GitHub disabled adguard filters repository
twitter.comThe issue is resolved now, the repo is available again.
We have not received any response to the support case that we opened, but we assume that it was a false positive of some automatic algorithm.
As a consequence of this we're going to set up a mirror outside Github so that the work didn't stop if something like that happens again.
UPD: We received the official response explaining that this was a mistake. I must admit the whole situation was resolved really quickly, good job.
You may have a free-for-life account which will allow you to:
Just email us.ssh user@rsync.net git clone mirror git://github.com/blah/blahThey're using github as an HTTP CDN, are you saying that rsync.net now supports this use case?
We don't use GH as a CDN, it's used solely for developing filter lists and issue reports.
This does seem like exactly the sort of thing that would trigger false positives. The product is fundamentally a list of a bunch of text found in malware, so any sort of malware detector that's based on the textual content seems likely to give a false positive.
*in phishing, not in malware. Adguard domains are unlikely to be found in malware.
Maybe it's being taken down because GitHub is not happy about serving as a free CDN for a non-source code repository?
The title says the repo is a filters repo. Did the repo actually contain filter rules, or was it used to distribute the closed source plugin package?
I would argue filter rules count as source code as much as anything else. It doesn't matter if the thing reading the filter rules is not open source.
Aside from that, github intentionally hosts all kinds of content that isn't literally code. gists, pages, wiki, discussions, issues.
People also host books on github where the text is the code and git is the update system and github is the distribution system, all exactly the same as with a c program. It's not abusing the system like using the CI compute to do random other work, it's using the facilities for exactly what they are each intended for. github wants everyone to use and grow to depend on github for things like that.
But they've encouraged uses like this for ages, see also Github Pages.
If they're going to change the policy, at least announce it first...
In general this is why you shouldn't depend on 3rd parties like this. Though hopefully in this case it's mostly a brief mistake?
I see adblockers as another casualty of the end of the ZIRP era. Big Tech was benevolent when the money was free, but now that they have to tighten the waistband all the nice open-sourced add-ons (like 3rd party readers, ad-blockers, etc.) are all getting killed off (or at least they're trying to)
On the other hand, Apple is adding a "this is totally not an adblocker, I promise" it's-obviously-an-adblocker to the next version of Safari as a builtin feature. It's pretty barebones, as Apple copycat features tend to be, but I think it's a decent indicator of their attitude on the subject.
My understanding is that it’s a DOM element hider. While it is possible to hide some ads with it, it probably won’t disable the tracking.
They intended it as an adblocker initially and dialed back the tone because of pressure from ad companies and co.
There are adblockers for Safari too in the Appstore
The repo is accessible now.
We really need at least a duopoly in the git space. Nothing against github per se but they've got way too much of the mindshare.
Better yet some kind of decentralized source control protocol.
Technically git is already decentralized, the issue is where git repos get hosted.
Your parent message is clearly sarcasm (I think - text makes this hard to say for sure, but I usually assume the better option). But yeah, turns out that people don't really want a distributed version control system (at least git works offline, which was not true for its predecessors).
For those that haven't bothered clicking the link, they add:
> Github was struggling with "malware" comment spam lately and we added several filter rules that block this stuff. Maybe this is what triggered disabling the repo?
The comments so far immediately jumping to conspiracy speculation is depressing.
It's already back up.
And its because of situations like this, that I push to multiple foundries at the same time. Consolidation of resources is makes it only as secure as your control of maintaining them.
pure speculation but i bet it’s somehow because it contains links to copyrighted/illegal content (to block it) lmao
Not that I agree, but for future reference, they keep all their DMCAs public here:
Or just plain old links to malware, because sometimes even non-interactive links in a plaintext document can be presented by an attacker with context that socially-engineers a target to copy-paste a malicious URL into a browser.
I'm actually shocked that Github didn't have Adguard white-listed to prevent this from being picked up by malware scanning tools already. And it's a shame, because the whole point of scanning for malware is to protect people from falling victim to new attacks, and killing the filter repository is entirely counter to that goal.
Yeah putting full unobfuscated links to malware or copyrighted content into your repository seems like an obvious way to get it blocked. If they masked the URLs a bit it might've been fine.
if they were obfuscated the urls the app itself would need to process it to un-obfuscate, then the performance would take a hit, but I get your point. It's just the wrong service to host this.
PS: could not check the link, as my country blocked twitter.
FWIW:
* I often put malware samples in my repositories on github (I prepare malware analysis trainings, and I develop my trainings on github). Never got banned.
* There are a ton of leaked malware sources (and/or binaries) stored on github. They are not banned
* Github is full of blatantly obvious malware (at best "pentesting tools", at worst "educational projects"). Sadly, not banned too.
Adblock is ethically equivalent to theft. This is a good thing, as far as I'm concerned (even if it wasn't deliberate).
Ads have been brainwashing people for centuries, and they now deliver malware.
As you once elegantly said: “It's like natural selection except our society has not selected them.” We now have the tools to remove them from the gene pool and it’s a good thing.
Except homeless people don't contribute anything good to society. Advertisers and services like YouTube do.
A webpage serves many elements, all to which you are entitled to see. Adblock is just a way to decide which elements you see or do not see. Your ethical position, that we are compelled to see everything served to us, is troublesome.
When you visit a website or a YouTube video, there is an implied social contract that you will view the ads and allows trackers in exchange for consuming content. Otherwise, you are essentially freeloading off peoples' hard work. If you are not happy with the ads, simply go to another website that doesn't serve ads, host your own PeerTube instance or whatever. Just don't steal and then be entitled about it.
Using adblockers is a safety measure. Since ads on websites today are known to spread malware and the ad industry has not been able or is not interested in fixing this I don‘t see any value in discussing your idea.
What websites spread malware ads? Maybe you should... avoid going to those sites?
It's not the advertisement industry's job to fight malware or to protect you from it, it's their job to get products and services sold. That's called capitalism.
Also, if adblock is a safety measure, why then do these adguard filters and adblockers block ads/trackers on legitimate sites like Google and YouTube?
Even ads on "legitimate" sites like Google and Youtube regularly direct users towards scams and malware.
There are no "safe" places where an ad blocker can be disabled because these ads aren't strictly contextual. Any ad could run on any website.
> It's not the advertisement industry's job to fight malware or to protect you from it
In other contexts we would call this "aiding and abetting".