Blog

• Recommended Enabling ECS
• AdGuard Private - Enhanced DNS Service Based on AdGuard Home
• Full Support for HTTP/3 Protocol
• Introducing Custom Client Name Feature
• The Necessity of Ad Blocking--Protecting Attention and Privacy in the Digital Age
• Service Resource Optimization Strategy Explanation
• Basic Edition Memory Limit Adjustment
• Always Ready to Provide Support Services
• How to Set Up a Dedicated Link
• Enhanced Ad Blocking Rules Upgrade
• Trial Service Details

Recommended Enabling ECS

To achieve the best DNS resolution experience, we have preset some recommended configurations, but there is still a configuration that users need to pay attention to, which is “EDNS Client Subnet”.

Enabling EDNS Client Subnet (ECS)

For a better experience, you might want the DNS server to return server IP results that are geographically closest to you. EDNS Client Subnet (ECS) can achieve this. It allows sending an IP subnet containing geographic information to the DNS server, so the server can return the best DNS resolution results.

How it Works:

When ECS is enabled, your DNS resolver (such as AdGuard Home) will include a part of the client’s IP address (usually the first 24 bits, representing the subnet where the client is located) in the DNS query and send it to the upstream DNS server. The upstream DNS server will then return the server IP address most suitable for that region based on this subnet information.

sequenceDiagram
    participant Client
    participant DNS Resolver
    participant Upstream DNS Server

    Client->>DNS Resolver: DNS Query
    DNS Resolver->>Upstream DNS Server: DNS Query with ECS (Client Subnet)
    Upstream DNS Server->>DNS Resolver: DNS Response (Geo-localized IP)
    DNS Resolver->>Client: DNS Response (Geo-localized IP)

Privacy Considerations:

Enabling ECS can improve the accuracy and speed of DNS resolution, but it may also have certain privacy implications. By sharing the subnet of the client’s IP address, your approximate geographic location information may be recorded by the upstream DNS server. Please weigh whether to enable this feature based on your situation.

How to Weigh:

Enabling ECS can strike a balance between access speed and accuracy. If you have high requirements for privacy protection, you can choose to disable ECS, but it may reduce access speed. If you want to achieve the best access experience, you can enable ECS, but be aware of the potential privacy implications. This privacy information is collected by the upstream DNS, and this service still adheres to the privacy policy commitment, not collecting or utilizing any information.

AdGuard Private - Enhanced DNS Service Based on AdGuard Home

AdGuard Private: DNS Service Focused on Privacy Protection

Visit the official website for more information: AdGuard Private

This project is a secondary development based on AdGuard Home, following the GPL 3.0 open-source license.

The source code is available at: GitHub - jqknono/AdGuardHome

Enhanced Features

Compared to the original AdGuard Home, we have added the following features:

• 📜 Automated SSL Certificate Management
  • Automatic certificate application and renewal
  • Support for wildcard certificate configuration
• 🛡️ Enhanced Security Features
  • Intelligent rate limiting protection
  • Optimized access experience for mainland China
• ⚙️ Optimized System Configuration
  • Disable DHCP service, focus on DNS functionality
  • Fixed cache size at 4MB, ensuring stability

Advantages of Hosted Service

We provide professional DNS hosting services with the following features:

• 🏢 Deployed on Alibaba Cloud Hangzhou node
• 🌐 Comprehensive Protocol Support
  • IPv6 support, direct connection to mainstream IPv6 upstream
  • DoT (DNS over TLS)
  • DoH (DNS over HTTPS)
  • HTTP/3 support, significantly reducing latency
• 📊 Powerful Rule Management
  • Support for importing third-party blacklists and whitelists
  • Capacity for 1 million rules
• 📝 Comprehensive Logging and Statistics
  • 72-hour query record retention
  • 24-hour detailed statistical analysis
• ⚖️ Load Balancing
  • Multi-server distributed deployment
  • Intelligent load distribution
• 💰 Competitive Pricing

Performance and Effectiveness Evaluation

DNS-level ad blocking has its unique advantages:

• 💪 Advantages

  • Zero additional power consumption
  • Coverage across all devices
  • Reduced frequency of device network wake-ups
  • Reduced loading of invalid data

• ⚠️ Limitations

  • Lower interception accuracy than browser plugins
  • Cannot achieve the filtering effect of MITM schemes

Particularly suitable for mobile device usage scenarios, protecting privacy while considering device battery life.

Full Support for HTTP/3 Protocol

We are pleased to announce that AdguardPrivate now fully supports the HTTP/3 protocol. All existing users will automatically be upgraded to enjoy the performance improvements brought by HTTP/3, without any additional configuration required.

Important Update Notes

• iOS Users: You can now use HTTP/3 directly through the DoH protocol, enjoying lower network latency
• Android Users: Due to system limitations, the DoT protocol is still in use, but support for HTTP/3 will be available after Google’s future updates
• Performance Improvement: The initial response time is significantly improved compared to HTTP/2, with faster connection establishment
• Smart Switching: In network environments that do not support HTTP/3, the system will automatically switch to HTTP/2 to ensure service stability

In-Depth Analysis of HTTP/3 Technology

HTTP/3, as the latest version of the HTTP protocol, is based on Google’s QUIC transport protocol and brings several innovative technical advantages:

Core Features

1. QUIC Protocol Based on UDP

   • Significantly reduces connection establishment time
   • Improved multiplexing capabilities
   • More intelligent packet loss handling mechanism

2. Optimized Performance

   • Zero handshake delay (0-RTT)
   • Improved congestion control
   • Support for connection migration

3. Enhanced Security

   • Integrated with TLS 1.3
   • Encrypted handshake process
   • Reduced risk of man-in-the-middle attacks

Connection Process Comparison

Usage Recommendations

• Ensure your client supports the HTTP/3 protocol
• Keep your client version updated
• In restricted network environments, the system will automatically downgrade to HTTP/2

Precautions

• Network traffic in some regions may restrict UDP, affecting HTTP/3 performance
• Performance may vary in different network environments
• The system will automatically select the optimal protocol based on network conditions

References

• HTTP/3 Specification Document
• Detailed Explanation of QUIC Protocol
• IETF HTTP/3 Standard

Introducing Custom Client Name Feature

Feature Introduction

To enhance user experience, AdGuardPrivate now supports the custom client name feature. With this feature, you can set unique identifier names for different devices, making device management more intuitive and convenient.

Configuration Guide

The configuration method varies slightly depending on the device type:

Android Devices

Simply add a custom prefix before the domain name, in the following format:

{device name}.{original domain name}

Example: xiaomi-15pro.xxxxxxxx.adguardprivate.com

iOS Devices

1. Go to the “Settings Guide” page
2. Enter the custom name in the “Client ID” text box
3. Download and apply the new configuration file

Browser Configuration (DoH)

Add a custom identifier after the original DoH address:

Original format:

https://xxxxxxxx.adguardprivate.com/dns-query

New format:

https://xxxxxxxx.adguardprivate.com/dns-query/{device identifier}

Example: https://xxxxxxxx.adguardprivate.com/dns-query/pc1-browser

Usage Recommendations

• It is recommended to use meaningful identifiers for device names, such as device model, location, or purpose
• Avoid using special characters; it is recommended to use letters, numbers, and hyphens
• Maintain a consistent naming convention for easier future management

Notes

• Custom names only affect display and do not impact service performance
• Configuration must be reapplied after changing the name to take effect
• It is recommended to save the configuration information for each device for future reference

The Necessity of Ad Blocking--Protecting Attention and Privacy in the Digital Age

Deconstructing the Modern Advertising Ecosystem

The Profit Model of Advertisers

The modern advertising system is built on a complex chain of interests:

• Advertisers connect advertisers with users through media platforms
• Revenue comes from advertisers’ placement fees, not from users
• The goal is to maximize the “conversion rate” — turning ad viewers into paying customers

The Battle for Conversion Rates

In this battle for attention:

• High conversion rates mean higher ad prices
• Ad placement efficiency directly affects revenue
• “Personalized delivery” becomes the core strategy for increasing conversions

The Truth About Personalized Ads

The Depth of Data Collection

Modern advertising systems collect user information through multiple channels:

• Device identifiers and operating system data
• Cross-platform behavior tracking
• Social network analysis
• Consumer behavior profiling

The Trap of Precise Delivery

What seems like convenient personalized delivery actually hides risks:

• Exploiting cognitive biases to create demand
• Amplifying potential user anxieties
• Creating a false sense of urgency

The Erosion of Attention by Ads

The Cost of the Attention Economy

• Frequent interruptions disrupt work efficiency
• Interfere with decision-making capabilities
• Increase cognitive load
• Blur the boundaries of real needs

The Evolution of Advertising Strategies

Modern advertising has evolved from simple information dissemination to:

• Forced memory implantation
• Emotional stimulation
• Anxiety marketing
• Social pressure

Strategies for Self-Protection

Core Protective Measures

1. Privacy Protection First

   • Limit app permissions
   • Control data sharing
   • Use privacy protection tools

2. Attention Management

   • Set focused time periods
   • Establish information filtering mechanisms
   • Cultivate the habit of actively seeking information

3. Control Over Consumer Decisions

   • Establish a demand evaluation system
   • Delay purchase decisions
   • Maintain rational judgment

Technological Support: Cyber Savvy

In this data-driven era, maintaining “cyber savvy” — caution and wisdom in the digital world — becomes particularly important. This includes:

• Managing digital footprints
• Protecting personal privacy
• Controlling information flow

Solutions

AdGuard Private Service, as a comprehensive protection solution, not only provides ad blocking but, more importantly, helps users:

• Protect personal privacy
• Optimize browsing experience
• Reduce distractions
• Provide a controllable information environment

Let’s regain control of our digital lives, starting with rejecting ad harassment.

Service Resource Optimization Strategy Explanation

Background Explanation

As the number of users grows and functional demands increase, we have observed that some high-resource consumption configuration options may lead to service instability. To ensure service quality, we conducted a thorough analysis and developed corresponding optimization strategies.

Resource Optimization Strategies

1. Filter Update Mechanism Optimization

Current Situation Analysis

• Some users have set filters to update hourly
• Each update requires a complete download-parse-deduplication process
• International bandwidth limitations cause longer update times
• Servers experience sustained high loads

Optimization Plan

We will adjust the update interval to a minimum of 72 hours for the following reasons:

• Most filter lists have update cycles of 24-72 hours
• Reduce unnecessary resource consumption
• Ensure service stability
• Optimize bandwidth usage efficiency

Impact Assessment

• Positive Impact
  • More stable service response
  • More reasonable resource usage
  • Reduced system load
• Minimal Impact
  • Rule updates remain within a reasonable cycle
  • No impact on protection effectiveness

2. Parallel Request Strategy

Current Situation

Currently, most users have enabled the parallel request feature, but the benefits are limited under the existing architecture:

• The latency difference of upstream services on Alibaba Cloud is usually within 5ms
• May trigger request frequency limits of Alibaba Cloud’s public services
• Increases unnecessary system overhead

Usage Recommendations

• Recommend using load balancing mode
• Parallel requests are suitable for the following scenarios:
  • Significant latency differences in upstream services (>200ms)
  • Situations where service quality is unstable
  • Cross-border access scenarios

Note: No throttling issues due to parallel requests have been found so far; this feature remains open for now.

3. Third-Party List Management

Safety Considerations

To ensure system stability, we have temporarily disabled support for some third-party lists:

• The scale of external lists is unpredictable
• May lead to resource overload
• Service stability cannot be guaranteed

Future Plans

We are researching safer third-party list management solutions to potentially reopen this feature in the future.

Basic Edition Memory Limit Adjustment

Some users’ environments are restarting frequently. Upon checking the logs, it was found that the reason for the exit was that memory usage reached the limit of 300MB, resulting in forced termination.

We have now adjusted the limit for a single container to 500MB to alleviate the restart issue.

If you encounter login or restart problems in your environment, please feel free to contact us at any time. Resolving issues for our customers is our responsibility.

Need Help

Send an email service1@adguardprivate.com
Please describe the issue you are experiencing in detail, and we will respond as soon as possible.

Always Ready to Provide Support Services

Quick Start Guide

To ensure you can start using our services conveniently, we have provided a detailed User Guide

Thoughtful Service Support

Dedicated Guidance

We have noticed that some new users may encounter difficulties when using our products for the first time. For this reason, we:

• Continuously optimize the structure of product documentation
• Provide clear configuration guides
• Prepare a FAQ section

Timely Response

Although we adopt a no-registration policy to protect user privacy, this does not affect our service to users. You can contact us through the following methods:

Need Help

Send an email service1@adguardprivate.com
Please describe the issue you are experiencing in detail, and we will respond as soon as possible.

How to Set Up a Dedicated Link

Some paid AdGuardHome services provide a dedicated link that does not allow users to access the backend management, with administrators managing the rules on their behalf.

This indicates that they do not offer private backend management functionality, but rather implement the service through domain reverse proxy, which is relatively cost-effective.

You need to rent a server to run the AdGuardHome service and configure Nginx reverse proxy to achieve this functionality.

Taking the service link 5r69hxdx9onl70hp.example.com as an example, the key Nginx configuration is as follows:

http {
  server {
    listen 1080;
    server_name 5r69hxdx9onl70hp.example.com;
    location / {
      proxy_pass http://worker.example.com:5002;
      proxy_set_header Host $http_host;
    }
  }
  server {
    listen 1443 ssl;
    server_name 5r69hxdx9onl70hp.example.com;
    ssl_certificate /app/data/certs/5r69hxdx9onl70hp/fullchain.pem;
    ssl_certificate_key /app/data/certs/5r69hxdx9onl70hp/privkey.pem;
    location / {
      proxy_pass https://worker.example.com:5003;
      proxy_set_header Host $http_host;
    }
  }
}
stream {
  ssl_protocols TLSv1.2 TLSv1.3 SSLv3;
  map $ssl_preread_server_name $targetBackend {
    5r69hxdx9onl70hp.example.com worker.internal.com:5004;
  }
  server {
    listen 1853;
    proxy_pass $targetBackend;
    ssl_preread on;
  }
}

Each paying user only needs to add a similar Nginx configuration, with domain resolution pointing to the server. When there are many users and the pressure on a single application service is high, it can be proxied to different backends.

Such services cannot achieve true personalization; users need to be able to access the backend to truly control their internet data, which is an advantage of our private service where a user truly has exclusive use of a service, utilizing all the features of AdGuardPrivate.

Enhanced Ad Blocking Rules Upgrade

Rule Update Explanation

To meet users’ demand for stronger ad blocking, we have comprehensively optimized our filtering rule strategy. The new rules significantly enhance ad filtering effectiveness while maintaining a low false positive rate. This update is based on user feedback, and we have added more precise blocking rules while ensuring normal website access.

Rule List Overview

We have compiled the following professional rule lists, which you can select and use according to your specific needs:

Basic Protection Rules

Content Filtering Rules

Usage Recommendations

1. Step-by-Step Approach

   • Start with basic protection rules
   • Gradually add other rules based on actual needs
   • Regularly check and update the rule list

2. Performance Optimization

   • Avoid enabling too many rules simultaneously
   • Prioritize rules most relevant to your needs
   • Regularly clean up unused rules

3. Troubleshooting

   • Record and report false positives promptly
   • Temporarily disable specific rules for testing
   • Use a custom whitelist when necessary

Precautions

• Some rules may affect the normal access to specific websites
• Regularly check for rule updates
• Contact us promptly if you experience frequent false positives

For users needing more flexible control, we offer a professional service that supports fully customizable rule configurations. Feel free to provide feedback at any time.

Need Help

Send an email service1@adguardprivate.com
Please describe the issue you are experiencing in detail, and we will respond as soon as possible.

Trial Service Details

As a service provider focused on offering custom ad filtering rules, we understand the considerations users have when choosing a service. Despite the higher cost of the service, we remain committed to providing the utmost customization flexibility to our users.

To help you fully understand the value of our service, we have introduced a premium trial plan. This version includes all advanced features and is identical to the full service, allowing you to experience the unique benefits of customized filtering risk-free.

Trial Details:

• The discounted price is only applicable for first-time use
• Renewal requires selecting a full service plan
• Due to the no-account design, the trial version can be repurchased
• Each new purchase will generate a completely new service instance
• Renewal can retain all configurations of the original instance

We look forward to you experiencing this high-quality service. If you encounter any issues during use, our customer service team will be available to provide professional support at any time.

Need Help

Send an email service1@adguardprivate.com
Please describe the issue you are experiencing in detail, and we will respond as soon as possible.