Skip to content

Instantly share code, notes, and snippets.

@justintout

justintout/my-adblocking.md

Created February 10, 2022 22:55
Show Gist options
  • Save justintout/1c5092ab759344c122c3e5fefa93d12f to your computer and use it in GitHub Desktop.
Save justintout/1c5092ab759344c122c3e5fefa93d12f to your computer and use it in GitHub Desktop.
Download ZIP
Very hand-wavy summart of how I block ads on most of my devices
Raw
my-adblocking.md

My Ad Blocking

This is a very hand-wavy summary of how I block ads on most of my devices.

To start, my favorite form of adblocking is literally blocking Twitter accounts that post sponsored tweets. This doesn't really do anything, it's just cathartic.

There is a legitimate ethical debate to have about blocking ads on the internet. I do not care. I find advertising hostile. I do not want to see advertising.

At the time of writing, my Pi-Hole reports that 40% of DNS queries in the last 24 hours were blocked. Nearly half of connection attempts on my network were deemed hostile. If you've gotten used to browsing with adblockers enabled, please try disabling all blocking and browse some common websites to see just how bad it is. The web without adblockers is an absolutely awful place.

I block nearly all ads on my computer/mobile with the stack outlined below. Telemetry for my Roku/Samsung devices, Windows computers, and smart devices is also (mostly) blocked.

Browser blocking

I use Firefox on my desktop and Chrome on my phone.

Some people reccomend Brave browser because it has adblocking built in. I do not reccomend Brave.

UBlock Origin

Required hardware:

  • none

UBlock Origin blocks ads in your browser. It is almost guaranted your desktop/laptop browser supports UBlock Origin. You can block ads on your mobile if you use FireFox Mobile as a browser. It is important to use this specific extension, from the https://ublockorigin.com/ domain. You can read everything you'd want to know about UBO from the extension's GitHub Wiki.

I use UBO to block ads in my browser and to block general annoyances on pages. I have lightly customized the default installation through the settings page. You can get to the UBO settings page by clicking the extension modal's gear icon. Open the modal by clicking on the UBO icon in your browser. You can add a ton of filters here.

First, I add the Anti-Adblock Killer filter list. This works to block annoying "hey, disable your adblock!" messages you see on some websites. Installation instructions are on the homepage.

Next, I add three CSS filters for YouTube. I don't like any of their "Featured" or "Suggested" banners clogging up my main page, so I filter those out. I add the following lines to the editor in the "My filters" tab.

www.youtube.com###content > .ytd-rich-section-renderer.style-scope
www.youtube.com###details-container
www.youtube.com###dismissible > .ytd-statement-banner-renderer.style-scope

You can easily create your own filters without learning CSS by usnig the element picker.

SponsorBlock

Required hardware:

  • none

SponsorBlock is a crowdsourced extension to skip sponsored segments in YouTube videos. Users report time ranges in videos when title screens, interaction reminders, sponsor segments, etc appear. Your browser will automatically skip past these segments. Install and learn more about the extension at its website.

Mobile blocking

YouTube Vanced

I use YouTube Vanced on my phone instead of the default YouTube app. I don't see ads. I think it's a built-in feature, but I honestly have no idea.

Pi-Hole

Required hardware:

  • Raspberry Pi 4 (preferred, but Pi 3/3b is plenty)

Pi-Hole is a DNS ad blocker meant to be installed on a Raspberry Pi, though it supports many different Linux distributions (including a Docker image!). The website has beginner-friendly installation instructions.

DNS is a complex topic and I can not begin to explain it in this post. Essentially, DNS is the mechanism for devices to know "where" on the internet other devices are. Cloudflare can explain DNS better than I ever could.

Pi-Hole uses dnsmasq under-the-hood to provdie a cache-and-forward DNS server. Pi-Hole will accept device's DNS requests and check against a block/allow list. If a request is received for a blocked hostname, the Pi-Hole resolves to a local, "null" IP instead of the real address. Essentially, it redirects devices to a "black hole," hence the name.

This "black hole" effect is important - it means that nothing loaded from that hostname.

Once you set up the Pi-Hole, you must direct your router to use the DNS server hosted on the Pi. Each router is different, and some don't have accessible settings. If that is the case, you can set the DNS server for individual devices. I realize I'm glossing over this part, I'm sorry.

I use DNS.WATCH (DNSSEC) and Cloudflare (DNSSEC) as my upstream IPv4 DNS servers. I use 2001:1608:10:25::1c04:b12f#53 and 2001:1608:10:25::9249:d69b#53 as upstream DNS IPv6 servers. There are the DNS.WATCH IPv6 addresses.

I have "Listen on all interfaces, permit all origins" enabled in Pi-Hole settings. This setting is required for Tailscale. Read the safety disclaimer below this setting, it is very important that your Raspberri Pi is not exposed to the internet. As a tangent, absolutely no devices on your home network should be exposted to the internet. Use Tailscale.

I use the following adlists for my Pi-Hole:

  • StevenBlack/hosts: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
  • Cameleon: http://sysctl.org/cameleon/hosts
  • [disconnect.me]'s lists
    • Ads: https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
    • Tracking: https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
  • perflyst's Smart TV list: https://perflyst.github.io/PiHoleBlocklist/SmartTV.txt
  • DeveloperDan's Ads and Tracking list: https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt
  • The Quantum Alpha Ad-List, an AI-based blocklist: https://gitlab.com/The_Quantum_Alpha/the-quantum-ad-list/-/raw/master/For%20hosts%20file/The_Quantum_Ad-List.txt

I manage some specific domains as well:

  • Regex blacklist abs.twimg.com/fonts/chirp.*: This blocks the new Twitter font, because it's disgusting.
  • Exact whitelist chtbl.com: I don't want to, but a lot of podcasts stream direct from Chartable. I'll give up a little privacy to listen to Ira Glass.

Sometimes you have to restart DNS on the Pi. If you have SSH access to our Pi, just

ssh -t <pi> pihole restartdns

to kick it. Otherwise, just unplug and replug the Pi. It's annoying but it's a lot less annoying than the ads.

DNS-over-VPN with Tailscale

Required hardware:

  • Pi-Hole'd Raspberry Pi (see above)

Tailscale is an amazing little piece of software to provide a zero config overlay network to any device. I run Tailscale on every single internet-connected device I possibly can. I am going to set aside the amazing things you can do with Tailscale and focus on how I use it for adblocking.

Tailscale has a feature to override device-local DNS in favor of a nameserver you specify. You can read more about Tailscale DNS here.

In my network, I configure my main Raspberry Pi 4 (running Pi-Hole and Tailscale) as the global nameserver, and enable the 'Override local DNS' setting. Now, all my devices (laptop, desktop, cell phone) route DNS through their Tailscale connection to my Pi-Hole. This provides network-level adblocking no matter what network I'm on (home wifi, mobile, friend's wifi, anywhere)!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment