Is it possible to interdict any and all redirection?
Let's say I call a web page from https://xyz/page.html
in which case I'd want any redirect to any domain other
than xyz to fail even if it's a link at xyz.

Bad sector,

> Is it possible to interdict any and all redirection?

Yes.

At least, in my ancient, v52 version of FF its under "tools" -> "Options" ->
"Advanced" -> "General", under the name "Warn me when websites try to
redirect or reload the page". It doesn't block, but gives you the option to
follow the redirection / accept the refresh or not.

Regards,
Rudy Wieser

On 1/17/24 06:11 AM, R.Wieser wrote:
> Warn me when websites try to
> redirect or reload the page
If anyone can find this in 120+, please post it.
--
Linux Mint 21.2 Cinnamon
Al

On Wed, 17 Jan 2024 05:56:35 -0500
bad sector <forgetski@_INVALID.net> wrote:

> Is it possible to interdict any and all redirection?
> Let's say I call a web page from https://xyz/page.html
> in which case I'd want any redirect to any domain other
> than xyz to fail even if it's a link at xyz.
>
>

I found this: https://www.wikihow.com/Block-Page-Redirects

I have noticed when I pay my AT&T bill online I'm redirected three time
before I can pay the bill.

I use the NoScript extension for Firefox and it will stop redirects,
but it takes a while to learn how to use it properly.

Big Al <alan@invalid.com> wrote:

> R.Wieser wrote:
>
>> Warn me when websites try to redirect or reload the page
>
> If anyone can find this in 120+, please post it.

Didn't find a GUI screen setting for this in FF 121.0.1. There is an
about:config setting to block redirection. See:

https://adlock.com/blog/how-to-block-redirects-in-browsers/#firefox
(The page provides help, but promotes their trialware.)

Blocking redirects would also disable meta-refresh. Often a site uses
an interstitial page to control navigation within its site, like you can
reach another page only if you started from one of their pages. They
are also used to display information to the user, like you must register
to use the resort's wifi, or enter the login credentials they gave you
to thereafter have Internet access.

https://en.wikipedia.org/wiki/Interstitial_webpage

Redirects are both on- and off-domain, so you may lose functionality at
a web site when blocking redirects to their own resources. Since the
behavior in Firefox is to alert and ask, you could okay the redirect.

Perhaps a better choice is to use an ad/content blocker. I use uBlock
Origin, but my blacklist subscriptions and settings may not match yours.
If the redirect is to a blocked resource, the redirect won't happen;
however, it's possible you end up with an error about content cannot be
found.

On 1/17/2024 2:56 AM, bad sector wrote:
>
> Is it possible to interdict any and all redirection?
> Let's say I call a web page from https://xyz/page.html
> in which case I'd want any redirect to any domain other
> than xyz to fail even if it's a link at xyz.
>
>

In my version of SeaMonkey, I set accessibility.blockautorefresh to
"true". However, I do that only rarely since some redirects are needed
for navigating complicated Web sites.

--
David E. Ross
<http://www.rosde.com/>

Paris mayor quits X platform, calling it a 'gigantic global sewer'.
Others characterize X (previously known as Twitter) as the place
where truth goes to die.

Johnny <johnny@invalid.net> wrote:
>Wed, 17 Jan 2024 05:56:35 -0500 bad sector <forgetski@_INVALID.net> wrote:

>>Is it possible to interdict any and all redirection?
>>Let's say I call a web page from https://xyz/page.html
>>in which case I'd want any redirect to any domain other
>>than xyz to fail even if it's a link at xyz.

>I found this: https://www.wikihow.com/Block-Page-Redirects

>I have noticed when I pay my AT&T bill online I'm redirected three time
>before I can pay the bill.

>I use the NoScript extension for Firefox and it will stop redirects,
>but it takes a while to learn how to use it properly.

I am a long-time user of NoScript. It affects whether certain functions,
like javascript, cross scripting, and a few others, run on the user's
computer. But redirection can occur due to action of the Web server. NoScript
cannot affect that.

If the user requests one page from the Web server and a different page
is served, that really cannot be prevented in the browser. The only
thing the user can do is close the tab.

I also use AdBlocker Ultimate and uBlock Origin. But there are times
that Web pages use techniques that are too similar to how ads from
third-party Web sites are forced into the page and I have to turn off
either extension.

With NoScript, pages that are created "on the fly" and don't truly exist
on the server expire quickly. If I still have the page open in the
browser, it stops functioning. If I cannot reload the page and get it to
function as anticipated, I turn off NoScript then turn it back on, allow
the javascript I need temporarily, then reload the page, it functions
again as expected.

"David E. Ross" <nobody@nowhere.invalid> wrote

| In my version of SeaMonkey, I set accessibility.blockautorefresh to
| "true". However, I do that only rarely since some redirects are needed
| for navigating complicated Web sites.
|

I do the same, mostly so that news sites won't refresh
without asking. Also so that wiseguy sites can't put me
into a reload loop. As far as I know, I always get a message
bar along the top with a button to enable the redirect. It
shows up, for example, when I download a software installer
that opens a new window to send the download.

