I have adblock configured with the following lists:
list adb_sources 'adguard'
list adb_sources 'adguard_tracking'
list adb_sources 'disconnect'
list adb_sources 'openphish'
list adb_sources 'phishing_army'
list adb_sources 'yoyo'
Until recently, it was blocking nicely the sponsored results of google.
I have noticed it does not block them anymore.
Is it because google changed its domain name to serve them from ads.google.com to google.com/aclk ?
Or is it because something changed with adblock lists?
Yes, it seems SSL MitM is the only available solution.
According to this forum discussion, @timur.davletshin seems to indicate that this is not doable on OpenWrt though, as the compile flags are not set to allow it?
I see. Importing self-signed certs on the clients is not a problem in my specific case.
@timur.davletshin thanks for the pointer regarding recompiling privoxy. Generally speaking, I prefer not to recompile things myself, because then I am out of the opkg world, and it's higher maintenance when I will want to upgrade.
However, it seems there are no opkg software that allows this right now. It feels like a big oversight, as SSL MITM is a fairly common ask. OpenWrt is otherwise excellent, so hopefully the maintainers will incorporate that at some point.
Do you feel privoxy is an easier path than using privaxy or squid-cache?
PrivAxy is the easiest way to get the result but it is bulky and, I'm afraid, will not run on most routers (AFAIR there was NOGUI version). PrivOxy is slim and well-tested on the other hand but requires recompilation and blocklist conversion.
last time I checked there was no info on how to compile PrivAxy, and if your plattform doesn't get the precompiled binaries, it's a pretty steep climb.
+1. squid is well proven and supported, but not easy to set up. Custom compile of squid required, to include certain options and to drop redundant features, i.g. caching. Because of difficult setup, I recommend first to do a compile/ install on regular LINUX for testing.
Note, however, that even this method does not work in all cases, i.e. because of pinned certificates.
Now some people might begin to notice, why google REALLY was more or less forcing usage of https: Not to allow simple ad blocking.
I think the better available solution is to block this client side.
Install a web browser that obeys filters added by extensions (Firefox), and then the uBlock Origin addon. Defaults are fine, but you may check the "filter lists" tab in the settings to see if you are interested in some of those that are not enabled by default.
Dont forget that an MITM proxy - I believe - will need a lot of CPU power to be able to serve requests if your internet service speed is not very slow, so it probably wouldn't run fine on an average router anyways.