News and Reviews > Mini-Reviews by Members
AdGuard: the better Ad Muncher?
x16wda:
For this method to work correctly, Adguard imports its own root certificate in certificate store that your browser uses. If https-connection filtering is enabled, Adguard automatically detects browsers installed on your computer and installs the root certificate in their stores.
-Jibz (June 10, 2015, 03:48 PM)
--- End quote ---
However I installed Pale Moon for testing after Adguard was in place, and almost every site I go to triggers a warning. I have not yet seen a way to make it recheck for browsers to "fix"... there ought to be a button somewhere. Guess I will resort to looking it up. <grumble> :P
Cloq:
@Jibz
Thanks for link. Not sure how I feel about trusting an "unknown" company to be a man-in-the-middle for ssl... seems a bit risky(?)
mwb1100:
Thanks for link. Not sure how I feel about trusting an "unknown" company to be a man-in-the-middle for ssl... seems a bit risky(?)
-Cloq (June 10, 2015, 07:54 PM)
--- End quote ---
That is a concern that many people have. However, to be able to strip ads, the unencrypted HTTP data needs to be examined. The choices seem to be:
- live with ads in https sessions
- use a man-in-the-middle solution such as AdGuard
- use an ad blocker that is a browser plug-in so that it can filter the data after the browser has decrypted it
I'm not sure of the relative security risks/benefits between the second and third options, but they seem to be somewhat similar to me (a decidedly non-expert in this area). Maybe the third option has a smaller 'attack surface'? And I'm not sure that the trust level for a typical browser plug-in author/provider would necessarily be any higher than AdGuard's.
Cloq:
Think I will wait till adguard gives you a way to whitelist sites from ssl filtering.
Release notes from their current version states they are working on that:
Coming Soon:
Fully disable SSL interception for the websites using “Extended Validation” certificates. This type of certificates is mostly used by financial companies, banks, etc.
Cloq:
I have asked for a feature request for adguard (support forum), hopefully it will get accepted. :D
---------------
Currently it seems adguard supports ssl filtering for all ssl (minus the exclusion whitelist), this seems to be too all encompassing from a security stand point.
Please provide a way (for advanced users/settings) to allow ssl filtering *only* on user blacklist and not on all (as is currently) ssl sites. This method gives a greater degree of control over what ssl sites get filtered.
---------------
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version