adguard-extension-settings

My recommendations for the ultimate configuration of AdGuard's browser extension :)

NOTE: For AdGuard on Safari on iOS, see here, and for AdGuard on Safari on macOS, see here.

NOTE: This project can be found on both Codeberg, which will act as the main & preferred way to contribute, and GitHub.

General

Block search ads and websites' self-promotion -> ✅

Phishing and malware protection -> ❌ (Use Quad9 instead)

Activate the most appropiate filters automatically -> ✅

Auto-update filters -> 1 hour (If this causes you any issues, you can set to 6 hours instead)

Filters

I would generally recommend enabling most of the built-in filters, besides those under the Language-specific category & some of those under the Other category. These are all extremely carefully picked lists with strong coverage and minimal breakage, and I would recommend enabling them as follows for the best coverage possible.

Ad Blocking -> ✅

Ad Blocking:

• AdGuard Base filter -> ✅

• AdGuard Mobile Ads filter -> ✅

• EasyList -> ✅

Privacy -> ✅

Privacy:

• AdGuard Tracking Protection filter -> ✅

• AdGuard URL Tracking filter -> ✅

• EasyPrivacy -> ✅

• Legitimate URL Shortener -> ✅

• Peter Lowe's Blocklist -> ✅

• Fanboy's Anti-Facebook List -> ✅

Social Widgets -> ✅

Social Widgets:

• AdGuard Social Media filter -> ✅

• Fanboy's Social Blocking List -> ✅

Annoyances -> ✅

Annoyances:

• AdGuard Cookie Notices filter -> ✅

• AdGuard Popups filter -> ✅

• AdGuard Mobile App Banners filter -> ✅

• AdGuard Other Annoyances filter -> ✅

• AdGuard Widgets filter -> ✅

• AdGuard Annoyances filter -> ✅

• Adblock Warning Removal List -> ✅

• Fanboy's Annoyances -> ✅

• EasyList Cookie List -> ✅

• Dandelion Sprout's Annoyances List -> ✅

Security -> ✅

Security:

• Online Malicious URL Blocklist -> ✅

• Phishing URL Blocklist -> ✅

• Scam Blocklist by DurableNapkin -> ✅ (Only enable this if you don't also have DNS content blocking with this list enabled in place, otherwise keep this list disabled)

• uBlock Origin - Badware risks -> ✅

Other -> ✅

Other:

• AdGuard DNS filter -> ✅ (Only enable this if you don't also have DNS content blocking with this list enabled in place, otherwise keep this list disabled and re-disable the Other category)

Custom -> ✅

Custom:

I would recommend importing the following lists:

• ⭐️ Divested - Fingerprinting - https://codeberg.org/divested/dnsbl/raw/branch/master/Fingerprinting.ubl

• ⭐️ HaGeZi's Threat Intelligence Feeds - IPs: https://github.com/raw/hagezi/dns-blocklists/main/ips/tif.txt (Even if you use this list in i.e. AdGuard Home, you should also apply it here for an extra level of protection from these IPs outside of just the DNS level)

• ⭐️ pfBlockerNG MS-1: https://gist.githubusercontent.com/BBcan177/bf29d47ea04391cb3eb0/raw/7290e0681bcd07415420b5c80a253652fd13f840/MS-1 (Even if you use this list in i.e. AdGuard Home, you should also apply it here for an extra level of protection from these IPs outside of just the DNS level)

• ⭐️ Yokoffing's Block third party fonts: https://github.com/raw/yokoffing/filterlists/main/block_third_party_fonts.txt

Additionally, if you don't have a DNS content blocking solution in place (you should), or you just can't use the relevant list on your DNS blocker, you should import the following:

• ⭐️ My BadBlock: https://codeberg.org/Magnesium1062/BadBlock/raw/branch/main/abp/badblock.txt

• ⭐️ Dandelion Sprout's Anti-Malware List: https://github.com/raw/DandelionSprout/adfilt/master/Dandelion%20Sprout's%20Anti-Malware%20List.txt

• ⭐️ Divested Combined Blocklist: https://divested.dev/hosts-domains-wildcards

• ⭐️ HaGeZi's Badware Host Blocking: https://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/adblock/hoster.txt

• ⭐️ HaGeZi's Most Abused TLDs: https://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/adblock/spam-tlds-ublock.txt

• ⭐️ HaGeZi Multi PRO++: https://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/adblock/pro.plus.txt

• ⭐️ HaGeZi's Threat Intelligence Feeds: https://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/adblock/tif.txt

• ⭐️ HaGeZi/xRuffKez's Newly Registered Domains (14 days): https://github.com/raw/xRuffKez/NRD/main/nrd-14day_adblock.txt

• ⭐️ OISD - Big: https://big.oisd.nl

Additionally, if you're fine with a little breakage, I would highly recommend:

• ⭐️ My BadBlock + instead of BadBlock: https://codeberg.org/Magnesium1062/BadBlock/raw/branch/main/abp/badblock_plus.txt

• ⭐️ 1Hosts Pro: https://o0.pages.dev/Pro/adblock.txt

• ⭐️ HaGeZi Multi Ultimate instead of HaGezi Multi Pro++: https://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/adblock/ultimate.txt

Stealth Mode

Stealth Mode -> ✅

General -> Block trackers -> ✅

General -> Remove tracking parameters -> ✅

General -> Hide your search queries -> ✅

General -> Ask websites not to track you -> ✅

Cookies -> Self-destruction of third-party cookies -> ✅

Cookies -> Self-destruction of third-party cookies -> Your choice, the shorter the better, I usually leave at the default of 2880

Miscellaneous -> Hide Referrer from third parties -> ✅

Miscellaneous -> Disable WebRTC -> ❌ (As long as you're using a private browser like Firefox or Brave, then there really isn't a point or benefit from setting this IMO)

User rules

User rules -> ✅

User rules:

This is where it can really depend on you and your set-up. I'll provide my recommendations and filters here I myself use below:

First, I would highly recommend setting the following to protect against IDN Homograph attacks You don't need to set this if your DNS provider already provides IDN Homograph Attacks Protection (i.e. NextDNS):

• xn--*

• xn--*$doc,popup,frame

I usually also set the following to always enforce blocking Google's Doubleclick & Google Analytics: ((Why?)[https://github.com/gorhill/uBlock/wiki/Privacy-stuff])

• ||doubleclick.net^$important

• ||google-analytics.com^$important

Additionally, I set the following to block social media tracking on websites:

• ||facebook.com^$important,third-party

• ||facebook.net^$important,third-party

• ||linkedin.com^$important,third-party

• ||instagram.com^$important,third-party

• ||tiktok.com^$important,third-party

I also set this to block tracking from Gravatar:

• ||gravatar.com^$important,third-party

I also set these rules to block 3rd party sign-in prompts from Google & Apple, as they're 1: annoying and 2: a tracking concern:

• ||accounts.google.com^$third-party

• ||appleid.apple.com^$third-party

• ||appleid.cdn-apple.com^$third-party

• @@||accounts.google.com^$domain=youtube.com|chromium.org|gstatic.com|googleusercontent.com

• @@||appleid.apple.com^$domain=appleid.cdn-apple.com

• @@||appleid.cdn-apple.com^$domain=appleid.apple.com

Finally, I usually set the following to block the annoying banner on Old Reddit promoting Reddit's new UI.

• www.reddit.com###redesign-beta-optin-btn

• old.reddit.com###redesign-beta-optin-btn

Once you are done here, make sure to select Save.

Additional settings

Use optimized filters -> ❌

Invert allowlist -> ❌ (Should be default)

Help with the development of AdGuard filters -> ❌

Show information on the AdGuard full version -> ❌

Notify about extension updates -> ✅

Additional recommendations

• Use a privacy-respecting browser like Firefox with a user.js like Arkenfox.

• Enable Safe Browsing in your browser if possible and if it's not done in a privacy-invasive way. (You should use i.e. Google Safe Browsing on "Standard" Mode, Firefox's Safe Browsing, & Brave's Safe Browsing, you should avoid most other options i.e. Google Safe Browsing on "Enhanced" Mode, Microsoft SmartScreen, & Opera Sitecheck).

• Use a private, secure, & reputable DNS provider of your choice. I would recommend setting up your own NextDNS configuration if you are able to (See my recommendations for NextDNS here), otherwise I would recommend Quad9. (Even if you have a private/secure DNS provider set on your OS/network level, make sure to also set it in your browser as well, so that you can take advantage of Encrypted Client Hello)

• Use a (reputable) anti-virus if possible. On Windows, you can use the built-in Microsoft Defender Antivirus, on macOS, you can stick to the built-in XProtect, on Android, you can use Hypatia, and on Linux, you can use ClamAV. NOTE: You should install Hypatia through the DivestOS Official Repo instead of F-Droid's main repo, as it will allow you to receive quicker updates directly from the developer. It's also recommended to use F-Droid Basic as your F-Droid client of choice.