Apple neutered ad blockers in Safari, but unlike Chrome, users didn’t say a thing

safari-engineers-look-at-different-appro-5c58604560b27a4d93a0ea4a-1-feb-07-2019-10-29-23-poster.jpg

There’s been much said about Google’s supposed plans to limit the power of ad blockers in Chrome, but something similar has already happened in Safari, and not that many people have noticed, let alone criticize Apple.

Over the course of the last year and a half, Apple has effectively neutered ad blockers in Safari, something that Google has been heavily criticized all this year.

But unlike Google, Apple never received any flak, and came out of the whole process with a reputation of caring about users’ privacy, rather than attempting to “neuter ad blockers.” The reasons may be Apple’s smaller userbase, the fact that changes rolled out across years instead of months, and the fact that Apple doesn’t rely on ads for its profits, meaning there was no ulterior motive behind its ecosystem changes.

App Extensions and Content Blocker

For Apple users, it all started a few years back when the company announced App Extensions, a mechanism through which apps could extend their functionality into other apps.

Apple said that App Extensions would work in tandem with Content Blocker, a mechanism introduced in iOS 9, in 2013. Basically, apps or app extensions can use the Content Blocker API tell Safari what to block based on a set of rules before rendering a web page.

content-blocker-scheme.png

content-blocker-scheme.png

image: Apple

After letting these two features spread in the app ecosystem for a few years, Apple realized it didn’t need web developers creating extensions for Safari directly, as they could simply leverage the apps in its App Store to provide Safari users with extra features.

These two features made Safari’s older extensions ecosystem obsolete. As a result, in mid-2018, Apple announced it was deprecating old “legacy” extensions and started advising Safari extensions devs to port their code to an “app extension” and upload it on the App Store.

The first move to enforce this came in September 2018 when Apple launched iOS 12, and the OS maker began blocking the installation of legacy Safari extensions from outside the Safari Extensions Gallery.

By the end of the year, Apple stopped accepting legacy extensions in the Safari Extensions Gallery altogether, and also began disabling legacy extensions in users’ browsers with a message of “Safari turned off extensions that slow down your web browsing.”

The message appeared for all sorts of legacy extensions, from simple copy-paste enhancers to ad blockers and antivirus parental control extensions.

blocked-safari-extension.png

blocked-safari-extension.png

Image: Malwarebytes

Many extension devs have said the popup appeared indiscriminately, regardless of what the extension did, and many accepted that this was Apple’s way of nudging users into ditching the legacy extensions for the new Safari “App Extensions”-based add-ons.

Starting this week, with the release of iOS 13, Apple ditched the old Safari Extensions Gallery for good, and offically announced it was deprecating legacy extensions. Currently, Safari users can’t install any legacy extension at all, regardless if it’s hosted on the Safari Extensions Gallery or not, or if they’re using iOS or macOS.

During all this, Apple users didn’t bat an eye at the changes, mainly because they only saw the benefits. They saw universally-working app extensions and the new content blocker API, which Apple advertised as a way to isolate extensions and prevent them from accessing browsing data.

Ad blockers the most impacted

However, the move had some casualties. Ad blockers, VPN, and parental control extensions were the most impacted by Apple’s new “app extensions + content blocker” ecosystem.

Ad blocker AdGuard shut down its Safari extension in July last year. A few days later, it was followed by antivirus maker Malwarebytes, which shut down its VPN extension. AdBlock published a blog post where it said its re-written Safari ad blocker was running faster than before, but also listed a long list of downsides.

Other apps also followed in September 2018, when Apple’s new rules were set in stone with iOS 12’s release.

The latest to fall is uBlock Origin for Safari, another ad blocker, which shut down for good two weeks ago. In a post on GitHub, the extension’s developer recommended that users who care about running an ad blocker either switch to using Firefox for Mac, where ad blockers still work just fine, or remain on an older Safari version, which is not really an option.

The other alternative was that users switch to using one of the new Content Blocker-based ad blockers; however, he described the new Content Blocker system as being “extremley limited in adblocking functions.”

Apple and Google did the same thing

The reason why they’re “extremely limited” in blocking ads is the same reason why Google’s upcoming change for Chrome extensions has been criticized.

In a very simple explanation, the changes that Apple implemented in Safari and the upcoming changes planned for Chrome have taken the same path to the same goal, but with different code and terminology.

Both Chrome and Safari will use a new extensions backend. They will limit how extensions intercept and block web requests by preventing the extension from interacting with the web request directly. Instead, the extension will deploy a set of “content blocking rules” and the browser will do the blocking without the extension seeing any user data.

Google wanted to limit the maximum rules an extension could pass to Chrome to 30,000, which many Chrome extension developers said was extremely low, and wouldn’t even begin to accommodate the likes of ad blockers, parental control or traffic inspection extensions.

The company was immediatelly attacked for trying to “kill ad blockers,” and after months of criticism, Google eventually backed down on its initial plan and settled on a higher limit ranging from 90,000 to 120,000, a number that many extension developers, and especially those managing ad blockers, still consider insufficient.

On the other side, when Apple rolled out the new Content Blocker API, it enforced a maximum limit of 50,000 rules for each new extension that wanted to block content inside Safari. Of course AdBlock was running faster. It had fewer rules to apply than before.

Apple was never criticized for doing what Google didn’t even do

At the time, extension developers, including most ad blockers, migrated their code and didn’t say a peep. With the exception of a few rare complaints, people generally didn’t care that Apple just neutered all Safari ad blockers, a situation that contrasts with what happened to Google in 2019, and the wave of criticism it received.

The reason may have to do with the fact that Apple is known to have a heavy hand in enforcing rules on its App Store, and that developers who generally speak out are usually kicked out. It’s either obey or get out.

Unlike in Google’s case, where Chrome is based on an open-source browser named Chromium and where everyone gets a voice, everything at Apple is a walled garden, with strict rules.

Apple was never criticized for effectively “neutering” or “killing ad blockers” in the same way Google has been all this year. In Google’s case, the pressure started with extension developers, but it then extended to the public.

There was no public pressure on Apple mainly because there aren’t really that many Safari users to begin with. With a market share of 3.5%, Safari users aren’t even in the same galaxy as Chrome and its 65% market lead.

Furthermore, there is also the problem of public perception. When Apple rolled out a new content blocking feature to replace the old Safari extensions and said it was for everyone’s privacy — as extensions won’t be able to access browsing history — everyone believed it.

On the other hand, ads are Google’s life blood, and when Google announced updates that limited ad blockers, everyone saw it a secret plan for a big corp to keep its profits intact, rather than an actual security measure, as Google said it was.

As software engineer Will Lesieutre said this week in a HackerNews comment, Apple’s announcement was “totally believable because it’s in line with the last 10+ years of their product direction.”

But “people are more skeptical of Google’s motives because nearly all of their money comes from selling ads, and for all we know they’re more concerned about their very very very large piles of cash than they are about browser extension security.”

The bottom line

The bottom line is that there’s no way to install a classic Safari ad blocker starting this week, and that Apple is expected to remove or disable old Safari legacy extensions from users’ browsers sometime in the future, for good.

If users have moved to a new ad blocker that they downloaded from the App Store, then it may not be actually blocking all the ads, as users expect.

At this point, as many have pointed out, Firefox for Mac may be the only solution for running an ad blocker on macOS these days, while there’s no way of using an older ad blocker on iOS, regardless of browser.

Google Chrome for Mac still supports ad blockers, but it’s currently unclear if they’ll do so in the future. But that’s another can of worms.

READ MORE HERE