Zen (Full-OS Ad-blocker)

Looks pretty cool, not sure of it’s compatibility with VPNs or Tor though.

Any reason to use this over an ad blocking dns? Plus, what purpose does it serve, usually one only sees ads in their browser…

No!

This installs a root certificate to directly manipulate traffic.
You must trust that it absolutely handles all TLS interactions properly, and even then it’ll obscure your browser from handling that correctly.

You’re far better off using basic global DNS-based filtering combined with a powerful in-browser content blocker (uBO).

edit, related: HTTPS Interception Weakens TLS Security | CISA

12 Likes

Marking as rejected, SSL MITM is an unacceptable security risk as described above regardless of the client and whether it’s open source.

8 Likes

Agreed that HTTPS interception using MITM technique poses a security risk if not handled properly e.g. Superfish and Privdog. But you have to understand that most AVs also do this coz they need to scan https traffic. For example, I use Bitdefender which has an encrypted web scan feature.

So you need to have trust in the competency of a software vendor when taking certificate validation outside of the browser. Bitdefender has shown it’s very quick to fix issues arising from HTTPS inspection & certificate validation. Also by default, Chrome and some other browsers don’t check revoked certs https://revoked.grc.com/ , Reddit - Dive into anything
That’s why I decided to keep the encrypted web scan feature on. Zen Ad-blocker looks to be managed by one person based on the commits. And their LinkedIn doesn’t show any strong competency in cybersecurity. So I’d be inclined no to trust that tool for handling HTTPS interception.