Sadly I’ve run into the same type of problem with a newer TLD as well. My solution was to get a domain in the older TLD space (e.g. .com, .net, .org). I doubt this will be the last site you run into that doesn’t support a newer TLD and the low likelihood that you’re going to be able to convince someone to fix the issue at every one of those outdated sites means that you’ll eventually need a backup domain for something.
I feel like it’s less a conspiracy and more that some people will accept nothing less than no ads or tracking whatsoever, even if it makes no economic sense with regards to how sites support themselves.
Meanwhile, attempts like Mozilla’s Privacy-Preserving Attribution to allow for showing that an advertising campaign is effective without the granular, per-user tracking are rejected by the community, meaning that the situation never improves in even a small way.
I’d imagine that making it a user choice gets around some of the regulatory hurdles in some way. I can see them making a popup in the future to not use third-party cookies anymore (or partition per site them like Firefox does) but then they can say that it’s not Google making these changes, it’s the user making that choice. If you’re right that there’s few that would answer yes, then it gets them the same effective result for most users without being seen to force a change on their competitors in the ad industry.
What’s the UK CMA going to do, argue that users shouldn’t be given choices about how they are tracked or how their own browser operates?
Looking at it most favorably, if they ever want to not be dependent on Google, they need revenue to replace what they get from Google and like it or not much of the money online comes from advertising. If they can find a way to get that money without being totally invasive on privacy, that’s still better than their current position.
I’m pretty sure that people were unhappy because it was opt-out at first. Now that bridging is opt-in, I don’t think most people have a problem with it and I’ve seen a number of posts from both sides of the bridge so it seems to be working.
That’s true. I know they did increase the number of filters from the initial amount but they really should just make it effectively infinite.
As long as that extension developer can be trusted to have access to read and modify the data of any site you load and to not sell the extension (and its userbase) for a quick buck (see Hover Zoom+ for an example of how much they’re willing to offer, as recently as today).
There are definitely trade-offs between the permissions allowed in V2 versus V3. It really depends on where you think the main threat is (websites and online tracking versus extension developers).
I’m a little surprised we haven’t heard about one of these smart TV brands using something like Amazon Sidewalk yet to communicate the analyzed data:
https://www.amazon.com/Amazon-Sidewalk/
A popular brand could totally set up their own network like this and with apartments there would probably be sufficient density to ensure that there’s always at least one connected device nearby to act as a bridge.
I don’t think there’s a lack of empathy, especially when you consider that we may be concerned for the more numerous viewers who could potentially see your comments if we help you bypass the filters that you seem to be running into more than just occasionally.
It’s not that they need to know that to provide a potential answer, it’s that they want to know that before they decide to help you bypass a filter.
I’m pretty sure people are focused on what the content is because they have reservations about helping someone bypass filters to post stuff that may be offensive enough to be deleted in the first place.
A lot of sites are willing to have something that’s good enough, rather than perfect, so if they find that using a list like this solves the majority of their abuse/deliverability issues, it’s unfortunately pretty logical they’d use it for that.
I feel like having different attributes for each domain might be helpful so that those services using the list can filter for just the things they care about such as burner emails, anonymous registration, whether it requires any email/phone verification, etc. Right now domains kind of have the problem of just being on the list or not, with no indication on why they might be a problem.
They changed it in the article after it was originally posted: https://web.archive.org/web/20231116232800/https://www.theverge.com/2023/11/16/23964509/google-manifest-v3-rollout-ad-blockers
They have a note about it at the bottom:
Correction November 16th, 9:41PM ET: Firefox is based on Gecko, not Chromium. We regret the error.
And that’s a bad thing?
The desktop is finally catching up with the more restrictive permissions model where an app doesn’t just have the ability to do anything the user can do but instead only has access to what it needs.
Going with a familiar interface style like the ones people already use on mobile just makes sense.
What would you want it to look like instead?
They haven’t released the text publicly but they’re voting on it in less than a week. That’s also one of the many objections that Mozilla et al has to this whole thing: it’s basically being done in secret in a way that won’t give the public any time to react or object.
Historically, the browser vendors have only distrusted certificate authorities when they had reason to not trust them, not some arbitrary reason.
One of the examples of them preventing a CA from being trusted is Kazakhstan’s, which was specifically set up to enable them to intercept users’ traffic: https://blog.mozilla.org/netpolicy/2020/12/18/kazakhstan-root-2020/
Even if all of the EU states turn out to be completely trustworthy, forcing browser vendors to trust the EU CAs would give more political cover for other states to force browser vendors to trust their CAs. Ones that definitely should not be trusted.
I think there wouldn’t be nearly the same level of objection if it was limited to each country’s CC TLD, rather than any domain on the internet.
How is giving any EU state the ability to be a certificate authority in your browser for issing a certificate for any site, without them needing to follow the rules the browser vendors have for what makes an authority trustworthy, with no option to disable them or add additional checks to their validity, “protecting their citizens from (American) corporate abuse”?
From the Mozilla post:
Any EU member state has the ability to designate cryptographic keys for distribution in web browsers and browsers are forbidden from revoking trust in these keys without government permission.
[…]
There is no independent check or balance on the decisions made by member states with respect to the keys they authorize and the use they put them to.
[…]
The text goes on to ban browsers from applying security checks to these EU keys and certificates except those pre-approved by the EU’s IT standards body - ETSI.
Vizio makes twice as much profit from those ads and tracking services than the actual TVs:
https://www.theverge.com/2021/11/10/22773073/vizio-acr-advertising-inscape-data-privacy-q3-2021
When most sites refer to passkeys, they’re typically talking about the software-backed kind that are stored in password managers or browsers. There are still device-bound passkeys though. Also since they’re just FIDO/WebAuthn credentials under the hood, you can still use hardware-backed systems to store them if you really want.
While you’re right that device bound and non-exportable would be best from a security standpoint, there needs to be sufficient adoption of the tech by sites for it to be usable at all and sufficient adoption requires users to have options that have less friction/cost associated with them, like browser and password-manager based ones.
Looking at it through the lens of replacing passwords instead of building the absolutely highest-security system helps explain why they’re not limited to device-bound anymore.