This filter might break functionality on some sites, so it's better to use more specified version:
||accounts.google.com/gsi/*$xhr,3p
`[no prefix]`: Blocks resources that have this text string anywhere in its URL.
`||`: Blocks resources that have a specific domain or subdomain.
`$3p`: Ensures that resources from a domain are only blocked if you're not visiting the domain itself.
`$xhr`: Prevents such resources from being downloaded through the titular JavaScript APIs.
||google.*/complete/search$xmlhttprequest,important
And then of course:
- google is an ok search engine with the udm 14 trick.
- bing is an ok search engine if you use it through duckduckgo.Aside from the security/privacy considerations, why the fuck would you do that to a website? SSO from a login page? sure, whatever. a f'ing popup on every page for a SINGLE provider? That is just brain-rot. Do they pay you to do this?
It does suck for the user.
I don't sites get payed (with money) but it probably improves the ranking in the search results (or at least some SEO guide claims that, so everybody does it)
Setting this up has become an automatic request from marketing people, almost as common as asking us to setup Google Analytics and such.
This is almost the equivalent to them to "have a CI/CD" for us devs: not having such things for them is strange, almost wrong. Of course the end goal is totally different.
https://meta.stackexchange.com/questions/402813/user-activat...
Apart from Google sponsoring this in some way or the other (by boosting up SEO ranking in sites that display this) I believe that this is a consequence of the third party cookiegeddon and I guess that once your users allow this login their activity is tracked as first party in your website, which would simplify things a lot for, well, tracking user behaviour. Of course Google benefits more.
If someone has searched for gloves on Google, and clicked through to my glove selling website, they're clearly ready to buy some gloves. Why the hell would I put a full screen cookie consent popover in their way? Or a join-our-mailing-list popover? Or require them to complete a captcha to create an account before they can check out? This person wants to give me money, why would I put barriers up in their way?
And yet quite a few sites do precisely those sort of things.
But if everyone dogfooding the site arrives with cookies that hide the popovers, and an account already created - I could believe they just don't realise how bad their website is.
Similar to how in a two party system, politicians will often prefer to lose elections to the other party, rather than lose control inside their own party.
It only looks self-destructive from the outside.. inside a sufficiently large bureaucracy me/us/them all get muddled
It takes care of a lot of this stuff, including cookie banners and all sorts of popups. Buy a beer for list maintainers (some of them accept donations) since Raymond doesn't, and their work is equally valuable.
Accidentally clicked on one these instead of the close button and then started immediately receiving incessant marketing spam from that website. Of course I wasn't able to unsubscribe from the mailing list without first creating an account with them and accepting their terms so ended up resorting to blocking their email.
Even with ad blockers, these sign in prompts are becoming increasingly common and annoying.
Blocking Google and Reddit sign in popups especially have restored some of my sanity.
I assume its blocking by origin, not behaviour? Or does that entire website just """break"""?
This is so incredibly accurate - I’m laughing and crying.
I liked 1990s Google.
I don't have google account (or better yet - I'm not logged in to it in any reasonable manner) yet the promp shows constantly :|
f* google
> Note that the "disabling an option in the Google account" is not a possibility if you use firstparty-isolate or any other privacy features that prevent embeds like this from seeing your Google session cookie. This is another motivation to want a way to block it browser-side.
I literally can't remember all sort of site isolation, cross site request or whatnot privacy feature and exceptions.
If we can throw away all backward compatibility, can we have something simpler? Or is this just unsolvable because how complex the problem is?
Maybe, but how do you stop people gradually building it up again because they need/want it for something?
Why do I get the sense that the whole push towards single-sign-on, OAuth, etc was just to push for a single, ad-controlled login?
Like every third party script this feature has been a privacy issue from day-1. Same as the "like / share on whatever social networks" buttons. Same as the google analytics scripts you use, the Google Tag Manager scripts.
"Webmasters" decided that selling their users data for free service was worth it. For more than 2 decades it's been business as usual. A whole generation and now even less people will bat an eye about doing it, they'll even defend it because "there is no other way to keep the lights on".
Maybe the lights should be off on most of the websites depending on this kind of practices.
Don't use any free web services. Don't access anything for free on the Internet. Especially don't patronize an ad-supported company. Don't sign up for free email accounts. Don't visit websites that display ads. I mean, don't try to block the ads, just never go there in the first place! For God's sake, stop stealing audio and video streams, scholarly papers, and other objects of piracy. You're a net drain on the economy... literally.
Stop using free (as in beer) software, or at least make donations for it. Stop complaining that you only get a license and not ownership. Rent your software and give the developers their due.
All of you, especially those who cheat and block ads, you're all freeloaders who are responsible for the growth of ad-supported services on the Internet, and long before the Internet was a thing, you watched TV, you listened to the radio, you read newspapers and magazines, you've built expectations to get something for nothing, and ultimately you were influenced and manipulated by those ads enough to make them profitable.
We've nobody to blame but ourselves for this proliferation of Google, Facebook and the rest. We are the ones who could've stopped it, but we built this Internet the way it is.
But SSO/OAuth in general has far more tradeoffs. It outsources the difficult task of managing passwords (including hashing and storing), 2FA, password resets, etc. SSo allows the end-user to trust a few mega companies that have comparative advantage around security, and also benefit from having to maintain fewer credentials.
I just wish it didn't come bundled with tracking.
And then there's the risk that if google's algorithms thinks you did something naughty, you get locked out of everything.
If you are in corporate environment office, your user would literally expect every internal website seamlessly integrated with each other.
Chrome isn't creating the login prompts and doesn't have any kind of special support for them. It's just rendering the HTML / running the JavaScript on the page.