Finally got the popup on Chrome. Now I'm going to present a business case to make Firefox our default browser.
Posted by segagamer@reddit | sysadmin | View on Reddit | 187 comments
https://imgbox.com/uiCKaZ6H
Thanks Chrome, nice knowing ya!
Edge, Brave, whatever other Chromium thing, I just quite simply don't trust you to not do the same soon.
Firefox, please be nice, and not give me grief. Your ADMX templates are annoying to configure though...
Key-Club-2308@reddit
im suprised your company allows you to install adblockers and other third party extensions
Emiroda@reddit
Adblocking is a US Gov (CISA) recommended practice for preventing malvertising.
Lukage@reddit
Don't tell my management. They insist that CISA isn't a reputable organization.
I was refused an explanation for this claim.
Key-Club-2308@reddit
well it is against EU privacy regulations, i have no information whatsoever about america
DominusDraco@reddit
Why would it be against privacy regulations? Its making things more private.
Key-Club-2308@reddit
thats not how private is defined, you are allowing another 3rd party applet into your system. Even google drive cant be used to store customer data/reciepts whatsoever, you cant just trust "any" source, by the case of ublock origin im full for it since it is foss, but it is still a 3rd party applet
DominusDraco@reddit
What? You already have third party things, its called chrome, it gives plenty of your data to google.
Key-Club-2308@reddit
again, google is not trusted by many companies either, so chrome is out of the game anyways. you cannot avoid using a browser, but any extra extension is avoidable and not a must have and could have security concerns
HappyVlane@reddit
Out of the game in what way? Chrome is allowed to be used and so are ad blockers (speaking for Austria here). I have never heard anyone say anything otherwise.
Do you have a source for this?
Key-Club-2308@reddit
Wir sind eine Firma, die Daten verarbeitet und verwaltet. Jede weitere Erweiterung im Browser, die nicht nötig und nicht geprüft ist, stellt ein Problem bezüglich Datendiebstahl dar.
Selbst wenn es nur sporadische telemetriedaten sind, ist das nicht ok, sofern es nicht ein vertrauenswürdiger Anbieter ist, wie zb Microsoft.
HappyVlane@reddit
That's cool and all, but is this something you do because it's an internal policy or is this mandated by the GDPR?
Key-Club-2308@reddit
I made a mistake.
Emiroda@reddit
Denmark here, that's not at all how GDPR works.
DominusDraco@reddit
Australian Essential 8 also recommends ad blocking extensions be installed.
Kuipyr@reddit
Pretty common practice to install an adblock extension on your endpoints as it suppresses some potential attack vectors. All other extensions are usually blocked with some implementing a small list of allowed extensions.
planedrop@reddit
I don't understand why places aren't just pushing uBlock Lite out to fix this instead? Don't get me wrong, it's NOT as good as uBlock Origin, but it does get most of the job done.
I don't think pushing people to an inferior (in most respects) browser is the solution. Not only will you suffer with battery life issues, but Firefox still has compatibility issues with a pretty huge number of sites, are you then going to educate end users on opening another browser to work with those sites in specific?
There's just so many issues with this approach, sorry to say it.
This comes from someone who adores Firefox and comes from in depth experience with it as my sole browser for like 2 years straight; I'd never consider pushing it on my end users, in fact I've considered removing it since Mozilla's security team isn't as fast to respond as Google's and I've already had issues with some sites users need to use frequently.
toolskyn@reddit
I’d say the main thing is that ublock lite and similar extensions will work pretty ok right now by design, but as soon as Google has fully removed manifest v2 support they will slowly start introducing more and more unblockable (by v3 extensions) ads. It just makes a lot of sense to not have your browser built by the main advertising company on the web. Clearly incentives are completely unaligned for users of Chrome compared to what Google wants. Things like website incompatibilities will quickly be fixed as soon as other browsers gain more marketshare given the incentive for website developers is very clear.
Firefox definitely has its issues, but so has any other browser, you just don’t notice them for Chromium based browsers because websites have been optimized for them. I would never say everyone should switch to Firefox, because that would just result in the same problems as with every monopoly. Instead we should strive for a plurality of browsers, based on different technologies and with relatively equal mindshare and usage. That creates a healthy ecosystem where incentives for browser users and browser makes can be relatively aligned and makes sure we get the best browsers in the long run.
