See the entire conversation

100 replies and sub-replies as of Apr 26 2017

They did the same sort of slow intro with spdy, which became h/2. I think some app engine users get QUIC also. Lastly there is a libquic.
Err? QUIC requests are not prefixed with udp://.. they're regular requests (blockable), and you can see them in DevTools -- see attached.
I've updated the post to clarify and correct where needed. Thanks for the assist with getting this squared away.
Ohh this is good! Props for correcting stuff. I actually don't know how it all works -- it just didn't jive with what I'd heard.
"...still investigating why ads on YouTube get past ad blockers including Brave & uBlock Origin when QUIC is enabled but not when disabled."
I see Betteridge's law of headlines is alive and well.
A bit got flipped, sorry about that. Fixed.
Well, at least the updates are somewhat clarifying.
uBO and Brave folks got a bit fried fighting ads in YouTube. Ads kept coming back. Disabling QUIC stopped them for us. No WebSockets, AFAIK.
more QUIC fun... with parental controls enabled on a mac to only allow access to a whitelist. Still able to browser to google via QUIC
These sound like bugs worth reporting. My beef with the Brave article is it implies malicious intent.
I guess it attracts them clicks though, ironically.
agree. looks like the built in mac parental controls are only looking at TCP traffic so QUIC can bypass it.
Where is malice implied?
The title suggests (previously asked) that QUIC is in the wild specifically for the advantage of Google ads.
I think you know this, but I also understand the benefit of sensationalising an article to get clicks.
Clicks might matter if we ran ads :-P. I advise thicker skin. G controls no. 1 browser & ad server. New protocol good for business. Right?
No "conspiracy theory" from us. G did QUIC, good work. Doubleclick used it for obv. wins. No conspiracy, open source. Others must catch up.
Pointing out an advantage does not ascribe malice. Capitalism 101 here. G did not invent QUIC & Doubleclick deploy it to seek disadvantages!
1. It's definitely an advantage and Doubleclick is all over it; poor header bidders aren't. 2. Why is do you ascribe malice to this?
You won't see the content of the udp packets as they're encrypted (QUIC still requires TLS)
You also don't see the content of the TCP packets for same reasons -- what's the difference?
Nothing. It was in response to the more general "use a sniffer" comment from @realronroyston (1/2)
I understood that to mean "use Wireshark to look at the content of QUIC packets for clues as to why it's getting passed ad blockers" (2/2)
ah, ok. fwiw, there are QUIC dissectors for Wireshark.
you should find stronger points against QUIC to consider it harmful. And all tha adblocking ecosystem is flawled.
Blocking ads is like entering a shop. Grabbing things. Going out without paying. Accept that if you block ads they will find a solution.
Bigger than blocking, in a RTB world. Human privacy has value. Equating privacy protection with theft might not be the best strategy.
No, blocking ads is like taking a newspaper, striping out the ad sections & flyers, and ignoring the in page ads. Perfectly legal and moral.
not when I'm using @brave- it's like walking into a store, not being bothered by salespeople, and then I leave dollar bills everywhere
And the shop metaphor breaks down when you consider that ads are tracking you and invading your privacy. And they make money from this
the european cookie law demonstrated that tracking is not an issue for people. Saying the contrary is being blind.
users disagree, loudly.
yes disagree with the fuc....ng cookie banner ux. It's a non-sense. You must teach, not impose something nobody want to read.
just the fact that 90% of europeans use facebook everyday is a proof that people don't care about tracking and their privacy.
I don't think the choice is binary- they simply don't care enough. Part of the problem is that they don't understand they are the product
and infact the solution is not adblocking or imposing stupid laws, but teaching people.
The solution is not enabling a business model that relies on surveilling consumers, collecting data & sharing it w/3rd parties.
The post exposes the problem, and teaches people how to identify the signal.
QUIC is bad? NO. QUIC is built for ads? NO. Yours are assumptions. Is @igrigorik aware of this. Maybe he can shed some light on QUIC.
Facts: - Google is an advertising company - Google Chrome has a majority browser share - Ads works great through QUIC (enabled by default)
I don't doubt that QUIC has some amazing use-cases. But a low hanging fruit for them would be using QUIC for advertising
That's the ultimate letdown of seeing the ad stuff in QUIC. I can think of a lot of things QUIC could be awesome for.
If ads can benefit all the web can benefit. Considering QUIC bad cause it improves performance is not a great idea.
If users can benefit from having confidence that their devices aren't spying on them, all the web can benefit.
see ; I'd love to see some traces and crbugs.. *if* there is stuff to fix.
Err? QUIC requests are not prefixed with udp://.. they're regular requests (blockable), and you can see them in DevTools -- see attached.
has Luke's logs. One theory: prefetch via QUIC doesn't go through webRequest; logs w/ QUIC on show cache hit w/ ad, QUIC off miss.
Mis-titled crbug, needs update based on latest, is bugs.chromium.org/p/chromium/iss….
The discussion at bugs.chromium.org/p/chromium/iss… seems pretty clear about requests being blocked that would otherwise go over QUIC.
That is, pre_connect_, not pre_fetch_.
Right, thanks! Result is QUIC enabled, ads appear. uBO sees this too. We thought maybe QUIC-only domain not on blocklists, but don't see it.
I haven't been able to replicate that finding with Yan's extension. That is, a connection is created, but no request/response is made.
I've asked @lukemulks to try replicating on current stable (58). That fixes a bug with websockets that might explain intermittent failure.
On 58, I can't replicate. That might be due to different ads/providers in Germany, of course, but I really don't think QUIC is the issue.
I hope not, because QUIC is awesome! More tomorrow.
It would be lovely if the articles y'all posted sounded like "QUIC is awesome!" and not "QUIC is a nefarious plot to steal your privacy." :)
Tools can be used for good or ill. Doubleclick using QUIC did not improve users' privacy, it just sped up ad calls. We're a blocker, so....
Based on what I'm seeing in logs and code, QUIC does not prevent blockers from blocking. So far as I can tell, you have the tools you need.
Blaming a tool and saying it is bad for the possible use cases is wrong. Everything can be used to kill...even a kiss.
ditto, confused by the messaging on all this and simple factual errors about visibility in devtools, etc.
To err is human. What's confusing: we disabled QUIC in Jan. to stop ads, which seemed to work; took the ws/wss fix ahead of Chrome in Feb.
Luke's testing Chrome 58 rn, just saw a freewheel ad with QUIC enabled and @bcrypt's extension. He's still investigating, no rash posts :-|.
The article was inaccurate and completely misleading. Like a propaganda post.
(I don't actually have @lukemulks' logs. He did ping me a few minutes ago to say he would send them, so they're probably on their way.)
Thanks! I got them!
So you are again Google biz model, but you are harming small biz...but still don't see the point against QUIC as a bad technology.
If people didn't care about tracking and their privacy, there wouldn't be blocking and tracking protection in the first place.
vast majority of people that use adblocker, do that to block ads, not to not being tracked. You can prevent tracking without blocking ads.
Most people dont understand that/how theyre tracked though. I think lots of people would choose to pay for product rather than be it.
you are a dreamer. People thinks 10 euro per year is far too high to remove ads and stop tracking.
is an incredibly smart dreamer.
Perhaps! I think cost/benefit perceptions will change though. Better, safer experiences are rarely not worth paying for.
Agree though that there are a LOT of motivated people willing to spend many a brain cycle on circumventing any/all tracking-evasion measures
I hope so, but the reality is different. Niches are differents. For mass product is very difficult to match those needs with biz objectives.
Well let's all root for the @AttentionToken and those wonderful network effects to help solve that one - better align pub/consumer
This is a false assumption. Ads are billed based on tracking. Tracking also enables ads to follow users as they browse.
not necessarily. You can disable that behaviour.
No. You cannot disable sales planning or bad-yet-required methods of attribution.
No. Means Facebook is holding users hostage through the functionality it offers. Decouple func from tracking and see how many stick around.
I appreciate & share your points, but we should stop blaming tools, & accept that the issue is "ignorance". Not QUIC nor ads nor analytics
Just because something is legal doesn't mean it's correct (morally or ethically)
The US gov't allowed waterboarding and didn't classify as torture... but if it happened to you, I doubt you'd feel it's "just interrogation"
you can say the same for adblocking. You know the story meh. Pay the adblocker to be whitelisted...all the adblock story is ridicolous.
Not blocking ads is like entering a shop. Having your money stolen and getting diseases. Going out without buying anything.
Please. Ok the metaphor was only to say that "for me" adblocking is like stealing. My personal opinion. Think what you want.
Ceases to become a game when a player owns a majority of the field, both teams, the refs, goalpost positioning...
There's a game called antitrust law enforcement, it's no fun for the loser.
you pay the newspaper..but I don't get how QUIC as an advancement in technology can harm privacy more than actual technology
No, not all newspapers are paid. I get free newspapers (Santa Clara Weekly, Metro, etc). Your "but I don't get..." doesn't parse. Restate?
ok so don't visit websites with ads. They use ads to pay people not for vilating privacy. Your assumption is that they're not honest.
I'm assuming nothing, but you are ignoring tracking effects based on publisher intentions. That is unwise, you may even get malware in ads.
all your points are good, but none of them good points against QUIC. You're also looking all from the bad side.
if QUIC give unfair advantage probably is a good technology. Being against good technology has nothing to do with human privacy. It's a mask