Raspberry Pi As an Ad Blocking Access Point

coop0030 writes "Adafruit has a new tutorial that will show you how to use your Raspberry Pi as a WiFi access point that blocks ads by default for any devices using it. This is really neat in that it would work for your Android or iOS device, your Xbox 360, TiVo, laptop, and more without needing to customize any of those devices other than to use your Raspberry Pi as the access point for WiFi. Using an ad-blocker can be useful for conserving bandwidth, helping out low-power devices, or for keeping your sanity while browsing the web!"

Cue the usual "debate" ...

[jc42]

... in which one faction points out that ads are funding much of the (commercial) Web, and if you suppress them, you won't have all that Free Content. Meanwhile another fraction is pointing out the huge waste of bandwidth and human time soaked up by all those annoying ads. And yet another faction takes the "Can't we all just get along" approach, by suggesting that the commercial folks should make their ads less annoying so that people don't suppress them.

Yeah, we've heard it all before, we'll hear it all again, and nothing much will change.

Re:Cue the usual "debate" ...

[Thantik]

This is like people charging $100 for a porn movie. There will always be someone willing to provide it for free. It is a serious overstatement that advertising provides "free content" - the content will be there with or without advertisers because people enjoy the things they enjoy, and like to share it with others.

Re:Cue the usual "debate" ...

[westlake]

... in which one faction points out that ads are funding much of the (commercial) Web, and if you suppress them, you won't have all that Free Content.

What is lost is the free content the add blocker wants to see.

Re:Cue the usual "debate" ...

one faction points out that ads are funding much of the (commercial) Web, and if you suppress them, you won't have all that Free Content.

To this, I reply: Hotels

The odds of my ad blocking putting a website out of business are negligible.
If you're quick with the knife, you'll find the invisible hand is made of delicious invisible meat.

Red in tooth and claw free market captialism swings both ways baby! WOO HOO!

Re:Cue the usual "debate" ...

[CanHasDIY]

... in which one faction points out that ads are funding much of the (commercial) Web, and if you suppress them, you won't have all that Free Content. Meanwhile another fraction is pointing out the huge waste of bandwidth and human time soaked up by all those annoying ads. And yet another faction takes the "Can't we all just get along" approach, by suggesting that the commercial folks should make their ads less annoying so that people don't suppress them.

Screw annoyance, my ISP charges by the bit! If that's how it's going to be, then you're damn skippy I want more control over what bits get sent down my pipe.

If the advertisers want to bitch, they should bitch to Comcast/Mediacon/whoever.

Re:Cue the usual "debate" ...

[Entropy98]

Screw annoyance, my ISP charges by the bit! If that's how it's going to be, then you're damn skippy I want more control over what bits get sent down my pipe.

If the advertisers want to bitch, they should bitch to Comcast/Mediacon/whoever.

The websites you visit have their own ISP and they pay by the bit as well.

Re:Cue the usual "debate" ...

[fermion]

Here is what I find interesting. I hear tv people talking about this through various media outlets and one big issue they have with streaming is that they can sell 15-20 minutes of commercials per hour of TV, but less than half that for streaming. Of course watching a tv is a much difference experience than streaming, On a TV value of the commercials are kept by producing commercials that can have an impact even with fast forward, and that people will wander around during the long commercial breaks. On the computer the commercials tend to be viewed.

Streaming is back to the begining of TV when 30 minute shows like the Honeymooners run 27 minutes instead of 22, and hour shows like gunsmoke was 50 minutes. If steaming includes 20 minutes of commericials per hour, then everyone is going to have ad blockers. Just like so many people flash blockers to keep the pollution of web pages.

Re:Cue the usual "debate" ...

[itsownreward]

Great! If I don't suck down their ads then I'm saving us both money!

Re:Cue the usual "debate" ...

[sjames]

If the ads pay by the click and he will never click as a matter of principle, then he IS saving them money.

Re:Cue the usual "debate" ...

