wow...thats pretty dangerous. I didn't even know decrypting HTTPS is thing. Why would they even need to build this in the app?
heads up, new app Portmaster is FOSS and monitors your network. No mac version though
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Best Mac Adblocker for PRIVACY and data protection? [MERGED]
- Thread starter Silly John Fatty
- Start date
- Sort by reaction score
wow...thats pretty dangerous. I didn't even know decrypting HTTPS is thing. Why would they even need to build this in the app?
heads up, new app Portmaster is FOSS and monitors your network. No mac version though
Honestly, just get a Raspberry Pi (some minimal version) and run PiHole on it, or put it on a Windows Docker image and put it on your Plex server in the corner over there. It’s easy, and fixes the ad problem.
I’m doing a network re-architecture this weekend (& next too, probably) on my network, and I had to flip DNS to “just” a normal DNS server (OpenDNS) with very minimal (adult crap, guns, etc.) blocks available. It’s stunning the difference the PiHole makes and the sheer amount of ads I now see (without it).
Having an app per-machine strikes me as a very annoying solution to the problem (although laptops at coffee shops, etc. - I understand that). A network wide block solves the entire problem forever (or, at least, until you have to make network changes).
Their point is that they need to read your stuff so they can ban ads at a https level. Like Youtube ads are https encrypted thus a lot of blockers can't block them. Decrypting your data makes them able to block it. IMHO this is a bad trade. You are giving access to all your data for blocking some annoyances.
Yea but Pihole isn't able to block Youtube ads or EU cookie stuff, right?
This. So this. I would never dream of allowing full traffic decryption via certificate installation. THat’s crazy, no matter who gets it.
I confess I don’t know what EU cookie stuff is, but if YouTube ads are in the video stream, and not a separate ’thing’; you’ll need something that can inspect your traffic to handle that. Then you have the problem above, unless they just look at YouTube.
I avoid the issue by (mostly) avoiding YouTube.
In the European Union every website is forced to notice a visitor about the cookies that are saved. The purpose of the law is to protect the privacy of website users by requiring website owners to obtain informed consent from visitors before storing or retrieving any information on their device, such as cookies.
This sounds great but it ended in every website asking you for cookie saving consent. Every time you visit. By popup. In your face. Even if you save it. And it doesn't protect anything because if people visit a website because you want to view it, most of them will press "yes" to all. Just to view it.
And if you install it on Windows, it automatically disables Windows telemetry features. They haven't done anything shady yet in their years of being on the market.
How do you know that? They haven’t done anything obviously shady. But you can never know. Recently all personal data of everyone in my country was stolen because of a mistake by an employee of the National tax service. So… It doesn’t even have to be their fault. But they are messing with stuff on your computer they should not. And there isn’t even a need for it. Other products show that it works without root certificate.
It may be a pain and may be ignored, but isn’t it user minded that there should be a positive ability to opt out of cookies?
Yup, I quoted what they wrote about that part somewhere on the first pages of this thread. I still have it running, however. Beacuse I have to admit, the ad-blocking abilities are great. But it's not a permanent solution. I think it's shady and not clean enough.
I think it may be marketing. You make a tiny, irrelevant part of your services open source, then you can claim you're open source and people associate your brand name with the words "open source". Then you proceed to subconsciously get a picture of that company as honest, "green" and trusthworthy, protective to your personal data.
In reality you may be supporting/financing Russian terrorists and murderers, killers of democracy. Who knows. I know nothing about the company, they may very well be honest and good guys, who knows. There's plenty of great Russian people too, let's not forget. Maybe that's these guys …
So does anyone have a solution that's
1) open source
2) not as invasive to your privacy as AdGuard
3) but as effective in ad-blocking as AdGuard
4) as simple to set up as AdGuard and not as complicated as this whole piHole thing, which does seem to require expert level knowledge
There very well may not be anything out there that fits this criteria.