As sysadmins, programmers and technology enthousiasts, we have an obligation to the rest of the world to make sure we do get that kind of healthy ecosystem, for example by making sure that users have alternative browsers available and that our websites work for any major browser vendor and follow existing standards instead of relying on vendor specific behavior.
planedrop@reddit
You're right about incentives being misaligned, 100% with you on that, it's a big problem.
However, I'm not sure I agree that website compatibility will be fixed by people switching, simply because it would take SOOOOO many people, including normal users, to change in order for developers to care about making sites work properly with Gecko. I just don't feel like this is the reality we are living in, and I also feel like us, the tech community, has been saying that for like 12 years and nothing is changing.
I also agree with this, a browser monoculture is not good. However, I think a few things are important to note. First, every other browser is Chromium based now, except Safari and Firefox, which is a huge issue. But it's also important to note that a single browser engine running everything does have real advantages, sites can do more, it's easier on site developers, etc....
I'm not saying I want it, I'm saying there are real benefits to it too. And of course Chromium is just so much further developed than Firefox/Gecko, things like PWA support, webGPU, etc... are HUGE deals to moving the web forward.
I also agree there is some obligation from us to try and put change in place, but as someone who tried that for an extended period of time, I just couldn't do it anymore. When I was using Firefox as my exclusive browser, I had to open up a Chromium based on every-single-day for sites that were broken on Firefox. I also was suffering from like 30% worse battery life, more RAM usage, hotter/louder laptops, and to top it all off, no tab groups or PWA support.
It's one of those things where normally I am willing to take an inferior experience to try and support the "little guy", but only to a certain extent, sometimes the issues are just too big for it to make sense.
FlibblesHexEyes@reddit
This should be fun. We push uBlock Origin as part of our InTune policy.
Because the Security team says we have to (Tbf to them, I agree with them on blocking ads as security policy).
LotusTileMaster@reddit
The FBI recommends you use an adblocker. I think that is enough to get any CISO to be on board with an Adblock policy.
a60v@reddit
Why would anyone be against it? It saves bandwidth and employee time. It seems like a win-win for the company and its employees. I'm really shocked that anyone wasn't using ad-blocking software in 2010, and am even more shocked that there are people not using it in 2024.
LotusTileMaster@reddit
Surprisingly few people are using blockers.
rjchau@reddit
Nowadays it's close to becoming a requirement. In Australia, most government agencies are required to become compliant with the ACSC's Essential 8 at at least level 1. The second item listed under User application hardening requires that "Web browsers do not process web advertisements from the internet".
Many cybersecurity insurers will also require adherance to the Essential 8 as well.
FlibblesHexEyes@reddit
Absolutely... I worked with the Security team to build our policies to meet E8 Level 2. It was the start of our migration to full ISM compliance (I'm also Australian).
chickenmonkee@reddit
Yeah we have it deployed for customers on ML1. We will probably have a look at uBO Lite or Cisco Umbrella client now with this coming in.
rpodric@reddit
Lite is definitely light. There's essentially nothing to it beyond how aggressive you want it to be, and I think in this case it's best run with the highest setting.
Its main competition seems to be the MV3 version of AdGuard, which is much more built out than Lite. I'm not sure if that's because of its head start or for some other reason. For example, it has the ability to update one of its filters (Quick Fixes) dynamically, which seems a major advantage since otherwise the entire extension needs to be updated to effect any rule changes.
tankerkiller125real@reddit
We block ad serving domains at the DNS level where I work. UBlock is basically just a backup for the annoying ads served direct from the website itself.
Candy_Badger@reddit
That's the best thing to do. We have DNS level block at work as well. I use pihole for the same thing at home too.
thewhippersnapper4@reddit
What are you running Pi-hole on for your home network?
Candy_Badger@reddit
It runs as a VM on my home KVM server. Works great.
jake04-20@reddit
Yep, I hate opening my ESPN fantasy app outside of work and home lol. So used to blocking the ads. I have friends come over to watch games and notice it too "Wait how did you do that?"
thewhippersnapper4@reddit
What are you running Pi-hole on for your home network?
jake04-20@reddit
dietpi vm
oShievy@reddit
What blocklists do you recommend for pihole?
jake04-20@reddit
Tbh the out of the box ones are pretty solid for my needs. I'm probably not the best to answer, at most I will manually block/whitelist domains (the chick-fil-a app didn't work with default block lists for instance, had to whitelist a domain) and I also have a lot of static DNS entries set up for various servers; that's about all the customization I've done to my pihole instance.
jake04-20@reddit
Can't always be behind the corporate firewall, which is why we have client level browser ad blocking as well.
tankerkiller125real@reddit
We just force the DNS to point towards the Cloudflare One Gateway, which works really well on it's own. And now we're starting to push out the actual VPN Client part of it, which will shove all the traffic through our network controls.
