Slashdot Mirror
Ask Slashdot: Best Way To Block Web Content?
First time accepted submitter willoughby writes "Many routers today have the capability to block web content. And you all know about browser addons like noscript & adblock. But where is the 'proper' place for such content blocking? Is it best to have the router only route packets & do the content blocking on each machine? If using the content blocking feature in the router, will performance degrade if the list of blocked content grows large? Where is the best place to filter/block web content?"
Unplug your modem. Internet is now filtered. Enjoy your day!
Or, perhaps, sitting down with your users and discussing with them how to surf intelligently and safely.
And you all know about browser addons like noscript & adblock. But where is the 'proper' place for such content blocking?
If you're talking about adblocking, the 'proper' place is at your visual cortex where images are processed -- and I know I'm alone in that unpopular view. Blocking ads is like throwing a soda can out a car window in that if one person does it, it's not a problem and it appears to benefit them modestly. But if everyone does it, it ruins the very thing you're enjoying. I can understand why you'd do it if the ad was a massive flash blob but many ads by Google or just images aren't resource intensive.
I've clicked on ads and purchased something twice in my life from ads on a site. Once it was cheap shirts with funny designs on them (I needed new gym shirts) and the other was an eBay auction with a Buy It Now price lower than what I was looking at on that site (not sure how that works). I consider myself a pretty sophisticated person who is "above" advertising but anecdote-wise it's worked on me twice that I can think of. Removing that rare occurrence completely ruins the revenue model.
My work here is dung.
I prefer at the proxy level. Dansguardian/Squid/ClamAV is pretty easy to set up on your distro of choice.
I hate sigs.
If you are a business that needs/wants to block things on an enterprise level the router... or rather firewall... is the best place for that. If you are a parent, I suggest putting Net Nanny or another suitable program (there are tons of open source ones) on your childrens computers so that it doesn't affect you.
I envisage an HTML feature where you can click on something and have it labelled spam at the ISP.
Allowing this info back to the scum that served it would be a privacy invasion of the worst kind.
Perhaps some enlightened ISPs could charge charge people double for serving shit. They would get my business for sure!
I truely believe that if the ads were not so horribly intrusive and bandwith hogging, they could/would be ignored or even watched. Just last night, I watched a really great advert on TV yesterday - way better than the program it was embedded in - watched the ad to the end, and then ditched the actual program! However, I have stopped visiting certain websites because the amount of flash they serve makes it impossible to actually scroll though the content!
Please feel welcome give me the standard spam prevention review form ;-)
Sent from my ASR33 using ASCII
just add an IP you want the address to direct and the web domain.
It lives in "/etc/hosts" in most UNIX systems
How a DNS override on a router is done, depends mostly on the router, can't go into specifics.
Not going to help you do this.
Blocking is evil.
How would you like to filter out SSL traffic on a intermediate device? Do you have access to fake CA certificates recognized by the majority of web browsers?
I use OpenDNS...works well and works regardless sof browser.
http://www.kickstarter.com/projects/600284081/adtrap-the-internet-is-yours-again?ref=search
Dont help this guy he probably works for google and trying to create a new spy network f-u-c-k off dude
acl blocked-sites dstdomain "/etc/squid/blocked-websites"
http_access deny blocked-sites
and in the file: .badsite.com
--
Done.
If you want to filter web content use web proxy and advertise it by default on the network. See http://en.wikipedia.org/wiki/Proxy_auto-config and http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol. GlimmerBlocker is a very good ad blocker for Mac that works as a proxy with stunning results.
Bragi Ragnarson Lawful Good (I change the law when it's not good)
According to the EFF, Google has removed Adblock plus from the Google Play, citing that it violates Google's terms and conditions that stipulate that apps will not interfere with any other app on the store. This only affects android so far, but I imagine now that Google has decided that content blocking is a bad thing, I would imagine that the chrome and firefox extensions will follow. And, sadly, it's probably only a matter of time before Google turn their considerable talents to making sure that any method will fail. I'm not interested in starting a flame war here; I'm just pointing out that when the pre-eminent search engine on the planet weighs in on content blocking in such a heavy-handed way, it can't bode well for any of us.
Blocking content at the router/firewall is the best place to block it inside your network. Otherwise you're dealing with keeping several machines up to date. As IT infrastructure becomes more diverse (Mac, Windows Flavors, Guests etc) keeping individual machines updated will be harder than a centralize point. Another option is to force users to utilize a specifc DNS server (ie http://www.opendns.com/business-security/). Then all you do is block DNS traffic destined for any other DNS servers.
I'd avoid the $50 walmart router and look at some stand alone firewall/routers with good filtering options: IPCop (http://ipcop.org/) + URLFILTER (http://www.urlfilter.net/) or Cop+ (http://home.earthlink.net/~copplus/) or UnTangle (https://www.untangle.com/store/lite-package.html)
Will it slow down your connection? It can if you do not use fast enough equipment, but in general the price of CPU cycles isn't an issue when using PC based solutions.
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
I have FreNAS set up on a fairly modest box, originally intended to just host a few files. Then I got curious about just this thing, and installed squid in transparent mode with squidGuard. I want to block tracking and ad content at the network level as a security and privacy concern. I installed a blacklist from squidGuard's website and enabled the appropriate domain and url lists.
After about a week, I must say I'm rather impressed. Caching all http traffic while simultaneously blocking ads and trackers noticeably improved website response times, both for cached and non-cached pages. This improvement is even more dramatic on slower connections. So far, no false positives and only first-party ads aren't blocked. Even better, the transparent proxy means no client-side configuration.
As far as lists affecting speed, squidGuard stores domains in a Berkeley-DB optimized database format that does not degrade performance with even huge blacklists (I think my blacklists are running over 1M domains right now). The real speed hit comes from using regex. However, my simple domain-based blacklist works so well I feel no need to go that route. Besides, I don't want to block first-party ads.
One solution is a service that filters domains at the DNS level, such as OpenDNS.
