Finally got the popup on Chrome. Now I'm going to present a business case to make Firefox our default browser.

[-]

Key-Club-2308@reddit

im suprised your company allows you to install adblockers and other third party extensions

[-]

Emiroda@reddit

Adblocking is a US Gov (CISA) recommended practice for preventing malvertising.

[-]

Lukage@reddit

Don't tell my management. They insist that CISA isn't a reputable organization.

I was refused an explanation for this claim.

[-]

Key-Club-2308@reddit

well it is against EU privacy regulations, i have no information whatsoever about america

[-]

DominusDraco@reddit

Why would it be against privacy regulations? Its making things more private.

[-]

thats not how private is defined, you are allowing another 3rd party applet into your system. Even google drive cant be used to store customer data/reciepts whatsoever, you cant just trust "any" source, by the case of ublock origin im full for it since it is foss, but it is still a 3rd party applet

[-]

DominusDraco@reddit

What? You already have third party things, its called chrome, it gives plenty of your data to google.

[-]

Key-Club-2308@reddit

again, google is not trusted by many companies either, so chrome is out of the game anyways. you cannot avoid using a browser, but any extra extension is avoidable and not a must have and could have security concerns

[-]

HappyVlane@reddit

Out of the game in what way? Chrome is allowed to be used and so are ad blockers (speaking for Austria here). I have never heard anyone say anything otherwise.

Do you have a source for this?

[-]

Key-Club-2308@reddit

Wir sind eine Firma, die Daten verarbeitet und verwaltet. Jede weitere Erweiterung im Browser, die nicht nötig und nicht geprüft ist, stellt ein Problem bezüglich Datendiebstahl dar.

Selbst wenn es nur sporadische telemetriedaten sind, ist das nicht ok, sofern es nicht ein vertrauenswürdiger Anbieter ist, wie zb Microsoft.

[-]

HappyVlane@reddit

That's cool and all, but is this something you do because it's an internal policy or is this mandated by the GDPR?

[-]

Key-Club-2308@reddit

I made a mistake.

[-]

Emiroda@reddit

Denmark here, that's not at all how GDPR works.

[-]

DominusDraco@reddit

Australian Essential 8 also recommends ad blocking extensions be installed.

[-]

Kuipyr@reddit

Pretty common practice to install an adblock extension on your endpoints as it suppresses some potential attack vectors. All other extensions are usually blocked with some implementing a small list of allowed extensions.

[-]

planedrop@reddit

I don't understand why places aren't just pushing uBlock Lite out to fix this instead? Don't get me wrong, it's NOT as good as uBlock Origin, but it does get most of the job done.

I don't think pushing people to an inferior (in most respects) browser is the solution. Not only will you suffer with battery life issues, but Firefox still has compatibility issues with a pretty huge number of sites, are you then going to educate end users on opening another browser to work with those sites in specific?

There's just so many issues with this approach, sorry to say it.

This comes from someone who adores Firefox and comes from in depth experience with it as my sole browser for like 2 years straight; I'd never consider pushing it on my end users, in fact I've considered removing it since Mozilla's security team isn't as fast to respond as Google's and I've already had issues with some sites users need to use frequently.

[-]

toolskyn@reddit

I’d say the main thing is that ublock lite and similar extensions will work pretty ok right now by design, but as soon as Google has fully removed manifest v2 support they will slowly start introducing more and more unblockable (by v3 extensions) ads. It just makes a lot of sense to not have your browser built by the main advertising company on the web. Clearly incentives are completely unaligned for users of Chrome compared to what Google wants. Things like website incompatibilities will quickly be fixed as soon as other browsers gain more marketshare given the incentive for website developers is very clear.

Firefox definitely has its issues, but so has any other browser, you just don’t notice them for Chromium based browsers because websites have been optimized for them. I would never say everyone should switch to Firefox, because that would just result in the same problems as with every monopoly. Instead we should strive for a plurality of browsers, based on different technologies and with relatively equal mindshare and usage. That creates a healthy ecosystem where incentives for browser users and browser makes can be relatively aligned and makes sure we get the best browsers in the long run.

As sysadmins, programmers and technology enthousiasts, we have an obligation to the rest of the world to make sure we do get that kind of healthy ecosystem, for example by making sure that users have alternative browsers available and that our websites work for any major browser vendor and follow existing standards instead of relying on vendor specific behavior.

[-]

planedrop@reddit

You're right about incentives being misaligned, 100% with you on that, it's a big problem.

However, I'm not sure I agree that website compatibility will be fixed by people switching, simply because it would take SOOOOO many people, including normal users, to change in order for developers to care about making sites work properly with Gecko. I just don't feel like this is the reality we are living in, and I also feel like us, the tech community, has been saying that for like 12 years and nothing is changing.

we should strive for a plurality of browsers

I also agree with this, a browser monoculture is not good. However, I think a few things are important to note. First, every other browser is Chromium based now, except Safari and Firefox, which is a huge issue. But it's also important to note that a single browser engine running everything does have real advantages, sites can do more, it's easier on site developers, etc....