GrecoMontgomery@reddit
I find many orgs who pay for Cloudflare don't realize they've also purchased Cf Zero Trust, which is their version of Umbrella or Zscaler that's "unlocked" through the warp client. It's not as mature as either, but it gets the job done. One caveat is there isn't a category for blocking advertising (I assume they don't want to piss off their big customers). I upload the Steven Black blocklists though and it works great.
tankerkiller125real@reddit
Yep, I use a script to upload a couple lists all at once.
GrecoMontgomery@reddit
Same. For the few shortcomings of their service offering, their API is solid. And I know they'll keep building the service too. It's a good solution for many who probably don't realize they can.
FlibblesHexEyes@reddit
I would do that too, but we’re fully AADJ, and consider the laptop the perimeter as not everyone is in the office all the time.
Hope I don’t have to hack host files! Haha
tankerkiller125real@reddit
We force DoH on the browser level and DoT on the desktop level, and in our case we use Cloudflare One for the DNS Server.
For the ad blocking, this github repo can upload the lists to Cloudflare One for you https://github.com/mrrfv/cloudflare-gateway-pihole-scripts
For windows DoT you would want to create a script that can run:
netsh dns add global dot=yes
And then:
netsh dns add encryption server= dothost= autoupgrade=yes
Where the IP address goes after the server= keyword, and dothost is the TLS hostname (which Windows will validate). If you don't want host TLS validation use : instead.
I have yet to find a GPO policy for this stuff.
Senguin117@reddit
Anything like this that works with openDNS or OPNsense?
tankerkiller125real@reddit
OPnSense has native ad blocking capabilities in the Unbound DNS part (you can also configure Inbound to forward to DoT DNS resolvers)
I don't know anything about openDNS though.
RikiWardOG@reddit
Ya we recently rolled out netskope for this. Amongst other things as it's a full CASB
RikiWardOG@reddit
Look into something like Cisco umbrella maybe
BasicallyFake@reddit
we use umbrella to enforce policies like that, so it works while roaming
Oricol@reddit
Are you just using the advertisements category or are you uploading a custom list from something like pie hole?
polypolyman@reddit
Do evaluate uBOL - I'm still not through testing on it, but it's pretty close if you don't have any custom blocklists with particular features.
Fickle_Bit1481@reddit
Is there a way to set a custom whitelist like you can with the original uBO?
BuffaloRedshark@reddit
I wish some kind of ad blocker was pushed to our browsers at work. I'm really shocked they aren't considering that's an easy way of sending malicious code to pcs
ras344@reddit
There are way too many "Sponsored links" on Google that just bring you to one of those fake virus websites.
diablo75@reddit
I thought Raymond Hill, the guy who maintained uBlock Origin, had some fight with Mozilla recently and he decided to stop maintaining the plugin?
PsychoholicSlag@reddit
IIRC that was only uBO lite. uBO itself it still there.
Bad_Pointer@reddit
and UBO lite is being pushed/advised in half the posts above this one.
Jesus it's hard to keep up with all the wild security scams/shenanigans. (which is of course all part of the plan, exhaust the end user with endless bullshit until they just surrender to it. Similar to certain political parties lately)
VexingRaven@reddit
IMO you should not be pushing an adblock extension, especially one meant for personal use, to browsers. If you feel you must block ads, you should do so using your web filter. If you don't have a web filter... Maybe consider getting one?? Kind of insane to just let your users raw dog the web. Even if it's just a basic DNS filter, it's better than nothing.
segagamer@reddit (OP)
A few things
Staff are largely not in the office
What sites don't work/complain about not being Chrome?
We don't use Entra ID, we're a Google Workspace here.
