# Browser Ad Blocking



## Phishfry (Aug 20, 2016)

I like to use a custom hosts file from my Windows days and have found it works exactly the same on FreeBSD.
I just have to manually add the block list.
http://winhelp2002.mvps.org/hosts.htm

I was really surprised at the ads Firefox was showing on FreeBSD until I applied my hosts blocking. Ebay was terrible.

What are your tricks?


----------



## tobik@ (Aug 20, 2016)

I use the hosts list from http://someonewhocares.org/hosts/zero/ on my server. It's running dnsmasq and all other machine get the block list through it too.

I also install uBlock Origin in both Firefox and Chromium, which also helps block annoying elements on web sites like Facebook like buttons etc. that can't be blocked by a simple hosts list. It also supports picking your own elements on web sites that you want to block.


----------



## wblock@ (Aug 21, 2016)

Firefox plus AdBlockPlus and NoScript.  I consider these basic security protections, not user convenience.  Of course, many sites require select enabling of Javascript, but otherwise it keeps all those scripts from running unless allowed.


----------



## abishai (Aug 21, 2016)

uBlock Origins + uMatrix
uMatrix is a plugin from uBlock developer and I find it much more simple to use than NoScript.


----------



## hukadan (Aug 21, 2016)

Besides AdBlockPlus and NoScript, I use Disconnect and self-destructing-cookies, and I am experimenting with anti-adblock-killer. I also have configured my Desktop as shown by obsigna in this post.


----------



## storvi_net (Aug 21, 2016)

Adblock Plus + Ghostery @ Desktop.
For the whole network pfsense + pfBlockerNG DNS-Block


----------



## drhowarddrfine (Aug 21, 2016)

meh. Firefox isn't responsible for ads. The web site is.

There's a study that shows, nowadays, we're all blind to ads on web sites which is why web sites have trouble making money.

Browsers have security measures built in that won't allow javascript to execute locally on your machine without permission so I have no issue with letting javascript run. I feel this is all wasted effort.


----------



## Murph (Aug 21, 2016)

drhowarddrfine said:


> Browsers have security measures built in that won't allow javascript to execute locally on your machine without permission so I have no issue with letting javascript run. I feel this is all wasted effort.



It's not just an issue with access to local resources.  Badly written JavaScript (which often seems like well north of 50% of all JS) consumes CPU and memory unreasonably.  Sadly no major browser has ever properly addressed limiting resource usage by JS inside its sandbox, that I'm aware of.

Flash (which is also blocked by things like NoScript), on the other hand, is a notorious security-colander as well as a notorious resource pig.


----------



## abishai (Aug 21, 2016)

storvi_net said:


> Ghostery


http://lifehacker.com/ad-blocking-extension-ghostery-actually-sells-data-to-a-514417864


----------



## wblock@ (Aug 21, 2016)

drhowarddrfine said:


> Browsers have security measures built in that won't allow javascript to execute locally on your machine without permission so I have no issue with letting javascript run.



Well... if you trust that.  Also, I consider all the advertising and tracking of unlimited Javascript to be a security and privacy issue.  Install NoScript, go to one of the major news sites, and check how many tracking and advertising scripts run.

Ghostery was not bad until they made the user interface unusable.


----------



## drhowarddrfine (Aug 21, 2016)

wblock@ said:


> Well... if you trust that.


It's part of the spec though if someone wasn't using a major browser I suppose it could be a concern.

The advertising and tracking stuff is just marketing which I've mentioned often before. To me, that is a problem with the visited site. Such sites are looking to make money, and you can't blame them, but they go overboard and, "major news sites" in particular no longer focus on "news" but getting visitors eyes and they'll bog down their own site (shoot themselves in the foot) in any effort to get those viewers.


----------



## Deleted member 48958 (Aug 21, 2016)

hukadan said:


> Besides AdBlockPlus and NoScript, I use Disconnect and self-destructing-cookies


Me too!  It's "must have" extensions. Also if you don't use security/tor, you can try this nice extension — friGate, you can configure it to use proxy on all sites.
Also I'm using User Agent Overrider and User-Agent JS Fixer to change my user agent string. Some times it is useful, because some web sites allow only Chrome for example, or iOS - Android, but with this extension you can use them.




I'm using User Agent Overrider Version 0.3.0, it's better than latest 0.4.1 IMO (you need to disable auto update of this extension after installation).


----------



## aht0 (Aug 31, 2016)

Phishfry said:


> I like to use a custom hosts file from my Windows days and have found it works exactly the same on FreeBSD.
> ...
> What are your tricks?


Squid and URL filter in the gateway. Simple adblock in a browser did not help with the sites where upon detecting adblocker they would redirect you instantly..


----------



## ronaldlees (Aug 31, 2016)

Phishfry said:


> I like to use a custom hosts file from my Windows days and have found it works exactly the same on FreeBSD.
> I just have to manually add the block list.
> http://winhelp2002.mvps.org/hosts.htm
> 
> ...



Where are you doing your blocking? I suppose you're using the plugin.  Part of my problem is that I often use text mode, simple browsers.

I'm just sticking the list into my pf.conf file for the firewall:

```
empire_1="{ \
   googleadservices.com, \
   doubleclick.net, \
   ssl.google-analytics.com, \
   googlesyndication.com, \
   www.gstatic.com, \ 
   fusion.google.com, \
   apis.google.com, \
   maps.google.com, \
   www.youtube.com }"
```
I then explicitly block each of the "empires".

Note I've not listed all the "empire_1" URLS (enormous). Actually, some of the URLS in that list may  not necessarily be google domains, nor necessarily affiliated with them. I don't know, and haven't sorted them with much scrutiny.  I do know I probably (by accident) have some of the safe browsing URLs blocked as well, because I didn't take the time to figure them out.  I know people will say that puts me at risk of being "phished"! I have a set of "empires" to block, including facebook, mozilla, etc. The firewall approach has its problems. A bad URL kills the firewall startup (see the following post).  Thanks for the extra domains to put into the config...


----------



## ronaldlees (Aug 31, 2016)

aht0 said:


> Squid and URL filter in the gateway. Simple adblock in a browser did not help with the sites where upon detecting adblocker they would redirect you instantly..



Very good point indeed!  My firewall approach fails as well as the simple adblock on that score.  The firewall resolves all the urls at boot, so is not very dynamic.  The firewall startup fails if something doesn't resolve at boot time (kind of crappy).   I always restart the firewall after a boot, and watch for botched URLs.  Is there a way to make it work better?  I like the minimalism of the firewall (no extra software to vet) - but it's obviously falling short on a couple fronts.

Every once in a while, an entity drops an entry from their DNS, and what was resolving no longer resolves.  Then I have to fix it.


----------