I'm not saying I want it, I'm saying there are real benefits to it too. And of course Chromium is just so much further developed than Firefox/Gecko, things like PWA support, webGPU, etc... are HUGE deals to moving the web forward.

I also agree there is some obligation from us to try and put change in place, but as someone who tried that for an extended period of time, I just couldn't do it anymore. When I was using Firefox as my exclusive browser, I had to open up a Chromium based on every-single-day for sites that were broken on Firefox. I also was suffering from like 30% worse battery life, more RAM usage, hotter/louder laptops, and to top it all off, no tab groups or PWA support.

It's one of those things where normally I am willing to take an inferior experience to try and support the "little guy", but only to a certain extent, sometimes the issues are just too big for it to make sense.

[-]

FlibblesHexEyes@reddit

This should be fun. We push uBlock Origin as part of our InTune policy.

Because the Security team says we have to (Tbf to them, I agree with them on blocking ads as security policy).

[-]

LotusTileMaster@reddit

The FBI recommends you use an adblocker. I think that is enough to get any CISO to be on board with an Adblock policy.

[-]

a60v@reddit

Why would anyone be against it? It saves bandwidth and employee time. It seems like a win-win for the company and its employees. I'm really shocked that anyone wasn't using ad-blocking software in 2010, and am even more shocked that there are people not using it in 2024.

[-]

LotusTileMaster@reddit

Surprisingly few people are using blockers.

[-]

rjchau@reddit

Because the Security team says we have to

Nowadays it's close to becoming a requirement. In Australia, most government agencies are required to become compliant with the ACSC's Essential 8 at at least level 1. The second item listed under User application hardening requires that "Web browsers do not process web advertisements from the internet".

Many cybersecurity insurers will also require adherance to the Essential 8 as well.

[-]

FlibblesHexEyes@reddit

Absolutely... I worked with the Security team to build our policies to meet E8 Level 2. It was the start of our migration to full ISM compliance (I'm also Australian).

[-]

chickenmonkee@reddit

Yeah we have it deployed for customers on ML1. We will probably have a look at uBO Lite or Cisco Umbrella client now with this coming in.

[-]

rpodric@reddit

Lite is definitely light. There's essentially nothing to it beyond how aggressive you want it to be, and I think in this case it's best run with the highest setting.

Its main competition seems to be the MV3 version of AdGuard, which is much more built out than Lite. I'm not sure if that's because of its head start or for some other reason. For example, it has the ability to update one of its filters (Quick Fixes) dynamically, which seems a major advantage since otherwise the entire extension needs to be updated to effect any rule changes.

[-]

tankerkiller125real@reddit

We block ad serving domains at the DNS level where I work. UBlock is basically just a backup for the annoying ads served direct from the website itself.

[-]

Candy_Badger@reddit

That's the best thing to do. We have DNS level block at work as well. I use pihole for the same thing at home too.

[-]

thewhippersnapper4@reddit

What are you running Pi-hole on for your home network?

[-]

Candy_Badger@reddit

It runs as a VM on my home KVM server. Works great.

[-]

jake04-20@reddit

Yep, I hate opening my ESPN fantasy app outside of work and home lol. So used to blocking the ads. I have friends come over to watch games and notice it too "Wait how did you do that?"

[-]

thewhippersnapper4@reddit

What are you running Pi-hole on for your home network?

[-]

jake04-20@reddit

dietpi vm

[-]

oShievy@reddit

What blocklists do you recommend for pihole?

[-]

jake04-20@reddit

Tbh the out of the box ones are pretty solid for my needs. I'm probably not the best to answer, at most I will manually block/whitelist domains (the chick-fil-a app didn't work with default block lists for instance, had to whitelist a domain) and I also have a lot of static DNS entries set up for various servers; that's about all the customization I've done to my pihole instance.

[-]

jake04-20@reddit

Can't always be behind the corporate firewall, which is why we have client level browser ad blocking as well.

[-]

tankerkiller125real@reddit

We just force the DNS to point towards the Cloudflare One Gateway, which works really well on it's own. And now we're starting to push out the actual VPN Client part of it, which will shove all the traffic through our network controls.

[-]

GrecoMontgomery@reddit

I find many orgs who pay for Cloudflare don't realize they've also purchased Cf Zero Trust, which is their version of Umbrella or Zscaler that's "unlocked" through the warp client. It's not as mature as either, but it gets the job done. One caveat is there isn't a category for blocking advertising (I assume they don't want to piss off their big customers). I upload the Steven Black blocklists though and it works great.

[-]

tankerkiller125real@reddit

Yep, I use a script to upload a couple lists all at once.

[-]

GrecoMontgomery@reddit

Same. For the few shortcomings of their service offering, their API is solid. And I know they'll keep building the service too. It's a good solution for many who probably don't realize they can.

[-]

FlibblesHexEyes@reddit

I would do that too, but we’re fully AADJ, and consider the laptop the perimeter as not everyone is in the office all the time.