VexingRaven@reddit
Usually some weird web app somebody needs right now for a deadline 5 minutes from now...
segagamer@reddit (OP)
If someone here actually ran into something like that, I don't think an adblocker would be necessary, and I'd just tell them to use Edge I think lol
NEBook_Worm@reddit
Already swapped my home browser to Duck Duck Go on all machines.
But yeah, businesses need to switch to Firefox.
BrentNewland@reddit
People suggest switching to FireFox.
I, however, have come to hate FireFox. If FireFox receives an update, and you don't restart FireFox to install it, after a while it will stop loading new sites, and stop loading content in new tabs. I tried every option to set updates to Manual or disable updates, nothing worked. I had to set a GPO to block updates to make it stop doing that.
BlackV@reddit
https://nvd.nist.gov/vuln/detail/CVE-2024-9680
https://www.youtube.com/watch?v=2RmUMmUj3u8
BrentNewland@reddit
I got so fed up with FireFox that I switched to exclusively using it to access my company's ticketing system about a month ago.
BlackV@reddit
never had this problem across our small fleet (and my own machines)
you weren't able to pin it down to anything ? plugin or similar ?
BrentNewland@reddit
It's a reported issue for FireFox. Sometimes it gives me an official error message when loading a new tab (Restart to continue browsing the web, or something like that). More often it just stops loading new pages.
Zenkin@reddit
Just use the tab session manager to save your spot, restart Firefox, and load that session back. You lose nothing but a couple seconds to reload tabs.
DarthPneumono@reddit
This is a built-in feature don't install some random plugin for it
SkiingAway@reddit
It's in Mozilla's recommended add-ons program, in theory at least it's regularly reviewed in-depth for safety by Mozilla.
I'm not saying I would necessarily authorize it for the workplace, but it's also not "some random plugin".
And it is quite useful - all of the major browsers have lost my session a number of times.
Not to mention the utility of being able to save a session with a ton of tabs on a certain thing and go back to it weeks or months later, not having to just keep that open forever.
Zenkin@reddit
It's not random to me. I've used it for three years or something like that, and it's been very reliable in comparison to the built-in feature.
BrentNewland@reddit
I've had all browsers lose my tab sessions too many times to not have a plugin that creates regular backups.
PlannedObsolescence_@reddit
I just use 'Startup: Open previous windows and tabs', the first option after opening Settings.
YKINMKBYKIOK@reddit
I mean...
BrentNewland@reddit
That doesn't work. It will stop it from installing the update, won't stop it from downloading the update and eventually refusing to load tabs.
Ruben_NL@reddit
Does it give a "please update/restart Firefox to continue browsing" message? If not, that's bad, but otherwise it's a important security measure.
BrentNewland@reddit
Sometimes it does, sometimes it just doesn't load pages and gives no error message.
mangonacre@reddit
I don't recall ever having a problem restarting to update, and I typically have 5-6 windows with 5-20 tabs each. Restarting takes just a few seconds, and it refreshes each page to where you were before when you click that tab, preserving logins and such. Even if it doesn't automatically restore the session, the Restore options under History in the menu work great.
Seems a very small burden for keeping up-to-date with security patches, so I'm not understanding the hate towards Mozilla.
SysAdmin_D@reddit
As a Firefox slob - I blame the ADD - I routinely run 1000+ tabs. While I understand I need to get better at tab organization, Firefox is my enabler. It should be able to handle/run anything you throw at it, and is one of the reasons I never became a "Chrome Guy" Back in the day, my tab hoarding would crush Chrome (any my computers) regularly.
hells_cowbells@reddit
How? I've used Firefox nearly since the beginning, and never really used Chrome fire personal use, but we do use it at work. I've been getting very annoyed with Firefox lately, though because it is a massive memory hog on my Windows 10/11 systems. On one of my systems, I'll have maybe 8-10 tabs open, and it will use 4-5 gigs of memory and run like crap.
SysAdmin_D@reddit
First, I use it for personal and work. The basics are to have a good tab search add-on (All Tabs Helper), the a combination of session manager of some kind (in case of crash, but hasn't happened in a long time now) and set the option to re-open tabs from previous session, but keep them inactive until you land on them.
Arudinne@reddit
"too many tabs" open by our users is forcing our new baseline computer config to 32GB of RAM.
SysAdmin_D@reddit
I'm so sorry that my disciples are everywhere. Truly. At least I only burdened my own usage.
