The latest Safari update permanently disables the framework uBlock Origin (and, incidentally, 1Password version 6 and lower) relies on. There will no longer be a uBlock version for Safari.

A while ago, someone on Twitter raised the point that users are rightfully gunshy about software updates because developers often use them to make unilateral and unwelcome changes. The question "did your users meaningfully consent to this change" goes unasked, let alone unanswered.

I want better.

"Meaningful consent" implies more than a clause in the user agreement that says "we can update this at any time." It requires engagement with the userbase at large - and thus guarantees conflict, and compromise.

Maybe Apple would still have disabled this framework. Maybe not. What I do know, with high confidence, is that they didn't ask anyone outside the company if it was okay to do so, or explain what it would mean.

Show thread

@owen Confirming that the update description was super generic and did not mention negative consequences for the users.

@owen It also broken FB Purity / Tampermonkey.

I'm now using Firefox for that, but that has it's own problems (DNS over HTTPS for one).

Unfortunately, our online experience is predominantly browser based, and the major browser manufacturers have their own agenda which does not necessarily map to that of the user.

You can easily disable DoH in the network preferences, so at least you have a choice :)

I think so, because DoH (not by itself, but through a fixed public server) breaks some use cases (internal network with custom TLD, and probably DNS-based captive portals). They'd lose market share without at least an option to chose your DoH server.
@dadegroot @owen

so: at least as long as there is no other workaround built in firefox for these cases or DoH is implemented by most DNS resolvers. Probably :)
@dadegroot @owen

@owen if you’re on a Mac you could try installing @better instead?

@owen Given the vast history of browser extensions being weaponized against the user, even extensions produced at one point by supposedly trustworthy developers, this is an incredibly positive, responsible move by Apple. Ad blockers are still possible without handing complete surveillance and control of every web page you're on to an extension and to whoever happens to currently control that extension (maybe, maybe not its original creator).

@owen In the real world, shady extension vendors are regularly pushing out unwanted and in fact weaponized code to users without "meaningful consent."

I'm gonna miss uBlock Origin too but I recognize the reasoning for and value of this move.

@edheil Yeah, that's important. I'm really making two related-but-separate arguments:

1. Apple did not obtain meaningful consent for this change, as a side effect of how they run their business, and

2. If Apple had asked, they would not have been able to make this change.

I think the second point is a lot shakier than the first, for the exact reason you've identified: the extensions framework exposed some user-hostile behaviours too!

@owen This is a really tough issue IMHO. Everything that gives you freedom to do what you want with your device also gives malicious actors an attack surface. And usually it's a few years before the malicious possibilities become obvious and widely utilized. There's definitely not an easy answer, it's a balance people like Apple have to walk. Android/google makes different choices: more freedom, but their app store is rife with scamtastic malware.

Sign in to participate in the conversation

Transneptodon is a community for people who like stories, games, games about stories, stories about games, probably also computers, cooking, language, and definitely social justice!