I know that title isn't 100% right, but (a) the one on the blog is pretty much useless and (b) a more correct title would've been too long. Open to suggestions.
The title ("Chrome will stop displaying ads that are repeatedly flagged as disruptive") is wrong in a couple of ways.
According to the post:
"... Chrome will stop showing all ads on sites that repeatedly display these most disruptive ads after they’ve been flagged.
To determine which ads not to show, we’re relying on the Better Ads Standards from the the Coalition for Better Ads, an industry group dedicated to improving the experience of the ads we see on the web. ..."
They are a bit vage in this post, but as we know from other posts and press briefings, this means:
The site owners will get a notice when Google has found that their site is displaying ads not compliant with the Better Ads Standards. When they don't fix this until after 30 days, all ads on the site are blocked, even those complying with the standards. The site owners can then of course still fix it, and get removed from the block list.
So the "flagging" is actually done by Google, and means the owners of the site get a notice.
You jest, but the the goal of this "coalition" is to do good enough to not make you want to do that. Of course, the human review built in would preclude most of the large botnet attempts. An analogy:
This is exactly what came to my mind when I saw the headline. I'm sure this will happen, and a new arms race will ensue. Users are better off with uBlock Origin and such, instead of relying on advertising companies to handle ads better.
I feel like they will get sued for that extremely quickly, considering their dominating position (Chrome) and being in the ad-serving business at the same time.
conceptually. However, the metric we use to dictacte that conceptual argument is what screws us (Americans). We have chosen increase in price as the primary metric.
It becomes the responsibility of the accuser to prove and provide evidence of increased prices based on monopoly position. The Exponent podcast did a nice description of this last summer I believe (not sure what episode).
I wish Google would do something against the so called 'Rogue Redirect Ads' in their AdSense network. Ads that redirect the parent frame.
When I browse the web on my Android phone, I get redirected to spam every 10 pageviews or so. And no, it's not a problem of the phone. It's a known issue that ads can break out of their iframe:
IMO Javascript should not be allowed in ads at all. Unless that gets implemented, I have the feeling that all blog posts about improving the user experience are just lip service.
There is some work going on to remove Javascript, but it is slow going. Most publishers won't trade off revenue for performance and security so there is no incentive for the buyers to change their ways.
Giving publishers a choice would be a start. A checkbox 'Allow JavaScript' for AdSense publishers and a way to run revenue experiments about JS on/off.
That does raise the question is Google big/ubiquitous enough to force that on publishers? If Google unilaterally decided no more JS in ads., would the publishers grumble about it but adapt, or would they look to other ad networks.
Google runs an ad network and releases a browser. Presumably he is aware that Chrome is doing something, but wishes that AdSense and DoubleClick would do something.
Focus is probably the best option on iOS but I don't trust Mozilla to block tracking the way I want it done, I'm far more comfortable with uBlock Origin handling it. If I want the extra protection of deleting my cookies and history on exit I'd rather just start a private tab. Most of the time, I want to stay logged in on sites.
For me it's not a matter of trust, it's just that there's no customizability to the ad-blocking on Focus, even at the level of choosing blocklists to subscribe to, or adding particular elements to be blocked.
I don't want a company that releases a "privacy focused browser" with telemetry enabled by default deciding which tracking is "ok" and which isn't. I love Firefox compared to other browsers but there's definitely some user-hostile choices being made at Mozilla and I'd rather they just not get involved in ad blocking (other than ensuring the add-on architecture allows proper blockers to do what they need to get the job done right).
Why Focus on iOS? iOS has had a framework for third party content blockers for years. If you install a content blocker for iOS, it also works with other apps depending on which webview they use. For instance they work with Feedly.
Not across the system, though. It only works in Safari. For system ad-blocking, the easiest option is via DNS based Ad-blocker services like Adguard Pro or Adblock (both are paid apps and available on the App Store).
There's also the VPN option. PIA, for example, comes with its own system ad-blocker (MACE) although it's nowhere as good as Adguard Pro (which allows you to use custom DNS server).
It's not just Safari. The only times I really care about ad blocking are using the web with safari and Feedly and watching video. The content blocker also works with web view embedded in Feedly.
I very seldomly watch live ad supported video. I have ad free Hulu. For the two networks that aren't on Hulu - CW and CBS, I watch VOD from them via Plex. Because of the way that the Plex channels work, they skip the ads.
Brave is not usable yet in mobile, from my experience. I'll give them a few more cycles before using it full time on phone. Desktop version is much better though.
Putting the ad in an iframe without the allow-top-navigation[0] sandbox permission could prevent that. Or if the ad naturally consists of an iframe then a browser extension could intercept the iframe load and add the equivalent CSP rule[1]. Or google could do that themselves.
I think they would still be allowed to open in a new tab.
Thanks for reminding me about this problem. A few websites I visit have spammy ads that do this and it is very frustrating, but I forget as soon as I leave the loo.
> IMO Javascript should not be allowed in ads at all.
I agree fully. I think part of the issue is that the folks submitting ads want to collect a lot of data. They probably don't use that data (or if they do, not well), nor do I trust them to not collect very invasive and unsafe data, but I suspect for many folks that having their own JS payload makes or breaks a possible ad network.
Given concerns about Monero mining, redirects, and other hijinks, removing JS from ads is even more critical now. I think the compromise will be to give ads some kind of network provided hook to get data back to "home" eventually, though then the issues above only shift from the ad provider to the ad network provider.
Or at the very least, provide a domain-specific-language that "compiles" to JS that can do very limited things like animations and others.
That combined with requiring all of the assets to be hosted on the ad-network's servers would greatly improve the experience. (mainly because ad-networks are larger companies that the host website has a direct relationship with, so when users complain the site can talk to the ad-network, and the ad network can instantly do something about it)
Sadly, they have no incentive to do that, as those ads would be more expensive to create, most likely make less money, and most users that block ads block all of them regardless of how invasive they are. Adblockers treat all ads the same, and so now advertisers are faced with the choices of:
1. make more shitty invasive ads
2. make "better" ads (better for the user) and make less money while spending more and having users still block them anyway.
This is why I really believe that the "better ads" thing from google and others is a really good idea, because it helps re-align the incentives back with the user in some ways. If that works, shitty ads will be blocked much more widely, while good ads will get more views and more users.
Any source code to source code translation is considered transpilation until targeting byte code or other form of representation that is byte code, VM, or CPU specific. The terms do become blurred sometimes.
Similar things happen on iOS, too. I can't tell you how many times I'm trying to go to a seemingly legitimate site on my iPhone and I get redirected a dozen times and end up at "You've won a free Samsung tablet!" instead of the content I asked for.
You're probably either not using the right ad-blocker or fail to configure the ad-block properly. If you just want a content-blocker that works in Safari- I find Purify works the best. If you want a full system ad-blocker which works in most apps- NYT, BBC, Chrome though not in the YouTube, Instagram, Twitter apps- it would have to be a DNS based Ad-blocker like Adguard Pro.
I started getting them for a while a few month ago. It made browsing certain sites on my phone almost impossible, I'd get a rogue redirect literally every time I tried to access the page.
Firefox beta on Android is slow, but wrorst is if you use Google's search tools (like time range) Google sends Firefox a search results page without that ability or many other things (plus side, there's no amp).
Google depends on external things too - especially the foss community. Eg, if github sees a connection coming from Google that is /not/ their indexing bot, give them a limited page.
For the same reason that they expect websites not to display a different content when they see the googlebot UA for instance? It's pretty shady behavior IMO, that's not how the web is supposed to function. It's something I would've expected from Microsoft more than 10 years ago. I guess chrome really is the new IE.
I also expect them to do the right thing because of "Don't Be Evil", but that doesn't really mean much anymore, right?
There are a few of them, but i didn't want to keep fighting against Google and chrome is going to take up space on my phone regardless. I only have 16gb of internal storage so I'm often struggling with that. (Android seems to work their hardest to make the expandable micosd not very useful).
Reasonable in your case but I'll remind everyone here that we used to fight tooth and nail against Microsoft back in the days
- and we won: I'm now free to use Linux at work. I think cloud computing as we know it happened as a result of the liberation of server class operating systems etc.
So my suggestion is we continue to make noise until we get meaningful change.
(And just like with MS back in the days I don't think everyone working for Google is evil, it just seems to be next to impossible to have that kind of power as a company and not abuse it.)
It's pretty amazing that Google can discriminate so obviously against competitors and not be punished like Microsoft rightfully was whem I was young...!
Proof of monopoly abuse right here: no technical reason, just a wish to crush competition.
