Just remember that Google is essentially an advertising company and that they were always going to squeeze this opening closed as soon as they could get away with it.
I do fear for a future were even Firefox ends up caving in. Ladybird browser might be our only hope until something legal comes along to block functionality.
Because Mozilla, at least from the outside appears to have been horribly mismanaged for the past 20-25 years and only survived because the ad money kept rolling in.
I'm not knocking Mozilla for taking money from Google, it was a smart move. Most users would use Google anyway, so Mozilla pocketing billions by making users preferred search engine the default didn't really hurt anyone. Some of that money should however have gone into a trust or some type of investment so that funding for browser development would be safe if the ad money ever dried up.
Maybe someone at Mozilla knows something I don't, but there doesn't seem to be much planning for the future.
Why "ad money"? That's a very uncharitable interpretation and for anyone not aware of the situation it's misleading. They're not paid for ads or by ads, they're paid by Google to continue being a viable alternative to Chrome. Is every Google employee getting "ad money" every month, or a salary?
The payment is more accurately described as a protection tax.
In this particular context there really isn't any difference. Technically Mozilla isn't in the business of delivering ads, but their revenue is mostly supported by ad money from Google, and Google, being an ad giant, can simply cut that stream off. The common sentiment seems to be that this would spell a life and death situation for the company and for the browser as a whole, which essentially makes Firefox a hostage to the whims of an ideologically hostile corporate entity.
I'm with you on the first one and that's the closest reason why you could call Firefox payment "ad money". But the rest are not too strong. Google makes a lot of non-ad money too, even if it's a smaller portion than ads. You don't call airlines "banks" just because they make all of their money from currency-like "miles", and even fly at a loss [0].
What I want to say is that calling it "ad money" makes Firefox look bad when it shouldn't.
Well thought out commentary... Let's dig deeper and at least we make it more interesting conversation, not a blurb.
Wouldn't it be technically no because Google's revenue isn't 100% from ads? They're making almost $120bn from cloud, subscriptions and devices for example. It could be cloud money. And if Google gets ad money so whatever it pays becomes ad money, then it's ad money all the way down.
FYI last fiscal results from Q1 of Alphabet, Google Cloud made $20bn revenue Q1 2026, up from Q4 2025 of $17bn. It's a bit misleading to include "subscriptions, platforms, and devices" in cloud.
Q1 2026 Google's revenue totalled $109bn, of which $77bn is Ads, so 70% of its revenue is Ads. It's common knowledge that Google is an Ads company.
Making Firefox even less desirable by "googlifying" it pushes Firefox users away and kills its image of a viable competitor. That's exactly what Google is paying for.
Why would Google destroy the cover they have for keeping control over Chrome and 70% of internet users, just to squeeze a bit more ad revenue from what, 2% of users?
It's giving Sony. Similar situation where you have a media business and also make some of the distribution channels including engineering of devices used to consume the content.
Then again, our laptop battery only lasts 1/3 as much on MacOS.
I know, I know. The community keeps pretending this isn’t an issue for the last, hum, 15 years? But it is, and for people that are looking for a tool and not for a statement, it quickly drives them away from Firefox back to Chrome browsers.
This isn't the gotcha you think it is. Every time I try Vivaldi I am right back at Firefox and I am surely not alone. I have never understood the obsession with tree style tabs or vertical tabs. I don't need to customise my browser at all and I like supporting engine diversity.
Ok, but not every use case is so primitive? I do need my custom shortcuts and what not, so it is exactly the correct "gotcha" I think it is even if that's beyond your understanding.
The classic 'those guys did something bad, so I am going to go with the guys who are absolute assholes doing several orders of magnitude more bad things now instead' response.
That usually means that whoever utters it was just looking for a sycophantic excuse to go with the bigger threat because it is more convenient to them (for now).
It's remarkable how often this happens, isn't it? One incident of someone not living up to standards is suddenly an opportunity to abandon standards and go with known bad actors. It's like people giving up on the MSM and immediately latching onto propaganda Youtubers instead.
uBo is the only reason I find browsing the web at all tolerable anymore. As a test I turned it off to view this article and almost crashed my browser with a dozen auto play video ads
This would mean I would find the energy to get over anything that is holding me on chrome, like saved passwords etc.