Arudinne@reddit
Lol. I am worse than most of my users. I have 96GB of RAM in my workstation and between Chrome and other things I regularly use at least half that.
plain_simple_garak_@reddit
Among the other suggestions, Firefox ESR (extended support release) should give you less frequent updates to deal with too.
Arudinne@reddit
We use Edge at work because it integrates with O365 the way Chrome does with Google Workspace.
Frankly - Firefox just doesn't have that and it's not something I want to support. Haven't tried uBlock Origin Lite because Edge hasn't pulled this shit yet. It's on the roadmap as TBD.
I need to find some time to test out uBlock Origin Lite
GolemancerVekk@reddit
This may help:
https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-asked-questions-(FAQ)#filtering-capabilities-which-cant-be-ported-to-mv3
Arudinne@reddit
Thanks for that!
This is actually how we handle it so it sounds like we should be able to swap uBO for uBOL fairly easily.
frac6969@reddit
The only thing is that Lite has a first run screen and I had to a registry entry to disable that.
thelastquesadilla@reddit
Would you please share that reg entry?
frac6969@reddit
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\cimighlppcgcoapaliogpjjdehbnofhn\policy" /v disableFirstRunPage /t REG_DWORD /d 1 /f
It's documented here.
thelastquesadilla@reddit
Thanks! I think I need my vision checked. I looked at that page but didn't see that section.
frac6969@reddit
No problem. It’s “documented” but they don’t give you the exact command and took me a bit to figure it out.
segagamer@reddit (OP)
We use Google Workspace, but it doesn't particularly integrate in any special way with Chrome other than having policies set once a user signs in.
Fickle_Bit1481@reddit
Edge will block ads reasonably well if you set Tracking Prevention to "Strict". It's not as effective as uBO, but it's something, and easy to manage exceptions via GPO.
jake04-20@reddit
Yep, I daily drive FF at home but the only browser I use at work is Edge because it integrates the best with M365.
A8Bit@reddit
We use Edge for the 365 integrations also. I've had both ublocks installed on Edge for a while. I've been experimenting with them for a few weeks, Lite seems to be as effective for most websites as Origin was.
Arudinne@reddit
Yeah, I've heard it works well and plan to look into it myself.
I just have bigger dumpster fires to roast marshmallows over right now
SoonerMedic72@reddit
I have been looking into the Island browser. I like that they designed the browser to be secure from the ground. Plus it integrates all the browsing related functions into one thing instead of a whole bunch of stuff. Just got to get the penny pinchers on board.
polypolyman@reddit
...will give you until June 2025 to figure this out. Use value 3 to only allow for force-installed extensions instead.
segagamer@reddit (OP)
Thanks for this.
Penetal@reddit
If you have a hard time getting the green light for changes, you might consider waiting a bit before the temporary fix "is ready" so they can feel the pain and you won't have to rush a fix when the time is up.
polypolyman@reddit
Google suggests to edit the plist, or if it's tied to a workspace account, you can just use Cloud policies on Chrome Enterprise.
Exact details for the plist version left as an exercise to the reader. In Chrome Enterprise, it's Devices->Chrome->Settings, User & Browser settings, then under Apps and extensions, it's "Manifest V2 extension availability"
segagamer@reddit (OP)
Ah it's in Google Workspace. I'll just enable it on there then.
You're the best, thank you.
yodaut@reddit
from here:
https://www.reddit.com/r/chrome/comments/1d799pa/tutorial_on_how_to_enable_manifest_v2_extensions/
defaults write com.google.Chrome.plist ExtensionManifestV2Availability -int 2
trooper5010@reddit
How do you/other people find these registries to edit to fix this specific of an issue?
polypolyman@reddit
In this case, this is all standard Chrome management stuff - I tend to convert the ADMX versions of things to plain registry due to how my management software works, but all this is possible in GPO, Chrome Enterprise, and a few other places as well.
When we set up the Chrome deployment in the first place, we decided on a bunch of these policies to make things work better - this one wasn't around back then, but when I got notification that they were ending MV2, and offering a setting to extend support, I immediately added it to our policy pack. When a thread like this comes along, I just pull from the management software (i.e. that line, with value 3, exists as-is as deployed here).
