banner
Sayyiku

Sayyiku

Chaos is a ladder
telegram
twitter
Home归档分类

AdGuard removes ads while Clash network proxy is running.

#laboratory1813
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
AdGuard is an ad-blocking tool that also protects user privacy by blocking trackers and unsafe interfaces. It uses request blocking, page code filtering, and CSS injection and Javascript to block ads. Proper configuration is necessary for AdGuard to work effectively. It offers various filters for ad blocking, tracking protection, privacy, and social media filtering. AdGuard's filters and incognito mode help protect user privacy by blocking trackers and removing tracking parameters from URLs. The article discusses ways to prevent cross-site tracking and suggests hiding third-party referrers to maintain privacy. AdGuard is compatible with mobile devices and network proxies.

# Not Just Annoyed by Ads#

The existence of ads must have its rationality. They help producers gain returns through other channels to support them in continuing to provide works for free or to lower prices to a more acceptable range. However, some advertising methods are indeed inappropriate, sacrificing the original experience to maximize profits, which is always off-putting to users. This not only severely affects user experience but also easily leaves a negative impression on users, undermining promotional effectiveness. However, it is unrealistic to expect all advertisers to strictly regulate their behavior and adhere to standard forms of advertising. After all, in the face of enormous profits, people can act unethically.

With the help of various ad-blocking tools, a significant part of the goal is to intercept these intrusive and annoying ads. This not only ensures user experience but also saves bandwidth and performance overhead.

But it doesn't stop there; AdGuard can also fulfill the mission of protecting privacy. Perhaps you just searched for a lecture note in a search engine, and then opened a shopping app that pushes all kinds of textbooks related to that topic. For those who care about personal privacy, this is intolerable. I hope as little of my privacy as possible is known to others.

While intercepting ads, AdGuard can also block some trackers. When we browse the web, we not only send requests but also transmit a lot of additional information, such as the IP address at the time of access, the browser and system information being used, language preferences, the previous website visited, and even read cookies to learn more information. Ad networks use this information to determine "you" are you, building a model about you for more personalized pushes.

To eliminate such phenomena, AdGuard not only blocks trackers but also intercepts certain unsafe interfaces, blocks connections between websites, and forges browser information, among other things. These are difficult to achieve with plugins and rules alone, which is one reason I chose to use it.

# How AdGuard Does This#

Compared to traditional ad-blocking plugins, AdGuard also mentions in their KnowledgeBase that AdGuard mainly achieves ad blocking through the following three methods:

  • Request blocking: This means blocking certain connections according to rules to achieve ad blocking. When a webpage loads, certain elements request other resources. AdGuard checks the requests against the rules, and if they hit ads or trackers, it intercepts them to prevent loading.

  • Page code filtering: Before a webpage loads, AdGuard first filters the webpage source code according to rules and removes any code containing ads. Compared to request blocking, which prevents certain elements from making requests, page code filtering directly strips out parts of the code, preventing ads from even making requests.

  • CSS Injection and Javascript: Some ads are dynamically inserted into webpages via JavaScript without needing to request external resources. In this case, the first two methods become ineffective, requiring additional operations. AdGuard thoroughly removes such ads by adjusting CSS and JavaScript.

The first method is quite common, while the latter two can only be implemented on the client side due to browser plugin limitations. We will discuss HTTPS filtering in detail later.

# Properly Configure AdGuard#

Although AdGuard is a paid application, it is not just about paying for services. To unleash the full power of AdGuard, proper configuration is necessary. Here, I will take the desktop version as an example to introduce some of AdGuard's features and provide a practical example of how I use AdGuard to ensure a good internet experience and protect privacy, hoping it can help you.

The AdGuard team is still actively developing, and the AdGuard software/plugin is rapidly iterating. The content mentioned in this article has a certain timeliness, and the final reference should be the AdGuard KnowledgeBase.

# Select Appropriate Blocking Rules#

image

In most cases, blocking rules are the core of ad-blocking tools. In AdGuard, blocking rules are referred to as ad blockers, which not only block ads but also can block trackers, social media plugins, annoying pop-ups, etc. However, it is important to note that while blocking certain elements from loading theoretically speeds up page loading, if too many rules are set, a large number of comparisons must be made each time, which may backfire. Here, select as needed.

