Prologue #
Nowadays most websites use HTTPS to encrypt the communication. You can recognize this in your browser: the URL will start with “https://” and/or a lock symbol is shown before the site name. In addition, many apps (programs on your PC, smartphone, or other devices) use HTTPS to communicate with your server. In general, this is a very good thing. Unfortunately, your eBlocker cannot by default fully protect you from tracking and ads as it cannot analyze the HTTPS communication by default because of the encryption. To circumvent this problem, the eBlocker provides the HTTPS feature. This feature basically interrupts the encryption within your eBlocker, analyzes the communication to protect you, and encrypts the communication again on the way from your eBlocker to your device. If you are interested in the details, please read the technical section below. Once the feature is enabled, eBlocker provides tracking/advertisement protection and some more features on “https://” websites.
To make the HTTPS feature work, it is necessary to apply some configuration the device itself. As this is not always possible, the HTTPS feature can and must be activated for each device separately. Also, as the configuration can be troublesome for IT novices, we do not recommend to enable the eBlocker HTTPS feature, if you have no computer/network knowledge as the installation.
But no worries: Without HTTPS support, eBlocker will protect you with its Domain Blocker and you are well covered already. However, if you activate HTTPS support, you can instead use Pattern Blockers, which are more precise: Read more about the difference between Pattern and Domain Blocker. In addition, this article lists all eBlocker features that work only if the HTTPS feature is active on your device.
Activate the HTTPS function #
Please note #
As stated above, it is not recommended to enable eBlocker HTTPS if you have little or no computer/network knowledge. You are well protected by the DNS firewall even without HTTPS enabled.
Go to the eBlocker Settings and chose HTTPS in the menu. Activate the HTTPS function by sliding the switch to the right.
Note: if you activate the eBlocker HTTPS function for the first time, we recommend to renew the eBlocker certificate to refresh its validity period. To do so, click on the CERTIFICATE tab in the HTTPS menu and then on the Renew now button at the bottom.
After this, you need to activate the HTTPS function for each device and also install the certificate on the device. The HTTPS wizard will guide you through this process. However, it must be executed on the device itself! These instructions explain the use of the HTTPS wizard for the most important operating systems.
For SmartTV or IoT devices where the eBlocker certificate cannot be stored, don’t activate eBlocker’s HTTPS function for the device (in Settings/Devices/„Choose Device“).
Troubleshooting Apps #
After the successful activation of the HTTPS feature for a device, you should be able to browse the web on the device with Pattern Blocker protection. The eBlocker symbol should appear on all web sites you visit.
However, certain “apps” (programs/applications that are installed on the device, such as a banking app or a music player) might not work because the app recognizes that the eBlocker intercepts the HTTPS connection. This is a security feature of the app (called “certificate pinning”). In such a case, the app usually display an error message like “The network/internet cannot be reached”.
Hint: To be sure that the HTTPS feature is causing the problem, it’s a good idea to temporarily disable the HTTPS support for the device (Settings->Devices->Look for the device->disable “eBlocker supports encrypted connections (HTTPS)”), then restart the app (just pressing “retry” often does not work). If the app is working now, you know that the HTTPS feature is causing the problem. Then switch the HTTPS support back on and follow the remainder of this section.
The solution is to instruct the eBlocker to not intercept the HTTPS connection for this specific app. You can do this by activating a so-called “Trusted App” within the HTTPS settings. As you can see there, the eBlocker comes with a huge set of predefined Trusted Apps and it’s usually sufficient to search for the name of the app and activate the corresponding Trusted App. See this section for more details.
If you cannot find a matching Trusted App, the Communication Failures tool is there to help you next. Once activated, it will show you in many cases the Trusted App you need to activate or will otherwise allow you to define your own Trusted App for your specific problem.
As a last resort, the Manual Recording tool provides deep insight into the communication between your device and the internet.
Which functions require the activation of the HTTPS feature? #
The following eBlocker functions require the activation of the HTTPS function, so that the eBlocker can also provide these functions on “https://” websites:
- The eBlocker icon and the eBlocker controlbar
- Cloaking
- Pattern Ad Blocker
- Pattern Tracker Blocker
- Captive Portal Check
- Compression
- WebRTC
Technical background information #
HTTPS is an encrypted variant of the standard Web protocol HTTP. The encryption mechanism itself is called “SSL”, which stands for Secure Sockets Layer and is a protocol used to encrypt communication “end-to-end” between two communication partners. Sometimes you may also encounter the abbreviation TLS (TLS stands for Transport Layer Security). It is basically the same as SSL. You can recognize an encrypted loaded page by the URL starting with “https://”. Many browsers also display a lock symbol in the address bar for HTTPS pages.
Most websites use HTTPS nowadays. This way you can be sure that you are actually communicating with the provider who’s URL you have accessed and that no third party can change or read your entered data. However, not only reputable shops and banks use HTTPS. Tracking and advertising providers are also increasingly collecting their data via HTTPS. Your profile data is then sent to the tracking server in encrypted form, but of course this does not prevent the data collector from creating a detailed profile of you.
Unfortunately, as the communication is encrypted, the eBlocker cannot by default analyze it to protect you from trackers. Instead, it will fall back to so called “Domain Blockers” for HTTPS connections (this works as the domain name is visible even for HTTPS). To allow the eBlocker to analyze the HTTPS communication, you need to activate the HTTPS support. This must be done once globally as a preparation, and then separately for each device, where the full protection is wanted. As the following paragraphs will explain, enabling HTTPS support for a device within eBlocker also requires some configuration on the device itself.
Once HTTPS is activated on a device, the eBlocker terminates the encrypted connection so that the data stream can be analyzed. The eBlocker is then the other end of “end-to-end encryption”. However, since the browser expects an encrypted connection for a “https://” page, the eBlocker then encrypts the communication to your end device. To do this, it is necessary to first include the so-called security certificate of your eBlocker in your operating system and then, if necessary, in the browsers with its own certificate store as described in here. This certificate is sometimes also called a “certificate for certification authorities”, or a “root certificate”.
Note that on the first activation of HTTPS support, your eBlocker generates a unique device root certificate and a private key which is used as described above. The team behind eBlocker has no access to this root certificate, or to the private key, or to your device, and has done everything to protect the eBlocker from hackers – but of course there is no 100% security. eBlocker offers HTTPS support as an option. If you feel uncomfortable with the eBlocker decrypting the HTTPS connection, please do not activate this option.
Further reading #
The documentation provides you with more information around the HTTPS function:
- Using Trusted Websites, you can even exclude the HTTPS function for single web sites.