thacoon's Blog

Chrome vs. AdBlockers - Manifest V3 Summary

· thacoon

What’s it about?

Last year Google announced to work on Manifest V3 (MV3) and a lot of voices raised that Google wants to kill adblockers. This resulted in a back and forth between the Chrome developers and the adblocking community.

MV3 was released as a preview/alpha on October 31st, 2019 and a stable release is planned for 2020.

Currently the Chrome browsers offers extensions the possibility to observe and block network requests via the webRequest API. However, the Chrome developers raised concerns about the security and performance impact by this practice. Therefore, the new declarativeNetRequest API was proposed to handle blocking of network requests. With this new API extensions should be able to tell Chrome what to do with a given request. However, the amount of entries are limited. First to 30.000 entries but then was raised to 150.000. As EasyList, a popular blocking list used in all adblockers, already hash 68,000 entries on its own. And some adblockers also uses more advanced techniques than simple blacklisting.[Manifest V3] [Easy List]

Comments from the adblock community

Use privacy/performance as Trojan arguments to rationalize reducing user agency over what all bloated web sites throw at people’s user agents. That new declarativeNetRequest API seriously reduces what blockers can do, to the point they will become distinguishable only by their UI, not their capabilities. As a user, I personally wouldn’t accept browsing the world wild web without the advanced features in uBO, I find this unthinkable. [source]

– Raymond Hill (gorhill) (developer of uBlock Origin and uMatrix)

There is no way to transpose either either dynamic filtering, dynamic URL filtering, per-site/per-scope switch logic (let’s refer to all these as “dynamic filtering”), into static filters. Dynamic filtering logic requires an arbitrary amount of block/allow rules overriding other block/allow rules based on specificity. There is no concept of specificity in static filtering – and even more, there is no concept of dynamic filtering rules relinquishing filtering to static filters (dynamic filtering’s noop rules).

And there I was recently testing how uBO handled over half a million network filters with the 3rd-gen HNTrie… [source]

– Raymond Hill (gorhill) (developer of uBlock Origin and uMatrix)

For the sake of not just the present, but also the healthy and open web ecosystem of the future, we need to make sure that we allow APIs that continue to foster innovation. Our very serious concern is that the proposed changes in manifest V3, especially with the proposed changes to webRequest and the current implementation of declarativeNetRequest might very well do the opposite. […] Most modern ad blockers are already quite efficient and are constantly looking to improve performance further. We would encourage the Chromium team to feel free to engage more with the ad blocking developer community regarding manifest V3. We would be happy to provide more technical feedback, suggestions and support. source

– Feedback from various contributors/supporters of adblock community

The new API is not in itself a bad thing, but it becomes a bad thing when it’s the only option because it lacks the flexibility that the Web Requests API provides. source

– Jeremy Tillman (president of Ghostery)

I actually don’t care about the hard-coded limit on blacklists because I use a whitelist, but I need contextual information which the Declarative API’s stated purpose is keeping away from extensions. source

– Giorgio Maone (developer of NoScript)

Google’s arguments

Google brings up two major arguments for introducing the declarativeNetRequest API, (1) performance and (2) security.

Performance

Currently via the webRequest API, Chrome sends all the data in a network request to the listening extensions. These extensions than tells Chrome what to do with the request, like allow it, block it or send it with some modifications. Using the declarativeNetRequest API extensions would register a limited amount of rules that tell Chrome on certain types of requests what to do. As evaluation to allow/disallow a request is now performed by the browser, no serializing, shuttling the inter-process messages to the extensions and waiting for a decision for all request data is needed anymore. [Chromium blog post]

Ghostery has made two studies regarding performance influence by adblockers. The first study Adblockers Performance Study measured the decision times per request for several popular adblockers like uBlock Origin, Ghostery and AdBlock Plus. The measurements returned a sub-millisecond median decision time per request, what compared to the actual time a request needs to be send/returned to a server, is negligible. Additionally, with the upcoming WebAssembly technology adblockers could reduce decision time even more.

But the second study, The Tracker Tax, is even more interesting. They simply compared the loading time of the top 500 websites with and without blocking trackers. It turns out that the average page load time with all trackers blocked is about 2 times faster than when no trackers are blocked. This is a significant performance increase by using adblockers.

