Diversion Router Ad-Blocker potential for DD-WRT firmware

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2, 3, 4  Next
Author Message
thelonelycoder
DD-WRT Novice


Joined: 06 Dec 2016
Posts: 20
Location: Switzerland

PostPosted: Sat Jul 20, 2019 9:12    Post subject: Diversion Router Ad-Blocker potential for DD-WRT firmware Reply with quote
Hi all
I am the author and sole coder of Diversion - the Router Ad-Blocker for Routers running Asuswrt-Merlin firmware.

Before anyone tries: Do not install Diversion on DD-WRT. It will NOT install and NOT run on this firmware.


With that out of the way, Diversion has a terminal based UI and is packed with features to the brim. It is router based, using Dnsmasq to redirect domains to either the null address (0.0.0.0) or the pixelserv-tls address for true http/https ad-blocking. Diversion relies on and installs into the Entware environment, although it is not available through its opkg command.

In the interest of finding out potential usage on DD-WRT I ask for your opinions on ad-blocking in general and if adding support in Diversion for this firmware would be appreciated.

The discussion board for Diversion is here if you want to read more about what's driving me.



Diversion-4.1.3_expanded.png
 Description:
Latest Diversion screenshot
 Filesize:  24.89 KB
 Viewed:  17477 Time(s)

Diversion-4.1.3_expanded.png



_________________
Diversion - the Router Ad-Blocker for Asuswrt-Merlin
amtm - the SNBForum Asuswrt-Merlin Terminal Menu
Diversion and amtm on https://diversion.ch
twitter.com/DiversionBlock | github.com/decoderman | reddit.com/r/diversion
Sponsor
underdose
DD-WRT Novice


Joined: 12 Jun 2019
Posts: 20

PostPosted: Sat Jul 20, 2019 9:38    Post subject: Reply with quote
As a seasoned Asuswrt-Merlin user who switched to DD-WRT recently, the one and only thing I miss about Merlin was Diversion so I'm really happy to see you're interested in porting Diversion to DD-WRT.

I've played around with countless ad-blocking scripts from this forum, SNBForums, Github, etc., even installed PiHole on my router and managed to get it working to some degree. However, none of the solutions are as effective, sleek, user-friendly and feature-rich as Diversion in my opinion.

Anyone who's reading, please go check Diversion website and Diversion discussion thread to see how a well-implemented ad-blocking solution Diversion is.
mbze430
DD-WRT User


Joined: 14 May 2012
Posts: 239

PostPosted: Fri Jul 26, 2019 17:59    Post subject: Reply with quote
I use Diversion on my other routers. Be nice to have the option to have Diversion on DDWRT. It is better than the Adblocking feature that is built-in to DDWRT currently that's is FOR SURE.
_________________
ASUS RT-AC3200 - Deployed Client's site
ASUS RT-AC5200 - Merlin
ASUS RT-AX88U - Merlin
thelonelycoder
DD-WRT Novice


Joined: 06 Dec 2016
Posts: 20
Location: Switzerland

PostPosted: Sun Jul 28, 2019 11:46    Post subject: Reply with quote
mbze430 wrote:
I use Diversion on my other routers. Be nice to have the option to have Diversion on DDWRT. It is better than the Adblocking feature that is built-in to DDWRT currently that's is FOR SURE.

Good to know and thanks for the reply.


Continuing discussion on this thread from my other post:
Fskies wrote:
Yes, it would be great to get Diversion on DD-WRT ! It seems to be easier to use that Pixelserv. What the current limitation to implement Diversion on DD-WRT ?

Asuswrt-Merlin has specific hooks and files to simplify actions. For example, Diversion employs User scripts to start, mount, unmount and change services extensively. Also, manipulating dnsmasq.conf is simplified with the use of Custom config files.

I have not yet made a decision to support DD-WRT, partly because the response on this forum is somewhat discouraging. As Diversion is free and coded in my spare time I am reluctant to port it unless it is used in reasonable numbers. Supporting and answering questions, keeping it up to date AND adding new features takes a lot of time off of my spare time allocation.

_________________
Diversion - the Router Ad-Blocker for Asuswrt-Merlin
amtm - the SNBForum Asuswrt-Merlin Terminal Menu
Diversion and amtm on https://diversion.ch
twitter.com/DiversionBlock | github.com/decoderman | reddit.com/r/diversion
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4339
Location: Germany

PostPosted: Sun Jul 28, 2019 12:05    Post subject: Reply with quote
mbze430 wrote:
I use Diversion on my other routers. Be nice to have the option to have Diversion on DDWRT. It is better than the Adblocking feature that is built-in to DDWRT currently that's is FOR SURE.


