Apple Cracking Down on VPN-Based Ad Blockers That Work in Third-Party Apps - What will AdGuard do ?

[Benny]

It's not vague, in past cases Apple dealt with heavy hand on devs who bent/failed to latter comply with the rules. You need to understand that even this "downgraded" version(1.3.0) still uses the "fake" VPN method*. Based on section 4.2.1 of the App Store Review Guidelines, which says that APIs and frameworks should be used for their intended purposes, it’s likely that Apple doesn’t see DNS override/adblocking as the “intended purpose” of VPN certificates.

*(to enforce the chosen DNS servers system wide on both WiFi and Cellular Data, which still allows the use of DNS servers that effectively block ads in apps)

Those cases of heavy dealing from Apple were nowhere similar to the current situation of Apple changing the rules midstream on a host of products with paying customers.

This still comes down to taking value away from your paying customers based on an unfounded fear. Apple's strong responses have *always* been in reaction to devs hiding functionality in apps (the early hotspot activation apps, e.g., that posed as games) or similar attempts to get around existing rules. This is a very different case.

Again, just pleading the case for Adguard to take their time on this decision instead of rushing out something that can't be undone. You can always do an update later.

 

[v1597psh]

You should be routed to the US servers automatically, AG DNS uses Anycast.



That were the reasons why we will update the old app and not publish a new one, so you don't need to pay for anything.

I would rather stay on the old version of app and no longer update to the new version. But the best way for you to do so, I think, is to remove the old version from the App Store and publish a new one but keeping the old version in Purchased tab for old users who bought the app before and no longer wish to update.

The main benefit for old users will be app not showing up in the Updates section as I really don't wanna turn off the Automatic Updates feature. And most users bought Adguard Pro for system-wide blocking. 90% of the 1.3.0 version is available in Lite Version of Adguard anyway.

P.S. If I get a refund, will it stop showing me the updates in the App Store?

 

[Bastet]

BTW guys, in this 1.3.0 version will you keep the system wide whitelisting/blacklisting capabilities? I am asking because I use the blacklist to add the Apple domain responsible for the OTA update verification(mesu.apple.com) and avoid the automatic download of the OTA.

I'd like to know too as I have videos on the virginmedia forum blacklisted.
Further question will the ability remain to click on the AG icon in the browser then choose to block elements like this?

 

[paul]

Is update being released today ?

 

[paul]

Working perfect for me great job on the new app. It's blocking all ads even on apps thank you

 

[AudigyMaster]

I can confirm that the whitelist/blacklist capabilities are still present.

There is just one little issue, the domains listed in the white/blacklist are not enforced if you keep the system's default DNS, only after you select other DNS. Is there any possibility to keep the domains of those lists enforced even using only the default DNS?

Thanks!

 

[Polymers]

As best as I can tell, it's doing the same great job as with the last version. (I was using the Adguard Default DNS setting when I upgraded. It kept that setting in going to the new version.)

Well, now I noticed that I can't change over to "System Default" for some reason.

 

[DavidCMC]

So, being able to put custom DNS on cellular data is the only PRO feature now?

 

[Bastet]

I personally can't tell that there's been any change as the app is functioning as perfectly as it did before. Well done to the devs.

 

[user3]

So, being able to put custom DNS on cellular data is the only PRO feature now?

That's actually not an entirely simple task to accomplish. The only other app to offer the ability to use custom DNS on cellular charges *per DNS*. It makes you pay for *any* name server you may want, including some noticeable absurdities such as google public (data miners) & OpenNIC *which is a volunteer run non profit* for which I contribute to as time permits. It was infuriating to see them charging for OpenNIC's name servers --- and they're not even choosing what's best for the user (too much to get into here but what I saw them offering were not ideal for my location).

 

[AudigyMaster]

There's DNSoverride, from the Futuremind guys. It uses the same fake VPN method to enforce system wide DNS servers. It even updates your IP if you use a custom configuration on OpenDNS.

 

[user3]

There's DNSoverride, from the Futuremind guys. It uses the same fake VPN method to enforce system wide DNS servers. It even updates your IP if you use a custom configuration on OpenDNS.

I wasn't going to give them the ad space by mentioning the app name. But since you've done it, yes, that's the one to which I was referring. Can anyone honestly in good faith pay not only to unlock 2 separate "features" - 1.99$USD apiece - inside that "free" app to *only unlock access to one or >possibly both< "features" to use via *PUBLIC name servers*? On top of that, dig through the app some more, and you'll find that before you can even unlock the VPN to use, you have to first have a subscription to one of the servers they offer access to via their (cr)APP. Plus of course paying the 2-4$USD to unlock access to use the subscription, depending on which "freemium features" you want to use with whatever VPN you want to pay to subscribe to among the ones they allow you to access.

 

[user3]

I wasn't going to give them the ad space by mentioning the app name. But since you've done it, yes, that's the one to which I was referring. Can anyone honestly in good faith pay not only to unlock 2 separate "features" - 1.99$USD apiece - inside that "free" app to *only unlock access to one or >possibly both< "features" to use via *PUBLIC name servers*? On top of that, dig through the app some more, and you'll find that before you can even unlock the VPN to use, you have to first have a subscription to one of the servers they offer access to via their (cr)APP. Plus of course paying the 2-4$USD to unlock access to use the subscription, depending on which "freemium features" you want to use with whatever VPN you want to pay to subscribe to among the ones they allow you to access.

In closing, I'd like to offer OpenNIC's Declaration of Independence for all to read so that my outrage at the app you named may be better understood.

"Declaration Of Independence

When in the Course of human events it becomes necessary for one network to dissolve the political tubes which have connected them with ICANN and to assume among the powers of cyberspace, the separate and equal station to which the Laws of Internet and Internet's Servers entitle them, a decent respect to the opinions of the Internet Community requires that they should declare the causes which impel them to the separation.

We hold these truths to be self-evident, that all users are created equal, that they are endowed by their Providers with certain unalienable Rights, that among these are DNS, E-mail and the pursuit of Websites. – That to secure these rights, Servers are instituted among Sysops, deriving their just powers from the consent of their users, – That whenever any Form of Domain Name Service becomes destructive of these ends, it is the Right of the People to quit using it, and to institute new Nameservers, laying their foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety from Spam and Freedom from Corporations. Prudence, indeed, will dictate that IP Addresses long established should not be changed for light and transient causes; and accordingly all experience hath shewn, that users are more disposed to suffer, while registrars are sufferable, than to right themselves by abolishing the forms to which they are accustomed. But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide a new NIC for their future nameservice. – Such has been the patient sufferance of the Internet Community; and such is now the necessity which constrains them to alter their former Systems of DNS. The history of the present Corporations is a history of repeated injuries and usurpations, all having in direct object the establishment of an absolute Tyranny over these Users. To prove this, let Facts be submitted to a candid world.

We, therefore, the Representatives of the OpenNIC, in General Congress, Assembled, appealing to the Supreme Judge of the Internet for the rectitude of our intentions, do, in the Name, and by Authority of the good People of these Networks, solemnly publish and declare, That these Networks are, and of Right ought to be Free and Independent Domains; that they are Absolved from all Allegiance to the Corporate World, and that all political connection between them and the Root of Not-So-Great ICANN, is and ought to be totally dissolved; and that as Free and Independent Domains, they have full Power to host Websites, send E-mail, form IRC Networks, establish Newsgroups, and to do all other Acts and Things which Independent Domains may of right do. And for the support of this Declaration, with a firm reliance on the protection of Internet Providence, we mutually pledge to each other our Domains, our Hostnames and our sacred Servers."

https://wiki.opennic.org/declaration_of_independence

 

[AudigyMaster]

I wasn't going to give them the ad space by mentioning the app name. But since you've done it, yes, that's the one to which I was referring. Can anyone honestly in good faith pay not only to unlock 2 separate "features" - 1.99$USD apiece - inside that "free" app to *only unlock access to one or >possibly both< "features" to use via *PUBLIC name servers*? On top of that, dig through the app some more, and you'll find that before you can even unlock the VPN to use, you have to first have a subscription to one of the servers they offer access to via their (cr)APP. Plus of course paying the 2-4$USD to unlock access to use the subscription, depending on which "freemium features" you want to use with whatever VPN you want to pay to subscribe to among the ones they allow you to access.