Hope I don’t have to hack host files! Haha

[-]

tankerkiller125real@reddit

We force DoH on the browser level and DoT on the desktop level, and in our case we use Cloudflare One for the DNS Server.

For the ad blocking, this github repo can upload the lists to Cloudflare One for you https://github.com/mrrfv/cloudflare-gateway-pihole-scripts

For windows DoT you would want to create a script that can run:

netsh dns add global dot=yes

And then:
netsh dns add encryption server= dothost= autoupgrade=yes

Where the IP address goes after the server= keyword, and dothost is the TLS hostname (which Windows will validate). If you don't want host TLS validation use : instead.

I have yet to find a GPO policy for this stuff.

[-]

Senguin117@reddit

Anything like this that works with openDNS or OPNsense?

[-]

tankerkiller125real@reddit

OPnSense has native ad blocking capabilities in the Unbound DNS part (you can also configure Inbound to forward to DoT DNS resolvers)

I don't know anything about openDNS though.

[-]

RikiWardOG@reddit

Ya we recently rolled out netskope for this. Amongst other things as it's a full CASB

[-]

RikiWardOG@reddit

Look into something like Cisco umbrella maybe

[-]

BasicallyFake@reddit

we use umbrella to enforce policies like that, so it works while roaming

[-]

Oricol@reddit

Are you just using the advertisements category or are you uploading a custom list from something like pie hole?

[-]

polypolyman@reddit

Do evaluate uBOL - I'm still not through testing on it, but it's pretty close if you don't have any custom blocklists with particular features.

[-]

Fickle_Bit1481@reddit

Is there a way to set a custom whitelist like you can with the original uBO?

[-]

BuffaloRedshark@reddit

I wish some kind of ad blocker was pushed to our browsers at work. I'm really shocked they aren't considering that's an easy way of sending malicious code to pcs

[-]

ras344@reddit

There are way too many "Sponsored links" on Google that just bring you to one of those fake virus websites.

[-]

diablo75@reddit

I thought Raymond Hill, the guy who maintained uBlock Origin, had some fight with Mozilla recently and he decided to stop maintaining the plugin?

[-]

PsychoholicSlag@reddit

IIRC that was only uBO lite. uBO itself it still there.

[-]

Bad_Pointer@reddit

and UBO lite is being pushed/advised in half the posts above this one.

Jesus it's hard to keep up with all the wild security scams/shenanigans. (which is of course all part of the plan, exhaust the end user with endless bullshit until they just surrender to it. Similar to certain political parties lately)

[-]

VexingRaven@reddit

IMO you should not be pushing an adblock extension, especially one meant for personal use, to browsers. If you feel you must block ads, you should do so using your web filter. If you don't have a web filter... Maybe consider getting one?? Kind of insane to just let your users raw dog the web. Even if it's just a basic DNS filter, it's better than nothing.

[-]

segagamer@reddit (OP)

A few things

Staff are largely not in the office
What sites don't work/complain about not being Chrome?

We don't use Entra ID, we're a Google Workspace here.

[-]

VexingRaven@reddit

What sites don't work/complain about not being Chrome?

Usually some weird web app somebody needs right now for a deadline 5 minutes from now...

[-]

segagamer@reddit (OP)

If someone here actually ran into something like that, I don't think an adblocker would be necessary, and I'd just tell them to use Edge I think lol

[-]

NEBook_Worm@reddit

Already swapped my home browser to Duck Duck Go on all machines.

But yeah, businesses need to switch to Firefox.

[-]

BrentNewland@reddit

People suggest switching to FireFox.

I, however, have come to hate FireFox. If FireFox receives an update, and you don't restart FireFox to install it, after a while it will stop loading new sites, and stop loading content in new tabs. I tried every option to set updates to Manual or disable updates, nothing worked. I had to set a GPO to block updates to make it stop doing that.

[-]

BlackV@reddit

https://nvd.nist.gov/vuln/detail/CVE-2024-9680

https://www.youtube.com/watch?v=2RmUMmUj3u8

[-]

BrentNewland@reddit

I got so fed up with FireFox that I switched to exclusively using it to access my company's ticketing system about a month ago.

[-]

BlackV@reddit

never had this problem across our small fleet (and my own machines)

you weren't able to pin it down to anything ? plugin or similar ?

[-]

BrentNewland@reddit

It's a reported issue for FireFox. Sometimes it gives me an official error message when loading a new tab (Restart to continue browsing the web, or something like that). More often it just stops loading new pages.

[-]

Zenkin@reddit

Just use the tab session manager to save your spot, restart Firefox, and load that session back. You lose nothing but a couple seconds to reload tabs.

[-]

DarthPneumono@reddit

This is a built-in feature don't install some random plugin for it

[-]

SkiingAway@reddit

It's in Mozilla's recommended add-ons program, in theory at least it's regularly reviewed in-depth for safety by Mozilla.

I'm not saying I would necessarily authorize it for the workplace, but it's also not "some random plugin".

