As most readers know, online advertising poses a huge threat to privacy and security.
Ads can affect your privacy because they can also be used as tracking to collect data about your browsing habits and preferences. This data allows advertisers to target you with specific ads (more data = more ad revenue).
In terms of security, ads can also be malicious – see Malicious ads . Most of the ads you see on your site are served through third-party ad domains. These third-party domains can be used – or hijacked – to provide malicious payloads through the ads they serve. Malware can even be hidden in the pixels of the ad image and infect your device as soon as the page loads – no clicks required!
The problem of malicious advertising has appeared in the news many times. Even on large trusted sites (anywhere in hosted ads), it can be problematic:
Since ads are served through third-party domain names, these sites don’t know what happened before many of their visitors have been affected.
VPN ad blocker overview
There are several different ways to block ads on your device. Each of the following options has its advantages and disadvantages:
- Browser-based ad blocker – this is the most popular solution for ad blockers , such as uBlock Origin, which is used by millions of users. However, the main drawback is that these only apply to supported browsers. Be careful when using free browser ad blockers – sometimes they are funded or created by advertisers themselves.
- Block ads through routers or devices – some routers also support ad blocking. In addition, web ad blocking can be done through devices such as the Raspberry Pi running Pi-Hole .
- VPN ad blocker – In this case, the ad blocker works fine when you connect to the VPN . I have seen three different ways in which VPNs implement ad blockers: through server networks, VPN clients, and browser plugins. We will discuss it further below.
Compare VPN ad blocker
In this guide, we’ll look at the following VPN ad blockers:
- Cyber Ghost – Unlike most VPN ad blockers, Cyber Ghost does not filter DNS requests. Instead, it looks at internal traffic and modifies requests for certain domains (flow manipulation), which raises the issue explained further below.
- NordVPN – NordVPN blocks ads through DNS requests.
- Perfect privacy – perfect privacy use can also filter unwanted domain names (advertisements, etc.) via DNS requests.
- Private Internet Access – Private Internet access blocks advertisements through DNS requests.
- PureVPN – PureVPN does not seem to block any ads. There is no indication that PureVPN is implementing any ad blocking, despite the bold promotion of this “feature” on their website.
The purpose of this article is to compare other VPN services with Perfect Privacy’s TrackStop filter , which I use and recommend. To do this, from publicly available lists, such as selecting 10,000 URLs https://adaway.org/hosts.txt , http://pgl.yoyo.org/adservers/ ads, and http://www .malwaredomainlist.com/ and https://zeustracker.abuse.ch/blocklist.php for fraud and malware domains.
The results are as follows:
% ads are blocked
% malware is blocked
Called Cyber Ghost *N / AN / A
Private internet access28%37%
* Cyber Ghost is currently viewing internal traffic and modifying requests for certain domains instead of filtering through DNS requests (most VPNs do this).
*Perfect privacy is done very well because it uses a large custom list to filter traffic, including all the lists in the test sample. However, please note that no ad blocker is 100% active . The above test results are based only on test samples.
Here’s an example of a domain list test that you can use to test any ad blocker:
- List of advertising domain names
- Fraud/malware domain list
Cyber Ghost ad blocker
Cyber Ghost is an interesting case, but not very good. Instead of
filtering advertisements and malicious content through DNS requests, they actually view traffic and modify requests for certain domains to display content from Cyber ghost.
This is problematic for a number of reasons. First, manipulating traffic is something that a trusted VPN provider shouldn’t do – even if it’s out of good intentions. Second, this only works for http because the https connection is encrypted and Cyber ghost cannot (easily) access the content.
Look at this question again and have some interesting history. Back in 2016, Cyber Ghost made headlines because it installed its own root certificate on the user’s computer , effectively man-in-the-middle attacks on all https traffic . Not only does the traffic flow locally, it is sent back to the Cyber Ghost server to decide what to change.
Here’s an excerpt from the initial controversy of 2016 [the original resource now seems to be offline]:
A VPN with a root certificate installed on your computer (such as [Cyber Ghost 5] version) will be able to attack all SSL-encrypted traffic. This is called a man-in-the-middle attack. Cyber Ghost can intercept and decrypt all data linked by encryption – even sensitive information such as email addresses, passwords and bank account details. It can re-encrypt the data and pass it to the site as if nothing had happened.
For the version of Cyber Ghost tested in this article, the root certificate is not installed. But because they still use the same method to filter traffic, it means their “ad blocker” can’t run effectively on HTTPS sites. Basically, Cyber Ghost’s ad blocker is almost useless, especially since it doesn’t work for all HTTPS sites.
