ckunte.net

Pest control

The germination of systems for tracking users on the internet continues unabated. In an article titled, “I’m being followed”, The Atlantic offers a flavor of the invisible activity that’s happening underneath every site as one visits. Employing a combination of cookies, asynchronously loading client-side scripts, and unsuspecting domains, every move, every click, every attention, and every user interest is tracked without shame or guilt. It is the price of the free. It’s one thing though to let companies a certain amount of information when one does use their services, and entirely another when companies track those that are not even its users.

So, it’s time for some pest control. And the only way I know how is by adding domain names to a block list in /etc/hosts. When mapped to 0.0.0.0 or ::1 — as shown in a typical example below, the computer thinks these are local sites, and therefore ignores loading from their real servers.

# Example of an IPv4 block
0.0.0.0 somesite.ext
#
# Example of an IPv6 block
::1 somesite.ext

For example, here’s how I block facebook on my computer:

# IPv4
0.0.0.0 facebook.com
0.0.0.0 www.facebook.com
0.0.0.0 facebook.net
0.0.0.0 www.facebook.net
0.0.0.0 fbcdn.com
0.0.0.0 www.fbcdn.com
0.0.0.0 fbcdn.net
0.0.0.0 www.fbcdn.net
0.0.0.0 login.facebook.com
0.0.0.0 www.login.facebook.com
0.0.0.0 static.ak.connect.facebook.com
0.0.0.0 static.ak.fbcdn.net
0.0.0.0 connect.facebook.net
0.0.0.0 www.connect.facebook.net
0.0.0.0 apps.facebook.com
0.0.0.0 www.youtube.com
0.0.0.0 m.youtube.com
# IPv6
::1 facebook.com
::1 www.facebook.com
::1 facebook.net
::1 www.facebook.net
::1 fbcdn.com
::1 www.fbcdn.com
::1 fbcdn.net
::1 www.fbcdn.net
::1 login.facebook.com
::1 www.login.facebook.com
::1 static.ak.connect.facebook.com
::1 static.ak.fbcdn.net
::1 connect.facebook.net
::1 www.connect.facebook.net
::1 apps.facebook.com
::1 www.youtube.com
::1 m.youtube.com

All this is easier said than done, of course, because the hosts file’s structure is too simple (in that it does not accept wild cards, which I find very frustrating!) and domain vectors far too many to keep a count of, which makes this a long list of domains to block. But thanks to Dan Pollock for this comprehensive file, I can now keep trackers, trojans, ads, stats, and a fair bit of internet’s underbelly from loading up on my computer.

Do take note that this above method of blocking is unfortunately not possible on iOS devices; the only thing one can do instead is to turn javascript off, in addition to stop accepting any cookies (and only selectively choose to enable for a given session), both of which would break some sites.

The best way though is I periodically run this script to keep my /etc/hosts files up to speed like this:

#!/usr/bin/env bash
curl -s https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn-social/hosts | sed 's/^||//' > /etc/hosts
sed -i -e 's/127.0.0.1 localhost/127.0.0.1 localhost log.lo ckunte.lo home.lo test.lo/g' /etc/hosts
sed -i -e 's/127.0.0.1 localhost log.lo ckunte.lo home.lo test.lo.localdomain/127.0.0.1 localhost.localdomain/g' /etc/hosts

Pi-hole (Aug 2018)

I recently armed my LAN with pi-hole, and routed to pass everything through it. This thing now silently nukes all the unwanted — ads, trackers, malware, et al., saving bandwidth, resulting in a cleaner, seamless private browsing and reading experience across all devices, including within apps. Best part is that it’s got REGEX and wildcard support for blocking domains. We’re finally talking bows and arrows here, and it’s about time too!