And it is quite useful - all of the major browsers have lost my session a number of times.

Not to mention the utility of being able to save a session with a ton of tabs on a certain thing and go back to it weeks or months later, not having to just keep that open forever.

[-]

Zenkin@reddit

It's not random to me. I've used it for three years or something like that, and it's been very reliable in comparison to the built-in feature.

[-]

BrentNewland@reddit

I've had all browsers lose my tab sessions too many times to not have a plugin that creates regular backups.

[-]

PlannedObsolescence_@reddit

I just use 'Startup: Open previous windows and tabs', the first option after opening Settings.

[-]

YKINMKBYKIOK@reddit

I mean...

[-]

BrentNewland@reddit

That doesn't work. It will stop it from installing the update, won't stop it from downloading the update and eventually refusing to load tabs.

[-]

Ruben_NL@reddit

Does it give a "please update/restart Firefox to continue browsing" message? If not, that's bad, but otherwise it's a important security measure.

[-]

BrentNewland@reddit

Sometimes it does, sometimes it just doesn't load pages and gives no error message.

[-]

mangonacre@reddit

I don't recall ever having a problem restarting to update, and I typically have 5-6 windows with 5-20 tabs each. Restarting takes just a few seconds, and it refreshes each page to where you were before when you click that tab, preserving logins and such. Even if it doesn't automatically restore the session, the Restore options under History in the menu work great. Seems a very small burden for keeping up-to-date with security patches, so I'm not understanding the hate towards Mozilla.

[-]

SysAdmin_D@reddit

As a Firefox slob - I blame the ADD - I routinely run 1000+ tabs. While I understand I need to get better at tab organization, Firefox is my enabler. It should be able to handle/run anything you throw at it, and is one of the reasons I never became a "Chrome Guy" Back in the day, my tab hoarding would crush Chrome (any my computers) regularly.

[-]

hells_cowbells@reddit

How? I've used Firefox nearly since the beginning, and never really used Chrome fire personal use, but we do use it at work. I've been getting very annoyed with Firefox lately, though because it is a massive memory hog on my Windows 10/11 systems. On one of my systems, I'll have maybe 8-10 tabs open, and it will use 4-5 gigs of memory and run like crap.

[-]

SysAdmin_D@reddit

First, I use it for personal and work. The basics are to have a good tab search add-on (All Tabs Helper), the a combination of session manager of some kind (in case of crash, but hasn't happened in a long time now) and set the option to re-open tabs from previous session, but keep them inactive until you land on them.

[-]

Arudinne@reddit

"too many tabs" open by our users is forcing our new baseline computer config to 32GB of RAM.

[-]

SysAdmin_D@reddit

I'm so sorry that my disciples are everywhere. Truly. At least I only burdened my own usage.

[-]

Arudinne@reddit

Lol. I am worse than most of my users. I have 96GB of RAM in my workstation and between Chrome and other things I regularly use at least half that.

[-]

plain_simple_garak_@reddit

Among the other suggestions, Firefox ESR (extended support release) should give you less frequent updates to deal with too.

[-]

Arudinne@reddit

We use Edge at work because it integrates with O365 the way Chrome does with Google Workspace.

Frankly - Firefox just doesn't have that and it's not something I want to support. Haven't tried uBlock Origin Lite because Edge hasn't pulled this shit yet. It's on the roadmap as TBD.

I need to find some time to test out uBlock Origin Lite

[-]

GolemancerVekk@reddit

This may help:

https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-asked-questions-(FAQ)#filtering-capabilities-which-cant-be-ported-to-mv3

[-]

Arudinne@reddit

Thanks for that!

it's meant as a reliable Lite version of uBO, suitable for those who used uBO in an install-and-forget manner

This is actually how we handle it so it sounds like we should be able to swap uBO for uBOL fairly easily.

[-]

frac6969@reddit

The only thing is that Lite has a first run screen and I had to a registry entry to disable that.

[-]

thelastquesadilla@reddit

Would you please share that reg entry?

[-]

frac6969@reddit

REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\cimighlppcgcoapaliogpjjdehbnofhn\policy" /v disableFirstRunPage /t REG_DWORD /d 1 /f

It's documented here.

[-]

thelastquesadilla@reddit

Thanks! I think I need my vision checked. I looked at that page but didn't see that section.

[-]

frac6969@reddit

No problem. It’s “documented” but they don’t give you the exact command and took me a bit to figure it out.

[-]

segagamer@reddit (OP)

We use Google Workspace, but it doesn't particularly integrate in any special way with Chrome other than having policies set once a user signs in.

[-]

Fickle_Bit1481@reddit

Edge will block ads reasonably well if you set Tracking Prevention to "Strict". It's not as effective as uBO, but it's something, and easy to manage exceptions via GPO.

[-]

jake04-20@reddit

Yep, I daily drive FF at home but the only browser I use at work is Edge because it integrates the best with M365.

[-]

A8Bit@reddit

We use Edge for the 365 integrations also. I've had both ublocks installed on Edge for a while. I've been experimenting with them for a few weeks, Lite seems to be as effective for most websites as Origin was.

