Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Best Way To Block Web Content?

Posted by samzenpus on from the what-has-been-seen-cannot-be-unseen dept.

First time accepted submitter willoughby writes "Many routers today have the capability to block web content. And you all know about browser addons like noscript & adblock. But where is the 'proper' place for such content blocking? Is it best to have the router only route packets & do the content blocking on each machine? If using the content blocking feature in the router, will performance degrade if the list of blocked content grows large? Where is the best place to filter/block web content?"

24 of 282 comments (clear)

  1. Best way to filter web content: by Anonymous Coward · · Score: 5, Funny

    Unplug your modem. Internet is now filtered. Enjoy your day!

    1. Re:Best way to filter web content: by Jeremiah+Cornelius · · Score: 4, Informative

      The CLOUD!

      No but real. SMB, use EasyDNS.

      Big shop? Z-Scaler and similar.

      Actually, EasyDNS is better. It blocks specific bloggers and tumblrs, that many "Enterprise" solutions give a pass.

      But for EasyDNS, you HAVE to be able to control the resolv.conf of your clients, or it is bypassed.

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
    2. Re:Best way to filter web content: by PlusFiveTroll · · Score: 4, Insightful

      To add on to this, it is good to block all DNS except a few trusted servers anyway. If someone gets a 'DNSChanger' style virus it will show up on the firewall pretty quick.

    3. Re:Best way to filter web content: by Anonymous Coward · · Score: 4, Insightful

      Unplug your modem. Internet is now filtered. Enjoy your day!

      This is an appropriate response given the bullshit question.

      There are different approaches for blocking content, depending on if you're running an ISP, a large Enterprise, a small business, or are just a home user. There are different approaches depending on what TYPE of content you're trying to block, and WHY you're blocking it.
      There is no simple, single answer to the question other than "well it all depends".

      Adblock is a user-friendly plugin which is, put simply, nothing more than a blacklist of various hosts which serve advertising content. The security aspects of this approach are incidental- it's not a security program it's for avoiding ads.
      If you're running an Enterprise or are a more tech-savvy user it's usually better to maintain your own blacklist, either at the edge router or via a hosts file on the local machine (depending on network size and complexity, and capability of your edge routers). If you're just a plain Joe Average, it's probably better to do it per-machine, especially if you're using a laptop which you're going to use in different locations.

      NoScript is not, by design, an ad-blocker. It is a script-blocker, and is a security program- ad blocking is incidental. It has the added advantage of operating on a whitelist, so new sources of threats will be caught by default. It blocks a variety of scripting languages from any location you have not specifically allowed, in addition to several other types of browser exploit vectors. For the technical user it is vastly superior to Adblock, but for people who are not so "internet savvy" it can be confusing and frustrating to have to maintain your own whitelist.

      Perhaps if the submitter would give us something more specific as to his needs, he'd get better answers.

  2. Nice Try China! by eldavojohn · · Score: 5, Insightful
    I'd suggest paying a lot of money to Blue Coat to do deep packet inspection so none of that content sneaks by.

    Or, perhaps, sitting down with your users and discussing with them how to surf intelligently and safely.

    And you all know about browser addons like noscript & adblock. But where is the 'proper' place for such content blocking?

    If you're talking about adblocking, the 'proper' place is at your visual cortex where images are processed -- and I know I'm alone in that unpopular view. Blocking ads is like throwing a soda can out a car window in that if one person does it, it's not a problem and it appears to benefit them modestly. But if everyone does it, it ruins the very thing you're enjoying. I can understand why you'd do it if the ad was a massive flash blob but many ads by Google or just images aren't resource intensive.

    I've clicked on ads and purchased something twice in my life from ads on a site. Once it was cheap shirts with funny designs on them (I needed new gym shirts) and the other was an eBay auction with a Buy It Now price lower than what I was looking at on that site (not sure how that works). I consider myself a pretty sophisticated person who is "above" advertising but anecdote-wise it's worked on me twice that I can think of. Removing that rare occurrence completely ruins the revenue model.

    --
    My work here is dung.
    1. Re:Nice Try China! by FireFury03 · · Score: 4, Insightful

      I can understand why you'd do it if the ad was a massive flash blob but many ads by Google or just images aren't resource intensive.

      I agree with you that the standard Google adsense ads are ok, blocking them is counterproductive (because websites need income). However, Youtube ads (also operated by Google) have gone way over the line and are way too intrusive; also far too many websites still shove floating divs and the like in your face (in fact, thats something that seems to be increasing), and manually blocking only the intrusive ads becomes far too much effort so invariably all ads get blocked.

      --
      http://blog.nexusuk.org
    2. Re:Nice Try China! by Razed+By+TV · · Score: 4, Insightful

      I respect your argument advocating ad revenue to support the sites you visit. This is one of the things the internet was built upon. I do feel bad about the sites I like not getting the money keep things running.

      On the other hand, you have:
      ads that track you
      annoying popups
      popups masquerading as windows messages that have faux buttons to close them, cancel them, or remove viruses that the popup supposedly just detected
      ads that flash, flicker, or have a lot of motion/activity in them (which I find to be particularly distracting)
      ads that play sound

      I'm not saying I wouldn't adblock if you got rid of the above ads, but currently there are too many reasons for me to even consider getting rid of adblock.

    3. Re:Nice Try China! by udachny · · Score: 4, Funny

      You took the words exactly out of my mouth.

      - then shouldn't you be angry with him for copyright infringement?

      --
      MY OTHER COMMENTS
    4. Re:Nice Try China! by Anonymous Coward · · Score: 5, Informative

      This is one of the things the internet was built upon.

      This is patently false. The internet, and before it the countless BBS services, was built on freedom and idealism. A server operator would pay out of pocket for their hobby and users would either access it for free, pay membership fees, or pay 900-number dial-in fees. The early internet had no ads because it was a hobbyist driven system. Not until the mid 90's did the internet monetize.

    5. Re:Nice Try China! by BasilBrush · · Score: 4, Insightful

      If you're talking about adblocking, the 'proper' place is at your visual cortex where images are processed -- and I know I'm alone in that unpopular view. Blocking ads is like throwing a soda can out a car window in that if one person does it, it's not a problem and it appears to benefit them modestly.

      You are certainly in the minority. Most people's view of that analogy would be that the can being thrown out of the window is the advert, and that the spoiled environment that is the result is like the spoiled web that is a result of heavy advertising.

      I do not accept that the internet needs third party advertising. Nor that the internet without it (and thus a loss of revenue for some site operators) would be worse.

      There was an internet before widespread advertising. Some people run a site as a hobby. Some organisations run sites because they want to spread an idea, or need to get information out there. Commercial organisations will still want to run their own web-sites, whether they sell from them, or just as a communications tool. There are lots of reasons why the internet won't die without advertising.

      A lot of sites with heavy advertising don't even have good content. They are only there to make money from adverts, so they steal content, or just link to what other sites have put out, or publish PR verbatim.

      There's absolutely nothing to stop people trying to make money with third party advertising, and I wouldn't want any official body trying to outlaw them. But equally I see nothing wrong with blocking them so that I don't have to see them, or waste bandwidth on them. If the result is that there are less people that can make a profit from selling advertising, then I say "hurray!"

    6. Re:Nice Try China! by Impy+the+Impiuos+Imp · · Score: 4, Funny

      Well, if someone would actually build a browser with a popup blocker that actually worked, the popup issue would be solved.

      One shouldn't have to turn off scripts to stop popups. All they have to do is insert into the code:


      if (going to open a new window from this web site and
          user doesn't want these popups)
      then
                tough shit

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    7. Re:Nice Try China! by BasilBrush · · Score: 4, Funny

      What computer language is this? I think I want to try it.

    8. Re:Nice Try China! by just_a_monkey · · Score: 5, Interesting

      I am continually surprised that it is still legal to block ads, and that there is no visible movement to make blocking illegal. Not even any pervasive "The websites must be able to make money on what they do!", "Blocking ads is like stealing from the websites!" or "You wouldn't watch a movie/TV-show without watching the commercials" campaigns.

      Google and their customers must not have as good lobbyists as Hollywood.

      --
      How inappropriate to call this planet Earth, when clearly it is Ocean.
    9. Re:Nice Try China! by Jah-Wren+Ryel · · Score: 5, Insightful

      Removing that rare occurrence completely ruins the revenue model.

      GOOD! That revenue model is the single largest driver of the internet surveillance state. It is difficult to imagine an funding model for the internet with worse social costs. The sooner it dies, opening the door to replacement systems that are less invasive the better off we all are.

      --
      When information is power, privacy is freedom.
    10. Re:Nice Try China! by X0563511 · · Score: 3, Insightful

      Lets not forget:
      ads from compromised servers shoving malware/payloads down your throat

      I could live without adblocking... but that last one there is a no-go. If that's not fixed, I am not willing.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    11. Re:Nice Try China! by fast+turtle · · Score: 3, Insightful

      and that's exactly why I use noscript and not block ads. Of course I follow the "DENY ALL" policy and only add those few sites to the whitelist that I actually use and guess what, this blocks 95+ percent of the stinking ads online while still allowing me to use the net. Otherwise it's to the point that I'll simply drop my ISP/Cable and Phone services since I don't use them and 911 calls are paid for by the 911 taxe/surcharge by everyone (mandantory service). Only thing I even use the phone for anymore as I simply don't give a damn about talking to anyone when I'm home.

      --
      Mod me up/Mod me down: I wont frown as I've no crown
    12. Re:Nice Try China! by just_a_monkey · · Score: 4, Insightful

      Now I am thinking what if an ad-blocker would download the ads - so that the websites can sell all eyeballs to their advertisers - but then silently threw them away instead of showing them to the user, who is not interested anyway?

      --
      How inappropriate to call this planet Earth, when clearly it is Ocean.
    13. Re:Nice Try China! by CelticWhisper · · Score: 3, Informative

      Adblock used to have an option to do just that. It disappeared many versions ago.

      Pity, because it was a good idea if you really wanted to stick it to the advertisers. You'd lose the bandwidth savings as the ad content would still download, but if you're unmetered and sporting a vendetta against marketroids it was a great option to use.

      --
      Help protect civil rights from abuse by the TSA - visit TSA News Blog.
      http://www.tsanewsblog.com
  3. At the proxy. by Raven42rac · · Score: 4, Informative

    I prefer at the proxy level. Dansguardian/Squid/ClamAV is pretty easy to set up on your distro of choice.

    --
    I hate sigs.
    1. Re:At the proxy. by drinkypoo · · Score: 4, Insightful

      This is the right answer. There's nothing wrong with ad blocking on the client, but if you want to block content for a whole bunch of users, a proxy is the answer. squid really is easy to set up.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:At the proxy. by drinkypoo · · Score: 4, Insightful

      Why do you want to block content for a whole bunch of users? Do you run a dictatorship?

      The most obvious example which does not support your jerking knee or twisted panties is keeping known malware off of a corporate network.

      Content blocking should be done on the client because it's the only place where the user has control over the blocking.

      If it's your computer, sure. (That includes those which are owned by the state but which you have access to, e.g. at the library.) If it's not your computer, fuck off. It's not your computer.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  4. DNS by craigminah · · Score: 3, Insightful

    I use OpenDNS...works well and works regardless sof browser.

  5. Re:Upstream by Technician · · Score: 4, Informative

    Filtered DNS does this already if you choose to use it.

    http://www.opendns.com/
    http://www.scrubit.com/

    --
    The truth shall set you free!
  6. Re:What about SSL? by myowntrueself · · Score: 5, Informative

    How would you like to filter out SSL traffic on a intermediate device? Do you have access to fake CA certificates recognized by the majority of web browsers?

    No problem if you use active directory group policies and a squid proxy with ssl-bump and dynamic generated certificates.

    Simply use a group policy to push the proxies cert out to the workstations as a trusted root certificate. Problem solved.

    Now you can filter out naughty HTTPS sites. Also anyone with root access to the squid proxy can extract all kinds of interesting info from the users HTTPS sessions and manipulate them in interesting ways. And the only way the users would know is by manually checking the certificate. "Whats this Google certificate doing being signed by '*'?"

    When you do this using Microsoft TMG theres a big red warning "You may want to check the legal implications of what you are about to do".

    --
    In the free world the media isn't government run; the government is media run.