AB-Solution - The Ad Blocking Solution

[deddc23efb]

As long as they use domains exclusively, yes blocking outgoing requests will work. Just as with any domain hijacking/DNS poisoning.

I believe it is good for us that consumer router capabilities are limited. Imagine if common routers were able to do even a minimal DPI on the traffic seen. This would open up endless possibilities for hackers.

It's easy to imagine, Trend Micro is doing exactly that in the ASUS firmware. It's closed source and wants to share your data for analytics reasons. Doesn't make me comfortable at all.

 

[thelonelycoder]

It's easy to imagine, Trend Micro is doing exactly that in the ASUS firmware. It's closed source and wants to share your data for analytics reasons. Doesn't make me comfortable at all.

Trend Micro does not do much on the router. Rather, most or all data is sent to their servers, processed by them and an action packet sent back to the router to act upon locally. OpenDNS and other services do the same with domain queries.
Most are free services, they take advantage of every morsel of info they can gather and resell or monetize in any way they can.

 

[deddc23efb]

Trend Micro does not do much on the router. Rather, most or all data is sent to their servers, processed by them and an action packet sent back to the router to act upon locally. OpenDNS and other services do the same with domain queries.
Most are free services, they take advantage of every morsel of info they can gather and resell or monetize in any way they can.

I suspect Trend Micro is doing some on board analysis. Why have signature updates otherwise. It seems like the aggregate statistics they report are massaged by a cloud server somewhere (sorry - inhaled and sold.)

 

[thelonelycoder]

(sorry - inhaled and sold.)

Well said.

 

[RMerlin]

It's closed source and wants to share your data for analytics reasons

You have proof of this?

Traffic classification doesn't send any data to Trend Micro. Only the malicious website service does, and that's because it leverages their business-class WRS service.

This has nothing to do with analytics.

 

[deddc23efb]

Well proof of closed-source ( ) yes., and commercializing your data is built into the EULA. Anyone thinking they won't be using this is naive. To be honest, Google is no better, but Google isn't plugged into every single flow my system initiates or terminates. It's bad enough that DNS servers are used in the same way, but sending every single request is a gold mine of data.

From the Trend Micro EULA.
The key issues are improving their services and software using your data AND Trend Micro reserves title, ownership and IP for work resulting from the use and analysis of the data.

PRIVACY AND SECURITY STATEMENT REGARDING FORWARDED DATA
In addition to product registration information, Trend Micro will receive information from You and Your router on which the Software or any support software tools are installed (such as IP or MAC address, location, content, device ID or name, etc) to enable Trend Micro to provide the functionality of the Software and related support services (including content synchronization, status relating to installation and operation of the Software, device tracking and service improvements, etc).
By using the Software, You will also cause certain information (“Forwarded Data”) to be sent to Trend Micro-owned or -controlled servers for security scanning and other purposes as described in this paragraph. This Forwarded Data may include information on potential security risks as well as URLs of websites visited that the Software deem potentially fraudulent and/or executable files or content that are identified as potential malware. Forwarded Data may also include email messages identified as spam or malware that contains personally identifiable information or other sensitive data stored in files on Your router. This Forwarded Data is necessary to enable Trend Micro to detect malicious behavior, potentially fraudulent websites and other Internet security risks, for product analysis and to improve its services and Software and their functionality and to provide You with the latest threat protection and features.
You can only opt out of sending Forwarded Data by not using, or uninstalling or disabling the Software. All Forwarded Data shall be maintained in accordance with Trend Micro’s Privacy Policy which can be found at www.trendmicro.com. You agree that the Trend Micro Privacy Policy as may be amended from time to time shall be applicable to You. Trend Micro reserves the title, ownership and all rights and interests to any intellectual property or work product resulting from its use and analysis of Forwarded Data.

 

[RMerlin]

Keyword throughout the EULA is "may"... EULAs are always wider than necessary purely to protect them on a legal basis. Until someone can come up with actual proof, this is just speculations.

Did you know that according to the Adobe EULA, giving away your computer with Adobe Reader already installed is illegal? The EULA states you're supposed to uninstall it first, so the new owner has to download and re-accept the EULA.

That's how EULAs work: they try to cover pretty much every single corner case just to satisfy lawyers, but they carry zero technical weight. Until someone can come up with a traffic trace to confirm it, there is nothing proving that they are getting anything but the URLs that get sent to the WRS service, and that's IF you actually enable malicious website blocking.

 

[elorimer]

Keyword throughout the EULA is "may"... EULAs are always wider than necessary purely to protect them on a legal basis. Until someone can come up with actual proof, this is just speculations.

Did you know that according to the Adobe EULA, giving away your computer with Adobe Reader already installed is illegal? The EULA states you're supposed to uninstall it first, so the new owner has to download and re-accept the EULA.

Fun fact: if you are Germany or Austria, the EULA legally obligates you to make backups of your data. Oh, and submit to the jurisdiction of English courts.

 

[deddc23efb]

Keyword throughout the EULA is "may"... EULAs are always wider than necessary purely to protect them on a legal basis. Until someone can come up with actual proof, this is just speculations.

Did you know that according to the Adobe EULA, giving away your computer with Adobe Reader already installed is illegal? The EULA states you're supposed to uninstall it first, so the new owner has to download and re-accept the EULA.

That's how EULAs work: they try to cover pretty much every single corner case just to satisfy lawyers, but they carry zero technical weight. Until someone can come up with a traffic trace to confirm it, there is nothing proving that they are getting anything but the URLs that get sent to the WRS service, and that's IF you actually enable malicious website blocking.

Yep. I don't really want to get into a debate about whether they do or they don't. I don't know.

What I do know is that ASUS has not said "We DO NOT SELL or SHARE your private information in any way." Like Google's long retired "don't be evil." In the absence of that, the company is certainly profiting from access to all of our data one way or another, and they have built it into their EULA. They need to pay Trend Micro's licensing and maintenance costs and since I don't see a recurring license fee built into my router purchase, it's not my wallet that is paying it, it's my data that is paying it.

My issue is that ASUS did not warn me on the side of the ASUS router box that "Our Traditional QOS implementation is broken and we plan to never fix it, so if you are buying this router and expect to use it to apply different treatment to different categories of traffic, you need to agree to let ASUS have access to your data." I DO NOT want the Trend Micro DPI. I would have been happier with an layer7 filter implementation (like old school Shibby) rather than some closed-source buggy DPI package. I can at least turn off or fix the issues in the Layer7 code.

Sadly, I didn't know about these issues prior to buying the router and there are features on the ASUS that I do want. Good with the bad I guess. My next router won't be ASUS if they continue on this path, but I'll make the best of the money I've now spent.

/dedd

 

[charlie2alpha]

Yep. I don't really want to get into a debate about whether they do or they don't. I don't know.

What I do know is that ASUS has not said "We DO NOT SELL or SHARE your private information in any way." Like Google's long retired "don't be evil." In the absence of that, the company is certainly profiting from access to all of our data one way or another, and they have built it into their EULA. They need to pay Trend Micro's licensing and maintenance costs and since I don't see a recurring license fee built into my router purchase, it's not my wallet that is paying it, it's my data that is paying it.

My issue is that ASUS did not warn me on the side of the ASUS router box that "Our Traditional QOS implementation is broken and we plan to never fix it, so if you are buying this router and expect to use it to apply different treatment to different categories of traffic, you need to agree to let ASUS have access to your data." I DO NOT want the Trend Micro DPI. I would have been happier with an layer7 filter implementation (like old school Shibby) rather than some closed-source buggy DPI package. I can at least turn off or fix the issues in the Layer7 code.

Sadly, I didn't know about these issues prior to buying the router and there are features on the ASUS that I do want. Good with the bad I guess. My next router won't be ASUS if they continue on this path, but I'll make the best of the money I've now spent.

/dedd

Sigh, the traditional QoS is busted since around 380.86 for me. I changed to the Adaptive QoS because I don't want to leave my RT-AC56U with old firmware with possible vulnerabilities. Sigh...

 

[RMerlin]

Sadly, I didn't know about these issues prior to buying the router and there are features on the ASUS that I do want. Good with the bad I guess. My next router won't be ASUS if they continue on this path, but I'll make the best of the money I've now spent.

Your list of alternatives is growing short. Netgear flat out added an option to send out telemetry usage data back to them in recent releases, and it's NOT to provide an actual service, unlike Trend Micro's WRS... And there's also Linksys' dubious cloud-based management which got them into legal hot water at least once already.

adly, I didn't know about these issues prior to buying the router and there are features on the ASUS that I do want.

If you want malicious website blocking, you will have to deal with a cloud-based solution, or with outdated/incomplete data (like Netgear updating their QoS signature maybe twice a year).

 

[deddc23efb]

Your list of alternatives is growing short. Netgear flat out added an option to send out telemetry usage data back to them in recent releases, and it's NOT to provide an actual service, unlike Trend Micro's WRS... And there's also Linksys' dubious cloud-based management which got them into legal hot water at least once already.



If you want malicious website blocking, you will have to deal with a cloud-based solution, or with outdated/incomplete data (like Netgear updating their QoS signature maybe twice a year).

I agree that the set of options is short - at least in the "let's repurpose consumer devices to do something they better than what the manufacturer sells" world.

I think the assumption that I want these services built into my router is a bad one. I get that ASUS is trying to expand its piece of the pie by adding what they think are high value services. Apparently good hardware and solid features aren't where the money is.

Wrt to cloud services being required, I don't think they are necessary. Look at the success of features such as AB-Solution/Adblock, tools like Snort (other DPI solutions) and others. There are many excellent tools available to skilled and knowledgeable people that are high quality and work well.

For mom and pop non-computer folks, perhaps ASUS Trend-Micro/Netgear/Linksys stuff is the right solution. Hey, these people use Facebook too, so what more do they have to lose?

For enthusiasts like us, it's frustrating because we know that the hardware is pretty good and it should be able to do what we want with low power and low cost. I can build a much better router/firewall with a standard PC chassis good wireless cards, excellent ethernet interfaces and a proper OS setup where root doesn't do everything. It would be more expensive, louder, use more power and probably be more clunky. I'm ALREADY dicking around in the CLI on the ASUS ... would it be that much worse?

Pretty off topic at this point.

ASUS advertises a certain set of features, but only supports the ones that provide a new revenue stream for them. That sucks. That's about it. It doesn't matter what other vendors do or sell at this point. If cars were sold like this, there would be lawsuits, recalls and so on. Look what happened to Volkswagon.

/dedd

 

[Protik]

Though a very unlikely scenario, but if the weekly count sums up to a number of million, is not truncated like the total. Please consider this for the next version.

----------------------------------------------------
 529,032  blocked domains  12  hosts files in use
 4.172M t  2,000,916 w  40,327 n ads since Jan 12 19:59
----------------------------------------------------

PS: This is happening because when I visit a particular site. the site hammers trying to connect to cdn-gl.imrworldwide.com and gets blocked by Ab-Solution. I could not figure out any detail about the site anyway.

 

[thelonelycoder]

Though a very unlikely scenario, but if the weekly count sums up to a number of million, is not truncated like the total. Please consider this for the next version.

----------------------------------------------------
 529,032  blocked domains  12  hosts files in use
 4.172M t  2,000,916 w  40,327 n ads since Jan 12 19:59
----------------------------------------------------

PS: This is happening because when I visit a particular site. the site hammers trying to connect to cdn-gl.imrworldwide.com and gets blocked by Ab-Solution. I could not figure out any detail about the site anyway.

The cap is at 1 million for the total, then breaks it down gradually, up to billions. I'd never imagined this number would be reached in the weekly total.
Easy to add, no problem. Ads counting surely takes some time when starting AB with that many to count!
AB4.0 handles that smarter.

 

[apokrif]

Guys,

I have a question, but I don’t know where to ask exactly.

Basically, a site has a link like this:

http://go.redirectingat.com/?id=321...k.com/walmart-inventory-checker?sku=634346527

Eventually, after doing “bad stuff”, it should go to https://brickseek.com/somehthing

ab-solution blocks go.redirectingat.com, so redirect doesn’t work.

Is there a way (via plugin to pixelserv?) to get target url and return to my browser, essentially short-cutting blocked site "go.redirectingat.com"?

Link format will be a bit different for different blocked sites, obviously.

Probably can be described using regex rules or whatever.

 

[thelonelycoder]

Guys,

I have a question, but I don’t know where to ask exactly.

Basically, a site has a link like this:

http://go.redirectingat.com/?id=321X567&test=off&xcust=73b2a4bef9c311e78787ee446ae44d1d0INT&url=https://brickseek.com/walmart-inventory-checker?sku=634346527

Eventually, after doing “bad stuff”, it should go to https://brickseek.com/somehthing

ab-solution blocks go.redirectingat.com, so redirect doesn’t work.

Is there a way (via plugin to pixelserv?) to get target url and return to my browser, essentially short-cutting blocked site "go.redirectingat.com"?

Link format will be a bit different for different blocked sites, obviously.

Probably can be described using regex rules or whatever.

Dnsmasq does not manipulate URLs, it resolves domain names to its IP.
To do what you hope to achieve means packet reading, possibly decrypting and altering part of it. This goes into the field of DPI and is way outside of what Dnsmasq, pixelserv or your router can do on the fly. There are browser plugins that can do this.

 

[rtn66uftw]

Kudos to everyone that understands the rudimentary PuTTY UI on first sight.

I remember having to google how to use that non-intuitive jumble of options.
I soon moved on to various other tabbed SSH clients with ever degrading satisfaction until I found Xshell.
Haven't looked back since.

I have never thought of blocking the ads at the router level. So when I installed ab-solution I was impressed. Now I don't have to be frustrated with ads on my phone and iPad anymore.

As a bonus, I also found out about Xshell. Darn, why didn't I know about this software before It would save me a lot of time doing school assignments on previous semesters

I thought Xshell is the one until I tried MobaXterm. Best terminal for Windows for sure!
https://mobaxterm.mobatek.net/features.html

 

[Makaveli]

I thought Xshell is the one until I tried MobaXterm. Best terminal for Windows for sure!
https://mobaxterm.mobatek.net/features.html

I mainly use putty.

This looks pretty good I will have to check it out.

 

[thelonelycoder]

I thought Xshell is the one until I tried MobaXterm. Best terminal for Windows for sure!
https://mobaxterm.mobatek.net/features.html

To each their own. For my taste Xshell looks and behaves more polished.

 

[Twiglets]

Guys,

I have a question, but I don’t know where to ask exactly.

Basically, a site has a link like this:

http://go.redirectingat.com/?id=321X567&test=off&xcust=73b2a4bef9c311e78787ee446ae44d1d0INT&url=https://brickseek.com/walmart-inventory-checker?sku=634346527

Eventually, after doing “bad stuff”, it should go to https://brickseek.com/somehthing

ab-solution blocks go.redirectingat.com, so redirect doesn’t work.

Is there a way (via plugin to pixelserv?) to get target url and return to my browser, essentially short-cutting blocked site "go.redirectingat.com"?

Link format will be a bit different for different blocked sites, obviously.

Probably can be described using regex rules or whatever.

In firefox try the following:

Skip Redirect by Sebastian Blask
Some web pages use intermediary pages before redirecting to a final page.
This add-on tries to extract the final url from the intermediary url and goes there straight away if successful.

https://addons.mozilla.org/en-US/firefox/addon/skip-redirect/

For example the following link goes to www.mozilla.org using this addon.
www.google.com/chrome/?i-would-rather-use-firefox=http%3A%2F%2Fwww.mozilla.org/

There are other similar addons for Firefox & Chrome YMMV