Old School 'Sniffing' Attacks Can Still Reveal Your Browsing History

An anonymous reader quotes a report from Motherboard: Most modern browsers -- such as Chrome, Firefox, and Edge, and even browsers such as FuzzyFox and DeterFox (different, security-focused versions of Firefox) -- have vulnerabilities that allow hosts of malicious websites to extract hundreds to thousands of URLs in a user's web history, per new research from the University of California San Diego. What's worse, the vulnerabilities are built into the way they structure links, meaning that major structural changes will have to take place in these browsers in order to protect user privacy. The only browser that was immune to the attacks was Tor Browser, as the browser does not keep track of a user's internet history.

The vulnerabilities have to do with why, for instance, unclicked links appear blue while visited links appear violet: there's a different set of rules and style that apply to links depending on whether they've been visited or not. However, a bad actor building a web page can manipulate this faster loading time for visited links by "sniffing," or inferting your browsing history. In essence, sniffing is finding and exploiting proxies that reveal your web history. As outlined in the UC San Diego report, this sniffing could happen in a couple of ways: they could force the browser to reload multiple complex images or image transformations that differ based on whether you've visited a link or not, which would create drastic differences in the loading time for each. With this strategy, actors can test 60 sensitive URLs per second. Bad actors could exploit a "bytecode cache," which speeds up the loading time for revisiting a link that you've already visited. "By embedding a special script in a web page, the actor can test how long it takes for a web page to load and infer whether you've visited it or not," reports Motherboard. "Actors can probe 3,000 URLs per second with this method. When the vulnerability was reported to Google, the company marked the issue as "security-sensitive" but "low-priority."

Ask dogs

Sniffing anything reveals a colorful history.

I smell stale cashews

guess what I've been browsing!

Private browsing

Just use private browsing mode, or clear everything when you close your browser. I've been doing that for years.

Re: Private browsing

Yes, removing history or not recording it clearly helps. It is in the article, which mentions that this is the reason why Tor Browser is not affected.

Re:Private browsing

lol do you actually think that helps?

?? Of course it helps.

It even says so in the summary, but never mind that: 2 seconds of thought will let you know why it helps.

Re:Private browsing

[quonset]

How about disabling browsing, download, search and form history, forcing the browser to get a fresh copy of every page even if you've previously visited, and clearing everything when you close the browser at night.

Good luck trying to find my browsing history.

Re:Private browsing

lol do you actually think that helps?

Different AC here. I think that's going to me my standard reply to every comment from now on.

Inferting?

""sniffing," or inferting your browsing history."
      Inferting.
          Say it aloud. Conjures up a bunch of things, good, bad, and just plain ol' nasty.

Re:Inferting?

My dogs sniff and infert all day long, and I do believe it invades my privacy until I clear all my cookies.

Re: Inferting?

A perfectly valid word that does not yet have a meaning. Don't you love English?

Re: Inferting?

Who's been inferting again? You dirty, sworded, tainted, sullied, and stained minded individual, you.

So they need to know the url first?

Good luck with that. I don't visit any of your popular sites except slashdot.org.

Re:So they need to know the url first?

They do for most cases, but they can still brute force possible website names.
They won't, for example, be able to realistically brute-force tor-sites, or sites with random numbers or emojis and other nonsense. (acually, the xn- sites could be brute-forced since the sizes are usually small)
Library of common words, numbers and likely combinations of words and go to town with heuristics.
So, yes, they will likely be able to find your weird esoteric 4chan clone or Justin Bieber wordpress given enough time.

It's quite easy to get around some browser security systems by stealth hijacking a page. Less so these days with everything being pushed through https, but still common.
These days it is more sending people through tiny URL sites with social engineering on Twitter.
It's a constant battle.

Re:So they need to know the url first?

There's no value in finding out if you went to popular sites anyways. They don't care if you went to yahoo.com, but finding out you visit hypnotube.com might be of interest...

Re:So they need to know the url first?

I used to visit Splashdot. I think a sniffing attack will find that.

Re:So they need to know the url first?

Good luck with that. I don't visit any of your popular sites except slashdot.org.

Slashdot is a popular site?

I suspect they want to find out which bank you have your money with or which company you work for, to aid in phishing attacks.

Well then

a bad actor building a web page can manipulate this faster loading time for visited links by "sniffing," or inferting your browsing history.

