Why not just curate extensions better? Or trust users with the risk of malicious extensions rather than forcing them into a ridiculous per-site authorization they may not want?
-
-
Replying to @matthew_d_green @justinschuh
Reviewing a non-trivial extension takes a professional vulnerability researcher like me 2-3 days, it is way beyond the current state of the art of program analysis to automate. Curation can help eliminate trivial junk, but is not a good solution.
2 replies 3 retweets 18 likes -
Replying to @taviso @justinschuh
There are what, a dozen ad-blocker extensions that represent 97% of blocker usage? Maybe 5? But presumably nobody can afford to review these and grant exceptions?
4 replies 1 retweet 20 likes -
I can see the headline now: "Google Bans Competition in Adblock Market". Restricting users to the 5 biggest/established players has its own problems.
1 reply 0 retweets 4 likes -
Yeah, this is why I'm not comfortable with special casing the big players. It creates perverse incentive structures and implicitly penalizes the smaller players, startups, and disruptors.
2 replies 0 retweets 3 likes -
We can’t have a general exception for add blockers. But regrettably we can’t have specific exceptions for ad blockers. So we can’t have ad blockers.
3 replies 0 retweets 9 likes -
That assertion doesn't ring true. Ad blockers will still work, but certain types of content manipulation that some ad blockers rely on for specific features will have to be done differently in the future.
1 reply 0 retweets 2 likes -
How well will those other techniques work? Advertising constantly evolves, and these techniques aren’t used because they’re fun.
2 replies 0 retweets 10 likes -
These techniques are easy to abuse, get wrong and slow. Designing effective alternatives that are powerful, but less easy to abuse, harder to get wrong and fast seems totally reasonable to me. Isn't that what you cryptographers do with your libraries?
1 reply 1 retweet 7 likes -
Are you designing more effective techniques, like Apple is?
2 replies 1 retweet 6 likes
I saw a suggestion to use something like eBPF, which seems like the obvious right solution to me given the expressed constraints. Though, IMO, proposals coming from the Chrome team tend to take the “everything must be async” principle to a counterproductive extreme.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.