It's a shame the EC hasn't looked into this as part of its antitrust investigation against Google. And I'm talking about Google not allowing ad-blockers in the Play Store, not about Chrome not having an adblock extension. That's just their decision not to have extensions on the mobile Chrome, and I can respect that, even though I know it sucks. However, it should be illegal for Google to block adblockers in the store, considering its Android monopoly in the EU.
"It’s important to note that some sites affected by this change may also contain Google ads. To us, your experience on the web is a higher priority than the money that these annoying ads may generate—even for us."
Fundamentally, the setup is that Google is blocking all ads (and all ad revenue) on sites that serve any ads that don't comply with a certain Google-defined policy. Google of course makes certain that this policy allows whatever ads Google wants to serve.
What is the most plausible outcome? That sites want ad revenue, do not want to take risks on losing it, and hence will only use Google for ads (because those will by definition comply with the policy).
It's true that if a site serves both Google and non-Google ads Google may end up punishing the site (no ad revenue), even if it means some revenue loss for Google from the now-blocked Google ads. But if the goal is to make sure sites do not do this mixing of Google and non-Google ads, that seems like an acceptable cost to pay to achieve the goal, from Google's point of view.
"That's a nice website you have there. It would be a shame if you couldn't display ads."
How is this anything other than a hilariously transparent shake-down? An ad company that controls both ends of the ad pipeline (Chrome and Adsense) is "protecting" people not by blocking terrible ads, but by blocking all ads on sites it deems "disruptive."
I assume Google's customer support staff can contact the owners of blacklisted sites and sell them more Adsense inventory, or encourage them to stop doing business with competing ad vendors.
Ug, I've been railing against this for a bit now. For anyone who is unclear what is happening, Chrome downloads a set of partial hashes for sites that are considered bad by this coalition. They don't provide the full list of sites (evil). Then if the site matches it, it phones home to get the full hash to see if it matches that. If it does, it applies the EasyList (non-cosmetic) ad block rules.
Problems:
* The list is totally opaque (I am wrong, see EDIT 2 below)
* They use the hard work of people like EasyList and subjectively apply it (though not that big of a deal, they do make it free/open for all uses after all)
* They build it into the browser instead of as an extension or working with the existing ad-block community
I urge everyone to keep with uBO and the like. How anyone can be for NN and then think a coalition can be an on-by-default gatekeeper of good or bad web items I'll never understand. At this point, I have a hard time separating browser from ISP wrt end user control and limited choice (especially for the masses who aren't familiar w/ these kinds of details).
EDIT: I should note that this is the same mechanism by which the safe browsing lists work that tell you a page may be bad. For consistency, I disagree with that too of course, but I find the motives and targets here to be much more sinister. I would also say switch to FF, but they also use the secret safe browsing lists, so they'll probably switch to this as well. I say find a Chromium/Gecko based browser w/ all the ancillary shit like this removed.
EDIT 2: There is a method of obtaining the entire list via the API, see comments below. I was wrong about the opacity and stand corrected. Still doesn't alleviate the concerns around gatekeeping. I wonder if Google would let me keep a running update of this list in GitHub so we can all watch changes and other things like adblockers could use it.
Not really, just based on the blog post and comments at https://news.ycombinator.com/item?id=16297550 and elsewhere where myself and others looked at the code. I could be wrong on some aspects of course and would welcome being corrected.
Also, I cannot find a clear explanation from Google how the internal details of this ad blocker work (how they manage the hashes on their side, where this coalition list is maintained, etc). I would love a link, but alas with these kinds of things transparency is usually the first thing to go, especially since people don't demand it.
The Safe Browsing distribution is for efficiency (less bandwidth, less in-memory data to store). The Better Ads Standard list can be obtained here (unhashed): https://developers.google.com/ad-experience-report/
Efficiency is distributing the entire list (and they do distribute an indexed and unindexed full EasyList, you can see it in your user's Chome data folder). I doubt it's too big to download in indexed form for a desktop and keep updating with deltas. At the least, I'd like the option.
EDIT: Updating from previous statement saying I couldn't find where to get the list. I have now obtained it from [0] and put it at [1] (caution, it's a large gist).
(Disclaimer: haven't worked on Chrome in ~7 years.)
This weird hashing scheme comes from safe browsing (which blacklists sites that install malware etc.). I guess (without specific knowledge of it) it was just reused for this ads thing because they had all the code handy for it,
both the browser-side code and serving code.
I recall the weird hashing scheme was carefully designed to balance some concerns. For example when it phones home, it phones home with a hash of the current URL so that it doesn't reveal the current URL to the server (unless the URL is already in the server-side blacklist). I also think it was intentional that the client didn't get a list of all known-malware URLs. I can't find any design docs for it at the moment better than https://developers.google.com/safe-browsing/v4/ . It may well be the case that the hashing scheme doesn't make sense at all in this context.
The hashing scheme definitely does address privacy concerns. It's that the whole list isn't present and relies on a Google API that troubles me. Surely the list is not too large to download on desktop, but maybe it is. I'd like the option of instead having it all on my desktop and downloading deltas instead of the hash check. The best "design docs" I've found is the golang impl at https://github.com/google/safebrowsing/.
While I would also personally prefer this functionality as an extension rather than as "bloatware" (although it's not exactly useless), I believe having it built-in will better the majority of Chrome users who are not savvy (or aware) enough to install extensions, which as of Dec 2010 was only 1/3 of Chrome users (the most recent stats from Chromium I can find) [1].
Unlike some others, I don't doubt the good intentions this road is paved with. But to keep with the NN analogy, less savvy users would also prefer paying for a cheaper, more restricted internet.
Only one site at a time. I want to see them all. Other ad blockers let me do this with their lists. Google is no stranger to supporting big list downloads. They are choosing not to and should not be defended. Sure they can say they don't want the offenders to know they are offending, but they can find that out anyways. I think in reality, they want to maintain the keys to the lists which means not giving it away and keeping it secret.
That's assuming that it's a simple process to publish a huge list. Keep in mind that Safe Browsing is much more complex than an adblock list. They allow actions from site owners via Search Console, and track many types of threats (phishing sites, malicious downloads).
My guess would be there isn't a simple canonical list, and it's more of a heuristic evaluation where certain thresholds will trigger site warnings.
In this case an API would be more up-to-date, and less computationally expensive than serving large, always-changing lists. It was likely just the more logical choice. Though I'm assuming the new ads functionality uses the same Safe Browsing infrastructure.
>Sure they can say they don't want the offenders to know they are offending
Actually not the case at all. They send alerts to sites that are affected by Safe Browsing via Search Console.
All true. And I have found a place to obtain the list (see other comments). I do think the list as it relates to how the browser uses it is not that complex (is or isn't an "unsafe" or "bad ads" site).
Google Search works like an API. You search the keyword, they run it through their algorithms. There's no download of their entire search index because that would be impossible.
Makes you type-in a single URL. There is no way to use a keyword to get a list of items back. My point is that it should be trivial for google to do this, since this is their core competency.
I fail to understand whats so special about maintaining a tiny list of website URLs that anybody can access at any time? I'd wager you can fit 10+ million URLs per GB. The wayback machine has 300 billion+ pages of full page historical content and you can access all of it. This is entirely within Google's wheelhouse. Certainly, there could be other factors to not handout the list, but I'm merely speaking about the engineering aspect here.
I didn't say they couldn't. What I said is that such a list wouldn't make as much sense because it would always be out of date. A programmer looks at that problem and sees that an API makes more sense.
I downloaded the entire list via the API just fine. What is the difference between an API and a download? Answer: authorization control. It doesn't have to be a fixed file on their side...a URL can serve just what the API does like a download. But then they wouldn't know who wanted it.
Unfortunately.. I don't see a dispute button. If Google won't let you dispute like blacklisted mailserver, I see class action lawsuits because ultimately with such high % of market share, Google and his pal Chrome will decide whether your business thrives or dies.
I'm not sure if you're a Google PR drone or just naive, but people have been talking about this for years...
Ya know the nice little extensions Google has added over the years to their search page? Like speed test, recipes, dictionary, a rudimentary calculator, map locations, etc??
Most of the information is stuff they stole from other websites. They put it in the search results now so you won't go to those terrible websites yourself and stop looking at Google ads. And nobody can stop it because if you block Google spiders your website dies.
So the only people that can fight Google stealing all their shit are other Titans like Facebook and LinkedIn. Everyone else is getting their content lifted and moved into search results.
It's so pervasive that I'm not even going to bother to find you links. Ironically, you can just Google something like "Google destroyed my business" and find plenty of results. Google does a lot of things I support but they also destroy businesses intentionally with reckless abandon. For instance, I find it impossible to believe Google didn't think it would destroy Speedtest.com when it added a widget to the search page. Or Allrecipes when they started stealing their content and ploping it on the search page.