[EmperorOfCanada]

The ad that pushed me into seeking out adblocking technology was an IBM ad where every 30 seconds or so it would make this very sudden and loud woosh smack noise of a golfball being hit. This was the ultimate in MBA crap, golf as a way to draw in programmers? Annoying people to get your point across? This was a double fail. One it drove me into the hands of adblockers, and two I never respected IBM since.

Then you get sites like Answers.com where if the adblocking software was working perfectly the site would almost be blank.

Re:Cue the usual "debate" ...

[Lincolnshire+Poacher]

... in which one faction points out that ads are funding much of the (commercial) Web, and if you suppress them, you won't have all that Free Content.

Free content? I wish.

I pay economist.com more than $200 per year for their excellent news, and they still have the gall to try to bombard me with as many ads as a non-subscriber. Plus a 'subscribe now!' crawl-up from the bottom of the page.

Ads can go to hell.

Re:Cue the usual "debate" ...

[rts008]

*Stands up clapping and cheering!*

Thank you for that most succinct, cogent, and insightful jewel!
Outstanding!

Standing ovation* :-)

I plan on using that concept in the future for these types of discussions.

Re:Cue the usual "debate" ...

[Entropy98]

The ads are served by the ad companies servers not the website owners.

Does no one on slashdot know how the internet works anymore???

Re:Cue the usual "debate" ...

[CanHasDIY]

Really? The websites I manage are paid for by hosting fees... which, at less than $100/yr total, are not unreasonable. I'd wager a lot of people spend more on entertainment in 6 months than I spend in 2 years, managing 10 websites.

Router

[MrEricSir]

Why do you need a RasPi for this? Why not do this in the router itself and save a little bit of power?

Re:Router

[techprophet]

Because everyone loves Pi!

Re:Router

[drinkypoo]

The RasPi can be the router, and most routers don't have the grunt force to be a decent proxy. It'd be okay for most handheld devices but otherwise it'd blow.

Re:Router

[jc42]

Because everyone loves Pi!

Yeah, except for the faction that prefers tau. ;-)

Actually, I'd conjecture that when we finally meet intelligent extraterrestrials, we'll find that those who have technology are evenly divided between those whose geeks memorize pi to zillions of places and those who memorize tau to zillions of places (in whatever base they use).

But I don't expect to be around to learn whether my conjecture is correct.

Re:Router

Most router on the other hand have much better I/O for their Ethernet interface where it counts vs USB. :P

Re:Router

[drinkypoo]

Most router on the other hand have much better I/O for their Ethernet interface where it counts vs USB. :P

I'll grant you that most routers have much better I/O for their ethernet; even if it is USB-based it's not hard for it to be better than Pi's. On the other hand, many of us have internet uplinks that won't stress the Pi's janky USB.

Re:Router

[I'm+New+Around+Here]

The intelligent alien would use base pi.

Then memorizing pi to zillions of places would be easy.

Re:Router

[BitZtream]

My router, which costs less than a RaspberryPi with the additional parts needed to make it capable of this, is far more powerful as a CPU and has ASICs that can handle 5 gige ports.

The RaspberryPi is a SHITTY networking device, pushing 10MB/s through it is almost certain to give you a reboot due to the shitty USB stack and that all networking on it is via USB.

Re:Router

[TheGratefulNet]

too slow.

my choice is an atom (fanless) with intel nic chip (or chips if you want multiple enet ports).

I just bought such a system (jetway mobo that has a daughter card with 3 more intel gig-e nics on it). my wan connection is comcast and I have a 50mbit plan that really does test close to that limit. with the atom inline, I see no insertion loss in terms of lower speed. the 50 stays at 50, with or without the atom inline.

if I want wifi on it, I can go thru ethernet or use the pci-e mini card slot. I prefer an external access point that is mostly just an RF stage going to ethernet. let all the real smarts be on my own router; but let the AP system be best-of-breed when it comes to RF (the new 'ac' for 802.11 speed is something I'd rather do with an external AP box than a pci-e card).

the rasp pi is cute, I have a few and toy around with them, but their usb/ethernet is just lame and I would not count on it, to be honest. its not a very good or strong system.

finally, I'd rather run openvpn (say) on the atom pc vs the rpi. atoms are not great but they're much better and faster than the rpi, and mini-itx systems are pretty damned small. and you can find fanless itx systems.

