What do you doubt about their claim? Adblockers are an significant privacy vulnerability in the traditional model. Apple has no vested interest in ads. It seems entirely consistent with their privacy focus why they'd do this.
The problem is that websites are also currently a significant privacy vulnerability.
I'd love an adblock system that allowed me to block trackers with a purely declarative API. I do not trust Apple (or Google) when they say that their API will be as effective as current extensions.
Ublock Origin and UMatrix are hands-down the gold standard for blocking right now. I'm very, very cautious about ignoring the advice of the person who made them, and that person is saying that declarative APIs don't offer enough flexibility for the blocking they want to do.
Of course extensions are a privacy risk. But I only need to vet two extensions, and without them I need to vet hundreds of websites. If the current extensions do a better job without a declarative API, then I'd rather risk installing them. You have to look at the risk of extensions in the context of the risks of the broader ad ecosystem on the web.
The same way you vet desktop apps. Install as few of them as possible, because the sandboxing is currently quite bad. Do research on the people who are developing them. Read the source code.
If you're worried about malicious transfers of power, turn off auto-updating in Firefox. If you're worried about being able to audit the actual installed code, use Firefox Developer Edition and audit and compile your own version to run.
In practice, I trust UMatrix and Ublock Origin because I'm familiar with Gorhil's work and comment history around Github and HN. I also extend a similar amount of trust to Decentraleyes for similar reasons. Those are the only big 3 you need to get the biggest impact on your privacy. Arguably, you don't even need Decentraleyes if you only want to trust one person.
Why not just run all desktop apps in sandboxed virtual machines then?
There's a tradeoff between default privacy settings and user simplicity. As a power user you're still free to run whatever complicated scheme/browser you want to.
> Why not just run all desktop apps in sandboxed virtual machines then?
Ideally, we would like sandboxing on the desktop to be at least as good as sandboxing on the web (preferably better). People don't run sandboxed desktop apps right now because the ecosystem currently makes it inconvenient. Wayland and Flatpack are both good steps in the right direction. Apple's making some progress as well there, but it's all pretty early-stage stuff.
Until the sandboxing gets better, you should be cautious about installing unvetted desktop and phone apps. You should also be cautious about installing unvetted browser extensions. But browser extensions are complicated because while keeping a minimal system isn't that hard, you're probably not going to stop visiting unvetted websites, even if you know it's dangerous. It's a much higher priority for experienced users to make the browser sandbox good than it is to make the extension sandbox good.
People take a long-term view on this, and while I agree with them in theory, I don't think it's always particularly helpful to think about what technology will look like. With browsers, it's not a question of whether or not theoretically it would be good in the future to make extensions entirely declarative. Of course it would be good. It's a question of, 'is it possible to do that right now?' At the moment, Safari's declarative API is significantly less powerful than the blocking API that Firefox has. In the future, that could definitely change, but people have to use computers today.
So for the moment, the browser advice I give to non-power users is to install UBlock Origin and Decentraleyes on Firefox and nothing else. I think that's a safer, more private environment than anything they'll be able to set up on Safari. I advise power users to add uMatrix to that list, and for people who are really paranoid, I advise them to run Firefox Developer edition, which will let them compile extensions from source.
If you're just handing someone a computer and you don't trust them not to go off and install random extensions, then sure, give them Safari. In that context, it's not confusing why Apple would do this -- they're optimizing for the largest number of users; people they can't trust not to install random extensions. It just means that more experienced/responsible users will be safer using Firefox.
Of course Apple has an interest in ads given their competition with Google, which is an ad company. Harder to make money off of ads is bad for their competitors and in a zero sum view of the world good for Apple.
Because ads and trackers are as great a threat to privacy. All ads are malicious, while only some extensions that misuse powerful extensions are. I'm aware ads are not Apple's business model, yet I'm incredibly skeptical whenever an API that is open and powerful gets shrunk down to 'protect' users.
Apple has gone to great extents to enable ad and tracker blocking, making it a first-class feature in iOS, and pushing the envelope on the blocking of tracking cookies and other technologies. I use AdGuard on my iPhone and it might be the most effective browsing experience I enjoy.
For that matter, on macOS I don't have anything in Safari, and regularly go between Safari, Chrome and Firefox (the latter two with uBlock Origin). Somehow just the native anti-aggravation technology in Safari is more than sufficient to give me a great experience. If it has a list solution like the iOS Safari, then I'll partake of that.
Apple should enable classic-style blocking as an admin override kind of thing, but remarkably their list-based regex approach has been remarkable effective.
Local code execution is also a significant privacy vulnerability. Should Apple take away the ability of their users to install non-app-store programs?
Some security vulnerabilities are acceptable in some situations in exchange for user freedom and/or other benefits, such as blocking ads, which are essentially malware for your brain.
>I must admit the the terminology isn't very clear. A Safari "content-blocker" app sends a list to Safari, and Safari blocks it. A regular blocker (like uBO) blocks content itself. Safari content blockers aren't all bad, they are more secure in that they can't possibly collect your browsing history (not that uBO does), but lack the level of customisation and power that a regular blocker like uBO can provide.
It's nice that random extensions can't peek at your browsing history, but on the other hand, you have to trust that Apple won't decide to ignore any block rules. What if one day they make a deal with Disney and now all Disney ads are on the permanent do-not-block list?
" they are more secure in that they can't possibly collect your browsing history (not that uBO does), but lack the level of customisation and power that a regular blocker like uBO can provide."
There is no spin. Apple is pretty open about restricting freedom to increase security.
Many people don’t have time or inclination to check which extension is doing what. Proof is the fact that ublock and adblock are bad, but ublock origin is good.
Whose non-techy friends and family are going to spend time to figure that one out? In that case, the macOS and iOS content blocking system is better for those users.
> If the extension can't inspect the traffic it can't meaningfully filter content.
I’m sorry, but does uBlock Origin detects & filter ads based on contents?
I thought they maintained a database of URLs that serve ads & page elements... and Safari content blockers also have the same capability to block content based on URLs (hence can block YouTube ads).
BTW, PiHole blocks ads based on hostname... and is more incapable than Safari content blockers.
uBlock Origin can be configured to do much more than a simple list based filter (like EasyList, etc). [1] It's not quite the same as detecting, but it's incredibly configurable, and that functionality can't be used when list based filtering is all that's allowed.
And I'm aware PiHole is just DNS filtering, but an extra layer of blocking is useful.
See the difference here: https://github.com/el1t/uBlock-Safari/issues/158#issuecommen...