Ad Killer

Brutally Effective Low-Level Advertisement Suppression

Ad-blocking browser add-ons are great tools. In fact, I would't want to surf the Internet without one. A number of other tools can help improve privacy, too. Some add-ons that I find indispensable are:

Popup blocker (Firefox settings)
Noscript (Javascript blocker)
The Electronic Frontier Foundation's Privacy Badger

Of course, there are downsides. With Noscript, you lock yourself out of many websites, altough you can selectively re-enable scripts. DNT, Flashblocker and many other add-ons are third party products, and dubious side-effects cannot be excluded. And black-box plugins, such as Adblock, don't allow me to verify that no information leaks out their way.

For these reasons, I am using a very simple, yet brutally effective scheme to prevent my computer from even contacting many ad company's servers: I list them in the static host table.

How Does It Work?

When you enter a web URL in your browser (or anywhere else, for that matter), your computer contacts a domain name server (DNS) to obtain the numerical IP address. For example, this web site, http://photonics.engr.uga.edu translates into the IP address 128.192.169.240. The IP address is what your browser uses to contact the server.

The same is valid for ad companies. Let's assume you open a web page, and that web page wants to include an ad from Doubleclick (server name: ad.doubleclick.net). A DNS lookup would return either 74.125.134.148 or 74.125.134.149, depending on the load. However, all computers insert one step in-between:

The static IP table

There is a file on your computer, every computer, that contains a list of static IP addresses. These could include those for which no DNS entry exists, or for which DNS lookups are so frequent that a local lookup in the static host list significantly reduces network traffic and improves response time. Usually, this file is hopelessly under-used and most often contains only the localhost address, which is always 127.0.0.1.

127.0.0.1...?

Let's be more precise, we are really talking about the Class-A network 127.x.x.x with a total of roughly 16 million IP addresses. Each of these points back to your computer, whichever that is.

You can try it by, for example, using

ping 127.0.0.1

You get a response from your own computer, and the response shows that your basic network subsystem (to be precise, the loopback interface) is up. Now all we need to do is teach your computer to circumvent the DNS lookup and let your computer think that ad.doubleclick.net is really 127.0.0.1.

Let's take a look at a default static host table. On Linux computers, this file is /etc/hosts:

127.0.0.1       localhost
127.0.1.1       my_linux_box

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Now you need to edit this file (as root or with sudo) and add the following line:

127.0.0.1      ad.doubleclick.net

It will take a few minutes to hours until the cache has expired (or until you reboot the computer, but what Linux user does that?), after that, your computer will use the static host table to obtain the IP address of ad.doubleclick.net, and guess what -- it obtains 127.0.0.1.

So here is your computer thinking "Oh, that's me..." and requests the ad from itself without that packet ever leaving your computer!

Normally, you won't run a web server on your local computer, so your browser will return an "unable to connect" error. Or, perhaps you run a web server. In that case, you most likey get a 404 in return. In both cases, however, the request is handled locally, and NO INFORMATION has ever reached the "real" ad server.

How To Populate /etc/hosts In Practice

(Updated September 2023) This method is gaining traction, and there are a number of community efforts under way to collect ad servers and sources of malicious content. I therefore discontinued maintaining my own hosts file, and I suggest looking up some of the recommended sites below:

My original recommendation
adaway.org, interesting particularly for Android users. Adaway's hosts file can be fownloaded from adaway hosts.txt.
Search for "Peter Lowe Blocklist Hosts", this has a lengthy URL
Same for StevenBlack Unified Hosts (huge list, includes lots of malware sites)

Ad servers are part of a dynamic market. Ad server names change frequently, which is why the community effort is superior to my own outdated list.

Windows? Mac? Android?

Too bad for you. Switch to free software. Oh well, if you insist... on Windows, there should be a file called "lmhosts.sam". Search for it. It has the same function. Mac OS-X is really FreeBSD (Linux' smaller brother), and the file should also be /etc/hosts.

Android is a Linux derivative -- also /etc/hosts, but you need a rooted Android. This is a separate chapter, but I tried it on a recent phone (Android 12), and it works. Android, like iOS, is quite intrusive. All the more reason to modify your static host table as soon as you can!

Windows, on the other hand, is so intrusive on so many levels that I don't think I'd even bother.

What Else Might Be Important?

The usual. Your mileage may vary. This idea is for educational purposes only, and you use it at your own risk. No warranty whatsoever. Rooting your smartphone or tablet may void the manufacturer's warranty. Not rooting it may void your privacy. You choose.