Open rubyFeedback opened 3 months ago
I support extensions and adblocking as a critical part of web browser security and fully agree that it needs improved, and would like to see ad blocking fully supported in the API for extensions.
I support adblocking in LadyBird, as I consider the ability to block forms of malicious advertisements to be a critical security issue because advertisements often include hostile JavaScript. Advertisers are often malicious, so we need to consider fingerprinting as well as sites that try to weaken CORS through third party scope grants that then inject JavaScript that does bad things.
The best thing in my mind is if we can control how specific domains are handled on a domain or even TLD level based on the DNS tree supporting simple ?
and *
simple regex semantics. If the third party domain artificially returns a 404 for example, that might be best depending on user choice. Or maybe instead of returning anything it just returns the reply ladybird configures for the domain based on user choice. Then we have plugins configure that based on lists so people can have things like "domains that end in .ru or .cn" are not allowed" for enterprise compliance while doing things like "domains at ,test. cant load JavaScript.
For example maybe the security system doesn't allow a specific domain to load JS at all.
Maybe another domain is only allowed to load images or another only text files.
But to do that we need a robust pipeline that can be configured. The ability to block ads also means that from a security and compliance perspective, it will be easier for companies to support on their corporate network.
The best thing in my mind is if we can control how specific domains are handled on a domain or even TLD level based on the DNS tree supporting simple ? and * simple regex semantics
Please have a look at the existing denylist code and data here:
This feature has been in the browser since January 2021 https://github.com/LadybirdBrowser/ladybird/commit/a6d52e0c97df3b714b2077ed676e84c6513dbf15.
No plans, other than "we want extensions eventually". There's a very rough WebExtensions spec, I believe based on how the other browsers' extensions work, which I assume we'll follow. But the focus for now is just on making the browser run the web well.
- We have basic ad/tracker blocking built in. Otherwise, no plans but that sounds like something that can be done with extensions.
One thing to add about this, if I may: Firefox, even before the polemics regarding the newest manifest version and the termination of adblocking on Chromium browsers, has had a notably wider range of allowances in regards to what an extension is allowed to do. I mention this because I much enjoy the Tridactyl extension on Firefox, which allows one to have vim-like controls just about anywhere in the browser. This kind of extension exists on Chromium as well, but it is more annoying to use precisely, I assume, because of the restrictive nature of Chromium itself in regards to them. So this is something to consider, as I'm sure it would be great to follow Firefox's example more so than that of the others.
Do forgive my lack of details here. I speak as laity as I do not understand the specifics quite well. This comes from my experience running similar extensions in both the Gecko and Chromium engines, and it seems Gecko comes out strongly on top.
I also think that both intuitive, fine-grained permissions like uMatrix and comprehensive shortcut remapping are critical features. Rather than discussing them as extensions, I think this particular functionality should be tightly integrated.
uMatrix support for local storage and scripts could definitely be enhanced to provide more fine-grained control. For example, expanding a column into rows of individual cookies or scripts. The cookies could display their respective settings and values while the scripts could link to the dev tools viewer. I would also love to see support for whitelisting redirects and WebRTC per domain.
I also think some of the uMatrix functionality should be unnecessary in a better designed web browser. For example, the cookie management options.
On the topic of shortcut management, I use Vimium. The convenience with which I can override it's key mappings per domain is very nice.
Other extensions with functionality I would like to see integrated include:
The sort of extensions that I think should reasonably remain extensions include:
I assume ladybird does not yet have an extension platform for people to install add-ons, such as uBlock origin.
Recently Google went in to take down uBlock origin - see websites such as https://www.indiatoday.in/technology/news/story/using-ublock-origin-google-chrome-warns-users-it-is-going-to-ban-it-2577055-2024-08-05 but of course others (that one is just an example of many more news site reporting on Google's strategy right now. Of course they claim that Manifesto 3 is a change in general, but let's be brutally honest: they specifically want to get rid of ad-blocking, since this threatens their business model the most - the rest is just Google trying to disguise that).
The recommendation by the uBlock origin to move to Firefox does not work, IMO, because Firefox gave up the fight a long time ago already; got addicted to the influx of Google money, and also started to track users not too terribly long, so for me, I don't trust Firefox either. I am actually using thorium, so I succumbed to the Google Empire, as there are no more alternatives. Dictatorship now controls the world wide web. Which browser is going to stand up against any of that? Perhaps ladybird may be one day, but who knows. But anyway, back to the main topic (and this issue can be closed, no problem, it is more to start a bit of thoughts and discussions, specifically in regards as to what ladybird aims to achieve, for users.)
Obviously for any alternative, one needs to find a way that it remains truly open, rather than semi-open as Firefox (any organisation that tracks users, can not be trusted, in particular when it becomes addicted to influx of money from corporations, aka bribes).
So, narrowing these thoughts down more specifically for ladybird:
(1) Are there plans for ladybird to support extensions? If so, how? (I guess in the simplest way, the question is how user-content could be delivered via custom javascript code, which kind of satisfies at the least one part of an extension ecosystem; obviously another one would be how people can download these extensions, if there is anyone doing monitoring of it or will it end up as left-pad-2.0)
(2) Specifically in regards to blocking content (which can also happen outside of extensions, of course): does ladybird have any plans or strategy to handle a user wanting to specifically NOT see certain content? I refer to this in general, not just anti-ad blocking. People may, for whatever the reason they have, block more content. For instance, kiosk mode in a university campus site, may require different settings than a user at home on a classical desktop computer system. (Usually kiosk mode is more restricted in many ways.)