Techlore Talks

Ad blockers have broad permissions to intercept all your web traffic—which means you need to know which ones to trust. Henry interviewed the CTO and co-founded of AdGuard about why they pivoted from data collection to privacy protection, how DNS filtering differs from local ad blocking, and Apple's revolutionary new API that lets ad blockers work system-wide on iOS without ever seeing your traffic.

🔗 SOURCES & LINKS
• AdGuard: https://adguard.com/
• AdGuard Home: https://adguard.com/en/adguard-home/overview.html
• AdGuard DNS: https://adguard-dns.io/
• AdGuard VPN: https://adguard-vpn.com/
• AdGuard Mail: https://adguard-mail.com/
• Andrey's AFDS 2025 Talk: https://www.youtube.com/watch?v=L2c5WMjpVZc

⏱️ TIMESTAMPS
00:00:00 INTRO
00:06:04 PRE-SNOWDEN VS. POST-SNOWDEN
00:07:58 TYPES OF FILTERING
00:15:03 LOCAL FILTERING VS. DNS & VPN
00:18:14 INTERCEPTING WEB TRAFFIC CONCERNS
00:21:27 ADGUARD VS. BROWSER SOLUTIONS
00:26:15 ADGUARD EXTENSION VS. OTHERS
00:31:15 ADGUARD FILTERING VS. OTHERS
00:32:04 ADGUARD HOME
00:34:08 PRICING STRUCTURE
00:35:52 BASED IN CYPRUS?
00:38:25 OPEN SOURCE?
00:41:04 THE AD BLOCKING ECOSYSTEM
00:44:26 MITIGATING ATTACKS
00:51:13 THE ROLE OF AD BLOCKING
00:54:37 APPLE'S NEW API
00:57:38 COMPARISON TO DNS FILTERING
00:58:56 ETA FOR THESE UPDATES
00:59:43 APPLE'S PATTERN
01:00:58 BLOCKING APPLE DOMAINS
01:02:28 WRAPPING UP

🎥 VIDEO
Watch on YouTube

🧡 SUPPORT TECHLORE
Keep Techlore Talks independent & growing: ★ Support this podcast ★

Creators and Guests

Host
Henry Fisher
Runner, artist, musician and digital rights activist. Owner of Techlore
Guest
Andrey Meshkov
AdGuard
Editor
Tori
Techlore

What is Techlore Talks?

Techlore Talks brings you in-depth conversations with the experts at the forefront of privacy, security, and digital rights. Hosted by Henry Fisher, founder of Techlore and long-time digital rights educator, each episode features meaningful discussions with the people building, researching, and advocating for digital freedom.

From cybersecurity researchers and privacy tool developers to open-source advocates and digital rights activists—if they're shaping how we protect ourselves online, they're on this show.

Topics include: privacy tools and technologies, cybersecurity threats and defenses, open-source software, surveillance and digital rights, encryption, tech policy, and digital sovereignty.

New episodes released regularly. Subscribe and join the community at techlore.tech.

Adblockers are very powerful software with broad permissions, and they just blindly trust them.

It's not a good idea. You should.

Hello, everybody. Today, I have the honor of bringing on Andre from AdGuard.

Many of you probably know AdGuard as a good adblocker to use for Safari on both iOS and macOS devices,

but they actually provide a lot more than that, like DNS filtering and even some VPN services,

and we talk a lot more about this.

The discussion today highlights the growing need for privacy solutions and what those look like.

He elaborates on the company's origins in Cypress, their open source philosophy, the collaborative nature of the ad blocking ecosystem, which I got to witness firsthand in Cypress myself.

And finally, he dives into Apple's new API, which aims to enhance privacy while filtering web requests.

And this is not something I'd heard of at all before.

And so if you use any Apple devices, please listen up because this is quite an important thing.

That's not just going to impact AdGuard, but just overall filtering in general for whatever service you're using.

Let's get into the interview.

Hello, today I have Andrey from AdGuard on Techlore Talks,

and I would love to hear a little bit about yourself

just to kick things off.

Thank you very much for inviting me.

Well, what can I tell about myself?

So we started AdGuard 16 years ago, I guess,

so many, many years ago.

And basically I was a freshman back then,

so I was just out of the university.

And at some point, well, after having like a job in some company, at some point, I just

thought that it would be better to start something by ourselves.

And that's not how AdWords actually appeared.

So, well, at first we were trying to launch a very different kind of startup.

You may have heard about SimilarWeb, for instance.

but well, nowadays it's a big company

that works in web analytics.

So this company kind of collects information

from all places whenever they can reach.

And they use this data to estimate

websites' popularity, apps' popularity, whatever.

And back then, like 17 years ago,

I guess 17 years ago, yeah,

we started a company that was doing pretty much the same.

So we were on a different side of the barricades back then.

Well, back then we didn't know that there are any barricades.

So it was just, well, some nice thing that we started doing.

And it was working.

Well, SimilarWeb didn't exist back then.

So we thought that it's just a great idea to allow people to, well, see how popular this or that website is.

And we relied on the information that we collected from a number of panelists.

And at some point, well, just our money, well, ran out.

But even before that, we were kind of looking at this data.

And slowly we started to realize how much we know about these panelists now.

Just from the pure URLs of the pages that they were visiting, so many years ago, there was no market of data.

So it wasn't, well, that obvious like it is now.

So for us, it was kind of a, well, a new thing.

So we just realized that it is actually not very cool.

It's not great that we know so much about the people that are supposed to be anonymous.

So just from the URLs.