[-]

Arudinne@reddit

Yeah, I've heard it works well and plan to look into it myself.

I just have bigger dumpster fires to roast marshmallows over right now

[-]

SoonerMedic72@reddit

I have been looking into the Island browser. I like that they designed the browser to be secure from the ground. Plus it integrates all the browsing related functions into one thing instead of a whole bunch of stuff. Just got to get the penny pinchers on board.

[-]

polypolyman@reddit

set-itemproperty -path HKLM:\SOFTWARE\Policies\Google\Chrome\ -name ExtensionManifestV2Availability -Type DWord -Value 2

...will give you until June 2025 to figure this out. Use value 3 to only allow for force-installed extensions instead.

[-]

segagamer@reddit (OP)

Thanks for this.

[-]

Penetal@reddit

If you have a hard time getting the green light for changes, you might consider waiting a bit before the temporary fix "is ready" so they can feel the pain and you won't have to rush a fix when the time is up.

[-]

polypolyman@reddit

Google suggests to edit the plist, or if it's tied to a workspace account, you can just use Cloud policies on Chrome Enterprise.

Exact details for the plist version left as an exercise to the reader. In Chrome Enterprise, it's Devices->Chrome->Settings, User & Browser settings, then under Apps and extensions, it's "Manifest V2 extension availability"

[-]

segagamer@reddit (OP)

Ah it's in Google Workspace. I'll just enable it on there then.

You're the best, thank you.

[-]

yodaut@reddit

from here:

https://www.reddit.com/r/chrome/comments/1d799pa/tutorial_on_how_to_enable_manifest_v2_extensions/

defaults write com.google.Chrome.plist ExtensionManifestV2Availability -int 2

[-]

trooper5010@reddit

How do you/other people find these registries to edit to fix this specific of an issue?

[-]

polypolyman@reddit

In this case, this is all standard Chrome management stuff - I tend to convert the ADMX versions of things to plain registry due to how my management software works, but all this is possible in GPO, Chrome Enterprise, and a few other places as well.

When we set up the Chrome deployment in the first place, we decided on a bunch of these policies to make things work better - this one wasn't around back then, but when I got notification that they were ending MV2, and offering a setting to extend support, I immediately added it to our policy pack. When a thread like this comes along, I just pull from the management software (i.e. that line, with value 3, exists as-is as deployed here).

Some of them are truly arcane, like the Windows 11 context menu fix - I wouldn't know about that except for the news articles about it. You could probably use something like RegistryChangesViewer (and others) to figure it out, and indeed I've done that for some of the less obvious settings (although I'm not sure I could figure out that context menu fix on my own).

Some of them are very standard, and if not directly documented by MS, can be converted out of the ADMX templates - remember that any of the Administrative Templates (and then a few more) in gpedit are just registry changes (doing it in gpedit also sets another flag that the option was set there, but that's not necessary to the functionality). A bunch of software provides these templates for management, and they all convert the same way.

[-]

tdhuck@reddit

Steve Gibson from GRC has a shortcut for this for those that don't want to manually do anything.

https://grc.sc/v2

Here are the notes from the podcast where he talks about it.

https://www.grc.com/sn/sn-995.pdf

For Windows systems, this policy can be applied by adding a 32-bit DWORD value to the Windows registry. It can be done by hand or by executing a .REG registry file. And you know this is coming; right? To make this as easy and foolproof as possible for our listeners, I've created a GRC shortcut which will allow you to instantly obtain a three-line, it's very simple, registry file from me. So the shortcut is grc.sc/v2. That will offer your browser a file to download named "V2Extension.reg." You can open it in a text editor to verify its contents or to get, if you want to do it by hand, which you're certainly welcome to, to get the exact spelling of everything because that's got to be exactly right. Either way, you can double-click on the file to execute it.

Since the file has come to you from the Internet, it will carry the "Mark of the Web," which will cause Windows to scrutinize it further. Since .REG files are just text files, I cannot digitally sign that. So I was unable to give it GRC's blessing. So Windows will inform you that the source of the file cannot be verified, and ask if you're sure. Once you say, "Yeah, it's okay, I know that guy," you'll get another pop-up, this time from the Registry Editor explaining that running .REG files can mess things up, and that you should only proceed if you know and trust the source of the file and you're sure you want to continue. If you click "Yes," your system will have added a policy to Chrome instructing it to continue allowing Manifest V2 extensions to run without harassment until next summer.

A cool thing you can do, either before or after, actually it'd be fun to do it both, is there's a different URL you can put into Chrome, chrome://policy. That will show you any policies that are set in Chrome. I didn't have any before. After I ran this registry tweak, sure enough, there it displayed the policy that was in place. And when I went back to chrome://extensions, that warning message about uBlock Origin was gone. So Chrome is no longer nervous about me running a V2 extension. And now I get to keep uBlock Origin for Chrome, not that I use Chrome very much. But sometimes I do. I get to keep it until June of 2025.