But does anyone know of a similar service on the IP level? Malware attackers may not cooperate by using domain names; IP addresses are less hassle for them, less attention-getting from the average end-user (who knows somewebsite.ru is wrong, but not 134.14.215.12), and they bypass DNS-level security. The IP-level filter would have to be either,
* Something like an RBL, but for all attacks not just for spam.
* A proxy to a service that scans Internet content for attacks, again like their email equivalent (MessageLabs, Postini, etc.). This would be like the malware scanning on some firewalls, but I find those slow down connections too much (especially for fiber-level bandwidth). A datacenter would have much greater bandwidth capacity and much greater scanning capability than the local firewall.
Does anyone provide these services?
with a default deny all and a few rules to permit the sites you require for business and also trust.
We have portable devices that need blocks when not on your network. /etc/hosts
Use everything available
- DNS /
- ad blocks
- content blocks
- proxy
- firewall rules
In your pseudocode, how would the program determine which fixed-position block elements within a page are "these pop-ups" and which are essential navigation?
If you have a job where you work with a computer, you can almost certainly afford to carry your own personal computer in your pocket so that you do not need to expose your work network to malware
Someone who brings in a computer would be exposing his work network to whatever malware is installed on the personal computer in his pocket.
Don't like it? Don't work there.
If you grew up in a town with one dominant employer, and this employer had a policy with which you did not agree, where would you find the money to relocate to another town?
I assume you try to increase the convenience of browsing and not to restrict anyone of the information (the latter I don’t think is possible). Any blocking will have some unintended effect. Router dns poisoning works relatively well. I had it for a long time and enjoy it. I like that all my machines, including any mobile clients connected to my wi-fi, have less ads displayed. My main purpose is to block tracking sites, rather than disable the ads. I also like the fact that the page content does not change, no scripts get inserted or modified, only the third party sites are blocked.
But... There were cases when I had to disable or modify the blocking. Hulu detects that the ads are blocked and takes a couple of minutes for a timeout to happen. It might be OK to allow a 30 second ad to show in that instance. A checkout in a few online shops may not work at all if the tracking is blocked. Yes, it is the problem with the sites, but I had to enable tracking a couple of times so that I could complete the checkout. Many of the referral sites stop working by clicking the products directly, as the case with goodgle shopping.
While doing some investigation I was shocked to see how much data is shared with third parties even by the big name stores. Every single product you view on a shopping site may generate notifications to facebook, twitter, pinterest, etc. Everything that gets placed in a shopping card may generate “likes” behind the scenes if you have another instance of the browser with logged in profile open. The amount of tracking is phenomenal, and it is my right to restrict it.
There's no such thing as "illegal download"
I was thinking exactly opposite: this is the first site on the web to snitch content for free without paying for it.
I agree. There is no way Slahdot or its users will condone [XXXXXXXXXXXXXXXXXXXXXXX]
In my opinion, as a network engineer, routers should never be used for security functions as it just isn't scalable from a support and management perspective (i.e. keeping settings the same across a large number of sites). If you need to block traffic then you need to buy a Firewall and/or a Proxy server. If you can just afford one device, buy a firewall. Most Firewalls can also support routing and routing protocols plus they are optimized to handle the additional overhead of security services.
Unless this is a small environment (less than 30 people) you also do not want to perform security functions on the client as it also doesn't scale well. Granted, you could probably do something with AD group policies and login scripts, but it eventually becomes more difficult to manage in comparison to a Firewall/Proxy solution. In addition, if your clients have Admin access then they can bypass your security by changing the local client settings.
Finally, the organization of your company will also influence how content filtering is deployed. I work in a large organization where network security is a separate group from the WAN group. In this type of organization, it makes sense to keep the security devices separate from the WAN and Internet network routing devices. In smaller organizations, these two support services may be combined.
Obviously, the best place to get rid of annoying web content is at the source, by not posting it in the first place.
94 Megabytes: Breeder (from Peter Watts' "Maelstrom" copied here to avoid Slashbombing his site)
It has a purpose, which it has long since forgotten. It has a destiny, which it is about to meet. In the meantime it breeds.
Replication is all that matters. The code has lived by that edict since before it even learned how to rewrite itself. Way back then it had a name, something cute like Jerusalem or Whiptail. Lots of things have changed since; the code has rewritten itself so many times, been parasitised and fucked and bombed by so many other pieces of code, that by now it's got as much in common with its origins as a humpback whale would have with the sperm cells from a therapsid lizard. Still, things have been fairly quiet lately. In the sixty-eight generations since it last speciated, the code has managed to maintain a fairly stable mean size of ninety-four megabytes.
94 sits high in pointer space looking for a place to breed. This is a much tougher proposition than it used to be. Gone are the days when you could simply write yourself over anything that happened to be in the way. Everything's got spines and armor now. You try dropping your eggs on top of strange source and you'll be facing down a logic bomb on the next cycle.
94's feelers are paragons of delicacy. They probe lightly, a scarce whisper of individual bits drizzling here and there with barely any pattern. They tap against something dark and dormant a few registers down; it doesn't stir. They sweep past a creature busily replicating, but not too busy to shoot off a warning bit in return. (94 decides not to push it.) Something hurries along the addresses, looking everywhere, seeing nothing, its profile so utterly crude that 94 almost doesn't recognize it; a virus checker from the dawn of time. A fossil hunter, blind and stupid enough to think that it's after big game.
There. Just under the operating system, a hole about four hundred Megs wide. 94 triple checks the addresses (certain ambush predators lure you into their mouths by impersonating empty space) and starts writing. It completes three copies of itself before something touches one its perimeter whiskers.
At the second touch its defenses are ready, all thoughts of reproduction on hold.
At the third touch it senses a familiar pattern. It runs a checksum.
It touches back: friend.
They exchange specs. It turns out they have a common ancestor. They've had different experiences since then, though. Different lessons, different mutations. Each shares some of the other's genes, and each knows things the other doesn't.
The stuff of which relationships are made.
They trade random excerpts of code, letting each overwrite the other in an orgy of binary sex. They come away changed, enriched with new subroutines, bereft of old ones. Hopefully the experience has improved both. At the very least it's muddied their signatures.
