policy-templates VS uBlock

There is no such thing as a "known trusted extension" ever since they killed sideloading extensions and forced auto-updates. 10 years ago not force updating extensions was also a thing they moved behind a flag, and then just dropped.

Also - if you want to blacklist certain extensions from certain sites, you abso-freaking-lutely can already... see: https://github.com/mozilla/policy-templates/blob/master/READ...

you want the `restricted_domains` field.

It gets worse - Mozilla is the fucking worst at checking submitted extensions. They tried to the play into the whole "app store" thing that Google/Apple were doing, but those are justifiable cost centers at those two companies in a way that just doesn't work for a player like Mozilla.

Mozilla's store checks for extensions are fairly pathetic. You can submit a near empty shell with excessive permissions, get approved the first time, then auto-update to a new release (which will deploy to users immediately thanks to auto-updates). That new version has to pass a battery of useless automatic SAST checks, which will happily highlight all sorts of things it doesn't like (it flags words like "hello" because it contains a curse word) but which won't do shit to check if you're hoovering up credentials, browsing data, tracking users, etc.

If you're unlucky, at some point in the next 24 months you'll trigger a real review from Mozilla and get caught.

To be blunt - I have 15 years experience writing extensions. I don't like Google. If you think Mozilla is better you're wrong.

You can do that with policy templates. Use the Discussion tab at the top of the GitHub page if you need help setting them up.

Policy Templates for Firefox

They very well could do this for a a company that requires really strict privacy and security, but unfortunately in its current state Firefox doesn't have nearly the corporate sysadmin-friendly tooling that Chrome and especially Edge do.

When I was tasked with implementing CIS browser hardening policies at a previous job a few years ago, this was just a matter of enabling some Group Policy template settings for Chrome and Edge, but for Firefox this involved distributing a prefs.js file to all the workstations. In any corporate environment it's very likely going to be point and click Windows admins that are implementing browser standards, who tend to be allergic to anything resembling code and are already used to using GPOs for just about everything.

Yes, Firefox does have GPO templates but it's not nearly as rich as Chrome and Edge. Edge has even more GPO templates than does Chrome iirc, Chrome already had a lot to begin with and then Microsoft added even more of their own on top of that.

https://github.com/mozilla/policy-templates/blob/v4.11/READM...

https://learn.microsoft.com/en-us/deployedge/configure-micro...

That alone already puts Firefox at a huge disadvantage for corporate deployment, the other thing that makes it even less attractive, even to companies where privacy/security is a huge requirement (like my previous job) is that Edge is already bundled with the OS, and is one less thing that needs to be manually patched. In high security corporate environments, just keeping things patched is always a huge task so it's very hard to convince someone that they need to put in more work to keep an extra piece of software patched (which is already very difficult considering how frequently browsers are updated). To make things even worse, just about all vendors will only support Chromium-based browsers for whatever SaaS they sell you, so Firefox is a nonstarter for getting support, even if it will work just fine 99.9% of the time.

For all these reasons, I lost the battle to keep Firefox around, which is a huge shame because of how much I love it and wanted to fight the Chromium monoculture. So I guess for a corporation to support Firefox despite how corporate-friendliness the alternatives are, they'd have to reaaaally want to.

You can see the relevant JSON code in the changelog. As I said, you can post a comment on this page to remind Mike to update the documentation for policy templates.

This GitHub repository has a Discussions tab where you can ask questions about deploying Firefox: Policy Templates for Firefox.

Check out the official documentation here: Policy Templates for Firefox. You can use the Discussions tab if you have any questions.

Check out uBlock Origin's per site switches [1]

[1]: https://github.com/gorhill/uBlock/wiki/Per-site-switches#no-...

If ads, in particular on YouTube, are the problem, anything Chromium-based is probably only going to get worse and worse (see [1] and [2]). So that basically leaves you with Firefox and Safari.

I work for Mozilla (speaking for myself, of course), so I'll leave you to guess which I'd recommend :P

[1] https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...

[2] https://arstechnica.com/gadgets/2023/09/googles-widely-oppos...

https://github.com/gorhill/uBlock

Or if on mobile, it is well worth it to look up adblock options for the browser you use.

What are the compelling advantages of Chrome nowadays?

Chrome is working to limit the capabilities of ad blockers:

https://www.malwarebytes.com/blog/news/2023/11/chrome-pushes...

Whereas a compelling advantage of Firefox is that uBlock Origin works best in Firefox:

https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...

Advertising networks have often been vectors for malware. Using an ad blocker is an important security measure. Even the FBI recommends ad blockers:

https://www.malwarebytes.com/malvertising

https://theconversation.com/spyware-can-infect-your-phone-or...

https://www.ic3.gov/Media/Y2022/PSA221221?=8324278624

> It allows for 30,000 dynamic rules

That is not what we mean by dynamic filters. From https://developer.chrome.com/blog/improvements-to-content-fi...

> However, to support more frequent updates and user-defined rules, extensions can add rules dynamically too, without their developers having to upload a new version of the extension to the Chrome Web Store.

What Chrome is talking about is the ability to specify rules at runtime. What critics of Manifest V3 are talking about is not the ability to dynamically add rules (although that can be an issue), it is the ability to add dynamic rules -- ie rules that analyze and rewrite requests in the style of the blockingWebRequest permission.

It's a little deceptive to claim that the concerns here are outdated and to point to vague terminology that sounds like it's correcting the problem, but on actual inspection turns out to be entirely separate functionality from what the GP was talking about.

> Giving this ability to extensions can slow down the browser for the user. These ads can still be blocked through other means.

This is the debate; most of the adblocking community disagrees with this assertion. uBO maintains a list of some common features that are already not possible to support in Chrome ( https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b... ) and has written about features that are not able to be supported via Chrome's current V3 API ( https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-as... ). Of particular note are filtering for large media elements (I use this a lot on mobile Firefox, it's great for reducing page size), and top-level filtering of domains/fonts.

> "Its happened before"

> That's not an argument

It's a subheading to "2. Browser engine monopoly". The subsection's purpose is describing how bad things were during the IE monopoly to reinforce that it's something to be avoided.

> in fact you could counter-argue that IE left a lot of technical debt

That would be agreeing with the article, unless I understand what you mean.

> On top of that, the internet was very different back then.

In a way that now makes it harder for truly new competing engines to pop up due to increased complexity of the web.

> I'm still not convinced, why would I change my browser?

The points made in the article are:

* Increased privacy, opposed to willingly giving your data to an ad-tech company

* Helps avoid a browser engine monopoly which would effectively let Google dictate web standards

* It’s fast and has a nice user interface

Onto which I'd add:

* Content blockers work best on Firefox (https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...), doubly so when Manifest V3 rolls out

* Allows more customization of interface and home page

* UX improvements, like the clutter-free reader mode, aren't vetoed to protect search revenue as with Chrome (https://news.ycombinator.com/item?id=37675467)

Advertising networks are vectors for malware:

https://www.cisecurity.org/insights/blog/malvertising

https://www.malwarebytes.com/malvertising

https://theconversation.com/spyware-can-infect-your-phone-or...

So if you're concerned about security then you want the browser with the best ad blocker.

uBlock Origin works best in Firefox:

https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...