There's a few on there I don't use and will look to implement. There's also a few they seem to have missed (perhaps intentionally?) so below I have included the lists I use in case it's useful for anyone else:
pihole -w www.msftncsi.com settings-win.data.microsoft.com outlook.office365.com products.office.com c.s-microsoft.com i.s-microsoft.com login.live.com outlook.live.com dl.delivery.mp.microsoft.com geo-prod.do.dsp.mp.microsoft.com displaycatalog.mp.microsoft.com xbox.ipv6.microsoft.com device.auth.xboxlive.com www.msftncsi.com title.mgt.xboxlive.com xsts.auth.xboxlive.com title.auth.xboxlive.com ctldl.windowsupdate.com attestation.xboxlive.com xboxexperiencesprod.experimentation.xboxlive.com xflight.xboxlive.com cert.mgt.xboxlive.com xkms.xbolive.com def-vef.xboxlive.com notify.xboxlive.com help.ui.xboxlive.com licensing.xboxlive.com eds.xboxlive.com www.xboxlive.com v10.vortex-win.data.microsoft.com settings-win.data.microsoft.com creative.ak.fbcdn.net external-lhr0-1.xx.fbcdn.net external-lhr1-1.xx.fbcdn.net external-lhr10-1.xx.fbcdn.net external-lhr2-1.xx.fbcdn.net external-lhr3-1.xx.fbcdn.net external-lhr4-1.xx.fbcdn.net external-lhr5-1.xx.fbcdn.net external-lhr6-1.xx.fbcdn.net external-lhr7-1.xx.fbcdn.net external-lhr8-1.xx.fbcdn.net external-lhr9-1.xx.fbcdn.net fbcdn-creative-a.akamaihd.net scontent-lhr3-1.xx.fbcdn.net
I've used that to populate my own hosts + dnsmasq blockfiles. Using just the winhelp2002 list does a passably good job on a DD-WRT imaged router (~13k entries).
I did think about writing something to share but projects like Pi-hole have done a better job serving the community than i could have. So i just share the sources i use instead incase any like-minded sysadmins find it useful.
Its pre alpha but may work for you
I've been running various blocking and reporting systems for coming on 20 years myself, and find that applying my own hygiene controls to network traffic is ... surprisingly effective. Not bulletproof by any means (though reasonably effective against "bulletproof" hosting providers), but it massively reduces attack service.
I've been thinking a lot about networks, size and scale, and the corresponding levels of abuse. To a rough approximation, the Internet grew by an order of magnitude from 1969 to 1970 (1 to 10 nodes), 1977, 1985, 1987, 1989, 1993, 1995, 2000, and 2012 (1 billion nodes).
The "Linux Sucks" guy (multiple presos at Linux conferences on the state of breakage within Linux) did a preso recently on the IoT, noting that we're going to be looking at roughly 80 billion nodes by 2020. I'm wondering what that will do to various forms of abuse.
In the 1970s there was Phreaking and John "Captain Crunch" Draper. In the 1980s, the first boot-sector viruses (Brain: 1986) and the Morris Worm (1988). War dialing was a thing.
Through the 1990s, there was Usenet spam, first jokes like Make Money Fast, then Green Card. With the spread of the WWW, the first banner ads, pop-ups, and click fraud.
2000s: adware and spyware (bug-for-bug compatible reimplimentation on Android now), ID theft, high-profile viruses (Nimda, Code Red, Welchia, Slammer...), DDoS, and Phishing.
In the 2010s, click fraud and various forms of doxxing and pranking lead to wholsesale attacks on liberal democracy itself, with A/B tested bots and informational attacks.
I'm looking for a concept of network scale and problems encountered out of this.
The move to advertising as the basis for the Internet has hidden, at least from most users, the cost of running a website and putting content online, which is frankly quite low compared to what it used to be, both in terms of actual money and the time/effort/experience required.
While in the mid/late 90s running a website could be a financially risky proposition (there are all sorts of semi-funny horror stories about people who ran labor of love sites that got Slashdotted and ended up with hundreds of dollars in bandwidth bills), today you can stand up a VPS on a Gigabit connection that's capable of serving orders of magnitude more users than most sites will ever see for a few bucks a month. I don't think that is necessarily a bad entry point for a communications platform that lets you talk to a significant percentage of the global population in one shot.
