I just installed a DNS based firewall (I think) for the first time in my life. Help me understand which addresses to block.
For context: I'm a tech noob when it comes to cyber-security stuff in particular, and anything network related in general. My devices are a MacBook Pro and an iPhone. Before anyone cringes at...
For context:
I'm a tech noob when it comes to cyber-security stuff in particular, and anything network related in general. My devices are a MacBook Pro and an iPhone. Before anyone cringes at this, I buy all my Apple stuff second hand to dodge the brand premium. There, I hope that gives me some credibility in the eyes of all the techies around here. :DFor years I was more or less relying on Apple to do a decent job automatically when it comes to security, and granted, I haven't had any serious issues (that I know of). Some time ago it was brought to my attention that I'm most likely getting tracked even if I tick all the opt-out boxes on my device and browser settings. I hastily installed an open source app on my phone that prevents trackers and ad servers form connecting to it based on a list of addresses that the app provides. There was a long log of blocked domains already the next day. I made a mental note that I should probably look for something to do the same for my laptop, and then forgot about it, until last night.
When I went to check that log again on my phone, I found out that the app hadn't been functional in a while. A quick online search revealed that they aren't as open source as they claim to be, nor very reliable, so I embarked on a quest to find something else to do the job - this time for both devices.
I have managed to install and configure something called NextDNS on both of my devices and most browsers, even though the documentation seems to be made with more tech-savvy people in mind. So far so good. I turned on all the available blocklists, but a lot of strange looking (to me) traffic is still getting through. I'm assuming some of it is benign, but how do I evaluate which addresses I should block or not? I'll list some examples below.
init.ess.apple.com
init-p01md.apple.com
bag.itunes.apple.com
gsp-ssl.ls.apple.com
gspe35-ssl.ls.apple.com
pki-goog.l.google.com
For these, the service offers the following information: 'Provides advertising or advertising-related services such as data collection, behavioral analysis or retargeting.' Sounds like something I wouldn't want to enable. When it comes to the iTunes one, I don't use iTunes and don't even have it installed (don't ask how I managed to get rid of it - it took several days worth of trial and error..). One of these, pki-goog.l.google.com is listed as 'dangerously prevalent (tracks 21.23% of web traffic)'.
Then again, the same general description is sometimes given to addresses that seem legit, such as:
time.apple.com
weather-data.apple.com
Some are indecipherable to me and don't come with any sort of description:
fp2e7a.wpc.phicdn.net
init.ess.g.aaplimg.com
get-bx.g.aaplimg.com
ocsp2.g.aaplimg.com
ocsp.pki.goog
Some descriptions are kind of vague:
a2047.dscapi9.akamai.net
apis.apple.map.fastly.net
'Content delivery network that delivers resources for different site utilities and usually for many different customers.'
Some seem to be doing tasks that are definitely wanted:
ocsp.digicert.com
'Digicert Trust Seal - Includes tag managers, privacy notices, and technologies that are critical to the functionality of a website.'
Then there's an Amazon Web Service, go-updater-1830831421.us-west-2.elb.amazonaws.com, listed as very prevalent (tracks 5.5% of web traffic) that has been contacting my phone even though I haven't done any shopping or product related searches. What is this and should I block it?
And so on and so on. Is there any logic to these that I can follow? I tried google searching some to no avail.