I think you are misunderstanding the way the app works. You pay 1.99 once to be able to enforce ANY DNS servers system wide(WiFi + Cellular), similar to Adguard Pro(vs Adguard free that doesn't provide that feature). The extra 1.99 are for the IP update functionality, only useful if you have a custom profile configured in OpenDNS(and a few others). There is a list with suggested DNS servers, most of them free. There are some of them that extend their features by requiring a subscription, which is defined by their independent conditions, not by the app. You can also add custom DNS servers like Adguard DNS.

I know this because I use the the app.

 

[user3]

I think you are misunderstanding the way the app works. You pay 1.99 once to be able to enforce ANY DNS servers system wide(WiFi + Cellular), similar to Adguard Pro(vs Adguard free that doesn't provide that feature). The extra 1.99 are for the IP update functionality, only useful if you have a custom profile configured in OpenDNS(and a few others). There is a list with suggested DNS servers, most of them free. There are some of them that extend their features by requiring a subscription, which is defined by their independent conditions, not by the app. You can also add custom DNS servers like Adguard DNS.

I know this because I use the the app.

While I certainly appreciate that you have the app (as do I but only for it's DNS leak testing, which is free), please know that I do understand exactly what & how it functions. I'm a volunteer @ OpenNIC (to avoid confusion, it is most definitely *not* OpenDNS. There is nothing open about the centralized corporate name servers they offer. Read the fine print - your data is mined. I'm offering that information not to AudigyMaster but to anyone out there actually interested in that sort of knowledge).
I have an in depth understanding of the inner workings of all of what you and I are apparently now discussing. You've decontextualized my statements, which can be fine to do if the original context in its entirety isn't lost pre & post reply/ies - that is, either on you or on anyone reading it/them. I stand by everything I've written. I'll go further and post photos from your own site... the corporation's site, rather... that prove it's useless to most people who think they can override their cellular carrier's settings by using the app.

 

[AudigyMaster]

While I certainly appreciate that you have the app (as do I but only for it's DNS leak testing, which is free), please know that I do understand exactly what & how it functions. I'm a volunteer @ OpenNIC (to avoid confusion, it is most definitely *not* OpenDNS. There is nothing open about the centralized corporate name servers they offer. Read the fine print - your data is mined. I'm offering that information not to AudigyMaster but to anyone out there actually interested in that sort of knowledge).
I have an in depth understanding of the inner workings of all of what you and I are apparently now discussing. You've decontextualized my statements, which can be fine to do if the original context in its entirety isn't lost pre & post reply/ies - that is, either on you or on anyone reading it/them. I stand by everything I've written. I'll go further and post photos from your own site... the corporation's site, rather... that prove it's useless to most people who think they can override their cellular carrier's settings by using the app.

Adding DNS hijacking into the mix is not a true argument regarding whatever you are trying to prove, iOS does not allow port randomization(other than 53 for DNS) and does not support DNSCrypt without jailbreak. That said, in iOS, every software that attempts to tamper with the default DNS servers is exposed to DNS hijacking/tampering by the ISP/captive portals(true for both these apps, DNSOverride and Adguard Pro), unless a true VPN connection is in use and all the traffic is routed through it. The weak DNS protocol is to blame here, making possible man-in-the-middle attacks and tampering, not the apps.

Regarding the data mining, here we discuss these apps and their methods that make ad blocking system wide possible, not DNS providers and their caveats(which have nothing to do with these apps).

