Blokada

blokada.org Android/ iOS

Awesome Privacy ➔ Networking ➔ Ad Blockers ➔ Blokada

Open source mobile ad-blocker that acts like a firewall. Since it's device-wide, once connected all apps will have ads/ trackers blocked, and the blacklist can be edited. The app is free, but there is a premium option, which has a built-in VPN.

Homepage: blokada.org
GitHub: github.com/blokadaorg/blokada
Privacy: community.blokada.org/t/privacy-policy
iOS App: apps.apple.com/us/app/blokada/id1508341781
Android App: play.google.com/.../org.blokada.sex
Web info: web-check.xyz/check/blokada.org

Open Source

Blokada Source Code

Author

blokadaorg

Description

The official repo for Blokada apps.

#adblocker#adblocking#android#blocker#blokada#dns#ios#privacy#security#vpn

Homepage

https://blokada.org

License

MPL-2.0

Created

19 Nov 16

Last Updated

09 Jun 26

Latest version

landing.796c

Primary Language

Dart

Size

144,818 KB

Stars

3,233

Forks

230

Watchers

3,233

Language Usage

Star History

Top Contributors

@kar (613)
@balboah (162)
@dependabot[bot] (12)
@claude (3)
@Copilot (3)

Recent Commits

dependabot[bot] (09 Jun 26)
build(deps): bump addressable from 2.8.8 to 2.9.0 in /ios (#1088) Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.8 to 2.9.0. - [Changelog](https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md) - [Commits](https://github.com/sporkmonger/addressable/compare/addressable-2.8.8...addressable-2.9.0) --- updated-dependencies: - dependency-name: addressable dependency-version: 2.9.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] (09 Jun 26)
build(deps): bump json from 2.18.1 to 2.19.2 in /ios (#1089) Bumps [json](https://github.com/ruby/json) from 2.18.1 to 2.19.2. - [Release notes](https://github.com/ruby/json/releases) - [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md) - [Commits](https://github.com/ruby/json/compare/v2.18.1...v2.19.2) --- updated-dependencies: - dependency-name: json dependency-version: 2.19.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Karol Gusak (09 Jun 26)
Merge pull request #1074 from blokadaorg/dependabot/github_actions/actions/checkout-6 build(deps): bump actions/checkout from 4 to 6
Karol Gusak (09 Jun 26)
Merge pull request #1073 from blokadaorg/dependabot/github_actions/actions/download-artifact-8 build(deps): bump actions/download-artifact from 4 to 8
Karol Gusak (09 Jun 26)
Merge pull request #1072 from blokadaorg/dependabot/github_actions/actions/upload-artifact-7 build(deps): bump actions/upload-artifact from 4 to 7
Karol Gusak (09 Jun 26)
Merge pull request #1084 from blokadaorg/dependabot/bundler/ios/jwt-2.10.3 build(deps): bump jwt from 2.10.2 to 2.10.3 in /ios
Karol Gusak (09 Jun 26)
Merge pull request #1096 from blokadaorg/ci-dependabot-allow-ios-gemfile ci(dependabot-auto-merge): allow ios/Gemfile(.lock) in changed-file allowlist
Karol Gusak (09 Jun 26)
Merge pull request #1090 from blokadaorg/dependabot/bundler/ios/faraday-1.10.5 build(deps): bump faraday from 1.8.0 to 1.10.5 in /ios
Karol Gusak (09 Jun 26)
Merge pull request #1091 from blokadaorg/dependabot/bundler/ios/activesupport-7.2.3.1 build(deps): bump activesupport from 7.2.3 to 7.2.3.1 in /ios
kar (09 Jun 26)
ci(dependabot-auto-merge): allow ios/Gemfile(.lock) in changed-file allowlist Bundler security-update PRs for the iOS toolchain touch only ios/Gemfile.lock, which was outside ALLOWED_FILES_REGEX, so the deterministic pre-check rejected them as "touches non-dependency file" (e.g. PRs #1084, #1088, #1089, #1090, #1091). Add Gemfile/Gemfile.lock to the iOS group so these dependency-only bumps can auto-merge. Vendored-copy only: the upstream reusable workflow in blokadaorg/workflows parameterizes this regex (Go-repo default) and has no iOS consumers, so there is nothing to mirror there. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Karol Gusak (08 Jun 26)
Merge pull request #1093 from blokadaorg/family-link-device-keep-token-on-edit Family: update linking device in place instead of recreating it
dependabot[bot] (08 Jun 26)
build(deps-dev): bump @types/chai (#1094) Bumps the appium-wdio-npm group in /automation/appium/wdio with 1 update: [@types/chai](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/chai). Updates `@types/chai` from 5.2.2 to 5.2.3 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/chai) --- updated-dependencies: - dependency-name: "@types/chai" dependency-version: 5.2.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: appium-wdio-npm ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
