I would advise against using unbound on the client side as this way all your DNS queries will be unencrypted and visible to your ISP. Besides that, the DNS responses can be modified, this kind of censorship is very popular and used in many countries.

IMO it is safer to use a big popular DNS recursor (google, cloudflare, adguard, quad9, etc), use DoT/DoH/DoQ and maybe add some additional filtering on top of it.

I tried not to share too much details while we were still in process of figuring out the details.

The legal advice we got was basically “block asap or risk jail time”. Moreover, the risk would still be there even if the complainant is shady or hiding their identity.

So it took us some time to do the digging and make sure that illegal content was removed which was the prerequisite to unblocking.

The digging is not finished btw, we’ll later post a proper analysis of our reaction and the results of the research.

Thanks for understanding and sorry if my comment sounded too harsh. Over the past few years we went through a lot and when I hear that AdGuard is just registered I may overreact.

What for your position, I respect it and as much as I’d like to say otherwise, under certain circumstances it can be reasonable.

It's not the first time I've noticed you spreading this misinformation on HN, so let me respond.

Most of AdGuard's staff relocated in 2022, and I (CTO and co-founder of AdGuard) personally live in Limassol, Cyprus. We commented on that publicly, but it seems that random forum posts often regarded as more reliable sources of information.

I am totally fine with anyone not trusting AdGuard for any reason, but please keep your statements factually correct.

PS: Sorry for sticking a small promo in the comment, but this year we're organizing the annual summit (adfilteringdevsummit.com) for ad blockers' devs on our home turf in Limassol, a perfect opportunity to meet us, other ad blockers and even browsers' devs.

> "Most of AdGuard's staff relocated in 2022"

So a lot of your staff remain in Russia?

If you've still got most of your devs working in Russia, and it looks like that from your github projects, I'm not sure what part of the comment you responded to is not correct or misinformation.

Most of the employees relocated including senior staff, devs and people with access. We still have some contractors working from there, mostly in support service, content and qa. Not "most" or "a lot", but nevertheless.

We encourage people to move closer to the head office, but as long as it's not required by law, we’re not going to force people to move out, as I know very well how hard it is.

> and it looks like that from your github projects

You do realize that a russian name != working in Russia, right?

> I'm not sure what part of the comment you responded to is not correct or misinformation

The parts where:

1. It's implied that the company is just "registered".

2. It's implied that the company is not European.

3. It's said that devs reside in Russia.

All three are factually incorrect.

AdGuard has been around for 16+ years, and throughout this time I've seen similar accusations many times. I am generally fine with them — that's life — but today I just wasn't in the mood, sorry for that. Anyways, this is one more reason to have more code published to open source, a win-win for all.

Alternatively, you can do something like this: *$denyallow=example.org|example.com

Blocks everything except example.org and example.com.

Works in AdGuard Home, AdGuard DNS or any other AG product with DNS filtering capabilities: https://adguard-dns.io/kb/general/dns-filtering-syntax/

Will be fixed in the next filters update

I made a similar thing once to relay UDP traffic over WebSocket and it supports Cloudflare if needed: https://github.com/ameshkov/udptlspipe

The use case is to relay WireGuard over TCP/CF in a restrictive network, confirmed to work in China, obviously not too fast.

Ops, we'll fix it in a moment

Awesome! (Unrelated: Now I just need to figure out how to overcome all these "Admiral" nags that are chipping away at my love for filtering on half of the legitimate news sites... any advice?)

Yeah, it’s blocked by NextDNS too

The issue is resolved now, the repo is available again.

We have not received any response to the support case that we opened, but we assume that it was a false positive of some automatic algorithm.

As a consequence of this we're going to set up a mirror outside Github so that the work didn't stop if something like that happens again.

UPD: We received the official response explaining that this was a mistake. I must admit the whole situation was resolved really quickly, good job.

You may have a free-for-life account which will allow you to:

  ssh user@rsync.net git clone mirror git://github.com/blah/blah

Just email us.

They're using github as an HTTP CDN, are you saying that rsync.net now supports this use case?

We don't use GH as a CDN, it's used solely for developing filter lists and issue reports.

This does seem like exactly the sort of thing that would trigger false positives. The product is fundamentally a list of a bunch of text found in malware, so any sort of malware detector that's based on the textual content seems likely to give a false positive.

*in phishing, not in malware. Adguard domains are unlikely to be found in malware.

We opened an appeal on Github and are waiting for their response.

So far we have absolutely no idea what's wrong and what is the violation they're referring to.

I'll be surprised if this is a copyright issue as Github according to their policy should've given us a prior notice so that we could file a counter-notice.

I hope this is some sort of a false positive caused by Github trying to handle the spam issue [1] lately.

[1]: https://www.bleepingcomputer.com/news/security/github-commen...