But it is still limited unlike the solution which I just recntly added to my IPQ openwrt build. All those host based adblockers cannot block embeded ads in https sites:-) Since more and more webspaces now use embedded ads it will become useless.

_________________
KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
thelonelycoder
DD-WRT Novice


Joined: 06 Dec 2016
Posts: 20
Location: Switzerland

PostPosted: Sun Jul 28, 2019 13:14    Post subject: Reply with quote
<Kong> wrote:
But it is still limited unlike the solution which I just recntly added to my IPQ openwrt build. All those host based adblockers cannot block embeded ads in https sites:-) Since more and more webspaces now use embedded ads it will become useless.


Every router based (ad) blocking solution is limited to outright blocking discrete domains to achieve the goal. Doing more than that, be it on the router or through it by using a third party server/website to more granually filter ads would be a MITM mechanism.
I will never do that with Diversion.
BTW, the above blocking limits also apply to all PiHole installations.

<Kong> wrote:
Since more and more webspaces now use embedded ads it will become useless.

For the majority of websites out there this is not likely to happen in the near future. The ones already using its own domain serve their own specific content like YT. The far greater rest of the websites will continue to use the known ad server services.

_________________
Diversion - the Router Ad-Blocker for Asuswrt-Merlin
amtm - the SNBForum Asuswrt-Merlin Terminal Menu
Diversion and amtm on https://diversion.ch
twitter.com/DiversionBlock | github.com/decoderman | reddit.com/r/diversion
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4339
Location: Germany

PostPosted: Sun Jul 28, 2019 14:26    Post subject: Reply with quote
thelonelycoder wrote:
<Kong> wrote:
But it is still limited unlike the solution which I just recntly added to my IPQ openwrt build. All those host based adblockers cannot block embeded ads in https sites:-) Since more and more webspaces now use embedded ads it will become useless.


Every router based (ad) blocking solution is limited to outright blocking discrete domains to achieve the goal. Doing more than that, be it on the router or through it by using a third party server/website to more granually filter ads would be a MITM mechanism.
I will never do that with Diversion.


This is exactly how it works. The MITM solution will filter and remove ads and the client will accept that once you have added the MITM root ca to it's cert store. And for the paranoid, sites can be whitelistes/blacklisted in order to be able to not filter banking sites etc. in case you don't trust the "Router".

But if you trust adblocklists, then you don't seem to care about security. Since adblocklists have the potential to redirect you to bad servers. For a couple of adblock scipts I have already shown how to prepare the list in order to trick the script in adding host + special destination ip, not just redirecting to a non existing host.

I'm just waiting for the day, when someone hacks an adblocklist server.

_________________
KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
thelonelycoder
DD-WRT Novice


Joined: 06 Dec 2016
Posts: 20
Location: Switzerland

PostPosted: Sun Jul 28, 2019 15:24    Post subject: Reply with quote
<Kong> wrote:
This is exactly how it works. The MITM solution will filter and remove ads and the client will accept that once you have added the MITM root ca to it's cert store. And for the paranoid, sites can be whitelistes/blacklisted in order to be able to not filter banking sites etc. in case you don't trust the "Router".

I would trust my own router more than some external service. I keep my routers updated with the latest firmware versions. Asuswrt-Merlin is very much up to date with fixes, faster than the Asus stock firmware.


<Kong> wrote:
But if you trust adblocklists, then you don't seem to care about security. Since adblocklists have the potential to redirect you to bad servers. For a couple of adblock scipts I have already shown how to prepare the list in order to trick the script in adding host + special destination ip, not just redirecting to a non existing host.

I'm just waiting for the day, when someone hacks an adblocklist server.

Try that trick with Diversion. Let me know if you succeed. If you do, let me know how you did it so I can fix that loophole.

_________________
Diversion - the Router Ad-Blocker for Asuswrt-Merlin
amtm - the SNBForum Asuswrt-Merlin Terminal Menu
Diversion and amtm on https://diversion.ch
twitter.com/DiversionBlock | github.com/decoderman | reddit.com/r/diversion
ai5g
DD-WRT Novice


Joined: 12 Dec 2016
Posts: 11

PostPosted: Sun Jul 28, 2019 16:08    Post subject: YES! Reply with quote
A users opinion: I would love to see such an adblocking feature in dd-wrt!
I am using uBlock on my windows PCs, which is so far doing OK.
However, a lot was written about API changes in chrome which should limit the possibilities for browser based adblockers soon, and I fear that other browsers may follow.

