any adblocking community changes.

What do service workers restrict as compared to the previous model?

You can add a Chrome Source Code Viewer. I like this one. https://chrome.google.com/webstore/detail/chrome-extension-s...

Then look in the Manifest.json for manifest_version.

Here's the Twitter showing the timeline: https://twitter.com/GlobeMallow_io

The best part is AdGuard is still running manifest v2.

I don't think they've come out to support other extensions that will be killed in the crossfire however, such as ViolentMonkey or TamperMonkey.

https://github.com/violentmonkey/violentmonkey/issues/1555

https://github.com/Tampermonkey/tampermonkey/issues/644

The only thing we have so far is a google rep stating that they'll "reaffirm that we plan to support userscript managers in Maniest V3 before the Manifest V2 deprecation"[0] back in May, which fills me with no hope at all that they won't simply be killed.

0: https://github.com/Tampermonkey/tampermonkey/issues/644#issu...

I stand corrected in a big way. I'm very pleased that Firefox is doing this, I need to go make my other doom-gloom be less doom-gloomy now.

Yes, this is. duck.com search didn't surface that one on my first SERP so will update my post to reflect. Thanks!

> There wasn't some pre-Chromium version of either that was killed.*

Not true. Brave was initially based on Gecko https://brave.com/the-road-to-brave-one-dot-zero/

Also its just simply the best engine on the market.

I'm glad it does. I was mixing/matching my arguments a bit. I don't want to use Chrome both because (MV3 by Chrome is super locked down) and (Blink browser engine monoculture is bad for web durability), so when I said Vivaldi was a dead Chrome clone, I was referring more to the latter than the former.

Sure, I'm "preaching to the quior" here, but given Firefox's current market share, I'm not sure we've gotten the word out much beyond our circle.

The article mentioned Safari a couple of times, I don't see why the fact that Firefox will support both V2 and V3 indefinitely doesn't deserve a single mention.

Moreover, manifest V3 was essentially a massive middle finger from Google to everyone else (except advertisers), and it feels almost dishonest to discuss it wothout mentioning that there are better options out there.

Firefox is the obvious solution to this problem, as you've pointed out. You shouldn't be upset that it's discussed in relation to this.

Not for long

> antitrust action was for show.

People often forget the US underwent an administrative change between the judgement and enforcement. Microsoft spent a lot of "think tank" money on influencing the new regimes enforcement mentality, not only on their own issue, but on monopolies in general.

It was, from my recollection, definitely not for show.

Interesting, so the WebRequest API has its origins at Mozilla? I remember discovering all those wonderful plugins at the time via Firefox but I didn't understand that was the enabler.

Ah, the extinguish phase, of EEE.

Have you not read the article before posting the comment? Ad blocking is nowhere near being killed

That's exactly what Brave is doing. Chromium fork with a built-in native adblocker that doesn't depend on MV2 at all, and plans to continue supporting MV2 even when it is removed from Chromium entirely.

> Firefox became popular (in my personal experience) because it came with a popup blocker by default.

Yeah. Firefox should ship with uBlock Origin by default too. They're almost doing that on mobile since uBlock Origin is one of few allowed extensions.

It's not looking hopeful https://github.com/uBlockOrigin/uBlock-issues/issues/338

Jeeezuuuss! that will hurt, a lot.

One can always block Chrome updates. It would be funny if this so-called "security" move resulted in a much worse security situation.

DNS-based solutions can't block everything since they're limited to blocking domains. But wait until we bring a content filtering proxy to AdGuard Home, this will be the day when you'll finally get clean pages and you won't need any extension at all for that.

I’m very curious about method to block YouTube ads with dns. I didn’t find a way when I tried.

This is pure anecdote and not apples and oranges, but I've found the ad-blocking experience with Safari/Adguard comparable to Firefox/uBO.

I use it exclusively, I'm quite happy with it personally. I do wish they allowed more than just a few specific extensions to work, though.

I use it with uBlock on a $250 "budget" Android phone and it's as fast as Chrome. The last time I remember Firefox being slow on Android was when I was running it on a ZTE phone running FirefoxOS.

The only bugs I find belong to websites, which I don't count against Firefox. I used to have to support IE8... if the site broke it was my responsibility, not the browser.

Also it has a non native scroll behavior that is awful and a deal breaker to me.

I use Firefox on Android with uBlock origin for blocking ads and kagi for search. This Google (albeit Android is Google) free browsing works extremely well for me.

How recently have you used it? It works great for me

We never announced an extension store.