Some of them are truly arcane, like the Windows 11 context menu fix - I wouldn't know about that except for the news articles about it. You could probably use something like RegistryChangesViewer (and others) to figure it out, and indeed I've done that for some of the less obvious settings (although I'm not sure I could figure out that context menu fix on my own).
Some of them are very standard, and if not directly documented by MS, can be converted out of the ADMX templates - remember that any of the Administrative Templates (and then a few more) in gpedit are just registry changes (doing it in gpedit also sets another flag that the option was set there, but that's not necessary to the functionality). A bunch of software provides these templates for management, and they all convert the same way.
tdhuck@reddit
Steve Gibson from GRC has a shortcut for this for those that don't want to manually do anything.
https://grc.sc/v2
Here are the notes from the podcast where he talks about it.
https://www.grc.com/sn/sn-995.pdf
dleewee@reddit
Holy sh*t Security Now is still active.
tdhuck@reddit
Yeah, going for ep 1000 soon.
z3r0w0rm@reddit
Nothing is going to change mights as well rip the bandaid off now. No point in waiting until June 2025.
Candid_Economy4894@reddit
He put the reason why he recommended this in the post. The point is that you have until June 2025 to do something else, like switch the company to Firefox.
BossSAa@reddit
This was useful thanks
survivalist_guy@reddit
You marvelous sysadmin.
TheShirtNinja@reddit
You can do this with Group Policy as well. I saw this coming a few months ago and updated our policies to continue to allow Mv2 extensions.
jmbpiano@reddit
I can certainly think of other reasons you might not want to use Brave, but this ain't one of them. The fact they're explicitly going to continue supporting uBO even after Chrome removes upstream support is one of the selling points they're using to try and get more users.
InsaneNutter@reddit
Indeed, personally think Brave is pretty untrustworthy for many of the reasons listed here: https://www.reddit.com/r/privacy/comments/191yu33/why_is_brave_highly_disliked_in_the_privacy/kh3nuy3/
mrdeadsniper@reddit
Lol I was expecting to see a list of things that were basically not-open source complaints which kind of make perfect sense if you are trying to obscure your ad blocking methodologies to potentially malicious ad creators.
But nope.. its a bunch of straight up unethical to illegal stuff.
TecheunTatorTots@reddit
Brave has built-in ad block. You don't even need uBlock. They update it frequently enough that I've never felt the need to update the block-list manually; although, I think you can tweak that in the settings somewhere. It'll block everything, including YouTube adds. Everything else, I just block at the domain level with Pi-Hole.
jmbpiano@reddit
It does and I've been testing out Brave as a daily driver on my home PC for a while, but I still prefer to install uBlock. If nothing else, the Element Zapper is a killer feature.
TecheunTatorTots@reddit
Fair enough. Yeah, you totally could do that too. They plan to support it for a while, it seems. I just figured I'd mention it for anybody that didn't know.
patrik67@reddit
Chrome is the worst browser you can use (because of performance, privacy). Idk why someone want to use it.
cOSHi_bla@reddit
I was using firefox until I moved to brave. Much faster but firedox is more forgiving with legacy ciphers
psych0fish@reddit
Something that brings me great pain is watching the web go from “sites only work in IE” to a mostly open standards web and now full circle back to “sites only work in Firefox”.
It’s inexcusable sites are not developed for nor tested for Firefox but it’s a sad reality. I personally use Firefox as my personal daily driver in desktop but run into wired issues that disappear in chrome. I cannot imagine trying to support that at any meaningful scale.
InsaneNutter@reddit
I do agree its sad we have come full circle and the dominant browser engine is now controlled by an advertising company putting its own interests first.
In my limited testing I've found Firefox generally works well enough, however your right about the weird issues. I've come across a couple in the Magento 2 back end.
xombiemaster@reddit
Do you not have a content filter on your firewall? Or pay for a service like umbrella? Those services are more effective and secure than loading up a browser with extensions and forcing users to switch to Firefox
MrYiff@reddit
Yep, sadly this will likely end up happening to all Chromium based browsers eventually as the amount of dev work needed to keep it v2 maintained and working will probably end up being too much (and I imagine Google will attempt to make this as hard as possible).
kagato87@reddit
The core driver of this change does appear to be, as uBlock claims, to protect their ad market.
Unless Mozilla Foundation can bring an anti-trust lawsuit against Google, you can bet every effort will continue to be made to kill ad blockers.
MrYiff@reddit
The odds of Mozilla bringing action against Google when Google are one of the biggest funding sources for them seems pretty low imo.
KrazyKirby99999@reddit
The Mozilla Foundation is bringing ads to Firefox, so you can feel confident that they won't try to protect adblockers.
BlackV@reddit
and loose the millions google already gives them yearly?
kagato87@reddit
That's the issue.
It'd be a difficult battle, especially since Google can afford lots of lawyers.
BlackV@reddit
so many lawyers :(
Hunter8Line@reddit
The issue too is it's conflicting standards too. Google tried with privacy sandbox that got struck down for being anti-competitive too
ThimMerrilyn@reddit
Jokes on you! My users have a choice of either Edge or Edge !
YetAnotherSysadmin58@reddit
Thanks to the naming conventions of Microsoft it could be meant as Edge (the one that replaced Internet explorer and had its own engine before MS aborted it) or Chredge, the Chromium fork they now use.
FlibblesHexEyes@reddit
For anyone with an Intune remediation license, here's some scripts to push the registry key that allows Chrome to continue to use ManifestV2 - at least until June 2025 (assuming Google don't change their minds between now and then).
Detection:
And Remediation:
Hope this helps!
Mediocre-Ad-6847@reddit
If you have internal certificate authorities, remember to use the settings to force FireFox to use the local Crypto store on your Windows workstations. Otherwise you'll be in for a nasty launch...
rthonpm@reddit
Set by GPO for us.
hankhillnsfw@reddit
Vivaldi is the best browser I have ever used.
rthonpm@reddit
Still just a Chrome variant.
jonney2069@reddit
This has to be one of the worst decisions Google has made in recent history. I'm on FF as well now.
Sekhen@reddit
If it has to be Chrome, get Vivaldi instead.
Both are chromium based, but. Vivaldi has no tracking or telemetry going. It's an extremely "silent" browser. More so than Firefox I believe.
TecheunTatorTots@reddit
Vivaldi is a good choice. However, it isn't open source, so that might deter some. Also, it has a ton of customization options; which may or may not be good for standardization throughout your environment. But it is definitely a good suggestion.
icedcougar@reddit
Netskope / zscaler - block ads with it
Really should be using a web gateway or casb etc these days.
Plus allows you to do away with old school vpn connections.
HaveLaserWillTravel@reddit
We can’t make the switch for the company, but you bet your ass I have on everything I own
Rental_Car@reddit
I love Brave. My adblockers dont even see the ads because the browser has already blocked them. So I deleted them. Even after that, I have never seed an ad on YT, which for me proves the chromium paranoia I keep hearing about is unfounded. I never see ads *anywhere*, in fact, with zero effort on my part.
bjc1960@reddit
I wish the OP luck on this, and I see it as admirable. I suspect he will get as much pushback from his business partners as I do trying to teach 10 Italian grandmothers that they need to change their spaghetti sauce recipe.
fuzzynavelsniffer@reddit
If OP changes the Firefox icon to Chrome, I doubt most people would even notice.
moderatenerd@reddit
Using brave you don't get this issue.
unixuser011@reddit
Stupid question, has Edge adopted this also?
agent-bagent@reddit
Every Chromium browser will have to if they want to continue pulling builds downstream. They could fork Chromium, but I highly doubt it. Particularly with Edge, as it was a huge deal [internally] when they chose to abandon Spartan (classic MS Edge that debuted with Win10) for a Chromium-based one.
techypunk@reddit
Brave is not since its built in
agent-bagent@reddit
Yeah their build process is an effective fork every release...
Dracozirion@reddit
No, but it will. Date yet to be announced.
BloodFeastMan@reddit
Your timing is impeccable :)
Kuipyr@reddit
Edge + Ublock Origin Lite is working well for us.
Working to force use of Edge, done with pushing and updating external browsers.
can_a_bus@reddit
Copying from another comment. It looks like edge will eventually go the way of Chrome and depreciate manifest v2 completely. It's just TBD
https://learn.microsoft.com/en-us/microsoft-edge/extensions-chromium/developer-guide/manifest-v3#manifest-timeline-for-microsoft-edge-and-partner-center
kuzared@reddit
For my private machine, I never left Firefox. Been using it since ~0.7.
Besides that I’ve been using Edge.