kar (06 Jun 26)
Family: update linking device in place instead of recreating it When editing the name or profile of a device being linked, the flow used to cancel the link (deleting the device) and re-initiate it, minting a new token, QR and device tag on every change. Two bugs followed: - editing the name then quickly opening the profile picker showed a gray area, because the picker was handed a device tag deleted mid-recreate; - changing the profile after the child scanned the QR deleted the tag the child linked to, bouncing it back to the start screen. Add LinkActor.updateLinkingDevice, which renames / changes profile on the existing device and keeps the same token, QR and tag. The link sheet's edit callbacks now call it instead of the cancel+recreate path, which stays only for the initial creation. changeDeviceProfile gains a select flag so linking a child does not rewrite the parent device's own filter config. A late tap from a still-open edit dialog after the link finished is a no-op, not a throw. Tracker: blokadaorg/issue-tracker#57 Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
dependabot[bot] (05 Jun 26)
build(deps): bump faraday from 1.8.0 to 1.10.5 in /ios Bumps [faraday](https://github.com/lostisland/faraday) from 1.8.0 to 1.10.5. - [Release notes](https://github.com/lostisland/faraday/releases) - [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md) - [Commits](https://github.com/lostisland/faraday/compare/v1.8.0...v1.10.5) --- updated-dependencies: - dependency-name: faraday dependency-version: 1.10.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot[bot] (05 Jun 26)
build(deps): bump activesupport from 7.2.3 to 7.2.3.1 in /ios Bumps [activesupport](https://github.com/rails/rails) from 7.2.3 to 7.2.3.1. - [Release notes](https://github.com/rails/rails/releases) - [Changelog](https://github.com/rails/rails/blob/v8.1.3/activesupport/CHANGELOG.md) - [Commits](https://github.com/rails/rails/compare/v7.2.3...v7.2.3.1) --- updated-dependencies: - dependency-name: activesupport dependency-version: 7.2.3.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot[bot] (05 Jun 26)
build(deps): bump jwt from 2.10.2 to 2.10.3 in /ios Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.2 to 2.10.3. - [Release notes](https://github.com/jwt/ruby-jwt/releases) - [Changelog](https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md) - [Commits](https://github.com/jwt/ruby-jwt/compare/v2.10.2...v2.10.3) --- updated-dependencies: - dependency-name: jwt dependency-version: 2.10.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
Karol Gusak (05 Jun 26)
Merge pull request #1083 from blokadaorg/2605-290-family-coexist [codex] Allow Family to coexist with Blokada 6
kar (05 Jun 26)
Fix iOS build: import UserNotifications in PermBinding Removing `import UIKit` (it no longer had any UIKit symbol after the local-detection cleanup) also dropped UIKit's transitive re-export of UserNotifications, which doNotificationEnabled relies on for UNUserNotificationCenter / UNAuthorizationStatus. Import UserNotifications explicitly, matching CommonBinding.swift and Notification.swift. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
kar (05 Jun 26)
Harden flavor parse and dedup the ownership probe Self-review follow-ups on the v3/status/test coexistence detection: - Parse `flavor` defensively: a non-string value previously threw a CastError that callers swallow, silently dropping the v6-ownership signal. Non-string now maps to "not a known owner". - Dedup the ownership probe in PrivateDnsCheck (shared in-flight request + brief memo). FamilyActor and PermActor both probe on the same foreground / cold-start burst; they now get one identical answer instead of two competing network calls that could disagree. Foregrounds past the TTL re-probe fresh. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
dependabot[bot] (05 Jun 26)