I said we'd support uBO and uMatrix at least, and we're discussing that with their maintainers now.

I also was and still am disappointed about both changes, but I don't think you're being at all fair to Mozilla.

In both transitions, Mozilla made sure to support the needs of both uBlock origin and NoScript, extending the webextension API (such that uBlock origin on Firefox is more capable than on current Chromium) and working with uBlock to make its interface more mobile-friendly.

They also extended the webextension API to allow for extensions such as Treestyle tabs and Panorama-reimplementations (so not remotely all XUL use-cases, but still most of the popular ones).

Hence, they've proven that they will go considerably beyond what Google/Chromium are doing, and that they won't harm "content-blockers", which is what we care about in this case.

Thanks for the summary. I had perceived the betrayal but I had never organized the thoughts nor verified the claims.

What do you think is the future (+2 years) for people with hatred for ads? For now I am using Firefox on computer + Kiwi in Android, but I also expect those two to go awry in the mid term.

* I see that after the edit, it doesn't look as bleak for Firefox PC. But what about Android?

> Fennec to Fenix mobile extensions? Killed, you get these 10 blessed ones, don't worry, we will eventually re-enable all of the webextensions on mobile, any day now

I harbor the (conspiracy?) theory is that Google told Mozilla based on their "No arbitrary code"-rule that they are not allowed to run arbitrary extensions anymore. And made Mozilla promise to never tell anyone.

If Firefox even deprecates WebRequest, LibreWolf will probably announce their intention to patch it back in and people will switch en masse.

Now that uMatrix development is inactive, this third strike could be their last for me.

> Fennec to Fenix mobile extensions? Killed, you get these 10 blessed ones, don't worry, we will eventually re-enable all of the webextensions on mobile, any day now, (didn't happen, you have to do hacky hacks involving nightly version to do un-blessed extensions).

Yep:

https://github.com/mozilla-mobile/fenix/issues/20647

The only thing keeping Firefox alive and relevant is uBlock Origin and its ad-blocking features. If Mozilla cripples it in any manner, Firefox will die. But I don't have high hopes and lost all trust in them when they built a backdoor in their browser to run any code through it on their users browser, as they please, and have even used it to violate their users privacy and trust - Mozilla ships Cliqz experiment in Germany for ~1% of new installs, collects surf data, including URLs - https://old.reddit.com/r/firefox/comments/74n0b2/mozilla_shi... ...

Unless Firefox is released from the clutches of Mozilla, Firefox will never be a serious competitor in the browser wars.

I despise anything that has touched cryptocurrency, which is why I don't like Brave.

Does Chrome have bells and whistles? I thought they removed all of them. Firefox, on the other hand, have a few left...

Does Brave have the memory / slowdown issues attributed to Chrome on Apple silicone MacBooks?

But also, a whole lot of other things I didn't ask for that are hard to entirely opt out of.

I was all for Firefox until Mozilla decided cancel culture was the way to go back when they canceled their CEO. It became even worse since - calling for the de-platforming of half the country.

I know Google hates the same user group, but Google also likes their money (or their money-value).

Go woke, go broke. If your trying to compete uphill, shooting yourself in the foot isn't going to make it any easier.

It's actually ridiculous to surf the web without an adblocker.

Let's say you have a brand new computer, and want to download nVidia drivers. Fire up your brand new computer, search for "nvidia drivers" using Bing.... and the first results are all ads for extremely scummy adware. (It's also hilarious when you search for "chrome download" when Edge begs you not to, and including when you click through, but that's a story for another time :)).

Yeah, I went to use my Mom's phone and I was appalled with all the ads and notifications. We can disable notifications, block intrusive ads or at least figure out which app is sending them to uninstall it, but for regular users the whole thing is an awful experience. I don't refrain from calling it "evil" anymore, because that's what it is. No wonder we're collectively going insane.

> Firefox is neither preinstalled nor as compatible as Chrome (nor as fast or user friendly)

Compatible against what? The web standards or Google Chrome?

Firefox is faster than chrome and only doesn’t work on badly built pages and webapps (like intelex)

> nor as compatible as Chrome (nor as fast or user friendly). There's already a lot of popups like "this site works best in Chrome".

User-agent sniffing[1] and it is a webdev smell. I acknowledge that this is true, but I admit being bummed that we didn't win the war to use web standards.

[1] https://en.wikipedia.org/wiki/Browser_sniffing

I helped my mom try out a smartphone for the first time this weekend, and she won't really use the web much on it except maybe weather. So I go to weather.com or something to show her how she can get to it.