I'm wondering if, as a community, we would manage to build such an Ad-Blocker. People could discuss what they want, make a featurs wish list, people could voluntarily donate, and we could use that money to develop an app. I don't nothing about programming, but we could pay someone. People would buy the AdBlocker and the money would be used to keep the thing updated and running and developping new things when needed.
We could make that ONE ultimate AdBocker - once for all times. Completely transparent. REALLY privacy-friendly. Effective, simple, affordable. Organised and financed as a democratic institution by all who are interested in it …
Yes, and most people I know will actually not click on "Accept" but on Deny. So do I. Some websites don't allow that however.
I just wish there was a way in Safari to set it to deny all cookies forever. Basically that works by blocking all cookies in the Preferences. But a white list feature is missing. Because on some sites like this one here you want those cookies. But in 99% of the time you don't. Maybe that feature is available in newer versions of OS X, I still have 10.13 so I may be missing something.
Have you heard of Kickstarter? You can lead the charge on your idea and use Kickstarter to raise funds. You will get exactly the product specs you want and none of the features you don't want.
I take privacy and security very seriously. But for me, I'm not sure an ad blocker created through an Internet-wide crowdsourced project doesn't merely trade one set of weaknesses for another. I do think it could be a good project for members of a local MUG (Mac User Group) or for people who know each other personally. The recurring theme of this thread still applies: trust. A crowdsourced security application, utility, or plugin requires hiring coders who can be trusted, trustworthy people willing to review and maintain all aspects of the product, and a secure, trusted way to distribute the software. All of that is a lot of work and requires levels of trust I don't have with people I only know online.
There is a distinction between being paranoid and careful. Lets say we are talking about your physical mailbox in front of your house. Everyday you come home and it is stuffed with ads and you need an hour to sort out important letters and stuff. So you put a sticker on it: no commercial flyers and stuff. This will keep away 80-90% of annoyances.
Then there is this company that promises to keep away everything, but to do it, you have to give them the key to your house and the allowance to read all your letters. Will you do it?
People are less careful when it comes to computer stuff but in reality if you do online banking, shopping, Paypal, crypto, you may have a lot to loose.
Yes it should be. But imagine you want to visit a page asap. And then you can choose: accept all cookies or click through a plethora of text and cryptic options. It's like reading the EULA of a computer game you will play anyways, no matter what.
Be aware that there is the possibility that someone can read your banking data and crypto or other stuff you do with your computer.
Firefox and Ublock Origin or Brave Browser as others have stated.
Firefox&Ublock works as well as Adguard and Brave Browser seems to be a little bit better even.
With Safari you are limited, but this is Apple. They are restrictive with their way and this is good and bad. As others have stated, with a good VPN like Mullvad or IVPN combined with a non invasive content blocker you have the same ad blocking capabilities as Adguard but with the added privacy of a VPN. This is your choice. There is no other.
A content blocker like Wipr works for 99% of all ads.
You can use this page to test any adblocker and VPN for their blocking ability:
I've been using AdGuard for years and there's no record of them online doing anything nefarious with user data. People are so afraid of everything that they use nothing.
Please share with me how you think AdGuard is invasive to your privacy with evidence to prove your claims other than fear-mongering. There aren't any apps on the market that do what AdGuard does.
So...your argument is because there's no record of something (ie it's not public knowledge, or you personally aren't aware of it) that it doesn't exist / didn't happen?
As shown, it installs certs on the local system allowing AdGuard to read your IP traffic, decrypted.
Maybe that should tell you something, eh?
And your argument is to provide zero evidence of something and base everything on skepticism without proof? It could very well be a nefarious company. But nefarious companies tend to be outed pretty quickly on the internet. I don't see any evidence of this being the case anywhere, even though it's possible.
It has to read unencrypted traffic in order to block ads and things before they reach your computer / browser. So I don't see what point you are trying to make. All ad blockers have access to this information and it's up to you to trust those ad blockers. So again, it's a matter of trust. If you don't trust them, that is up to you. And that is perfectly fine.
It doesn't tell me anything one way or the other. You haven't stated an actual reason why AdGuard shouldn't be used or trusted.