build(deps): bump the appium-wdio-npm group across 1 directory with 7 updates (#1092) Bumps the appium-wdio-npm group with 6 updates in the /automation/appium/wdio directory: | Package | From | To | | --- | --- | --- | | [@wdio/cli](https://github.com/webdriverio/webdriverio/tree/HEAD/packages/wdio-cli) | `9.20.0` | `9.27.2` | | [@wdio/globals](https://github.com/webdriverio/webdriverio/tree/HEAD/packages/wdio-globals) | `9.17.0` | `9.27.2` | | [@wdio/local-runner](https://github.com/webdriverio/webdriverio/tree/HEAD/packages/wdio-local-runner) | `9.20.0` | `9.27.2` | | [@wdio/mocha-framework](https://github.com/webdriverio/webdriverio/tree/HEAD/packages/wdio-mocha-framework) | `9.20.0` | `9.27.2` | | [@wdio/spec-reporter](https://github.com/webdriverio/webdriverio/tree/HEAD/packages/wdio-spec-reporter) | `9.20.0` | `9.27.2` | | [chai](https://github.com/chaijs/chai) | `6.2.0` | `6.2.2` | Updates `@wdio/cli` from 9.20.0 to 9.27.2 - [Release notes](https://github.com/webdriverio/webdriverio/releases) - [Changelog](https://github.com/webdriverio/webdriverio/blob/main/CHANGELOG.md) - [Commits](https://github.com/webdriverio/webdriverio/commits/v9.27.2/packages/wdio-cli) Updates `@wdio/globals` from 9.17.0 to 9.27.2 - [Release notes](https://github.com/webdriverio/webdriverio/releases) - [Changelog](https://github.com/webdriverio/webdriverio/blob/main/CHANGELOG.md) - [Commits](https://github.com/webdriverio/webdriverio/commits/v9.27.2/packages/wdio-globals) Updates `@wdio/local-runner` from 9.20.0 to 9.27.2 - [Release notes](https://github.com/webdriverio/webdriverio/releases) - [Changelog](https://github.com/webdriverio/webdriverio/blob/main/CHANGELOG.md) - [Commits](https://github.com/webdriverio/webdriverio/commits/v9.27.2/packages/wdio-local-runner) Updates `@wdio/mocha-framework` from 9.20.0 to 9.27.2 - [Release notes](https://github.com/webdriverio/webdriverio/releases) - [Changelog](https://github.com/webdriverio/webdriverio/blob/main/CHANGELOG.md) - [Commits](https://github.com/webdriverio/webdriverio/commits/v9.27.2/packages/wdio-mocha-framework) Updates `@wdio/spec-reporter` from 9.20.0 to 9.27.2 - [Release notes](https://github.com/webdriverio/webdriverio/releases) - [Changelog](https://github.com/webdriverio/webdriverio/blob/main/CHANGELOG.md) - [Commits](https://github.com/webdriverio/webdriverio/commits/v9.27.2/packages/wdio-spec-reporter) Updates `webdriverio` from 9.20.0 to 9.27.2 - [Release notes](https://github.com/webdriverio/webdriverio/releases) - [Changelog](https://github.com/webdriverio/webdriverio/blob/main/CHANGELOG.md) - [Commits](https://github.com/webdriverio/webdriverio/commits/v9.27.2/packages/webdriverio) Updates `chai` from 6.2.0 to 6.2.2 - [Release notes](https://github.com/chaijs/chai/releases) - [Changelog](https://github.com/chaijs/chai/blob/main/History.md) - [Commits](https://github.com/chaijs/chai/compare/v6.2.0...v6.2.2) --- updated-dependencies: - dependency-name: "@wdio/cli" dependency-version: 9.27.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: appium-wdio-npm - dependency-name: "@wdio/globals" dependency-version: 9.27.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: appium-wdio-npm - dependency-name: "@wdio/local-runner" dependency-version: 9.27.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: appium-wdio-npm - dependency-name: "@wdio/mocha-framework" dependency-version: 9.27.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: appium-wdio-npm - dependency-name: "@wdio/spec-reporter" dependency-version: 9.27.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: appium-wdio-npm - dependency-name: webdriverio dependency-version: 9.27.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: appium-wdio-npm - dependency-name: chai dependency-version: 6.2.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: appium-wdio-npm ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
kar (05 Jun 26)
Gate v6 coexistence to parent devices only The Family perm actor's "Blokada 6 owns DNS" shortcut ran on every Family install, including linked children. A child routing through Blokada 6 DNS would get DnsPerm marked satisfied and skip its own doSetDns, so it could appear active without ever installing its Family DNS profile — dropping parental filtering on that child. Coexistence is parent-device-only. Gate both the perm-actor shortcut and the FamilyActor ownership probe behind a non-linked-device check, so a linked child always sets up its own Family DNS. Use the persisted CurrentToken (set only on child devices via useToken) as the signal — reliable at startup, unlike the in-memory linkedMode flag. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
kar (05 Jun 26)
Remove unused ParentDeviceProtectionOwner.family variant It was never assigned even before the detection swap (the native layer only reported none/blokada6), and is now provably unreachable: the dns flavor mapper returns only blokada6 or none. Drop the dead state. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
kar (05 Jun 26)
