pls add option to set *external* proxy (disabling filtering on Android device itself)

Discussion in 'Feature Requests (AdGuard for Android)' started by Dolfi, Nov 29, 2014.

  1. Dolfi

    Dolfi Banned

    Joined:
    Nov 21, 2014
    Messages:
    218
    Hi,

    in todays implementation AdGuard completely disables application level firewalls like AFWall.
    I see this as a huge privacy loss as I only can decide now to allow all apps intenet access or none, i.e. if I want to surf or email I have to give the torch app access to the internet (to phone home).

    But you appear to have found a way to (automatically, systemwide) setup a proxy all apps do use.
    Couldn't you please add the option to specify an IP address (besides the port specification)? If specified AG would not filter anything (saving CPU cycles and battery) but just set that proxy (preferably optional SOCKS5 ;) ).
    One set up his home AG to be that proxy and had better filtering (more lists, see the request for hebrew), less device work load and way higher privacy.

    Thank you,
    Dolfi
     
  2. avatar

    avatar Administrator Staff Member Administrator

    Joined:
    Oct 26, 2010
    Messages:
    12,891
    But what's wrong with setting a system-wide proxy in Android Wi-Fi connection settings?
     
  3. Dolfi

    Dolfi Banned

    Joined:
    Nov 21, 2014
    Messages:
    218
    - works only per WLAN (quite like iOS), so requires manual setup each and every time a new WLAN is connected to
    - does not work on 2/3/4G
    - AFAIK the Android WLAN proxy settings only works for some apps (like browsers), not for all apps.
     
  4. avatar

    avatar Administrator Staff Member Administrator

    Joined:
    Oct 26, 2010
    Messages:
    12,891
  5. Dolfi

    Dolfi Banned

    Joined:
    Nov 21, 2014
    Messages:
    218
    but isn't that exactly what AG already does (it just sets the proxy to 127.0.0.1:8080 or such)? How else would you setup your HTTP proxy "(ROOT required)"?
    I'll have look at ProxyDroid though, thanks for the link.
     
  6. avatar

    avatar Administrator Staff Member Administrator

    Joined:
    Oct 26, 2010
    Messages:
    12,891
    It redirects traffic with iptables, I think this is the same thing ProxyDroid does.
     
  7. Dolfi

    Dolfi Banned

    Joined:
    Nov 21, 2014
    Messages:
    218
    you see? If you just added a few lines of code I could put my dearly paid (remember our PMs, avatar? ;)) Android license to good use. And anyone elso could use application level firewalls and AdGuard adblocking at once on an Android.
    I even wrote the HowTo for it. Deal?
     
  8. avatar

    avatar Administrator Staff Member Administrator

    Joined:
    Oct 26, 2010
    Messages:
    12,891
    Heh, I'll think about it, special version featured by Dolfi:)

    But look at existing solutions first, don't want to invent bicycle.
     
  9. Dolfi

    Dolfi Banned

    Joined:
    Nov 21, 2014
    Messages:
    218
    For gods sake NO! :eek:
    No special version for Dolfi, one for all users who want enhanced filtering w/o battery usage and CPU cycles.
    What could be better at home than to use the local AG proxy with many more features and lists? And the Win version will almost certainly always be ahead of the Android version, won't it?
    + it's way easier to write own code
    + extensions* available
    + that you were paid right for your work by selling 2 instead of 1 license
    + ...


    * not hair extensions ;)
     
  10. avatar

    avatar Administrator Staff Member Administrator

    Joined:
    Oct 26, 2010
    Messages:
    12,891
    This situation is not so popular.

    You see, mobile devices are "mobile", lots of users looking for working solution which will work anywhere, not at home only.
    It just does not seem right to me to make this "proxy redirect" feature when there is are working solutions already.

    About this "home filter", have you seen AdTrap? Just asking what you think about all this router-filtering thing.
     
  11. Dolfi

    Dolfi Banned

    Joined:
    Nov 21, 2014
    Messages:
    218
    My solution works world wide. It's just a dealing between safety/security and effort (i.e. VPN to my home, AG/AM/PrivacyProxy there).

    What would that working solution be? Your AG4Android isn't as it's exposing my whole device to ruthless app vendors.

    Have you seen AdMuncher 10/8/5 yr ago? Way ahead of time, HTTPS filtering "soon" etc.
    AdTrap has just promises, no demo (set your browser to proxy XYZ to test), no nothing
    AdTrap has no business model (selling a device "with updates" for 160$ w/o any EULA or such is ridiculous. How long will I get updates w/o additional payment? 1y? 2? "lifetime"? What will be the payment? How can I make sure they're not invalidating their device from remote?).
    Besides I strongly dislike blackboxes in general. Most are heavily overpriced, not scalable (w/o exchanging hardware) etc. pp.
    I rather use sth like IPFire with AG/AM/PP as upstream proxy (upstream proxy not necessary with IPFire anymore for ads but for removing unwanted "good" content and added privacy).

    ---------- Post added at 01:09 PM ---------- Previous post was at 12:56 PM ----------

    see http://forums.getadtrap.com/forums/viewtopic.php?f=8&t=2734&start=10#p11099 and the following post.
    They appear AdMuncher like folks, as guessed.

    (I know, I am sooooo negativ)

    edit: Greatest about their "workaround": If you face a site doing redirect HTTP->HTTPS you'll be trapped in a loop I guess.
     
    Last edited by a moderator: Dec 3, 2014
  12. avatar

    avatar Administrator Staff Member Administrator

    Joined:
    Oct 26, 2010
    Messages:
    12,891
    Do you realize how few ppl can setup the infrastructure like this?

    I was talking about existing proxifiers: ProxyDroid, SSH Tunnel (it's tricky, you'll have to do some routing on the host machine).

    I don't ask about AdTrap as a company. I ask what you think about the idea of "hardware blocker".
     
  13. Dolfi

    Dolfi Banned

    Joined:
    Nov 21, 2014
    Messages:
    218
    Anyone /w a router that supports port forwarding can. VPN is not a must, uncommon ports are almost as safe (I operate almost anything (except SMTP and HTTP) on uncommon ports, no DOS, no bruteforce ever!! (4yr!))
    I'll investigate further. SSHTunnel is not proxifier BTW.
    I answered that as well (code, so it's not mistaken as a citation of you):
    Code:
    I strongly dislike blackboxes in general. Most are heavily overpriced, not scalable (w/o exchanging hardware) etc. pp.
    I rather use sth like [URL="http://www.ipfire.org/features"]IPFire[/URL]  with AG/AM/PP as upstream proxy (upstream proxy not necessary with  IPFire anymore for ads but for removing unwanted "good" content and  added privacy).[COLOR=Silver]
    [/COLOR]
    BTW. IPFire is an (almost) fool-proof firewall distro /w tons of useful features. From home use to midsized business.
     
  14. avatar

    avatar Administrator Staff Member Administrator

    Joined:
    Oct 26, 2010
    Messages:
    12,891
    I don't mean technical possibility. I mean who has enough knowledge and time for this.

    It's not but you can use it for this.
     
  15. Dolfi

    Dolfi Banned

    Joined:
    Nov 21, 2014
    Messages:
    218
    Anyone who used your trial, read a magnificient HowTo and loves you for this great advantage.
    Pays your Porsches then (except you're a Landrover guy) ;)
     
  16. Dolfi

    Dolfi Banned

    Joined:
    Nov 21, 2014
    Messages:
    218
    To be more precise: All appliances I ever "cracked" (actually just opened and mounted the disk in a Linux live system) were plain *nix-es with plain free software plus a very few additions (most for protection). Often with outdated (i.e. security vulnerable software: Greatest find ever was a very expensive SSL-VPN-appliance running the logon site (i.e. world wide accessible, easy to find through Google as some elements on that page could not be hidden) on a 10yr old Apache!!!) software putting my networks to additional risk.
    BTW: Most of them could be easily transferred to VMW-machines (sometimes MAC tuning was necessary as the license was bound to that,sometimes a bit fine tuning). ;)

    That AdTrap will most probably be the same: a normal/transparent proxy and some squidguard (they do not even write about adding virus protection - understandable as that requires mentionable amounts of extra processor power and RAM).
    What worries me way more: The device appears to use "advanced" techniques tweaking the customers network to reroute all traffic through the device* which I strongly dislike. It's not the bloody job of a bloody vendor to manipulate my network (and risk strange behavior I have to find and fix/circumvent).


    IPFire in the opposite is free though way more versatile (like firewall, VPN server&client, AV, content selection (like removing ads), + + + +) and can be run in a VM or on a Raspberry or any dedicated machine /w 2 interfaces (and preferably low power consumption).
    IPFire has the webinterface for dummies (or plain, normal config) but still makes the root shell available for advanced configs (like special routings, virtual networks, etc pp).
    So why would a sane person pay 159$ just to get trouble in his network when he can run IPFire for free or pay 159$ for a dedicated hardware and put IPFire on it. Being the owner and not bound to some (yet inexistent) licensing terms?

    Edit: BTW: Never be dazzled by appliances and vendors that won medals or got awards. Most are a plain SCAM where a machine meeting basic standards gets such a medal.

    *"can be used with all-in-one routermodems" vs "It couldn't be easier. You plug AdTrap into the wall. You then connect one network cable from your router to AdTrap. You connect the other network cable to your Cable Modem or DSL modem. You're done. Enjoy!"
     
    Last edited by a moderator: Dec 6, 2014