Re:Router

[drinkypoo]

Like I said, it would be fine for handhelds. Hell, I have a quad-core Android device (rockchip) and it only manages 3MB/sec peak on file transfers with wired ethernet. That, too, is connected via USB, but it's working USB :) Point is, the RasPi isn't going to bottleneck a cellphone. If you're expecting it to keep up with a laptop, that's probably a mistake.

I don't think the RasPi is great for much of anything because of its lack of power control and apparent lack of watchdogging, to say nothing of the missing RTC, WTF? If I were going to use a device of that size/class for something like that, I would use a Pogoplug. They have GigE and they cost next to nothing.

Re:Router

[geminidomino]

Whicch router is that? I'm in the market to replace my very old WRT54G DD-WRT with something that can take a decent aftermarket firmware (something with per-port bandwidth usage would be sweet, to hunt down those annoying gluts that sometimes happen).

Wireless isn't even a concern. Can you recommend yours?

Or you can just run privoxy

[bored]

Privoxy can remove a lot more than just ads served from a given domain/server. It can remove ads served by the same domain/server as the source website, as well as a number of other features that make it pretty nice for speeding up browsing on devices that don't have ad/javascript blockers.

Re:Or you can just run privoxy

[Lincolnshire+Poacher]

Privoxy can remove a lot more than just ads served from a given domain/server.

It can for HTTP, but increasingly tracking and ad services are shifting over to HTTPS ( Google Analytics is 100% SSL now ).

Privoxy can't help there, as browsers use SSL Tunnelling when configured to use it as an HTTPS proxy. So it just blindly relays the ads through.

Re:Or you can just run privoxy

[bored]

That is not 100% accurate because privoxy can strip the google analytics calls out of the javascript in the source pages. It can also degrade https to http for questionable domains.

And it can also blacklist whole domains SSL or not, so i don't think there are any cases where you get more functionality with a DNS blacklist.

Re:Or you can just run privoxy

[hobarrera]

Privoxy block HTTP, so it's extremely heavy, especially if you want to place it in an embeded device. Something like adsuck (which works at a DNS level) would better suit your a pi.

Cool...for now.

[Impy+the+Impiuos+Imp]

You mean I will no longer have to click on Slashdot, "Ads Disabled! Thanks again for helping make Slashdot great!"

Seriously, though, this is another utility to download ad server lists, fair enough, but when enough people do this, content providers will just switch to serving the ads directly, the ad companies will forward it to them. The rest is cost negotiation and more Akami (or whatever it is) type stuff.

Re:Cool...for now.

[vux984]

Seriously, though, this is another utility to download ad server lists, fair enough, but when enough people do this, content providers will just switch to serving the ads directly, the ad companies will forward it to them.

Maybe.

The increased costs of serving the ads directly may outweigh the return on the ads, breaking the business model.

Or at least force the ads to be more relevant, less bandwidth heavy, etc...

Both are wins.

Annoying isn't the problem

[cbhacking]

For me, I block ads because they are actually a threat to browsing. In the old days, Flash ads that would pop out a player which extended off the end of the window would crash the browser. These days that's less of a problem, but there are plenty of others still around.

Privacy: advertising is probably the biggest non-government threat to online privacy. I don't really care whether advertisers would respect *my* DoNotTrack headers; I won't even connect to their servers. Supercookies? You'd need to be able to set them, first. Even if a certain site is allowed for some reason, I don't let it see my other browsing history; it gets only a distorted and meaninglessly narrow view.

