Conversation

in its current form--if shipped without revision--declarativeNetRequest would be seriously detrimental, but that's most infosec initiatives where the people designing them and the people affected are non-intersecting groups. doesn't have to be ad-related
Quote Tweet
Replying to @whitequark
The problem is sure it blocks google ads, but it doesn't block google's tracking scripts, nor can it block random javascript from other sites. Its a fail-open blacklist scheme, instead of a fail-closed whitelist scheme like noscript (which requires the old API) allows.
1
14
Replying to
Shipping declarativeNetRequest doesn't imply deprecating blocking via webRequest though. It also appears that it's going to ship long before that happens. A better approach would have been implementing declarativeNetRequest and iterating on it before announcing any deprecation.
1
3
Replying to and
I think they should cancel the current webRequest blocking deprecation and rethink it. They also need to be clued into the fact that the benchmark to match for content filtering is not EasyList / Adblock Plus anymore. They succeeded at doing that, but people want uBlock Origin.
1
10
It provides privacy and security improvements in practice, by opportunistically blocking a lot of stuff, but it's not a workable approach to fundamentally improving that in the browser. It can be bypassed by heavily tying it into actual 1st party content or just lots of changes.
1
The webRequest API itself was not designed for privacy / security improvements and has the failure mode of allowing requests. If the filtering extension crashes, times out or fails in some other way, the requests go through unfiltered. Making a robust replacement is important.
1
Show replies