[userbinator]

As long as MITM proxies still work (which is something that Enterprise customers demand --- even the notoriously-closed Chrome needs to), it will always be possible to filter pages outside of any browser. I've been using one for over 2 decades and it works in any browser.

However, I am also concerned that this is an "embrace extend extinguish" move.

[6ak74rfy]

Tell me more, what's your setup.

I use uBlock Origin in Firefox and network ad blocker. Wondering what other options are there.

[spockz]

In general, install a proxy which has its own certificate, resign every tls session with those keys, add the certificate of the proxy as a trusted certificate on your device.

I’m not familiar with off the shelf solutions for this that have ad blocking built in. Also ads are injected by JS so you need a mechanism to detect that.

More and more ads are now served from the same domain as the site making it harder to distinguish them from real content.

[Bender]

The open source solution is to configure the latest Squid proxy as a Squid SSL Bump proxy. There are a handful of sites it will not work with due to them still using public key pinning but its a tiny list. I do not have it handy at the moment.

Squid supports ACL's that can block URL patterns, domains, IP addresses, file extensions, mime types and much more.

Here [1] is an out of date example. There are probably better and more up to date examples. Some examples are based off Squid V3 as some distros still ship with that but Squid 6 added more flexibility around chaining options SOCKS options and such.

[1] - https://github.com/alatas/squid-alpine-ssl

[kotaKat]

ZScaler Internet Access will do it with the right blocking configurations (eg, blocking "Advertising" groups).

But then you're using ZScaler and that just feels all nice and icky.

[lxgr]

What would prevent sites from just injecting ads into their content server-side? You'll always need both element and request blocking.

[ajb]

That's why GP wrote MITM, not just network blocking. MITM implies the middlebox is trusted by the browser in which it has installed a certificate, so can see and modify content.

[lxgr]

Hm, you mean basically to edit all HTML, CSS etc. just in time? This seems significantly harder (concepts spread over files being loaded in parallel or being partially cached etc) than to do it in the browser once everything is loaded.