How do I get it to stop sniffing my ferts?

Does "Clear history when Firefox closes"...

[CAOgdin]

...option not work for you in Firefox? I have that option set, and it appears to work for me. I have several other Firefox security settings turned ON (e.g., "Block cookies from unvisited websites", and "block popup windows"). (And, no, I won't show you the entire phalanx of Firefox settings I'm using :-) )

I'll admit that some people see all these options as daunting...but I'll wager they have a neighbor or colleague who can set it up for them...and show them how to propagate those settings to all other instances of Firefox in their home network.

Re:Does "Clear history when Firefox closes"...

It should. Same if you web surf in incognito and regularly restart your web browser. I personally do it to confound (as much as I can) web tracking. I login to all accounts of one persona at a time and limit what things I do as that persona. I have a script to start multiple independent chrome/chromium instances. I doubt in reality it does a lot to help, but it's really anyone can do against Google or Facebook.

Re:Does "Clear history when Firefox closes"...

Why the fuck would I do that? I've got some 20 years of browser history, which takes all of 200MB in places.sqlite. It's *my* computer, it's supposed to be useful to *me*. I've got nothing to hide from *me*. Having a history is useful, as long as it's local and secure.

Re:Does "Clear history when Firefox closes"...

Hopefully they will add superdelegates to the electoral college so that deplorable voters never pick the wrong candidate again! It was HER turn!

Re:Does "Clear history when Firefox closes"...

lol @ the dems with more insane russian conspiracy theories! get a grip on reality...

Re:Does "Clear history when Firefox closes"...

The same FBI that helped Whitey Bulger murder with impunity for decades and avoid indictment? That FBI? Oh, yeah, they're trustworthy. Or, do you mean the FBI that created the COINTELPRO program to harass and even kill civil rights activists? That FBI? Instead of spreading fake conspiracy theories about Russians, why don't you try reading some conspiracy facts about your beloved deep state FBI.

Re:Does "Clear history when Firefox closes"...

[radarskiy]

Who closes Firefox voluntarily?

Re:Does "Clear history when Firefox closes"...

[doconnor]

I'm not sure that will work, because this doesn't actually check you history. It checks your cache.

once again... the Javascript attack surface

By embedding a special script in a web page

So, yet again, we have an example where blindingly enabling scripting is a privacy or security vulnerability that can be attacked by the people you are running the scripts for.

After a decade and a half of this, new ones appearing every few days the entire time, maybe just fucking maybe it's time for people to stop running the 500 shitware scripts that pages foist on you.

This is not exceptional. It is not rare. It is not new.

Re: once again... the Javascript attack surface

Couldn't they fix this by simply spoofing the time in JavaScript, or only allowing events and timing to run art certain quanta.

JavaScript allows you do to do a lot that this side channel type leaks are almost inevitable.

Re:once again... the Javascript attack surface

[AHuxley]

But if that is turned off then the ads don't work.

Non-issue.

[Gravis+Zero]

This is side-channel timing attack which is of low importance because it only allows an attack site to ask if you have been to a site or not. It cannot see your history, just if you have visited a site in the recent past. At best this could inform an attacker if you are a target of interest.

However, this could be of interest to advertisers who want to probe if you have visited their site or maybe a competitor's site. Though chances are they already know that so it's likely not worth the trouble,

Re:Non-issue.

It cannot see your history, just if you have visited a site in the recent past. At best this could inform an attacker if you are a target of interest.

They can use it to detect your account... see

https://blog.twitter.com/engineering/en_us/topics/insights/2018/twitter_silhouette.html

Re:Non-issue.

Mod parent up. Again someone wants to increase their CVE currency portfolio. This is really a non-issue, they have to GUESS an URL you MIGHT've visited, and then get a confirmation from the browser.

Oh, hey, it just dawned on me... with modern URLs containing TRACKING random tokens.... it actually...... saves us from this sniffing? :)

Non-issue

Disable JavaScript...

Case closed.

Great however

[Artem+S.+Tashkinov]

NoScript perfectly protects against this, and hopefully the websites that I've whitelisted won't use these tricks to sniff out my browsing history.

Re:Great however

[Aighearach]

It is a good idea to also use uMatrix so that even if you turn on JS for a site, the third party stuff still can't load.

Re:Great however

Browser addons are easily detected by native browser methods for blocking you from that site if the site owner wants.

Re: Great however

Or you could just load every page on the internet to obfuscate your history.

Inferting browsing history? That's an insinuendo!

[remoteshell]

Inferting may be the only mode of inquirty that can help us unprehend why the giant Alaskan king crabs scuttling around on the power lines outside my home snatch only Canadian aircraft out of the sky. My sublime but rascally sefl wants to infert your devience from your browsing history, along with your last 4 digits

Hosts efficacy recently vs. threats

"It's working: Neville... it's working!" See subject & results from the past 2-3 months https://it.slashdot.org/commen... https://it.slashdot.org/commen... & https://it.slashdot.org/commen... + https://it.slashdot.org/commen... + https://it.slashdot.org/commen... https://it.slashdot.org/commen... & https://search.slashdot.org/co... https://search.slashdot.org/co... https://it.slashdot.org/commen... that's only recently while I've been on Linux (few months now only) & 100's of times vs. MANY other botnets/malwares etc. in the past circa 2006-early 2018 while I was on Windows: CONCRETE VISIBLE UNDENIABLE REALITY (see those links as proof).

P.S.=> ... & that's ONLY what /. reported on (there are FAR more)... apk

Security pros etc. QUOTED on hosts

"classic Windows hosts trick to block the Coinhive or Crypto-Loot domains" - https://www.bleepingcomputer.com/news/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ - BLEEPING COMPUTER

ZD NET http://www.zdnet.com/article/how-to-use-a-hosts-file-to-improve-your-internet-experience/ "Hosts files really shine by letting you block ads, spyware sites, malware sites, & tracking sites"

SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else" hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...

Aryeh Goretsky/ESET/NOD32: hosts = good security https://it.slashdot.org/comments.pl?sid=7442373&amp.cid=49747129/

Oliver Day (SYMANTEC/SECURITYFOCUS) http://www.securityfocus.com/columnists/491/

Spybot S&D uses hosts.

APK

P.S.=> Malwarebytes' hpHosts hosts & RECOMMENDS my program forum.hosts-file.net/viewtopic.php?f=5&t=4290

Registered /.ers reviews #1/5

Your software is just fine - well written, functional... I'm going to continue using the Host File Engine by mmell February 17, 2017

Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid - by JazzLad April 20, 2016

his hosts program is actually pretty good by xenotransplant August 10 2015

his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg September 25 2015

I like your host file system by Karmashock September 09 2015

that APK guy, I use his host file by rogoshen1 Tuesday March 03, 2015

I personally use a HOSTS file blocker produced from a genius called APK by 110010001000 October 27 2017

* For the Win32/64 model...

APK

P.S.=> Linux model's faster/more efficient/better MERGE feature too - More coming... apk

Registered /.ers reviews #2/5

Apk has the answer for that - really... kill automatic updates by adding a hosts file entry setting updates.steam.com or whatever to 127.0.0.1. You have to find the right hostname for each software you want to block updates on by raymorris (2726007) on Friday July 06, 2018

APK your posts on this and the hosts file posts, and more, have never been in error and/or bad advice by BlueStrat (756137) on Wednesday June 21, 2017

I support APK's stand on the hosts file and can't see why it's not used more than it is. My hosts file is 144247 lines long (4,332 Kb) it & a firewall serves me very well - by Trax3001BBS (2368736)

ABP is insufficient as a solid hosts file does everything APK reminds us about fast turtle September 17 2013

You need APK's hosts file - by Teun (17872) on Wednesday August 06, 2014

* For the Win32/64 model...

APK

P.S.=> Linux model's faster/more efficient + BETTER merge feature - More coming... apk

Browsing in private mode fixes it too

[Solandri]

The URLs you visit are not stored in history if you browse in private mode. I do nearly all my browsing in private mode. Occasionally it's a pain because I'll accidentally close a tab, and ctrl-shift-T (undo tab close) does not work because the browser doesn't know the URL you just closed. But otherwise it hasn't been any different from a regular browser. You have to manually enable extensions to work in private mode, and whitelist certain sites to be able to store cookies. The inability to undo a tab close has been the biggest headache, and it's relatively minor.

If the description in summary is accurate, it sounds like blocking scripts unless you've whitelisted the site should also be effective in preventing it as well (unless a major site which you've whitelisted gets hacked and the malware script injected). Yet another reason to disable javascript by default.