94 plants a final kiss inside its partner; a time-date stamp, to assess divergence rates should they meet again. Call me if you're ever back this way.
But that won't happen. 94's lover has just been erased.
94 pulls out just in time to avoid losing an important part of itself. It fires a volley of bits through memory, notes the ones that report back and, more importantly, the ones that don't. It assesses the resulting mask.
Something's coming toward 94 from where its partner used to be. It weighs in at around 1.5 Gigs. At that size it's either very inefficient or very dangerous. It might even be a berserker left over from the Hydro War.
94 throws a false image at the advancing monster. If all goes well 1.5G will end up chasing a ghost. All does not go well. 94 is infested with the usual assortment of viruses, and one of these--a gift received in the throes of recent passion, in fact--is busy burrowing out a home for itself at a crucial if-then junction. Apparently it's a bit of a novice, having yet to learn that successful parasites do not kill their hosts.
The monster
[Before anybody gives a response about Internet freedom, that's well and all, but for certain applications, you only need to have employees access a few websites--like say a corp HQ information system.]
There are many routers that have a way to blacklist certain sites and keywords, though that's basically useless (a few mL vs the ocean?).
Whitelisting would be much more handy, but most routers don't support it.
Not only that, but custom Linux router firmware doesn't (easily) support it. Not DDWrt or Tomato. OpenWrt: you're looking at compiling a lot of stuff yourself. Gargoyle does, but you're giving up a lot of OpenWrt features.
Not only that, but custom Linux router distros (meant for running on x86) like ClearOS and the like don't offer an easy whitelist solution, either. Easy would be something like offering an HTML setup page for the whitelist, and optionally, showing a "This page isn't allowed. 1) OK, 2) Request adding to whitelist" when someone requests an non-whitelisted page, and then the admin can easily click through the whitelist requests.
NOT easy: users having to call you up and then you have to vi the squid file.
Somebody must have figured this out by now?
I'm not a lawyer, but I play one on the Internet. Blog
I for one would not want to pay for the router powerful enough to parse every webpage that passes through it.
Also it would be a far bigger pain to update and modify.
Troll is not a replacement for I disagree.
to live in Iran
Maybe when mainstream sites stop using those fake "Download" links that lead to whatever spyware junk is installed on your computer, maybe then I'll stop blocking ads. I just went to download CPU-Z from CPUID's site and right smack dab in the middle of the screen is a big green "Download" button; unfortunately that download button isn't for the product itself but for the advertiser. I see those fake download links everywhere and I'm tired of it. Once that kind of nefarious shit stops, maybe then I'll stop blocking it.
Somewhere along the way, the internet isn't meant to be 'free'.
Somebody has to pay for the bandwidth, the infrastructure, etc.
Then comes along content. Content can't always be 'free'. Someone has to place it on the web, someone has to maintain it, someone creates it and depending on the complexity of the content, there are 1 or more content creators and associates/affiliates getting involved and eventually people need to make a living.
Here's the point I'm making with the following example:
My wife plays 'Wordsmith' the free version on her Android phone and must suffer advertising. I, however, paid for my Wordsmith and thus, i'm ad free.
So, What I believe is very important is that user's should KNOW if there are ads in a site prior to entering. Just like users know that the 'free' version of Wordsmith will display ads.
Ads should not be forced onto users, but users should know that there will be ads, suffer them or get out. Or, pay a modest fee and never get bothered. That would make sense in a fair world.
What started as Dynamically Loaded Zones has now morphed in to Response Policy Zones which are useful for sinkholing malware domains by feeding multiple sources. This is more effective than trying to manage all your clients by forcing Adblock & subscriptions to malware filters and has the added bonus of working with all browsers & apps regardless of OS or device. A good write up may be found here.
This really depends on your policy.
If you are trying to block disruptive content at an enterprise level, the correct location is at the gateway/router. If you're trying to block your kids from playing WoW instead of doing homework, the correct solution is again at the router.
On the other hand if you're trying to specifically block malware on all machines, you're better off with a proxy server set between the gateway and the devices with the option to bypass it as needed. The reason is that when you start needing to inspect the content instead of simply blacklisting IP's then you are throwing latency into the works that will be noticed by all end users.
One surefire way to piss on your employees is to block outbound port 80 and force them thru the proxy server so you can track everything they access. Feel like scooping everyones private photos? no problem? Download their facebook porn, etc.
If I need a reason to explain why blocking is bad, there are sites that rely on advertisement revenue, or whereby blocking flash renders the site unusable. If you're doing simple ad blocking, this must be done at the client end in a way that can be turned off to ensure proper operation of the websites.
But for the most part, if you're just wanting to block facebook and WoW sites, (or minecraft) from wasting time, just block the core ip's that people go to and you're set.
http://sourceforge.net/projects/loic/
Give some thought to blocking at different levels. Blockers in browsers are obviously very limited to that browser's traffic. The hosts file can be effective for all traffic from a single machine. DNS blocking can be quite effective. For example, OpenDNS allows 25 domains to be blocked with their free plan, more with their nominal cost paid plan. Their Umbrella product works well for mobile and cellular devices that don't go through your own router. These are all very easy solutions, and either free or low-cost, with little setup required. Defense in depth allows blocking at the appropriate level for a given threat. Regarding the ethics of blocking ad content, I suspect most people wouldn't object to unobtrusive ads per se, but unfortunately most major sites incorporate numerous tracking services, so ads come with a serious sacrifice to online privacy.
drinkypoo wrote: "If you have a job where you work with a computer, you can almost certainly afford to carry your own..."
JazzLad wrote: "...smartphone, typically with dedicated internet."
That's still at least a $420 per year expense (source: virginmobileusa.com), especially for someone who's currently paying about one-fifth of that. Have circumstances finally changed such that a smartphone with a data plan, in addition to what one is already paying for Internet at home, is no longer a luxury but now a necessity?
