[kwlug-disc] FAANG-free list
Chris Frey
cdfrey at foursquare.net
Sun Apr 19 04:26:48 EDT 2020
Thanks Paul, I have my own little half-project going on this too.
Here's one of my set of notes:
[snip]
The following domains belong to Google, and are used for various tracking
and services, such as the Safe Browsing feature. Often these sites are
contacted, unencrypted, even with Safe Browsing turned off. It may also
be part of Google Analytics, and be used via javascript.
1e100.net
googleusercontent.com
Possible solutions:
Blocking at the DNS level
https://community.jisc.ac.uk/library/janet-services-documentation/how-block-or-sinkhole-domains-bind
Using a local DNS server will in theory allow for redirecting
google domains to an invalid IP. I have tried implementing this,
and while it works from the command line, it does not stop FireFox
from contacting either of the domains above. This means either
DNS is done in other ways, or FireFox / javascript is using
direct IPs, or some other method as yet unknown.
Blocking at the browser level
I have read reports that using something like NoScript will
allow you disable all contact to the above domains. I have not
yet tried this, as it slows down browsing significantly (at least
back when I tried it), but it may be required if DNS is not
up to the job.
Recompiling FireFox
If you can't trust your browser, you're already on shaky
ground. This is, as yet, an unfinished project.
[snip]
In the end, I blocked Google at the firewall:
iptables -A OUTPUT -d 35.201.117.79 -j REJECT
And nothing of value was lost.
- Chris
More information about the kwlug-disc
mailing list