Adblocking
Why?
- Reduce visual clutter by eliminating unnecessary distractions, creating a cleaner, more focused online environment
- Enhances Security: Prevents malicious ads and reduces exposure to malware, phishing, and other threats.
- Limits Data Sharing: Prevents companies from building detailed user profiles that are often sold to third parties, including government agencies.
- Fills Regulatory Gaps: Offers a proactive solution in the absence of sensible digital privacy laws.
Methods of adblocking
Here are some ways traffic can be filtered.
In your web browser
- Brave Browser - Chromium-based web browser with built in ad/tracker blocking, security controls, etc.
- Browser extensions:
- uBlock Origin: an ad and tracker blocker
- AdGuard
- AdBlock Plus
- Ghostery
- Manifest V3 compliant tracker blocking extensions:
At the network level (local DNS blocking)
This can efficiently filter all of the devices in your home network (phone, laptop, PC, etc.). Some people run adblockers on a Raspberry Pi or as a docker container on a server. These operate by becoming the DNS server to all of the devices on your network.
- Pi-hole often installed on a Raspberry Pi and connected to one's network.
- AdGuard Home is also a very good DNS blocker, similar to Pi-hole
- pfBlockerNG a plugin for pfSense firewall software
At the DNS level (upstream DNS servers)
In most home settings, one's WiFi router defines your DNS server. This server provides IP addresses (e.g. what is the IP for google.com?). Set your upstream DNS server to one that filters out ad providers, trackers, known scammers/hackers, etc.). Once you, it then provides this filtering for all devices in your network.
- NextDNS Allows one to configure custom DNS filtering. Has lots of options for security, ad & tracker blocking, parental controls. Free for up to 300,000 requests/month. If you go over that, it acts as a normal DNS.
- If you set up and configure an account, then set it as your upstream DNS server (usually in your home Wi-Fi router's settings), this will filter all traffic for everything on your network like a Pi-hole does. The only difference is instead of being in your house it acts as an "upstream" (non-local) DNS.
- NextDNS Setup Guide
- AdGuard DNS - does what AdGuard Home does (adblocking, privacy, parental controls) but as an upstream DNS server like NextDNS
- See Secure DNS Resolvers for other DNS resolvers that do not provide the same level of customization but might be better than your ISP's default
Whitelist
The whitelist is a list of things not to block. You can find existing lists to try to prevent false positives (blocking things that you don't want to be) and add to it over time.
Pre-made whitelists:
- Anudeep ND Whitelist (domains) (homepage)
- Commonly whitelisted domains - Pi-hole Forum
Smartphone Ad blocking
- iOS methods:
- NextDNS can be used as a custom DNS server to profile always-on web filtering:
- Set up an account and configure it (NextDNS Setup Guide)
- use their Apple Config Profile Generator to export a profile
- Text message or email the profile to yourself.
- Open it on your smartphone and confirm that you are adding this profile to your System Settings
- NextDNS app: They also offer an iOS app but it doesn't necessarily stay on.
- AdGuard for iOS
- NextDNS can be used as a custom DNS server to profile always-on web filtering:
- Android methods:
- NextDNS:
- Set up an account,
- set DNS on your phone:
Settings→Network & Internet→Private DNS→Set provider(e.g.,45.90.##.##)
- AdGuard for Android
- Blokada
- NextDNS:
Tracking
Some also prefer to filter out software trackers and telemetry, used to collect various data about one's use of devices. Much of this may be recording innocuous information about how software is used.
Some examples of not-so-innocuous tracking would be a mobile app sharing one's location data or a VR headset sharing what one's house looks like.
- See Windows Privacy for some tools that disable a great deal of the tracking built into Windows.
Types of blocklists
Hosts lists (Pi-hole, AdGuard Home, and PfBlockerNG compatible)
Below are some lists I've used. I've experimented with Pi-hole, pfBlockerNG (for pfSense), AdGuard Home, as well as browser-based filtering like Brave Browser or AdGuard extension. So I've included lists of different formats.
"Hosts lists" just list domains. Use these for DNS blockers like Pi-hole, AdGuard Home, or pfBlockerNG. They may like like either of the examples below:
0.0.0.0 www.pixel.ad
or:
Both of these ways are used in hosts lists. They both should be able to be interpreted by DNS blockers.
Filter lists (browser-based)
Browser-based adblockers are able to filter content within webpages as they are being loaded. So these are lists of patterns in websites themselves. This allows things like blocking annoying cookie messages or popups telling you that you are using and adblocker. For this reason, I use a browser-based blocker as well as a DNS blocker. Brave Browser's built-in adblocker, AdGuard browser extension, and AdBlock Plus are ones I've used.
These are typical of these kind of filtering rule lists. These are not compatible with Pi-hole, pfBlockerNG, or AdGuard Home (DNS blockers):
.adnetwork.$domain=~adnetwork.ie|~adnetwork.sk
/ad_display.
/banners/ads/*
IP Block Lists (pfBlockerNG for pfSense)
These are lists of IP addresses. The firewall (pfSense) will refuse outbound or inbound connections to any IP addresses in the list. One can use cybersecurity feeds as a preventative measure against trojans, botnet malware, and other garbage.
Regex Filters
It takes longer for systems to process regex filters than to search through a tree structure database of millions of domains. See this post for some explanation of why. Still, this is comparing sub-millisecond timing to a handful of milliseconds. But for this reason, I still only try to use regex filters that are relevant to me. I have a collection of many regex filters I've found around the internet, but my "pared down" file is of ones that match domains in my own logs.
Regex lists: mmoti, Smart TV regex