Adguard - Ad Blocker

Discussion in 'other software & services' started by Tyrizian, Mar 2, 2013.

  1. guest

    guest Guest

    I don't know what is your definiton of SSL/TLS because wilders does use it.
     
  2. guest

    guest Guest

    So much of personal data in chrome.adtidy.org :rolleyes:
     
  3. guest

    guest Guest

    oh ? seems they finally implemented it, before i had to enforce it via an extension.
     
  4. guest

    guest Guest

    been this way since I signed up here and before that too :cool:
     
  5. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,443
    Location:
    U.S.A.
  6. guest

    guest Guest

  7. guest

    guest Guest

  8. avatar

    avatar Developer

    Joined:
    Jan 18, 2014
    Posts:
    1,048
  9. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    Again that are excuses. And when it's not https filter - what's next? Draft no draft, the fact that stable Browser already using it and you say it's not true is simply wrong. I not have any trust in AdGuard or the developers anymore with such statements. That's not professional. Professional would be to work with browser updates and inform people. When people like Comish and I not inform other people about this no one ever had noticed it. For a 60 dollars product I expect 'more'.

    Since there is no source code it's difficult to check, the HTTPS filter works global based not only browser based from what I know. So when you include (manually) e.g. IDM or other tools it could be a risk. And you know that.

    That's a lie. Download Chrome and/or Chromium and check your mentioned page, shows TLS 1.3. supported. In Chromium source code it's still shows Draft 18. So work in process or not it's there. There is only (because compatibility / test reason) chrome://flags/#ssl-version-max left. And this gets also removed soon.

    I laugh at this, this can happen with other protocols too. The thing is that the server needs to implement/support it and that's the culprit not the client.

    You never said you guys working on it, it's never mentioned and there is no warning a user get that certain protocols aren't supported. Brotli, HTTP.2, TLS 1.3, .... There is no transparency, information and nothing except useless GitHub issue tickets without any source to check against. I could right now destroy the entire AdGuard product with 50 or more bugs and problems (some of them are also known since 1/2+ years) but I don't this one is only one little example.

    Yet another GitHub without any source? How is that helpful. Maybe consider if you not want to release any source code to use Mantis instead. I mean a lot of people wasting their free time with debugging and testing without anything, this entire 'we not release anything' is not good. Some components like https filter aren't problematically to release as open source, then we could talk directly with code samples.


    Please stop talking at this point you don't even know what TLS 1.3 improved and now you say something without research. Comish already gave an example. Cloudflare is one big provider for TLS 1.3, the only thing is that it's (yet) still optional opt-in. But again when it comes to security you have to do the maximum possible configuration.
     
    Last edited: May 7, 2017
  10. avatar

    avatar Developer

    Joined:
    Jan 18, 2014
    Posts:
    1,048
    1. FileGuard does not scan web pages content and all the resources loaded over https.
    2. URL protection in the extension works asynchronously and cannot really block a web request execution.

    So, I don't see how a user can be protected from a javascript exploit loaded over https.

    It might be a great antivirus. It's just there is an attack vector not covered at all.

    The browser is a whole different question.
     
  11. guest

    guest Guest

    I read the whole issue behind it.The bug was for Adguard Android, why port it to Adguard Windows? and if the bug was present in AGW, why not fix it? also I understand AMO being excluded but why your own servers?
     
  12. avatar

    avatar Developer

    Joined:
    Jan 18, 2014
    Posts:
    1,048
    @CHEFKOCH
    Please, calm down and let's have a civilized discussion instead of this.

    The issue exists for every version of FF (win, mac, android).

    Domains listed there are used as popular update channels. Please note, that some add-ons might be using their own update channels (like AG add-on for legacy FF versions).
     
  13. guest

    guest Guest

    Can't say for Mac or android but I can say for win version.
    Never had a problems with any of my addons, they updated, download, installed and worked like they should and I always delete those exceptions as part of my inital setup. So atleast for win version the theory doesn't work out.