Some of the things Google does these days are thinly veiled as being for "convenience" or "security" when they're really just a monopoly stomping out various competitors.
Remember how Google used to punish "cloaking"? Well now they quietly allow you to do whatever the hell you want which led to all the news site paywalls. These sites we're tired of Google stealing all their shit and powerful enough as a group to stand up to it. Google sits on it's hands because they know if they stop it they will end up in court, probably for antitrust
Especially here of all places. I can't think of many sites where PR-fueled statements would be countered more, and there are enough "real" Googlers around to provide that insight already.
The fact that real Googlers post here eliminates the need for PR to post. Google employees are participants willing supporting Google in exchange for money so they are incentivized to post only good things about Google or risk violating policy/getting fired. They are even incentivized to scrutinize every negative post about Google because it's an attack on their livelihood and moral choices (whether or not to continue working there).
I'm not suggesting the dead post's particular case is true. I'm just pointing out that it's a company's dream to have engineers voluntarily spending time on a forum like this where they have identified themselves as employees. They are implicitly doing PR for free.
My problem is that Google was a founder of Better Ads and its designed to 1) protect their ad business, 2) stop people from wanting ad blockers, and 3) make the web nicer. Huge emphasis on #1.
Whenever you have the browser maker, and punitive actions controlled by the same party, and arbitrarily, its a recipe for disaster.
If Google really cared, they should spin Chrome off to a foundation, provide it a large amount of funding, and totally step aside.
Having the #1 web browser and the largest ad network, controlled by Google, even if you agree with what they are doing, is a recipe for disaster.
Google, of course, MUST protect its ad business, let's call his what it is.
So because of who they are Google should not be allowed to attempt to improve the quality of ads on the internet?
Why would Chrome being run a foundation that is funded overwhelmingly by Alphabet make a difference? Chromium is already public -- aren't there already forks that focus on privacy and ad blocking?
Sure, I just don't see why that should be disqualifying. If they are too shy about blocking ads, then most users will not even perceive that this feature exists and the status quo is unchanged. If they block even a handful of the worst offenders, it's a win for Chrome users. And if those blocks encourage people to clean up their act then it's a win for everyone.
I don't know. Maybe there is still a small benefit but I think their main reason for participation is to steer the effort into a favorable to them direction. Some benefits will come out of it but any real progress will be blocked or massively watered down because it would cut into their bottom line.
For example, how could we ever confirm that Google treats reports on its ads the same as reports on other ads? It's unlikely that we will be able to make that confirmation, and should probably instead assume they are not treating them the same and insist that Google prove that they are. Err on the side of caution and all that.
>Sure, I just don't see why that should be disqualifying
The same reason every conflict of interest is a problem. You're not advocating for what's best for the side you are supposed to be representing because you are also representing a self interest.
I get the point, but what's the solution exactly then? The fundamental problem lies in how ads industry works and how the psychology of ads work. Given Google owns one of the largest ad platform, it has the "power" to decide how an ad should be displayed, right? Because of conflict of interest, then what is the solution? Every problem has to have some solution. The argument here and above is driving us into a circle - no one knows, so Google is the "obvious" choice. I don't want to see ads myself, tbh, and this announcement doesn't really make a big difference anyway, but I am specifically asking if not Google, who and what's next?
These are good points. I think the reason this kind of conflict really rubs the wrong way is because these kinds of things tend to have sour legacy effects at inopportune moments.
There isn’t an INTRINSIC conflict of interest. The ideal is fewer, more expensive ads with higher conversion rates. Is there a stable operating point, though?
Google owns the DoubleClick platform - the largest ad server with the most sites and running the biggest ad exchange in the world. They approve, serve, and support all of the intrusive ad formats in the first place, even on their own websites.
This is absolutely not about quality but a political move to counteract ad blocking extensions and companies. While the intent seems noble, it's likely to cause no real improvements compared to better existing options like not serving these formats at all.
As long as websites display annoying ads, people will have the incentive to use ad-blockers, no matter how polished and non-intrusive DoubleClick ads be.
I don't think DFP is the biggest culprit of annoying ads. If they were,Google would definitely have taken the less controversial option of imposing stringent rules around DFP creatives. The biggest culprits are the up and coming ad networks that try to differentiate themselves and deliver big numbers for clients by providing super high impact ads.
In order to actually protect Chrome from Google influence, it would need to switch to the Firefox model: Selling default search to the highest bidder. It might, then, still be Google. But other search engines could bid for their share, and it would prevent Google from lowballing their funding.
(Also, imagine the hilarity if the default search of Chrome ever became Bing.)
Right now, per your metaphor, all the chickens are being eaten. It's a clusterfuck out there with some of these ads. But I also don't want to go the opposite way and (to extend the metaphor) have a fox so vicious, it keeps _myself_ away from the chickens (a la AdBlock extensions), such that my favorite websites go away because I'm not supporting their revenue stream.
Google does not have an interest in showing you shitty ads. They have an interest in providing their clients with ads that are acted upon and that web users appreciate, and they have an interest in having a browser that does that with as little friction as possible.
I'd say their incentives are perfectly aligned with ours.
Right now, all of the chickens are being eaten. If we get a fox that only occasionally eats a chicken, but keeps the other more vicious foxes away, that's a net win.
They have an interest in showing you non-shitty ads. They sell non-shitty ads. Therefore they have an interest in showing you their ads.
They also own the most popular way those ads are shown: through their web browser. This browser has the ability (at Google's sole discretion) to block shitty ads, of which all of them are run by their direct competitors.
So what's happening is, Google is giving themselves the right to block parts of the Internet they don't like, with the implied statement of "if you want your ads to be seen by Chrome users, buy them from us or else we might block them".
That is a classic protection racket. "Want your ads to be seen? Better buy them from us, or... bad things will happen."
>I'd say their incentives are perfectly aligned with ours
Speak for yourself. I hate advertising and would rather see that whole revenue method burn to the ground and pay the $2/mo or whatever to use my favorite services.
Ads have ruined everything they have touched (radio, satellite radio, TV, cable TV, satellite TV, magazines, highway scenery, etc) and they are well into the process of ruining the internet.
In addition to bloating every site and exposing you to higher malware risk, they encourage companies to violate your privacy as much as possible and exploit psychological weaknesses to get you to buy stuff you didn't want or need to begin with.
Google's incentives are to spread this poison so they are not aligned with mine at all.
Be careful what you wish for, your favorite services might not exist without advertising. Sure, you might be willing to pay for the service, but would enough people be willing to pay to keep the service afloat? Probably not in a large number of cases. Advertising is the necessary evil that keeps the internet afloat.
If my favorite services are not sustainable in a subscription model then I would rather they die off until someone more innovative finds a way to make it work without advertising.
I mean, you're always free to not browse them in that case. People that would prefer those services not to die off, can then keep using them with advertising.
> I should note that this is the same mechanism by which the safe browsing lists work that tell you a page may be bad. For consistency, I disagree with that too of course, but I find the motives and targets here to be much more sinister.
Out of curiosity what is your objection to the Safe Browsing lists?
I personally have my router blocking sites at the IP level and DNS rejecting queries for domains off this list.
I can't remember the last time I couldn't visit a site because it was on the list but with the prevalence of zero-day malware and naive users on my network, I'd rather just not even deal with the potential.
> Out of curiosity what is your objection to the Safe Browsing lists?
The gatekeeping and phoning home (even though it is privacy conscious). But it's not a strong objection. In general I prefer browsers to be neutral by default and make no HTTP requests behind the scenes, but I acknowledge that's unreasonable for most users. It's less about my personal objection and more about an objection to on-by-default corporate decision making being deployed to millions of users.
While safe browsing hasn't come under much scrutiny due to its limited scope and that it hasn't been abused, I suspect it won't be long before someone's site has its ads blocked unfairly by the coalition. I understand with human review and pending-vs-actual-blockage incubation they are attempting to alleviate false positives, but the internet is too large IMO and the rules are subjective (so I can have a site with a 29% ad density?).
> I would also say switch to FF, but they also use the secret safe browsing lists, so they'll probably switch to this as well.
They use this by default, but you're free to turn it off, and that setting (unlike others) seems to sync just fine using Firefox Sync. Just checked and it's off. I turned it off once years ago and switched between OSs and different devices in the meantime, and it's still off.
Don't know if the same is possible on Chrome.
> I should note that this is the same mechanism by which the safe browsing lists work that tell you a page may be bad. For consistency, I disagree with that too of course, but I find the motives and targets here to be much more sinister.
I agree with you completely on this one.
I had to turn that off on two layers, on a browser level, and inside my antivirus' firewall. My antivirus now constantly complains that I'm "not fully protected" because I don't want it to do web filtering for me.
I do support other private browsing techniques that stay on my device, like first party isolation, and adblock-like lists that are downloaded on my device.
Both are available in Firefox, and using them doesn't collide with my stance on NN, since I'm the one preventing the content from being fetched by my machines.
> They use the hard work of people like EasyList and subjectively apply it (though not that big of a deal, they do make it free/open for all uses after all)
Again, I don't see the problem here. As you said, EasyList is free and open. It seems like your objection is just that you don't like the way its being used?
> They build it into the browser instead of as an extension or working with the existing ad-block community
I'd actually consider this a huge win. Everyone gets it by default (though you can turn it off in settings if you want), and it works on mobile, which doesn't currently allow extensions. What's your actual concern here?
> think a coalition can be an on-by-default gatekeeper of good or bad web items I'll never understand. At this point, I have a hard time separating browser from ISP wrt end user control and limited choice
There's a reason browsers are called the "user agent"; it's because their purpose is to make decisions and perform actions on behalf of the user. If a browser vendor wants to block ads on behalf of the user on sites which they deem to be using those ads in an abusive manner (and the standards for what is considered "abusive" in this case are actually pretty clear-cut: https://www.betterads.org/standards/) I don't see a problem with that. If you as a user don't want your user agent behaving that way, you can either tell it to stop (chrome://settings/content) or get yourself a new user agent. (And both of those actions are significantly easier than they are with your ISP I might add.)
> Again, I don't see the problem here. As you said, EasyList is free and open. It seems like your objection is just that you don't like the way its being used?
Not really my objection, I just wonder if it's the objection of the people putting in the work on those lists. I personally don't think it's a big issue.
> I'd actually consider this a huge win. Everyone gets it by default (though you can turn it off in settings if you want), and it works on mobile, which doesn't currently allow extensions. What's your actual concern here?
A bigger win would be to allow mobile extensions. It's strange to use a decision Google makes as a reason Google has to do something this way instead, ha. That it's on by default makes those of us on the non-user side of the web wary of the slippery slope of browsers not being neutral about what is shown to our users.
> I don't see a problem with that. If you as a user don't want your user agent behaving that way, you can either tell it to stop (chrome://settings/content) or get yourself a new user agent.
I'm more concerned with the site developer side than the user side. If something ships to millions of users and begins to exercise non-neutral control over content, you should become concerned. It's like TVs constantly updating a list of shows they won't allow to be shown on their TV. You might tell a user to go change the settings of the TV, but as a someone making the video, would you not be concerned? Or glasses that limit some of what you get to see by default, or headphones that disable some of what you get to hear by default, or cars that don't allow you to enter some areas by default, etc. I hope it's clear that conduits like these need to remain neutral.
Okay, yeah. Looking at it from a site developer's perspective I can see where you're coming from. In fact, I'm certain that many sites which do display Annoying Ads[1] are going to be pretty ticked off by this move.
However, I think the type of "content" Chrome is discriminating against here is pretty far removed from what most users would consider "content". They're not basing the decision on whether to block ads on a news site on the _content_ of its articles, but on the placement of its ads.
To the extent that ads can be considered "content" then yeah, Google's not being content-neutral here, but while site owners might consider ads to be "content", I suspect most users don't.
It's a pretty similar situation with Google's Safe Browsing system. While a malicious site operator might consider malware to be "content", malware is almost certainly not the sort of content the user came to the site for.
For anyone curious why Google chose to implement it this way, it's because they're using a bloom filter for the first check. This is much more space efficient than storing the entire list in memory.
It's the day after Valentine's Day in the US... the most advertised, over-hyped, over-extended and shoved down your throat day of the year for us guys.
Of course, ads with exploits and malware that inject into your computer can be invisible and hard to detect as "intrusive", which this doesn't seem to recognize or handle. I'll stick with ad-block.
This justification always reminds me of the advice to run SSH on a non-standard port.
Sure, I guess that makes you less of a target for bad actors, but if your browser can be compromised by simply visiting a website, that's a serious problem that's going to bite you whether you block ads or not.
You're saying that theoretically, because there may be worse exploits from advanced actors that can target you for visiting a website, you shouldn't worry about basic security and whitelisting?
Do you not lock your door at night, either, just because someone could smash through your windows?
The SSH on a nonstandard port thing... I do it so I know if I see a failed login attempt, it's someone who is trying a lot harder than the average attacker and something I should investigate more fully.
Are there stats on how malware spreads? I suspect hacked websites & spam email are a more common source of infection than ad networks. It's not theoretical nor does it imply an advanced actor.
It's much closer to the advice to run antivirus, use a firewall, and apply updates. Exploits are discovered, but there are often mitigations available before fixes come around. By applying the mitigations (AV, firewall, adblock) you can prevent at least some of the exploits until fixes (browser updates) are released.
When I'm trying to visit some page, and I get an unrelated spammy popover that is hard to get rid of... I've gathered cause I know how this stuff works that it's _probably_ from a misbehaving google ad, but I don't know how I'd identify that to flag it, or if I'd spend the time to do so. I usually just get out of there.
Do you have a screenshot? I don't feel like enabling JS for that site. Moreover, a screenshot would keep your argument understandable for readers who might encounter your comment in a year or later, when that site changed their layout or perhaps doesn't exist anymore.
"It’s important to note that some sites affected by this change may also contain Google ads.
To us, your experience on the web is a higher priority than the money that these annoying ads may generate — even for us."
Many of us are wired to see changes like this as a power grab camouflaged with flowery words, or possibly another step on the slippery slope to censorship and government control.
We've been trained that every corporate action is selfish, by definition against our interests.
But Google has demonstrated over the years that they're willing to sacrifice their short-term gains to maximize their long-term gains.
Since their long-term gains depend on a vibrant, open web, sometimes their long-term selfish actions are actually in our interest, too.
All they want to do is to squash most of the competition . In a long term all of the small players in the ad industry will not survive if they have to fight with ad blocking software AND google.
As long as google is fighting to make the internet better, and the competition is actively trying to make it worse, I'm okay with the competition being squashed.
I suspect that they're more afraid of ad blockers than the competition, although I could be wrong. If users are annoyed by intrusive ads they're more likely to install an ad blocker. If they do that they're likely to block google's less-intrusive ads as well.
This may have been true a couple years ago, but I don't think it's true anymore. The majority of people are annoyed by ads, and all it takes is one friend to tell them to "install this to not see ads" or a nephew to come over for them to have access to an ad blocker. I'd estimate this percentage as closer to 50%.
Well you're looking at this in a very saccharine light. Have you been following the discussion leading up to this? There have been very pointed questions about how truly independent the coalition for better ads is. There's questions about and advertising company blocking advertisements from other companies. There's questions about the layer of the browser this was added to. There's questions about even what the better ads coalition purports to do!
Can the coalition truly be independent when their only active enforcer is a member? Would that coalition defy that one member ever?
Under what circumstances will other sites and advertisers learn of updates to ads? Will that policy remain? Will google always have a head start?
What of ads and scripts designed to track and de-anonymize you? What of ads that consume huge amounts of bandwidth passively while not otherwise being annoying? These policies seem directed only at the aesthetic of the web.
And really, it remains to be seen if our long term interests are in line with googles, if you asked me, I'd very much say no.
>To us, your experience on the web is a higher priority than the money that these annoying ads may generate — even for us."
That's begs the question - Why were those ads approved by Google in the first place? They were the source of the problem to begin with !! Also, before we rush to judgement, how much revenue were those ads generating for Google in the first place? I would respect them a bit more if they actually are taking a hit on this.
>But Google has demonstrated over the years that they're willing to sacrifice their short-term gains to maximize their long-term gains.
How have they demonstrated that? Could you elaborate?
A webpage can have both Google ads and dodgy-ad-co ads. If they have the dodgy-ad-co ads then Google will apply the easylist to the page, which will remove the Google ads as well as the dodgy ones.
>> But Google has demonstrated over the years that they're willing to sacrifice their short-term gains to maximize their long-term gains.
> How have they demonstrated that? Could you elaborate?
Before Google, web search results were rotten. Advertisers could push their sites onto the front page, and paid ads were indistinguishable from organic results.
Google's innovation was to deliver pure search results with the highest relevance, with zero influence from advertisers. Ads were separate and labeled as such.
By sacrificing near-term ad revenue, Google built trust with users, and won search in the long-term.
Other examples:
Google could have kept Android closed and charged for licenses. But by open-sourcing it and allowing competitors to use it, they sacrificed short-term license revenue to build a much larger ecosystem.