And at some point, we kind of thought, okay, cool.

We ran out of money.

We fired everyone.

So it was just all three of us.

And we thought, well, we probably should start something different.

And we decided to create an ad blocker.

And that's how well, Edgar appeared.

We decided to make it a premium product.

So we thought, okay, we need to make a living somehow.

So let's make an ad blocker and let's just, well, ask people to pay us money to use it.

We launched this version in 2009 or 2010, I don't know.

And it was fully written by me.

I think this was the beginning.

So this is kind of how Edgar appeared.

And nowadays, well, the situation changed a little.

So we kind of grew with time and we launched different versions of Edgard.

At first it was just ad blocking, but we were thinking like that.

So we were thinking Edgard should be on every platform or even any device

that is where it is possible to block ads and tracking.

We need to develop a version of Edgard for it.

That's how we ended up having like a lot of different versions.

Then there were, when there were no more devices, we could put Edgard inside.

We started thinking, okay, we need to expand further beyond just the devices.

So that's how Edgard DNS appeared.

And then we thought, okay, we're now blocking everything everywhere.

But, well, is there anything we can do that can help people protect their privacy?

That is not a net blocker.

And that's how we launched Edgar VPN.

And now, well, recently we launched also an Edgar mail service,

which is an email relay that is supposed to hide your real mail address

from the websites where you sign up, et cetera.

So, well, that's a brief history of Edgar.

Yeah, no, it's interesting because of the people I've interviewed on the podcast

that run projects and services,

The most common bucket that I see is pre-Snowden and post-Snowden in terms of motivations.

And typically the people who are pre-Snowden are, oh, hey, I was developing an email provider

and I realized I could just read everybody's emails.

Or like yourself, I realized that we had all the sensitive information.

And so I wanted to be a person ahead of that.

And then there's people who are post-Snowden who, well, just read what happened and were

a bit spooked by it.

And then they said, OK, let me do something about this.

So it's always fun to chat with people who are pre-Snowden who got ahead of things.

When I read about Snowden and when I took a look at all the information that he kind of showed the world, I didn't believe at first.

So it took some time to start believing in everything because it just it sounded completely unreal, unrealistic.

But then kind of with time, I wouldn't say that I believe like 100%, still that I believe 100% of that, but much more than in the beginning.

So yeah, it's still, it's just too fantastic.

So if this is all true, no.

Yeah, it's pretty spooky stuff.

You know, so from what I'm gathering, so you guys started with just kind of local filtering.

So what this might look like, correct anything if I get it wrong.

This is something you install locally in your computer.

Could be macOS, could be Windows, could be Linux.

And it's essentially going to filter out all the traffic.

It's almost like a firewall program might on your computer based on filters you guys have set up.

Now you also have the DNS filtering and the VPN as well, which can be combined with all of these tools.

So all three of these can be combined together.

And do you mind expanding on the different threats and the different reasons why those three different tools might come in handy?

Why not just use local filtering on your computer?

So what exact style of ads?

And also, can you expand on why this goes beyond ads too?

And what else is blocked through AdGuard?

Let's start with DNS probably.

So again, let's again touch upon the history of AdGuard.

So this will explain our motivation.

And also it will explain what's the difference.

So when we, well, before the DNS appeared,

so before we developed the very first version of Edgar DNS,

well, what happened is we had apps for every major platform,

Windows, Android, iOS, et cetera.

But at that time, it was, again, it was a lot of years ago.

So it was 2016 or 17, something like that.

At that time, smart devices started to become pretty popular.

And these smart devices, there was no way we could, well, cover them with just installable software.

And so we were thinking, okay, what is the easiest way to get to them and to give the user the ability to control what they do?

The easiest way to do that was actually DNS filtering.

So basically any device that you have on the network,

for the listeners who don't know, let me explain what DNS is.

So any device that is on your network,

it usually operates not with IP addresses, but with domain names.

Because, well, domain names are easier to remember,

and they are, well, you can control them,

you can change where the domain name leads you.

And every device will have to contact DNS service

in order to figure out which IP address

the domain name points to.

DNS is a good place to do two things.

So you can, first you can observe a network,

you can see where each of your devices tries to connect.

And the other side to it is that it is a good way

prevent connections that you do not want to happen. For instance, you can say that some domain name

now points to a non-existing IP address and the device will not be able to connect there. So yes,

this was the main motivation. We wanted to provide people with a way to control and to block

tracking or add requests or whatever they want that is done for the whole network, not just for

phone or for a computer. We wanted to cover, you know, smart fridges, smart TVs, light bulbs,

I don't know, all this stuff. The problem with DNS, though, is that it is relatively easy to set

up, but it is not fully under your control. So, well, we run the servers. You can trust us,

well, you may not trust us and this is fine.

And we thought that we should also provide people

with a way to be fully in control.

And that's how another product of ours appeared,

which is called Edgar's Home,

which is basically a DNS server with filtering capabilities

that you can install on your device, on your server, whatever.

So you can be completely in control

without involving any other company or person.

And it is completely open source.

We don't learn from it.

We just maintain it.

It's just proper open source, I guess.

Free and open source software.

Again, this is DNS.

You are now in control of all your network

and you can see everything what's going on there.

But there's, well, it's again, not enough.

So what happens?

when you block all known trackers, all known ad servers.

First of all, you cannot block all of them on the DNS level.

Unfortunately, sometimes ad networks use multipurpose domains.

Let's say Facebook, for instance.

They use for ad requests, for tracking requests.

