
Raspberry Pi as an Ad Blocking Access Point - jwcooper
http://learn.adafruit.com/raspberry-pi-as-an-ad-blocking-access-point/overview
======
jingo
I hope that readers understand you don't need a RPi or dnsmasq to accomplish
ad blocking. That said, this in my opinion an excellent use of a small form
factor computer: as a gateway.

As a side note, what would happen if we put our own private address space "web
apps" on our gateway? Voila, the added "web app" functionality that our
devices expect, without the need to use third party servers on the public
internet that collect personal info.

In any event, if you do not have a Pi, you could just as well use any old i386
computer and any old DNS server software.

I use a gateway like this not to block ads but to detect and, if necessary,
stop mobile apps that phone home (and send out payloads of private data). You
would be amazed at what some of these apps want to send over the internet for
no good reason.

And, rather than use a HOSTS file as a blacklist, I use it as a whitelist by
populating it with all the sites I might visit.

For example, using a localhost recursive DNS server, I pre-fetch all IP
addresses for all the sites appearing on HN and put them in /etc/hosts. This
makes reading articles posted on HN much, much faster than if using an ISP's
DNS cache or some public, open resolvers like OpenDNS or Google.

Again, my compliments to the author for a great use of a small form factor
general purpose computer.

------
deckiedan
Nicely written, very clear instructions.

I'm still not sure what I think of adblocking... in some ways it makes sense
that I can display what I want on my computer, but on the other hand,
advertising on web pages is a legitimate and reasonably sane business idea.

I don't adblock, but I do have flash on 'click to play', which does stop the
most egregious and annoying ads.

My guess is, in time, that ad-blocking will simply mean more javascript and
html videos (possibly using that clever canvas trick that was demo'd the other
day) which are impossible to stop.

------
joosters
Instead of blocking the DNS, you are much better off running an intelligent
HTTP proxy that can just filter out the bad stuff. Try installing 'privoxy' \-
it's available packaged for most Linux distributions. You can then use dnsmasq
to push it as the recommended proxy for clients, or set up a few firewall
rules to turn it into a transparent proxy.

~~~
tlrobinson
Of course that won't work for HTTPS sites, which are becoming more prevalent

(PSA: install EFF's HTTPS Everywhere: [https://www.eff.org/https-
everywhere](https://www.eff.org/https-everywhere))

~~~
icebraining
Some proxies (e.g. squid) include transparent HTTPS proxying; you just need to
generate a certificate and add it to your browser.

~~~
tlrobinson
Does it work with Chrome's certificate pinning?

------
Spittie
It really reminds me of how you block ads on a router that allow SSH access
(like any router running Tomato, DD-WRT, OpenWRT...).

There are several guides online, like
[http://www.linksysinfo.org/index.php?threads/all-u-need-
ad-b...](http://www.linksysinfo.org/index.php?threads/all-u-need-ad-
blocking.33191)

Anyway, I have mixed feelings on blocking ads at the router level (or using
the RasbPi to block them). Those methods don't allow control, so if you need
to disable adblocking for any reason, it's not something you can do just
pressing a button.

Also, since it doesn't work on a per-site basis like Adblock Plus, you can't
disable it on sites that you want to support and use ads in a non-intrusive
way.

~~~
jwcooper
The guide does include ways to whitelist sites [1] you'd like to support (and
mentions it's a good idea!) and is on a per-site basis. It pulls in an ad list
from a popular site [2].

[1] [http://learn.adafruit.com/raspberry-pi-as-an-ad-blocking-
acc...](http://learn.adafruit.com/raspberry-pi-as-an-ad-blocking-access-
point/install-software) [2]
[http://pgl.yoyo.org/adservers](http://pgl.yoyo.org/adservers)

~~~
tuananh
I think he was talking about a way to quickly toggle the ad blocker on/off.

~~~
jwcooper
Yea, I didn't write that part out, but it would be fairly easy to write a bash
script to turn it on and off (and even a simple web site with a on/off button,
as you are running apache in one of the solutions). You could just move the
dnsmasq.adlist.conf file out of the dnsmasq.d directory, and then restart
dnsmasq.d, and vice versa.

~~~
mnutt
Even better, with a Raspberry Pi, you could build a physical switch to flip to
turn ads on/off.

------
JacobJans
In addition to blocking ads, I suggest anyone implementing this also blocks
all websites containing ads.

Why? When you "say goodbye to ads" you're also saying goodbye to the source of
income that pays the people who made the website.

No money, means no employees to create the website, means no more website.

Not everything can be open source / free. Nor should it be. People deserve to
be able to make a living doing the work they do.

~~~
mike-cardwell
They're not Ads. They're malware distribution and tracking networks. It is
unsafe to browse the web without blocking Ads. I would recommend everyone
blocks them, for their own security and privacy.

When websites start displaying Ads in a manner that doesn't allow cross site
tracking, and in a way that doesn't create massive centralised points of
failure for the web, I might start letting them onto my network.

~~~
eli
Disallowing 3rd party cookies will end cross-site tracking. (In practice,
opting out[1] will pretty much cover you too, but I understand why you might
not trust it.)

[1]
[http://www.networkadvertising.org/choices/](http://www.networkadvertising.org/choices/)

~~~
mike-cardwell
Disallowing 3rd party cookies wont end cross-site tracking. They want to do it
so they will find ways to do it. Even if they ignore all of the obvious and
underhand methods like exploiting E-Tags and Cache headers, they can always
just track clients across sites based on their IP address. Yes, that is not as
accurate as using cookies, but it is accurate enough to make more money than
they would make by not doing it.

------
alexchamberlain
Very interesting. Only flicked through, but please don't run Apache on a Pi;
waste of CPU and memory, run nginx or pixelserv (as suggested).

~~~
zapt02
bigoted opinion.

Apache runs fine on the Pi. Memory considerations aren't a concern when you
have 512MB of RAM, and CPU difference is neglibible for these small workloads.

~~~
alexchamberlain
Sorry, I disagree. Nginx is a much better web server than Apache.

------
shawnreilly
Reminds me of the first Project I did with my Pi (last year) except I was
using Squid and two Ethernet Ports (Apple's USB to Ethernet Adapter is
basically plug and play with Linux). I eventually did a Wifi version, very
similar to this article. I then developed a basic Web based UI that allowed
you to turn it On and Off by clicking a button. The next step was to use the
GPIO Pins to hook up a physical switch that you could press to turn it on/off,
but never went that far. For a while there I thought about packaging it as a
Product and trying a campaign on Kickstarter, but I didn't like the idea of
just repackaging someone else’s Hardware and Code and selling it as my own.
Eventually someone else did their own version (AdTrap) and was mildly
successful. These days I'm still working on Pi projects as a side hobby, got 2
Projects I'm working on right now. Ironically, one of them supports the
Advertising Industry (but not in the way one might think), and the other has
to do with Content Delivery. The only real challenge I have (and it's a big
one) is taking the next step and building something for mass production. Since
the Pi is pre-made, I view it as a great platform to build a prototype, but
not necessarily a good platform for mass distribution of a product (from a
business perspective, production cost too high). For anyone else into it,
check out the new GPS chip's they're selling. Awesome possibilities!

Regarding Ad's and Blocking Ad's, I have no remorse building something that
gives the consumer a choice to blocks Ad's. While I do agree that Ad's can be
a viable and acceptable business model, it is my personal opinion that the
Advertising Industry has been abusing consumers for decades. And I find this
detrimental to the Industry as a whole. I think it's about time that the
consumers had a choice. I find the average (aka normal) user experience of
your typical Ad (in any format) to be horrible; The Ad is basically forced on
you. I also find that the Advertising Industry has little regard for the
consumer's Privacy, which I do not find acceptable (as a consumer). I do think
that there are innovative ways to Advertise and create a positive experience,
but I don’t think the industry (as a whole) has realized/embraced them yet. It
seems to me that the Advertising Industry is stuck on a model developed in the
60's, and has continued to push this old model even while technology evolves.
I think it's time for the Advertising Industry to evolve. Hopefully I can
test/validate this with one of my next Pi based Projects.

------
D9u
For those of us who don't have a Raspberry Pi there's AdSuck, an ad blocking
DNS server from Conformal.

[https://opensource.conformal.com/wiki/adsuck](https://opensource.conformal.com/wiki/adsuck)

