Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 08, 2016, 12:04:59 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: AdGuard: the better Ad Muncher?  (Read 22935 times)

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,769
    • View Profile
    • Donate to Member
Re: AdGuard: the better Ad Muncher?
« Reply #25 on: May 24, 2015, 05:00:52 AM »
Jeff has mentioned it in their forums too.

Josh

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Points: -5
  • Posts: 3,397
    • View Profile
    • Donate to Member
Re: AdGuard: the better Ad Muncher?
« Reply #26 on: May 24, 2015, 03:43:10 PM »
Sad Panda - Right in the Feels.jpg

Innuendo

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 2,255
    • View Profile
    • Donate to Member
Re: AdGuard: the better Ad Muncher?
« Reply #27 on: May 25, 2015, 12:51:54 PM »
AdGuard is indeed the better Ad Muncher. I will even take it a step further and say that AdGuard is the heir to Ad Muncher's throne. Features that Ad Muncher's author has been promising for years, but never delivering on are in AdGuard today and are working darn well.

AdGuard program development is quite active and it's very easy to access the beta versions to play with new features that are in the pipeline. I bought Ad Muncher waaaay back in the day at a bargain price for a lifetime license and even at its peak, the development cycle wasn't as active as AdGuard's has consistently been.

Privacy concerns for AdGuard that have been mentioned in this thread are valid, but you can turn those features off if you do not wish to use them.

The Man-In-The-Middle 'attack' sure sounds scary, but it is really the only way one can intercept and manipulate HTTPS traffic in order to filter ads from HTTPS traffic. Realistically, though, how much of an 'attack' is it when *you* are the man who is in the middle? However, you can disable the feature for web sites individually or turn the feature off altogether. This is merely an optional feature for those who want to retaliate towards malevolent entitities who think it's funny embedding their advertisements in encrypted web traffic.

Pricing, especially for the lifetime licenses, is at holy-crap-that's-crazy levels if one buys from the AdGuard homepage. Fortunately, BitsDuJour and StackSocial have teamed up to offer a deal for a lifetime license covering 2 PCs + 2 Android devices for $39.00:

https://bitsdujour.s...ifetime-subscription

The offer is set to expire in 10 hours as of this writing, but it's already been renewed on the site at least once. Heck, it may be perpetually renewed ad nauseum into infinity for all I know, but $39.00 is a good deal. Full disclosure, I thought it a good enough deal to buy twice (for 4 PCS + 4 Android devices).

No other ad-blocking solution available today, other than Ad Muncher, will block ads anywhere...even outside one's browsers.

Cloq

  • Charter Member
  • Joined in 2006
  • ***
  • default avatar
  • Posts: 268
    • View Profile
    • Donate to Member
Re: AdGuard: the better Ad Muncher?
« Reply #28 on: June 10, 2015, 03:04:27 PM »
The Man-In-The-Middle 'attack' sure sounds scary, but it is really the only way one can intercept and manipulate HTTPS traffic in order to filter ads from HTTPS traffic. Realistically, though, how much of an 'attack' is it when *you* are the man who is in the middle? However, you can disable the feature for web sites individually or turn the feature off altogether. This is merely an optional feature for those who want to retaliate towards malevolent entitities who think it's funny embedding their advertisements in encrypted web traffic.

Explain please...  :tellme: is it generating local machine certificate (based on your machine) or are you trusting an Adguard (company) certificate?

Jibz

  • Developer
  • Joined in 2005
  • ***
  • Posts: 1,126
    • View Profile
    • Donate to Member
Re: AdGuard: the better Ad Muncher?
« Reply #29 on: June 10, 2015, 03:48:22 PM »
From their knowledge base:

https://kb.adguard.c...in-portable-browsers

Quote
It's no secret that since version 5.7 Adguard is able to filter secured connections (https).

For proper filtering of secured connections, a mechanism called Man-In-Middle is used. By the way, filtering of secured connections in the popular antiviruses works the same way. E.g: Eset Nod32 and Bitdefender.

For this method to work correctly, Adguard imports its own root certificate in certificate store that your browser uses. If https-connection filtering is enabled, Adguard automatically detects browsers installed on your computer and installs the root certificate in their stores.

x16wda

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 679
  • what am I doing in this handbasket?
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: AdGuard: the better Ad Muncher?
« Reply #30 on: June 10, 2015, 06:53:34 PM »
For this method to work correctly, Adguard imports its own root certificate in certificate store that your browser uses. If https-connection filtering is enabled, Adguard automatically detects browsers installed on your computer and installs the root certificate in their stores.
However I installed Pale Moon for testing after Adguard was in place, and almost every site I go to triggers a warning. I have not yet seen a way to make it recheck for browsers to "fix"... there ought to be a button somewhere. Guess I will resort to looking it up. <grumble>  :P
vi vi vi - editor of the beast

Cloq

  • Charter Member
  • Joined in 2006
  • ***
  • default avatar
  • Posts: 268
    • View Profile
    • Donate to Member
Re: AdGuard: the better Ad Muncher?
« Reply #31 on: June 10, 2015, 07:54:29 PM »
@Jibz

Thanks for link. Not sure how I feel about trusting an "unknown" company to be a man-in-the-middle for ssl... seems a bit risky(?)


mwb1100

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,522
    • View Profile
    • Donate to Member
Re: AdGuard: the better Ad Muncher?
« Reply #32 on: June 10, 2015, 08:12:22 PM »
Thanks for link. Not sure how I feel about trusting an "unknown" company to be a man-in-the-middle for ssl... seems a bit risky(?)