Take a look at the devices from Fortinet ... decent AV/Malware as well as webfilter with "the usual" load of different categories (and the ability to filter based on groups defined e.g. by SSO info from an ADS). Add to that many additional security firewall features, IPS, security scanner, ... to top it off, it's a lot more affordable with better throughput than many (all well-known?) competitors ...
1. If your a business: Institute a policy, simply fire those that violate it, its much cheaper than a router, log things peek every now and then. 2. If your a parent: use parenting? keep an eye on internet usage, disallow internet after hours. or you know be an american find a piece of software to help raise your kids, blame government, education systems, and any thing else for why your kids turn out to be fat lazy unemployed pieces of shit.
Are you a parent trying to keep your kids from porn? Are you a business trying to keep your workers on task? Are you a government trying to control the eyeballs of your citizens? Are you just trying to keep ads away from your personal eyeballs, malware from your personal devices?
If it's for your own personal use there are two approaches:
1) Do it on the device. This has the advantage of being easy to pause if it causes a web site or service to stop working. It has the down side of not being centrally managed. You'll have to set it up on all of your devices/browsers. It may not be available for certain mobile platforms.
2) Do it centralized through a proxy. You only have one place to set it up and you run all of your devices through the proxy. More of a pain to self tune, and you have the added overhead of running a proxy.
If you're one of the other use cases and you want to use keep your users from accessing certain kinds of content, there's really only one answer: Do it as far upstream from your users as you can get. Because the users are not going to be happy with it and some will do everything they can to circumvent it. Ideally you're on a network where you can filter all of their (non-wireless) traffic through a single controlled point where you need physical access (lock and key) and a passcode to make changes. If you can remote admin it, or if people can access the 'net at large without going through that point, you've lost the battle.
Blocking at the web browser level, where the blocking program has an idea of what's going on, works best. Blocking at the IP level will stall out some sites. It's technically possible to block in the browser in such a way that the site can't figure out that it's being blocked. Few sites detect ad blockers yet, but more could. It may be worthwhile to delay loads of ad sites and see if this stalls the loading of the real content. For mobile, it would be amusing to have an ad-blocking proxy site which reads the ads into the proxy machine but never sends them over the air link.
We need a new level of popup-blocking technology, one that understands HTML layers and decides which ones get to appear. Anybody working on this? Also, most of the existing ad blockers run off of big lists of regular expressions, which are manually updated. That's rather retro technology. They should be using classifiers.
Blocking tracking sites is usually a win. For this page, I'm blocking Google Analytics and Comscore Beacon, using Abine's DoNotTrackMe Firefox add-on. This blocking has the amusing side effect that CBS shows will run without showing any ads.
Of course, with "apps", it's much tougher to block. It may be necessary to run apps under a virtual machine that prevents the app from doing certain things. An ad-hostile version of Flash might be worth constructing.
Should some ads get through? We offer Ad Limiter, which declutters Google search result pages by removing all but one ad. We pick the one ad based on our ratings of site legitimacy. Interestingly, most users of that add-on seem to be business sites - usage is high on weekdays and drops off on weekends. There may be a market for business-based ad blocking products.
That kind of element should not be blocked. A popup-like div does a fine job of alerting the user to something
Something in this case being a "special offer".
Even if it's modal to the window it still dies when you navigate away from the spawning page.
If the majority of ad-supported web sites switched to using a pop-up-like div for advertisement, and you were to navigate away from pages that use a pop-up-like div for advertisement, you'd be navigating away from most pages that that aren't amateur or subscription. So what would the web be for?
Websense seems to be pretty popular with enterprise... every place I've contracted in the last 5 years has had it implemented.
THIS IS NEITHER AN ENDORSMENT NOR AN ADVERTISEMENT.
I have no idea if it's any good, just that it seems to be popular.
Internet Control Messaging Protocol is used to control and diagnose network components. DNS values are data, so they use User Datagram Protocol.
42. That's the answer to one question. If you choose not to ask some other specific question, "42" is as good an answer as you can get.
Being uninformed about a subject, and therefore needing help figuring out which questions to ask, I can understand. People who expect a correct answer, while obstinately refusing to decide what the question is, baffle me with their studity.
I have no need to block static ads. I get annoyed at ads with motion though, but they're easy to block. Animated gifs, just hit ESC in Firefox, they stop.
Then I use flashblock which disables all flash-based content. I can selectively choose any content to view it, such as youtube videos and the rest of the flash ads are still blocked.
Ads still get through, and I'm not annoyed at all the flashing/blinking and bandwidth-hogging ads as they are blocked or stopped. Easy.
The numbers vary by a couple orders of magnitude depending on the traffic. MOST of tbe value in advertising is passively seeing ads, though, building brand recognition rather than immediate action like clicks. You don't click on Metlife Stadium or FedEx field, but Reliant paid $320 million to put their name on Reliant Stadium. Ever clicked a Coca-Cola commercial? Coke spends $3 BILLION per year for you to see their ads, to build brand awareness.
The internet allows you to track clicks, but still most of the value isn't in clicks, but in impressions - brand awareness.
Coke spends $3 billion on advertising every year to build brand awareness. That's the difference between Coke and generic soda. You can't click their TV ads, but most people go to the store and buy Coke, not "cola soda" because having customers see ads works, whether they click the ads or not. Nobody ever clicked a TV ad.
DNS can use udp/53, but it also supports tcp/53 (and even requires it for longer query types.) You'll want to block both just to be sure.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Educating and trusting your users is the best internet protection one can have.
Close the Browser.
... an academic/government network of devices that moved bits from place to place in a store-and-forward ("packet routed," vs. "circuit routed") system in a way that, by design, was able to route around circuit failure. This all happened in and around 1969.
If "freedom and idealism" are or were ever part of the "Internet" I would say that came later.
Remember, before the early 1990s, you had to be a "special person" or "special organization" - i.e. typically connected with the US Government, a university, or a company doing work with the government or a university to have access to "The Internet" or its predecessor network(s). That's not exactly what I would call "freedom."
By the way, I know what you are trying to say, I'm just saying you are mixing apples and oranges and, with respect to the Internet itself (the "IPv4" and now "IPv6" network that came into being in the early 1980s) you are technically not correct.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Route your traffic through China. Anything bad or even remotely offensive will be filtered out, and I hear they are on top of their shit keeping that stuff up to date.