Detect Family/v6 coexistence via status/test endpoint Replace the local v6-DNS-ownership heuristics (iOS App Group marker + six:// probe, Android VPN-owner UID + Private DNS host parsing) with the backend v3/status/test check. Querying it untagged reflects the live DNS owner and reports the owning flavor, so Family defers to Blokada 6 only when cloud/plus owns DNS — and no longer false-positives once Family sets up its own DNS (flavor=family). This also catches cases the local check missed: v6 installed but not protecting, DNS disabled in Settings, a plan cancelled outside the app, or a web-installed profile. UI and state layer are unchanged. The now-dead native detection code and the getParentDeviceProtectionOwner platform channel are removed. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
dependabot[bot] (05 Jun 26)
build(deps): bump the appium-wdio-npm-security group across 1 directory with 18 updates (#1087) Bumps the appium-wdio-npm-security group with 13 updates in the /automation/appium/wdio directory: | Package | From | To | | --- | --- | --- | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` | | [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `10.5.0` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.11` | `0.8.13` | | [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` | | [axios](https://github.com/axios/axios) | `1.13.6` | `1.16.1` | | [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.0.5` | `5.3.1` | | [diff](https://github.com/kpdecker/jsdiff) | `5.2.0` | `5.2.2` | | [diff](https://github.com/kpdecker/jsdiff) | `4.0.2` | `4.0.4` | | [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` | | [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `5.3.0` | `5.8.0` | | [ip-address](https://github.com/beaugunderson/ip-address) | `10.0.1` | `10.2.0` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.2.0` | | [undici](https://github.com/nodejs/undici) | `6.22.0` | `6.26.0` | Updates `brace-expansion` from 1.1.12 to 1.1.15 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.15) Updates `glob` from 10.4.5 to 10.5.0 - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5) Updates `@xmldom/xmldom` from 0.8.11 to 0.8.13 - [Release notes](https://github.com/xmldom/xmldom/releases) - [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md) - [Commits](https://github.com/xmldom/xmldom/compare/0.8.11...0.8.13) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2) Updates `axios` from 1.13.6 to 1.16.1 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](https://github.com/axios/axios/compare/v1.13.6...v1.16.1) Updates `basic-ftp` from 5.0.5 to 5.3.1 - [Release notes](https://github.com/patrickjuchli/basic-ftp/releases) - [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md) - [Commits](https://github.com/patrickjuchli/basic-ftp/compare/v5.0.5...v5.3.1) Updates `diff` from 5.2.0 to 5.2.2 - [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md) - [Commits](https://github.com/kpdecker/jsdiff/compare/v5.2.0...v5.2.2) Updates `diff` from 4.0.2 to 4.0.4 - [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md) - [Commits](https://github.com/kpdecker/jsdiff/compare/v5.2.0...v5.2.2) Updates `fast-uri` from 3.1.0 to 3.1.2 - [Release notes](https://github.com/fastify/fast-uri/releases) - [Commits](https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2) Updates `fast-xml-parser` from 5.3.0 to 5.8.0 - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.0...v5.8.0) Updates `follow-redirects` from 1.15.11 to 1.16.0 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0) Updates `ip-address` from 10.0.1 to 10.2.0 - [Commits](https://github.com/beaugunderson/ip-address/compare/v10.0.1...v10.2.0) Updates `js-yaml` from 4.1.0 to 4.2.0 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/commits) Updates `lodash` from 4.17.23 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.23...4.18.1) Updates `qs` from 6.15.0 to 6.15.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](https://github.com/ljharb/qs/compare/v6.15.0...v6.15.2) Updates `undici` from 6.22.0 to 6.26.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](https://github.com/nodejs/undici/compare/v6.22.0...v6.26.0) Updates `uuid` from 13.0.0 to 14.0.0 - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0) Updates `ws` from 8.19.0 to 8.21.