[randomhodler84]

I said it before and I will say it again, MITM for ad blocking is not a way forward.

Cert pinning defeats this on 99% of consumer devices and introduces a security hole in the browser by subverting the trust model. Unless the proxy is doing 100% of the same thing the browser is doing, and it isn’t, you are weakening browser security too.

Instrument the endpoint (browser plug-in) or control name resolution (filtering DNS server that uses DoH to prevent upstream filtering).

[pkulak]

It's not about this being some end-all solution, it's about it being an option. Personally, I love it. I used to use Privoxy, back when nothing was encrypted, and it was wonderful. A central place to store all my ad-blocking config that could be connected to at will by most devices on my network. I mostly have that now with DNS blocking, but once ad networks stop putting ads on separate domains, that's done.

Keep in mind that ad-blocking browser plugins aren't exactly secure either. They have access, not only to every network request, but every keystroke, mouse wiggle, etc. And all it takes to all fall down is for whoever is maintaining it to cash out and sell to a bad actor: you'll helpfully be automatically updated to the new, state-owned version.

[gumby]

The problem with browser plug ins is that they only work in browsers. I read most html or other "web pages" in programs other than browsers (mail client, RSS readers, Electron apps, etc)