[-]

dleewee@reddit

Holy sh*t Security Now is still active.

[-]

tdhuck@reddit

Yeah, going for ep 1000 soon.

[-]

z3r0w0rm@reddit

Nothing is going to change mights as well rip the bandaid off now. No point in waiting until June 2025.

[-]

Candid_Economy4894@reddit

He put the reason why he recommended this in the post. The point is that you have until June 2025 to do something else, like switch the company to Firefox.

[-]

BossSAa@reddit

This was useful thanks

[-]

survivalist_guy@reddit

You marvelous sysadmin.

[-]

TheShirtNinja@reddit

You can do this with Group Policy as well. I saw this coming a few months ago and updated our policies to continue to allow Mv2 extensions.

[-]

jmbpiano@reddit

Edge, Brave, whatever other Chromium thing, I just quite simply don't trust you to not do the same soon.

I can certainly think of other reasons you might not want to use Brave, but this ain't one of them. The fact they're explicitly going to continue supporting uBO even after Chrome removes upstream support is one of the selling points they're using to try and get more users.

[-]

InsaneNutter@reddit

I can certainly think of other reasons you might not want to use Brave

Indeed, personally think Brave is pretty untrustworthy for many of the reasons listed here: https://www.reddit.com/r/privacy/comments/191yu33/why_is_brave_highly_disliked_in_the_privacy/kh3nuy3/

[-]

mrdeadsniper@reddit

Lol I was expecting to see a list of things that were basically not-open source complaints which kind of make perfect sense if you are trying to obscure your ad blocking methodologies to potentially malicious ad creators.

But nope.. its a bunch of straight up unethical to illegal stuff.

[-]

TecheunTatorTots@reddit

Brave has built-in ad block. You don't even need uBlock. They update it frequently enough that I've never felt the need to update the block-list manually; although, I think you can tweak that in the settings somewhere. It'll block everything, including YouTube adds. Everything else, I just block at the domain level with Pi-Hole.

[-]

jmbpiano@reddit

It does and I've been testing out Brave as a daily driver on my home PC for a while, but I still prefer to install uBlock. If nothing else, the Element Zapper is a killer feature.

[-]

TecheunTatorTots@reddit

Fair enough. Yeah, you totally could do that too. They plan to support it for a while, it seems. I just figured I'd mention it for anybody that didn't know.

[-]

patrik67@reddit

Chrome is the worst browser you can use (because of performance, privacy). Idk why someone want to use it.

[-]

cOSHi_bla@reddit

I was using firefox until I moved to brave. Much faster but firedox is more forgiving with legacy ciphers

[-]

psych0fish@reddit

Something that brings me great pain is watching the web go from “sites only work in IE” to a mostly open standards web and now full circle back to “sites only work in Firefox”.

It’s inexcusable sites are not developed for nor tested for Firefox but it’s a sad reality. I personally use Firefox as my personal daily driver in desktop but run into wired issues that disappear in chrome. I cannot imagine trying to support that at any meaningful scale.

[-]

InsaneNutter@reddit

I do agree its sad we have come full circle and the dominant browser engine is now controlled by an advertising company putting its own interests first.

In my limited testing I've found Firefox generally works well enough, however your right about the weird issues. I've come across a couple in the Magento 2 back end.

[-]

xombiemaster@reddit

Do you not have a content filter on your firewall? Or pay for a service like umbrella? Those services are more effective and secure than loading up a browser with extensions and forcing users to switch to Firefox

[-]

MrYiff@reddit

Yep, sadly this will likely end up happening to all Chromium based browsers eventually as the amount of dev work needed to keep it v2 maintained and working will probably end up being too much (and I imagine Google will attempt to make this as hard as possible).

[-]

kagato87@reddit

The core driver of this change does appear to be, as uBlock claims, to protect their ad market.

Unless Mozilla Foundation can bring an anti-trust lawsuit against Google, you can bet every effort will continue to be made to kill ad blockers.

[-]

MrYiff@reddit

The odds of Mozilla bringing action against Google when Google are one of the biggest funding sources for them seems pretty low imo.

[-]

KrazyKirby99999@reddit

The Mozilla Foundation is bringing ads to Firefox, so you can feel confident that they won't try to protect adblockers.

[-]

BlackV@reddit

Unless Mozilla Foundation can bring an anti-trust lawsuit against Google

and loose the millions google already gives them yearly?

[-]

kagato87@reddit

That's the issue.

It'd be a difficult battle, especially since Google can afford lots of lawyers.

[-]

BlackV@reddit

so many lawyers :(

[-]

Hunter8Line@reddit

The issue too is it's conflicting standards too. Google tried with privacy sandbox that got struck down for being anti-competitive too

[-]

ThimMerrilyn@reddit

Jokes on you! My users have a choice of either Edge or Edge !

[-]

YetAnotherSysadmin58@reddit

Thanks to the naming conventions of Microsoft it could be meant as Edge (the one that replaced Internet explorer and had its own engine before MS aborted it) or Chredge, the Chromium fork they now use.

