One interesting thing I’ve noticed is that AdGuard means different things in different parts of the world. In some places, people know us primarily as an ad blocker, in others we’re best known for our DNS service and in some regions AdGuard is associated almost exclusively with our VPN. The reality is that AdGuard makes several different products, not just one.
One clarification that may not be obvious: open-sourcing this isn’t primarily about signaling or auditability. If that were the goal, a standalone protocol spec or a minimal reference repo would have been enough.
Instead, we’re deliberately shipping full client and server implementations because the end goal is for this to become an independent, vendor-neutral project, not something tied to AdGuard.
We want it to be usable by any VPN or proxy stack and, over time, to serve as a common baseline for stealthy transports — similar to the role xray/vless play today.
Happy to answer questions or clarify design choices.
>GFW has been able to filter SNI to block https traffic for a few years now.
SNI isn't really the threat here, because any commercial VPN is going to be blocked by IP, no need for SNI. The bigger threat is tell-tale patterns of VPN use because of TLS-in-TLS, TLS-in-SSH, or even TLS-in-any-high-entropy-stream (eg. shadowsocks).
Likewise interested in the authoritative answer, but: if I needed to write a decent chunk of code that had to run as close to wire/CPU limits as possible and run across popular mobile and desktop platforms I would 100% reach for Rust.
Go has a lot of strengths, but embedding performance-critical code as a shared library in a mobile app isn't among them.
This is not a common issue tbh. What sometimes may happen is that after an iOS update the content blockers in Safari becomes corrupted and the only thing that fixes it is not just a reinstall, but uninstall + reboot + reinstall after that. If even this doesn’t help please contact me at “am at adguard.com”, I will try to help.
I would advise against using unbound on the client side as this way all your DNS queries will be unencrypted and visible to your ISP. Besides that, the DNS responses can be modified, this kind of censorship is very popular and used in many countries.
IMO it is safer to use a big popular DNS recursor (google, cloudflare, adguard, quad9, etc), use DoT/DoH/DoQ and maybe add some additional filtering on top of it.
I tried not to share too much details while we were still in process of figuring out the details.
The legal advice we got was basically “block asap or risk jail time”. Moreover, the risk would still be there even if the complainant is shady or hiding their identity.
So it took us some time to do the digging and make sure that illegal content was removed which was the prerequisite to unblocking.
The digging is not finished btw, we’ll later post a proper analysis of our reaction and the results of the research.
Thanks for understanding and sorry if my comment sounded too harsh. Over the past few years we went through a lot and when I hear that AdGuard is just registered I may overreact.
What for your position, I respect it and as much as I’d like to say otherwise, under certain circumstances it can be reasonable.
It's not the first time I've noticed you spreading this misinformation on HN, so let me respond.
Most of AdGuard's staff relocated in 2022, and I (CTO and co-founder of AdGuard) personally live in Limassol, Cyprus. We commented on that publicly, but it seems that random forum posts often regarded as more reliable sources of information.
I am totally fine with anyone not trusting AdGuard for any reason, but please keep your statements factually correct.
PS: Sorry for sticking a small promo in the comment, but this year we're organizing the annual summit (adfilteringdevsummit.com) for ad blockers' devs on our home turf in Limassol, a perfect opportunity to meet us, other ad blockers and even browsers' devs.
If you've still got most of your devs working in Russia, and it looks like that from your github projects, I'm not sure what part of the comment you responded to is not correct or misinformation.
Most of the employees relocated including senior staff, devs and people with access. We still have some contractors working from there, mostly in support service, content and qa. Not "most" or "a lot", but nevertheless.
We encourage people to move closer to the head office, but as long as it's not required by law, we’re not going to force people to move out, as I know very well how hard it is.
> and it looks like that from your github projects
You do realize that a russian name != working in Russia, right?
> I'm not sure what part of the comment you responded to is not correct or misinformation
The parts where:
1. It's implied that the company is just "registered".
2. It's implied that the company is not European.
3. It's said that devs reside in Russia.
All three are factually incorrect.
AdGuard has been around for 16+ years, and throughout this time I've seen similar accusations many times. I am generally fine with them — that's life — but today I just wasn't in the mood, sorry for that. Anyways, this is one more reason to have more code published to open source, a win-win for all.
reply