The default blockers enabled in AdGuard are few; here I have enabled:

  • Ad blocking

  • AdGuard Base Filter

  • EasyList

  • Privacy

  • AdGuard Anti-Tracking Protection Filter

  • EasyPrivacy

  • Social Plugins

  • AdGuard Social Media Filter

  • Fanboy’s Social Blocking List (included in Fanboy’s Annoyances)

  • Annoying

  • AdGuard Annoying Ads Filter

  • Fanboy’s Annoyances

  • Specific Language

  • AdGuard Chinese Filter

  • EasyList China

Of course, even so, there may still be "missed cases," which can be manually handled using "Extensions > AdGuard Extra."

# Stealth Mode Fully Protects Privacy#

Filters can already intercept some trackers, but stealth mode is the "big move" specifically aimed at protecting privacy. Although filters can intercept most web trackers, as mentioned earlier, the act of "requesting a webpage" itself has already leaked a lot of information. Stealth mode helps protect this personal sensitive information step by step.

# General#

First, there are four general options that can initially block some tracking:

image

Hide Your Search History will hide your query history when using a search engine to access a website, making it difficult for the website to know which search engine you used.

Send "Do Not Track" Requests: AdGuard sends a "Do Not Track" request along with the webpage request. Some browsers also have this feature, but even if a request is made not to track, it ultimately depends on the website's willingness.

Remove X-Client-Data Header from HTTP Requests: When requesting any Google-related webpage (including Double Click and Google Analyze) using Chrome, the browser will transmit browser information and other data to Google. Removing the X-Client-Data header from HTTP requests is aimed at intercepting this data.

Strip Tracking Parameters from URLs will strip tracking parameters from URLs, which can help avoid cross-site tracking. It also allows manual configuration of tracking parameters for custom blocking.

# Tracking Methods#

Next, in tracking methods, you can limit how common websites track you:

image

Self-Destruct Third-Party Cookies: Cookies are typically used to store user login information. Third-party cookies refer to cookies not generated by the current page. Even if the website generating the cookie behaves properly, this cookie may be misused if obtained by other websites. Compared to blocking third-party cookies, self-destructing third-party cookies will not cause third-party logins to fail (most third-party logins are authorized through cookies or authorization headers). Here, I have set the timeout for third-party cookies to 4 hours.

Self-Destruct First-Party Cookies: Similar to the previous one, but enabling this means that after timing out on the same website, you will need to log in again. This brings unnecessary hassle, so I keep it disabled.

Prevent Caching of Third-Party Requests: Some websites may add electronic tags (e-tags) when loading pages. As long as the cache is not cleared, these tags may be sent to the server with the next request, potentially leaking which websites have been visited.

Intercept Third-Party Authorization Headers: Authorization headers are mainly used for login authorization, but they can also be used for tracking. If authorization headers are sent using unencrypted HTTP, it may lead to the leakage of keys and other important information. However, intercepting them may cause some applications or plugins to malfunction.

# Browser API#

This option only affects the browser and does not impact other applications. Here, you can disable certain browser APIs that pose security risks.

image

Intercept WebRTC: WebRTC is a real-time communication protocol, but it may leak the real IP address by bypassing the proxy. Disabling it may affect the normal use of Google Voice (especially the web version).

Intercept Push API and Intercept Location API: These two APIs are used to manage browser push notifications and location services, respectively. Since I rarely use maps on the desktop and do not need browser push notifications at all, I completely disable these two options.

Intercept Flash and Intercept Java: With the evolution of front-end technology, almost all websites have removed dependencies on Flash/Java. Additionally, Flash/Java has many serious security vulnerabilities, and in 2020, browsers should not continue to support them.

# Miscellaneous#

These options must be included in requests and cannot be disabled, but they can be forged.

image

Hide Your Third-Party Referrer can hide where you jumped from. The third-party referrer I use is https://www.bing.com.

Hide Your User-Agent: The User-Agent is also included in the webpage request header, which exposes information about the browser and operating system you are using. It is recommended to enable this option to use default substitute information.

Hide Your IP: Since I always use a proxy, this option seems to have little effect, so I have turned it off.

Additionally, there are some items in the extensions and advanced settings worth noting. For example, AdGuard Extra and using redirect-driven mode are additional features I have enabled.

# Mobile Compatibility with Proxy and HTTPS Filtering#

The mobile configuration options are similar to those on the desktop, so I won't elaborate further. It is important to note that to achieve deeper ad blocking, most ad-blocking tools require the use of a system proxy. If you already need to use a network proxy, it can be quite troublesome. AdGuard specifically supports forwarding to a local proxy, which is one of the aspects that best meets my needs.