I'm not convinced that having the dominant model be "labor of love" as opposed to "make $$ off advertising" is necessarily worse or would result in less quality content. The advertising-driven model has given us clickbait and even machine-written garbage articles, link farms, etc., none of which would really exist under a publisher-pays model. There are significant hidden costs to the ad-based model, which are externalized on all players, including hard-to-define costs of privacy in terms of the way major players are incentivized to build detailed dossiers on users in order to improve ad targeting.
I think the ad model needs to improve where the major players will start enforcing strict rules on what types of adverts are allowed for example, they could reject any advert that waste CPU cycles, reject ones using too much memory, ban buggy adverts.
Plus, the number one concern these days, the privacy concern, I am forced to use adblockers everywhere on the Internet except for a few sites because I do not want some company giving me product recommendations just because I had a conversation with a friend about something related.
You could argue that this doesn't solve your problem, because we have to identify you to tell if you have paid or not. But actually paying for a service radically alters the relationship - it's suddenly in our interests to keep your information private, because if we don't you'll stop paying us and move to competitors who can provide better privacy. So we're now on the same side on this issue.
The old adage that if it's free, YOU are the product is now understood by more and more people.
Honestly I don't think we should even think about getting rid of adverts, but I definitely think that these adverts need to focus on being non intrusive, they have to start respecting people's privacy. I would willingly support a product which helps keep something I love online. But I would definitely think twice if that said company tries to get through to me by tracking and observing what I do online.
The trouble is, most third party networks are so laser focused on getting people to "interact" with their advertising that they've skewed the game in favor of distracting users from the content they arrived to consume. They're so focused on targeted advertising that they regularly invade users privacy, utilize questionable data collection practices, and break down security barriers when browsers try to shut down their violations of user trust. It's no wonder ad blockers are on the rise, because the existing ad networks are all untrustworthy.
There will always be a place for advertising when it's done properly. Watch an NFL broadcast and observe the product placement, the logos and sponsors everywhere. It's organic, integrated into the very fiber of the broadcast in a way that couldn't be blocked with even the most sophisticated blocking software. And it's also usually quite tasteful, there to promote the product, but not distracting enough to detract from the game the viewers came to the channel to watch.
This kind of advertising, organic product placement and sponsorships, where the content creator and the advertiser have a real partnership and coordinate their efforts, this is the kind of advertising I want to see more of. For all the drama they tend to draw, I commend the Gawker sites (Gizmodo is particularly good about this) for their Sponsored posts and their frequent "Deal of the Day" posts, which are first-party advertising that my blocker regularly fails to block. And you know what? Some of the deals are genuinely interesting to me, because Gizmodo clearly knows their audience, and selects advertising partners that make sense on their blogs. More of that please!
If the ad floats over the content. If the ad overlays my screen. If the ad forces me to do something to dismiss it, I don't care what the product is. I'm going to be less inclined to buy.
Put a normal, rectangular ad on the screen that doesn't dynamically resize itself while I'm trying to read the content and don't spread the content across 31 different pages just to increase the number of ads you show me.
I would perhaps say that it's the way that ad networks interact with content sites that's the problem.
With the current "automated just-in-time auction of the eyeballs of the person-we-identified-using-the-site's-metrics, with the site itself just providing the rectangle of space to slot the result into" model, content providers are essentially entirely beholden to whatever the ad network thinks is the best thing to put on their page.
An ad network could instead be a sort of "marketplace" service that lets content providers browse ads from various sources (or get ads suggested to them, using the same algorithm they'd have used originally to force ads on users), and then approve for display the ones they find tasteful/in line with their brand.
That is, after all, the model for running ads in any other medium: the publisher gets to provide ultimate editorial judgement on whether a given ad belongs in their publication.
(Also, in such a model, the content provider would likely be the one hosting the resulting ads, so we'd be able to avoid the whole ads = tracking beacons problem we face today.)
I also sell and self-host my own advertising which can only be non-animated jpgs/pngs which gives me ultimate judgement. There is a barrier to entry on this style of ad sales, but overall I feel like it has been worthwhile pursuit so far in the 3 or so years I've been doing it.
Thus my view: we need a "catalogue of creative, you pick what you run"-style ad network, so that the little guys have somewhere to turn instead of acquiescing to the existing networks and ending off with their sites showing chumboxes.