Security: Advertising networks are one of the biggest problems to online security right now. At least once a month (on average, it comes in waves), one of the web comics I read gets hit with a malicious ad that attempts to serve malware / exploit kits to anybody visiting the site. This has also happened to high-profile reputable news sites and so forth as well. The ad providers don't seem to give a fuck, and the sites serving the ads can't really control the ad content before it's served. Whether it's browser exploits, Flash exploits, Java exploits, embedded PDF exploits, or something else, ad networks cheerfully serve up malicious garbage all the time. You know that advice about "avoid the seedier parts of the web"? Yeah, you can't do that without an ad blocker. Everything is seedy otherwise.

For sites that need money to keep them running, I donate. A few hundred dollars a year in donations is no big deal for me, and it's probably more money than the sites in question would get from my ad impressions anyhow.

Re:Annoying isn't the problem

[PRMan]

This is true. During the Beijing Olympics, one of my co-workers (also a contractor) went to the Chinese medal count page (sent there by NBC.com) and got a virus from one of the ads that infected several machines at the company. He was fired for checking the medal count. I had gone to that page as well, but I was using NoScript, so I didn't load a virus onto the company network and didn't get fired.

Re:Annoying isn't the problem

[elashish14]

Those sites can easily control the ad content before it's served, simply by hosting the advertising content themselves. If they did this, they probably wouldn't get picked up by my Ghostery filters, and they better not unnecessarily use javascript either (99.999% of the web which is written in javascript doesn't need to be). And of course, I block third-party cookies and wipe all other cookies at restart.

Web hosters have decided to use third-party advertisers for convenience. Ease of blocking the content is the price of said convenience.

Re:Annoying isn't the problem

[jc42]

... I had gone to that page as well, but I was using NoScript, so I didn't load a virus onto the company network and didn't get fired.

Anyone who surfs the Web from an employer's machine and leaves scripting turned on is just asking for a disaster for which they are held accountable.

This is yet another anecdote illustrating why we should be trying to educate people about and common "dangers" of using the Web. One of the first lessons should be the idea that you don't download code from strangers and let it run it on your machine. Since "scripting" in web pages is code (unlike HTML markup, which isn't ;-), leaving scripting on makes it easy for outsiders to insert software in your machine and run it. And you will be held responsible for the results.

Wow! Amazing!

[wonkey_monkey]

Computer does thing other computers can do!

Re:Wow! Amazing!

[I'm+New+Around+Here]

That was my first reaction.

"Couldn't I do that with one of the old Dell's I have laying around here? Sure, I would have to add a wireless network card (or wired feeding a switch and wireless access point (or how about the spare laptops I've piled up around me? They already have have both the wired and wifi and their cracked screen won't be a hindrance.)) but it's not like this is some magical tech only a PI can do.

.
Okay, part of that is my second and third reaction. But my point stands.

Re:Wow! Amazing!

[spire3661]

That dell will consume an order of magnitude more power. Rapsberry PIs are compelling because they are cheap, low power and flexible. We all have old laptops lying around, but im sure as hell not going to leave my Dothan equipped Dell laptop plugged in 24/7

Re:Wow! Amazing!

[I'm+New+Around+Here]

I'll give you the point on the power. But the writeup seemed to make it out that you need to do this project with a PI, rather than any standard computer that can handle two network interfaces.

Re:Wow! Amazing!

[rts008]

Think outside of the brainwashing box.
Quit thinking like a 'consumer', just inhaling what's force fed to you. We used to be 'customers'.

Use the concept provided and TRULY think about what would be a best fit for you, and make it happen.

The variations are almost endless for this problem.
(hint: think of the 'writeup' as just a suggestion for one of the many solutions, not the one and only solution)

The internet is a vast treasure house of stupefying proportions for knowledge....the winnowing the wheat from the chaff can be a problem, though.

I suggest customer reviews, and a little research to deal with the chaff problem.