I personally consider uBlock Origin as an Internet infrastructure component. I have no ... _no_ idea whatsoever how some people use the Internet without it.
uBlock Origin Lite with MV3 works perfectly fine on Chrome. I don't notice a difference to the classic uBlock Origin, it even has a element zapper nowadays.
It's quite possible that we're just not meant to view the web. Those companies that even maintain websites might intend for us to really view things on their phone app. The garbage you see on the website is then not just some parasitic draining of your spiritual health, but a disincentive designed to convince you to stop using the web altogether.
I hope Firefox never drops MV2. I have a lot of other extensions that use it other than uBlock. Can't believe Google really went through with it. We are truly in the end times of "personal" computing, very sad to see :/
But when your browser has a 2% market share worldwide, some developers won't bother to test on it. And if your setup is even more obscure (I use Firefox on Linux with an adblocker and third-party cookies blocked and DRM disabled and autoplaying video disabled and so on) making you rare even among that 2%, sometimes sites won't have tested with your specific configuration.
It's useful to have a second browser around, as a fallback when a site is broken. Uploading images when creating a listing on ebay is broken, but I don't have to figure out which element of my setup is breaking it, I can just switch to the other browser.
There are 2 reasons why I'm using chromium (with ublock origin lite) over Firefox:
1. Chromium is significantly faster (maybe 5 to 10x faster on certain tasks mostly around canvas but anything that requires fast ui really). Every time I use Firefox it feels like it has some kind of serious problem. If chrome was this slow I would stop working and start investigating what part of my computer is broken. This experience hasn't changed over span of 10 years, 3 OSes and several computers.
2. Neverending caching issues on Firefox. It just caches too aggressively which makes development really annoying to a point where anytime I encounter issue on Firefox my first thought is "Is this Firefox caching issue?". On chrome when I change button color and I don't see it, I know I made a mistake. If I change button color on Firefox, my first thought is, is this Firefox caching issue? When I develop web I have very quick update loop and I really can't be questioning browser. I cannot work like this. Firefox is unusable for me.
Ctrl + shift + R would solve your second problem at all times.
And I don't think your first point is quantified correctly and I am sure there is no data to back it up. But I understand the appear of trying to quantify your personal experience.
1. Firefox's ctrl-f search doesn't highlight all instances of a found item on the right hand side. It sounds petty, but its a gigantic timesaver for looking through research documents
2. Firefox's tab crash recovery isn't as solid. I use chrome with fully persistent tabs, and its a gigantic pain if I can't re-open them
If I could find a way to fix these I'd swap in a heartbeat
You need to click "highlight all" to highlight all occurrences. It's the checkbox to the right of the search box. If you enable it for the first time, you may need to hit enter in the search bar again for it to show up (it remembers the setting and works instantly the next search)
> 2. Firefox's tab crash recovery isn't as solid. I use chrome with fully persistent tabs, and its a gigantic pain if I can't re-open them
I normally have 5-50 tabs open (so perhaps on the lower end), but I can't recall the last time I crashed a tab in the last 3 years. I also use persistent/pinned tabs and never noticed issues.
Its not the tabs themselves crashing, its when firefox (or my pc as a whole - I'm a developer and its a frequent occurance) crashes, firefox isn't as good as chrome at remembering what tabs were previously open
I switched from Firefox to Chrome a couple of years back because Firefox always dragged its feet when it came to implementing important developer features. Like, DataView was excruciatingly slow in Firefox; WebGPU support didnt go anywhere; and they initially refused to implement import maps. I consider the latter to be an essential tool as it allows me to work without the need for build systems. Also, chrome dev tools worked far better.
Since Chrome blocked ublock, I switched to Edge. Not sure where I will go next, but I dont think it will be Firefox since they are always years late.
Is that a rhetorical question suggesting those people are wrong, or are you asking for, e.g., the technical reasons some software only works with Chrome in the mix?