As an aside, I've seen multiple cases of live video-processing to replace or overlay advertisements on sporting events, such as those plastered on the walls of arenas. (Generally done during broadcasts of those events, as part of deals that separate the market for broadcast and in-person advertising at those events.) So, don't underestimate the ability to block advertisements given sufficient motivation.
I've thought about that many times when watching old sports videos, especially some motor racing and football which used to have very prominent cigarette advertising - thankfully illegal now here in Australia.
Often the ads are blurred which I actually don't like as it kind of ruins the feel of the show. I'm not a fan of such retroactive censorship, it feels historically dishonest. What is a film if not a recording of the zeitgeist? And within that zeitgeist, cigarette advertising was acceptable. I'm not sure if it's actually required legally as I could have sworn that I've seen some without the blurring.
Customisable TV ads is not an idea I'd be prepared to release onto the world. If there's one thing that humanity doesn't need, it's more advertising.
So if the the ad networks themselves truly are the problem (and as a result adblocking is ever on the rise), it sounds like there is an opportunity for a better, more "organic" solution accessible to the long tail of smaller sites looking for monetization options. Sounds like a tricky nut to crack, as I'm sure anyone who works in the industry would tell me.
For me that is quite funny in a way Americans might not get since brands and commercials are more or less everywhere.
Some great examples of this are the TWiT network and the Co-Optional podcast.
I switched right from "well, ads support the internet so" to "kill this s### with whatever fire I can enable my browser with".
Web advertisers, we gave you a chance and the rich benefit of the doubt. You completely and totally earned every bit of this thats coming down on you now.
The trouble is that incentives are misaligned so we can't get to a middle ground position.
- Content owners and ad networks have little incentive to make ads that are better for users. They just want to get an ad system going that's simple to implement and allows tracking and fraud detection.
- Users who dislike the privacy, security, resource use issues with ads find it easier to just block ads completely. It would be much harder to work out a solution involving proxying, sandboxing, etc.
These conflicting incentives mean ad networks produce something good for them but bad for users and users (who know what to do) will do something that's good for them but bad for ad networks. There's a middle position, but neither party has a reason to attempt it.
If end-user can instruct their computer "do this and don't do that" and freely share those scenarios with other end-users - I guess, everything's fine... or it isn't?
(Of course there's a never-ending-until-the-singularity arms race between ever-complicating advertisement delivery code vs ever-improving advertisement blocking rules... but that's just bound to happen, so personally I'm just looking forward to whatever would speed things up to their logical conclusion, whatever it will be.)
Ads are not the only way to support free content, and in most cases free content is paid for with advertisement (at least not amounts you could see as a payment).
On the other hand ads lead to consumerism, overconsumption, poor spending habits, waste of resources for the adverts and the products they sell, and they reduce our attention to things that actually matter (like the traffic while we're driving cars).
Ads are about what's being sent from publisher to consumer. It can be solicited, unsolicited or something in-between. And privacy is about what's being sent in the very opposite direction.
Certainly the untargeted adds I see (or even those I can tell are by virtue of the place I am, instead of my own customer profile, seem much lower quality.
Even something very expensive to run would be justified with all the money that advertising brings in.
If Google can create software that can tell what's in a picture, or if a person in a picture is happy or not, why can't they find a way to fool ad blockers..?
- Google Chrome for mobile doesn't allow add-ons so you can't install ad-blockers. (You can install browser extensions with Firefox for Android.)
- Google Chrome uses a dark pattern where the address bar tends to send users to the Google search results page instead of to their final destination (compare the behavior with Firefox's). That means that even if you have an ad-blocker, many users are likely to click on Google ads on the way to the destination site, even if they are blocked on the destination site.
- Android doesn't provide fine-grained permissions control or root access, so users can't block ads.
- Some of their content is designed to coerce users to buy restricted Android-based content-consumption devices. For example, you can't buy movies on YouTube and watch them HD in Google Chrome (at least on my computer). You have to buy another computer that doesn't have root access (an Android device) in order to consume the videos in HD. Once you're on the restricted device, it's harder to block ads.
- Google introduces projects like AMP that try to convince webmasters to restrict their monetization options and make it easier to appify the WWW. AMP even serves your content from Google's servers. The more control of the content they have from server-to-eyeball, the more options they have for stopping ad-blockers (and the worse it is for open technology).
One caveat here - Google devices are probably some of the most allowing of root access and full device ownership - easily unlocked bootloaders basically allow it to be a one button process.
Some manufacturers make you put your device on a shitlist with them before they'll give you a key to unlock the bootloader and root it - others, like Apple, won't allow you to at all.
Once you are rooted, you do have full ability to block everything and get fine-grained permission control via XPrivacy for example. Android devices are actually some of the best here mostly due to strong community support. You can't even get this control if you want it on many mobile devices these days.
However, what I'm trying to get at is that, for example on iOS you still can't block in-app non-Safari ads at all. On Android you can do that if you want to, and a lot more, you can also block specific connections, block device-specific identifiers, APN lists, accelerometers, wake state, etc - it's a better compromise for someone concerned about privacy than other platforms even with this considered right now.
Can you still brick it? Yes. Is it likely if you type the two commands as you're told to on the website? No.
Also, bricking doesn't just happen, if you understand what you're doing you'll be fine. That "some risk" isn't random, it's in the case that you do something incredibly stupid. Get a custom recovery on there as soon as possible and you can pretty much recover anything.
Did you hear about SafetyNet? https://koz.io/inside-safetynet/
On Android devices with unlocked bootloaders, a great amount of apps won't work.
Android Pay, Snapchat, Pokémon Go, etc.
Google has tried to fight rooting as much as possible.
So, yes, they can do something: blow fuses in the fucking system.
From what I've seen the only mention of such fuses on Google devices is one that enables secure boot from factory and forces you to run the unlock command as I mentioned to reflash your bootloader - nothing to do with safetynet or anything similar.
Let me know if I'm missing a device which does actually do this. Yes, it's theoretically possible, but requires sufficient crypto hardware and protection to make it significant and it'd be a significant shift in direction for Google to go this route currently in my opinion.
Of course a full safetynet emulation that would spoof the check as a different device would also be an option... but it'd be a pretty big undertaking, but one which I'm sure would happen if this ever became a remotely significant threat.
- Android apps like YouTube and Google News use a built-in browser frame to show navigated-to web pages, rather than opening them in an external browser. The built-in frame uses Chrome tech, without add-ons. They used to allow you to open links by default in an external browser, but not any more.
To block ads in Chrome Custom Tabs  you can either use Chromer  to change the custom tab provider to Brave  or use the article mode in Chromer.
Now I just hope that Brave doesn't turn out to be too evil :S.
Before anyone chews me out, as this effectively renders many free apps equivalent to their premium (ad-free) counterparts, I usually pay for said premium versions to compensate their developers.
Using adaway or a pi-hole for that matter will not - they will only cause ad loading to fail (in some cases) - which sometimes results in frames showing errors on the page instead of a clean rendering of nothing with ad divs removed.
Personally I wind up using several methods - AdAway to kill most app ads, uBlock for web and Xposed to kill YouTube ads since the hosts-based methods seem to work rather poorly for them as their subdomains change all the time.
That's weird, I didn't get any Youtube ads in quite a long time, and only use AdAway.
Defense in depth.
It's called HDCP, and I believe it's a combination of your GPU, monitor and cable between it supporting it. Netflix and most other online streaming services do this too. It has nothing to do with root access.
And if a site decides to start combating the ad blockers, the adblock list providers will update their rules specifically for the site in question. Adblock users get upset whenever they see ads, and report them pretty quickly.
The business I work for tried blocking adblockers and after a bit of back and forth they trumped us by blocking all AJAX requests on our site. We gave in after that.
What "mistake?" That the developers couldn't foresee and block the exact elements against ad-blockers before they became real?
Reading the parent comment, it seems users are not opposed to reporting specific instances for the greater good. This is obviously more energy consuming than uninstalling, so where do you get the idea people will all of a sudden stop using an adblock because it failed to get passed one or two sites?
We're already seeing anti-ad-blocker-blockers being developed to remedy this problem. And if they don't come fast enough, users can just turn off their adblock for one page and be done with it.
Direct advertising is a dying legacy tactic. The most successful ads these days are the ones you can't tell are ads. They're also the stronger poison of the two.
You mention that native ads are gradually replacing direct ads as if it's a good thing. The good guys in the publishing industry go out of their way to prevents ads affecting content, they don't allow their writers/presenters etc to touch advertising and everything is clearly separate.