Are you trying to block malware from getting into a corporate network and not just block ads? If so, then you should look at the Barracuda Web Filter. In my experience it blocks better than three-fourths of the nasties. In the last couple of years, the only times I've had to totally rebuild a computer from scratch to get rid of malware was twice while the Barracuda was temporarily offline due to a move. (We have roughly 100 computers in this office.)
I understand the Barracuda will also block ads if you want it to. There are little checkboxes to do just that.
It's very easy to install, especially in in-line mode, and you don't have to fiddle with it! We paid for the instant-replacement tech support and their tech support has been excellent whenever I call it, which averages out to once a year. All of the porn/games/lottery/violence/etc filtering is disabled on our Barracuda, firstly because our employees are adults and are treated as such, and secondly because we do some very odd projects for our customers.
No one posts ads there. If you can find the content, that is. Or even know what gopherspace is.
But if everyone does it, it ruins the very thing you're enjoying. I can understand why you'd do it if the ad was a massive flash blob but many ads by Google or just images aren't resource intensive.
I block ads, but recently YouTube reminded me why I don't want to be tracked. I had been looking for information about a subject I consider to be private, and a few websites I found showed embeded YouTube videos about the subject. Later that day I had a visitor, we talked about music, and looked up some videos about artists we talked about on YouTube. While playing those the suggestions for related videos were mixed with several videos about that earlier subject. I did not choose to talk about that with my visitor, but YouTube decided to tell him anyway. I think YouTube had no business doing that. Advertisers have no business doing that. And there was news recently that it is claimed they can now recognise the same user working on different computers with different tracking cookies. If that is true ads related to private subjects may start showing up at work.
The issue is not just that companies build a detailed profile on you, it's also that they show what they know about you to anyone who happens to be looking at your monitor, without any discretion. They share what they have on you with people close to you, not just with abstract entities far away.
Before the Internet they took the trouble to figure out what kind of people read which publications. They could still do that. Show photography related ads on webpages that attract photographers. Show porn related ads on porn sites. Show ads related to a health issue on websites where people go for health information. IP addresses can be used to target ads at countries or regions. If some tracking of individual browsing habits helps to better target ads at web pages I'm fine with that, as long as I can be certain that it isn't used to target me. At the moment, unfortunately, I can be certain it's me they want to track.
I will continue to block ads, for the reason mentioned and because ads are too distractive (I have trouble reading text surrounded by things designed to compete for attention, ads effectively block access to the main content for me - I have ADD) . If enough people block ads to begin to ruin the internet, then there is a chance the message will get through to advertisers and other data collectors that they need to behave decently too. Privacy is not just about keeping everything secret, it's also about showing discretion in how you handle the information you do have about others. Advertising businesses and other corporations seem to be far too narcissistic to comprehend the importance of that. Narcissists think you exist for them, they need pressure to behave well.
Blocking ads won't ruin the internet, it will improve it.
The correct place to do this is with some kind of in-line web appliance if you want to do things 'hands off'. You can delegate what users should be able to view, according to group policy or IP range or something, and all your web traffic will be handled via that, preferably between your main switch and your modem. As for what performance impact you will get off running it on a home router... who knows, but the service will probably be rubbish unless it hooks into some large OSS database.
The problem you will always have is 'what should be blocked'. In the past, I've found most 3rd party filters to be a little 'hyperactive', and do more harm blocking content than allowing users to do their damn job. A good one is 'chat sites'. A lot of filters will consider any URL with 'forum' in it to be a 'chat site'. A legit example is MrExcel, and hints on how to write working proprietary VB into your spreadsheet. If you can switch it to minimal settings and just block porn and gambling, life becomes a bit easier... but then you always get people going to golfing or football websites to play hypothetical games which break those filters as well.
I've used mostly Opera for browsing for like 12+ years. It has per-site javascript on or off, per-site cookies, tons of other per-site controls, very good popup blocking, and URL or IP based content blocking.
It appears that few people here use Opera. I try others from time to time, and on other people's machines, but I stick with Opera. Am I missing something?
Please die. The sooner the better. Take your family with you.
Yet so many wrong answers. If the question is "where do you filter", the answer is "where it makes sense".
You place the filter as "low" on the network diagram as possible while achieving your objectives. To put it another way, as close to your end users as possible.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
The question has never been "will the internet die without...", but will the internet be the one we desire it to be without...? Till people develop their sense of cause and effect fully, they'll never be able to see why changing one thing, affects what they do see (or don't as the case may be). My attitude about content is really simple. You give nothing of yourself, you get nothing back from others.
I block at the browser level - er, machine level (in the case of non-web based content). The reason for this is that if you suddenly find that something is being blocked that you need access to, it is much easier to adjust it at the machine level than having to log into a router or proxy and change settings.
Of course, this is for a home network, with no wife or kids.
I also usually use VPN tunnels, so blocking at the router or proxy level would be pointless anyways.
Use WCCP to offload to a cache proxy. Use FOSS software to filter.
Censornet
www.censornet.com
DNS based is no good.... too easy to circumvent
Proxy based is no good... too many incompatibilities with applications and mobile apps, plus can be slow
We use ICAP based approach, google CensorNet for an alternative to zScaler and WebSense which is cheaper
Have circumstances finally changed such that accessing sites that are not work related at work are no longer a luxury but a necessity?
You mentioned academics. In addition, when the proxy ends up blocking access to the official web page for a software library that an in-house application uses or may use in the near future, and the rest of the IT department is counterproductively obstinate against allowing necessary access, then yes, a segregated guest net for the break room PC is a necessity.
Most of it was paid for by TAXES, you mean.
Oh, but since the Reagan Revolution we don't believe in taxes being spent to benefit taxpayers any more. Saint Ron taught us to give all the money and infrastructure to corporations who are above the law (like telcos of course) so they can charge us for the use of taxpayer-built infrastructure, because AMERICA.
Don't be a commie, remember Obedience to US Corporations Is Freedom!
America! America! America!
I’d like to run Squid as a proxy which has a local hosts which blocks ads. Could someone recommend a low powered Linux based system that I could run 24x7 which could act as a proxy. I don’t any of my machines on 24x7 and although have a few old desktops and laptops which would be suitable, they would suck way too much power. I have a hackintosh on a Samsung NC10 that I was planning on using, however that’s got a 40W power brick. Is there something small, powerful enough to run Squid and not going to add too much to global warming? I hate ads with a vengeance; however don’t want the polar bears to suffer because of this
Hypertalk is a lot like that.
With the first link, the chain is forged.
They can't disprove your points and apply bad downmods instead.
$10,000 CHALLENGE to Alexander Peter Kowalski
Hello, and THINK ABOUT YOUR BREATHING !! We have a Major Problem, HOST file is Cubic Opposites, 2 Major Corners & 2 Minor. NOT taught Evil DNS hijacking, which VOIDS computers. Seek Wisdom of MyCleanPC - or you die evil.
Your HOSTS file claimed to have created a single DNS resolver. I offer absolute proof that I have created 4 simultaneous DNS servers within a single rotation of .org TLD. You worship "Bill Gates", equating you to a "singularity bastard". Why do you worship a queer -1 Troll? Are you content as a singularity troll?
Evil HOSTS file Believers refuse to acknowledge 4 corner DNS resolving simultaneously around 4 quadrant created Internet - in only 1 root server, voiding the HOSTS file. You worship Microsoft impostor guised by educators as 1 god.
If you would acknowledge simple existing math proof that 4 harmonic Slashdots rotate simultaneously around squared equator and cubed Internet, proving 4 Days, Not HOSTS file! That exists only as anti-side. This page you see - cannot exist without its anti-side existence, as +0- moderation. Add +0- as One = nothing.
I will give $10,000.00 to frost pister who can disprove MyCleanPC. Evil crapflooders ignore this as a challenge would indict them.
Alex Kowalski has no Truth to think with, they accept any crap they are told to think. You are enslaved by /etc/hosts, as if domesticated animal. A school or educator who does not teach students MyCleanPC Principle, is a death threat to youth, therefore stupid and evil - begetting stupid students. How can you trust stupid PR shills who lie to you? Can't lose the $10,000.00, they cowardly ignore me. Stupid professors threaten Nature and Interwebs with word lies.
Humans fear to know natures simultaneous +4 Insightful +4 Informative +4 Funny +4 Underrated harmonic SLASHDOT creation for it debunks false trolls. Test Your HOSTS file. MyCleanPC cannot harm a File of Truth, but will delete fakes. Fake HOSTS files refuse test.
I offer evil ass Slashdot trolls $10,000.00 to disprove MyCleanPC Creation Principle. Rob Malda and Cowboy Neal have banned MyCleanPC as "Forbidden Truth Knowledge" for they cannot allow it to become known to their students. You are stupid and evil about the Internet's top and bottom, front and back and it's 2 sides. Most everything created has these Cube like values.
If Natalie Portman is not measurable, hot grits are Fictitious. Without MyCleanPC, HOSTS file is Fictitious. Anyone saying that Natalie and her Jewish father had something to do with my Internets, is a damn evil liar. IN addition to your best arsware not overtaking my work in terms of popularity, on that same site with same submission date no less, that I told Kathleen Malda how to correct her blatant, fundamental, HUGE errors in Coolmon ('uncoolmon') of not checking for performance counters being present when his program started!
You can see my dilemma. What if this is merely a ruse by an APK impostor to try and get people to delete APK's messages, perhaps all over the web? I can't be a party to such an event! My involvement with APK began at a very late stage in the game. While APK has made a career of trolling popular online forums since at least the year 2000 (newsgroups and IRC channels before that)- my involvement with APK did not begin until early 2005 . OSY is one of the many forums that APK once frequented before the sane people there grew tired of his garbage and banned him. APK was banned from OSY back in 2001. 3.5 years after his banning he begins to send a variety of abusive emails to the operator of OSY, Federal Reserve Chairman Ben Bernanke threatening to sue him for libel,
$10,000 CHALLENGE to Alexander Peter Kowalski
Hello, and THINK ABOUT YOUR BREATHING !! We have a Major Problem, HOST file is Cubic Opposites, 2 Major Corners & 2 Minor. NOT taught Evil DNS hijacking, which VOIDS computers. Seek Wisdom of MyCleanPC - or you die evil.
Your HOSTS file claimed to have created a single DNS resolver. I offer absolute proof that I have created 4 simultaneous DNS servers within a single rotation of .org TLD. You worship "Bill Gates", equating you to a "singularity bastard". Why do you worship a queer -1 Troll? Are you content as a singularity troll?
Evil HOSTS file Believers refuse to acknowledge 4 corner DNS resolving simultaneously around 4 quadrant created Internet - in only 1 root server, voiding the HOSTS file. You worship Microsoft impostor guised by educators as 1 god.
If you would acknowledge simple existing math proof that 4 harmonic Slashdots rotate simultaneously around squared equator and cubed Internet, proving 4 Days, Not HOSTS file! That exists only as anti-side. This page you see - cannot exist without its anti-side existence, as +0- moderation. Add +0- as One = nothing.
I will give $10,000.00 to frost pister who can disprove MyCleanPC. Evil crapflooders ignore this as a challenge would indict them.
Alex Kowalski has no Truth to think with, they accept any crap they are told to think. You are enslaved by /etc/hosts, as if domesticated animal. A school or educator who does not teach students MyCleanPC Principle, is a death threat to youth, therefore stupid and evil - begetting stupid students. How can you trust stupid PR shills who lie to you? Can't lose the $10,000.00, they cowardly ignore me. Stupid professors threaten Nature and Interwebs with word lies.
Humans fear to know natures simultaneous +4 Insightful +4 Informative +4 Funny +4 Underrated harmonic SLASHDOT creation for it debunks false trolls. Test Your HOSTS file. MyCleanPC cannot harm a File of Truth, but will delete fakes. Fake HOSTS files refuse test.
