13 January, 2014

hosts file

i.e. "How to block selected sites"
i.e. "DIY adblock"

I was wondering how to block certain sites, mainly because of pop-up ads. Is there a Firefox add-on that enables me to keep a blacklist, sort of like NoScript? It turns out, you can do this in Windows without any add-ons, and it will affect all your browsers, maybe all your programs.

How it works is the Internet really works by numbers. You can think of sites by their name, like www.google.com, but when your computer tries to visit that site, what it really needs is the site's IP address. So it first looks in a DNS server for that site's IP address. Sort of like a phone book and phone numbers. It turns out, all the major computer OSes have a local list of sites and IP addresses that it checks first. So, if you want to block any sites, just add them to the list, and give an invalid IP (usually 127.0.0.1, which means your local computer).

On Windows, the file is in \etc\ (search for the exact location for different versions of Windows). Understandably, this file is an important security issue, as it can be used to redirect sites (e.g. you think you're visiting your bank, your browser displays your bank's web address, but it's really visiting another server disguised to look like your bank. When you try to log in, the other site learns your username and password.)

One problem with Windows is the hosts file doesn't support wildcards or root domains. So redirecting doubleclick.net doesn't redirect ad.doubleclick.net, and you need to list each possible subdomain. It's hard to think of all the sites to block, so it might be easier to just get a suggested list. There's one at http://winhelp2002.mvps.org/hosts.htm. As I said, this file is a security risk, so check any file you use. I find some ads useful, so rather than copying the whole list, I only block sites I don't want. When I see an ad I don't want, I take a note of its domain and get the relevant subdomains from the list.

Update 4 Sep 15
I decided to share the sites I'm blocking. As I said, I'm ok with ads, so these are the worst of the worst. Also serves as backup for my list. Also testing embedding Google Docs.

There's also a more powerful way to do this - the hosts file only works for that computer. The thing is, you can setup a custom DNS server, and wherever you use that DNS server (e.g. set it in your router, then everything using your Wi-Fi will follow, like computers, phones, tablets, TVs, game consoles), it will take effect. I think there are custom DNS services that let you set a domain blacklist. I just have to find one.

No comments:

Post a Comment