They use the same domain name that is used to serve your Instagram feed.

So if you block it, you effectively break Instagram app for yourself.

So it is still there.

The other problem is you block many trackers,

but they still collect some information about you,

and they still are able to match your browsing history using your IP address.

So here comes the VPN.

So VPN, besides just changing your location, it is a good way to use the IP address that doesn't belong just to you.

It is shared among several multiple VPN users.

So the companies cannot collect just your profile.

They have to just disregard this data because, well, it doesn't identify anyone or anyone's preferences.

So that's another small thing that protects your privacy.

And there's one more thing that is still out there.

With how the world evolves, browsers and operating systems, they are not too happy about, well, mostly browsers.

They are not too happy about providing ways to easily track users in the form of cookies, for instance.

So they constantly work on improving privacy protections of the browsers themselves.

What it leads to besides, well, obvious positive sides that, well, it's harder to track people.

It leads to ad companies starting to use different persistent identifiers.

something that can be tied to you, something that can identify you, and something that you use in

different places, something that is shared by all kinds of websites or apps that you use. And the

ideal persistent identifier of you as a person is your email address. So that's kind of the last

thing that needs protection. There should be a way to stop using the same IP address for all the

accounts that you have because well this is exactly the this is the last identifier that you

have that needs to be protected. Got it and then I want to ask about your individual services as

well and how they compare to some alternatives in the space too to kind of get your your feedback on

that but before that just want to clarify the filtering that happens locally so this is

independent of the DNS this is independent of the VPN and the mail how is that different from the DNS

or the VPN. I'm using it right now so I have like Brave browser set up on the

system and I have AdGuard running and this is a desktop operating system and

somehow AdGuard is being able to block things in my browser and it's not

happening via DNS so can you kind of explain what's going on here?

So the other thing that's going on on your computer is basically you have many

apps Brave included but it's not limited to Brave that try to connect to the

network to try to download something or to upload some information to the network or to the internet

basically. Depending on the operating system there are ways to intercept these network connections

intercept right on your device. So different operating systems provide different ways but the

main idea is that there is a way. Edgert is capable of doing that so it kind of intercepts every

network connection that happens. It then inspects it and compares the signatures to a set of rules

that it downloads from the internet, but not simply from the internet. We actually maintain

all the rules in an open repository on GitHub. It can be inspected and checked. So with every

edward version it relies on a set of open source rules that we and different contributors maintain

so it compares your web requests to these signatures it finds the rules that can be

applied to them and then edward just interprets the rules so basically edward is a and any ad

Adblocker actually is an interpreter of a special set of rules that follow like special syntax and which is actually shared by many adblockers.

Adblocking is an interesting field because we kind of collaborate with other people that develop adblockers.

And we come up with all kinds of different new rule types, etc.

And we purposefully try to make them cross-blocker compatible when it's possible.

Sometimes it's not.

For instance, AdWise as being a network filter,

it is capable of some things that are not possible to do on the browser extension level.

But mostly the core syntax, it is the same.

We make it the same.

That's how we are able to have such a diverse community

that maintains filter lists for different ad blockers

and they talk to each other, they help each other,

which is pretty cool, I guess.

Yeah, and I have a couple of follow-ups here.

So I'm sure a lot of people listening go,

oh, okay, so you intercept my web traffic.

So do you mind clarifying what stays local

someone's device and what's actually internet connected?

And does this pose any security or privacy concerns?

Because again, people hear,

oh, you're intercepting my web traffic.

So that means you now have to trust AdGuard.

Yeah, yeah, yeah.

And that's actually a good point,

which applies not just to AdGuard,

which applies to every ad blocker.

Because ad blockers in general

are very powerful pieces of software.

So they have very broad permissions, and this is important to keep in mind.

It often happens when people just, you know, Google for an ad blocker, and they install whatever they find on the first thing they find on the internet.

And they are used to ad blockers being very powerful software with broad permissions, and they just blindly trust them.

But it's not a good idea.

You should actually learn more about the developer first to figure out whether you can trust them or not.

There were many cases when people were installing fake ad blockers or ad blockers that then were sold to someone and started, I don't know, collecting your browsing history.

That's an unfortunate consequence of the ad blockers being so powerful.

But we have to be like that because without that, we wouldn't be able to block ads and

tracking.

So that's kind of unsolvable problem.

Anyways, what's there to know about intercepting traffic?

The traffic is intercepted locally right on your device.

Nothing goes to our servers or to any other place.

What we do is basically we decide whether your request goes further or whether it is

blocked.

The decision is made right on your device by the software that you use.

It could be AdWords, it could be UBlock Origin, AdBlock Pass, Glossary, whatever.

So that's what we all do.

The difference here is at which point the request is intercepted.

And then we just decide whether it goes further or whether it's blocked.

My point is you need to be aware that an AdBlocker has lots of permissions.

If you use a software like that, learn about the developer.

Decide for yourself whether you want to trust them or not.

Yeah, no, definitely good advice.

And so would it be safe, if I'm understanding you correctly,

if someone installs AdGuard on their devices, it downloads data,

it downloads new rules, it gets updates from you all when you make updates,

but it's not going to be uploading someone's web traffic.

So it's a download first, there is no upload,

everything happens locally in the program.

theoretically, if there was a way to disable internet access to AdGuard,

it would still function properly,

assuming your traffic could still go through the network.

Would that be all fair to say?

Yeah.

So back to kind of my use case,

because I have Brave and AdGuard running right now.

How does this compare to just Brave's protections?

Right?