In the long term, ad blockers will just push out those people who are driven by ethics and you'll be left with the sleazy publications that are driven by PR. This is coming from someone who has dealt with PR agencies and constantly turned down proposals.
> The business I work for tried blocking adblockers and after a bit of back and forth they trumped us by blocking all AJAX requests on our site. We gave in after that.
I took this to mean that adblockers had to evolve and block AJAX on the website to make it accessible. Not, that they were hasty and disabled all functionality.
> You mention that native ads are gradually replacing direct ads as if it's a good thing.
On the contrary: "The most successful ads these days are the ones you can't tell are ads. They're also the stronger poison of the two."
> The good guys in the publishing industry go out of their way to prevents ads affecting content, they don't allow their writers/presenters etc to touch advertising and everything is clearly separate.
I didn't know this. However, I think it's a losing game. Consumers don't seem to care too much about the "good guys," unless a moral campaign is spear-headed (a la Tesla by The Oatmeal), only not seeing ads at all.
It's ironic really. We block ads so we're not influenced by them, but then we lower our guards and become susceptible to the indirect kind.
It's the natural order anyway. There will be those in the coming generations that will be like just like us. Except where we fought against direct ads, they will fight against the indirect. There've always been those unorganized who value critical analysis in all contexts, but their findings and ways never reach the public and make any impact.
Or maybe we've just made ourselves out to be sheep. As long as the coyotes aren't around, out of sight out of mind.
> In the long term, ad blockers will just push out those people who are driven by ethics and you'll be left with the sleazy publications that are driven by PR. This is coming from someone who has dealt with PR agencies and constantly turned down proposals.
As is with all things. You do not survive by being ethical, but by being the most adaptable, and sociopathy happens to be a great adaptation for sales.
I'm more interested in what happens next after the sleaze epoch. Will ads continue to become more and more manipulative then, finally after reaching too far, begin to wither and fade into the anals of history (albeit likely not as known as it should be, because of "out of sight out of mind."). Or will someone finally shake up this industry?
Other than that, they are essentially freeloaders and if a website has too many freeloaders it has to either get rid of them or convert them to something else. Or, I guess, the website could shut down completely.
Funny. Ads are consuming CPU time and electricity that I pay for in addition to my attention and time, and compromise my decision making. To me, any of those are infinitely more valuable than resources the website expends on serving ads or trying to.
Buzz. I block ads but I also post links to articles on social media that are then followed by people who do not block ads.
I have a couple of areas of focus where I am exceptionally knowledgeable and people who have anything more than a passing interest in those subjects check out links I post.
Or, I guess, the website could shut down completely.
The tragedy of the commons.
Just the same, if you have an adblocker installed it's unlikely you're the type of person who is going to be clicking on ads anyway. And PPC ads are much, much more prevalent than impression-based ads. So if someone is blocking your ads, you're not losing anything. You get paid when someone clicks an ad, and if they're going to the trouble of blocking all ads, they're not clicking anything anyway.
You create a system where they won't or can't visit your site, and your traffic decreases, which will have an effect on your ad rates.
You can have all the ads you want, but if people aren't visiting your site - and sharing links to it, talking about what they read there, recommending it to others - they're not going to get you much revenue.
Almost universally, it's not worth it.
I thought "hey, the Newsletter and Security Notices icons aren't clickable", opened a ticket, and found that the input and submit elements that should be under those icons were being blocked by disconnect.me :)
Who does that leave?
I don't have experience fighting ad blockers, though (I actually enjoy my ad blocker).
If Google did it, I doubt ad blockers would be able to block all ajax request on Google, or everyone would simply uninstall the extension.
The 5% (of which pretty much all of HN is a part of) can probably afford to pay for the cost of creating that content. The 95%, consisting of not just hourly wagers but also salaried folks generally can't afford to. The trade off is ad supported content.
So it's very unlikely to die off.
I guess, for network level ad blockers, I'm not seeing obvious advantages to a program written as an app vs a program written to run in a browser.
But in the end you probably won't win against someone who really hates ads. - and that's probably better for users as well as advertisers.
Sure, I believe that I am pretty much completely unaffected ads, but then so does almost everybody else.
Is it because you believe people use ad-blockers because they're impulsive and can't hold their gaze?
I mostly combat any ad influence on me by making a point to _not_ buy anything that is advertised. Works out pretty well for helping me keep my sanity and conscience a little.
