

Show HN: MadBlocker — iOS 8 Ad and Tracking Script Blocker - tomkinstinch
https://itunes.apple.com/us/app/madblocker/id1024886686?ls=1&mt=12

======
tomkinstinch
Creator here. Happy to answer any questions!

I created this as a proof-of-concept to show that we don't have to wait for
iOS 9 to block ads on iOS. MadBlocker uses a hack of the VPN subsystem to
block ads, by redirecting requests for ad domains to a bogus local DNS
address. Unlike some of the current iOS ad blockers, it doesn't use an
external proxy, so no data leaves the device. I also included block lists for
tracking scripts, since they're a problem too. Since it works at the OS level,
and not via Safari it also blocks ads in (most) apps. It should continue to
work fine in iOS 9 as well!

I have some promo codes I can give out too if you'd like to give it a try. If
you want one, please just email me at the address listed in my HN profile.

~~~
bambax
Can you explain a little more how this works? Can specific requests be routed
to a specific connection in iOS, at the device level?

If it's a "hack", won't the possibility be blocked by Apple eventually?

Also, you say on the App Store page that using a big list can slow down
browsing, as (I'm paraphrasing) the app has to scan each page against the
list; why is that the case? Shouldn't request be redirected the moment they
are made, and not before?

Great idea in any case! Will probably try it, as many sites are already almost
unusable because of ads (and when using Chrome on iOS the problem gets worse;
Safari must block more by default).

~~~
tomkinstinch
It's only a hack in the sense that is using the VPN system in a way that it
was not originally intended. It is only using documented public iOS APIs.

To answer your request in more detail: it makes use of a feature that has been
around since iOS 7: VPN On Demand[1]. The idea behind VPN On Demand is that
requests can be routed to different VPNs (or accessed normally) based on the
hostname of a request. This is useful if you get an email from work that has
an intranet-only accessible website. Clicking on the link could load a
connection to the company VPN for only that work domain without also sending
all of your personal traffic through the company VPN. In the case of
MadBlocker, I just direct requests for ad hostnames to a bogus local IP, and
the ads never load.

That said, while it works in Safari and in most apps, it may not work in apps
that implement their own networking or DNS retrieval, which Chrome seems to
do.

> Shouldn't request be redirected the moment they are made, and not before?

Yeah, that is what happens, but since _every_ request is checked against the
list (since we don't know _a priori_ which request is for an ad), it can take
noticeable time on sites that include assets from many external domains (if
using the "mega" list or depressingly-long privacy protection list).

1\. [https://support.apple.com/en-us/HT203743](https://support.apple.com/en-
us/HT203743)

------
dan_m2k
Larger question, not just confined to the world of iOS ad blocking; as the
creator of ad-blocking code, are you at all concerned that you're hurting the
only revenue stream for sites that rely on ad revenue to pay the bills?

We're not just talking the big boys here, a bunch of indie content producers
publish online and I don't begrudge them a few ad dollars for producing
content that's worth reading, or is it that we're making the call that content
should be free or is inherently value-less?

~~~
tomkinstinch
It's definitely a concern, especially since I run a side project for STEM
education that has ads[1]. My site doesn't break even at all from ads, but
they help offset the running cost (revenue is in the single-digit dollars-per-
month range). Ad revenue has fallen greatly though for sites displaying ads, I
believe owing to the fact that online ads have been found to be much less
effective at driving sales than they were once thought to be (though they may
still buy mindshare). Current ads are more flashy, more annoying, and are a
greater source of frustration. On desktops that's one thing, were the cost of
viewing the ad is largely paid with your attention. On mobile though, they
take up even more attention but they also use expensive mobile data and drain
precious energy from the battery.

I'm not sure of how things will look in the future, but it will probably be a
more heterogeneous mix of funding sources. We'll see more subscription-based
sites, we'll see more sites run as cashflow-negative hobby projects, and we'll
still see ads. We will also certainly see another category: sites the sell
your info for money. We'll see sites that combine all of these. I suspect
we'll also see more content distributed solely in app form, with in-app
purchases buying more content. Since operational costs have fallen and
continue to fall, the world won't look so different for a while. I think the
best model for consumers is one where ads are the default, and a cheap
subscription can be paid to remove them. Microtransactions are an alluring
solution, but no one has really made them work yet. There is also a growing
trend of sponsoring content before it is created, via sites like Patreon.

1\. [https://www.takeitapart.com/](https://www.takeitapart.com/)

~~~
chinathrow
Does your app whitelist your websites?

~~~
tomkinstinch
Do you want a whitelist in the sense that you want to see ads on certain
websites, or that you want to see specific ads?

In the case of the latter, a whitelist is planned (mostly to correct for false
positives). In the case of the former, it's not possible technically since I'm
not proxying anything, and the whitelist acts on the request domains ads are
coming from not the domains in which they are embedded.

~~~
chinathrow
No no, I simply ment to ask whether your new app does also block ads on your
mentioned side project.

~~~
tomkinstinch
Oh, it does indeed block them (they're Adsense ads)! (Good for testing, since
I know how the ads will load)

~~~
chinathrow
Bonus points in this case, thank you :)

------
iwillreply
Doesn't seem to work in iOS9 (at least for me).

