Linux Format

Beyond blocking adverts

Set up advanced blocking, plus keep control of your children’s access.

-

For many people, the basics we’ve given on the previous pages are more than enough. Just install the software and let it do its thing. You can sit back and relax, knowing that you’re ad-free on all the devices in your household.

But as we demonstrat­ed with our kitchen tablet and its periodic connection to Bing(?), it’s not always obvious that you’re being monitored through your devices. Tracking networks don’t always serve ads. Sometimes they just gather data. Ideally, you should leave Pi-hole active for a few weeks, and check the Query Log on a regular basis to see what’s being sent from each device.

There’s an element of experiment­ation here, and you need to be on the ball and ready to revert changes if they mess up your tech. Our Roku TV streaming media stick, for instance, shows ads for upcoming movies and shows. They occupy significan­t screen real estate and also show up in the screensave­rs. Pi-hole reveals that Roku uses multiple subdomains.

Blacklisti­ng one might kill streaming functional­ity altogether, while blacklisti­ng another restricts you to a single DVD-style screensave­r. It takes time to work out what’s what. A couple of Roku domains that are safe to block and decrease your ad exposure are scribe.logs. roku.com and cooper.logs.roku.com.

Who blocks the blockers?

The default list installed with Pi-hole is very good and quite comprehens­ive, but you may find it doesn’t suit your purpose. Maybe it throws up too many false positives or it doesn’t block some of the trackers you think it should. Fortunatel­y, StevenBlac­k’s list isn’t the only blocklist out there.

Visit https://firebog.net for a list of lists . The page is divided into sections, making it easy to target exactly the type of content you don’t want on your network.

For us, tracking is a more important problem than adverts, and we can scroll down to the Tracking & Telemetry Lists section to find a suitable candidate. You’ll also find lists for malware, advertisin­g and porn, and a lists of lists suspicious­ly titled Suspicious Lists.

While it may be tempting to add all the lists to Pi-hole, the risk of false positives affecting your browsing experience will shoot up, and you’ll find it very hard to have a good time online. Instead, add more lists

as and when you feel you need them. The lists in green are the ones least likely to interfere with browsing, while still keeping ads and malware at bay.

Once you’ve decided on a list to add, right-click and copy the blocklist URL, and head back to the Pi-hole admin interface. Click on Group Management > Adlists, and paste the URL into the address box. It’s handy to add a comment as well, because in the far future you’ll have forgotten the reason why you chose this list to start with. Click Add to add the list.

Because Linux is all about puns, and because Pi-hole is based on the concept of a black hole for ads, you need to now click Tools > Update Gravity > Update. This lets Pi-hole know of yet more domain names to suck in. The wordplay continues as the output describes Neutrino emissions detected and Pulling blocklist sourcelist into range before informing you that, FTL is listening on Port 53. FTL stands for Pi-hole’s Faster Than Light engine, which manages DNS.

Regex gives you flexibilit­y

The problem with blocking ads on a domain and subdomain basis is that advertiser­s, tracking companies and malware merchants can easily spin up a new subdomain in minutes. They do this regularly, and you should always keep Pi-hole and your blocklists updated to prevent it. But the blocklists aren’t updated instantly with fresh threats, and it may be months before the maintainer­s twig on to a new ad source.

Fortunatel­y, you can write your own rules using regular expression­s (regex) – sequences of characters you can use for pattern matching within strings.

Most devices send informatio­n back to their manufactur­ers, developers or licence holders, for instance. Microsoft is terrible for this, and even Linux stalwarts aren’t immune. Canonical does it, and so does Mozilla. They don’t tend to hide the fact, though, and there’s usually a setting to turn off telemetry in your favourite apps. But it’s easier and quicker to create a custom blocklist containing regular expression­s, rather than complete domain names, that you want to block.

Taking telemetry as an example, we could create a new blocklist text file with Nano:

$ nano myblocklis­t.txt

Adding the word ‘telemetry’ on its own on a new line blocks all domains that contain the word ‘telemetry’.

It’s not ideal, though, and blocks domains where ‘telemetry’ is part of the URL. This would include the

Wikipedia page for telemetry, or a DDG search for the word ‘telemetry’.

Using the anchor character – ^telemetry – blocks domains starting with the word ‘telemetry’, which is an improvemen­t, but doesn’t block domains such as incoming.telemetry.mozilla.org.

Regex can get very complicate­d very quickly, and the extensive Pi-hole documentat­ion has some brief notes on it. For a more complete understand­ing, we suggest looking into the Mozilla developer regex cheatsheet.

After some time-consuming thought experiment­s, we determined that \b(?:\w+\.)*telemetry\.\w+\b will match instances where ‘telemetry’ is a subdomain, such as sub.telemetry.example.com or telemetry. subdomain.org. You can do this for patterns such as ‘logs’, ‘tracking’ or any other term that crops up regularly as a subdomain.

More than adverts

The world is full of scammers who want to take your money and buy themselves a new house on some Caribbean beach. One of the most common ways of doing this is to trick you into entering your bank details into a fake web portal. These can be hard to spot, as is evidenced on a regular basis by news stories of how vulnerable people lost their entire life savings while trying to buy new shoes on Facebook Marketplac­e.

The domain names look close enough to your bank’s domain to fool elderly relatives, thanks to character substituti­ons, particular­ly when punycode is employed.

Punycode attacks use domains that employ foreign characters that are rendered into something visually similar to English. You might think that clicking on a link for natwest.com will take you to the website of a popular UK bank. It won’t, because the second character is actually a Cyrillic ‘a’. In reality, the domain name is xn--ntwest-3nf.com, but it renders to look like natwest.com in your browser.

It’s a good idea to create a blacklist to specifical­ly thwart this kind of attack by excluding non-Latin characters that could be used to fool family members. Just add each character to a new line – you don’t need to include obviously foreign characters like ‘ ’ or ‘ ’, just ones that look like they could fool your nan.

Scammers also tend to rely on free domains, and it was recently estimated that around 50% of scam sites are hosted on .tk TLDs – a domain belonging to the tiny Pacific island nation Tokelau. We recommend blocking any TK domains, along with ML, GA, CF and GQ.

?? ?? If you want a real-time view of Pi-hole’s inner workings without revisiting your terminal, you can check logs through the admin interface.
If you want a real-time view of Pi-hole’s inner workings without revisiting your terminal, you can check logs through the admin interface.
?? ??
?? ?? Adding users to Pi-hole groups enables you to control their online activities as well as setting and enforcing bedtimes.
Adding users to Pi-hole groups enables you to control their online activities as well as setting and enforcing bedtimes.
?? ?? Adding blocklists to Pi-hole is simple – just take care not to add too many or stability may suffer.
Adding blocklists to Pi-hole is simple – just take care not to add too many or stability may suffer.
?? ??

Newspapers in English

Newspapers from Australia