Registered /.ers reviews #3/5

APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience in this context. Of course, your phone has to be rooted, which isn't the case with Firefox + adblock." - by chihowa on Saturday May 16, 2015

APK solution STILL relevant Thud457 June 11 2015

In a footnote, I would like to note that I find your hosts file admirable - by vel-ex-tech (4337079) on Tuesday November 24, 2015

APK's monolithic hosts file is looking pretty good at the moment - by Culture20 on Thursday November 17

you're right about hosts files - by drinkypoo (153816) on Thursday May 26

APK, I know people give you a lot of shit regarding hosts, but please don't ever stop - by nasredin (958927) on Friday June 12, 2015 @03:34PM

* For the Win32/64 model...

APK

P.S.=> Linux model's faster/more efficient + BETTER merge feature - More coming... apk

Registered /.ers reviews #4/5

APK is kinda right... I've given up on JS based adblocking and gone to blackholing in /etc/hosts, just like it was back in the 90s. The computational load has gotten intolerable for any ad-blocking using JS. I've tried his hosts file generating software. It works. - by bmo (77928) on Thursday October 15, 2015

get around to 'installing' a hosts file list, not sure which one, likely the one from someonewhocares.org. If it works as well as what I used for a while about ten years ago, I'll be happy. And grateful to APK for the lesson and the reminder. - by kermidge (2221646) on Wednesday March 27

I actually went and downloaded a 16k line hosts file and started using that after seeing that post, you know just for trying it out. some sites load up faster. - by gl4ss (559668) on Thursday November 17

dammit MS, you proved APK right about something by lgw

* For the Win32/64 model...

APK

P.S.=> Linux model's faster/more efficient + BETTER merge feature - More coming... apk

Registered /.ers reviews #5/5

(APK) is still right a hosts file really does work. It even blocked a some of the video ads that were inserted into a stream OrangeTide February 10 2016

the Host File Engine performs exactly as promised - by mmell (832646) on Thursday February 16, 2017

I do use APK's host file on all my systems at home by OrangeTide December 01 2017

I've never tried to belittle (APK's work), I've flat out said it's good - by BronsCon (927697) on Thursday February 11, 2016 @06:48PM (#51491263)

(Toss on 100,000++ users worldwide too!)

* For the Win32/64 model...

APK

P.S.=> Linux model's faster/more efficient + BETTER merge feature... apk

Even CHINA copied me (vs. DNS down/redirected)

Who did it 1st: China or me? I did - dates are my proof https://theregister.co.uk/2017... w/ the FACT China rampantly STEALS U.S. Intellectual properties & military secrets!

* IMITATION truly IS the SINCEREST FORM of FLATTERY!!!

(... & proves hosts work vs. DNS faults in tracking you via dns request logs (since you avoid it & resolve FASTER locally using hosts) + DNS being downed OR Kaminsky REDIRECT security flaw misdirected poisoned (or vs. DNSChanger))

APK

P.S.=> Let me tell you ALL 1 thing: It's NOT EASY being "World-Class" like me (lol - 100,000++ users prove it for me) - enjoy the fruits of my labors for FREE + going FASTER/SAFER/MORE RELIABLY online (w/ a bit more anonymity too via my program)... apk

Re:Even CHINA copied me (vs. DNS down/redirected)

Just because you wrote hosts file software before China does not demonstrate that they were aware of your software, let alone that they chose to duplicate it. You have repeated this allegation over and over does not mean that it has any basis in truth. When pushed for evidence that China is actually aware of your software, you become unreasonably angry and post personal attacks. There are also plenty of other hosts file managers with similar functionality to yours. Even if China intentionally duplicated software from another country, it's just as likely that they chose to duplicate one of the other products out there. Your allegation has been repeatedly debunked.

Here's a challenge: Prove that China is even aware of your software.

I know that already

[hvidstue]

Why is it even important to show which sites I have already visited?

1. 1. I know that already.
2. 2. If I forget, I will visit the site again.
3. 3. If i recognise the site I will enforce my memory to remember that I have already been here.
4. 4. If not any of above I will have a new experience.

Re:I know that already

[RhettLivingston]

I get a lot of value out of this when using Google to search. If the search is for hard to find or describe data and I'm spending over half an hour searching and entering searches that approach the question from many angles, I definitely want to see the many links I've already visited in old searches highlighted in the new ones. I also research many subjects again and again over time (days, months, years, etc.) and would like to be able to distinguish previously unseen information.

