Google has found itself under fire for plans to limit the effectiveness of popular ad blocking extensions in Chrome. While Google says the changes are necessary to protect the “user experience” and improve extension security, developers and consumer advocates say the company’s real motive is money and control.
As it stands, the Chrome web store currently offers users a wide variety of ad blocking extensions that can help curtail the volume and nosiness of online advertising. From Adblock to Ghostery, such extensions make it harder for ad networks to build a detailed profile of your online activities or serve you behavioral ads based on your daily browsing habits.
Last year, Google began hinting at some changes to Chrome’s extension system as part of its Manifest V3 proposal. Under these changes, Google said it would be modifying permissions and other key aspects of Chrome’s extensions system. The extension development community didn’t respond well, and said the changes would harm many popular user tools.
Currently, many Chrome adblock extensions use Chrome's webRequest API, letting users block ads before they even reach the browser. But Google’s proposal would require extensions use the declarativeNetRequest API, which leaves it to the browser to decide what gets blocked based on a list of predetermined rules. While some extensions, like AdBlock, already use the latter, developers say the overall result will be tools that simply don’t work quite as well overall. In the wake of ongoing backlash to the proposal, Chrome software security engineer Chris Palmer took to Twitter this week to claim the move was intended to help improve the end-user browsing experience, and paid enterprise users would be exempt from the changes.
Chrome security leader Justin Schuh also said the changes were driven by privacy and security concerns.
Adblock developers, however, aren’t buying it.
uBlock Origin developer Raymond Hill, for example, argued this week that if user experience was the goal, there were other solutions that wouldn’t hamstring existing extensions.
“Web pages load slow because of bloat, not because of the blocking ability of the webRequest API—at least for well crafted extensions,” Hill said.
Hill said that Google’s motivation here had little to do with the end user experience, and far more to do with protecting advertising revenues from the rising popularity of adblock extensions.
“In order for Google Chrome to reach its current user base, it had to support content blockers—these are the top most popular extensions for any browser,” he said. “Google strategy has been to find the optimal point between the two goals of growing the user base of Google Chrome and preventing content blockers from harming its business.” Hill argues that the blocking ability of the webRequest API caused Google to yield some control of content blocking to third-party developers. Now that Chrome’s market share is greater, the company’s in a better position to “shift the optimal point between the two goals which benefits Google's primary business,” Hill said. Consumer advocates are similarly unimpressed, noting that the changes could also harm the effectiveness of some parental control, privacy, and security extensions.
“This is a very bad decision on Google's part,” Justin Brookman, Director of Consumer Privacy and Technology Policy at Consumer Reports told Motherboard in an email.
Brookman noted that millions of users rely on extensions like uBlock, Disconnect, and Ghostery to limit cross-site tracking and block malicious code from third-party servers, and that pushing these extensions to use a different API with lesser functionality would only weaken them.
“It's hard to escape the suspicion that this is driven primarily by a desire to protect third-party tracking and ad revenue, where Google is the overwhelming market leader,” he said. “Notably, the move will insulate the largest ad blocker AdBlockPlus, who Google pays to whitelist their ads and tracking behavior.”
That concern has long been mirrored by the Electronic Frontier Foundation. The group frequently argues that Chrome’s ad tracker blocking technology has lagged behind other browsers because Google, whose online ad market share currently hovers around 37 percent, doesn’t want to hamstring the profitability of tracker-driven, behaviorally-targeted ads. The EFF’s Privacy Badger extension is one of the ad blocking tools that would be impacted, and its development team has also spoken out against the changes. In an email, an EFF spokesperson argued that Google’s move would stifle developer innovation in the browser space and hamper user security and privacy. The group also wasn’t particularly sold on Google’s justification for the move. “Google's claim that these new limitations are needed to improve performance is at odds with the state of the internet,” the organization said. “Sites today are bloated with trackers that consume data and slow down the user experience. Tracker blockers have improved the performance and user experience of many sites and the user experience. Why not let independent developers innovate where the Chrome team isn't?
The EFF says it was “particularly worrisome” that Google is going ahead with these changes despite all of the criticisms it's received from the developer community, adding that “security extensions should not be a privilege reserved only for enterprise users.” While Google has responded to criticism by saying the proposal was subject to change, it hasn’t yet backed off the proposal, which would be implemented this fall at the earliest. Should Google stick to its guns in the face of widespread criticism, it’s pretty clear that more than a few Chrome users will soon be on the market for a different browser.