Google capitulated to government demands that they censor search results in China. But then they reversed course, exited mainland China, and sacrificed revenue from that massive market. Long-term, active censorship would damage Google's reputation.
>Advertisers could push their sites onto the front page, and paid ads were indistinguishable from organic results.
>Google's innovation was to deliver pure search results with the highest relevance, with zero influence from advertisers. Ads were separate and labeled as such.
Have you tried using Google without an adblocker recently?
If I search "buy a car" using Chrome on Android the entire screen of my phone is filled with ads that I need to scroll past to get to the "pure" search results. The only indication that they are ads is a tiny box 1/8 the size of a fingernail. The top result on the embedded Google maps box is also an ad.
Very polite of the malware to put a tiny ad tag on the ads it is managing to inject into a HSTS pinned website on a browser that doesn't allow any addons or extensions. I also like they way they perfect match Google's site design.
Most of the better ads standards have more to do with ad placement than with the ads themselves. It's not particularly easy for Google to reliably detect whether their ads are embedded in a pop-up, for example: https://www.betterads.org/desktop-pop-up-ad/
I think you forgot the "/s". Kudos on keeping a straight face after the initial quote, though.
But seriously, this line:
> To us, your experience on the web is a higher priority than the money that these annoying ads may generate — even for us."
Is a flat out lie and you should know better by now.
Unless the "us" speaking here is a very specific (and powerless) subset of whoever could be speaking for Google. Which would make it merely disingenuous.
And even then their actions require a lot more before they deserve that kind of trust again.
> We've been trained that every corporate action is selfish, by definition against our interests.
If we had been trained we might've gotten to this conclusion sooner and prevent some of the worse shit that's happened because of it. But we weren't trained (what would have trained us?).
I'd rather say we've been extremely slow to recognize that even though the law recognizes corporations as persons (in some places), they are in fact, inhuman. And they will continue to act with complete disregard to human interests. I think it's still useful to think of corporations as organisms, just not of our species, in the same way that a fungus is not the same species as its substrate.
Some people "at the top" believe they are in control, but they are in control as much as you can be in control sitting on top of a wild, untamed beast. And you've seen it, corporations replace "the top people" like any other employee and it doesn't change much. Not nearly as much as they want you to think. It's more like trimming your fingernails than getting a heart transplant.
Of course, nation states are just the same. Conglomerate hierarchies of humans, doing whatever to stay in existence as a sort of entity. Problem was they were caged by design, rules, from the bottom up. This was because we needed them to be, we saw tyrannies rising when we didn't. So we made rules to bind them, deliberately stunted like bonsai trees, to preserve our individual freedom and not become cogs or ants. So they subverted the meaning of "freedom", because we should be free to make new corporations (conglomerate hierarchies, egregores, group minds, call them however you like), because you know, freedom! Except this exploit existed even within the nation states that were deliberately stunted to not grow out of control. Just don't feed them after midnight, okay?
And then we were free to create corporations, without stunts, or rules or restrictions to preserve actual real individual human freedom.
And of course these new corporations quickly grew to become more powerful than many nation states. REALLY quickly, if you think about it, if you compare it to the speed at which nation states exchange power and conquer one another. But corporations kill at sub-decade frequency currently.
I went a bit off a tangent here sorry, and I doubt this is the proper forum to share this kind of thing either. But just stop and think for a moment, who or what is writing those words you just quoted. It's not something that could ever be your "friend".
All ads are disruptive, as they are designed to draw your attention. If you can ignore an ad it did not serve the purpose it was created for. Does it mean Chrome blocks all ads now? Don't hold your breath.
One of the few exceptions that I can think of would be skymall. It is a magazine with only ads for overpriced useless stuff that you can read about (and maybe buy) while on a flight. I would normally read the entire magazine during the boring flight.
Meanwhile, Google still hasn't added a way disable auto-playing videos (regardless of whether a video is muted) in Chrome.
Safari has easy options to set both a default and per-site preferences (https://support.apple.com/guide/safari/stop-autoplay-videos-...), including a "Never Auto-Play" choice. Despite years of user complaints and a fairly clear resolution to them, Chrome either watered-down their fix or solved the wrong problem entirely.
> Meanwhile, Google still hasn't added a way disable auto-playing videos (regardless of whether a video is muted) in Chrome.
This bit is especially infuriating for me, as there seems to be a High Sierra issue with Chrome and videos (for me, at least - it's hard to figure out how widespread it is). They cause massive browser lag when they're on a page for me, to the point of missed characters while typing.
> you can set "Document user activation" in chrome://flags/#autoplay-policy & relaunch.
That won't fix the problem of auto-playing video on CNN or other sites that are not YT. Trying to read news from CNN is still a matter of waiting for the page to load, then wait for the video to load and start playing, then click on the pause button, and voila you can read in peace.
Note that Firefox' autoplay blocker breaks some video sites because the Javascript assumes the video is playing when it really isn't. However, with Firefox, videos never autoplay. Chrome's autoplay does not always work, but it doesn't seem to break sites.
I can't seem to find the issue, but in the Safari issue tracker, the point was made that given the way HTML5 video and APIs work, it is impossible to reliably prevent autoplay without breaking some sites. It seems that Firefox went for "reliably prevent autoplay" while Chrome went for "without breaking sites".
FWIW, I switched from Chrome to Firefox because of the autoplay issue.
Quoting the blog post, Google’s decision that ”Muted autoplay is always allowed” is the problem. If any other Chrome users wondered why videos now auto-play without sound (even with this option set), at least based on the relatively minimal docs about this flag, this is why.
This feature is not currently enabled because it can confuse some websites' video players. They can get stuck in a bad state because their JavaScript assumes the video is playing, but because Firefox didn't autoplay it the player buttons don't work correctly.
I hate these decisions by Firefox where they don't enable something because it would be inconvenient for websites! They should enable it and websites should fix their broken players.
Then their naive users would abandon them en masse because Facebook and YouTube won't work right. The thing to hate is that useful settings like this aren't in a more readily accessible preferences dialog for the rank and file to discover. You have to be told it's there or go spelunking through about:config.
Does this include something that flashes / moves (within its self-contained box) even though it doesn't take over the screen?
How is it that it's not outrageous to people that in the middle of a news article, a box with flashing colors and a picture of a woman in a bikini isn't something obviously extremely undesirable? The activity of reading requires concentration, if you're reading something that requires thought, that is. I'm baffled that our tolerance level for this didn't drop to the pitchfork level.
I certainly like the idea of blocking these types of ads at first blush. I don't know much about the source of the "disruptive" label so that could be a bone of contention. I would assume there will be some UI element saying that Chrome blocked a "disruptive ad" similar to when it blocks popups but they didn't describe that in the post. Overall, I am optimistic.
Just use Firefox with Adblock/Ublock/Noscript. Even better, turn off Javascript and you'll never see an ad again.
Unfortunately, there are too many devs who build their sites that completely get crippled if you by default don't allow Javascript.
Even if you enable it, the site may still be doomed, because it tries to load fonts, libraries, css and who-knows-what kind of s* from external sites.
Fg newage apatheistic anarchist hippie devs. Don't bundle in tons of dependencies to your freaking sites. If one of the dependencies goes down, so does your site. F* you! And f* those whorebag ads!
You can disable it in content settings. It's a new permission, just like Notifications, JavaScript, and Sound. Basically you just have to turn on the "Allow sites to show Annoying Ads" permission.
303 comments
[ 2.9 ms ] story [ 308 ms ] threadAccording to the post:
"... Chrome will stop showing all ads on sites that repeatedly display these most disruptive ads after they’ve been flagged.
To determine which ads not to show, we’re relying on the Better Ads Standards from the the Coalition for Better Ads, an industry group dedicated to improving the experience of the ads we see on the web. ..."
They are a bit vage in this post, but as we know from other posts and press briefings, this means:
The site owners will get a notice when Google has found that their site is displaying ads not compliant with the Better Ads Standards. When they don't fix this until after 30 days, all ads on the site are blocked, even those complying with the standards. The site owners can then of course still fix it, and get removed from the block list.
So the "flagging" is actually done by Google, and means the owners of the site get a notice.
Bittorrent:Netflix::uBlock-Origin:Coalition-for-better-ads
[0] https://github.com/dhowe/AdNauseam/wiki/FAQ#what-is-the-effs...
https://upload.wikimedia.org/wikipedia/commons/thumb/5/5a/Br...
It becomes the responsibility of the accuser to prove and provide evidence of increased prices based on monopoly position. The Exponent podcast did a nice description of this last summer I believe (not sure what episode).
When I browse the web on my Android phone, I get redirected to spam every 10 pageviews or so. And no, it's not a problem of the phone. It's a known issue that ads can break out of their iframe:
https://www.androidpolice.com/2017/11/08/heres-protect-rogue...
IMO Javascript should not be allowed in ads at all. Unless that gets implemented, I have the feeling that all blog posts about improving the user experience are just lip service.
But I would prefer if the did not deliver Javascript inside ads in the first place.
And presumably the use of this lie was to provide an example to support your argument that ads should not contain Javascript at all?
There's also the VPN option. PIA, for example, comes with its own system ad-blocker (MACE) although it's nowhere as good as Adguard Pro (which allows you to use custom DNS server).
I very seldomly watch live ad supported video. I have ad free Hulu. For the two networks that aren't on Hulu - CW and CBS, I watch VOD from them via Plex. Because of the way that the Plex channels work, they skip the ads.
Putting the ad in an iframe without the allow-top-navigation[0] sandbox permission could prevent that. Or if the ad naturally consists of an iframe then a browser extension could intercept the iframe load and add the equivalent CSP rule[1]. Or google could do that themselves. I think they would still be allowed to open in a new tab.
[0] https://developer.mozilla.org/en-US/docs/Web/HTML/Element/if... [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Co...
And now I have FF and uBlock Origin on my phone.
I agree fully. I think part of the issue is that the folks submitting ads want to collect a lot of data. They probably don't use that data (or if they do, not well), nor do I trust them to not collect very invasive and unsafe data, but I suspect for many folks that having their own JS payload makes or breaks a possible ad network.
Given concerns about Monero mining, redirects, and other hijinks, removing JS from ads is even more critical now. I think the compromise will be to give ads some kind of network provided hook to get data back to "home" eventually, though then the issues above only shift from the ad provider to the ad network provider.
That combined with requiring all of the assets to be hosted on the ad-network's servers would greatly improve the experience. (mainly because ad-networks are larger companies that the host website has a direct relationship with, so when users complain the site can talk to the ad-network, and the ad network can instantly do something about it)
Sadly, they have no incentive to do that, as those ads would be more expensive to create, most likely make less money, and most users that block ads block all of them regardless of how invasive they are. Adblockers treat all ads the same, and so now advertisers are faced with the choices of:
1. make more shitty invasive ads
2. make "better" ads (better for the user) and make less money while spending more and having users still block them anyway.
This is why I really believe that the "better ads" thing from google and others is a really good idea, because it helps re-align the incentives back with the user in some ways. If that works, shitty ads will be blocked much more widely, while good ads will get more views and more users.
That is a perfect example of the definition of transpiler!
I've only ever heard it used for source-to-source compilers for JavaScript dialects.
I was... rather surprised. One of AMP's huge value props is preventing that type of garbage.
I'm also surprised that the publisher did that, I hope that'd be a good way to get blacklisted from the higher search ranking placement.
How about some browse neutrality from Google?
I also expect them to do the right thing because of "Don't Be Evil", but that doesn't really mean much anymore, right?
- and we won: I'm now free to use Linux at work. I think cloud computing as we know it happened as a result of the liberation of server class operating systems etc.
So my suggestion is we continue to make noise until we get meaningful change.
(And just like with MS back in the days I don't think everyone working for Google is evil, it just seems to be next to impossible to have that kind of power as a company and not abuse it.)
Proof of monopoly abuse right here: no technical reason, just a wish to crush competition.
Or am I missing something?
"It’s important to note that some sites affected by this change may also contain Google ads. To us, your experience on the web is a higher priority than the money that these annoying ads may generate—even for us."
What is the most plausible outcome? That sites want ad revenue, do not want to take risks on losing it, and hence will only use Google for ads (because those will by definition comply with the policy).
It's true that if a site serves both Google and non-Google ads Google may end up punishing the site (no ad revenue), even if it means some revenue loss for Google from the now-blocked Google ads. But if the goal is to make sure sites do not do this mixing of Google and non-Google ads, that seems like an acceptable cost to pay to achieve the goal, from Google's point of view.
How is this anything other than a hilariously transparent shake-down? An ad company that controls both ends of the ad pipeline (Chrome and Adsense) is "protecting" people not by blocking terrible ads, but by blocking all ads on sites it deems "disruptive."
Problems:
* The list is totally opaque (I am wrong, see EDIT 2 below)
* They use the hard work of people like EasyList and subjectively apply it (though not that big of a deal, they do make it free/open for all uses after all)
* They build it into the browser instead of as an extension or working with the existing ad-block community
I urge everyone to keep with uBO and the like. How anyone can be for NN and then think a coalition can be an on-by-default gatekeeper of good or bad web items I'll never understand. At this point, I have a hard time separating browser from ISP wrt end user control and limited choice (especially for the masses who aren't familiar w/ these kinds of details).
EDIT: I should note that this is the same mechanism by which the safe browsing lists work that tell you a page may be bad. For consistency, I disagree with that too of course, but I find the motives and targets here to be much more sinister. I would also say switch to FF, but they also use the secret safe browsing lists, so they'll probably switch to this as well. I say find a Chromium/Gecko based browser w/ all the ancillary shit like this removed.
EDIT 2: There is a method of obtaining the entire list via the API, see comments below. I was wrong about the opacity and stand corrected. Still doesn't alleviate the concerns around gatekeeping. I wonder if Google would let me keep a running update of this list in GitHub so we can all watch changes and other things like adblockers could use it.
Also, I cannot find a clear explanation from Google how the internal details of this ad blocker work (how they manage the hashes on their side, where this coalition list is maintained, etc). I would love a link, but alas with these kinds of things transparency is usually the first thing to go, especially since people don't demand it.
EDIT: Updating from previous statement saying I couldn't find where to get the list. I have now obtained it from [0] and put it at [1] (caution, it's a large gist).
0 - https://developers.google.com/ad-experience-report/v1/refere... 1 - https://gist.github.com/cretz/18594176f791fc0ede26078f76cf12...
This weird hashing scheme comes from safe browsing (which blacklists sites that install malware etc.). I guess (without specific knowledge of it) it was just reused for this ads thing because they had all the code handy for it, both the browser-side code and serving code.
For safe browsing, as I recall the data format was designed with Mozilla -- that tech predated the existence of Chrome. There's some history about it here: https://wiki.mozilla.org/Security/Safe_Browsing and https://wiki.mozilla.org/Phishing_Protection:_Design_Documen...
I recall the weird hashing scheme was carefully designed to balance some concerns. For example when it phones home, it phones home with a hash of the current URL so that it doesn't reveal the current URL to the server (unless the URL is already in the server-side blacklist). I also think it was intentional that the client didn't get a list of all known-malware URLs. I can't find any design docs for it at the moment better than https://developers.google.com/safe-browsing/v4/ . It may well be the case that the hashing scheme doesn't make sense at all in this context.
[1] https://blog.chromium.org/2010/12/year-of-extensions.html
Isn't there an open API for querying this information, as well as their webapp? It can't be all that secret.
https://transparencyreport.google.com/safe-browsing/search
My guess would be there isn't a simple canonical list, and it's more of a heuristic evaluation where certain thresholds will trigger site warnings.
In this case an API would be more up-to-date, and less computationally expensive than serving large, always-changing lists. It was likely just the more logical choice. Though I'm assuming the new ads functionality uses the same Safe Browsing infrastructure.
>Sure they can say they don't want the offenders to know they are offending
Actually not the case at all. They send alerts to sites that are affected by Safe Browsing via Search Console.
>In this case an API would be more up-to-date, and less computationally expensive than serving large, always-changing lists.
Like Google search?
I fail to see whats hard about returning a large list of items. Its their entire organizations' core competency.
https://transparencyreport.google.com/safe-browsing/search
Makes you type-in a single URL. There is no way to use a keyword to get a list of items back. My point is that it should be trivial for google to do this, since this is their core competency.
I fail to understand whats so special about maintaining a tiny list of website URLs that anybody can access at any time? I'd wager you can fit 10+ million URLs per GB. The wayback machine has 300 billion+ pages of full page historical content and you can access all of it. This is entirely within Google's wheelhouse. Certainly, there could be other factors to not handout the list, but I'm merely speaking about the engineering aspect here.
Oh please. Claiming Google can't publish a giant list is really disingenuous. The question is really if they want to or not.
Unfortunately.. I don't see a dispute button. If Google won't let you dispute like blacklisted mailserver, I see class action lawsuits because ultimately with such high % of market share, Google and his pal Chrome will decide whether your business thrives or dies.
Oh, wait...
Ya know the nice little extensions Google has added over the years to their search page? Like speed test, recipes, dictionary, a rudimentary calculator, map locations, etc??
Most of the information is stuff they stole from other websites. They put it in the search results now so you won't go to those terrible websites yourself and stop looking at Google ads. And nobody can stop it because if you block Google spiders your website dies.
So the only people that can fight Google stealing all their shit are other Titans like Facebook and LinkedIn. Everyone else is getting their content lifted and moved into search results.
It's so pervasive that I'm not even going to bother to find you links. Ironically, you can just Google something like "Google destroyed my business" and find plenty of results. Google does a lot of things I support but they also destroy businesses intentionally with reckless abandon. For instance, I find it impossible to believe Google didn't think it would destroy Speedtest.com when it added a widget to the search page. Or Allrecipes when they started stealing their content and ploping it on the search page.
Some of the things Google does these days are thinly veiled as being for "convenience" or "security" when they're really just a monopoly stomping out various competitors.
Remember how Google used to punish "cloaking"? Well now they quietly allow you to do whatever the hell you want which led to all the news site paywalls. These sites we're tired of Google stealing all their shit and powerful enough as a group to stand up to it. Google sits on it's hands because they know if they stop it they will end up in court, probably for antitrust
Do you really believe Google has PR people that are paid to reply on posts on HN? It could be, but I find this quite incredible.
(Saying this as an Eng Googler, I have absolutely no insight on how the whole "business" side of the organisation works.)
I'm not suggesting the dead post's particular case is true. I'm just pointing out that it's a company's dream to have engineers voluntarily spending time on a forum like this where they have identified themselves as employees. They are implicitly doing PR for free.
Whenever you have the browser maker, and punitive actions controlled by the same party, and arbitrarily, its a recipe for disaster.
If Google really cared, they should spin Chrome off to a foundation, provide it a large amount of funding, and totally step aside.
Having the #1 web browser and the largest ad network, controlled by Google, even if you agree with what they are doing, is a recipe for disaster.
Google, of course, MUST protect its ad business, let's call his what it is.
Why would Chrome being run a foundation that is funded overwhelmingly by Alphabet make a difference? Chromium is already public -- aren't there already forks that focus on privacy and ad blocking?
The same reason every conflict of interest is a problem. You're not advocating for what's best for the side you are supposed to be representing because you are also representing a self interest.
This is absolutely not about quality but a political move to counteract ad blocking extensions and companies. While the intent seems noble, it's likely to cause no real improvements compared to better existing options like not serving these formats at all.
Judge, jury, and executioner as they say.
(Also, imagine the hilarity if the default search of Chrome ever became Bing.)
Google does not have an interest in showing you shitty ads. They have an interest in providing their clients with ads that are acted upon and that web users appreciate, and they have an interest in having a browser that does that with as little friction as possible.
I'd say their incentives are perfectly aligned with ours.
They also own the most popular way those ads are shown: through their web browser. This browser has the ability (at Google's sole discretion) to block shitty ads, of which all of them are run by their direct competitors.
So what's happening is, Google is giving themselves the right to block parts of the Internet they don't like, with the implied statement of "if you want your ads to be seen by Chrome users, buy them from us or else we might block them".
That is a classic protection racket. "Want your ads to be seen? Better buy them from us, or... bad things will happen."
Seems pretty reasonable.
Speak for yourself. I hate advertising and would rather see that whole revenue method burn to the ground and pay the $2/mo or whatever to use my favorite services.
Ads have ruined everything they have touched (radio, satellite radio, TV, cable TV, satellite TV, magazines, highway scenery, etc) and they are well into the process of ruining the internet.
In addition to bloating every site and exposing you to higher malware risk, they encourage companies to violate your privacy as much as possible and exploit psychological weaknesses to get you to buy stuff you didn't want or need to begin with.
Google's incentives are to spread this poison so they are not aligned with mine at all.
Disclaimer: they work for Google
Out of curiosity what is your objection to the Safe Browsing lists?
I personally have my router blocking sites at the IP level and DNS rejecting queries for domains off this list.
I can't remember the last time I couldn't visit a site because it was on the list but with the prevalence of zero-day malware and naive users on my network, I'd rather just not even deal with the potential.
The gatekeeping and phoning home (even though it is privacy conscious). But it's not a strong objection. In general I prefer browsers to be neutral by default and make no HTTP requests behind the scenes, but I acknowledge that's unreasonable for most users. It's less about my personal objection and more about an objection to on-by-default corporate decision making being deployed to millions of users.
While safe browsing hasn't come under much scrutiny due to its limited scope and that it hasn't been abused, I suspect it won't be long before someone's site has its ads blocked unfairly by the coalition. I understand with human review and pending-vs-actual-blockage incubation they are attempting to alleviate false positives, but the internet is too large IMO and the rules are subjective (so I can have a site with a 29% ad density?).
They use this by default, but you're free to turn it off, and that setting (unlike others) seems to sync just fine using Firefox Sync. Just checked and it's off. I turned it off once years ago and switched between OSs and different devices in the meantime, and it's still off.
Don't know if the same is possible on Chrome.
> I should note that this is the same mechanism by which the safe browsing lists work that tell you a page may be bad. For consistency, I disagree with that too of course, but I find the motives and targets here to be much more sinister.
I agree with you completely on this one.
I had to turn that off on two layers, on a browser level, and inside my antivirus' firewall. My antivirus now constantly complains that I'm "not fully protected" because I don't want it to do web filtering for me.
I do support other private browsing techniques that stay on my device, like first party isolation, and adblock-like lists that are downloaded on my device.
Both are available in Firefox, and using them doesn't collide with my stance on NN, since I'm the one preventing the content from being fetched by my machines.
As you noted, this is false. See https://developers.google.com/ad-experience-report/
> They use the hard work of people like EasyList and subjectively apply it (though not that big of a deal, they do make it free/open for all uses after all)
Again, I don't see the problem here. As you said, EasyList is free and open. It seems like your objection is just that you don't like the way its being used?
> They build it into the browser instead of as an extension or working with the existing ad-block community
I'd actually consider this a huge win. Everyone gets it by default (though you can turn it off in settings if you want), and it works on mobile, which doesn't currently allow extensions. What's your actual concern here?
> think a coalition can be an on-by-default gatekeeper of good or bad web items I'll never understand. At this point, I have a hard time separating browser from ISP wrt end user control and limited choice
There's a reason browsers are called the "user agent"; it's because their purpose is to make decisions and perform actions on behalf of the user. If a browser vendor wants to block ads on behalf of the user on sites which they deem to be using those ads in an abusive manner (and the standards for what is considered "abusive" in this case are actually pretty clear-cut: https://www.betterads.org/standards/) I don't see a problem with that. If you as a user don't want your user agent behaving that way, you can either tell it to stop (chrome://settings/content) or get yourself a new user agent. (And both of those actions are significantly easier than they are with your ISP I might add.)
Not really my objection, I just wonder if it's the objection of the people putting in the work on those lists. I personally don't think it's a big issue.
> I'd actually consider this a huge win. Everyone gets it by default (though you can turn it off in settings if you want), and it works on mobile, which doesn't currently allow extensions. What's your actual concern here?
A bigger win would be to allow mobile extensions. It's strange to use a decision Google makes as a reason Google has to do something this way instead, ha. That it's on by default makes those of us on the non-user side of the web wary of the slippery slope of browsers not being neutral about what is shown to our users.
> I don't see a problem with that. If you as a user don't want your user agent behaving that way, you can either tell it to stop (chrome://settings/content) or get yourself a new user agent.
I'm more concerned with the site developer side than the user side. If something ships to millions of users and begins to exercise non-neutral control over content, you should become concerned. It's like TVs constantly updating a list of shows they won't allow to be shown on their TV. You might tell a user to go change the settings of the TV, but as a someone making the video, would you not be concerned? Or glasses that limit some of what you get to see by default, or headphones that disable some of what you get to hear by default, or cars that don't allow you to enter some areas by default, etc. I hope it's clear that conduits like these need to remain neutral.
However, I think the type of "content" Chrome is discriminating against here is pretty far removed from what most users would consider "content". They're not basing the decision on whether to block ads on a news site on the _content_ of its articles, but on the placement of its ads.
To the extent that ads can be considered "content" then yeah, Google's not being content-neutral here, but while site owners might consider ads to be "content", I suspect most users don't.
It's a pretty similar situation with Google's Safe Browsing system. While a malicious site operator might consider malware to be "content", malware is almost certainly not the sort of content the user came to the site for.
[1]: https://www.betterads.org/standards/
1) Users that tolerate some ads no longer need to install an adblocker.
2) Legit advertisers don't get their ads blocked because fewer people use ad blockers
3) Crappy advertisers go out of business.
Now lets hope that GDPR manages to get rid of the ubiquitous tracking and the web might actually become a nicer place again!
Sure, I guess that makes you less of a target for bad actors, but if your browser can be compromised by simply visiting a website, that's a serious problem that's going to bite you whether you block ads or not.
You're saying that theoretically, because there may be worse exploits from advanced actors that can target you for visiting a website, you shouldn't worry about basic security and whitelisting?
Do you not lock your door at night, either, just because someone could smash through your windows?
Which makes it an even less effective analogy.
Screenshot: https://ibb.co/f1eOGS
Huge ad with autoplay video.
You can simply scroll p and it’s gone. It’s also at the top of the page, not interrupting your reading.
It’s far better than an overlay that requires you to close it by hitting a tiny x.
To us, your experience on the web is a higher priority than the money that these annoying ads may generate — even for us."
Many of us are wired to see changes like this as a power grab camouflaged with flowery words, or possibly another step on the slippery slope to censorship and government control.
We've been trained that every corporate action is selfish, by definition against our interests.
But Google has demonstrated over the years that they're willing to sacrifice their short-term gains to maximize their long-term gains.
Since their long-term gains depend on a vibrant, open web, sometimes their long-term selfish actions are actually in our interest, too.
To the point of not receiving salaries? I’ve little sympathy here.
Edit: autocorrect fixes
Can the coalition truly be independent when their only active enforcer is a member? Would that coalition defy that one member ever?
Under what circumstances will other sites and advertisers learn of updates to ads? Will that policy remain? Will google always have a head start?
What of ads and scripts designed to track and de-anonymize you? What of ads that consume huge amounts of bandwidth passively while not otherwise being annoying? These policies seem directed only at the aesthetic of the web.
And really, it remains to be seen if our long term interests are in line with googles, if you asked me, I'd very much say no.
Does it? This is not at all obvious to me. Do you mind sharing your reasoning for this claim?
That's begs the question - Why were those ads approved by Google in the first place? They were the source of the problem to begin with !! Also, before we rush to judgement, how much revenue were those ads generating for Google in the first place? I would respect them a bit more if they actually are taking a hit on this.
>But Google has demonstrated over the years that they're willing to sacrifice their short-term gains to maximize their long-term gains.
How have they demonstrated that? Could you elaborate?
A webpage can have both Google ads and dodgy-ad-co ads. If they have the dodgy-ad-co ads then Google will apply the easylist to the page, which will remove the Google ads as well as the dodgy ones.
> How have they demonstrated that? Could you elaborate?
Before Google, web search results were rotten. Advertisers could push their sites onto the front page, and paid ads were indistinguishable from organic results.
Google's innovation was to deliver pure search results with the highest relevance, with zero influence from advertisers. Ads were separate and labeled as such.
By sacrificing near-term ad revenue, Google built trust with users, and won search in the long-term.
Other examples:
Google could have kept Android closed and charged for licenses. But by open-sourcing it and allowing competitors to use it, they sacrificed short-term license revenue to build a much larger ecosystem.
Google capitulated to government demands that they censor search results in China. But then they reversed course, exited mainland China, and sacrificed revenue from that massive market. Long-term, active censorship would damage Google's reputation.
>Google's innovation was to deliver pure search results with the highest relevance, with zero influence from advertisers. Ads were separate and labeled as such.
Have you tried using Google without an adblocker recently?
If I search "buy a car" using Chrome on Android the entire screen of my phone is filled with ads that I need to scroll past to get to the "pure" search results. The only indication that they are ads is a tiny box 1/8 the size of a fingernail. The top result on the embedded Google maps box is also an ad.
I search with Chrome on Android every day, with no ad blockers, and this never happens.
Very polite of the malware to put a tiny ad tag on the ads it is managing to inject into a HSTS pinned website on a browser that doesn't allow any addons or extensions. I also like they way they perfect match Google's site design.
But seriously, this line:
> To us, your experience on the web is a higher priority than the money that these annoying ads may generate — even for us."
Is a flat out lie and you should know better by now.
Unless the "us" speaking here is a very specific (and powerless) subset of whoever could be speaking for Google. Which would make it merely disingenuous.
And even then their actions require a lot more before they deserve that kind of trust again.
> We've been trained that every corporate action is selfish, by definition against our interests.
If we had been trained we might've gotten to this conclusion sooner and prevent some of the worse shit that's happened because of it. But we weren't trained (what would have trained us?).
I'd rather say we've been extremely slow to recognize that even though the law recognizes corporations as persons (in some places), they are in fact, inhuman. And they will continue to act with complete disregard to human interests. I think it's still useful to think of corporations as organisms, just not of our species, in the same way that a fungus is not the same species as its substrate.
Some people "at the top" believe they are in control, but they are in control as much as you can be in control sitting on top of a wild, untamed beast. And you've seen it, corporations replace "the top people" like any other employee and it doesn't change much. Not nearly as much as they want you to think. It's more like trimming your fingernails than getting a heart transplant.
Of course, nation states are just the same. Conglomerate hierarchies of humans, doing whatever to stay in existence as a sort of entity. Problem was they were caged by design, rules, from the bottom up. This was because we needed them to be, we saw tyrannies rising when we didn't. So we made rules to bind them, deliberately stunted like bonsai trees, to preserve our individual freedom and not become cogs or ants. So they subverted the meaning of "freedom", because we should be free to make new corporations (conglomerate hierarchies, egregores, group minds, call them however you like), because you know, freedom! Except this exploit existed even within the nation states that were deliberately stunted to not grow out of control. Just don't feed them after midnight, okay?
And then we were free to create corporations, without stunts, or rules or restrictions to preserve actual real individual human freedom.
And of course these new corporations quickly grew to become more powerful than many nation states. REALLY quickly, if you think about it, if you compare it to the speed at which nation states exchange power and conquer one another. But corporations kill at sub-decade frequency currently.
I went a bit off a tangent here sorry, and I doubt this is the proper forum to share this kind of thing either. But just stop and think for a moment, who or what is writing those words you just quoted. It's not something that could ever be your "friend".
https://github.com/cpeterso/clickbait-blocklist/
Safari has easy options to set both a default and per-site preferences (https://support.apple.com/guide/safari/stop-autoplay-videos-...), including a "Never Auto-Play" choice. Despite years of user complaints and a fairly clear resolution to them, Chrome either watered-down their fix or solved the wrong problem entirely.
This bit is especially infuriating for me, as there seems to be a High Sierra issue with Chrome and videos (for me, at least - it's hard to figure out how widespread it is). They cause massive browser lag when they're on a page for me, to the point of missed characters while typing.
However, it does not seem to do much, if anything, for me. I tend to just use Privacy Badger to block any site that looks like a CDN
That won't fix the problem of auto-playing video on CNN or other sites that are not YT. Trying to read news from CNN is still a matter of waiting for the page to load, then wait for the video to load and start playing, then click on the pause button, and voila you can read in peace.
Go to chrome://flags, search for Autoplay policy, and select Document user action is required.
Note that if you use the Imagus extension, this could block some videos/gifs/etc from playing when you hover over a link.
I can't seem to find the issue, but in the Safari issue tracker, the point was made that given the way HTML5 video and APIs work, it is impossible to reliably prevent autoplay without breaking some sites. It seems that Firefox went for "reliably prevent autoplay" while Chrome went for "without breaking sites".
FWIW, I switched from Chrome to Firefox because of the autoplay issue.
Here’s more: https://www.chromium.org/audio-video/autoplay
https://developers.google.com/web/updates/2017/09/autoplay-p...
Quoting the blog post, Google’s decision that ”Muted autoplay is always allowed” is the problem. If any other Chrome users wondered why videos now auto-play without sound (even with this option set), at least based on the relatively minimal docs about this flag, this is why.
I tried setting the Autoplay policy at the browser level once but found that it was inconsistent and broke certain players. Iridium works perfectly.
How is it that it's not outrageous to people that in the middle of a news article, a box with flashing colors and a picture of a woman in a bikini isn't something obviously extremely undesirable? The activity of reading requires concentration, if you're reading something that requires thought, that is. I'm baffled that our tolerance level for this didn't drop to the pitchfork level.
And the standards for what is considered "disruptive" are here: https://www.betterads.org/standards/
Unfortunately, there are too many devs who build their sites that completely get crippled if you by default don't allow Javascript.
Even if you enable it, the site may still be doomed, because it tries to load fonts, libraries, css and who-knows-what kind of s* from external sites.
Fg newage apatheistic anarchist hippie devs. Don't bundle in tons of dependencies to your freaking sites. If one of the dependencies goes down, so does your site. F* you! And f* those whorebag ads!
I'd rather them have a way for me to disable the floating videos usually on news sites.