Let's imagine they have the best intent in the world. Then an administrator in the company with privileged access gets a keylogger on her machine, and then someone else can break in. What stops them from reading your data, including your passwords?
Put it this way: Why would you ever want your data out there on the internet?
The technical requirements of a given solution (being negative / risky) should, in most people's minds, serve as a reason not to use it. Yet I see you writing above that it's not a reason to exclude the product. That's ... unexpected.
All ad blockers do _not_ have access to this information. That's the key point you seem to miss. PiHole, for instance, just relies on DNS blocks; it knows exactly nothing about your personal data. Sure, it knows where you GO (or, where you would have gone) but it doesn't see your actual data. That's the difference.
That absolutely has been done. Anything that installs certs on your localmachine is a big deal. I hope you now see the implications and the differences in this and a more typical ad block product.
Just use PiHole. It does almost everything this does, is constantly updated, and can't pass userdata anywhere. And it blocks your entire network. And when off network, just browse with Brave. That, honestly, is sufficient for most. Want a bit more? Get OpenDNS and point PiHole to OpenDNS too.
You can read a bit more about how HTTPS traffic is filtered here:
adguard.com
Everything about HTTPS filtering in Adguard
This post is intended for more advanced users and meant to provide a detailed description on the HTTPS filtering and why it is essential in Adguard...
None of this means anything. It's all hypothetical and you still haven't shown that AdGuard is a nefarious company. I have Pi Hole running on my network on a Raspberry Pi. It's great, but not complete.
I use Brave as well. On my computer and on my phone and I use a VPN.
OpenDNS is garbgage.
like any researcher. Look it up on any search engine.
adguard is recommded by privacy enthusiasts:
DNS Resolvers - Privacy Guides
These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration.www.privacyguides.org
Best Encrypted DNS in 2025: Protect Your Browsing Privacy
Secure your internet browsing with encrypted DNS resolvers and clients. Choose from the best privacy-focused options available.www.privacytools.io
if you are still paranoid, PiHole is your answer for a network wide adblocker without browser extension.
So google it?
So you don’t know why?
Confused
We can agree to disagree on the AdGuard risk; let's set that aside at least for the moment.
How is PiHole not complete? How do you have it set up, and what does it lack? We've mentioned pre-roll YouTube ads; what else?
Then it sounds like you should be very well protected.
How so? I like it because it gives easy logs and can easily block categories of things I don't want. It isn't marketed or intended as an ad-block service.
Almost all software / apps that did anything nefarious outside of the world of malware had a clean record and were trusted by a wide base of users.
- CCleaner: CCleaner is a popular system optimization and cleaning tool. In 2017, it was discovered that the software had been compromised, and a malicious version had been distributed to users. This version included malware that allowed attackers to access users' systems and steal data.
- Avast: Avast is an antivirus software that has been accused of collecting and selling user data. In 2020, it was discovered that Avast's browser extensions were collecting user data, including users' browsing history and search queries. The company later announced that it would be shutting down its data collection subsidiary, Jumpshot.
- Weather Channel App: The Weather Channel App was found to be collecting and selling users' location data without their consent in 2019. The company later settled with the Federal Trade Commission (FTC) for $5 million over the allegations.
- Avira: In 2021, Avira, an antivirus software company, was found to be collecting user data without users' consent. The company was collecting data on users' internet browsing habits, including the websites they visited and the search terms they used.
- Norton Utilities: Norton Utilities, a system optimization tool from Norton, was found to contain a critical security vulnerability in 2016. The vulnerability could have allowed attackers to take control of users' computers.
- McAfee: McAfee, an antivirus software company, was found to be vulnerable to a serious security flaw in 2019. The flaw could have allowed attackers to take control of users' computers and steal sensitive information.
- LastPass: LastPass is a popular password manager that was found to have a security vulnerability in 2019. The vulnerability could have allowed attackers to steal users' passwords and other sensitive information.