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](https://github.com/websockets/ws/compare/8.19.0...8.21.0) --- updated-dependencies: - dependency-name: brace-expansion dependency-version: 1.1.15 dependency-type: indirect dependency-group: appium-wdio-npm-security - dependency-name: glob dependency-version: 10.5.0 dependency-type: indirect dependency-group: appium-wdio-npm-security - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: appium-wdio-npm-security - dependency-name: "@xmldom/xmldom" dependency-version: 0.8.13 dependency-type: indirect dependency-group: appium-wdio-npm-security - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: appium-wdio-npm-security - dependency-name: axios dependency-version: 1.16.1 dependency-type: indirect dependency-group: appium-wdio-npm-security - dependency-name: basic-ftp dependency-version: 5.3.1 dependency-type: indirect dependency-group: appium-wdio-npm-security - dependency-name: diff dependency-version: 5.2.2 dependency-type: indirect dependency-group: appium-wdio-npm-security - dependency-name: diff dependency-version: 4.0.4 dependency-type: indirect dependency-group: appium-wdio-npm-security - dependency-name: fast-uri dependency-version: 3.1.2 dependency-type: indirect dependency-group: appium-wdio-npm-security - dependency-name: fast-xml-parser dependency-version: 5.8.0 dependency-type: indirect dependency-group: appium-wdio-npm-security - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: indirect dependency-group: appium-wdio-npm-security - dependency-name: ip-address dependency-version: 10.2.0 dependency-type: indirect dependency-group: appium-wdio-npm-security - dependency-name: js-yaml dependency-version: 4.2.0 dependency-type: indirect dependency-group: appium-wdio-npm-security - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: appium-wdio-npm-security - dependency-name: qs dependency-version: 6.15.2 dependency-type: indirect dependency-group: appium-wdio-npm-security - dependency-name: undici dependency-version: 6.26.0 dependency-type: indirect dependency-group: appium-wdio-npm-security - dependency-name: uuid dependency-version: 14.0.0 dependency-type: indirect dependency-group: appium-wdio-npm-security - dependency-name: ws dependency-version: 8.21.0 dependency-type: indirect dependency-group: appium-wdio-npm-security ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] (05 Jun 26)
build(deps): bump playwright (#1086) Bumps the safari-extension-npm-security group with 1 update in the /ios/BlockaWebExtension directory: [playwright](https://github.com/microsoft/playwright). Updates `playwright` from 1.53.2 to 1.60.0 - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](https://github.com/microsoft/playwright/compare/v1.53.2...v1.60.0) --- updated-dependencies: - dependency-name: playwright dependency-version: 1.60.0 dependency-type: indirect dependency-group: safari-extension-npm-security ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] (05 Jun 26)
build(deps): bump actions/checkout from 4 to 6 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Karol Gusak (05 Jun 26)
Merge pull request #1085 from blokadaorg/fix-dependabot-automerge-public-repo Inline Dependabot auto-merge workflow for public repo
kar (05 Jun 26)
Harden Claude review step against ABSTAIN fallback gap Address Copilot review feedback on PR #1085: - continue-on-error on the Claude review step + always() on Parse decision: a hard error from the action previously failed the review job, skipping Parse decision and the annotate-abstain job, so no ABSTAIN comment ever reached humans. Now the error degrades to ABSTAIN as the design intends. - Drop Bash(cat:*) from the Claude allowed-tools. Evidence gathering is restricted to gh pr view/diff by the prompt; cat only widened blast radius for arbitrary file reads in a prompt-injection-sensitive step. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
kar (05 Jun 26)
Inline Dependabot auto-merge workflow for public repo A public repository cannot call a reusable workflow that lives in a private repo, so `uses: blokadaorg/workflows/...@main` failed at startup on every run (0 jobs, 0s). Vendor the reusable workflow's four jobs inline instead, matching the self-contained pattern used by blokadaorg/landing-github-pages. Deltas from the upstream reusable workflow: workflow_call -> workflow_run trigger, the allowed_files_regex input becomes a literal regex, and the review gate keeps the caller's fork-safety guard plus the DEPENDABOT_AUTOMERGE_PAUSED kill switch. Secrets resolve directly from org/repo scope instead of via `secrets: inherit`. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
kar (29 May 26)
Address Family coexistence review feedback