That is a concern that many people have.  However, to be able to strip ads, the unencrypted HTTP data needs to be examined.  The choices seem to be:

  - live with ads in https sessions
  - use a man-in-the-middle solution such as AdGuard
  - use an ad blocker that is a browser plug-in so that it can filter the data after the browser has decrypted it

I'm not sure of the relative security risks/benefits between the second and third options, but they seem to be somewhat similar to me (a decidedly non-expert in this area).  Maybe the third option has a smaller 'attack surface'? And I'm not sure that the trust level for a typical browser plug-in author/provider would necessarily be any higher than AdGuard's.



Cloq

  • Charter Member
  • Joined in 2006
  • ***
  • default avatar
  • Posts: 268
    • View Profile
    • Donate to Member
Re: AdGuard: the better Ad Muncher?
« Reply #33 on: June 10, 2015, 08:32:32 PM »
Think I will wait till adguard gives you a way to whitelist sites from ssl filtering.

Release notes from their current version states they are working on that:

Coming Soon:
Fully disable SSL interception for the websites using “Extended Validation” certificates. This type of certificates is mostly used by financial companies, banks, etc.


Cloq

  • Charter Member
  • Joined in 2006
  • ***
  • default avatar
  • Posts: 268
    • View Profile
    • Donate to Member
Re: AdGuard: the better Ad Muncher?
« Reply #34 on: June 10, 2015, 09:12:42 PM »
I have asked for a feature request for adguard (support forum), hopefully it will get accepted. :D

---------------
Currently it seems adguard supports ssl filtering for all ssl (minus the exclusion whitelist), this seems to be too all encompassing from a security stand point.

Please provide a way (for advanced users/settings) to allow ssl filtering *only* on user blacklist and not on all (as is currently) ssl sites. This method gives a greater degree of control over what ssl sites get filtered.
---------------

Innuendo

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 2,255
    • View Profile
    • Donate to Member
Re: AdGuard: the better Ad Muncher?
« Reply #35 on: June 14, 2015, 11:59:00 AM »
Think I will wait till adguard gives you a way to whitelist sites from ssl filtering.

They have offered this feature for a while now. I've had to whitelist a couple financial sites from SSL filtering in order for them to work correctly. Again, you can turn off SSL filtering completely if you wish as well.

Innuendo

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 2,255
    • View Profile
    • Donate to Member
Re: AdGuard: the better Ad Muncher?
« Reply #36 on: June 14, 2015, 12:04:07 PM »
Currently it seems adguard supports ssl filtering for all ssl (minus the exclusion whitelist), this seems to be too all encompassing from a security stand point.

I see what you want now. You want all SSL sites to be not filtered unless specifically added by the user, i.e. you want it to work the opposite of how it does now.

I hope if they implement your suggestion that they add it as an alternate method rather than replacing the existing one. Ad companies have stumbled onto the fact that most ad blockers cannot handle encrypted content and are moving towards HTTPS ad delivery systems. Having to trawl through web pages looking for HTTPS ad server references does not sound like fun. Heck, even using AdGuard's "Block this element" function numerous times per web page doesn't sound much like fun, either.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 7,716
    • View Profile
    • The Blog of Deozaan
    • Read more about this member.
    • Donate to Member
Re: AdGuard: the better Ad Muncher?
« Reply #37 on: June 27, 2015, 05:21:18 AM »
I just dealt with an issue where any HTTPS site in Firefox told me the connection was untrusted. I narrowed it down to Adguard's MITM feature to deal with filtering ads on encrypted traffic.

This knowledge base article didn't solve my problem, but linked me to some instructions on how to manually import the certificate in Firefox. HTTPS traffic appears to be working again now.




Below are some search terms I used while trying to find a solution, which will hopefully help others find this thread if they experience similar issues:
  • all https sites in firefox are untrusted
  • "This Connection is Untrusted" for all https sites in firefox


Innuendo

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 2,255
    • View Profile
    • Donate to Member
Re: AdGuard: the better Ad Muncher?
« Reply #38 on: June 28, 2015, 12:47:38 PM »
The AdGuard installer is supposed to take care of that certificate installation on Firefox, but sometimes it doesn't install it like it should. This is also an issue in Pale Moon.

It's a very irritating error. It's easy to fix, but it's hard to find the solution because at first glance you don't know what terms you should use in your search to zoom in on the solution.

Glad you got it figured out, though. I didn't have an easy time the first go-around with this scenario, either.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 7,716
    • View Profile
    • The Blog of Deozaan
    • Read more about this member.
    • Donate to Member
Re: AdGuard: the better Ad Muncher?
« Reply #39 on: June 28, 2015, 01:50:35 PM »
The strange thing is that I've been using AdGuard on my PC with Firefox for weeks, if not a couple of months, and everything was fine. Then one day after a reboot, all HTTPS traffic in Firefox was broken. And since I generally only visit one site via HTTPS in Firefox, I thought it was an issue with the site's CA for several hours before finally realizing every HTTPS site I tried to access was giving me similar errors.