# Compatible with Clash Network Proxy#

The network proxy tool I chose is Clash For Android, which supports enabling a local proxy without occupying the system proxy and exposes and listens to the DNS port internally.

If your proxy service provider does not support Clash subscriptions or the Clash configuration does not include DNS configuration, you may need to use public APIs to organize the Clash configuration file.

# Use API to Organize Clash Configuration File#

Based on the subconverter project, you can conveniently organize Clash configuration files using many public APIs. Specifically, you can use the public API provided by subconverter author TindyX to directly convert subscriptions into Clash configuration files with AdGuard DNS.

Please ensure that the Clash configuration file contains at least the following content:

port: 7890
socks-port: 7891
dns:
 enable: true
 ipv6: false
 listen: 127.0.0.1:5450
 enhanced-mode: redir-host
 default-nameserver:
    - 119.29.29.29
    - 119.28.28.28
    - 1.0.0.1
    - 208.67.222.222
    - 1.2.4.8
  nameserver:
    - https://dns.alidns.com/dns-query
    - https://1.1.1.1/dns-query
    - tls://dns.adguard.com:853

Among them, the default DNS listening port (dns.listen) is 5450, the default HTTP proxy port (port) is 7890, and the default SOCKS5 proxy port (socks-port) is 7891. These parameters will be needed for configuration later.

# AdGuard Configure Clash Forwarding Rules#

First, in "AdGuard > Sidebar > Application Management," turn off routing application traffic through AdGuard for Clash For Android.

image

Next, after importing the Clash configuration into Clash For Android, go to "Settings > Network" and turn off "Automatically Route System Traffic" to disable Clash For Android's VPN mode. Then enable the proxy function in Clash For Android.

image

Then go to "AdGuard > Sidebar > Settings > DNS > Select DNS Server" and at the bottom, "Add Custom DNS Server." You can name it anything, and enter the address 127.0.0.1:5450 (depending on the previously configured dns.listen parameter).

image

Return to "Settings," continue to click "Network > Proxy," and at the bottom, "+ Add Proxy." You can name it anything, select HTTP (or SOCKS5), enter the address 127.0.0.1, and the port 7890 (or 7891). After configuring, click "Save and Select" and turn on the proxy switch above.

image

Then return to "Network," continue to click "Filtering Method," and select "Local VPN." After that, return to the main interface, turn on the main switch, and you can enjoy AdGuard protecting your privacy without affecting the original proxy.

# Install Certificate for HTTPS Filtering#

AdGuard supports filtering some code before the page loads, but HTTPS encryption prevents AdGuard from obtaining specific content before loading, making filtering impossible. AdGuard decrypts traffic by installing certificates (Surge/QuantimultX also uses a similar approach for filtering), but apps targeting API 24 (Android 7.0) and above no longer recognize user certificates.

For users who have flashed Magisk, you can use Move Certificates to convert the certificates into system certificates, allowing AdGuard's HTTPS filtering to work for all apps.

image This should be the only action in the entire article that requires root access.

AdGuard always works for almost all applications, which can waste performance. For some system apps (like phone, messaging, etc.) and apps that definitely won't have ads, you might consider turning off AdGuard filtering.

# Follow-Up#

Upon careful consideration, what is the rationale for the paid nature of AdGuard as an ad-blocking tool? Why not directly pay a certain fee to the author to make them stop displaying ads, but instead choose to pay for an ad-blocking tool, leaving the author without reasonable (and perhaps some unreasonable) income? Moreover, the functionality of ad-blocking tools will quickly saturate, and the framework will gradually stabilize. What truly keeps ad-blocking tools alive may be those individual rules.

However, this does not negate AdGuard's contributions. Even if it is not the oldest, even if it still has shortcomings.

In my view, ad blocking is just one aspect of AdGuard, and it is not the most important aspect. "Guard" — the emphasis on protecting one's privacy and not compromising it seems to be the main theme it wishes to convey. When a significant portion of users are indifferent to their privacy, believing that ordinary people do not need to put effort into privacy, does this contribute to certain inappropriate behaviors to some extent?

Perhaps AdGuard was not the first to implement these features, but it has certainly done an outstanding job. It is the first one that made me willing to keep it running 24/7 alongside network proxy tools, the first one that made me...

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.