This is in the same vein of inductive reasoning as "just snap out of your [insert mental illness/addiction/etc.]."
"People," in this context, isn't defined either. If however we were to say that by "people" you mean millennials, then you would be wrong.
But if you meant "the population at large" you would be correct.
Although, the second statement is tangential to the article at hand.
My second statement was highlighting how ones own opinion of oneself is not objective.
And I retorted that ones own view of oneself can not be extrapolated onto the population at large if it is not objective.
But I should have been clear, when I mean "second statement" I mean so inside my own post. Ex:
1st Statement: "People," in this context, isn't defined either. If however we were to say that by "people" you mean millennials, then you would be wrong."
2nd Statement: "But if you meant "the population at large" you would be correct."
Which was in defense of the tech-literate and the young, but after researching some more my statements were based on old information.
The only people that come to mind who are easily susceptible to ads are the old and tech-illiterate, i.e those who don't have much experience with ads. Though this is just conjecture.
It's like saying "sure, I think think that I'm smarter than everybody else, but then so does everybody else."
My point was that people should not take their own assessment of themselves as strong objective evidence about themselves.
Sure, you could whitelist www.google.com, mail.google.com, etc, but couldn't they keep ahead of you if they were ok with using their main domain? They could even start using www.google.com/ad-id
Currently domain-based filtering is probably too small a proportion of traffic to even care about, but as ease-of-use comes to the masses there may come a point where the pro-ad side will implement this.
This would require cooperation from the sending http stack, in this case the browser. I doubt that this is a viable option in this case.
What if the New York Times decided to host all ads themselves? nytimes.com/ad-42.jpg couldn't be distinguished from nytimes.com/todays-front-page-image.jpg
Obviously it's more likely for ad ad-provider like Google to do this, but even then, if there's new content from Google (say a blog post) I expect to be able to see it.
You could whitelist the search results page and nothing else.
Viewing a blog post is less important IMO.
* Security/Guidelines/Web Security - MozillaWiki || https://wiki.mozilla.org/Security/Guidelines/Web_Security#Co...
Mozilla makes a good tool to let you scan and report on this sort of thing for any site.
* Observatory by Mozilla :: Scan Results for news.ycombinator.com || https://observatory.mozilla.org/analyze.html?host=news.ycomb...
It is also my understanding that some of our boxes are here solely to proxy requests (either assets or websockets, which are increasingly popular in the field) to 3rd parties, to make sure it bypasses client side countermeasures.
IP (and BGP) are ultimately concensus realities.
Before that I would be bombarded by ads for every video and then in the middle of any video that ran more than 30 minutes.
I don't mind a few ads I get the concept but 95% of the ads were just two companies Wix and Grammarly over and over.
youtube.com apis.google.com script allow
youtube.com googlevideo.com * allow
youtube.com gstatic.com * allow
youtube.com s.ytimg.com script allow
youtube.com ytimg.com * allow
Current browser-based blocking tech would be rendered useless, right?
(Pocket ... has multiple annoyances. It's better than the alternatives, so far as I've tried, but that is one hellaciously low-set bar.)
curl -sSL https://install.pi-hole.net | bash
Yes, I know this is supposed to be a convenience thing, but I wish people wouldn't actively encourage this pattern.
> Our code is completely open, but piping to bash can be dangerous. For a safer install, review the code and then run the installer locally.
This allows an attacker to display one (safe) source when you view it in your browser on your workstation, or wget it, and serve a different (nefarious) source when you curl/pipe it.
So, a more complete analogy would be: a bottle that gives you a safe chemical compound when you extract it for analysis, but throws in some VX when you go to administer it.
To combat this sort of thing, @jbenet made hashpipe: https://jbenet.github.io/hashpipe
Summary: Fill your script with an invisible payload that fills any buffers, and put something time consuming (say `sleep 5`) early in your script in order to detect that the script is being executed directly rather than just stored to disk. If the client halts before having read all data, it is likely a `curl | bash` scenario. If it just keeps reading, it's a regular browser just downloading.
That way, it is the same as running cURL without piping the output to bash, so people can easily check the code without worrying if the server is sending them different code when they pipe to bash
Anyway, if you decide to live on the edge.. don't copy-paste: http://thejh.net/misc/website-terminal-copy-paste
You cannot look at version history, check a signed package, etc. etc.