 

[user3]

Adding DNS hijacking into the mix is not a true argument regarding whatever you are trying to prove, iOS does not allow port randomization(other than 53 for DNS) and does not support DNSCrypt without jailbreak. That said, in iOS, every software that attempts to tamper with the default DNS servers is exposed to DNS hijacking/tampering by the ISP/captive portals(true for both these apps, DNSOverride and Adguard Pro), unless a true VPN connection is in use and all the traffic is routed through it. The weak DNS protocol is to blame here, making possible man-in-the-middle attacks and tampering, not the apps.

Regarding the data mining, here we discuss these apps and their methods that make ad blocking system wide possible, not DNS providers and their caveats(which have nothing to do with these apps).

First of all, this non-debate has grown fully tiresome. It ends here.

Seeing that you've not even basic understandings of - DNS hijacking (ISP providers' wifi vs cellular carriers' networks), DNS servers (alternate non-centralized NICs vs ICANN; the methods used by certain servers within these non-centralized networks to bypass an ISP's DNS completely so that no hijacking can take place regardless if using the standard DNS port :53 or not; that some of the volunteers do open their servers to listen on ports other than :53 (443, e.g.) for their A & AAAA servers); that you can actually connect to these severs (non-DNSCrypt) extremely easily in no more than a few minutes; and that many of the volunteers run zero logging servers- logging is turned completely off); MITM attacks & what you term "tampering" (tampering with what? How? Why? Effects? Are you able to produce a MITM attack via certain pen testing tools?), listening via wireless & certain weak VPN protcals (Can you produce logs of wireless packets? Do you understand what they are? Are you able to join a "private" wireless network without having "actual" access to it? Do you even understand how to begin to attempt these white hat hacks to actually understand the words you're throwing around like you're trying to fit in at DefCon?), DNSCrypt's limitations even on Android OS despite the enormous outpouring of it available in the allow-most-everything Oogle Store (misspelling intentional) - nor the very fact that DNS hijacking HAS EVERYTHING to do with the post I previously made to presumably END YOUR MARKETING of an App that is USELESS to all but the most lazy of people who can't be bothered to change their default wifi settings to use name servers other than the data mining ones provided to them by their respective ISPs. The corporation behind this cr(app) is literally lying to everyone within said corporation's largest overall consumer base (per unit of currency it steals from those unsuspecting consumer-victims). Are you going to ignore this fact and the fact that only after receiving who knows how many complaints from the victims who handed over their money to a lying corporation concerned only with their shareholders wallets did it post the very chart I posted screenshots of in my previous reply to you, the pusher of this cr(app)? Bottom line us this: It DOES NOT WORK over cellular networks in the United States! It only works in the devs' home country of Poland & a certain few cellular providers in countries that make up a minority of its consumer base. It DOES NOT advertise this fact in the App Store. The people who buy it are told it's not their app it's DNS hijacking (which is not the actual problem, it's carriers locking the APN settings so people who've no idea what their doing don't go and destroy their ability to connect to a cellular network) and are told to request a refund from Apple. That is, those who even bother to request a refund , thereby allowing the corporation to earn money on snake oil.


I'm glad you destroyed any last ounce of credibility you had left. But I never expected you to actually prove my own argument for me - and in the very beginning of your reply nonetheless.

That being said, please go do your marketing elsewhere (though I suspect you already are, sadly).

# Adguard is an HONEST group of people who create Open Source software - ANYONE can SEE the coding involved, i.e. the source of the binary we install on our systems.

# The other CORPORATION shills out PROPRIETARY software based on lie after lie - NO ONE is able to (re)view how their binaries function, i.e. NO ONE knows what they are installing on their system until it is too late. That corporation is hyping their new piece of DON'T LOOK BEHIND THE CURTAIN proprietary software in order not to become utterly irrelevant. They went from developing what was actually a useful app (not the one in question) many years ago to the bloated owners of numerous pieces of crappware, all of which has individual websites so no one can connect the dots online without a bit of extra work. Ask yourself why that is. Ask yourself how they can afford multiple dedicated sites when they can't even afford to sell honest software.

 

[AudigyMaster]

I see, you may think that I have anything against you or your personal choices, but I don't. Let's agree that we both disagree in this matter, just that(theres no need for all that unnecessary jargon). At the moment I'm working so I don't have the time to properly reply to you right now so I will make it short.

@user3 please do you mind having a look into this report: https://github.com/AdguardTeam/AdguardForiOS/issues/462

In short and using your logic, Adguard is deceiving people, by not letting them know that the solution used by them on the Pro version(DNS) may not work with specific ISPs. DNSOverride has a blog post on their website stating this issue(the prints you posted), I guess both are being misleading by not stating in the app's descriptions that there are limitations that may impair the functionality of the apps. I don't go as far a stating that their are dishonest, I don't know them that well(maybe you do). I know a few people that are like you, that don't trust in anything thats not opensource. Maybe you should stop using iOS, or almost everything for that matter... There are valid reasons for not disclosing the source code of an application, not everything is evil, but it is in your right to think so. Oh and the US is not the center of the world, there are plenty of network operators outside the US that do not hijack DNS requests. In these past months these apps worked in all my SIM cards(3 UK and Vodafone) with my custom DNS.

 

[user3]

I see, you may think that I have anything against you or your personal choices, but I don't. Let's agree that we both disagree in this matter, just that(theres no need for all that unnecessary jargon). At the moment I'm working so I don't have the time to properly reply to you right now so I will make it short.

@user3 please do you mind having a look into this report: https://github.com/AdguardTeam/AdguardForiOS/issues/462

In short and using your logic, Adguard is deceiving people, by not letting them know that the solution used by them on the Pro version(DNS) may not work with specific ISPs. DNSOverride has a blog post on their website stating this issue(the prints you posted), I guess both are being misleading by not stating in the app's descriptions that there are limitations that may impair the functionality of the apps. I don't go as far a stating that their are dishonest, I don't know them that well(maybe you do). I know a few people that are like you, that don't trust in anything thats not opensource. Maybe you should stop using iOS, or almost everything for that matter... There are valid reasons for not disclosing the source code of an application, not everything is evil, but it is in your right to think so. Oh and the US is not the center of the world, there are plenty of network operators outside the US that do not hijack DNS requests. In these past months these apps worked in all my SIM cards(3 UK and Vodafone) with my custom DNS.

Not at all. You're projecting. Thankfully I can block you.

The issue to which you pointed me on GitHub has your logs from March. That's humorous but irrelevant. If you knew how to set up your own blacklist - hint: there's instructions - and simply put in a little effort to do it, there wouldn't have even been an "issue" (non-issue). What's both humurous and quite relevant is that only very recently have you joined here & (not)contributed to Adguard's GitHub community. This is a sign that only after 1.3.0 became the AppStore's release - ahead of Apple's upcoming change in its VPN usage policy, mind you, which is something no other developers have done. None of them. Only Adguard. Which leads to the issue of honesty. While others are continuing to sell applications that will never be updated, to eventually be removed by Apple from the AppStore, without a moment's hesitation to practice this deception, Adguard's devs came right out in front of the issue & released the version that will be permitted by Apple to be updated, making it sustainable. If you took the time to read the release version's (1.3.0) description in either TestFlight or the AppStore, you'd see what I'll apparently have to show you in the attached photo.

On another note, where you got the U.S. being the center of the world from, I'll never know. If you took the time to actually read what I said it was in relation to the AppStore marketplace in conjunction with that corporation knowingly ripping people off.

FYI, advertising isn't permitted here. I'm surprised you've not been given a warning yet. I guess they're too busy with things that matter, since I've shut you down more times than you care to admit. I.e. You've already been warned.

Time to use the ignore function. Goodbye now...

 

[SergZZZ]

So I am trying to keep my older version of AdGuard v1.2.1 and today system wide adblocking stoped working, is this normal? How can it just stop working after working for months? I feel as if something got disabled somewhere.