Enabled ad blocking - went to mashable.com got ads as per
[https://www.dropbox.com/s/gqnf2mebzi74151/photo%20aug%2015%2...](https://www.dropbox.com/s/gqnf2mebzi74151/photo%20aug%2015%2C%205%2026%2027%20pm.png?dl=0)
turned on mega list, refreshed, same thing.

~~~
tomkinstinch
Interesting. Did you restart Safari before trying it in iOS9?

I haven't tested it yet in iOS9 yet because the VPN system doesn't work in the
simulator, and I haven't installed the beta on my personal phone yet since I
value stability. Once iOS 9 is out to the public I'll do some testing and make
any updates necessary.

~~~
iwillreply
I hadn't, but just tried restarting safari, restarting device, and clearing
safari history/data - and still having the same output.

* I'm completely fine with this being the case. Before installing I was completely unsure if it would work for iOS9 before trying (not expectant with it still being beta, but simply curious as it's an interesting approach).

~~~
tomkinstinch
That's a bummer, sorry about it! I'll work to have it running after the iOS9
launch!

~~~
iwillreply
No problem at all. As I say, wasn't expectant. Good luck with it - the
approach is unique, and on working beyond Safari would be awesome.

------
DavideNL
I think there's been an App in the AppStore (since a long time) that uses the
same technique: "Disconnect Kids By Disconnect"
[https://itunes.apple.com/us/app/disconnect-
kids/id671080655?...](https://itunes.apple.com/us/app/disconnect-
kids/id671080655?mt=8)

~~~
tomkinstinch
I hadn't seen that; thanks. I like their comic book explanation.

It looks like their VPN profile is not included with the app though, and is
instead sourced from their website[1]. That means that a) Apple has not
inspected the block list (they specifically asked me via the resolution center
to list which domains were blocked), b) that the VPN profile is subject to
interception or changes of control since it is sourced from a website, c) that
updates to the block list require a new download of the block list from their
website, d) that an uninstall of their blocklist requires the installation of
a new (presumably blank?) blocklist, and e) when you uninstall their app, the
VPN profile remains on the device (it is removed upon uninstall of
MadBlocker).

1\.
[http://kids.disconnect.me/profile?block_ids=0,1,2,3,4,5,6,7,...](http://kids.disconnect.me/profile?block_ids=0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22)

------
archagon
Really clever! Hope this sticks around.

~~~
tomkinstinch
Thanks, me too!

------
phubbard
Thank you - this is a wonderful thing to have on mobile. I hate going from my
home wifi, where I use squid guard + blacklists, onto LTE. This seems to catch
most of the crud and the performance hit is acceptable.

Well worth the price.

------
an4rchy
Looks interesting. I agree that I am concerned regarding the future of the app
and how it affects Apple's API /ToS.

To everyone wanting to check validity it should be pretty easy to verify the
network traffic.

Will definitely hit you up for a promo code. Cheers.

------
lawnchair_larry
How can a user confirm that their traffic isn't set to be sent over the vpn?

~~~
tomkinstinch
That's a valid question, and it is always the challenge of closed-source
software; it's a black box. So you either have to trust me, or you could have
your iPhone connect to a wi-fi access point on a network you are monitoring
and check for requests to anomalous domains. You could also probably install
it on a managed iOS device and then inspect the VPN profile with Apple
Configurator.

------
mikhailt
I'm surprised Apple allowed this through the App Store.

I suspect you'll get rejected later this year when iOS 9 is released for
duplicating a system feature.

~~~
nsgi
Ad blocking isn't a system feature in iOS 9. The publicity is about an API
that makes it easier for developers to write ad blockers.

There are also plenty of apps that duplicate system features.

~~~
mikhailt
Do you think Apple will see it that way? They've been very vague in the past
about what defines duplicating the features.

In addition, the dev said he was using the VPN as a workaround for this, Apple
can very well reject this for a different reason.

~~~
DavideNL
Disconnect Kids which uses the same technique has been in the App Store for a
long time...: [https://itunes.apple.com/us/app/disconnect-
kids/id671080655?...](https://itunes.apple.com/us/app/disconnect-
kids/id671080655?mt=8)

------
quinndupont
@tomkinstinch What kind of performance hit can we expect with this?
(Innovative solution until iOS 9!)

~~~
tomkinstinch
Minimal with the regular block list, noticeable with the "mega" or Privacy
Protection lists. See my comment here:
[https://news.ycombinator.com/item?id=10066131](https://news.ycombinator.com/item?id=10066131)

------
PatentTroll
It seems to only let me enable either ad blocking or privacy blocking. How can
I do both?

~~~
tomkinstinch
That may be an early bug, my apologies. You should be able to enable both.
Please message me at the email listed in my HN profile and we can
troubleshoot.

------
krrrh
using a dummy proxy is another approach to this problem. This is how Weblock
works, which I'm pretty happy with. It seems to have almost no overhead on the
device, though it only works for wifi connections.

~~~
tomkinstinch
The nice thing about MadBlocker using the VPN is that it works for cellular
connections as well.

I wonder why proxies would be wi-fi only. Do you know?

~~~
krrrh
I guess it has to do with mobile carriers wanting more control over your
connection. The same way that you can't change your DNS when on a mobile data
connection, you can't specify a proxy server (except through a VPN profile).

------
aakilfernandes
How come no free trial?

------
JustinAiken
...and it's gone.

~~~
tomkinstinch
Creator here. It's up for me on the US App Store. It just went live though, so
it's possible it hasn't made it out of all of Apple's CDN just yet.