[-]

FlibblesHexEyes@reddit

For anyone with an Intune remediation license, here's some scripts to push the registry key that allows Chrome to continue to use ManifestV2 - at least until June 2025 (assuming Google don't change their minds between now and then).

Detection:

$RegistryPath = "HKLM:\SOFTWARE\Policies\Google\Chrome"

# Check if the registry key exists
if (Test-Path $RegistryPath) {
    # Check if the registry value exists
    if (Get-ItemProperty -Path $RegistryPath -Name "ExtensionManifestV2Availability" -ErrorAction SilentlyContinue) {
        $ExtensionInstallForcelist = Get-ItemProperty -Path $RegistryPath -Name "ExtensionManifestV2Availability"

        # Check if the value is set to 2
        if ($($ExtensionInstallForcelist.ExtensionManifestV2Availability) -eq 2) {
            Write-Output "Compliant"
            Exit 0
        }
        else {
            Write-Output "Not Compliant: Chrome registry value is not set to 2"
            Exit 1
        }
    }
 else {
        Write-Output "Not Compliant: Chrome registry value not found"
        Exit 1
    }
}
else {
    Write-Output "Not Compliant: Chrome registry key not found"
    Exit 1
}

And Remediation:

$RegistryPath = "HKLM:\SOFTWARE\Policies\Google\Chrome"

# Check if the registry key exists
if (Test-Path $RegistryPath) {
    Write-Output "Compliant: Chrome registry key found"
}
else {
    # Create the registry key if it does not exist
    New-Item -Path $RegistryPath -Force | Out-Null
}

# Check if the registry value exists
if (Get-ItemProperty -Path $RegistryPath -Name "ExtensionManifestV2Availability" -ErrorAction SilentlyContinue) {
    Write-Output "Compliant: Chrome registry value found"
}
else {
    New-ItemProperty -Path $RegistryPath -Name "ExtensionManifestV2Availability" -Value 2 -PropertyType DWORD -Force | Out-Null
}

# Check if the value is set to 2
$ExtensionInstallForcelist = Get-ItemProperty -Path $RegistryPath -Name "ExtensionManifestV2Availability"
if ($($ExtensionInstallForcelist.ExtensionManifestV2Availability) -eq 2) {
    Write-Output "Compliant: Chrome registry value is set to 2"
    Exit 0
}
else {
    Write-Output "Not Compliant: Chrome registry value is not set to 2"
    Exit 1
}

Hope this helps!

[-]

Mediocre-Ad-6847@reddit

If you have internal certificate authorities, remember to use the settings to force FireFox to use the local Crypto store on your Windows workstations. Otherwise you'll be in for a nasty launch...

[-]

rthonpm@reddit

Set by GPO for us.

[-]

hankhillnsfw@reddit

Vivaldi is the best browser I have ever used.

[-]

rthonpm@reddit

Still just a Chrome variant.

[-]

jonney2069@reddit

This has to be one of the worst decisions Google has made in recent history. I'm on FF as well now.

[-]

Sekhen@reddit

If it has to be Chrome, get Vivaldi instead.

Both are chromium based, but. Vivaldi has no tracking or telemetry going. It's an extremely "silent" browser. More so than Firefox I believe.

[-]

TecheunTatorTots@reddit

Vivaldi is a good choice. However, it isn't open source, so that might deter some. Also, it has a ton of customization options; which may or may not be good for standardization throughout your environment. But it is definitely a good suggestion.

[-]

icedcougar@reddit

Netskope / zscaler - block ads with it

Really should be using a web gateway or casb etc these days.

Plus allows you to do away with old school vpn connections.

[-]

HaveLaserWillTravel@reddit

We can’t make the switch for the company, but you bet your ass I have on everything I own

[-]

Rental_Car@reddit

I love Brave. My adblockers dont even see the ads because the browser has already blocked them. So I deleted them. Even after that, I have never seed an ad on YT, which for me proves the chromium paranoia I keep hearing about is unfounded. I never see ads *anywhere*, in fact, with zero effort on my part.

[-]

bjc1960@reddit

I wish the OP luck on this, and I see it as admirable. I suspect he will get as much pushback from his business partners as I do trying to teach 10 Italian grandmothers that they need to change their spaghetti sauce recipe.

[-]

fuzzynavelsniffer@reddit

If OP changes the Firefox icon to Chrome, I doubt most people would even notice.

[-]

moderatenerd@reddit

Using brave you don't get this issue.

[-]

unixuser011@reddit

Stupid question, has Edge adopted this also?

[-]

agent-bagent@reddit

Every Chromium browser will have to if they want to continue pulling builds downstream. They could fork Chromium, but I highly doubt it. Particularly with Edge, as it was a huge deal [internally] when they chose to abandon Spartan (classic MS Edge that debuted with Win10) for a Chromium-based one.

[-]

techypunk@reddit

Brave is not since its built in

[-]

agent-bagent@reddit

Yeah their build process is an effective fork every release...