I think router based blocking would be a great alternate option for the future.
thelonelycoder
DD-WRT Novice


Joined: 06 Dec 2016
Posts: 20
Location: Switzerland

PostPosted: Tue Aug 06, 2019 9:14    Post subject: Re: YES! Reply with quote
ai5g wrote:
I think router based blocking would be a great alternate option for the future.

Good to know.

_________________
Diversion - the Router Ad-Blocker for Asuswrt-Merlin
amtm - the SNBForum Asuswrt-Merlin Terminal Menu
Diversion and amtm on https://diversion.ch
twitter.com/DiversionBlock | github.com/decoderman | reddit.com/r/diversion
Kadolism
DD-WRT Novice


Joined: 31 Jul 2019
Posts: 5

PostPosted: Tue Aug 06, 2019 12:15    Post subject: Reply with quote
Why not just use DNS that blocks ads? It actually saves the router from the extra load. I found ad blocking DNS effective.
thelonelycoder
DD-WRT Novice


Joined: 06 Dec 2016
Posts: 20
Location: Switzerland

PostPosted: Tue Aug 06, 2019 15:14    Post subject: Reply with quote
Kadolism wrote:
Why not just use DNS that blocks ads? It actually saves the router from the extra load. I found ad blocking DNS effective.

Two reasons, and that is my humble opinion on that matter.

One: Dnsmasq resolves domains. Using a hosts file to tell it where a domain is located is arguably faster than sending a request to your DNS provider, waiting for the answer and then sending it back to the requester.
There is negligible extra load for the router if pixelserv-tls is used and Dnsmasq logging is enabled. This extra "load" does not slow down your router and if it does it's by a millisecond or less.
Users and myself confirmed this many times, using ad-blocking (with pixelserv-tls) actually decreases page load time.

Two: Who do you trust more? Your router or some third party, probably collecting metrics on you and monetizing or otherwise (ab)using it?

_________________
Diversion - the Router Ad-Blocker for Asuswrt-Merlin
amtm - the SNBForum Asuswrt-Merlin Terminal Menu
Diversion and amtm on https://diversion.ch
twitter.com/DiversionBlock | github.com/decoderman | reddit.com/r/diversion
underdose
DD-WRT Novice


Joined: 12 Jun 2019
Posts: 20

PostPosted: Tue Aug 06, 2019 15:38    Post subject: Reply with quote
Kadolism wrote:
Why not just use DNS that blocks ads? It actually saves the router from the extra load. I found ad blocking DNS effective.


The "extra" load of Diversion has been discussed on SNBForums a while ago and it is minimal to none.

Also, with Diversion, you can create your own blocking lists, whitelists, and blacklists which gives you the power to control what to block and not, instead of relying on a DNS provider that decides those for you and collects your data.
HalfBit
DD-WRT Guru


Joined: 04 Sep 2009
Posts: 776
Location: AR, USA

PostPosted: Wed Aug 07, 2019 3:32    Post subject: Reply with quote
<Kong> wrote:
But it is still limited unlike the solution which I just recntly added to my IPQ openwrt build. All those host based adblockers cannot block embeded ads in https sites:-) Since more and more webspaces now use embedded ads it will become useless.

While I agree with your conclusion, I do still like the host based (ad)blocker for other categories of websites or other specific domains that my family and I would prefer to have blocked on our network. I am still interested in hearing more about your solution and knowing if it would ever be available on DD-WRT and now older devices such as the R7000.

Plus, learning how to set up Pi-Hole, DNSCrypt Proxy, Apache webserver and a Zabbix server on a raspberry pi has been fun!

_________________
R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x
https://pi-hole.net/
https://github.com/DNSCrypt/dnscrypt-proxy
amnesico
DD-WRT Novice


Joined: 16 Dec 2011
Posts: 3

PostPosted: Sun Sep 15, 2019 16:11    Post subject: Reply with quote
I just stop using Asuswrt-Merlin firmware today, after years, due to my recent need for a "client mode", that dd-wrt can provide. And to be honest, one of the first things I've searched for: "Diversion DD-WRT".

@thelonelycoder
I read above that you're somewhat unhappy with the response on this forum, I really have no ideia why, but I hope that doesn't mean you're not going to port Diversion to dd-wrt. I'm absolutly sure that anyone that would give it a try, would soon understand how user-friendly, loaded with features and effective, it is.

An amazing work you did, maintain, and constantly improve. The perfect ad blocking solution packed into my router, and available do all my end devices.
Goto page 1, 2, 3, 4  Next Display posts from previous:    Page 1 of 4
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum