Remember the Users
RSS imageAbout About Me

The ongoing challenge of using free/libre software.

Blocking Facebook Domain Names

I do not give a hoot about Mark Zuckerberg’s ego. I do not share his worldview. I use some simple techniques to prevent him from tracking me. Like Google, Zuckerberg and Facebook are not part of my life.

The first layer is refusing to use Facebook. For anything. Facebook has no relevance to my life. End of discussion.

The next layer is never enabling third party cookies.

The next layer is using a short cookies white list along with session-only cookies.

The next layer is using NoScript and a short JavaScript white list.

The next layer is using browser add-ons such as CanvasBlocker, CleanLinks, Decentraleyes, HTTPS Everywhere, No Resource URL Leak, Privacy Badger, and RefControl.

The next layer is blocking known Facebook URLs.

These layers are part of my foundation to resist online tracking. Using these sledge hammers do not spoil my browsing experience. Just the opposite.

I block 74 Facebook domain names. I use dnsmasq and a special block list.

I do not pretend the dnsmasq block list is 100% complete. I am confidant the list blocks more than enough to foil most of Zuckerberg’s tracking attempts.

I use dnsmasq on my LAN server for DNS name caching. dnsmasq supports a feature called addn-host. I use three different lists. One is a generic list to block advertiser domains as well as undesirable and malicious domains. This generic file contains more than 216,000 domain names. I name the file /etc/hosts-blocked.

Another block list is for Facebook domains. I name this file /etc/hosts-fb. The list is available here.

The respective /etc/dnsmasq.conf directives look like this:

addn-host=/etc/hosts-blocked

addn-host=/etc/hosts-fb

There is a caveat with this strategy. I have my router configured to use my LAN server for DNS name resolution. This blockage strategy cannot block devices that do not use my LAN DNS server, such as smart phones.

For example, when somebody visits and uses my guest wireless — typically using an Android phone or tablet, that device usually has its own DNS name servers defined. This configuration partially bypasses my local DNS server. Being Android means at least one Google DNS name server will be defined in the device configuration.

I could create a router firewall rule to block other DNS servers. I might still do that some day. For now my focus is blocking Facebook within this home. Yes, when visitors use my guest wireless the IP address is revealed to undesirable servers such as Facebook and Google, but that occurs perhaps two or three times a year. All devices and computers in this home never see Facebook.

Further, my guest wireless is password protected. Visitors have access to the guest wireless only by permission. No need to worry about war drivers, although living rurally means somebody has to sit in the driveway to actually try to hack the password.

I also block many Microsoft domains too.

Posted: November 20, 2016 Category: Tutorial Tagged: General

Next: Blocking Microsoft Domain Names

Previous: Blocking Undesired Domain Names

No cookies, no JavaScript, no Flash, no ads, no tracking. Just a blog.

Remember the Users
RSS imageAbout About Me