On 1/17/24 05:56, bad sector wrote:
>
> Is it possible to interdict any and all redirection?
> Let's say I call a web page from https://xyz/page.html
> in which case I'd want any redirect to any domain other
> than xyz to fail even if it's a link at xyz.

I would like a button for this as I'd love to toggle it on/off all the
time, and I'm thinking of all google analytics and facebook URL's
zipping by in the bottom of the window. Maybe these are not called
redirects (I do want to optionally block redirectrs too), these others
might be called by another name.

bad sector <forgetski@_INVALID.net> wrote:

> On 1/17/24 05:56, bad sector wrote:
>>
>> Is it possible to interdict any and all redirection?
>> Let's say I call a web page from https://xyz/page.html
>> in which case I'd want any redirect to any domain other
>> than xyz to fail even if it's a link at xyz.
>
> I would like a button for this as I'd love to toggle it on/off all the
> time, and I'm thinking of all google analytics and facebook URL's
> zipping by in the bottom of the window. Maybe these are not called
> redirects (I do want to optionally block redirectrs too), these others
> might be called by another name.

Adblockers will nix access to Google Analytics resources. I don't use
nor visit Facebook to know what are the URLs zipping by at the bottom of
the web page, but sounds like a Javascript issue. With uBlock Origin, I
can choose an element of a web page to block, so maybe those zipping
URLs are some element that could be blocked. It's called cosmetic
filtering (rather than resource blocking). Blacklists may include some
cosmetic filters. Blocking an element might only be short-lived. I've
blocked some elements in Google's web pages, but Google eventually
changes design or element naming, so the prior cosmetic blocks no longer
function.

https://github.com/gorhill/uBlock/wiki/Per-site-switches#no-cosmetic-filtering

You right-click on the web page, choose to uBlock Origin -> Block
element, and an outlining guide lets you figure out which element to
pick to add to a filter. It's not intuitive, but it is usable.

bad sector,

> I would like a button for this as I'd love to toggle it on/off all the
> time, and I'm thinking of all google analytics and facebook URL's zipping
> by in the bottom of the window.

Put them into your "hosts" file ?

Alternative (if still available) ::
In my (very old, v52) FF a plugin named "Request Policy" blocks every
third-party domain, unless I, temporarily or permanently, allow it - for
that one website or all of them.

Regards,
Rudy Wieser

"R.Wieser" <address@is.invalid> wrote

|
| Put them into your "hosts" file ?
|

Yes. I have about 15 of each Google and FB in my HOSTS file.
HOSTS is such a handy solution. I don't know why more people
don't use it. I suppose it's because a lot of people dislike ads
but few care about privacy, so they get an adblocker and call
it a day.

| Alternative (if still available) ::
| In my (very old, v52) FF a plugin named "Request Policy" blocks every
| third-party domain, unless I, temporarily or permanently, allow it - for
| that one website or all of them.

Mozilla browsers still have an option to block
third-party images. They just hid it to try to get
people to stop using it. I keep it enabled in New Moon,
which seems to also block other 3rd-party files. But
these days that can mess up webpages. Many are
puling in images, CSS, etc from multiple domains. For
example, netflix.com might be getting images from
netflimg.com

permissions.default.image
1-allow images. 2-block images. 3-block 3rd party images.

Newyana2,

> Yes. I have about 15 of each Google and FB in my HOSTS
> file. HOSTS is such a handy solution.

Although I suggested it myself (its an "no extra software needed" method),
it ofcourse does have a downside : It blocks *all* attempts to reach the
domain, webbrowser or not.

> Mozilla browsers still have an option to block
> third-party images.
....
> permissions.default.image
> 1-allow images. 2-block images. 3-block 3rd party images.

Which is a rather coarse method : its either on for all websites, or off -
nothing in between. :-(

In my case Request Policy blocks the third party images (and movies, sounds,
scripts and all other cr*p).

For the second of the above options I use the Grease Monkey add-on.
Although its not a click-and-forget solution (you have to write your own
scripts using JS or download them from from the web), its again much more
fine-grained. You want to remove /that/ image, bit not /this/ one ? That
can be done.

Regards,
Rudy Wieser

Newyana2 <Newyana2@invalid.nospam> wrote:

> HOSTS is such a handy solution. I don't know why more people
> don't use it. I suppose it's because a lot of people dislike ads
> but few care about privacy, so they get an adblocker and call
> it a day.

Adblockers can subscribe to hosts files, too. I don't subscribe to any
hosts files, because I found them overly agressive and slow to update
compared to other blacklists.

