Hacker News new | past | comments | ask | show | jobs | submit login
AdGuard Pro for iOS will be discontinued due to Apple's policy (adguard.com)
59 points by crispinb on Aug 1, 2018 | hide | past | favorite | 62 comments

You can hack one of these together yourself. Buy a VPS. Install pi-hole on it. Set it up as a VPN server.[1]

Install OpenVPN Connect on your iPhone and connect to your new server and bam, you have an awesome VPN and ad-blocking combo.

[1]: https://github.com/pi-hole/pi-hole/wiki/Pi-hole---OpenVPN-se...

This is probably the way to go, you just have to worry about data limits and overages, plus the extra latency. Probably not the biggest deal for mobile, though.

This is a good workaround to a problem that shouldn't exist. I feel it's important to clarify this is certainly not more secure than using a client-side solution that doesn't involve duplicating bandwidth.

(Full disclosure I make an iOS app that is also likely going to be affected by these rules, so I am triggered)

I would pay for this.

How much?

I’ll bite: how about $10 per year, less than what I’d pay for a VPN service, but more than “free” which is what I pay to run a pi-hole like service for my local LAN only. If I were in charge of one of these existing VPN services I’d offer ad blocking as an upgrade.

The service is literally a VPN with an extra ad blocking service. Why would you pay less for that?

Depends on whether the VPN service also came with the same privacy assurances that the more costly competing VPN services offer.

How does a third party VPN that intercepts all of your data have any privacy assurance?

Well, an unlimited bandwidth vps should run less than $100/year, so a dozen users and you make a profit.

Who's in?

5 maybe 10 USD a month

> Moreover, it is advertised nowhere that it can [block ads].

Apples policy may be burdensome and unwelcome, but I'm not sure a product called "Adguard Pro" can't be said to advertise ad blocking functionality...

You have to understand that statement in context of Apple promoting content blocking within Safari. So claiming adblockign functionality in iOS is expected and non-problematic.

The difference is that AdGuard works like a watered down little snitcher — letting you control specific network connections that your phone makes. And the filtering works within and without Safari.

I use it for monitoring the servers that various apps reach out to. Unlike Charles Proxy AdGuard does not allow any insight into contents.

It’s sad how far backward things have gone that we aren’t allowed even that modicum of control of a device we purportedly own. (Absent use of homemade VPN proxy or pi hole.)

This about face for Apple is the first time I’ve seriously considered going to back to Android. Google’s walled garden is much more porous, but it’s really a fool’s errand to look for a smartphone that treats its user with any respect.

> Your app uses a VPN profile or root certificate ...

> [...] it is advertised nowhere that it can [use a VPN profile or root certificate]

Seems to be the issue isn't "blocking ads" but "you can't do it in $THIS way" with Apple misunderstanding that the app doesn't do $THIS, it actually does $THAT (using NEPacketTunnelProvider.)

NEPacketTunnelProvider is the API to implement a VPN, so they are in fact doing it $THIS way.

Please explain how using this API is "[using] a VPN profile or root certificate."

Hi delinka. I believe that's just bad wording and that the real issue is using the VPN APIs to implement something other than a VPN.

So far, I have been very pleased with 1Blocker X: https://itunes.apple.com/us/app/1blocker-x/id1365531024?mt=8 and its predecessor.

I haven't bought 1Blocker X, but I bought the previous version, and I had endless problems, mostly with it breaking websites, and failing to block obvious ads. 1Blocker X came out as a paid upgrade while the previous version was still broken, so I refused to use it.

I got the free version of AdGuard, which just creates a plain Safari content filter from DNSBL lists you specify yourself, and it works great. Very happy.

Meanwhile Apple is cool with the Verizon VPN [1], because it also blocks ads in applications, but server-side, and that makes a huge difference (?).

Or rather, because this is Verizon.

[1] https://techcrunch.com/2018/07/28/verizons-new-safe-wi-fi-is...

Verizon's VPN is an actual VPN. The fact that the VPN can be configured to block ads doesn't really matter very much, since, as you point out, that happens server-side, not on the device.

The Apple policy here is you can't use the VPN APIs to implement a content blocker. Or more generally, you're not supposed to use the VPN APIs to implement something other than a VPN, although they seem to be ok with some limited exceptions such as Charles Proxy. If the VPN itself offers other features, that falls outside the purview of Apple's policies.

According to Malwarebytes (they got banned too), server-side or client-side does not matter: https://twitter.com/thomasareed/status/1021095129279541249

I mean, I'm just speculating here, but that tweet makes it sound like they asked if they could add a real VPN specifically for the purposes of ad-blocking rather than for the purposes of being a VPN. And that is obviously just an attempt at an end-run around Apple's policies.