Do you have knowledgeable friends/acquaintances? Most would be glad to help you out with advice.

Break out of that 'consumer' (I picture cattle at a feedlot, being force-fed to gain weight for slaughtering for market) mentality, and start thinking like a free, independent individual, instead of part of the herd of consumers...a customer that wants a particular thing either for need or desire....based on your decision, not some marketing department, or ad agency

Use RPZ! / Why Google PDNS / 4.4.4.4 is not GPDNS

[fuzzel]

Instead of shoving a list of addresses into a DNS server (dnsmasq) in this case, it would be better to use RPZ (http://en.wikipedia.org/wiki/Response_policy_zone)....

Next to that:

> Open the file with sudo nano /etc/resolv.conf and replace the contents with the following:
> nameserver 192.168.42.49
> nameserver 8.8.8.8
> nameserver 4.4.4.4

192.168.42.49 = apparently the address of the fake webserver (would be great if they configured that somewhere before making test queries....)
8.8.8.8 = Google Public DNS, no ads maybe but running all your DNS queries through Google is not helping much now does it.
4.4.4.4 = is not a valid DNS server, likely they meant 8.8.4.4 which is the secondary Google Public DNS address.

If you have a DNSmasq anyway, just let it recurse and play caching resolver, much better idea.

> iface wlan0 inet static
> address 192.168.42.1
> netmask 255.255.255.0
> post-up ip addr add dev wlan0 192.168.42.49/24

One just has to wonder which IP the box will be using for outgoing queries, depends a lot on the kernel....
Now if that was 192.168.42.49/32 the .1 would always be chosen, but as a /24 magical things will happen

Etoomanypitholes and lots of people will be bitten.

On a WGR614 v6?

[tepples]

Why not do this in the router itself and save a little bit of power?

Because not everybody's home router 1. is easily customized and 2. has enough memory. I've read that my seven-year-old NETGEAR WGR614 v6 doesn't have enough flash for DD-WRT, and some people don't want to bother soldering, and some other routers are tivoized not to run an unapproved kernel. If I were to replace it with newer hardware, what make and model of home router would you recommend for no more than the price of a Raspberry Pi?

Re:On a WGR614 v6?

[adolf]

Yeah, you're right.

But then there's the obvious counter-argument: Not everyone has a Rasberry Pi and a spare USB WiFi NIC kicking around, either.

If I were to replace it with newer hardware, what make and model of home router would you recommend for no more than the price of a Raspberry Pi?

You didn't set the bar very high, did you?

From adafruit:

$39.95 Raspberry Pi Model B 512MB RAM
$9.95 Adafruit Pi Case- Enclosure for Raspberry Pi Model A or B
$11.95 Miniature WiFi (802.11b/g/n) Module: For Raspberry Pi and more
$5.95 5V 1A (1000mA) USB port power supply - UL Listed
$7.95 SD/MicroSD Memory Card (4 GB SDHC)

== $75.75. Adding first-class USPS shipping (to Ohio) adds another $5.18.

That's a grand total of $80.93 to get enough RaspPi to build an access point (some assembly required). (And you still need an Ethernet cable, and a USB cable for power.)

Or, for $50, shipping included you can get the venerable Linksys WRT54GL. Comes pre-assembled with everything you need except third-party software, which is it is widely compatible with.

For a few dollars more than a pile of Raspberry Pi kit, you can also get an Asus RT-N16. It's a beastly little router for the price, and has a gigabit switch built-in along with 802.11n (2.4GHz only, sadly). It's about as compatible with third-party firmware as the WRT54GL.

They're currently going for about $84, shipping included. Also comes pre-assembled with everything needed except software.

Re:On a WGR614 v6?

[tepples]

Thank you for the detailed analysis and the recommendations. Bookmarking.

Re:On a WGR614 v6?

[rts008]

Even though I was just lurking, thanks for your comment and links.