[-]

Dracozirion@reddit

No, but it will. Date yet to be announced.

[-]

BloodFeastMan@reddit

Your timing is impeccable :)

[-]

Kuipyr@reddit

Edge + Ublock Origin Lite is working well for us.

Working to force use of Edge, done with pushing and updating external browsers.

[-]

can_a_bus@reddit

Copying from another comment. It looks like edge will eventually go the way of Chrome and depreciate manifest v2 completely. It's just TBD

https://learn.microsoft.com/en-us/microsoft-edge/extensions-chromium/developer-guide/manifest-v3#manifest-timeline-for-microsoft-edge-and-partner-center

[-]

kuzared@reddit

For my private machine, I never left Firefox. Been using it since ~0.7.

Besides that I’ve been using Edge.

[-]

PMSysadmin@reddit

I changed us over to uBlock Lite, and that's been just fine over the last few months.

[-]

Darkk_Knight@reddit

Firefox for the win. Also, Brave already have ad blocker built in.

[-]

GYNAD4EVER@reddit

Why not use brave as a browser?

[-]

sryan2k1@reddit

Because this is a business not your gaming rig.

[-]

GYNAD4EVER@reddit

Cool. I assume it has it's own security issues?

[-]

sryan2k1@reddit

No it's the fact that no normal person has heard of it and it's unsupported. I can call microsoft for problems with Edge

[-]

Itsquantium@reddit

It ain’t unsupported. Wtf are you even on about? Brave has their own GPO .adm files too. You must be one of those managers that only manage people huh. Probably never even touched AD other than to reset passwords. It is easier to just use edge for everything, but you could definitely make the switch to brave if you wanted.

[-]

Emiroda@reddit

Stop trying to be a cowboy.

[-]

Itsquantium@reddit

Can’t be a cowboy with applocker

[-]

GYNAD4EVER@reddit

That's making sense. Apologies if the question bothered you or op, I'm studying at the moment to hopefully later on become sysadmin so was curious of what aspects would make one browser more appealing than others

[-]

DarraignTheSane@reddit

There are 4 browsers in the workplace / business world - Chrome, Edge, Firefox, and Safari. Anything other than those would be considered hobbyist, non-standard browsers.

[-]

segagamer@reddit (OP)

It's Chromium based so I don't trust it

[-]

IAmTheM4ilm4n@reddit

Several EDRs also flag the Tor browser elements embedded in Brave.

[-]

GYNAD4EVER@reddit

That makes sense. Thank you both for the explanation.

[-]

goferking@reddit

what others said, plus it does it's own version of serving adds plus the crypto component.

https://www.spacebar.news/stop-using-brave-browser/

[-]

SkiingAway@reddit

It's Chromium based, so the effects of this change will likely eventually filter down to it in many respects.
AFAIK it doesn't really have any enterprise-oriented functionality, so things like mandating updates/settings and the like is harder, and deployment is a bit more work.
The whole BAT thing is a big, big no for a lot of reasons in most enterprises. And because of the previous point, it's not easy to keep users from doing it.

[-]

GYNAD4EVER@reddit

The points you bring up are very informative and provide an pov that I would've not seen on my own.

[-]

tnpeel@reddit

I made Firefox my Daily Driver a few months ago and it has been working great for most things. Occasionally I have to pull out Chrome for an odd site that doesn't work properly, but it works great 99% of the time. I really like having uBlock Origin on my Android phone for when I'm not home under my PiHole umbrella.

[-]

andyr354@reddit

I have been using Ublock Origin Lite and it's working fine.

[-]

bigmadsmolyeet@reddit

Can you expand on your experience? Can you notice a difference ?

[-]

GolemancerVekk@reddit

https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-asked-questions-(FAQ)#filtering-capabilities-which-cant-be-ported-to-mv3

[-]

SuspiciousOpposite@reddit

I did nothing on uBO other than whitelist a couple of my company’s domains. I’ve been able to do the same with uBOL and still get all my ads blocked, inc. YouTube. Seems exactly the same for me so far.

[-]

andyr354@reddit

I notice nothing different. Just has less custom settings.

[-]

LRS_David@reddit

If you are looking for the perfect browser, well good luck. Report back in a decade and tell us about your journey.

On my primary Mac I use Safari, Firefox, and Chrome every day. My fingers like Firefox. But at times it just doesn't work on some web sites. So I flip to Chrome. Or Safari.

MOST of the time I can get one of them to work without fiddling with settings. And these are NOT for porn or similar sites. Things like a software vendor's dashboard. Or a doctor's office. Or ...

[-]

Psymon_@reddit

Is this an apple thing, Firefox not working for some sites? I use firefox for the last 20 years at least and never had sites not working that would work on other browsers. Besides old ie crap. Have been using it on Windows, Linux and Android only though.

[-]

(Love it for personal. And for annoying my co-workers by stressing the "for gamers" part)

[-]

2Tech2Tech@reddit

firefox nation

[-]

jfreak53@reddit

Firefox enterprise will make you very happy