I realize the line is fuzzy here between "using a VPN to do ad-blocking" and "adding an optional ad-blocking feature to a VPN", but they are different concepts. Verizon's VPN appears to be a real VPN that simply has an optional ad-blocking feature. Perhaps the optional nature of the ad-blocking is important? I don't know.

One of the best things about Android is how easy it is to not make Google money. From ad blockers and alternative app stores to downright piracy.

If Google could do it all over again they would emulate iOS with their walled garden. I am sure of it.

I switched from IOS to Android a month ago, and one of my favorite things about it is that I can use the Brave web browser (with built in ad block, tracker block, and HTTPS Everywhere) and it's been amazing. My browser experience on mobile is complete different- no more videos or audio ads taking over and stopping my music, significantly less data being used, and of course it means I don't see ridiculous ads. On top of that because Android actually lets you pick what apps you launch things with it works with all my other apps as well, without the need for some "vpn hack".

What you are describing is much easier on iOS. The default web browser natively supports extensions, including ad blockers. The AdGuard vpn hack had the benefit of blocking ads in all apps at the cost of being so invasive.

Firefox has extensions available by default on Android. I use Ublock Origin & HTTPS everywhere. I wouldn't call it the "default browser", but it's...Firefox. I wouldn't exactly call it hard either since you just browse to the normal Firefox extension page and click the install button.

Google does do everything in its power to prevent me from using Firefox though.

> The default web browser natively supports extensions, including ad blockers

No, it only supports ad blockers, dubbed 'content blockers'.

I suppose the difference is that Android still tries to be a PC-on-a-Phone where iOS never intended to be that way. It's sort-of a Hardware+Software vs. Appliance nuance, while one is the other, the latter is not designed to become the former.

I think that hits the nail on the head. Android is the natural extension of Palm and Windows Mobile into the 21st century, a modern take on the classical smartphones. iOS is actually working backwards, starting from a "no you can't" and slowly working into a "okay I guess if you want to" as they add file management and styluses and official external keyboards.

It's probably also why people that do not (want to) make that distinction are rather polarized about their device of choice.

Considering phones now have pretty capable CPUs and 6Gb RAM turning a phone into a mini laptop is becoming quite viable.

I don't think that the concept of a phone-trying-to-be-a-PC is limited by what CPU or RAM it has. You can run complete Linux and Windows CE desktops on devices with way less resources. Doesn't mean that it's the UX the world needs ;-) On the other hand, as long as you know what you want, and know what is available, then none of it really needs to be in competition.

Not from a UX point of view. Many non technical people enjoy iOS exactly because you can't too much with it. It reduces complexity.

If you think that's cool, check out the AdGuard app for Android. It handles not just browser traffic, but traffic from every app. Not the one from the Play Store, but the one from their website -- the Play version is crippled. It'll block all those undesirable connections for the entire device, and it's GUI makes it super easy.

It is not free, however, but I believe they offer a trial still.

On my last Android device, after months of usage, I was blocking on average about 40% of all traffic on my phone -- most of that to trackers and ad networks. On Android it seems like most every app is sucking away at your device, almost none of the tracking and ad network activity is voluntary or opt-in.

I miss AdAway. I really need to root my Pixel, but the new filesystem setup they're using scares me away from rooting.

You should try DNS66 [0], which does not require root. It acts as a VPN on Android and returns when any app tries to resolve the IP address of an ad-serving domain. Other network traffic passes through unmodified, so it's very battery friendly.

The app is also available from Fdroid [1]. It isn't available from the Play Store, since Google has banned ad blockers.

[0] https://github.com/julian-klode/dns66

[1] https://f-droid.org/en/packages/org.jak_linux.dns66/

Did you attempt to use any iOS content blocking apps? I use 1Blocker and my mobile browsing experience is similarly free of videos, audio ads, and rediculous ads. Further, because I'm also using 1Blocker on macOS, my custom blocking and whitelists is synchronized. Anyway, I don't want to get into an Android/iOS debate—they each have their pros/cons—I just want to point out that iOS provides a very workable ad/content blocking solution in my experience.

The problem is, you're beholden to Apple to allow these things to exists. I have no fear of Firefox/uBlock Origin, or any other Browser/Blocker combo suddenly no longer being on option on Google's whim, or VPNs no longer working. That, and there's ample competition amongst those solutions to keep quality and innovation going. There's 1 Web View and 1 extension API everything on iOS has to conform to, leaving very little room for innovation.

Content blockers are Apple-approved API.

iOS has supported content blocking for at least two years with the added ability to block ads in apps that use the SafariViewController (like Feedly).

Also, you don’t have to worry about a third party ad blocker having access to your browsing history.

