26 votes

An introduction to privacy and security - Part III

Please, if you haven’t already, see Part I and Part II.

Besides using anti-virus software, I wondered if there were other ways in which I could reduce the amount of threats to my online privacy and security. One method that I came across was to block adware and malware before it had the chance to reach my browser and computer.

For the technically inclined person there is Pi-Hole which is a network-wide adware/malware blocker. The name comes from the use of a Raspberry Pi to act as a black hole for adware/malware. Currently, supported operating systems include Raspbian, Ubuntu, Debian, Fedora, and CentOS.

A much easier method, which essentially does the same thing, is to modify your computer’s hosts file. For a safe and easy way to do this, I recommend that you use free GUI software to implement this. Windows users can download Hosts File Editor+ and Mac users can download Gas Mask.

Next, you will want a DNS blacklist that comes from trusted sources. The ones that I recommend are from Steven Black here: https://github.com/StevenBlack/hosts

Scroll down the page a little until you come to a table of all the different combinations of blacklists.

From there you would choose which list to use, as your new hosts file depending on your personal preferences by clicking on the corresponding Non Github mirror.

Using your hosts file editing software, you would then create a new hosts file by copying and pasting your preferred list. You may want to check for an updated list every once in a while. Most of these lists have their associated creation dates near the top for convenience.

22 comments

  1. [4]
    bun Link
    Small clarification, the software that is named "Pi-Hole" runs on several Linux distros, and does not exclusively need to run on an Raspberry Pi either (though that is most likely the easiest...

    For the technically inclined person there is Pi-Hole which is a network-wide adware/malware blocker. The name comes from the use of a Raspberry Pi to act as a black hole for adware/malware. Currently, supported operating systems include Raspbian, Ubuntu, Debian, Fedora, and CentOS.

    Small clarification, the software that is named "Pi-Hole" runs on several Linux distros, and does not exclusively need to run on an Raspberry Pi either (though that is most likely the easiest implementation). Any modern OS should be able to take advantage of Pi-Hole, you just need to change your network settings.

    A much easier method, which essentially does the same thing, is to modify your computer’s hosts file. For a safe and easy way to do this, I recommend that you use free GUI software to implement this. Windows users can download Hosts File Editor+ and Mac users can download Gas Mask.

    I would dispute it's an easier method, as this method requires you to install things on each individual unit. It also will be a headache/impossible on devices that won't let you easily edit your hosts configuration, for instance your android, iOS, PS4, Switch, etc.

    Furthermore, at least windows has some host names that are hard coded into the OS and will not be honored by the hosts configuration. This would not be an issue with the Pi-Hole. Though if you truly care about privacy and security, you would not really be using windows anyways.

    6 votes
    1. [4]
      Comment deleted by author
      Link Parent
      1. [3]
        bun Link Parent
        We're talking within reason here. Assuming you still want to use a computer, you do have options.

        We're talking within reason here. Assuming you still want to use a computer, you do have options.

        5 votes
        1. [3]
          Comment deleted by author
          Link Parent
          1. bun Link Parent
            Microsoft is known to have added backdoors to their software, like Windows and Skype, to foreign intelligence agencies like the NSA. Not the least, Windows itself collects a lot of telemetry which...

            Microsoft is known to have added backdoors to their software, like Windows and Skype, to foreign intelligence agencies like the NSA. Not the least, Windows itself collects a lot of telemetry which it sends home.

            But ignoring that the software is known to be neither secure nor respectful of your privacy, there is a bigger and more fundamental issue with Windows. There is no good way to check what the software actually does. We can reverse engineer and monitor behavior of course, but in the end we are still operating with a black box of software.

            9 votes
          2. Grand0rbiter (edited ) Link Parent
            The only way to have privacy with Windows is to never connect to the internet.

            The only way to have privacy with Windows is to never connect to the internet.

  2. [3]
    synergy-unsterile Link
    There are several options for hosts blocking on Android devices too, but they all have varying tradeoffs. AdAway (App requires root, which is a huge security risk) DNS66 (App uses the VPN service,...

    There are several options for hosts blocking on Android devices too, but they all have varying tradeoffs.

    • AdAway (App requires root, which is a huge security risk)
    • DNS66 (App uses the VPN service, so you cannot use another VPN proxy with DNS66 active, which means you have less privacy on an open/guest wifi network)
    • Building Android yourself with a specified hosts file (build template). This is extremely advanced and requires building new updates to refresh the hosts file.
    4 votes
    1. [2]
      suspended Link Parent
      What about Blokada?

      What about Blokada?

      2 votes
      1. synergy-unsterile Link Parent
        Both use the same method to block ads, so I'm not sure if there's really any difference. The reason why I recommended DNS66 is that Blokada used to be closed source.

        Both use the same method to block ads, so I'm not sure if there's really any difference. The reason why I recommended DNS66 is that Blokada used to be closed source.

