Ad-Filtering Dev Summit 2022 Recap
Two conference recaps in a row?! Yes indeed, last months have been a great time with developer conferences and after organizing React Finland, I visited Ad-Filtering Dev Summit.
Ad-Filtering Dev Summit 2022 took place in Amsterdam October 5-6th and it was my first time in this conference. After joining Mozilla as a developer advocate for Firefox add-ons in August, this event came at the perfect time. For me, it was a good opportunity to meet extension developers, people from other browser vendors and my Mozilla colleagues for the first time.
A quick note for those new to the browser extension world: the big talking point at the moment is Manifest v3 which is the newest version of the extension platform, introduced by Google in Chrome a while back. Different manifest versions are often abbreviated as MV2 and MV3 respectively.
Two days of ad-filtering content
The event was a one-track, two-day conference, organized for the fifth time. Content-wise, it was an interesting combination of different approaches around the topic: there were technical talks about ad blockers and the manifest v3 transition, talks based on academic research around modeling and privacy and talks about policy and legislation.
Here are my light notes and observations of the talks that were most interesting to me:
You broke the internet. When Content Filtering breaks a site and why it matters, Arjan van Leeuwen
Opera's Arjan talked about the ways ad blockers occasionally break websites. The web is an interesting medium because the page content is so flexibly editable. That is one of my favorite aspects of the browser and web but as Arjan explained in this talk, there are ways it can break when applying generic rules to variety of sites.
They can stop buttons from working or scrolling to stop functioning – for example with extensions that hide cookie consent boxes but website's implementation requires an action before the full site becomes interactable. Sometimes they can also hide checkboxes required for forms to be submitted.
All of these lead to cases where websites break and the user often doesn't know why. Disabling ad blocker (or extensions in general) is something the more tech savvy crowd tries first when debugging but for majority of the users, that's not a path they think about. They then try with a different browser (fresh install, no ad blockers) and things work and they come to the conclusion that the website doesn't work with their browser.
I think this "blame triangle" between websites, browsers and extensions is an interesting one to look into more. Sometimes it's one piece of the puzzle that fails but often it's a combination of two or three corners and for user, it's not obvious or even easy to figure out which ones are the cause.
How bad is Manifest V3 exactly?, Andrey Meshkov
AdGuard's Andrey Meshkov presented an exploration they did a while back about building an ad blocker with Chrome's MV3 implementation. All in all, manifest v3 was a big discussion point in other parts of the event as well, namely the browser Q&A with Chrome, Firefox and Brave developers and hallway track.
One main takeaway was that there are two main concerns about Chrome's MV3 implementation when it comes to ad blockers: service workers with limited lifetime and declarativeNetRequest with limits for amount of filter rules.
In his talk, Andrey goes more into depth about both of those. I think the next year or two are going to be very interesting in this scene.
Content Blocking Collaboration in a Manifest V3 World, Anton Lazarev
Brave's Anton Lazarev talked about manifest v3 and what alternative options extension developers have. Brave will be supporting v2 until the community has made the move to v3 and one alternative Anton talked about in his talk is for extension developers to encourage their users towards other browsers than Chrome.
The other options is to build your own browser: there are already options that are based on either Chromium or Firefox engines. Anton talks about the different browsers and options that both developers and users have in the market.
The worry is that if there becomes a drift between versions 2 and 3 in the community as that'll then require developers to maintain two versions to remain available on all major platforms.
An Audit of Facebook’s Political Ad Policy Enforcement, Athanasios Andreou and Victor Le Pochat
On a very different note, I found this shared talk by Athanasios and Victor very interesting. They both did research on Facebook's policy enforcement on political ads and how inaccurate and poorly enforced it is.
If you're interested in the world of dis- and misinformation and political advertising, this talk is worth watching as a good starting point into their research.
Building the internet we all want: Accurate ads measurement with no tracking, Ben Savage
Meta's Ben Savage talked about research that Meta and Mozilla has been working on for Interoperable Private Attribution. It's a way to use secrets splitting and sharing with helpers to provide measurements and impressions data for advertisers without revealing any private data from the users.
I'm by no means an expert on any of this so I'll let the blog post explain the key points:
IPA aims to provide advertisers with the ability to perform attribution while providing strong privacy guarantees. IPA has two key privacy-preserving features. First, it uses Multi-Party Computation (MPC) to avoid allowing any single entity — websites, browser makers, or advertisers — to learn about user behavior. Mozilla has some experience with MPC systems as we’ve deployed Prio for privacy-preserving telemetry. Second, it is an aggregated system, which means that it produces results that cannot be linked to individual users. Together these features mean that IPA cannot be used to track or profile users.
The irony of blocking popular trackers: People want privacy, but at what cost, Peter Lowe
One of my favorite talks from the event was Peter's talk about his journey as a filter list maintainer and how one day he added t.co domain to the blocklist which causes no links to work in Twitter (as they use it as a bounce tracker).
I love these types of stories because they are more grounded in reality than the "best practices" types of talks we often see in conferences. And it's a view into a (small portion of a) life of an open source maintainer.
The key point Peter makes in his talk is that blocking t.co breaks Twitter essentially and a lot of people don't want that. So we as users want to block ads and tracking but only when it doesn't introduce inconvenience for us. And he makes the argument that the worry here is that if you track people in large enough scale, people are more likely to accept it since the alternative is not using the product.
CSS Selector ':has()', Byungwoo Lee and Eric Meyer
Byungwoo and Eric shared a session to do two smaller talks about the new CSS selector :has which is currently supported in Chrome, Safari, Edge and Opera and soon Firefox.
They show a lot of examples of what you can do with the selector (my note taking speed couldn't quite keep up so I just enjoyed the presentation without making notes).
Browser Talk & Q&A with { Devlin, Alexandre, Simeon } from Chrome, { Rob } from Mozilla and { Anton } from Brave
Finally, there was a nice Q&A session with the browser vendors. Most of the questions were focused on the manifest v3 and especially the filter list limits. One key takeaway for me from those was that Chrome decided to start with conservative lower limits because it's easier to increase limits if need be than it is to lower existing limits. They said based on data from filter list maintainers and real performance data from Chrome users will be the needed data points to consider changing the limits.
All in all I think the Q&A was a great session. I counted roughly 21 questions and answers, depending on how you count as some of them were more akin to back-and-forth discussion but I really liked that the conference provided this platform for the discussion at the end of the conference. For me as someone new to all this, it was very informative. I learned a lot from the questions asked as well as answers given.
Overall impressions
At the end of it all, it was a great event and a great trip to Amsterdam. In addition to the Ad-Filtering Dev Summit, I had a change to catch up with old friends and colleagues in the industry and talk & geek out about community, dev rel, remote work, travel and living abroad with amazing people.
The only negative I have about the summit was that the days were a bit too long. Starting at 10 and finishing the talks at 18.40 felt a few hours too much for my taste. Regardless, I'm already looking forward to the next year's event.
Thanks to all the organizers, speakers and fellow participants for great insights and friendly discussions.