I love AdGuard Home but the single binary container from a Russian company makes me nervous. I may move to building it myself. Is this criticism unfair?
> Yes because you judge people by the country they live in.
This is an extremely uncharitable reading of the preceding comment. The comment is clearly concerned about the national jurisdiction from which the AdGuard binary originates, not the national origin of a human.
American government initiatives against Huawei telecom hardware at critical junctures aren't making a personal statement about Chinese individuals. European regulatory skepticism of American-located cloud services isn't a personal statement about American individuals. Russia and China requiring the on-shoring of data-centers doing business in their internal economies aren't making personal statements about foreigners by doing so.
Whether or not you hold all those governments as roughly equal, none of them mistrusting each others' jurisdictions is "judging people by the country they live in." It is judging the trustworthiness of the governments of those countries. And the people in those countries are inevitably subject to the jurisdictions of the governments that rule them.
If someone actually attacks people on the basis of national origin, have at it, but please don't brow beat individuals for making common-sense risk assessments.
I built it myself for a while but as I mentioned elsewhere, it's now being packaged in the Alpine Linux testing branch. That makes a container image an 'apk add' away.. whether you trust Alpine Linux more or less than the AdGuard Home teams is up to you.
I don't trust Iran, North Korea, or China either. It's not hard, I'm an American and it's 2025. These are our adversaries (I didn't choose them) who currently commit cybercrimes against us. Hopefully in 2035 that won't be the case and we can all sing kumbaya.
This seems like woefully naive virtue-signaling to me. I geo-block all traffic from Iran, N Korea, China and Russia specifically at my clients' firewalls because I have watched the logs and could clearly see IPs from each of these countries attempt connections to American businesses every minute of every day. Try to single out the offending IP and tomorrow it moves to another; you will spend the rest of your days adding to that block list. It is perfectly sensible to block the country entirely; and better yet - as I've made a standard for my clients - block the entire world, and only allow specific countries to talk to your firewall. Then you can add more granular blocks on top of this. If something gets blocked that shouldn't, that's not painful to adjust. I have no doubt there are many fine people in Russia, but that doesn't mean there's a single computer in Russia that has any business talking to mine.
Logically, if Russians would want to infiltrate your organization, they won't do it from Russian IPs directly, but instead do it from cheap proxies, and those proxies are abundant in Netherlands or Germany.
Only stuff like scanners and other basic stuff (that comes from devices that have been left unattended and without updates). But the actual malicious traffic is not that easy to spot, as it won't be router directly.
i used to do similar on gaming clans' forums; for local rationalized fps we didnt want folks with 300+ ping and country blocking was pretty easy (and folks on the forums were either spamming us with porn or trying to become a member). though since it was forums based i did allow GETs but restricted POSTs ect vs straight up 0 access
