Monthly Archives: July 2015

July 31, 2015 · 1:19 pm

Ad-blocking and extra privacy for your devices

The back-story:

As one of my friends has stated…

The Internet is a scary place without Adblock

It’s true.  And while I think he was largely referring to the ubiquity and annoying nature of many ads, the pervasiveness of shady no-opt-out cross-website tracking and malware are what worry me the most.  Now, as we go more and more into a mobile-device driven society, malware developers and tracking companies are spending more time and money investing in these platforms.  It makes sense — Adblock works on all major browsers on a PC or Mac, but there are very few controls for mobile platforms.

I was recently debugging traffic sent to/from my phone and I was a bit surprised (and upset) to see that many applications were sending my phone’s IMEI (an unchangeable hardware address) along with data about me to a 3rd party advertising service which was registering and linking the device to a profile which was impossible to erase.  So no matter what — uninstall/reinstall the application, completely wiping the data from the application, even completely factory resetting the phone — the IMEI stayed the same and thus my advertising profile and personal information were being persisted.  What’s worse is that, because this is a 3rd party being used by multiple applications, data about me was being shared across multiple applications without my consent.

Some existing solutions:

So what solutions are there?  Unfortunately, not a lot.  If you have a rooted device, you have some more options, but for this post I’ll stick to non-rooted devices.

  1. Adblock for Android.  Google is primarily an advertising company, so it was no surprise to me when they took down Adblock Plus from the Android app store.  You can still install it, though there are some caveats about how it works (i.e. it only works on WiFi unless you’re using a rooted device, you have to have “unknown sources” which adds some dangers to most devices, and updates to it need to be done manually because it’s not in the store).
  2. iOS.  There’s an AdBlock Browser for iOS, but it only blocks in the browser — no apps.  For $2, you can pick up Weblock, which seeks to do essentially the same thing as Adblock for Android does.  It thus comes with the same “WiFi-only” caveat.
  3. Set up or pay a monthly fee for a proxy to filter bad data.  If you route all your Internet traffic through a proxy, you can have rules  to block malware, tracking, etc.  Unfortunately, setting up your own proxy is beyond the technical skills of most, but if you’re fairly technical, there’s privoxy.  This is essentially how Adblock for Android and Weblock work under the covers, so it has the same WiFi-only restriction again.
  4. Set up or pay a monthly fee for a VPN to filter bad data.  Like setting up a proxy, setting up a VPN is complicated (vastly moreso, actually), but it does allow you to get around the WiFi-only restriction, as you can connect to a VPN from a cell network.
  5. Block via DNS.  In theory, if you use OpenDNS for your DNS provider, it will block ads and malware.  However, when I tested this, I found their list to be vastly insufficient and I didn’t see any difference between OpenDNS and other DNS providers.  Generally, you can only set your DNS provider on WiFi, so again, this carries a WiFi-only restriction.

A new, completely free, cross-platform, WiFi+cell solution:

I’ve set up my own caching DNS provider at 69.12.78.199 and 69.12.78.206 which routes many malware and advertising servers into a black hole.  It uses OpenDNS as it’s DNS server for IPs that don’t match malware/advertising servers.  If you’re on WiFi, you can just use these (follow these instructions for Android or these instructions for iOS, but use 69.12.78.199 and 69.12.78.206 instead of 8.8.8.8 and 8.8.4.4).  There are apps which will automatically switch these for you for Android (and maybe iOS?).

 

If you want this on your cell network as well, this can be done via VPN, which I’ve also set up.  We won’t route any traffic through it, but simply use it to fool the OS into using our DNS even when we’re on a cell network.

On Android/iOS:

  1. Set up a new L2TP/IPSec PSK VPN connection, as per these instructions for Android or these instructions for iOS:
    1. The server address is “noads.eskibars.com”
    2. The IPSec pre-shared key is “vpn”
    3. On iOS, turn off the “Send All Traffic” button.  This will prevent the VPN connection from actually forwarding traffic in, thus only using the DNS settings.  This is important that you do this setting because the VPN I’ve set up doesn’t actually send traffic to the Internet — it only provides DNS information.
    4. On Android, in the “forwarding routes” configuration section, set it to “127.255.255.1/32”.  This will prevent the VPN connection from actually forwarding traffic in, thus only using the DNS settings.  This is important that you do this setting because the VPN I’ve set up doesn’t actually send traffic to the Internet — it only provides DNS information.
  2. Once you’ve saved the connection, you can connect in with username “vpn” and password “vpn”

Voila!  Enjoy and let me know how it works!

Leave a Comment

Filed under Projects

Tagged as ,