        3 votes
  3. [6]
    babu Link
    What about browser-specific tools, such as uMatrix/uBlock Origin/NoScript? Will you get there later in your series?

    What about browser-specific tools, such as uMatrix/uBlock Origin/NoScript? Will you get there later in your series?

    4 votes
    1. [5]
      suspended Link Parent
      I'll be going over this next week in part IV.

      I'll be going over this next week in part IV.

      2 votes
      1. [2]
        babu Link Parent
        Great! It’s a good idea to write about these issues in this manner, in small parts each related to one certain aspect. I particularly liked the link to the Goodbye Big Five article. Good read! I...

        Great! It’s a good idea to write about these issues in this manner, in small parts each related to one certain aspect. I particularly liked the link to the Goodbye Big Five article. Good read! I guess a thank you is in order. :)

        4 votes
        1. suspended Link Parent
          Since it is introductory material I thought it best to break it all up into digestible bits for the uninitiated. You're welcome and I'm glad that you are enjoying it. 😁

          Since it is introductory material I thought it best to break it all up into digestible bits for the uninitiated. You're welcome and I'm glad that you are enjoying it. 😁

          4 votes
      2. [2]
        firstname Link Parent
        If it`s not to much to ask, would you consider covering Decentraleyes in the next post?

        If it`s not to much to ask, would you consider covering Decentraleyes in the next post?

        1 vote
        1. suspended Link Parent
          I had already planned on it.

          I had already planned on it.

          2 votes
  4. [2]
    deing Link
    I've allowed myself to add this series to the UTW page for A Layperson's Introduction to… — It should be on the live page once this comment is a minute or so old. If you have any further questions...

    I've allowed myself to add this series to the UTW page for A Layperson's Introduction to… — It should be on the live page once this comment is a minute or so old. If you have any further questions about this, feel free to ask.
    Apart from that, thank you for adding this great content to Tildes!

    3 votes
    1. suspended Link Parent
      Well, that should help some people out. Thanks. I plan on, at least, having a part IV next week. I'm not sure if I'll have a part V.

      Well, that should help some people out. Thanks. I plan on, at least, having a part IV next week. I'm not sure if I'll have a part V.

      1 vote
  5. [3]
    Pilgrim Link
    I enjoy these posts. Thanks for making them. Unless I'm misunderstanding something, you really shouldn't need a special utility to edit Windows hosts file. It's just a text file and if you're the...

    I enjoy these posts. Thanks for making them.

    Unless I'm misunderstanding something, you really shouldn't need a special utility to edit Windows hosts file. It's just a text file and if you're the type of person to put together a Pi-Hole you probably have the chops to edit that file :)

    2 votes
    1. [2]
      suspended Link Parent
      Sure. It just feels safer for some to use specific software to do this. For example, Gas Mask automatically backs up the original hosts file. Obviously. I wanted to present the two options that I...

      Unless I'm misunderstanding something, you really shouldn't need a special utility to edit Windows hosts file.

      Sure. It just feels safer for some to use specific software to do this. For example, Gas Mask automatically backs up the original hosts file.

      if you're the type of person to put together a Pi-Hole you probably have the chops to edit that file

      Obviously. I wanted to present the two options that I felt were the best while pointing out that Pi-Hole is highly technical and network-wide.

      1 vote
      1. Pilgrim Link Parent
        I'm not familiar with Apple's OS but in Windows the file is blank except for comments, by default so extremely unlikely to need a backup. But of course, no harm in using a tool if that's one's...

        Gas Mask automatically backs up the original hosts file.

        I'm not familiar with Apple's OS but in Windows the file is blank except for comments, by default so extremely unlikely to need a backup. But of course, no harm in using a tool if that's one's preference.

        2 votes
  6. [3]
    Gaywallet Link
    I'm always looking for more hosts files. Thanks for the link to the github. Do you know what the "social" category means for the hosts files?

    I'm always looking for more hosts files. Thanks for the link to the github. Do you know what the "social" category means for the hosts files?

    2 votes
    1. [2]
      suspended Link Parent
      I tried it once and I could not reach most major social networks.

      Do you know what the "social" category means for the hosts files?

      I tried it once and I could not reach most major social networks.

      3 votes
      1. Gaywallet Link Parent
        Ah okay I figured it was social websites. Thanks.

        Ah okay I figured it was social websites. Thanks.

        1 vote
  7. 666 Link
    For the less technically inclined or those who don't have a Raspberry Pi or spare Linux installation I'd recommend AdGuard Home (pre-compiled binaries), you can install it as a service and run it...

    For the less technically inclined or those who don't have a Raspberry Pi or spare Linux installation I'd recommend AdGuard Home (pre-compiled binaries), you can install it as a service and run it on the same computer you want to block ads. It can also optionally connect to upstream servers using DNS over HTTPS or TLS for improved security and privacy.

    2 votes