Like nowadays, we're starting to see more things built out of the box.

Well, that browser has a HueBlock Origin built out of the box.

Brave has its own shields.

Some other browsers have built-in ad blockers.

Why would anyone use AdGuard if their browser already has some protections in place?

Again, AdGuard comes in different versions.

You're using the one that is in a full-scale network filter.

But there is also a browser extension, which is pretty much the alternative to Ublock Origin with pretty much the same capabilities.

Basically, what we are talking about is what's the difference between the browser extension and the network filter?

And the difference, there are several things that are different.

The first one is in a browser.

The browser extension only sees and controls what the browser allows it to see and allows it to control.

In every browser, be it Brave, Mozilla, Chrome especially, your browser extension is limited and does not see some internal requests that go to, well, for the browser settings, for instance.

That's the first difference.

The second thing, which is also important, is that a network filter is not limited just to the browser itself.

It also can prevent tracking and ads that is initiated by your apps, which is studied not as good as the web tracking.

Everyone knows about web tracking or Google Analytics, Google DoubleClick, etc., which is ubiquitous on the web.

But no one actually studies the kinds of tracking that happens inside your apps.

And it is that many apps, they use Google Analytics, they use Google Tag Manager, et cetera, et cetera.

And besides that, they also have much more permissions than a regular website has.

You have any app installed, even, I don't know, a text editor.

And it sees and knows about you much more than a website.

It has access to your computer, basically, to see some properties of your computer, to inspect the files on your computer.

Imagine what kind of information, even inadvertently, can be shared with tracking services.

And finally, the last point is that browser extensions, they are not only limited in what they can see,

they are also limited in what they can do with web requests.

This is especially important given the recent Manifest V3 change in Chromium, which severely limited what ad blockers can do in Chromium.

You don't probably feel it right now because, well, basically we were able to talk to Chromium guys.

We were able to shape the API in a way that it is good enough to cover most of our needs at the moment.

What is crippled is the ability to improve it further.

It now takes much more time to implement any changes.

it may take years to have a new feature in MD3.

And network filter, it is not limited by that.

So we can innovate much faster.

We can adapt much faster than the browser extensions can.

Got it.

So I'm kind of hearing, you know, you have,

and these can all be swapped.

And actually the next section will kind of speak to this a little bit, I think.

It doesn't really matter if it's all AdGuard,

but there are just these different threats

that attack different parts of the stack.

And so for anyone listening,

it doesn't really,

there's different ways to deal with it

and there's different tools.

So you're going to have your browser

and you have browser extensions

to help block things within your browser.

You might have local programs

to do filtering on your system

and that's system wide.

You can also do DNS, then a VPN.

And then there's kind of just tools

that can exist atop on all of that,

which include things like email aliasing, phone number aliasing, et cetera.

Is that kind of a fair way to put it?

Okay.

So now kind of the fun part.

And if you want to repeat the same answer for some of these, which is,

oh, hey, we like our UI and we think that's what's better about it.

That's fine.

I'm just kind of curious what you guys feel separates you

from maybe some of the competition for each of these products.

So I wanted to start with your extension.

So just the AdGuard extension.

And I can already fill it in because at least on iOS for Safari,

I haven't found anything better that works as well.

But I will let you go ahead and kind of fill in

like how your extension is maybe different

or your approach is different from most of the alternatives

like uBlock Origin, et cetera.

As far as I remember, uBlock Origin uses a very different approach on iOS.

So basically he migrated his MV3 version to Apple.

And Edgard still uses the older approach, the Safari Content Blocking API.

And we would actually, we would like to avoid migrating to MV3 there.

We do not like how it is implemented right now in iOS Safari.

There are some little issues that kind of are really annoying to the users.

So we use an older, more tested, a little bit different approach.

But other than that, uBlock Origin basically comes as a static bundle.

It cannot change the way the rules are interpreted without updating the app.

And this is actually a very common problem on Apple devices.

There are a lot of ad blockers that are not capable of updating the rule set without updating the app itself.

AdCard took a different approach in the very beginning.

So we were developing our software in a way that it should be able to download a new set of rules and apply it without the need to update the app.

And in order to do that, we developed a library that is, well, let's, I'm sorry that I'm going

into so much details, but well, maybe it's interesting to anyone. So one of the problems

of Apple and Apple's approach is that they invented a new way of doing content blocking.

Invented, so it should be said like that. So instead of relying on what ad blocking community

came up with for 40 years.

They kind of came up with their own special syntax for rules,

which is pretty limited compared to what we had before,

what we had on other platforms.

And they told everyone, okay, you need to use these rules.

We don't care that you have like millions of rules

written in different syntax for other ad blockers.

You just have to redo the work again.

Well, of course, we didn't like it.

We didn't want to redo the work.

So we implemented a library, an open source library, by the way, that is used by many other ad blockers.

I hope they at least mention us somewhere.

So this library is capable of taking traditional ad blocking rules and converting them to the syntax that Safari understands.

And we continue to maintain it.

It is a good, fast library that is maintained and improved all the time.

And it gives us the ability to dynamically change the way we do the work, the way we update rules and apply the changes.

And this also gives us the ability to provide you with different sets of settings that you can change.

the ability to add your own rules right in the app so you can just choose what to block,

what to unblock, whatever. So you can do this right inside the app.

Ian? Well, at the moment, I wouldn't say that we're completely happy with that. But I can say

that probably we on this platform with these capabilities that we have with Safari, this is

is the maximum thing you can do.

So there's no other way to improve it further in Safari.