Blokada Security

2.5/10

Repo Security Summary

Updated 25 May 26

Packaging N/A
Dangerous-Workflow 0/10
Code-Review 1/10
Maintained 10/10
Token-Permissions 0/10
CII-Best-Practices 0/10
Security-Policy 0/10
Binary-Artifacts 9/10
Pinned-Dependencies 0/10
Fuzzing 0/10
License 10/10
Branch-Protection 3/10
Signed-Releases 0/10
SAST 0/10

Blokada Website

Website

Blokada - the popular mobile adblocker and VPN for Android and iOS

Keep all your devices protected with Blokada content filtering and encryption.

Redirects

Does not redirect

Security Checks

All 65 security checks passed

Server Details

IP Address 104.21.26.94
Location San Francisco, California, United States of America, NA
ISP CloudFlare Inc.
ASN AS13335

Associated Countries

Safety Score

Website marked as safe

100%

Blacklist Check

blokada.org was found on 0 blacklists

AntiSocial Blacklist
Artists Against 419
Badbitcoin
Bambenek Consulting
CERT Polska
CoinBlockerLists
CRDF
CryptoScamDB
EtherAddressLookup
EtherScamDB
Fake Website Buster
MetaMask EthPhishing
NABP Not Recommended Sites
OpenPhish
PetScams
PhishFeed
PhishFort
Phishing.Database
PhishStats
PhishTank
Phishunt
RPiList Not Serious
Scam.Directory
SecureReload Phishing List
Spam404
StopGunScams
Suspicious Hosting IP
ThreatFox
ThreatLog
TweetFeed
URLhaus
ViriBack C2 Tracker

Website Preview

View full report at web-check.xyz

Blokada Android App

APK Info

App Blokada 6
Creation Date 28 May 24
Last Updated 14 Jul 24
Current Version 24.1.2
Privacy Report View on Exodus →

Trackers

No trackers found

Permissions

Access Coarse Location
Access Network State
Access Wifi State
Foreground Service
Get Tasks
Interact Across Users
Internet
Post Notifications
Read Logs
Read Phone State
Receive Boot Completed
Request Delete Packages
Use Biometric
Use Fingerprint
Vibrate
Wake Lock
Write External Storage
Set Alarm
Billing
Dynamic Receiver Not Exported Permission