I'm a bit confused as to why adguard is being targeted here, but things like Disconnect.me which also use a "fake" VPN are not. Can anyone shine some light on this?

I wonder what it might affect other apps developed by (one of) the developers in cases like this. Do they ban apps or people? Should the developers worry about increased scrutiny to their other apps?

TLDR: iOS is a compulsory ad delivery platform.

I think it's way more complicated than this sort of snark makes it out to be.

Apple allows content blocking in Mobile Safari. There are some limits to the APIs they've provided, and one can quibble about how complete they are, but Apple has literally made an ad-blocking API.

AdGuard Pro's "local VPN" trick was basically a way to be able to block not only ads in Safari, but ads everywhere, including applications that are connecting to ad networks. And I'm pretty sure this is what Apple is ultimately trying to stop here.

You can argue that ads are just absolute evil everywhere and that the distinction between in-app ads and web ads is arbitrary. And, I guess, maybe? Maybe we should have the absolute right, as the device owner, to say to app developers, "Hey, if you were stupid enough to make this app free and try to get money from it by showing me ads, tough cookies for you."

But, as the device owner, you also have the absolute right to, well, choose what apps you run, in a way that really isn't true for web sites. I mean, yes, you have the choice of which web sites you visit, but in practice it's way harder to say "if you don't like web sites with horrible, intrusive ads, just don't visit them" than it is to say "if you don't like ad-supported apps, don't download them." And while this is absolutely a subjective perception that may apply only to me and no one else, it would feel just a little bit sleazy to me to use an ad-supported app for free while blocking the ads. If I like the app, I'll pay to make the ads go away if that's an option; if the ads can't be turned off and they're too intrusive, I'll simply stop using the app.

As "the device owner, [I] also have the absolute right" to control what the device does, what traffic it accepts, and what it rejects. And as much as I like Apple's stance on privacy and security, I hate its refusal to honor owners' rights. So I'd never use their stuff.

Then don't use apps that are ad supported? That sounds like the way to make sure that you're controlling what traffic it's using. Not denying apps that you're using revenue.

It's complicated, because these are closed ecosystems. So sometimes there aren't many options.

I do gather that app security and isolation are better in iOS than in Android. And that dropping AdGuard Pro is actually evidence for that.

> I think it's way more complicated than this sort of snark makes it out to be

Well of course. Snark is just snark -- it's hardly intended as a supported argument. It's a chuckle & wink to the like-minded.

TLDR: Apple has told people not to play DNS/tunnel games, you need to use their privacy protecting ad blocking infrastructure.

AdGuard didn’t, so Apple stopped them.

Absolutely no surprise here.

The rules are designed to enforce the delivery of ads.

I agree on the no surprise aspect. Adguard allowed users to expunge ads, Apple has many policies to prevent ceding such control to mere consumers.

Apple built ad/content blocking into Safari itself, encouraged its use, and has been waging war on third-party cookies and other tracking for years. This is the exact opposite of "enforcing ads".

Not really - it's eliminating competition. Apple is stopping competitors (web apps) from displaying any ads, and enforcing ads through the channel (App Store apps) it profits from.

I have a better way to block ads. I either pay for the no ads version and support the developer or delete an app that doesn’t have a no ads option. Except for Overcast. You can pay for s no ads version but I find ads for podcast based on the category of podcasts I’m listening to useful.

Seems like a reasonable personal story about how you use an ad-delivery platform like iOS (and is pretty close to what I do on all the platforms I use). But it has little to do with the rightness or otherwise of disallowing users from deciding which network connections their own device is permitted to attempt.

I am controlling what ads I see - I have an ad blocker that works in both the web browser and my RSS reader - ad blockers work in embedded SafariViewControllers - and I don’t bother with apps that don’t give me an option to remove ads.

But using a third party VPN that intercepts all of your internet traffic to protect your privacy seems like it’s defeating the purpose.

Especially seeing that third party content blockers on iOS have no access to your web browsing history.

...in the browser, yes. But not in apps, which is the distinction for the app in question.

You act as if apple blocks their own ads. ProTip: They don't. They want to keep you in that walled garden on that phone you leased and don't even have root on. Jokes on us.

Apple provides an ad blocking framework. It was s big feature 2 years ago.

How is that ‘enforcing the delivery of ads?’

Because you can’t block ads in apps, only the web?

Any DNS based blocker could trivially track much of what you do both browsing and in apps. And that’s the kind of privacy risk Apple tends to try to fix.

Personally, I worry more about the ads than about the blocker.

I think the intent here was to stop an application from having access to all browser traffic for a purpose by bending the rules of system API (namely, that you should be using this to make a VPN).

As far as I know, Firefox for iOS can also block ads and trackers.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact