Allow suppressing HTTPS filtering error notification

[ameshkov]

Problem Description

There is a request from users who want to suppress this notification and continue trying to filter HTTPS at the same time. While I don't think this behavior should be the default, it makes sense to allow it.

Proposed Solution

• Add a new low-level setting: pref.https.opportunistic.
• Add another one that is used for suppressing notifications: pref.https.ignored.errors
• Default value: true
• Change the HTTPS filtering notification buttons from "Exclude app" and "Exclude domain" to "Ignore app" and "Ignore domain". These buttons' behavior should depend on this low-level setting value.

pref.https.ignored.errors

It contains the list of apps and domains for which we do not show HTTPS filtering error notifications.

Example:

{
    domains: {
        "www.example.org": "application.name"
    },
    apps: [
        "package.name1",
        "package.name2",
    ]
}

• "Ignore app" -- adds an app to this setting.
• "Ignore domain" -- adds an app+domain pair to this setting.

pref.https.opportunistic

• pref.https.opportunistic==true (default)
  If enabled, AdGuard will bypass the traffic if the app does not accept our certificate.

• pref.https.opportunistic==false
  If disabled, AdGuard won't bypass traffic if the app does not accept our certificate (just like what we do with browsers).

[NauseBA]

Just from a users POV:
I liked a simple option "do not show for this app and domain anymore".
I added properties to apps (see app mgmt - you have an array of app/app-properties anyway, why not add "HTTPS error notification supressed domains"?)).

Disabling filtering should always be the very last resort to get an app to work, not the "solution" to suppress annoyances.

[ameshkov]

Disabling filtering should always be the very last resort to get an app to work, not the "solution" to suppress annoyances.

I have to disagree here. Breaking connections may be disastrous to the app and even to the device, and this is not really user-friendly. That's why I want to enable "opportunistic" behavior by default.

[NauseBA]

The enhancement I was asking for is just to get rid of those notifications (regarding this single app and those individual domains) whilst having no other change in functionality of Adguard.

Maybe have a look at "Notic" app to get an idea.

Besides: No.
"Breaking connections" is not "disastrous to [...] the device".
Connectivity greatly enhances a smartphones functionality but smartphones do even work w/o any internet connectivity at all.

So if a user prefers "crippled" app functionality over privacy loss it should be the users choice.

As you mentioned on Telegram: This is a power users choice. So the default should be "weaken privacy to retain functionality".
But how does it hurt a common user to have, besides "exclude app" and "exclude domain", a 3rd choice like "do not nag me again about this"?
OK, you fear support issues. So add a screen saying "I accept that $app may no longer work and will refrain from nagging Adguard Inc. about lost functionality"

Whatever floats your boat, my solution is Notic.

[ameshkov]

So if a user prefers "crippled" app functionality over privacy loss it should be the users choice.

And the proposed solution allows you to achieve this. My point is that this behavior is not the default.

[ameshkov]

OK, you fear support issues. So add a screen saying "I accept that $app may no longer work and will refrain from nagging Adguard Inc. about lost functionality"

This can be done later, we don't have much time left to add more functionality to v3.3 release.

[NauseBA]

Leave it to future versions, there is no need to include this into 3.3.

[ameshkov]

I've tried what we implemented in the current nightly version, and tbh I'd like us to make the implementation simpler.

Here's what I propose:

1. Replace "Ignore app" and "Ignore domain" with "Ignore for app"
2. Add "Disable for app" option -- it will disable HTTPS filtering for the app
3. Make "Disable for app" the first available option

[jawz101]

I had emailed about giving me the option to turn off the little yellow bar alerting me that I do not have https filtering on. I just want that to go away and not have it say I am at 79% complete due to the configurations you want me to have of the app. It feels like I am coerced into a configuration that does not really offer much benefit since most apps disable https filtering anyways.

[ameshkov]

@jawz101 well, with root access, most of the apps do allow HTTPS filtering. Also, it is most important for web browsers, not regular apps.

Anyways, it makes sense to be able to remove that snack bar:
#3315

[jawz101]

I stopped running with root access a while ago and my browser is Firefox for Android w/ Ublock Origin. I use a whole-device ad blocker for non-web-based ads and analytics

[ameshkov]

Then you don't need it indeed

[artemiv4nov]

Done

[ministr91]

#3419

[CPCer]

Hello developers, I wonder if I can allow ALL IPs and domains with single one App in this pref.https.ignored.errors setting?
*.*.*.* for All IPs or *. for domains does not work for me...
Any help would be appreciated!

The reason I'm not using pref.notify.on.unknown.ca is that I need notification for new apps, which is easy to identify whether the problem is HTTPs filtering.

[ameshkov]

@CPCer not really, you need to specify domains, not wildcards.