In fact, it would be awesome to have a feature in Google search that I could flip on and off with a single click to just filter out previously seen information on the server side! Maybe it's there and I just haven't looked for it.

I'm not sure I see a direct threat from this for myself. I would think it would be used to inform phishing attacks and ad placement, but I'm not vulnerable to either.

On the other hand, the vast majority of internet users are not as informed as most tech users. They are vulnerable to attacks like this and we should be concerned about that because that vulnerability does affect the internet as a whole in ways that splash back on everyone by inciting regulation, limiting services, etc.

In a very, tenuously related theme, the feature I would most like added to Netflix is the ability to remove everything I've already watched from any suggestions as well as to allow me to tell it that I don't ever want to watch a particular video and have that removed from suggestions also. Of the shows and movies I've watched in my life, I doubt I watched more than 1% twice. I usually hate viewing or reading the same thing twice. Oddly, that doesn't carry to music. There is something fundamentally different there.

Re:I know that already

3. If i recognise the site I will enforce my memory to remember that I have already been here.

That's probably the step people don't like. Why waste my memory for something which can be memorized by a computer, and waste time visiting the site if my memory is faulty.

Old school?

Why does the age of your school have anything to do with this?

Fuck me!

[nospam007]

Some 'IT expert' discovered cookies.
Now I have seen everything.

Re:Fuck me!

This has nothing to do with cookies, but it isn't new, either.

And then...

In addition to knowing a history of links so they can blue ones you visited (long ago) there are other things like zoom level of a page, including if you opened a pic in "new tab" and zoomed. Even "incognito" mode.

None of this is clobbered by erase history, or by "cleaning" programs. You have to go through pains to do it manually.

Re:Vs. 3rd party script hosts=faster vs NoScript

[cm5oom]

Can your software block apk spam?

They mocked me...

...for using Lynx. Who's laughing now, suckers?!?!?

Who does NOT surf in "private" mode?

That is _basic_. Should be default setting.

Just ditch javascript, it seems

I just skimmed the source (gah, why indirect through vice?). It seems that -- in their current version, at least -- those attacks need javascript interpretation. So just disabling javascript completely (as I do, and as I recommend!) keeps you safe.

Still have to do thorough reading, tho.

Vs. 3rd party script hosts=faster vs NoScript

See subject: Via APK Hosts File Engine 2.0++ 64-bit for Linux/BSD h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p

Yields more security/speed/reliability/anonymity vs. any 1 solution (99% of threats use hostnames vs. IP address most firewalls use) more efficiently/FASTER + NATIVELY 4 less!

Vs. "Bolt on 'MoAr' illogic-logic" slowing u hosts speed u up 2 ways: Adblocks + Hardcode fav. sites u spend most time @ vs. competition loaded w/ security bugs (DNS/AntiVir) + overheads slowing u (messagepass 'souled-out' to advertisers easily detected & blocked addons + firewall filtering drivers) & their complexity leads to exploit!

* ONLY 1 of its kind in GUI 4 Linux/BSD!

(Better vs. Windows model in speed/efficiency/merge)

APK

P.S.=> Protects vs. scripts/trackers (faster vs. NoScript @ kernelmode level)/ads/DNS request tracking + redirect poisoned or downed DNS/botnets/malware downloads/malcript/email malicious payloads... apk

Hosts efficacy recently vs. threats

"It's working: Neville... it's working!" See subject & results from the past 2-3 months https://it.slashdot.org/commen... https://it.slashdot.org/commen... & https://it.slashdot.org/commen... + https://it.slashdot.org/commen... + https://it.slashdot.org/commen... https://it.slashdot.org/commen... https://search.slashdot.org/co... https://it.slashdot.org/commen... that's only recently while I've been on Linux (few months now only) & 100's of times vs. MANY other botnets/malwares etc. in the past circa 2006-early 2018 while I was on Windows: CONCRETE VISIBLE UNDENIABLE REALITY (see those links as proof).

P.S.=> ... & that's ONLY what /. reported on (there are FAR more)... apk

Security pros etc. QUOTED on hosts

"classic Windows hosts trick to block the Coinhive or Crypto-Loot domains" - https://www.bleepingcomputer.com/news/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ - BLEEPING COMPUTER

ZD NET http://www.zdnet.com/article/how-to-use-a-hosts-file-to-improve-your-internet-experience/ "Hosts files really shine by letting you block ads, spyware sites, malware sites, & tracking sites"

SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else" hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...

Aryeh Goretsky/ESET/NOD32: hosts = good security https://it.slashdot.org/comments.pl?sid=7442373&amp.cid=49747129/

Oliver Day (SYMANTEC/SECURITYFOCUS) http://www.securityfocus.com/columnists/491/

Spybot S&D uses hosts.

APK

P.S.=> Malwarebytes' hpHosts hosts & RECOMMENDS my program forum.hosts-file.net/viewtopic.php?f=5&t=4290

Registered /.ers reviews #1/5

Your software is just fine - well written, functional... I'm going to continue using the Host File Engine by mmell February 17, 2017

Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid - by JazzLad April 20, 2016

his hosts program is actually pretty good by xenotransplant August 10 2015

his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg September 25 2015

I like your host file system by Karmashock September 09 2015

that APK guy, I use his host file by rogoshen1 Tuesday March 03, 2015

I personally use a HOSTS file blocker produced from a genius called APK by 110010001000 October 27 2017

* For the Win32/64 model.

APK

P.S.=> Linux model's faster/more efficient/better MERGE feature too - More coming... apk

Registered /.ers reviews #2/5

Apk has the answer for that - really... kill automatic updates by adding a hosts file entry setting updates.steam.com or whatever to 127.0.0.1. You have to find the right hostname for each software you want to block updates on by raymorris (2726007) on Friday July 06, 2018

APK your posts on this and the hosts file posts, and more, have never been in error and/or bad advice by BlueStrat (756137) on Wednesday June 21, 2017

I support APK's stand on the hosts file and can't see why it's not used more than it is. My hosts file is 144247 lines long (4,332 Kb) it & a firewall serves me very well - by Trax3001BBS (2368736)

ABP is insufficient as a solid hosts file does everything APK reminds us about fast turtle September 17 2013

You need APK's hosts file - by Teun (17872) on Wednesday August 06, 2014

* For the Win32/64 model.

APK

P.S.=> Linux model's faster/more efficient + BETTER merge feature - More coming... apk

Registered /.ers reviews #3/5

APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience in this context. Of course, your phone has to be rooted, which isn't the case with Firefox + adblock." - by chihowa on Saturday May 16, 2015

APK solution STILL relevant Thud457 June 11 2015

In a footnote, I would like to note that I find your hosts file admirable - by vel-ex-tech (4337079) on Tuesday November 24, 2015

APK's monolithic hosts file is looking pretty good at the moment - by Culture20 on Thursday November 17

you're right about hosts files - by drinkypoo (153816) on Thursday May 26

APK, I know people give you a lot of shit regarding hosts, but please don't ever stop - by nasredin (958927) on Friday June 12, 2015 @03:34PM

* For the Win32/64 model.

APK

P.S.=> Linux model's faster/more efficient + BETTER merge feature - More coming... apk

Registered /.ers reviews #4/5

APK is kinda right... I've given up on JS based adblocking and gone to blackholing in /etc/hosts, just like it was back in the 90s. The computational load has gotten intolerable for any ad-blocking using JS. I've tried his hosts file generating software. It works. - by bmo (77928) on Thursday October 15, 2015

get around to 'installing' a hosts file list, not sure which one, likely the one from someonewhocares.org. If it works as well as what I used for a while about ten years ago, I'll be happy. And grateful to APK for the lesson and the reminder. - by kermidge (2221646) on Wednesday March 27

I actually went and downloaded a 16k line hosts file and started using that after seeing that post, you know just for trying it out. some sites load up faster. - by gl4ss (559668) on Thursday November 17

dammit MS, you proved APK right about something by lgw

* For the Win32/64 model.

APK

P.S.=> Linux model's faster/more efficient + BETTER merge feature - More coming... apk

Registered /.ers reviews #5/5

(APK) is still right a hosts file really does work. It even blocked a some of the video ads that were inserted into a stream OrangeTide February 10 2016

the Host File Engine performs exactly as promised - by mmell (832646) on Thursday February 16, 2017

I do use APK's host file on all my systems at home by OrangeTide December 01 2017

I've never tried to belittle (APK's work), I've flat out said it's good - by BronsCon (927697) on Thursday February 11, 2016 @06:48PM (#51491263)

(Toss on 100,000++ users worldwide too!)

