Heads up on Blokada
Mar 15, 2019 · by Sebastian & PeterBlokada 3.7 released 3 weeks ago. A big milestone for us, this is the last minor version in version 3, and we would like to thank you all your support on the social sites, forums, all your donations and contribution on GitHub. The ideas you share make this application better and better with every new release.
One big change that 3.7 ships is the opt-out option for log sharing. We are aware how different ad blockers handle private data, and it is a reasonable concern. Between the fact that some ad blockers can block ads inside an HTTPS (encrypted) communication, some other may pass your data through third-party servers, and others (almost all) have some kind of reporting in the eventuality of application errors, of course there’s some sensibility around privacy, and it is perfectly valid.
We, at Blokada believe in transparency, thus we would like to share technical aspects around it and clear up our position regarding privacy and personal data.
A long time ago (specifically since mid 2017 with version 2), Blokada became an open source project. There were several factors involved in this decision, but we want to remark that, in part, it was to enable any user to know exactly what they are installing and what this ad blocker does.
Blokada, as many other ad blockers, can’t be installed from the Play Store, it needs to be sideloaded, and of course, that always brings some concerns. A lot of users were asking for the code, and with some reasons to do it, after all, any ad blocker has to read your data to be able to block the ads in it. It’s a reasonable question mark over any sideloaded app, more with an app that is seeing your internet transactions. While “trust” is something not so easily achieved nowadays where we see leaks and unfair management of personal information, Blokada chose another approach: becoming open source. Given this fact, users don’t need to “trust” the app; anyone can see what Blokada does and does not. That was a first step for transparency.
A second step is how in app private data is managed, and this leads us to logs and reports, where we had changes. To improve the app, have enough information to fix the bugs and malfunctions that were being reported by users, Blokada implemented two tools: an application log and a reporting tool that sends this log. These two things allow users to analyse and, if they choose so, send Blokada’s run log when an issue is found or the application crashed. Very important, that no log generated by default: it requires that the user grants external storage access permission for Blokada, and due to privacy concerns, our ad blocker doesn’t ask for it at installation.
Version 3.7 brought you a new option, you can opt-out. In this case, after a crash the window won’t show up to send the report even if the user granted storage access permission. The log is accessible and viewable by anyone. It’s located on the phone and is accessible in the Downloads folder, in the Blokada sub-folder. It can be sent manually, or analysed using any text editor or debugging application. The only private data that can be seen in the log are the domains that have been blocked, since it is of course an application log and it records its activity. Also, a log is impossible to match to a device, account, phone number or any kind of personally identifiable identification. In other words: even if we have a log, we don’t know to who belongs unless you tell us.
Basically, the data stored in the file comprises application actions for setting up the user selected filters, actions to maintain the VPN tunnel that allows the filtering to be done in phone, and the blocked requests that show Blokada is running accordingly to the user selected filters. The log doesn’t even contain which app requested a blocked domain (even if that’s a requested feature).
Which is turned on in 3.7, will be off in version 4. In the next major version, the application won’t ask to share the crash report by default.
The Blokada team wanted to make clear for everyone our position over these questions. Users are not asked for “trust”. Instead, there are options and actions that allow all users to be sure of how data is handled.
Talking about version 4, we have some news to share over the upcoming VPN service.
It has been a long time request to include a VPN service, and it is understandable: while Blokada is a good ad blocker and it has a good reception, to be able to block ads without rooting a device it uses the VPN service API. Thus, the system believes there’s an active VPN connection. And since in android there can’t be two active VPNs at the same time, if a user needs to have a real VPN, Blokada needs to be disabled.
Offering a stable and reliable VPN service isn’t an easy task. It requires hardware (servers, switches, etc) maintenance, network speed, uptime warranty, several factors that must be studied closely to ensure a decent service is provided. Because Blokada is a free application, the donations are ensuring the webserver is running and kept in hand, but can’t fund the required equipment of the VPN. We are considering to start a Kickstarter campaign, more news about it later. After a long time of review and a lot of discussions, the works are started to implement WireGuard into the application, however it won’t come out with the first iteration: to ensure we provide the best experience, we aim to have a stable application that can be used on all devices and if it is so, we will extend the list of features. Of course, first a small group will test the connection and network reliability before we open the service for the wide public.
Stay tuned for v4 release and also for news over the VPN, we will keep you updated! See you later.
PS, did you know you can join Blokada Insiders and help run the project? For example, you can be managing the voting like this one. It’s totally free and doesn’t take much time. You are welcome to join us!