This reminds me why I stay on /. after the 'Dice Circus', and why I set up an account back when, after lurking for a few years!

I have learned more about a lot of stuff by way of ./ than I have in many classes/courses of study.

The diversity on subject matter, and expertise and level of knowledge, the 'out of the mouth of babes' moments,...it's all priceless, and justifies the statement that 'the internet has changed the world'.

Back on topic.....
Thanks to you I now feel the need to retire my old 'nix box I've been using as a gateway between my cable modem and router for my home LAN.
  It is becoming increasingly difficult and labor/time intensive to keep this crap out of my network. :-)

Off to the planning stage.....

Re:On a WGR614 v6?

[adolf]

I retired the old 'nix box from routing duty well over a half-decade ago. I got sick of maintaining something with moving parts that -- when it broke -- also prevented me from having Internet access to help me Google a fix. It got replaced with a WRT54GS running Sveasoft (which still works fine, SD card mod and all, though it doesn't get used anymore).

These days, I use an RT-N16 running Shibby. I have no complaints. (And it's a cute little general-purpose headless Linux box in its own right...)

Back to the topic: I don't do ad-blocking at the router. I've considered it, but it seems likely to break lots of stuff in weird ways with the transition between a bog-standard NAT gateway and a magical transparent proxy.

Re:On a WGR614 v6?

[robot5x]

I'd like to vote for the wonderful TP-LINK TL-WR1043ND.

Currently US$53 at amazon, I have it running the excellent Gargoyle firmware and having all kinds of fun playing with user quotas and the QOS. You can put DD-WRT on it too with some cautions.

Re:On a WGR614 v6?

[hobarrera]

So, upgrading a seven-year-old router is out of the question, but buying a raspberry pi to replace it is ok?

Re:On a WGR614 v6?

[tepples]

what make and model of home router would you recommend

So, upgrading a seven-year-old router is out of the question

I never said it was. I tried to make it clear that I was aware that a router purchased to play Mario Kart DS and Tetris DS would probably need replacing by now. I just asked for recommendations on a good model to replace it.

Re:Use RPZ! / Why Google PDNS / 4.4.4.4 is not GPD

[PayPaI]

4.4.4.4 = is not a valid DNS server, likely they meant 8.8.4.4 which is the secondary Google Public DNS address.

It's also possible they meant 4.2.2.[1-6] (of which 4.2.2.4 may be the most popular), which isn't really a public DNS server either, but may be close enough to count as a backup for Google.

Next up

[MichaelSmith]

• How to run ls on the Raspberry Pi
• How to run grep on the Raspberry Pi
• How to run egrep on the Raspberry Pi
• How to run tcpdump on the Raspberry Pi
• How to run ...

Re:Use RPZ! / Why Google PDNS / 4.4.4.4 is not GPD

[BitZtream]

4.4.4.4 used to be a valid DNS server.

> post-up ip addr add dev wlan0 192.168.42.49/24 ... just adds the ip to the interface and sets the net mask to /24. Nothing magical about it, its not really and different than the lines above it really.

Ad server spoofing?

[JorDan+Clock]

Could it be used to spoof an ad server? I have used a number of Android apps that will continuously try to reach ad servers if you use any sort of ad blocks, which causes extra battery drain. Could this system be set up to send some placeholders so the app will stop trying to pull an ad?

Re:Ad server spoofing?

[rts008]

Is there an Android version of 'noscript', or 'requestpolicy'?

Disclaimer:
I don't own, or desire, a cell phone, but both of these do well on my desktop with Firefox. (dual-boot: Win7 and Kubuntu 12.04) :-)

Slowwwwwww

[BestNicksRTaken]

Silly DNS scripts seems like a bad way to achieve this, Privoxy would be better, and the Pi's ethernet-over-USB setup (and a USB wifi donlge) is going to make this pretty slow.

Why does this have to be a Pi-specific tutorial, you could do this better on pretty much any Linux box.