Adblock not stopping Google Sponsored results anymore

I have adblock configured with the following lists:

	list adb_sources 'adguard'
	list adb_sources 'adguard_tracking'
	list adb_sources 'disconnect'
	list adb_sources 'openphish'
	list adb_sources 'phishing_army'
	list adb_sources 'yoyo'

Until recently, it was blocking nicely the sponsored results of google.

I have noticed it does not block them anymore.

Is it because google changed its domain name to serve them from ads.google.com to google.com/aclk ?

Or is it because something changed with adblock lists?

most probably yes ...

1 Like

Ok. Is there a software in OpenWrt that allows me to block a url path, while allowing the top domain?

So blocking google.com/aclk while allowing google.com ?

Nope, there isn't, AdBlock works on DNS level.

2 Likes

Software there is https://wiki.squid-cache.org/Features/SslBump
But you are on your own setting it up SECURELY

2 Likes

Yes, it seems SSL MitM is the only available solution.

According to this forum discussion, @timur.davletshin seems to indicate that this is not doable on OpenWrt though, as the compile flags are not set to allow it?

https://github.com/Barre/privaxy works, but your clients have to allow the import of self signed certs, and there's no Openwrt package. DIY.

it's discussed in the thread you linked to, too.

2 Likes

Recompiling privOxy package should be the easiest way to achieve the goal. It can analyze URL and its' parameters too.

2 Likes

I see. Importing self-signed certs on the clients is not a problem in my specific case.

@timur.davletshin thanks for the pointer regarding recompiling privoxy. Generally speaking, I prefer not to recompile things myself, because then I am out of the opkg world, and it's higher maintenance when I will want to upgrade.

However, it seems there are no opkg software that allows this right now. It feels like a big oversight, as SSL MITM is a fairly common ask. OpenWrt is otherwise excellent, so hopefully the maintainers will incorporate that at some point.

Do you feel privoxy is an easier path than using privaxy or squid-cache?

PrivAxy is the easiest way to get the result but it is bulky and, I'm afraid, will not run on most routers (AFAIR there was NOGUI version). PrivOxy is slim and well-tested on the other hand but requires recompilation and blocklist conversion.

1 Like

last time I checked there was no info on how to compile PrivAxy, and if your plattform doesn't get the precompiled binaries, it's a pretty steep climb.

1 Like

+1. squid is well proven and supported, but not easy to set up. Custom compile of squid required, to include certain options and to drop redundant features, i.g. caching. Because of difficult setup, I recommend first to do a compile/ install on regular LINUX for testing.
Note, however, that even this method does not work in all cases, i.e. because of pinned certificates.
Now some people might begin to notice, why google REALLY was more or less forcing usage of https: Not to allow simple ad blocking.

2 Likes

Thanks all for the feedback. Very useful.

I think the better available solution is to block this client side.
Install a web browser that obeys filters added by extensions (Firefox), and then the uBlock Origin addon. Defaults are fine, but you may check the "filter lists" tab in the settings to see if you are interested in some of those that are not enabled by default.

Dont forget that an MITM proxy - I believe - will need a lot of CPU power to be able to serve requests if your internet service speed is not very slow, so it probably wouldn't run fine on an average router anyways.

1 Like