    Also what happens if the user is chrome or chrome based browser, and uses the adguard browser extension only,it doesn't get those exceptions then? He shouldn't as per the argument above.
     
  14. avatar

    avatar Developer

    Joined:
    Jan 18, 2014
    Posts:
    1,048
    Please, do not change my arguments.

    I said that TLSv1.3 protocol is a draft. Is that true? Yes, that's true for sure.
    It does not change the fact that FF supports the TLSv1.3 draft and has it enabled by default.

    Btw, that's why a separate repo. We're planning to open source parts of it, starting with the SSL verification library once it is ready. Should make it easier to check everything.

    Again, please, calm down. There's no need for insults.

    I usually check before saying something:
    https://monosnap.com/file/yZdRsZCBGdeDGtlc685ol5UL8bF9GG

    If it is different in your case, I'd like to know what exact version of Chrome do you have?

    It cannot happen with other protocols because they are stable.

    The situation I am afraid of:
    Browser supports draft-XX
    Adguard supports draft-XY
    Server supports draft-XZ

    With how fast things change this situation is possible.
     
  15. avatar

    avatar Developer

    Joined:
    Jan 18, 2014
    Posts:
    1,048
    Frankly, it's not that hard for us to start supporting it. Compile with a newer openssl and change a few lines of code. What's hard is to test it properly. You see, the situation for TLS proxies is a bit more complicated than for browsers, we should test much more scenarios: different pairs of clients/servers. Which is quite hard to do when there are different draft versions of a single protocol out there.

    Regarding warnings and transparency. Do you want us to list all the known issues/fallbacks in a knowledgebase article?

    Nope, https exclusions have nothing to do with the browser extensions.
     
  16. guest

    guest Guest

    So only the program and app are buggy that you have to provide for exclusions?
    Free product - bug free and paid product = buggy? :eek:
     
    Last edited by a moderator: May 7, 2017
  17. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    What we talking about when every browser already supporting it? And Cloudflare (together with Google) also support it [already]?

    You link points to an beta version not a final product. Besides this you can had compiled it manually. I'm in the Chromium developer team and we use same source base like Chrome. So I think I know a little better, that it's there since mid last year.

    Brotli is stable now since over 2 weeks.... Nothing has mentioned, there is ONE GitHub issue ticket but no announcement on a blog post or any 'roadmap'. There is a changelog which no one read (not the normal user [because he downloads and execute the setup.exe and that's it]) [which is visible only after the work was done].

    You're entire 'draft' excuse here has no power if you see the source nothing really has changed from latest 'beta/draft' to stable, as said stable is a relict from XP times. Internet changes daily so every tool needs to be changed.

    What I expect is transparency, you guys did lied here and in the past, this is not an insult it's fact. Saying I sould came down makes it more worse instead of accepting the fact AdGuard made several huge mistakes. It never mentioned anything before for the mass and it doesn't matter if you guys internally working on it because how we should know without source or roadmap?!

    Instead of talking now with me and others,how about a making a blog post about critical know issue + roadmap?! This also would avoid such discussions.

    I expect a 'sorry' here not more excuses. It makes it (as already said twice now) more worse.
     
    Last edited: May 7, 2017
  18. guest

    guest Guest

    LOL don't become aggressive because people doesn't go your way... cooldown mate...
    And for your info , i did my research , and i was more focused to find what has been added, i overlooked that they only removed obsolete stuff, which is obvious and mandatory to me; now if this a huge innovation for you, i'm fine with that but don't look down people because you assume they didn't know. Thanks.

    I agree, but TLS1.3 is still considered experimental so they are not wrong.
    As a company, they shouldn't implement things that they have not properly tested based on their criterias, not yours. If they estimate they are not ready to implement a feature yet, it is their right. Whatever we like it or not. You can't push experimental things on stable version of a software, simple as that.
    If TLS1.3 was implemented on Adguard beta , i won't see any problem at all. In fact i wish TLS1.3 is pushed on Adguard betas versions.

    Now i understand your point that if TLS 1.2 is enforced while TLS1.3 is "usable", they should inform people. A small notice on the GUI via the "?" next to the feature would be enough.