Yeah, and I know you talked about the new API in Cypress

that I'll ask you about later as well.

But what about for desktop?

Like if someone's just using Firefox,

what are kind of the differences in the approach

between UBO and AdGuard?

We use different filtering engines under the hood.

So we have different, basically different code.

But other than that, honestly, the browser extensions are interchangeable.

So we have a little bit different UI.

It might, some people like ours more, some people like UBO more.

But in terms of capabilities, UBO and Edgard's browser extension, they are pretty much the same.

Got it.

And then for the filtering, so kind of moving on to your filtering that you provide,

Are there any difference in approaches there beyond just maybe UI and the specific block lists that you guys choose to use?

That's basically it.

So we have different filtering engines, but they are very similar in what they do.

So I wouldn't say...

And actually, we collaborate with UBO on filter maintainers.

we try to maintain cross-blocker compatibility

so that the rules worked in AdGuard

and AdGuard rules worked in UBO.

So we even discussed some features

and make it well compatible.

Very nice.

And then AdGuard whole,

the way I understand it,

it's kind of your own take

slash alternative to PyHole.

Is that correct?

Probably, yes, yes, you can say that.

Yeah, yeah, I guess.

We started it a couple of years later after PyHole.

What we didn't like about PyHole is that at that time, I'm not sure about

how the things are right now, but back then when we started at the home,

Now PyHole was basically a set of scripts that kind of configured DNS masks.

So I don't want to say anything bad about PyHole.

It's a great piece of software.

But what I didn't like is that it was pretty complicated.

It consisted of different other pieces of software like DNS mask or some PHP admin interface.

And it was not developed specifically for this purpose.

So we've kind of tried to configure different other software to do the work.

And with Edgar's home, we tried to actually develop something that is specifically created

for this, for filtering DNS.

And it makes it easier to extend it.

It makes it easier to add any features and well, to develop it further.

And it is also a little bit, it looks simpler.

So if PyHole is a set of different things,

tools that are orchestrated together,

then Edgard Home is just a single binary file that you run,

and it just works.

Yeah, and I'm sorry, I actually misheard you originally

because I thought you said Edgard Home, but I got it at Home.

So I just pulled it up, and it looks simpler for sure

than the PyHole last time I looked at it.

But I haven't used either of these, so I can't really speak to what you said about PyHole and if it's still that way.

I wanted to ask about pricing, too.

So if somebody is looking at all these services, what are kind of the pricing models across your ecosystem?

It's probably good not to use specific prices because I know this stuff changes all the time.

But just in general, like, what are the pricing structures that you have?

Because I bought, I think, an unlimited plan for filtering.

Yeah, we have a lifetime license.

We only keep it for the ad blocker.

So there's an option to just buy a license and it will just work.

Well, it's not limited in time and it's not limited in updates.

So you just use it.

It's just a one-time purchase and you just have it.

Although we only have it for the ad blocker and for the VPN, for the DNS, we only have subscriptions.

And the reason here is that both DNS and VPN and mail also,

we have to spend more on the infrastructure all the time to maintain these services.

With the Adblocker, we just developed the software.

And the only additional spending that we do is the filter lists.

And actually, nowadays, there are many users,

So it's not that cheap anymore.

But well, whatever.

I can't undo what has been already done.

So we still maintain lifetime licenses.

And actually, we don't plan to change that.

Very cool.

And I wanted to pivot over to more of the company as a whole.

And then I have a few just kind of random questions

I couldn't fit in anything so far,

including things like Apple's new API and et cetera.

So the first thing is you guys are based out of Cypress,

if I understand correctly.

Was that an intentional decision?

Or is it just kind of where you all are based out of?

No, the company is mostly remote.

So we have a pretty small office in Limassol.

I live in Limassol.

And part of the team also lives in,

well, not just in Limassol,

in different parts of Cyprus.

But most of the company is remote.

We have people working all over the world,

to be honest.

So we have people in China

in Poland, in Germany, in South Korea, in Japan.

I don't know, peak country.

There's probably a person working for that.

How large is your team?

170, I guess.

Wow.

Wow, that's impressive.

But what about Cyprus in general?

So we incorporated in Cyprus in 2014, more than 10 years ago.

And the reason for that was that back then Europe was the most advanced in terms of privacy legislation.

GDPR was an emerging thing.

And it is actually still a pretty modern law that no one else managed to write.

Nowadays, there are more countries with good privacy legislation, but still GDPR is kind

of a model for all of them.

So we thought, okay, we need to have a company in a country that actually respects privacy.

And again, now we need to pick some country in Europe where we are ready to live and where,

well, which is also good enough financially and for to run the company.

And Cyprus was a pretty obvious choice, to be honest.

There are not too many countries that are so good to foreigners, actually.

Even though, well, nowadays things change, of course, but 10 years ago, it wasn't that

easy to come to some, I don't know, even to a Western European company and run a company

there and don't have people looking at you strangely.

And in Cyprus, people are very welcoming.

And I can't say anything bad about Cyprus.

I love it.

Very cool.

And yeah, it was beautiful when I visited.

What of your products are open source?

Well, ideally, we would love to have all our products open source.

Unfortunately, for some of them, we can't still decide, and I will explain why.

Talking about open source, Edgard Home is the most popular open source software that we make.

Our browser extensions are open source.

Our Edgard or Safari, it's a different software specifically for macOS desktop and for Safari,

it is also open source. And then finally, the iOS version, despite being premium,

it is also open source. But this is actually one of the reasons why we're wary about making all

our other software open source. So with AdWard for iOS, we dealt with a lot of people basically

cloning it and uploading it to App Store under a different name without actually respecting the

open source license without any, well, at least write it somewhere that it's based on Edgar's code.

We don't ask you for anything else. Just, well, just mention us at least on the above page.

Don't be shitty is the license.

That's one of the issues with making things open source. We promised to open source our VPN

software like for a couple of years already and it is it will happen really soon either this month

or next month we're planning to properly open source edgard protocol because it's different from

other vpn apps we have a state of the art our own protocol we will open source it soon we don't

want to just show the code. We would like to open source it alongside some client apps so that

anyone could take it, set up a server that uses this VPN protocol, take the client apps, just use

them. We would like to make it a proper open source project, not just as something, some open

sourcing code just for a check mark. Ideally, we would love other VPN providers to start

using it as well. So that's why we were open sourcing it under different name with as little

ties to AdGuard as possible. We just think that this is a good protocol. It can be used

by others.

Very cool. And I wanted to also ask about your just general involvement in the broad ad

blocking ecosystem. I think something I learned when I went to Cypress and was part of the ad

filtering dev summit is that you have all these people in a room. Some of them don't see things

maybe the same way as other people. So it's trying to please a big group of people with different

ways of viewing things. But it seems like everyone that's kind of in like the ad blocking scene is

overall kind of on the same page and seems to collaborate a lot like ghostery, DuckDuckGo,

You all, Firefox, Brave, et cetera.

So can you kind of speak to what your role is

in the broader ad blocking ecosystem as AdGuard?

It's not that we're trying to take any role

or to promote ourselves as someone.

We're just a part of the community.

So people that contribute to AdGuard's filters,

they are a part of the list maintainers, contributors,

and developers.

Well, it's not like that we have a group of people that is a single community.

I guess there's a community of filter list maintainers and there's that are ad blocking developers.

And these two communities, they work together all the time because filter list maintainers,

the people that actually create the rules that block ads and tracking,

They are the most demanding users that we have.

They want us to improve our software so that they could block more or block better.

And developers and filter-based maintainers, we are in contact all the time.

So we kind of think, we talk to each other.

We try to help each other.

And what about Edgar's role?

One of the things that I find very valuable

are these summits themselves.

So you saw it with your own eyes.

People that do adblocking,

they might be different a little,

but still they understand each other very well.

We have so much in common.

And when we meet every year,

we come up with new ideas that we then take home

to the companies.

and it helps the products themselves.

What's different about adblocking communities

is that there's no competition between us.

It's like everyone's working for the same goal,

which is pretty cool, to be honest.

Yeah, that was the feeling I got,

was kind of just seeing all these different products

that to end users feel like competition, right?

Like I go online and I go, oh, you know,

oh, this is what Ghostory does.

And this is why I hate Ghostory

and I love Ublock Origin.

And someone goes, I hate Ublock Origin.

That's why.

And it is just interesting

because I was just there in a room

with all of you in there

and you're all like,

oh, so how do we make ad blocking better?

I mean, there's these new threats.

It seems like MV3 is making things harder for us.

Here's what we're doing to try to address it.

And it's pretty collaborative behind the scenes,

which I thought was really cool to see.

So I'm glad you spoke to that.

I just have some kind of just random one-off questions

that didn't fit anywhere in this interview.

So the first one is, I just wanted to get your thoughts

because you see some of these researchers

that go to the summit that I went to with you all

and they talk about these very sophisticated attacks.

And I know what these look like.

I've seen them over the years.

To me, they're not a surprise.

But I feel like when you actually present them cleanly

to a person who doesn't know

what actually happens behind the scenes,

it can kind of wake them up a little bit.

So I wanted to ask if you had a specific attack that you've seen over the years that AdGuard had to kind of proactively mitigate because you thought it was just kind of an insane, clever way to spy on people.

And it could be from a big tech company.

It can be from a malicious actor, which I guess in this case is used as a separate entity from a big tech company.

But they could be potentially the same thing.

So just wanted to get your thoughts on that.

I wouldn't say that this is something that is unique to AdGuard, though.

So I have an example.

It is not new though, but it impressed me a lot back when I read about it first time.

So back in the day, like several years ago, some researchers from, I guess, Washington University, they made a very interesting research.

So what did they do?

In order to understand what they do, let me explain a little bit of the background.

When you open a mobile app, for instance, and there's an ad place in the app, some banner place, there needs to be a way for the app to choose what ad it wants to show you.

So in order to determine what actual banner you will see, the ad network that is responsible for this banner place, it runs a thing that is called an ad auction.

So what happens? It takes some of the information about you, and then it sends it to a number of participants in this ad auction.

And each of these participants, they take a look at this information that they received from the ad network.

They compare it with their database and they come up with a bid with how much they are ready to pay for their ads to be shown in that banner place.

So this is what happens for every time the system would like to show you a banner.

So what the researchers did?

They somehow registered the company, I guess.

So that's the only way to take part there.

So they registered the company, they paid a fee, and they connected this company to the ad network as a participant to this ad auction.

Once it was done, they were also a participant.

They were also receiving these signals from the ad network with the data of the users that are going to see the ad.

But they didn't do bids.

They just recorded this information.

And what else they did?

And they had a person that was participating in this experiment, and they took the identifier

of his or her mobile device.

And then they started to track signals with this identifier coming from the ad network.

And they were just recording the data for this single person, for this participant, or from

the device of this participant.

And what they were able to achieve, they were able to reconstruct the whole day of this person.

So there was a map.

They said, "Okay, so this person lives in this house.

Then they go to this bus station.

Then they go to this coffee place.

Then here they work.

Here they, in this part, they have a beer after work.

And now that's the way they go home."

This is proper surveillance and it is very precisely targeted as a single person.

And the only thing that they needed is learning like one identifier, one simple identifier

from their device.

And this is 1000 bucks and you can spy on your wife, I don't know.

So that's scary.

And well, and this just scared me.

Anyone can spend a thousand bucks

and spy effectively on any person in the world.

What's even scarier, on the exact person,

on someone you know, you can just, well, follow them.

You can stalk them easily with these capabilities

provided by simple ad networks.

So I assume for people, I mean,

the two-step process to avoid this is,

one, download trusted apps.

ones that ideally don't have ads and have some kind of business model that doesn't rely on ads

in the first place. But if you do have to have an app with ads, then making sure you use some

kind of ad blocker. I assume AdGuard on a mobile device would prevent this kind of thing from

happening. It's not that easy to, that hard to prevent. It can be prevented by an AdGuard,

a DNS service with ad blocking capabilities. So generally, it is not a unique, unstoppable

threat. But well, it's just scary that this kind of information can be retrieved through another

network. Right. I don't think people see what goes on behind the scenes there. They just see,

oh, those are the shoes that I looked up on my laptop last week, and now I'm getting an ad for

them. How fun. So it is pretty crazy. And actually, one of my favorite ad campaigns I ever saw,

it was very short-lived because they pulled the ads was from Signal. Signal, I don't know if you

saw this, but they ran ads that actually took, I think it was on Facebook and Instagram, etc.

They took the unique identifiers that they were using and made unique photos using those identifiers.

So the ads were more or less like, oh, we can see that you are on an iPhone, that you're located here,

and this about you.

And it's a way to kind of showcase

how much information they had from the ads.

If you haven't seen these yet,

I recommend checking them out.

I haven't seen, but well,

imagine that this is just a very small, tiny,

and easy thing to get.

It's not just a real surveillance though,

but it is already scary enough.

So I guess people were not happy with seeing such ads, right?

Right.

Right. And I guess this extends into another question here. I promise I'll try to keep these

as brief as I can for you. I know it's later there. People hear ad blocking. I feel like if I go on

the street and I said, oh, you don't block ads. I think people just think of annoyances. They think,

oh, yeah, I don't like watching a one minute unskippable ad on YouTube. That sucks. Or the

website just looks ugly with 30 different ads all around the content you actually want to view.

But there are many other reasons to use an ad blocker.

Official U.S. government agencies last year started recommending ad blockers for basic security to prevent malware being installed in your device.

A lot of our community members are well aware that privacy is a very real reason to use an ad blocker as well because it blocks trackers and the ad surveillance network that you kind of just spoke to a little bit here.

So I guess I just wanted to ask, where do you see ad blocking actually having a role on the Internet?

Do you think it's a mixture of all of these different things?

Is there one particular thing that most AdGuard users seem to really care about?

Is it really just because they don't like ads?

And I don't know if you have any personal views on that.

We actually asked people about this, what they think is more important than what else.

But also we observed how they react to changes to filter release,

to cases when the ad blocker stops blocking ads somewhere.

is merging this, the results of our surveys and what we see, what reaction we have from the users.

I think that actually blocking ads is like 70% of the people, despite that they say that they would

like more privacy protection and privacy protection is the main driver. For 70%, they just don't want

to see the really unknowing ads.

So that's what drives them to adblocking.

And this is pretty logical, right?

We're an adblocker.

But at the same time,

people do think about their privacy

and people value it a lot.

It's just they don't know what to do.

It's pretty hard to...

Since privacy threats,

They are very complicated themselves.

People just don't know how to protect themselves from that.

They would like to have a simple button that gives them at least a sense of safety.

And more globally, talking about the web in general and the industry in general,

I think the role of ad blockers is also very important in shaping the ads that other people see.

This is the way people provide feedback to the corporations that something is not okay with what's being done.

And corporations, they read the signal, they react, they try to make ads not as annoying, acceptable to people.

Just merely by having this signal, they start to understand what to do.

I'm not talking about establishing a standard like an acceptable ad standard.

That's not my point.

My point is that the corporations, they look at how many people use ad blockers and they have to react.

They have to improve the situation a little.

Got it.

And the last thing I wanted to ask about was Apple's new API.

This is not something I even knew was happening.

This isn't the kind of thing I think that Apple just announces at WWDC.

It's a very niche thing for you all

that will secretly end up on people's phones,

but I'm sure people listen to this podcast

get a few more of these sneak previews,

which I'm excited about.

Because I didn't know about this

until you did your talk at the Ad Filtering Dev Summit.

So do you mind talking about Apple's new API,

how it differs from what sounds like

any mobile operating system has?

It sounds like there is nothing like this yet

on any mobile operating system

and what that's going to enable for users down the road.

Apple came up with a pretty interesting idea.

So we were talking in the beginning about local filtering,

net intercepts and requests,

and controlling where your device connects

and what data it uploads, et cetera.

And Apple, they decided to provide developers with a way

that is created specifically for this purpose,

for filtering web requests, but on the system level,

not limited to the browsers, to Safari,

but a way that allows us to control where all other apps go.

What's interesting about their way of doing things

is that they try to make this API truly private.

So remember I was talking about ad blockers

having very broad permissions,

which are actually required to do the job.

What's interesting about this Apple's API

is that it will be actually safe and private.