PMSysadmin@reddit
I changed us over to uBlock Lite, and that's been just fine over the last few months.
Darkk_Knight@reddit
Firefox for the win. Also, Brave already have ad blocker built in.
GYNAD4EVER@reddit
Why not use brave as a browser?
sryan2k1@reddit
Because this is a business not your gaming rig.
GYNAD4EVER@reddit
Cool. I assume it has it's own security issues?
sryan2k1@reddit
No it's the fact that no normal person has heard of it and it's unsupported. I can call microsoft for problems with Edge
Itsquantium@reddit
It ain’t unsupported. Wtf are you even on about? Brave has their own GPO .adm files too. You must be one of those managers that only manage people huh. Probably never even touched AD other than to reset passwords. It is easier to just use edge for everything, but you could definitely make the switch to brave if you wanted.
Emiroda@reddit
Stop trying to be a cowboy.
Itsquantium@reddit
Can’t be a cowboy with applocker
GYNAD4EVER@reddit
That's making sense. Apologies if the question bothered you or op, I'm studying at the moment to hopefully later on become sysadmin so was curious of what aspects would make one browser more appealing than others
DarraignTheSane@reddit
There are 4 browsers in the workplace / business world - Chrome, Edge, Firefox, and Safari. Anything other than those would be considered hobbyist, non-standard browsers.
segagamer@reddit (OP)
It's Chromium based so I don't trust it
IAmTheM4ilm4n@reddit
Several EDRs also flag the Tor browser elements embedded in Brave.
GYNAD4EVER@reddit
That makes sense. Thank you both for the explanation.
goferking@reddit
what others said, plus it does it's own version of serving adds plus the crypto component.
https://www.spacebar.news/stop-using-brave-browser/
SkiingAway@reddit
It's Chromium based, so the effects of this change will likely eventually filter down to it in many respects.
AFAIK it doesn't really have any enterprise-oriented functionality, so things like mandating updates/settings and the like is harder, and deployment is a bit more work.
The whole BAT thing is a big, big no for a lot of reasons in most enterprises. And because of the previous point, it's not easy to keep users from doing it.
GYNAD4EVER@reddit
The points you bring up are very informative and provide an pov that I would've not seen on my own.
tnpeel@reddit
I made Firefox my Daily Driver a few months ago and it has been working great for most things. Occasionally I have to pull out Chrome for an odd site that doesn't work properly, but it works great 99% of the time. I really like having uBlock Origin on my Android phone for when I'm not home under my PiHole umbrella.
andyr354@reddit
I have been using Ublock Origin Lite and it's working fine.
bigmadsmolyeet@reddit
Can you expand on your experience? Can you notice a difference ?
GolemancerVekk@reddit
https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-asked-questions-(FAQ)#filtering-capabilities-which-cant-be-ported-to-mv3
SuspiciousOpposite@reddit
I did nothing on uBO other than whitelist a couple of my company’s domains. I’ve been able to do the same with uBOL and still get all my ads blocked, inc. YouTube. Seems exactly the same for me so far.
andyr354@reddit
I notice nothing different. Just has less custom settings.
LRS_David@reddit
If you are looking for the perfect browser, well good luck. Report back in a decade and tell us about your journey.
On my primary Mac I use Safari, Firefox, and Chrome every day. My fingers like Firefox. But at times it just doesn't work on some web sites. So I flip to Chrome. Or Safari.
MOST of the time I can get one of them to work without fiddling with settings. And these are NOT for porn or similar sites. Things like a software vendor's dashboard. Or a doctor's office. Or ...
Psymon_@reddit
Is this an apple thing, Firefox not working for some sites? I use firefox for the last 20 years at least and never had sites not working that would work on other browsers. Besides old ie crap. Have been using it on Windows, Linux and Android only though.
DwemerSteamPunk@reddit
I've used Firefox for years and occasionally come across things that don't work and I have to switch to Chrome. Typically it's embeds or plugins that I assume are custom-built for things like vendor portals or old looking tools, etc.
LRS_David@reddit
It comes and goes as all the browsers change their security settings and features.
Zergfest@reddit
Don't forget about Opera GX for Gamers!
/s
(Love it for personal. And for annoying my co-workers by stressing the "for gamers" part)
2Tech2Tech@reddit
firefox nation
jfreak53@reddit
Firefox enterprise will make you very happy