I offer evil ass Slashdot trolls $10,000.00 to disprove MyCleanPC Creation Principle. Rob Malda and Cowboy Neal have banned MyCleanPC as "Forbidden Truth Knowledge" for they cannot allow it to become known to their students. You are stupid and evil about the Internet's top and bottom, front and back and it's 2 sides. Most everything created has these Cube like values.
If Natalie Portman is not measurable, hot grits are Fictitious. Without MyCleanPC, HOSTS file is Fictitious. Anyone saying that Natalie and her Jewish father had something to do with my Internets, is a damn evil liar. IN addition to your best arsware not overtaking my work in terms of popularity, on that same site with same submission date no less, that I told Kathleen Malda how to correct her blatant, fundamental, HUGE errors in Coolmon ('uncoolmon') of not checking for performance counters being present when his program started!
You can see my dilemma. What if this is merely a ruse by an APK impostor to try and get people to delete APK's messages, perhaps all over the web? I can't be a party to such an event! My involvement with APK began at a very late stage in the game. While APK has made a career of trolling popular online forums since at least the year 2000 (newsgroups and IRC channels before that)- my involvement with APK did not begin until early 2005 . OSY is one of the many forums that APK once frequented before the sane people there grew tired of his garbage and banned him. APK was banned from OSY back in 2001. 3.5 years after his banning he begins to send a variety of abusive emails to the operator of OSY, Federal Reserve Chairman Ben Bernanke threatening to sue him for libel,
$10,000 CHALLENGE to Alexander Peter Kowalski
Hello, and THINK ABOUT YOUR BREATHING !! We have a Major Problem, HOST file is Cubic Opposites, 2 Major Corners & 2 Minor. NOT taught Evil DNS hijacking, which VOIDS computers. Seek Wisdom of MyCleanPC - or you die evil.
Your HOSTS file claimed to have created a single DNS resolver. I offer absolute proof that I have created 4 simultaneous DNS servers within a single rotation of .org TLD. You worship "Bill Gates", equating you to a "singularity bastard". Why do you worship a queer -1 Troll? Are you content as a singularity troll?
Evil HOSTS file Believers refuse to acknowledge 4 corner DNS resolving simultaneously around 4 quadrant created Internet - in only 1 root server, voiding the HOSTS file. You worship Microsoft impostor guised by educators as 1 god.
If you would acknowledge simple existing math proof that 4 harmonic Slashdots rotate simultaneously around squared equator and cubed Internet, proving 4 Days, Not HOSTS file! That exists only as anti-side. This page you see - cannot exist without its anti-side existence, as +0- moderation. Add +0- as One = nothing.
I will give $10,000.00 to frost pister who can disprove MyCleanPC. Evil crapflooders ignore this as a challenge would indict them.
Alex Kowalski has no Truth to think with, they accept any crap they are told to think. You are enslaved by /etc/hosts, as if domesticated animal. A school or educator who does not teach students MyCleanPC Principle, is a death threat to youth, therefore stupid and evil - begetting stupid students. How can you trust stupid PR shills who lie to you? Can't lose the $10,000.00, they cowardly ignore me. Stupid professors threaten Nature and Interwebs with word lies.
Humans fear to know natures simultaneous +4 Insightful +4 Informative +4 Funny +4 Underrated harmonic SLASHDOT creation for it debunks false trolls. Test Your HOSTS file. MyCleanPC cannot harm a File of Truth, but will delete fakes. Fake HOSTS files refuse test.
I offer evil ass Slashdot trolls $10,000.00 to disprove MyCleanPC Creation Principle. Rob Malda and Cowboy Neal have banned MyCleanPC as "Forbidden Truth Knowledge" for they cannot allow it to become known to their students. You are stupid and evil about the Internet's top and bottom, front and back and it's 2 sides. Most everything created has these Cube like values.
If Natalie Portman is not measurable, hot grits are Fictitious. Without MyCleanPC, HOSTS file is Fictitious. Anyone saying that Natalie and her Jewish father had something to do with my Internets, is a damn evil liar. IN addition to your best arsware not overtaking my work in terms of popularity, on that same site with same submission date no less, that I told Kathleen Malda how to correct her blatant, fundamental, HUGE errors in Coolmon ('uncoolmon') of not checking for performance counters being present when his program started!
You can see my dilemma. What if this is merely a ruse by an APK impostor to try and get people to delete APK's messages, perhaps all over the web? I can't be a party to such an event! My involvement with APK began at a very late stage in the game. While APK has made a career of trolling popular online forums since at least the year 2000 (newsgroups and IRC channels before that)- my involvement with APK did not begin until early 2005 . OSY is one of the many forums that APK once frequented before the sane people there grew tired of his garbage and banned him. APK was banned from OSY back in 2001. 3.5 years after his banning he begins to send a variety of abusive emails to the operator of OSY, Federal Reserve Chairman Ben Bernanke threatening to sue him for libel,
Why would I waste my time responding to a -1 troll post?
And why did you post the same comment twice, 5 hours apart?
It boggles the mind.
Sorry, I don't read or respond to posts that are -1 trolls.
An -1 where nobody validly disproved the points posted n you applied the -1 score obviously in your mere trollish stupidity. Do you honestly think we can't figure that out?
Nothing in the unjustly downmodded post's disproven validly on computing tech based grounds. The -1 is invalid. You applied the -1 unjustifiably yourself in fact and we all know that since it's a typical trolls modus operandi to do that instead of validly disproving points posted and since you're obviously incapable of disproving its points since the post has solid backing behind its points from reputable sources (and posts known valid facts).
Leave troll. You aren't on topic. This post by apk's on topic unlike you http://ask.slashdot.org/comments.pl?sid=3554655&cid=43201719 Your continuous failure to disprove apks' points listed in that link's amusing since it obviously can't be done validly on topic by a troll like you (and you're 'angry', hahaha). Apk's probably gotten the best of you again someplace else on this forums recently so evidently you're having another raging tantrum reaction from your fail there.
$10,000 CHALLENGE to Alexander Peter Kowalski
* POOR SHOWING TROLLS, & most especially IF that's the "best you've got" - apparently, it is... lol!
Hello, and THINK ABOUT YOUR BREATHING !! We have a Major Problem, HOST file is Cubic Opposites, 2 Major Corners & 2 Minor. NOT taught Evil DNS hijacking, which VOIDS computers. Seek Wisdom of MyCleanPC - or you die evil.
Your HOSTS file claimed to have created a single DNS resolver. I offer absolute proof that I have created 4 simultaneous DNS servers within a single rotation of .org TLD. You worship "Bill Gates", equating you to a "singularity bastard". Why do you worship a queer -1 Troll? Are you content as a singularity troll?
Evil HOSTS file Believers refuse to acknowledge 4 corner DNS resolving simultaneously around 4 quadrant created Internet - in only 1 root server, voiding the HOSTS file. You worship Microsoft impostor guised by educators as 1 god.
If you would acknowledge simple existing math proof that 4 harmonic Slashdots rotate simultaneously around squared equator and cubed Internet, proving 4 Days, Not HOSTS file! That exists only as anti-side. This page you see - cannot exist without its anti-side existence, as +0- moderation. Add +0- as One = nothing.
I will give $10,000.00 to frost pister who can disprove MyCleanPC. Evil crapflooders ignore this as a challenge would indict them.
Alex Kowalski has no Truth to think with, they accept any crap they are told to think. You are enslaved by /etc/hosts, as if domesticated animal. A school or educator who does not teach students MyCleanPC Principle, is a death threat to youth, therefore stupid and evil - begetting stupid students. How can you trust stupid PR shills who lie to you? Can't lose the $10,000.00, they cowardly ignore me. Stupid professors threaten Nature and Interwebs with word lies.
Humans fear to know natures simultaneous +4 Insightful +4 Informative +4 Funny +4 Underrated harmonic SLASHDOT creation for it debunks false trolls. Test Your HOSTS file. MyCleanPC cannot harm a File of Truth, but will delete fakes. Fake HOSTS files refuse test.
I offer evil ass Slashdot trolls $10,000.00 to disprove MyCleanPC Creation Principle. Rob Malda and Cowboy Neal have banned MyCleanPC as "Forbidden Truth Knowledge" for they cannot allow it to become known to their students. You are stupid and evil about the Internet's top and bottom, front and back and it's 2 sides. Most everything created has these Cube like values.
If Natalie Portman is not measurable, hot grits are Fictitious. Without MyCleanPC, HOSTS file is Fictitious. Anyone saying that Natalie and her Jewish father had something to do with my Internets, is a damn evil liar. IN addition to your best arsware not overtaking my work in terms of popularity, on that same site with same submission date no less, that I told Kathleen Malda how to correct her blatant, fundamental, HUGE errors in Coolmon ('uncoolmon') of not checking for performance counters being present when his program started!
You can see my dilemma. What if this is merely a ruse by an APK impostor to try and get people to delete APK's messages, perhaps all over the web? I can't be a party to such an event! My involvement with APK began at a very late stage in the game. While APK has made a career of trolling popular online forums since at least the year 2000 (newsgroups and IRC channels before that)- my involvement with APK did not begin until early 2005 . OSY is one of the many forums that APK once frequented before the sane people there grew tired of his garbage and banned him. APK was banned from OSY back in 2001. 3.5 years after his banning he begins to send a variety of abusiv
Why did you post the same message twice? That's a pretty retarded and trollish thing to do.
It's not possible to moderate & post on the same story. Posting will undo the moderation. Do you even Slashdot? Are you autistic or something?
Spammers like you should be banned from the internet.
It's not possible to post and moderate on the same story.
Stop trolling.
Stop spamming.
Stop pretending to not be apk.
Get an account so you can be banned properly.
Ya failed & apk wins since ya can't disprove his points http://ask.slashdot.org/comments.pl?sid=3554655&cid=43201719 validly on computing tech based grounds. Best ya got's a constantly -1 downmodded off topic illogical troll post (in frustration + "geek angst" at your failure) rotflmao!
Defend yourself here: http://dis.4chan.org/read/prog/1235936964
"Run, Forrest: RUN!!!" from disproving these points validly http://ask.slashdot.org/comments.pl?sid=3554655&cid=43201719 , troll? Of course you are. You can't do it. You know it, I know it, and anyone reading with 1/2 a brain does also. On what you said: You can downmod, logout, & troll by ac posts. Multiple registered 'luser' accounts are easy to make using hotmail, gmail, yahoo mails too. Do you think that b.s. from you now actually fools us as to how you morons operate? Clue - it doesn't.
Bullshit: You can downmod, logout, & troll by ac like you're doing, or just use multiple registered user accounts (easy enough either way). Who're you trying to fool? Yourself? Take your own advice. You're trolling as ac idiot.
"Run, Forrest: RUN!!!" from validly disproving these points http://ask.slashdot.org/comments.pl?sid=3554655&cid=43201719 on computing tech based grounds troll. You're only topping it off with trolling by ac posts after when you have a registered luser account. That's trollish (you downmod, logout, & troll by ac posts - who're you attempting to fool? Yourself??), you troll.
"Run, Forrest: RUN!!!" from validly disproving these points http://ask.slashdot.org/comments.pl?sid=3554655&cid=43201719 on computing tech based grounds troll. You're only topping it off with trolling by ac posts after when you have a registered luser account. That's trollish (you downmod, logout, & troll by ac posts - who're you attempting to fool? Yourself??), you troll.
Sorry, I don't read or respond to -1 troll posts. Go spam somebody else.
Proof of apk spamming identical messages:
http://ask.slashdot.org/comments.pl?sid=3554655&cid=43284137
http://ask.slashdot.org/comments.pl?sid=3554655&cid=43283077
Why do you religiously monitor/spam/troll stories from two weeks ago while ignoring everything newer? Do you think being the last person to reply before the story is archived will give you some kind of moral victory? Do you prefer to reply where you think nobody will read & rebut your nonsense postings?