Comment by wtallis
5 years ago
NoScript implemented this over a decade ago, as part of its surrogate scripts feature: https://hackademix.net/2009/01/25/surrogate-scripts-vs-googl...
This was one of my favorite examples of how there was much more to NoScript than most people assumed, and it had a depth of features that could not be matched by "alternatives" like uMatrix. But that feature was killed by the mass extension breakage in Firefox 57: https://github.com/hackademix/noscript/issues/133#issuecomme...
So in a way, this feature can be seen as more than three years overdue.
I'm happy with this. Some extensions are so important they should be integrated into the browsers themselves. NoScript, uBlock Origin, uMatrix and Privacy Badger should just be standard browser features.
That would give the browser owners control over ad blocking behaviours, while they rely on funding from companies which sell ads. That's not a great situation for the users. The authors providing an unopinionated API for plugins is much safer.
You're absolutely right. Though the problem is the conflict of interest, not the idea that these things should be browser features.
The truth is everyone trusta these particular extensions and so they should have more privileges and deeper integration. For example, Google's new extension APIs actually make a lot of sense: they allow extensions to do useful things without actually looking at user data. This is a big improvement and it should be imposed on all extensions on their store. It's just that uBlock Origin is so important that it shouldn't be subjected to these limitations. That's why I say it might as well become a browser feature.
3 replies →
Indeed, it also raises the question: Why do we pay for something like MS Office but not for a browser?
I think I'd pay 50/year or so for Firefox.. Even if Chrome is free. In fact I already donate about half that. But the point of course is getting a lot of people to do that so they can achieve independence from Google.
10 replies →
Or they can just cripple the APIs so extensions don’t work as effectively anymore. Kind of what happened in practice with Safari (although this was not malicious).
Isn't this whole thread in response to Firefox blocking tracking from an ad company?
2 replies →
> That would give the browser owners control over ad blocking behaviours, while they rely on funding from companies which sell ads.
Then they have a shit business model and should fold.
Stop making shitty excuses for bad behavior.
Technology should enhance the human experience, not enslave it.
I'm not because without extensions that now you think they should be standard browser features actually existing you may not even have imagined about those features in the first place.
Or to put it in another way: browser developers cannot imagine every possible use case that may come out of browsers nor are always the best judges of what is important and what not. It is just a matter of limited human imagination. The combined imagination of all potential extension authors is much greater than the combined imagination of whoever makes decisions about the features in a single browser - and extension authors do not have to convince anyone about adding those features in the browser, they can just throw them at the wall (users) and see what sticks.
For a similar see X11 vs Wayland and how the latter has to make application-specific extensions for functionality provided by programs written using functionality the former provided since practically forever.
> I'm not because without extensions that now you think they should be standard browser features actually existing you may not even have imagined about those features in the first place.
I agree. I'm not saying we shouldn't have extensions. The entire ecosystem should be healthy, varied and with a low barrier to entry. I'm saying some extensions turned out to be so incredibly important that they really ought to be installed by default for every user. The only thing that stops uBlock Origin from being a browser feature is the fact it is an extension.
I installed uBlock Origin not only in my own browsers but also in the browsers of every single computer I have ever used. Sometimes people even comment on how much nicer the whole web browsing experience has become and they can't explain why when I ask them. People also seem to magically become immune to malware since malicious ads are no longer being shown and malware domains are being blocked.
When an extension has such an immensely positive impact on your users, browser developers need to recognize that fact and integrate it into the browser. At the very least they should ship the extension with the default browser package.
There isn't a very wide gap between builtin and "we bundle this extension by default" - which was always an option. The difference would have been marginal if Mozilla wanted to make it so.
Open source has an advantage when it sets itself up as basic infrastructure that can be tailored to many roles. It is notable that Brave, being started by a CTO from Mozilla with extensive experience in Mozilla, went with Chromium as the browser base for whatever reason.
Maybe if Firefox hadn't damaged its extension ecosystem instead Brave's niche could maybe have been done with extensions. Who knows. The former userbase has been delivering powerful votes of no confidence against Firefox for a decade now.
> There isn't a very wide gap between builtin and "we bundle this extension by default" - which was always an option. The difference would have been marginal if Mozilla wanted to make it so.
That'd be great!
umatrix is dead by the way
There's an alternative for Pale Moon...
https://addons.palemoon.org/addon/ematrix/
1 reply →
It is not currently maintained, but it is not dead yet.
1 reply →
I'm not familiar with all those extensions, but this sounds exactly like what Brave does.
uMatrix has been abandoned, sadly.
I'm very worried about this, to be honest. There doesn't appear to be anything even remotely close to a proper replacement for uMatrix. The thought of going back to the relentless spyware that is the web today (without uMatrix) is literally scary.
Someone here (long-ago thread) suggested uBlock Origin but it doesn't come anywhere near the functionality of uMatrix.
I'll continue using uMatrix and it continues to work perfectly but if Mozilla ever breaks it with incompatible changes, I'm at a loss what to do. Keeping fingers crossed it works for a long time.
I'd be happy to pay substantial money for something like uMatrix.
5 replies →
uBlock origin exposes this via https://github.com/gorhill/uBlock/wiki/Dynamic-filtering:-ru... . In particular, https://github.com/uBlockOrigin/uAssets/blob/master/filters/... will translate requesting google-analytics.com/analytics.js into this stub: https://github.com/gorhill/uBlock/blob/master/src/web_access... .
Not sure if you can easily substitute arbitrary scripts (would probably be placing too much trust into filter lists) but the resource library seems to be quite extensive: https://github.com/gorhill/uBlock/wiki/Resources-Library#url...
Does this imply NoScript just hasn't migrated to newer APIs, or does uBlock do something extreme to achieve it?
I thought NoScript was a single-purpose extension for disabling scripts. Naming and messaging matters, I guess. "JSControl" would've been a better name.
The full name as shown on addons.mozilla.org is "NoScript Security Suite", which more accurately conveys its purpose. Some of the features it provided really had nothing to do with JavaScript, such as NoScript's implementation of Strict Transport Security about 1.5 years before Firefox itself implemented that feature.
> "NoScript Security Suite", which more accurately conveys its purpose.
No, that just makes the name more confusing!
Still sounds like a JavaScript blocker, that doesn't clarify anything for me. I've never even looked at it as I've somehow associated it with "block all Javascript", seems like I missed out.
5 replies →
NoScript evolved over time.
NoScript evolved over time.
It's not like you downloaded a Mozilla's executable one day and expected to see a Flaming Canine instead of a web browser.
No script blocks all scripts though so it's a tad bit extreme. They had bigger fish to fry but they finally got around to this. I'm happy they're doing it and I'm not going to complain about water under the bridge.
NoScript selectively blocks scripts on a per-domain basis, which is almost always sufficient to block the bad scripts but allow the necessary scripts on a site. The exceptions where a surrogate script (or blocking scripts by URL regex) is required are relatively rare.
It requires a lot of work from the user unlike something like ublock. It's fine for power users and hardcore privacy adherents but I would never recommend it for your general internet user as they'll just get confused.
Well, you should be able to remake it by now, since that was in 2016, so Firefox should have replaced all the functionality the previous extensions had, right?
Edit: Not you specifically, but someone.
Too little too late for me personally. I couldn't keep my two versions of Firefox from interfering with each other so these days it's Chrome for all my casual browsing and Firefox 56 for the functions I can't do without.