I keep chromium installed mostly to run virtual tabletop software (specifically Foundry VTT), because webgl performance in firefox is not great (though it has improved somewhat in the last couple of years). There are also a few sites (mostly restaurants for some reason) that just refuse to work properly in firefox, so I sometimes fall back to chromium. I wish I could drop it like a bad habit, because frankly Google's shenanigans piss me off on a semi-regular basis.
Actually, I opted in for tracking. Knowing my interests, Google suggests good articles on their Android app feed.
Also, there are a few parts of Firefox that still look ancient, like the bookmarks and history managers, as well as the PDF viewer, where the buttons are too small to click easily. Unfortunately, those are unusable for a Gen Zer.
On mobile, Opera is the only usable browser. It supports text reflow on zoom, and also I can choose the download folder for each file. Allows me to keep porn and non-porn downloads separate.
Gecko, WebKit and—hopefully—Ladybird are the true alternatives. I used to think this was too extreme. But the ad vendor dragging ad blockers out of the engine flipped my view.
I'm a Firefox user for about 20yrs (since Firefox 3);
but too often I have to use Chrome, as so many sites only work properly on it; Firefox is really buggy or laggy on those websites;
For a time, all those AI chat web pages were just very slow on Firefox even with very little context, whereas Chrome only gets laggy when there is a lot of context.
Are you really sure it’s not because of an add-on?
If I remember correctly, Mozilla has said that about 95% of all pages that don’t work aren’t due to Firefox, but to an add-on.
I use Firefox exclusively and don’t usually notice that pages don’t work. When that happens, as I said, it’s almost always an add-on that’s to blame. And I dont notice its buggy or laggy. So could be good check your addons next time.
Same here, but when a site completely fails in Firefox I either A) use my phone because mobile Firefox occasionally works or B) use Ungoogled Chromium.
Not using many extensions on my case, but Google meet remains unusable for a long time, sound is horrible during meetings. Chrome on the other hand works fine
Ok but if you use it only for testing, and not for your ‘real’ browsing, then probably the fact that they track what you are doing is not that important, even if it’s still a nuisance. Or not?
Firefox will also disable V2 sooner or later. BUT. Chrome then will still have uBlock Origin lite. Firefox won't, because mozilla banned that extension from store.
Yeah, pissing off the ecosystem is a great way to drive users to your competitors. Requiring users to manually install and update a popular extension is a subpar experience.
It seems they spent so much of their budget on the CEO's salary that they couldn't afford an extension review team.
Quoting open-paren comment (2024):
> As far as I can tell, there are maybe two reviewers that are based in Europe (Romania?). The turn around time is long when I am in the US, and it has been rife with this same kind of "simple mistake" that takes 2 weeks to resolve.
Why wouldn't someone anyone cobble together a v3 version between the uncertain future date in which v2 was deprecated and when it became unavailable. There appears to be no possible future in which google has better adblocking.
Opera was a strong contender to become my main browser (luckily firefox copied the most useful feature, it's vpn), if ublock is deactivated, I will let it go without a second look.
I wonder what will Vivaldi do. They say that their built-in content blocker is "good enough" that you supposedly don't need uBO (I very much disagree) but they also keep MV2 extensions working to this day.
How is it half of HN is convinced Firefox can compete with Chrome in its entirety and the other half is convinced nobody can possibly maintain a single additional API version on Chromium?
It's about the tech stack, IMO. Chromium is a moving target to maintain compatibility with, which is difficult for a team that doesn't have much C++ experience.
As a counter example, Brave is heavily invested in C++ and Rust, and I believe they could handle that work much better."
So, what's next?
Will Chrome ship with hard coded DNS, so that DNS based adblockers will stop working as well?
Where (and when) does my rights what to display on my devices end?
Ship has already sailed, it's called DoH. Please note, that it is to make your DNS safer and has absolutely nothing to do with removing your ability to resolve DNS in whatever way you want to(cough adblock cough).
I guess I just missed that?!
I'm running a mix of Adguard and nextdns blockers on some of my mobile devices, and both are apparently handling the DoH issue for you; by just blanket blocking the resolvers and/or ports, to force a fallback....
I need a Beer.
MV3 is actually a faster but less capable version.
