Anyone using AdGuard?
-
AdGuard DNS is an alternative way to block ads, trackers and phishing websites, and also a parental control instrument.
Supports DNSCrypt, and it's free
https://adguard.com/en/adguard-dns/overview.html
https://github.com/AdguardTeam/AdguardDNS -
I've only used AdGuard browser extension.
-
Ummmm...wut? Adding cert to local browser? Am I reading this correctly?
-
In case anyone is interested.
-
@nashbrydges can you think of a better way to do it?
-
@aaronstuder said in Anyone using AdGuard?:
@nashbrydges can you think of a better way to do it?
The problem with this is that it exposes you to a MitM attack. Here is an article about how Kaspersy AV that did this same thing exposed their users to MitM attacks.
https://www.pcworld.com/article/3154608/security/https-scanning-in-kaspersky-antivirus-exposed-users-to-mitm-attacks.htmlLenovo Superfish was an example of HTTPS scanning gone wrong (albeit an extreme example). AdGuard would decrypt your connection and therefore have full access to the session traffic. It inspects this content (reads it) and then encrypts the outgoing connection back to your PC.
Many companies do this type of https inspection via their network filtering devices or UTMs but in each case, that inspection device can read your content in order to perform the inspection.
-
yeah, fuck MitM shit.
This is why I do not like WatchGuards and such either. -
@nashbrydges I understand that. It would need to be done correctly.
-
@aaronstuder said in Anyone using AdGuard?:
@nashbrydges I understand that. It would need to be done correctly.
Even when done correctly, you now have a single exposure point instead of many hundreds. You're relying fully on 1 source to properly encrypt traffic between you and itself and then itself and the source, rather than distributing the risk across the hundreds of sites you might visit. It's easy to inspect the SSL cert validity of a website that you visit directly, not possible if you are routing via a 3rd party who is managing that connection on your behalf.
This concern would only apply to the HTTPS inspection though. Using their DNS service is like using any other DNS service.