    On latest Chrome stable v58, TLS1.2 is the default, but the user can change it to TLS 1.3 via Chrome:/flags/#ssl-version-max
    check screenshot below
     

    Attached Files:

    Last edited by a moderator: May 8, 2017
  19. guest

    guest Guest

    'Criteria' in itself is a plural word. :p

    What do you think they have been doing all this while?
    https://github.com/AdguardTeam/AdguardForWindows/labels/Bug
    There are 22 labels in this repo. I just picked out the one named BUG, there are 95 open issues related to this label alone which you would expect gets highest priority. But don't think so it happens @Adguard as you will see the earliest of those is close to doing it's 2nd anniversary there.

    Also, do check out the other 21 labels. So would you still say that Adguard stable itself is not experimental?
    What's more with the beta section out in open and bugs being discovered and not being solved for a considerable time, doesn't it put you at risk?:eek:

    And everybody just forgot about Adguard allowing sites with revoked certificates.:p
    It happened with grc test after which they said they fixed it out but it happened again with badssl test site. ETA - unknown. This clearly shows they made site specific/case specfic workaround and not fixed/solved the problem.
     
  20. guest

    guest Guest

    lol yes , bad French habit to put "s" everywhere for plural forms :p

    That is present in every software (comodo even have a 10+ years old bug...) , if devs have to fix all issues/bugs before releasing a product you won't have much softs to use...i don't say it is normal or excusable, i just say it is how it works.

    There is minor (GUI, etc..) and major (security, vulnerabilities, etc...) bugs. all softwares and OSes have them. I can live with the minor ones, i'm more interested with the fixing of major ones.

    That is their problem, not mine, if i feel unsecure with a product , i just ditch it; i won't waste my time crossing blades with the devs , after all it is their product and i'm not paid to police them.
     
  21. guest

    guest Guest

    Exactly my point, stability is a myth, nothing but change is permanent. So, you agree we are all experimental after all.

    For me, bug fixing takes priority before anything, even adding features.

    But you as a consumer, do pay for those products. And if it is not satisfactory won't you complain?
     
  22. guest

    guest Guest

    in pure rethorical side, yes. But in practice, you know that a company won't release something they believe will create more issues (and support tickets) than something "cleaner".
    I am a closed beta tester for several products (AdG included) and all of them have "unfixed" well known bugs, most of them have low priority and will surely not be fixed until months.
    Now you can't just jump at the dev's neck and force them to fix/implement what only you estimate is crucial. They are more than aware of the issues but the priority may not be high enough to them (like the whole TLS debate we have).
    As a closed beta tester, i'm used to submit issues/suggestions, the severe one are fixed quite fast while other are delayed. Also, the number of staff, resources available, release timetable, impact on users are factors that influence the priority of the fixes/implementation.

    So do i. Now in our debate, does implementing TLS1.3 in AdG right now is prioritary? i don't think so. After all AdG is a adblocker , not a traffic filtering security soft.
    Does AdG should inform that its filter based on TLS1.2 will take precedence over TSL1.3? yes , but we are not devs, and only them will decide what is best for their business.
    We disagree and feel unsafe using the said soft, we ditch it, simple as that.

    Obviously, i would, but before buying i would do researches, use trials, and read others customers reports on the product forum.
    Normally then, you can decide to buy or not; if you buy despite the known bugs and issues , you can't complain too much.
     
  23. avatar

    avatar Developer

    Joined:
    Jan 18, 2014
    Posts:
    1,048
    Point taken, we live without a public roadmap for a long time.

    "Brotli" support is in the release notes:
    https://github.com/AdguardTeam/AdguardForWindows/releases/tag/v6.2.346.1819-beta
     
  24. guest

    guest Guest

    @avatar , does implementing TLS1.3 in the next betas is feasible or you estimate it is not "safe" enough yet?
     
  25. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    Wow CHEFKOCH calling people a "liar" and all your anger, its not really adding any kudos to your thoughts and opinions, settle down, its not exactly life changing problems your tackling here.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.