Pixelserv-tls for Adblock

For discussing pixelserv-tls for adblocking on OpenWRT.

Github: https://github.com/kvic-z/pixelserv-tls
Latest announcement: https://kazoo.ga/pixelserv-tls/

[To be updated]

1 Like

I did something similar as pixelserv myself in the past, on openwrt. Problem, however, was https, as the browser (esp. Chrome) always complained about cert-error when trying to fetch the 1-pixel file instead of the real ad. AFAIK, only possibility to avoid this error display would have been to install a special cert on the client.
For your solution, to work with https without error, is it required to install cert on client ?

Users have to self generate a CA cert for pixelserv-tls in order to support HTTPS. This practice is similar to vendors of anti-virus/security gateway software. Installation of this CA cert is very easy on clients in latest versions.

Ah, thats what I thought. So, just a confirmation of my own experience.
But this is the drawback: You can encourage "familar" clients to do so, or even force them, in a company, for example. And then it has a serious advantage compared to DNS-based adblock.
Different for an open hotspot, for example.

1 Like

Sorry, no. I don't think it's a confirmation of your experience. :grinning:

When pixelserv-tls was created four years ago to handle HTTPS for adblock, the implementation or perhaps the idea was brand new. I was not aware of any such tool in public domain. Nor any existing tools back then were able to do such a task.. (as far as I'm concerned).

squid can do transparent interception of https using same technique at least for 4 years already.


I'm still lost this...why is traffic being man-in-the-middled to block ads?

They work quite differently. You'll see the difference by spending some time on pixelserv-tls. It tries to solve a problem of serving on behalf of an undeterministic set of servers.

Long story short. Here is what I learned. In the old days, some people found a way to block ads by sending domains to, or Clients timed out but all things were slow. People didn't see the delay. Later some people found sending to a webserver, say They got a faster browsing experience. Additionally the webserver replied back with 1x1 pixel that killed picture/flash ads that were popular back then.

What's new by me in pixelserv-tls is handling HTTPS as well as changes the internals of the program to be very fast. There are some links to posts written by me in the OP that discuss the benefits even today to hit pixelserv-tls rather than, or even NXDOMAIN.

In a nutshell, DNS based adblock and pixelserv-tls aren't mutually exclusive but rather complimentary.

1 Like

I personally would love to see more development in this Pixelserv-tls for Adblock on OpenWrt. I'm curious and interested in this. However, unfortunately, I am not a developer/programmer. I am happy to do any testing though.