If someone wants to root just a few select machines, you would want people to do a curl install.
I can't stop people from doing potentially dangerous things, but I don't have to promote those things, either.
`curl -sSL https://install.pi-hole.net`
It's only 1400 lines of code.
At least it has TLS to prevent a MITM
I doubt step-by-step instructions including a review of the script's content would improve the average user's security, in much the same way that click-through ToS dialogs always garner such much scrutiny.
Edit: another comment quoted the warning on the page, at this point it feels like complaining is tilting at windmills.
Why do you care so much about what people do or don't do?
Edit: We're talking about blocking ads, right? If people encouraged everyone to block ads what would happen to the economy?
The end game for ad blocking is to all but eliminate advertising. An ad blocking client could, ultimately, just block any domain that has aggressive anti-ad block features.
With enough users doing this, new sites that are ad free would quickly replace the old ad driven sites. Some of the ad driven sites would modernize.
Ads are a failed path. By eliminating ads we open the door to novel solutions. Only a cynical fool could believe technology isn't up to solving this minor problem. There are already a dozen potential solutions waiting for the incentives to change.
And how will ad free sites supposed to pay writers to make and keep the site free?
There are already a dozen potential solutions waiting for the incentives to change.
Go ahead and list them...
I have never found ads in buses and trains to be particularly obtrusive, and usually don't find them to be tasteless. Advertising in print media is fine, and oftentimes even useful. Advertising on TV and YouTube is generally tolerable.
The only place where ads really become toxic is when they're being served up through ad networks. As far as I can tell, nobody likes them. Users obviously hate them - adblockers are darn near ubiquitous nowadays, and it seems that folks have generally realized that most Web ads have more in common with junk mail and telemarketing than they do with other forms of marketing. Advertisers don't seem to like them much, either, or at least they don't like them enough to be willing to pay anywhere near the price that they'll pay for ads delivered any other way. And content providers have to be aware that they've made a Faustian bargain.
But consider the advertising on a site like knitty.com, which is tasteful and relevant. And it does it using a targeting model that's eminently sane and civilized, namely, placing ads on a site you pick based on knowing that their audience and your target market are one and the same. That's an online advertising model I can get behind.
It takes time (that's money) to create quality content that anybody would love reading. Heck, even content that's crappy takes time to create.
I'm also fine with ads in podcasts since the creators will sometimes at least use the product and it's implemented in a way that's largely expected, e.g. (plug in the beginning, plug in the middle, maybe a plug in the end...)
So is that site still up? If not, why did you stop? Too much effort to keep it running?
Regardless, this is a step in the right direction. DNS is highly effective for this filtering out advertising.
Personally I just run my own authoritative nameserver(s) with all the IP addresses I need. No recursive cache.
When I browse to websites where I have never been and may not return, I am never using graphical browser that loads "resources" automatically from any random domain.
I am using a browser I compiled myself. I am only reading text.
Binary resources, e.g., video, can be downloaded non-interactively with an ftp/http client.
If it is an important website that I use repeatedly, then I have all the IP addresses for the resources the website's pages will need stored in a zone files. Then it is "safe" to use a browser written by an organization company that makes money from ads. All DNS requests are answered by my server(s).
I can retrieve (refresh) the IP addresses for my zone files very quickly with custom software I wrote to do this. My lookups are faster than a cold recursive cache and send out fewer requests.
IMO, the way to think about "ad-blocking" is not to try to imagine how to block every possible ad server. Instead, just focus on what web content you want and figure out what addresses you need to get it.
At one point a certain browser written by an advertising company had its own DNS resolver. Imagine your /etc/resolv.conf being completely ignored. Food for thought.
Neither. Those benefits are only side effects.
Cumulatively I think AWS is adding a hefty amount of latency.
The way their DNS is configured is often convoluted, requiring excessive layers of gratuitous lookups. It sometimes borders on absurd, much worse than I have ever seen with CDNs.
Fastly is doing a much better job with minimizing DNS queries. Certainly better than Akakami ever did.
The best part was when I first fired up the web interface and saw that it had already blocked 14 requests after hardly being up for more than 5 minutes. Nobody was home at the time, so it was kind of a wake up call to see idle devices reaching out to potential ad servers.
 Except, maybe, you.
It is good software which does simple things very well.