So ad blockers, they will not see the traffic themselves.

There will be no interception.

The interception will be done by the system.

The ad blocker will be asked whether the request should be allowed or not,

but asked in a smart way that the ad blocker will not actually learn what the address was.

And yeah, I talked about it during the summit.

So if anyone wants to learn some technical details,

but the idea of the API is this.

So to provide a way that allows apps to filter traffic system-wide,

but at the same time in a completely private way,

in a way that the developer will not even be able to learn anything about your traffic.

So you will not have to trust my word.

It will be a guarantee that the ad guards just doesn't see and cannot see, even locally.

We just will not be able to learn anything by ourselves.

And at the same time, the goal will be fulfilled.

The tracking will be stopped.

Yeah, that's pretty cool.

So how does this compare?

Because right now you can use DNS filtering right now on iOS.

And I'm using this.

So how is that different from, how is this new API different from DNS?

Two things that are different.

So the first thing is with DNS filtering, we actually, the app itself, it knows the domain you tries to connect to.

Well, this is obviously required because the app needs to understand whether the domain needs to be blocked or not.

With this new Apple's API, the app will not know even the domain name, even though it sounds strange, but it will be able to block bad domain names without actually knowing what domain names you have visited.

So smart, interesting stuff.

And the second difference is that the new Apple API is not limited to domain names.

Remember, I was talking about Facebook using the same domain name for serving ads and for serving your Instagram feed.

This new API finally will allow us to differentiate, just block the ads without touching the other parts of a multipurpose domain.

Very cool. And do you have an ETA by any chance?

I mean, this is probably going to go live well after a recording, but...

Yeah, the problem is that in order to start using this API,

we need first to go through a review, through a special review.

It's not just an App Store review.

We need to apply for the ability to use it.

We applied like a month ago or even more than a month ago we applied,

but we're still waiting for the response.

And as far as I understand, it may take several months to get one.

Once we get it, it will be very fast after we get it approved.

Apple bureaucracy.

And I'll make sure to leave your video link so people can learn more about this.

And it's funny because Apple's approach to this is actually very similar to other things they've done,

where Apple seems to look at the worst case scenario of how someone can abuse permission and go,

So, okay, we're going to find some incredible engineering to prevent that from happening,

which also is going to prevent people from having an actual maximal approach to dealing with the

problem. Like this is what we see with WebKit, where we don't really see any real bad browsers

on iOS because everything is just using WebKit. But it also means that people like Brave can't

actually do more with WebKit and make it a more powerful browser. And this is kind of Apple's

approach to a lot of things. So I guess I'm not surprised they did this with this new API as well.

Yeah, yeah. But again, it has its downsides. But I have to admit, the way they decided to do it is

pretty innovative and interesting. So I hope it can be improved. But still, it's interesting.

For me as an engineer, it's a very interesting engineering problem to solve.

So that's another reason why I like it.

Yeah, and kind of the last thing, I don't know if you've tested this

or if you already know off the top of your head.

One thing I don't like about Apple on anything iOS

is they add a lot of exceptions for themselves with a lot of these things.

Apple goes, oh yeah, we'll give you the ability to have a VPN,

but we're also going to not have our own web domains go through the VPN,

which is pretty crappy, especially with the way that VPNs are presented on iOS.

It makes it seem system-wide, but they exclude their own stuff.

Are you able to block Apple domains with this new API,

or have you tested to see if they don't actually allow that to happen?

Well, one of the downsides of the API is that it is completely...

It is not transparent what's going on on the inside.

So we don't see what's filtered, what's not filtered.

So we can judge by using indirect signals.

For instance, by reading the logs of the device.

What can I say is that they didn't do direct exceptions for themselves,

but there are some limitations to how the API is implemented in general.

that makes it possible to circumvent it, unfortunately.

For instance, on macOS,

the Chrome browser will not be filtered

just because that's the way how the API is implemented.

It's not because Apple decided to make an exception for Chrome.

No, it's just a limitation.

Got it. Okay, well, that's kind of all I have

on my end in terms of questions.

Is there anything you feel like I missed

that you wanted to kind of touch back on

or kind of remind anyone before we wrap this up?

Not really, but thanks for the questions.

They were, well, interesting and sorry for me

having to talk so much.

No, I mean, that's the point.

Techlore talks.

So it's meant to be a bit more thorough.

And if people are here, they're here for a thorough,

you know, getting to learn a little bit more

about the tech they use.

So I hope that you were able to provide that.

And I think you did a great job.

Yeah, happy AdGuard customer here.

You know, I use some other ad blockers here and there,

but you guys are definitely a part of my stack.

So big fan of all that you're doing.

And it's been an honor to chat with you

and the rest of the team in person as well.

So thank you for your time, Andre.

Thanks.

And that is the interview.

I want to give a massive thank you to Andre

for taking the time out of his day

to explain all these technical things

in ways that all of us can understand.

And now I know how to kind of navigate

this landscape a little bit better.

as a result of it. So I hope you all got to experience that too. If you enjoy Techlor talks

and you want to support this podcast, you can do so for free by using a Techlor affiliate link or

just being involved, giving a like, sharing this podcast, leaving ratings on podcast platforms.

I've noticed that this podcast has less ratings than surveillance reports. So if you do like this

podcast, make sure to let us know and let the world know as well. And of course, you can become

a Techlorian to keep all of this content free for everybody so we can keep producing this and keep

bringing on awesome guests. I want to thank you all again for listening, and I'll see you next time

on TechCore.