With MV2, every request must be filtered with slow, JIT, garbage-collected JavaScript code. In MV3, filtering is handled by native browser code using the list provided by extensions. UserScripts could be used to modify the DOM, but that requires power users to manually enable it.
The solution then is to run the equivalent of a PiHole on your private network and then configure your portable devices to always use that PiHole as their DNS service via self hosted VPN
Normies don't care much about ads, trackers and all that nuisance. I find it astonishing when you see them dodging all that crap while browsing the Internet
Being the maintainer of such a big open-source application as Chrome used to grant dictatorial power: maintaining a fork represented too much work. It only happened in the most awful situations, such as Oracle acquiring OpenOffice.
But that was before LLM-driven development, I think that now the game has changed, and maybe Google hasn't got the leverage it thinks it has.
If they were willing to make exceptions then I would hope the list isn't closed. I view this as the best of the possible worlds not the best of all imaginable worlds.
The only reason I use Chrome is because its dev tools are better, and for whatever reason, webgl wigs out on Ubuntu 26.04 in Firefox. It's mostly the lag issue though...
I have been using UBlock Origin Lite on Chrome for a while, and while it's not perfect and needs a bit of manual tweaking here and there, it's been mostly good for me
IMHO it's quite brave that a Google employee working in that area would let his real name be published, and an illuminating view of how they (don't) think.
Just about obligatory mention of Pale Moon here. Have had a relatively clean internet experience for years with the old Firefox uBlock extension in combination with eMatrix. *Includes a disclaimer because I don't use Youtube and other assorted "social" media websites.
Only need Firefox ESR for a handful of websites giving me no option when specifying a Linux/Mozilla user agent instead of the native one for those doesn't work.
So, consider this a layman explanation of why this change is bad from someone who spends their time securing end-users.
This change is good for the majority of users, but is actually bad for large enterprise customers and highly-regulated customers. It puts more control and onus of responsibility on to Google, rather than the end-user. So, we will expect to see better enforcement of controls from Google for the lowest-hanging-fruit that some aspects of MV2 exposed.
What's that, you say? MV2 changes? Well there's 3 things.
1. Remote code execution. The ability for someone to just yeet commands into your browser. A little harder to do directly.. Still very possible, just with extra steps.
2. Removing the ability for extensions to access network requests directly, which is what adblockers often relied on. It also means malicious extensions could snoop on your requests. They still can, just with extra steps.
3. Background persistence, an extension could stay alive, maintain state, run timers, keep connections open, and coordinate across tabs. So this shuts off the "background persistence" piece -- but helps with ensuring better isolation. Still possible, but now requires yeeting your data to an external provider instead of keeping the state contained locally.
Those 3 changes are incredibly powerful, and will impact many, many Enterprise security tools. Tools that now instead will result in products like "Island Browser", and "Enterprise Chrome" being rolled out to supplement the functionality that MV2 gave us.
This change goes against the US and Australian government's hardening advice, and reduces the overall efficacy of security controls we're able to implement within our web browsers natively.
Here's the Australian Government's control relating to it:
> Control: ISM-1485; Revision: 1; Updated: Sep-21; Applicable: NC, OS, P, S, TS; Essential 8: ML1, ML2, ML3
> Web browsers do not process web advertisements from the internet.
And if you're wondering about what incentives there are that led to this change, you can read this letter written to the Chairman of the FTC by a US Senator back in 2020. This letter is linked to from the same CISA document I shared earlier.
You should read it in full, and consider what incentives the Senator was referring to -- and how they also apply in this scenario.
Those Enterprise Chrome products I mentioned earlier? Chrome's change has now put some of this functionality which was previously possible with an extension, behind the Enterprise Chrome Premium SKU: https://chromeenterprise.google/products/chrome-enterprise-p...
> Cronin further explained why MV2 extensions are no longer allowed in supported Chrome versions as maintaining the associated functionality indefinitely is no longer possible. He cited growing technical difficulties and implementation complexities as well as security concerns.
You know what else is a security concern? Ads. The amount of mental gymnastics is insane. It's honestly insulting.
