Not always, Google won't remove ad blockers

Google Chrome

Google Chrome

For several months now Google had made known its intentions to remove ad blockers from its Chrome web browser., this with the guideline that the blockers would have problems in the changes introduced in the Manifest V3.

Even though Google also argued that some service providers online have built-in technologies that could compromise the essential features of digital advertising Of third parties.

Chrome developers have tried to justify discontinuing support for blocking mode from the webRequest API, It allows you to change received content on the fly and is actively used in add-ons to block ads, protect against malware, phishing, spy on users, parental control and privacy.

Google Chrome
Related article:
Google continues with its intentions to remove ad blockers

The blocking mode of the webRequest API leads to high resource consumption.

When using this API, the browser first sends all the data contained in the network request to the plugin, the plugin parses it and returns a modified version for further processing in the browser or problems with blocking instructions.

In this case, the main delays arise not at the stage of processing the traffic with a plug-in, but due to the overhead of coordinating the execution of the plug-in.

In particular, such manipulations require a launch to complement a separate process, as well as the use of IPC to interact with this process and data serialization mechanisms.

The addition fully controls all traffic at a low level, which opens up wide opportunities for abuse and privacy violations.

Google still in favor of removing the API

According to Google statistics, in 42% of all malicious plugins detected, the webRequest API was used.

Unfortunately, the patch does not allow any of all malicious plugins to be intercepted, So to improve protection, it was decided to limit plugins at the API level.

The basic idea is to provide plugins with limited access to all traffic, if not only to the data that are necessary for the implementation of the conceived functionality.

In particular, to block content it is not necessary to provide the plugin with full access to all confidential user data.

The proposed declarative to replace the declarativeNetRequest API takes care of all the work high-performance content filtering system and only requires the download of filtering rule plugins. Furthermore, the addition cannot interfere with the traffic and the user's private data remains inviolable.

Google took into account many of the comments regarding the lack of API functionality, declarativeNetRequest and extended the limit on the number of filter rules from 30,000 originally proposed for each extension to a global maximum of 150,000 and also added the ability to dynamically modify and add rules, remove and replace HTTP headers (Referer, Cookie, Set-Cookie ) and request parameters.

The developers are not entirely convinced

Testing by plugin developers shows that the performance of ad-blocking plugins is negligible compared to the general background (when testing, comparing the performance of various plugins, but without taking into account the overhead of an additional process that coordinates the execution of the handlers in the blocking mode of the webRequest API).

It is not practical to completely stop supporting the API, actively used in plugins. Rather than removing it, the developers argue that a separate resolution can be added and tightly controlled for the adequacy of its use in additions, which would save the authors of many popular plugins from full processing of their products and prevent reductions in functionality. .

The proposed alternative to declarativeNetRequest does not cover all the needs of plugin developers to block ads and ensure security / privacy, as it does not provide complete control over network requests, does not allow the use of proprietary filtering algorithms and does not allow the use of complex rules that overlap each other depending on the conditions.

Source: https://security.googleblog.com/


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.