I got a full screen cookie consent popup, a location permission popup, and ads were everywhere on the screen. Must have been 50% of screen space for the top part of the page. It's absurd!

Of course they can do this. They don't want to do it. How else would they push ads through their ad blocker?

Google sells ads. They totally want to kill adblocking with all means necessary. The moment they can no longer show increasing revenue, the stock will fall down to the levels expected from utilities from the levels that tech companies are valued at.

I've talked to a number of real engineers within Google. The folks building the browser have no desire to kill adblocking; they're never going to include first-party adblocking (not least of which because antitrust), but they're not out to break third-party adblockers.

It really is the case that the same mechanisms that enable adblockers ("this extension may affect your traffic on every website") are also the mechanisms that enable malware in extensions, which are not at all rare.

MV2 extensions have a lot of API power and it was a common malware vector in the browser since the APIs let you sidestep a ton of regular web security. If you run a popular extension you will get offers to buy the extension which is a nice payday. The buyers would then stuff it full of malware to infect the existing users.

Google makes no money off the Chrome Web Store and their initial attempts to restrict MV2 failed. The goal was for automated approval to suffice. Still, there was certain APIs that required human review.

Google could have continued restricting MV2 until they didn't need human review but they must have got the idea for MV3 at that point. They could also hamstring ad blockers and get some promo packet material.

Brave's CEO has said they'll add back any functionality that ad blocker extensions need to keep working under Manifest v3.

https://twitter.com/joshmanders/status/1134139586836344832

Brave has their own built-in adblocker so I don't see them putting any effort into keeping Mv3 around after it's actually removed from Chromium.

Yet reduced in it's ability to perform it's intended function.

They don't have to. I think gorhill recognises it's simply unfeasible to produce an effective content blocker on MV3, and I hope he puts his foot down and doesn't take on the maintenance burden of an additional nerfed browser extension.

If web devs want to make web experiences worse in Firefox by issuing warnings everywhere, then Firefox can even the score by having a useable ad-free experience.

We did our best with Safari, but believe me, it actually works worse than AdGuard in Chrome and Firefox. Safari with all its limitations is no better than Chrome with MV3.

Think about it from a mathematical perspective: How much CPU time is actually spent evaluating ad blocker rules? It's going to be proportional to the number of HTTP requests you issue. On a good website the number of requests is in the dozens or a hundred tops per page load, on a bad website maybe it's in the low thousands. But that's it. Let's say you have 300000 rules (I think the actual number tends to be much lower than this), worst case even if you brute forced that, you're evaluating 300000 regexes maybe a thousand times. That'll take some time, but not that much time, because modern CPUs are really fast. It's simply implausible that an ad blocker could have a significant negative impact on battery life unless you wrote it in some sort of forth interpreter that was checking strings one byte at a time - compared to the rule evaluations happening once per request, you're rasterizing frames ~60 times a second and handling input events and timers and all of that stuff constantly.

If you optimize the rules engine - which you can definitely do - you can skip evaluating most of those regexes, you can evaluate them in parallel, etc. You could start preparing the request and only gate the actual tcp packets on approval from the ad blocker. You could cache the approve/deny state for each URL so that the ad blocker overhead is only paid on first visit to a site. There are lots of ways to make this stuff super fast without breaking it, but Google and Apple don't want to do the work.

People like the uBlock Origin author have already demonstrated in the past that their ad blockers are fast despite the severe limitations of current browser extension APIs. If browser vendors actually supported extension developers ad blockers could probably become faster. Instead they're attacking them and forcing people to move over to intentionally sabotaged APIs with limited feature sets and arguing that now things will be "faster" even though you're going to be wasting resources downloading a bunch of ads.

Sure. The content blocking API is more secure as it doesn't allow any code by the extension to run and modify a web page. And so logically sounds like it should use less cpu / power. It is also true that it is a much, much inferior ad-blocking solution. If a feature is popular, it doesn't make sense to remove it. Instead, you can choose to make it opt-in. That both Apple and Chrome haven't opted for that speaks for itself - it is clear that they are prioritising crippling adblockers than letting users control what code run on their browser.

It won't be lower battery if ads slip through (they do).

It won't be more private if ads slip through, or if the whole web experience is degraded and users prefer native apps.

> Is it possible that Apple’s implementation uses less power and hence conserve battery life?

On WebKit, you can still use WebRequest to intercept and log all traffic, you just can't block it. I don't think that intercepting/recording all traffic and selectively blocking it would have a meaningful difference compared to just intercepting it all and letting it through.