Can AdGuard see my passwords?

ag_bug_finder · Feb 3, 2019

I use the HTTPS filtering feature, which means that AdGuard's own certificate is used to help in HTTPS filtering.

My question is, say if I log into my Bank or Gmail, can AdGuard see my password since I've given access to use its own certificate or for any other reason?

Fr9Tcm · Feb 4, 2019

They filter urls not what you type.

Boo Berry · Feb 4, 2019

Regardless of AG product being used (Windows, Mac or Android) all filtering is done locally on the PC, Mac or mobile device, and nothing is being sent to AdGuard or anyone else.

BTW, bank domains are constantly being added to the HTTPS exclusions list, so if you post the URLs to your bank(s) the devs can add those to the HTTPS exclusions list.

ag_bug_finder · Feb 5, 2019

Boo Berry said:
Regardless of AG product being used (Windows, Mac or Android) all filtering is done locally on the PC, Mac or mobile device, and nothing is being sent to AdGuard or anyone else.

BTW, bank domains are constantly being added to the HTTPS exclusions list, so if you post the URLs to your bank(s) the devs can add those to the HTTPS exclusions list.

Regardless of whether anything is being sent out or not, or whether banks are added to HTTPS exclusions list or not, can AdGuard see the paswords?

myMoon · Feb 5, 2019

@ag_bug_finder

Hello!

All the answers you can find in this article.

Sunshine-boy · Feb 5, 2019

Yes, AG can see your passwords (but don't transfer them to AG servers). it's about trust. You should ask the same question from your antivirus.
Even your browser can spy on you(especially those that have builtin translator like google chrome or Yandex browser)but you have to trust them.

ag_bug_finder · Feb 5, 2019

I see. Its good to know these things.

Please take a look at the screenshot here: https://imgur.com/a/IDGDeEq

Now, you can see that

Code:

AdGuard Base filter: @@||nab.com.au^$document

is shown.
If something is whitelisted, will it go through the HTTPS filter and be filtered?

I have seen this in the exclusions:

Code:

nab.com.au

however, the actual page is https://ib.nab.com.au so should that also be added to the HTTPS exclusions list?

Also, if something is in the exclusion list, should it show up on in the Filtering Log?

However, having both a whitelist entry and exclusion listing, which does it follow?
I mean, it can either be whitelisted or can be excluded in HTTPS, but not both at the same time right?

avatar · Feb 5, 2019

ag_bug_finder said:
If something is whitelisted, will it go through the HTTPS filter?

Yes, it will.

For the HTTPS exclusions we have a separate repo:
https://github.com/AdguardTeam/HttpsExclusions

ag_bug_finder said:
Also, if something is in the exclusion list, should it show up on in the Filtering Log?

Yes, but the information will be limited. Just the domain name with no other connection details as they cannot be inspected anymore.
Just like on your screenshot with "nab.com.au".

ag_bug_finder said:
I mean, it can either be whitelisted or can be excluded in HTTPS, but not both at the same time right?

Yes, it can, but it makes little sense.

ag_bug_finder · Feb 5, 2019

avatar said:
Yes, it can, but it makes little sense.

Yes, hence my question regarding this rule: AdGuard Base filter:

Code:

AdGuard Base filter: @@||nab.com.au^$document

Its both whitelisted and nab.com.au is also in the exclusion list.

Why does it have both entries?

Also, do you want to add

Code:

https://ib.nab.com.au

to the banking exclusions list?

Can AdGuard see my passwords?

ag_bug_finder

Beta Tester

Fr9Tcm

New Member

Boo Berry

Moderator + Beta Tester

ag_bug_finder

Beta Tester

myMoon

Guest

Sunshine-boy

New Member

ag_bug_finder

Beta Tester

avatar

Administrator

ag_bug_finder

Beta Tester