And this makes sense. The time for a request to be serialized, passed to the extensions and then waiting for the decision is already very fast. This all happens on your local machine managed by a highly optimized piece of software, your browser. But then the request needs to be sent/travel to the server, be processed by the server and then sent/travel back to you. This is the part that takes most of the time. Every request that can be avoided significantly lowers the loading time. Modern websites today connect to so many different services, significantly slowing down the page load time. I deeply recommend you to install uMatrix or NoScript and then visit some of your favorite websites. This would give you an impression of many web services are contacted on each visit.

Security

Google states that 42% of malicious extensions use the Web Request API. As every network request is passed to the extensions a malicious extension may has access to sensitive data.

However,

The webRequest API is not going to be fully removed as part of Manifest V3. In particular, there are currently no planned changes to the observational capabilities of webRequest (i.e., anything that does not modify the request). [source]

– Simeon Vincent (Google Extensions Developer Advocate)

So malicious extensions are still able to grab sensitive data but adblockers are limtied in there functionality.

Additionaly, adblockers help preventing being infected by Malvertising, a technique to use online advertising to spread malware.

Impact on electricity consumption

This may be a bit off topic, but I found it too interesting to ignore.

Just recently a study, Energy Conservation with Open Source Ad Blockers, was published that evaluated the impact of adblockers regarding electricity consumption. Every request made consumes some amount of electricity, because it needs to be transferred to a destination, being processed and a response sent back. So every request avoided actually reduce the electricity consumption. It was found out that using adblockers has a significantly impact/potential not only on reducing electricity consumption.

Energy Conservation with Open Source Ad Blockers - Abstract

Internet-related electricity consumption is rising rapidly as global Internet users spend more than 6.5 h per day online. Open source ad blockers have the potential to reduce the time and thus electricity spent using computers by eliminating ads during Internet browsing and video streaming. In this study, three open source ad blockers are tested against a no-ad blocker control. Page load time is recorded for browsing a representative selection of the globally most-accessed websites, and the time spent watching ads on videos is quantified for both trending and non-trending content. The results show that page load time dropped 11% with AdBlock+, 22.2% with Privacy Badger, and 28.5% with uBlock Origin. Thus, uBlock Origin has the potential to save the average global Internet user more than 100 h annually. The energy conserved if everyone in the United States used the open source ad blocker would save over 36 Americans lives per year if it were to offset coal-fired electricity generated-based pollution. In the United States, if all Internet users enabled Privacy Badger on their computers, Americans would save more than $91 million annually. Globally, uBlock Origin could save consumers more than $1.8 billion/year. Open source ad blockers are a potentially effective technology for energy conservation. [source]

– Pearce, J.M. Energy Conservation with Open Source Ad Blockers. Technologies 2020, 8, 18.

Conclusion

After Chrome announced Manifest V3 a lot of voices raised that Google wants to kill adblockers. However, Google always negated this accuse and has put forward technical arguments to defend there decisions. But as shown the two major arguments performance and security do not even hold true on a basic consideration.

By the way in 2018 over 85% of Alphabets (owner of Google) total revenue was made from ad revenues Alphabet Annual Report. Besides all the products Google has created they are still mainly an ad company, it is still there core business model. Therefore, any blocking of ads has an influence on there profit. Adblockers directly affect Google’s profit. And even if Google has helped improving the web it is still a company that is responsible for there stackholders and maximizing profit. Therefore, adblockers are a big business risk for Google as Google said by themselve

New and existing technologies could affect our ability to customize ads and/or could block ads online, which would harm our business.

Technologies have been developed to make customizable ads more difficult or to block the display of ads altogether and some providers of online services have integrated technologies that could potentially impair the core functionality of third-party digital advertising. Most of our Google revenues are derived from fees paid to us in connection with the display of ads online. As a result, such technologies and tools could adversely affect our operating results. [source] –

Google Chrome now dominates the browser market with about 68 percent of the global desktop internet browser market share. Additionally, many browser are based on Chrome as Microsoft’s Edge or Opera. This gives Google the power to force new APIs and overall shape the future of the internet as no other company. Not even speaking about there supremacy as a search engine or additional services. But being an ad and stackholder company, Google’s vision of the future may not be always the best for us and a free and open web for all of us.

So maybe it’s finally time to ditch Chrome…

#netzpolitik #privacy

Reply to this post by email ↪