It is much easier to use a HOSTS file as a whitelist rather than some sort of blacklist.
HOSTS is useful but limited. For example, it does not allow for wildcards like DNS.
Unbound is included in many distributions nowadays and it has plenty of features now that can make it act like a HOSTS file or authoritative server. These work well for ad blocking.
Blocking ads is like blocking traffic using a firewall. Firewall rulesets often block everything by default and then lines are added to whitelist desired traffic. This can be easier to manage than allowing every domain by default and trying to come up with a list of all undesired domains. The same firewall-like approach has worked well for me in blocking ads. All domains blocked by default; desired domains are whitelisted.
If you use Chrome browser, it will even help you formulate your whitelist. Go to chrome://site-engagement after some routine browsing.
You might find there are some shocking entries in those massive blocking HOSTS files popular on the internet if you ever choose to read one. Sites you will never, ever visit in your lifetime online. Grossly inefficient.
It also appears sections have been cut and pasted from a variety of disparate sources without any sort of verification.
I tried to read through one of these massive HOSTS files once and had to stop as I found it too repulsive. There were far too many dark corners of the web listed that the average web user will never visit. Makes one wonder how the authors even know about these domains.
People's browsing habits are not all the same. A "one-size fits all" HOSTS file seems inappropriate.
Sounds interesting, care to elaborate a bit? How do you deal with, eg: CDNs? Whitelist *.cloudfront.net, I suppose? How often do you revisit your whitelist?
I have found I can block cloudfront domains by default with almost no inconvenience.
Occasionally something like a download link, where the webmaster has chosen to use cloudfront for that specific resource, might require that I whitelist a cloudfront domain temporarily. If the domain has a unique subdomain and I am confident no ads are ever served from that subdomain, I might whitelist it permanently.
Every user is different and visits different websites. Each user's needs are to some extent unique. I think you have to find what works for you. No one can do this for you.
The more engaged you become in blocking ads, when you stop relying 100% on a third party to try take care of it for you, I think the more familiar you become in exactly what domains you need to access to accomplish whatever it is you are doing on the web. That knowledge allows you to make yoiur whitelist.
Meanwhile anyone using Chrome can tap into the built-in diagnostics via chrome://chrome-urls to get a very quick and easy analysis of what domains they are requesting and the ones they actually need:
chrome://site-engagement
To answer the second question, if I am visiting new sites, then the whitelist is modified accordingly. Otherwise I have found the majority of IP addresses to be quite stable. If I am visiting many random websites, eventually I will find one or two that are changing their address either perirodically or permanently.
Personally I like to know if websites are changing their IP address. I think there can be good and bad reasons for changing IP address. When one is using whitelisting instead of unrestricted recursive queries to a DNS cache then it becomes easy to identify websites that are changing IP address and to monitor the changes.
TIL...While i don't spend much time in chrome's configs and settings, i liked peering into the results of my list when viewing chrome://site-engagement
HOSTS is useful but limited. For example, it does not allow for wildcards like DNS.
Unbound is included in many distributions nowadays and it has plenty of features now that can make it act like a HOSTS file or authoritative server. These work well for ad blocking.
Blocking ads is like blocking traffic using a firewall. Firewall rulesets often block everything by default and then lines are added to whitelist desired traffic. This can be easier to manage than allowing every domain by default and trying to come up with a list of all undesired domains. The same firewall-like approach has worked well for me in blocking ads. All domains blocked by default; desired domains are whitelisted.
If you use Chrome browser, it will even help you formulate your whitelist. Go to chrome://site-engagement after some routine browsing.
You might find there are some shocking entries in those massive blocking HOSTS files popular on the internet if you ever choose to read one. Sites you will never, ever visit in your lifetime online. Grossly inefficient.
It also appears sections have been cut and pasted from a variety of disparate sources without any sort of verification.
I tried to read through one of these massive HOSTS files once and had to stop as I found it too repulsive. There were far too many dark corners of the web listed that the average web user will never visit. Makes one wonder how the authors even know about these domains.
People's browsing habits are not all the same. A "one-size fits all" HOSTS file seems inappropriate.