I already explained this in my parent comment, but the Safari APIs for adblocking are factually, objectively less effective at blocking trackers than uBlock Origin is. It's not a matter of opinion, there are things that uBlock Origin can do that Safari adblockers can't do.
People get really offended when I bring this up. I'm not saying that Safari adblocking is useless (you should use an adblocker with Safari, and there are devs doing excellent work to get around Apple's limitations, I have a lot of respect for them), but you are making a tradeoff for that sandboxing/permissions in the form of a less effective adblocker. This isn't just me saying this, if you talk to people writing iOS adblockers, they will tell you the same thing.
If you are so scared of Gorhill that you need to make sure he isn't tracking you, then sure, make that tradeoff. Or more realistically, if there are other privacy features on iOS that you care about more than adblocking, then make that tradeoff. But it's not just silly to pretend that the browsers are equivalent, they aren't.
And it's even sillier to pretend that an Open Source standard in adblocking should be rated higher on someone's threat model than the actual websites that are tracking you when you use a browser.
Once again, it's OK for people to like iOS or to point out that it has some excellent privacy features that make it a good choice for privacy-conscious consumers. And I'll give Apple praise that on iOS, the default browser supports an adblocker at all -- it doesn't require you to install a separate browser to get access to one. But we don't need to get hyperbolic and start arguing that Apple is somehow leading the pack on literally every single privacy issue; they aren't. It's OK to say, "in this specific issue, it isn't possible on iOS to get the same anti-tracking behavior that we could get on Android or on a desktop PC/Mac."
This is specifically looking at (pre-manifest-V3) Chrome, so there are some other differences with Safari, but CNAME uncloaking is the most obvious example.
See also some of the previous comments I've made about this in the past (https://news.ycombinator.com/item?id=23622206). A few of these details might have changed (I vaguely think I remember Apple raising the rule limit), but I think the fundamentals are all still true.
> Did you personally vet the open source code? Did you compile it from scratch and install it on your phone or are you trusting it’s the same code?
I have read through parts of uBlock Origin's code, yes, but ultimately I'm trusting the broader Open Source community to say it doesn't have holes in it. And yes, I'm trusting Mozilla's vetting process for its "trusted extension" category. I think that's a reasonable thing for most people to do.
Of course, I could compile the extension myself, but I think to a certain degree that would be security theater.
----
Again, just really surprising to see an argument that boils down to "this Open Source application might potentially spy on me, and that's a greater danger than the websites that I know are actively spying on me right now." If Safari adblocking is good enough for you and your threat models, great. You don't need to justify that by pretending that uBlock Origin is insecure.
I will note, by the by, that Safari's limitations mean that (at least on desktop) the top-rated adblockers like AdGuard have shifted to running as external applications separate from the browser (https://adguard.com/en/welcome.html). This is not a dig at AdGuard, I think the AdGuard devs (as of last time I checked) are doing really great work. But if you're worried about sandboxing, running a desktop app is a lot more invasive than running a browser extension. I don't know if there are ways to do the same circumvention on iOS, so it's possible that AdGuard devs are staying in the browser sandbox there; I'd need to double-check.
Of course, you can use apps like AdGuard as pure extensions in their more limited form (I don't recommend a specific iOS app, but unless something has changed since the last time I checked, AdGuard is a solid choice) -- but you will get a more limited adblocker as a result. The performance might be good enough for you, and that's fine. But it's still correct to say that it will be more limited.
----
I will also add to this just to preempt anyone arguing otherwise that I am not saying that browser extensions shouldn't have better sandboxing. They should, extension sandboxing is awful and it needs to improve. What I am saying is that the specific sandboxing model that Safari uses (and that Chrome is moving towards) for adblocking limits their effectiveness.
People get really offended when I bring this up. I'm not saying that Safari adblocking is useless (you should use an adblocker with Safari, and there are devs doing excellent work to get around Apple's limitations, I have a lot of respect for them), but you are making a tradeoff for that sandboxing/permissions in the form of a less effective adblocker. This isn't just me saying this, if you talk to people writing iOS adblockers, they will tell you the same thing.
If you are so scared of Gorhill that you need to make sure he isn't tracking you, then sure, make that tradeoff. Or more realistically, if there are other privacy features on iOS that you care about more than adblocking, then make that tradeoff. But it's not just silly to pretend that the browsers are equivalent, they aren't.
And it's even sillier to pretend that an Open Source standard in adblocking should be rated higher on someone's threat model than the actual websites that are tracking you when you use a browser.
Once again, it's OK for people to like iOS or to point out that it has some excellent privacy features that make it a good choice for privacy-conscious consumers. And I'll give Apple praise that on iOS, the default browser supports an adblocker at all -- it doesn't require you to install a separate browser to get access to one. But we don't need to get hyperbolic and start arguing that Apple is somehow leading the pack on literally every single privacy issue; they aren't. It's OK to say, "in this specific issue, it isn't possible on iOS to get the same anti-tracking behavior that we could get on Android or on a desktop PC/Mac."