This is NOT true. As others have pointed out, there are a lot of possible and more secure combinations, that do exactly what AdGuard does or goes even beyond and does more.
Again, try this link:
Test Ad Block - Toolz
A lot of people on Reddit got worse results with Adguard than with content blocker & VPN combination. Using WIPR & Mullvad I get 99% blocked.
NO. Content blockers don't read your unencrypted traffic. DNS filters don't have access to your information! They block ads by word filters. Adguard promises to block the extra 1% that isn't blocked by those filters by reading all of your data.
Your statement is wrong.
It's always all hypothetical till it's not. No one has to prove that AdGuard is a nefarious company. If there would be evidence we wouldn't even discuss it here. It's not about Adguard being nefarious. It is about the potential risk that comes along with a root certificate.
A root certificate that is not needed, because there are other ways. Try it the other way round: Why do you think they are trying so hard to sell you a feature that adds maybe 1-2% better ad blocking while needing a root certificate to do it?
In the best case scenario it's just about marketing. They want to sell you that one feature that others don't have by potentially compromising your system.
In the worst case they have access to all your data.
I have one and another running redundant. Problem with PiHole is that its more expensive solution and harder setup for the average person. typing DNS number in the router settings is much easier (Free options at ControlDNS + Adguard DNS). One thing you have to deal with is that Pihole's tend to fail sometime at software or hardware level. So thats one extra thing you need to maintain.
DNS blockers are also unable to block everything like youtube ads
ah I see bad trade indeed. Ublock origin solves the problem.
How can I check if my system has any certificates that decrypt https?
@foo2
Consent-o-matic plugin
Needs an "always opt-out when asked" as option being set as default
Enjoy the read
What’s the most secure Web browser? | Brave
In this article, we'll define what makes a secure browser, and look at some of the best secure browsers available today.
5 Most Secure Browsers Today
If you are not careful, advertisers, hackers, governments and corporations can follow your online activities click by click. What is the best way to prevent this? One method is to use a secure browser that allows you to reclaim your right to privacy by protecting your identity online. Here is a l
www.forbes.com
Brave deemed most private browser in terms of 'phoning home'
The new Microsoft Edge and the Yandex Browser deemed the most data greedy.
www.zdnet.com
You can use this page to test any adblocker and VPN for their blocking ability:
Something wrong with that site. Says I have ad domain coming thourhg (ex. ads.tiktok.com) but its on the blocklist of my pihole
This is fair. But I assume that we aren't average people, we of "I need a 32GB Mac Mini M2 Pro to open 50 browser tabs!" fame.
Docker makes for one easy solution, as long as you have an old box you can stick in the corner somewhere; no rpi required. A cloud solution that offers essentially similar functionality is also a first class way to resolve this, and then only a quick router change is required. Fully agree.
I have enough infrastructure at my house.
. I moved to VMWare ESXi for running stuff. Put it in my cluster, it's done and managed until forever.Agreed. I've pointed this out a few times as a downside of the rpi solution.
Safari with basic rpi setup: 15% blocked.
Chrome with basic rpi setup: 22% blocked
Brave with basic rpi setup: 77% blocked.
Quite a difference. If that's the key criteria (and it certainly should figure in...) then we all need to move to Brave.
Then I tested MS Edge.
Edge with basic rpi setup: 78% blocked.
Wow. That I did not expect.
Well this is odd. I just re-tested after messing a bit with my pihole, flipping to oisd's big list, and now here's what I get:
87% Safari
87% Chrome
87% Edge
96% Brave
Then I removed pihole and flipped to 1.1.1.1 DNS, a "good" DNS server:
77% Brave
16% Edge
16% Chrome
15% Safari
...wow. Everyone needs a Pihole. And if you don't, at least you should use Brave.
87% Safari
87% Chrome
87% Edge
96% Brave
Then I removed pihole and flipped to 1.1.1.1 DNS, a "good" DNS server:
77% Brave
16% Edge
16% Chrome
15% Safari
...wow. Everyone needs a Pihole. And if you don't, at least you should use Brave.