Blokada iOS App

App Info

Ad Blocker VPN & DNS – Blokada

This is the official app on App Store from the Blokada open source project. Blokada for iOS uses DNS (Domain Name System) to enable you to have an ad free experience to see only the content you want. Use Blokada Cloud to block ads and trackers, while keeping your DNS traffic confidential. Upgrade to Blokada Plus for encrypting all traffic with our global VPN network. Improve your privacy and secure your Internet against cyber attacks and hackers. ---- Top features: - Supports ad-blocking for every web browser and other app installed. - Blocks sites that distribute malicious content, viruses and fraudulent websites. - DNS based interception for all modern browsers and apps. - Fast and reliable VPN that protects your privacy and encrypts your data. The most compatible ad blocker on the market! • Blocks ads • Saves your data plan • Browse FASTER by loading less data • Increase your battery life What can be blocked? • Block annoying ads: Google AdWords, Google Invite Media, DoubleClick Bid Manager, Liftoff, Bing Ads, Amazon, etc • Block adult websites • Block gambling websites • Block social media trackers: Google Analytics, Facebook Connect, DoubleClick, Google Publisher Tags, Google AdSense, Twitter Button, Yandex.Metrix, Comscore • Block malicious websites: Virus downloads, malicious content, fraudulent websites and manipulated apps ---- Terms of Use: https://go.blokada.org/terms Privacy Policy: https://go.blokada.org/privacy

Rating

Rated 3.9 out of 5 stars by 9,467 users

Version Info

Current Version 26.2.12
Last Updated 25 May 26
First Released 06 Jun 20
Minimum iOS Version 15.0
Device Models Supported 127

App Details

IPA Size 75.48 Mb
Price Free (USD)
Age Advisory 4+
Supported Languages 17
Developer Blocka AB
Bundle ID net.blocka.app

Screenshots

Blokada Reviews

More Ad Blockers

Diversion

(Router)
diversion.ch

A shell script application to manage ad-blocking, Dnsmasq logging, Entware and pixelserv-tls installations and more on supported routers running Asuswrt-Merlin firmware, including its forks.

View Diversion Report
hBlock

(Unix)
hblock.molinero.dev

A POSIX-compliant shell script, designed for Unix-like systems, that gets a list of domains that serve ads, tracking scripts and malware from multiple sources and creates a hosts file (alternative formats are also supported) that prevents your system from connecting to them. Aimed at improving security and privacy through blocking advert, tracking and malware associated domains.

Open Source hectorm/hblock

View hBlock Report
Pi-Hole

(Server/ VM/ Pi)
pi-hole.net

Incredibly powerful, network-wide ad-blocker. Works out-of-the-box, light-weight with an intuitive web interface, but still allows for a lot of advanced configuration for power users. As well as blocking ads and trackers, Pi-Hole speeds up your network speeds quite significantly. The dashboard has detailed statistics, and makes it easy to pause/ resume Pi-Hole if needed.

Open Source pi-hole/pi-hole

View Pi-Hole Report
RethinkDNS & Firewall

(Android)
rethinkdns.com/app

Free and open source ad-blocker and a firewall for Android 6+ (no root required).

Open Source celzero/rethink-app

View RethinkDNS & Firewall Report
uBlock Origin

(Browser)
github.com/gorhill/uBlock

Light-weight, fast browser extension for Firefox and Chromium (Chrome, Edge, Brave Opera etc), that blocks tracking, ads and known malware. uBlock is easy-to-use out-of-the-box, but also has a highly customisable advanced mode, with a point-and-click firewall which can be configured on a per-site basis.

Open Source gorhill/uBlock

View uBlock Origin Report

About the Data: Blokada

Change History

Amended May 14, 2024 (androidApp, iosApp)

API

You can access Blokada's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/v1/services/blokada

The REST API is free, no-auth and CORS-enabled. To learn more, view the API Docs or read the API Usage Guide.

Share Blokada

Help your friends compare Ad Blockers, and pick privacy-respecting software and services.
Share Blokada and Awesome Privacy with your network!

← Previous

hBlock

View Ad Blockers (6)

RethinkDNS & Firewall