I give up here, wall of ignorance here. I'll write an article next how insecure AdGuard is with code examples any then everyone freaks out. I already warned you, no one wanted to listen okay now we going the hard way and I publish it.
We sure will implement it. My point is that we don't want to have it enabled by default unless it is finalized so that we didn't run into the same issue as Chrome did (which made them roll it back, look for bluecoat issue). Anyways, this question will be resolved in a few months from now.
I really don't understand what did I do to cause such an aggression. Let me please describe the situation as I see it: 1. Do we plan to implement TLS 1.3 -- yes we do. 2. Do we plan to enable it right away -- not unless we are sure it won't break anything. Two options: protocol is finalized or Chrome starts using it by default, hence makes it finalized de-facto. 3. Why so? Because I am afraid of possible incompatibilities between different draft versions. At the moment, the only browser having it enabled by default is FF. Chrome - disabled, Edge and Safari - not implemented. If you suppose, that we should act faster and have it enabled in coming v6.2, please tell me what's wrong with my way of thinking. Anyways, to make point 1 clear enough, we'll add a TLSv1.3 flag to advanced settings (disabled by default) and see how it goes through the beta test: https://github.com/AdguardTeam/AdguardForWindows/issues/1737
Okay, I'll bite. What would you recommend then, exactly? It looks like the Adguard developers are going to fast track TLSv1.3 support in the 6.2 beta, but it'll be disabled by default with an option to enable it via the advanced settings. This is a good first step, no? Having it enabled by default *might* be problematic due to the aforementioned issues between draft 18 and draft 20. That said, a plan should be put in place to gradually enable TLSv1.3 as it's being tested and any bugs encountered are ironed out. Doing everything at once and enabling it for everyone without having any testing period would be very foolhardy, which is exactly what Google has been doing by experimenting with enabling it by default (then disabling it once they had issues for the time being - AFAIK it was only pushed out to 10% of Chrome users before they stopped it for the time being). @avatar, I would suggest having a blog entry covering Adguard's plans in regards to dealing with TLSv1.3, HTTP/2, QUIC, Brotli (which is supported in 6.2), the fact that HTTPS filtering uses an obsolete key exchange, etc. This would help a great deal, in my opinion.
Agreed. You know, I can understand why @CHEFKOCH is disappointed. He seems to be very concerned about encryption, sets up FF to use maximum strict rules and then he finds out that there's a TLS proxy (Adguard) that basically ignores his FF settings. Frankly, I thought that as a developer he understands all the drawbacks. I guess I was wrong and not understanding that it could be a surprise, sorry for this. We'll start with writing a very detailed article on what HTTPS filtering is, what are the known issues with it and some kind of a timeline of what we're planning to do with it.
Yes, but Adguard is an adblocker before all, not an encryption software. You can't compare Adguard with HTPPS Everywhere. I am using Adguard because it blocks ads very well, not for for its encryption.
I'm sure this has been asked and answered before but searching could take some time. What is the difference between the Windows installer, browser extensions and the DNS service? Thanks!
Great, now adblockers are going all "bells and whistles" like the AV solutions, what next avatar, AdGuard with a registry cleaner!
https://adguard.com/en/adguard-windows/overview.html https://adguard.com/en/adguard-adblock-browser-extension/overview.html https://adguard.com/en/adguard-dns/overview.html#overview
Yeah, I've seen all those links but I must be missing something. I can't see anywhere a comparison between them all.
- Desktop version : work at system level, means with every browsers present and supported; have more filters, more features (stealth Mode, HTTPS filter, Parental control, etc...) - Browser extension : just work on the browser you installed it. - DNS : block ads a DNS level; no filter choice, no installation of any sort.
Thanks! OK, that's what I thought. So for me, Adguard DNS is the best choice for now. At this point I doubt I've give up uBO in my browsers but perhaps in time...
HTTPS is a very sensitive topic and you cannot be light on Adguard because it is not an antivirus. Actually, we do it quite good, better than most of the antiviruses tested back then (there was a link to the research). However, we still do it worse than FF or Chrome (not critical, but anyway) while we must keep up with them (we'll cover the details in the article I've promised). That's not just about ad blockers. This is about all the software doing HTTPS filtering (mostly AVs, but some ad blockers also do it). Security community was always focusing on browsers while ~15-20% of overall traffic belongs to all sorts of HTTPS proxies (mostly AVs), which were not examined that thoroughly. This lead to a hell of a lot of issues found during the recent research.
@avatar it is not being light, only being fair with you, Adguard main goal and priority is blocking ads, if it also help securing traffic, good for us but people shouldn't bash AdG's devs just because they are not at the front line implementing the latest tech. Because AdG does encrypting traffic, i could remove HTTPS Everywhere from my browsers, one less extension
Oh, you shouldn't confuse things, Adguard does the very same thing as you browser does -- HTTPS connections would be encrypted with or without AG. HTTPS everywhere is a very useful extension anyway.
In addition to what @avatar said, HTTPS Everywhere does not encrypt anything. It only enforces the encryption protocols already present in some websites, websites that have elements that are "secure-ready" but disabled (HTTPS Everywhere enables them, by force).
yes i know that, i'm not confusing, maybe my wording were unclear yes i read it on HTTPS-E site. in fact i believed ADG also enforce HTTPS on unsecure sites, don't know where i got this idea...
Nope, it does not. Although, there was a feature request asking us to embed HTTPS everywhere functionality in AG. We can do it, but for this we'll need to either develop our own set of rules or use the ones HTTPS-E provides, which we can't as it is GPLv2.
Well, it's a little more complicated than that. Ad blocking browser extensions are subject to the limitations of each web browser extensions API. HTTPS Everywhere is a completely different thing than what's being discussed here in regards to HTTPS filtering, IMO. There seems to be some confusion here. TLSv1.3 (once finalized) will be the newest version of TLS (Transport Layer Security). Adguard supports TLSv1.2 right now, which is used by the majority of websites out there for HTTPS so supporting TLS is essential for HTTPS filtering. TLSv1.3 is the newest iteration of TLS which in the working draft stage, meaning it's nearing finalization (draft-20 is the latest). OpenSSL already supports it on the Git source code repository (won't have official support until it's finalized and OpenSSL v1.1.1 is released). The problem is Adguard doesn't support TLSv1.3 yet due to it still being in the working draft stage and OpenSSL didn't support it until recently. That said some web browsers (Firefox and Chrome until they stopped enabling it by default) opted to enable TLSv1.3 support which only a handful of websites support right now. But now TLSv1.3 support is being fast tracked for the 6.2 beta, which will be disabled by default and can only be enabled via Adguard's advanced settings. It was not support it yet (since it's not even finalized, OpenSSL didn't support it until recently and Firefox rushed support out in NSS, then Chrome also turned it on until issues were found with it) is the issue being brought up here. IMO, this issue is kinda trivial right now since half the web browsers out there don't support TLSv1.3 yet (Edge and Safari), it's not even finalized yet nor is there an OpenSSL release yet outside of the Git source code repository which supports it and finally few websites support it. But I guess it's good to be on top of the latest and greatest things, right?
Of course, i made a simple explanation for the question asked, the member just wanted to know the basic differences. yes, i thought AdG filters also worked the same way. Indeed, there is no rush to implement 1.3, it is what i said earlier in the debate.
Adguard for Windows will not update. It starts, goes for a few minutes with an extremely slow download, and then says again that I need an update. No change in version number. Also, in twenty years of internet use, I have never seen such a slow website and forum as Adguards. Can anyone help me? Many thanks,
