Overclock.net - An Overclocking Community - Reply to Topic

Thread: [CNET] Google may break ad blockers with upcoming Chrome change Reply to Thread
Title:
Message:

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in


  Additional Options
Miscellaneous Options

  Topic Review (Newest First)
06-11-2019 03:38 AM
c0rrupt You can always block via host

https://someonewhocares.org/hosts/
http://winhelp2002.mvps.org/hosts.htm
06-10-2019 12:56 PM
xJumper DNS adblockers and other old school hosts style solutions like pihole kind of suck. It's fine for mobile or IoT devices that you can't protect but for your main rig I find dedicated in browser blockers are way better.

If you're following classic infosec practices there' shouldn't be any adware/spyware standalone connections to ad/malware domains outside of your web browser anyway. With this security model your browser should be your only "portal" to the internet to begin with so system wide ad blocking should not be necessary. Mobile style adware applications that make their own direct connections to ad/malware domains outside of your browser should just flat out not be on your system, whether it's a desktop rig or mobile.

On mobile you can use uBlock as well same as the desktop. If you must break rule #1 of classic infosec and install adware/malware apps then you can use software like Adaway to modify your hosts and use the same list from uBlock Origin, same things a piHole but directly on your phone whether you're on your router or not. You need root to do it but I figure if you're on this site you probably are.

pihole and other such solutions are wonky to work with. With direct in-browser blockers like uBlock, uMatrix & NoScript I can turn everything up to 11, default deny everything and very easily selectively allow things. Running the same level of protection with hosts style or DNS adblockers first of all isn't possible but even trying to run similar levels of protection would be a huge pain in the butt, it's not nearly as easy to temporarily whitelist a domain, or a specific element for a specific site or sub domain of a site as it is would with content blockers running in the browser like uBlock.

This is a huge step backwards for computer security, shows you how much content blocking must be hurting Google if they are willing to put users at risk to protect their revenue. Content blockers/script blocking is the modern AV, more important than AV if you ask me. People don't get malware from downloading a .exe from Kazaa anymore, malicious script injections on sketchy sites when some guy searches "free NFL streams" and the likes are the most common attack vectors now, limiting what users can block is underhanded as hell.
06-10-2019 09:22 AM
tpi2007 [ZDNet] Opera, Brave, Vivaldi to ignore Chrome's anti-ad-blocker changes, despite shared codebase


Quote:
Despite sharing a common Chromium codebase, browser makers like Brave, Opera, and Vivaldi don't have plans on crippling support for ad blocker extensions in their products -- as Google is currently planning on doing within Chrome.

The three browsers makers have confirmed to ZDNet, or in public comments, of not intending to support a change to the extensions system that Google plans to add to Chromium, the open-source browser project on which Chrome, Brave, Opera, and Vivaldi are all based on.
Quote:
Microsoft Edge

The only major browser maker who did not respond to our request for comment on this issue was Microsoft.

The company announced last year it was ditching its proprietary EdgeHTML browser engine for a Chromium port of Edge, which is currently in public testing.

Microsoft's plans in regards to Google's Manifest V3 changes are currently unknown.
06-10-2019 07:30 AM
zeroibis
Quote: Originally Posted by xJumper View Post
So will the DNS requests go through the VPN provider or through Googles DNS over HTTPS provider built into the browser? Chicken or the egg?

Maybe if your VPN was running at the kernel level like wireguard it would "dns out" before it hit Googles forced DNS over HTTPS in the browser.



It will go out over the VPN though the DNS over HTTPs.


The DNS request is made as an HTTPs call over port 443. If your port 443 traffic is routed over your VPN then it will traverse the VPN.


As far as the network is concerned the traffic is indistinguishable from any other traffic on port 443.



The type of VPN implemented is irrelevant.



There is only two ways around it:


1) Client side you can disable this behavior assuming there is a way to do so. You can also have plugins on the client system that make this possible if the software does not already do so.


2) Network side you can force install client certificates that break encryption for https so that you can then preform packet inspection and then filter out the DNS requests and manipulate them. This will have the effect of breaking all https traffic on the internet within your network. Some traffic will function but clients will be informed at the browser side that all of their "encrypted" traffic is moving across the local network "unencrypted". Thus users should avoid using any banking sites or anything else that needs to be secure on said network.



Due to the demise of effective packet inspection and said packet inspections impact it's use going forward is going to be much more limited. Companies are going to need to invest more in endpoint protection rather than edge point protection in order to ensure a secure network. This also creates new risks for BYOD businesses as well as they need to ensure an effective endpoint solution for them.



This is not to say that firewalls are not going to be needed on the network edge or in other places on the network but that they are going to need to be complemented with additional endpoint security as well.
06-07-2019 01:35 PM
xJumper
Quote: Originally Posted by zeroibis View Post
No that would not break a VPN any more than it would break your internet. Your VPN is a virtual private network. Just because it is not physical does not mean that programs can simply ignore its existence any more than they could ignore a physical network.


All traffic will still pass over the VPN just as normal. Your are just not able to manipulate DNS requests once they leave the host because they are encrypted HTTPS requests. The traffic over port 443 will continue to traverse your VPN just like your other ports.
So will the DNS requests go through the VPN provider or through Googles DNS over HTTPS provider built into the browser? Chicken or the egg?

Maybe if your VPN was running at the kernel level like wireguard it would "dns out" before it hit Googles forced DNS over HTTPS in the browser.
06-07-2019 11:02 AM
zeroibis
Quote: Originally Posted by xJumper View Post
I was thinking about that as well, but wouldn't that break VPN's. The VPN industry is big right now, the word VPN has become a household name with Mr & Ms America and even though they have no idea what it really does or how to use it properly average households are using them. Breaking VPN's wouldn't be good.

No that would not break a VPN any more than it would break your internet. Your VPN is a virtual private network. Just because it is not physical does not mean that programs can simply ignore its existence any more than they could ignore a physical network.



All traffic will still pass over the VPN just as normal. Your are just not able to manipulate DNS requests once they leave the host because they are encrypted HTTPS requests. The traffic over port 443 will continue to traverse your VPN just like your other ports.
06-04-2019 08:17 PM
Krawk FB Purity, another great program has stopped receiving updates on Chrome and Google's policies are at odds with the programmer.
06-04-2019 02:26 PM
Sir Beregond Way back in the day I switched to Chrome because it was fast vs IE and FireFox which felt far too clunky...at the time. Then Chrome became a big memory leak and my search continues...

Someone told me to check out a browser called Brave. Don't know anything about it.

Edit: Screw that, looks like they spy on their users.

Sent from my SM-G965U using Tapatalk
06-04-2019 11:56 AM
xJumper
Quote: Originally Posted by zeroibis View Post
Lol all the poor people that think that they are going to filter adds at the DNS level. Just wait until chrome enables DNS over HTTPS as the default configuration and blows right past your attempts to stop them. Also just wait until they not only turn it on by default but also make it the only option.

I was thinking about that as well, but wouldn't that break VPN's. The VPN industry is big right now, the word VPN has become a household name with Mr & Ms America and even though they have no idea what it really does or how to use it properly average households are using them. Breaking VPN's wouldn't be good.
06-04-2019 10:44 AM
zeroibis Lol all the poor people that think that they are going to filter adds at the DNS level. Just wait until chrome enables DNS over HTTPS as the default configuration and blows right past your attempts to stop them. Also just wait until they not only turn it on by default but also make it the only option.
This thread has more than 10 replies. Click here to review the whole thread.

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off