NordVPN Ad Blocker
On their website , NordVPN refers to their ad blockers as Cyber Sec . The Cyber Sec ad blocker works by blocking ad and malware domains through DNS requests, which requires a list of domains. NordVPN will send the blocked domain to 127.0.0.1.
Although it does a good job of ad blocking, there are many known malware domains that are not blocked and passed.
Perfect privacy ad blocker
Perfect Privacy uses the TrackStop filter to block various unwanted domains through DNS requests. In the member dashboard, you can activate different filters for TrackStop to block:
- Tracking and advertising (more than 30,000 domain names have been filtered)
- Malware and phishing (more than 65,000 domain names have been filtered)
- Facebook and other social media areas
- Google (including about 400 Google domain names)
- Child protection (blocking adult content)
Perfect Privacy’s TrackStop filter is unique in that it blocks traffic at the VPN server level, not through the application. This means it will use the network (all devices) to activate using any device and VPN protocol. TrackStop can be activated via the user dashboard and will be applied to the entire VPN network within 3 minutes.
For these reasons, Perfect Privacy offers the best tested ad, tracking and malware blocking solutions. However, I saw some complaints about their child protection filters on the Perfect Privacy Forum for adult sites to pass.
Private internet access ad blocker
Like NordVPN, private Internet access filters advertisements and malware domains through DNS requests. PIA’s ad blockers are called PIA MACE on their website . The PIA will send the blocked domain to 220.127.116.11.
Although the performance of the PIA is slightly better than NordVPN, the total number of domain names is blocked, but there is still considerable room for improvement.
PureVPN does not have an ad blocker
Currently, PureVPN is committed to setting up ad blockers on its website :
PureVPN’s ad blocker removes ads and online spam when you browse online. By doing this, it can prevent your image from consuming bandwidth and analysis code and scripts that run in the background of the pages you browse online, increasing your browsing speed.
However, when you open the PureVPN app, you’ll notice that there are no specific settings for ad blocking.
At the same time, the site claims that ” Each subscription plan includes PureVPN’s content filtering capabilities at no additional cost.”
When testing the PureVPN client on various news sites, all ads and tracking have passed. Nothing is stopped.
At this point, it is necessary to use PureVPN to clarify what happened. This is the chat history:
Guest : Hello. I have a question about the ad filter. Do I need to activate it because it doesn’t seem to work for
visitors : for example, I still see ads in theregister.co.uk and other sites
O’Brien : We don’t currently offer add-blockers to our service
visitors : right? But is it advertising on your website? It says that all plans include
O’Brien : Please share a screenshot of the ad with us. This is the past offer but not the current
visitor : Ok one second
O’Brien : Good
visitors : https://www.purevpn.com/content-filtering
O’Brien : Let me check – this is content filtering, it does not
stop Any paid ad
visitors : What does it block?
O’Brien : This will block content you don’t want to access.
Obviously, “O’Brien” will not provide any answers, so the chat is over.
In order to follow up on this meaningless chat, the following questions are emailed to PureVPN support :
How do I define “Ads” in the context of a content filtering page?
What kind of content is blocked, how to determine?
How to technically block anything?
PureVPN replies with a default response and a random link that is completely unrelated to ad blocking. PureVPN reply :
Thank you for contacting us. Advertising can be annoying. Not only will pop-up ads pop up your browsing experience, but it will eventually lead you to malicious or spam URLs. Fortunately, you can now block ads before they appear in browsers that use PureVPN. Learn how to use content filtering and block ads.
At this point, the only conclusion I can achieve is that there is no ad blocking feature, and PureVPN is doing fake advertising and fraud . Of course, given the history of PureVPN, this is not surprising. For more information, please see my comments on PureVPN .
Conclusion about VPN ad blocker
As you can see in this report, some VPN ad blockers work fine, some work fine, and some don’t work at all.
If you want the most powerful advertising, tracking and malware filters, I would recommend Perfect Privacy’s TrackStop filter . Perfect Privacy’s TrackStop filter is also an ideal solution for ad blockers on routers because it protects every device on the network.
Ad blockers from NordVPN and private Internet access filter content through DNS requests, but many ad and malware domains are still passing. It would be nice if they expanded their filter list to include more domains.
For the above reasons, I don’t recommend Cyber Ghost’s ad blocker. Finally, with PureVPN, the “ad blocker” doesn’t seem to exist.
For extra protection, you can also use a browser-based ad blocker (such as uBlock Origin) with a VPN ad blocker.