Yet another reason to also perform ad blocking at the network level (e.g. DNS). I’ve found AdGuard Home very easy to maintain. Using Firefox and Orion browsers too.
This feels more like a gradual tightening of extension APIs under Manifest V3 than a sudden “kill switch.” uBlock isn’t going away, but its capabilities are definitely being reshaped...
It's all an excuse to try to neuter adblockers. The push for killing MV2 was suspiciously accelerated at the same time that youtube started implementing much more invasive anti-adblock techniques that really needed a full content blocker support (at least until people found new clever workarounds).
I do fear for a future were even Firefox ends up caving in. Ladybird browser might be our only hope until something legal comes along to block functionality.
I'm not knocking Mozilla for taking money from Google, it was a smart move. Most users would use Google anyway, so Mozilla pocketing billions by making users preferred search engine the default didn't really hurt anyone. Some of that money should however have gone into a trust or some type of investment so that funding for browser development would be safe if the ad money ever dried up.
Maybe someone at Mozilla knows something I don't, but there doesn't seem to be much planning for the future.
Why "ad money"? That's a very uncharitable interpretation and for anyone not aware of the situation it's misleading. They're not paid for ads or by ads, they're paid by Google to continue being a viable alternative to Chrome. Is every Google employee getting "ad money" every month, or a salary?
The payment is more accurately described as a protection tax.
Isn't Google also a cloud giant?
Their cloud services were more of a side product for when "the cloud" was the trendy buzzword.
What I want to say is that calling it "ad money" makes Firefox look bad when it shouldn't.
[0] https://www.theatlantic.com/ideas/archive/2023/09/airlines-b...
Wouldn't it be technically no because Google's revenue isn't 100% from ads? They're making almost $120bn from cloud, subscriptions and devices for example. It could be cloud money. And if Google gets ad money so whatever it pays becomes ad money, then it's ad money all the way down.
FYI last fiscal results from Q1 of Alphabet, Google Cloud made $20bn revenue Q1 2026, up from Q4 2025 of $17bn. It's a bit misleading to include "subscriptions, platforms, and devices" in cloud.
Q1 2026 Google's revenue totalled $109bn, of which $77bn is Ads, so 70% of its revenue is Ads. It's common knowledge that Google is an Ads company.
Because pretty much all their revenue comes from Google.
Donate if you can!
https://www.mozillafoundation.org/en/donate/
[1] https://www.mozilla.org/en-US/products/
Why would Google destroy the cover they have for keeping control over Chrome and 70% of internet users, just to squeeze a bit more ad revenue from what, 2% of users?
If money gets short, the first thing they would cut would be a browser.
It would be a shame to lose the Mozilla foundation/Firefox but it wouldn’t be the end of the browser.
> https://about.google/company-info/philosophy/
> 1. Focus on the user and all else will follow.
> 6. You can make money without doing evil.
> 6. You can make money without doing evil
implies that they're doing it for fun then I guess?
https://en.wikipedia.org/wiki/Don%27t_be_evil
Their sunsetting of manifest v2 appears fast to me and updating some corporate philosophy has apparently no business impact.
You can but well, it's more profitable the other way around....
I know, I know. The community keeps pretending this isn’t an issue for the last, hum, 15 years? But it is, and for people that are looking for a tool and not for a statement, it quickly drives them away from Firefox back to Chrome browsers.
Ok, but not every use case is so primitive? I do need my custom shortcuts and what not, so it is exactly the correct "gotcha" I think it is even if that's beyond your understanding.
That usually means that whoever utters it was just looking for a sycophantic excuse to go with the bigger threat because it is more convenient to them (for now).
https://website-archive.mozilla.org/www.mozilla.org/firefox_...
Popup blockers were also a differentiator, once.
Just imagine if Netscape and MS made all their money from popups at the time.
But when your browser has a 2% market share worldwide, some developers won't bother to test on it. And if your setup is even more obscure (I use Firefox on Linux with an adblocker and third-party cookies blocked and DRM disabled and autoplaying video disabled and so on) making you rare even among that 2%, sometimes sites won't have tested with your specific configuration.