Set up a cheap cloud hosted adblocker in an hour for $2.50 a month
Of particular added value there was mention of Android apps that can be setup to self-host an ad-blocking VPN / hosts filtering without rooting: https://news.ycombinator.com/item?id=13853408
NetGuard is the first free and open source no-root firewall for Android.
Optionally block ads using a hosts file (not available if installed from the Play store)
I re-linked NetGuard as the most user-friendly, but https://github.com/julian-klode/dns66 was also mentioned.
I may switch to an Odroid C2 if I go with a permanent VPN connection as the throughput of the RPi3 network port is not the best.
Compare the "automagical" whitelist entries (http://imgur.com/a/rxgsC) to the Default whitelist here: https://github.com/pi-hole/pi-hole/blob/master/adlists.defau...
Edit: The code that does it: https://github.com/pi-hole/pi-hole/blob/master/gravity.sh#L2...
Thanks for vouching for me :)
You got hit by a spam filter; they're tuned more aggressively for new accounts. We've marked this account legit so it won't affect you again.
Also, if you click the timestamp you should see a [vouch] link. Clicking that helps too.
I use uBO and a few other blockers. I almost never see an ad.
A few days ago I saw an ad, and I was surprised. It was for Cadillac cars. I hovered over the ad, and it seemed to go directly to cadillac.com. And I was sort of OK with that.
The page, and the ad, seemed to be designed like any other legitimate link to another page or site. I don't know how the image made its way on to the page and in to my browser, but it appeared much less intrusive than a totally ad network-served ad.
Certainly the 1st party site could collect data about my visit and send it somewhere, but at least they appear to be more in the loop than just opening their site to all comers.
And if I clicked through to cadillac.com, they could do the same.
Anyway, that's more along the lines of what I've been wishing for as a consumer in web ads.
But it wasn't me who started an arms race decades ago with pop-over/under chains and escalated with tracking scripts, auto-playing videos, and bidding platforms serving malware.
Are advertisers really surprised people opt out of such toxic behavior?
I think some <i>are</i> surprised. I think others take a more adversarial view of it.
(Disclaimer: I am the author of nogo)
2. Prevent sites from manipulating the list via CSRF.
3. Packages/Installers with installation as a service/daemon would be a plus.
What gives? Did they do something to make people mad? I'm really confused.
I add this to my modem/wifi ap. and then just let every device use it to resolve. if the device allows to set a hostfile, I also add a local copy for when iam not in my network.
Also, I think OpenDNS blocks ads too. Haven't tried it in a few years though.
* Home Internet Security | OpenDNS || https://www.opendns.com/home-internet-security/
As an experiment a while back I wrote a simple dns server that blocked ad-related domains. https://github.com/geuis/lead-dns. While it technically worked, it made using the web almost non functional. Nearly every site was broken in some way. So blocking purely by domain isn't going to work. I wonder how pi-hole is dealing with it.
Everyone's mileage varies, but I have only had to whitelist 5 or 6 sites using the default blocklists.
If you like a more technical solution I prefer something like running a Unbound + NSD server
Here's some great tutorials on that:
(Kudos to the people who write Calomel, i really liked these tutorials, it was a great way for me to get started and look into these services deeper once understanding what was going on here)
Pairing that with squid proxy can be the ultimate win:
and don't forget dnscrypt people!
I'm really big into having ones own DNS server on the network instead of completely using outside solutions. There is little overhead with a sufficiently modern implementation.
Also, these solutions run on FreeBSD/OpenBSD for those who prefer.
As a complete aside. Aren't most routers, esp. business class routers, running modified Unix/Linux anyway? Why on earth hasn't a reputable company made a guns ready router that lets you have access to the Linux/Unix underpinnings without flashing (albeit awesome) Open Source alternatives? I would think in the 'business/enterprise' class hardware side this would be more prevalent.
Maybe I just don't know of any solutions like that available stateside. I found one in Europe:
Can't get it stateside though :(
I instead custom built most of my networking hardware...but still.
Maybe you can get some alternatives based on those cards.
Thanks for the link!
I'm trying to find other services that are worth running in a similar fashion. Any ideas?
I have never used Tor though, and I can't say I know the consequences of running a relay. So I'd probably skip that.
If you haven't checked out DietPi yet, you should. It includes optimized installations for a few hundred things (including PiHole), from Mumble servers, to MAME emulators.
HomeAssistant looks interesting too.