* For the Win32/64 model.

APK

P.S.=> Linux model's faster/more efficient + BETTER merge feature... apk

Even CHINA copied me (vs. DNS down/redirected)

Who did it 1st: China or me? I did - dates are my proof https://theregister.co.uk/2017... w/ the FACT China rampantly STEALS U.S. Intellectual properties & military secrets!

* IMITATION truly IS the SINCEREST FORM of FLATTERY!!!

(... & proves hosts work vs. DNS faults in tracking you via dns request logs (since you avoid it & resolve FASTER locally using hosts) + DNS being downed OR Kaminsky REDIRECT security flaw misdirected poisoned (or vs. DNSChanger))

APK

P.S.=> Let me tell you ALL 1 thing - It's NOT EASY being "World-Class" like me (lol - 100,000++ users prove it for me) - enjoy the fruits of my labors for FREE + going FASTER/SAFER/MORE RELIABLY online (w/ a bit more anonymity too via my program)... apk

Hey FAKEName, tell ya what... apk

See my subject & let's see YOU do better than I have - ok? Never WILL happen from a "ne'er-do-well" fakename like you!

APK

P.S.=> Why? A fakename online is ALL YOU'LL EVER BE (or do)... apk

Re:Vs. 3rd party script hosts=faster vs NoScript

I strongly recommend against using your software.

You refuse to release your source code, but say it's been audited by Steven Burn. Even if every single version has been audited, that does not mean that your binaries are safe. Unless the builds are reproducible and Steven Burn is able to produce identical binaries to what you're distributing, your software should be considered untrusted. The fact that you refuse to digitally sign your software further calls into question whether the binaries can be trusted.

Your software relies on third-party hosts files, which are not guaranteed to be secure. Any of those could be compromised, containing entries that redirect otherwise legitimate hostnames to fake or malicious sites. Unless you verify that each of those hosts files have not been compromised, those should be considered points of vulnerability.

Also, hosts only prevent known malicious sites from carrying out attacks. However, as you cited, 95% of newly registered domains are spam or malware domains. Any blacklisting approach like yours is a losing battle against the volume of new malware domains. A whitelisting approach like Noscript or Umatrix will be far superior at blocking attacks from newly registered domains that you haven't blocked yet.

Re:Hey FAKEName, tell ya what... apk

You failed to answer his question. Can your software block APK spam?

Also, why did you make an unprovoked personal attack against hey!? That was totally uncalled for and you know it.

And here is PROOF that you believe hosts can block speculative execution attacks. Of course, it only applies to downloading software from known malware hosts, so the security provided by your software is pretty limited.

A fact is a FACT: I did it 1st before China

See subject: No changing facts. No hosts program does tld/gTLD verifications OR hardcoded favorites (like China copied from me) period.

* YOU LOSE.

APK

P.S.=> That last part's ANOTHER FACT you can't deny (you losing), lol... apk

You lose again on every "point" you try

No one cares what U "think" (thought's beyond u). I won't give away code to be EFast duplicated as a malware (like happened to Google) you UNIDENTIFIABLE anonymous nobody!

IF someone doesn't like what's in hosts files? They are EASY TO EDIT (you lose).

I don't HAVE to digitally SIGN anything - those get STOLEN & ABUSED (which I've pointed out to you before WITH PROOF).

My method is BUILT-IN & was upmodded on /. as INTERESTING in of all places, CODING FOR DEFCON!

To nullify it would demand a GIGANTIC custom hackjob to offset (100's of procs/functions self-check my code MATHEMATICALLY down to 1 byte change) - nigh impossible.

APK

P.S.=> I block them as they are discovered as threats (which they STILL ARE) & it works vs. threats (plenty of evidence I put out to that effect is in this debate exchange) - you lose... apk

Hosts CAN stop portsmash (learn2read)

See subject: As long as I block sources of the downloads for it (you need to use a local exe to do it) https://it.slashdot.org/commen...

* I never attacked "hey!" - I don't even KNOW who he is so you're just IMPERSONATING me yet again is all like usual (weak & all you have - like you? Worth ZERO).

APK

P.S.=> No complaints from me, I like APK's spam. Reminds me to use a host file. Also, his stuff is free. - by aaaaaaargh! (1150173) on Tuesday November 17, 2015