It's useful to have a second browser around, as a fallback when a site is broken. Uploading images when creating a listing on ebay is broken, but I don't have to figure out which element of my setup is breaking it, I can just switch to the other browser.
1. Chromium is significantly faster (maybe 5 to 10x faster on certain tasks mostly around canvas but anything that requires fast ui really). Every time I use Firefox it feels like it has some kind of serious problem. If chrome was this slow I would stop working and start investigating what part of my computer is broken. This experience hasn't changed over span of 10 years, 3 OSes and several computers.
2. Neverending caching issues on Firefox. It just caches too aggressively which makes development really annoying to a point where anytime I encounter issue on Firefox my first thought is "Is this Firefox caching issue?". On chrome when I change button color and I don't see it, I know I made a mistake. If I change button color on Firefox, my first thought is, is this Firefox caching issue? When I develop web I have very quick update loop and I really can't be questioning browser. I cannot work like this. Firefox is unusable for me.
And I don't think your first point is quantified correctly and I am sure there is no data to back it up. But I understand the appear of trying to quantify your personal experience.
It’s a bit like with Internet Explorer which back in its day was also needed for some stubborn sites.
1. Firefox's ctrl-f search doesn't highlight all instances of a found item on the right hand side. It sounds petty, but its a gigantic timesaver for looking through research documents
2. Firefox's tab crash recovery isn't as solid. I use chrome with fully persistent tabs, and its a gigantic pain if I can't re-open them
If I could find a way to fix these I'd swap in a heartbeat
I haven't used this, as I didn't know it was a feature I needed until you mentioned it.
- https://addons.mozilla.org/en-US/firefox/addon/find-in-page-...
Tab Session Manager allows you to dump tabs to groups for restoration later, with auto-save at regular intervals. Works quite well!
- https://addons.mozilla.org/en-US/firefox/addon/tab-session-m...
I normally have 5-50 tabs open (so perhaps on the lower end), but I can't recall the last time I crashed a tab in the last 3 years. I also use persistent/pinned tabs and never noticed issues.
Since Chrome blocked ublock, I switched to Edge. Not sure where I will go next, but I dont think it will be Firefox since they are always years late.
Also, there are a few parts of Firefox that still look ancient, like the bookmarks and history managers, as well as the PDF viewer, where the buttons are too small to click easily. Unfortunately, those are unusable for a Gen Zer.
As such, if you want to be sure a website will work you use chrome.
Since chrome has such a market share, developers feel justified testing primarily for chrome.
Self-fulfilling cycle.
Take a look at Firefox’s market share, or Brave’s etc.
Gecko, WebKit and—hopefully—Ladybird are the true alternatives. I used to think this was too extreme. But the ad vendor dragging ad blockers out of the engine flipped my view.
https://github.com/brave/adblock-rust
I use brave on my phone and I can't really tell the difference from desktop browser+UO, so I guess it works well enough.
No idea if they will fight to keep UBlock Origin accessible or not.
I think and certainly hope that Helium will fight the good fight.
They said they could offer limited MV2 support even after it’s fully removed from the upstream Chromium codebase.[1]
[1] https://brave.com/blog/brave-shields-manifest-v3/
but too often I have to use Chrome, as so many sites only work properly on it; Firefox is really buggy or laggy on those websites;
For a time, all those AI chat web pages were just very slow on Firefox even with very little context, whereas Chrome only gets laggy when there is a lot of context.
https://github.com/ungoogled-software/ungoogled-chromium
Really hoping the uBlock will continue to work on that project...
Source?
> Firefox won't, because mozilla banned that extension from store.
It's unbanned; the author chose to not put it back. https://www.ghacks.net/2024/10/01/mozillas-massive-lapse-in-...
It seems they spent so much of their budget on the CEO's salary that they couldn't afford an extension review team.
Quoting open-paren comment (2024):
> As far as I can tell, there are maybe two reviewers that are based in Europe (Romania?). The turn around time is long when I am in the US, and it has been rife with this same kind of "simple mistake" that takes 2 weeks to resolve.
https://news.ycombinator.com/item?id=41710183
And Firefox version of V3 supports browser.webRequest blocking (the part that adblockers need to work properly)
Got a source for that, or is that just unfounded speculation?
[1] https://vivaldi.com/blog/manifest-v3-update-vivaldi-is-futur...
Their tech stack is heavily JavaScript-focused, as their entire UI is written in JavaScript.
As a counter example, Brave is heavily invested in C++ and Rust, and I believe they could handle that work much better."
There's no such thing in the Google realm
With MV2, every request must be filtered with slow, JIT, garbage-collected JavaScript code. In MV3, filtering is handled by native browser code using the list provided by extensions. UserScripts could be used to modify the DOM, but that requires power users to manually enable it.
People just like to rage against Google.
https://chromewebstore.google.com/detail/ublock-origin-lite/...
It's even available on iOS, I have it running in Safari
In what way? I've never noticed a difference.
Just keep making a browser that isn’t shit. That’s your only job!
Any other browser with uBlock Origin: Chrome is dead.
But that was before LLM-driven development, I think that now the game has changed, and maybe Google hasn't got the leverage it thinks it has.
Perhaps good was overkill. Less bad?
[1] https://news.ycombinator.com/item?id=48472424
[2] https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-as...
Only need Firefox ESR for a handful of websites giving me no option when specifying a Linux/Mozilla user agent instead of the native one for those doesn't work.
This change is good for the majority of users, but is actually bad for large enterprise customers and highly-regulated customers. It puts more control and onus of responsibility on to Google, rather than the end-user. So, we will expect to see better enforcement of controls from Google for the lowest-hanging-fruit that some aspects of MV2 exposed.
What's that, you say? MV2 changes? Well there's 3 things.
1. Remote code execution. The ability for someone to just yeet commands into your browser. A little harder to do directly.. Still very possible, just with extra steps.
2. Removing the ability for extensions to access network requests directly, which is what adblockers often relied on. It also means malicious extensions could snoop on your requests. They still can, just with extra steps.
3. Background persistence, an extension could stay alive, maintain state, run timers, keep connections open, and coordinate across tabs. So this shuts off the "background persistence" piece -- but helps with ensuring better isolation. Still possible, but now requires yeeting your data to an external provider instead of keeping the state contained locally.
Those 3 changes are incredibly powerful, and will impact many, many Enterprise security tools. Tools that now instead will result in products like "Island Browser", and "Enterprise Chrome" being rolled out to supplement the functionality that MV2 gave us.
This change goes against the US and Australian government's hardening advice, and reduces the overall efficacy of security controls we're able to implement within our web browsers natively.
CISA's own guidance on this is pretty straightforward (aptly named Securing Web Browsers and Defending Against Malvertising for Federal Agencies): https://www.cisa.gov/sites/default/files/2023-09/CISA%20CEG%...
Here's the Australian Government's control relating to it:
> Control: ISM-1485; Revision: 1; Updated: Sep-21; Applicable: NC, OS, P, S, TS; Essential 8: ML1, ML2, ML3 > Web browsers do not process web advertisements from the internet.
And if you're wondering about what incentives there are that led to this change, you can read this letter written to the Chairman of the FTC by a US Senator back in 2020. This letter is linked to from the same CISA document I shared earlier.
You should read it in full, and consider what incentives the Senator was referring to -- and how they also apply in this scenario.
https://www.wyden.senate.gov/imo/media/doc/011420%20Wyden%20...
Those Enterprise Chrome products I mentioned earlier? Chrome's change has now put some of this functionality which was previously possible with an extension, behind the Enterprise Chrome Premium SKU: https://chromeenterprise.google/products/chrome-enterprise-p...
You know what else is a security concern? Ads. The amount of mental gymnastics is insane. It's honestly insulting.
smiling smugly from planet firefox
Especially since they put no effort into removing even extensions they know are malicious (and who work very well within the MV3 restrictions): https://palant.info/2025/01/20/malicious-extensions-circumve...
Sadly I don't think that's the general case, I've been on FF for decades but there isn't a universe where I use a browser without UBO at this point.
One wouldn't need to be loyal to UBO... a simple with-and-without comparison would be enough for anyone with a functioning brainstem.