Adblockers are not just about blocking ads. They also block content
(cosmetic filtering) and resources other than ads (e.g., tracking,
privacy). All depends on which blacklist to which the adblocker
subscribes. Adblocker is a generic name, but it's easier than saying
ad/privacy/security/content blocker. With uBlock Origin (uBO), I have
it subscribed to the following blacklists:

My filters
uBlock - ads
uBlock - privacy
uBlock - quick fixes
uBlock - unbreak
AdGuard - ads
EasyList
AdGuard URL Tracking Protection
EasyPrivacy
Online Malicious URL blocklist
Phishing URL blocklist
AdGuard - annoyances
AdGuard - mobile app banners
AdGuard - other annoyances
AdGuard - popup overlays
AdGuard - social media (I don't visit sites for the socially needy)
AdGuard - widgets
AdGuard - cookie notices
EasyList - annoyances
EasyList - chat widgets
EasyList - newsletter notices
EasyList - other annoyances
EasyList - social widgets
EasyList - cookie notices
Fanboy - anti-Facebook
uBlock - annoyances
Custom: PUP domains blocklist

In addition, I can subscribe to other blacklists (which is the case with
the PUP blacklist) by adding the URLs to point at those. I could add
the Peter Lowe's hosts file (a mere 3627 entries), or others found
online, but I find those cause more problems than they solve. I have
only about half a dozen cosmetic filters that I defined. From the
blacklists to which I subscribe, and which contain both network
(resource) and cosmetic filters (and I do not disable cosmetic filtering
although an option), I end up with a count of:

222,186 network filters + 235,763 cosmetic filters = 457,949 filters

That far exceeds what Google permits using their v3 Manifest scheme, and
why I continue to use Firefox. Mozilla has stated they will continue to
support Manifest v2 add-ons as well as adding support for Manifest v3
addons. uBO came out with a v3 compatible add-on, but has far fewer
blocks, so is far less effective.

Hosts files are not limited by Google, or anything in a web client, as
to how many hosts (not resources) that can get blocked (redirected with
fail presumably). However, hosts files are not loaded into memory for
quick access. They are opened, and read line by line to parse entries,
and closed on every lookup. Lots of file I/O, and large hosts files are
slower to read. It's not just one lookup performed when loading a web
page. Every resource in the web page has a lookup, so N resources
result in N opens, read serially and parse, and close file operations.
The hosts file was never designed to be used for blocking. It was meant
to be small to provide lookups for local (intranetwork) hosts.

The hosts file can only block on an entire hostname. Adblockers can
block by entire hosts, but they can also block paths to resources on a
domain. Instead of having to smash the entire domain, just the unwanted
resource can be blocked. That's why hosts files are overly aggressive.

At one time, uBO let you subscribe to about 3 pre-defined hosts file
sources, but now it's down to just 1 (Peter Lowe's hosts list). Guess
Raymond figured the others were too inaccurate, were too aggressive
(blocked more than just ads, security, and privacy sources), or too slow
to update. You can still add your own choice of blacklist to what uBO
subscribes.

For example, in the past, uBO let you easily subscribe to the MVPS hosts
file (https://winhelp2002.mvps.org/hosts.htm). Well, if you visit
https://winhelp2002.mvps.org/hosts.txt, that hosts file has not been
updated since 2021. You'll notice the lookup points to 0.0.0.0 instead
of 127.0.0.1. The latter requires a connection attempt and fail, but
the first is a broadcast address. 127.0.0.1 is slower to reject than
using 0.0.0.0, plus 0.0.0.0 won't accidentally attempt to connect to a
local server or proxy you have running on your computer.

Compare the ancient date of the mvps hosts file with Peter Lowe's
(https://pgl.yoyo.org/as/serverlist.php?showintro=0;hostformat=hosts)
which was last updated Jan 18, 2024. However, the Lowe's hosts file
uses 127.0.0.1, so rejects will be slower, and could accidentally
connect to a local server or proxy.

If you don't use an adblocker to subscribe to hosts files, and you don't
build your own, but uses someone else's pre-compiled hosts file, you
really should keep it up to date. I remember seeing there was a hosts
updater that would schedule when to get newer versions of hosts files.
Bad enough to use the most recent hosts file which don't get updated as
often as other blacklists without you using a stagnant one that never
gets updated.

Also note the hosts file is only useful when a resource is addressed
using a FQDN (fully qualified domain name). If the resource is
addressed by IP address, the hosts file is not involved. It provides a
lookup from hostname to IP address (so pointing the lookups to 127.0.0.1
means the lookup returns your localhost, so be sure not to be running a
local server or proxy which will pickup the connect request).

Nope, adblockers are NOT just about blocking ads. They cover far more
content and better focus on the unwanted content than do hosts files.
Using a hosts file is like trying to hew a tree by ramming it with a
bulldozer than taking a chainsaw to it.

Nobody would've wasted the effort to develop adblockers if all they
could do is the same as using a hosts file.

On 1/18/24 12:13, VanguardLH wrote:
> Newyana2 <Newyana2@invalid.nospam> wrote:
>
>> HOSTS is such a handy solution. I don't know why more people
>> don't use it. I suppose it's because a lot of people dislike ads
>> but few care about privacy, so they get an adblocker and call
>> it a day.
>
> Adblockers can subscribe to hosts files, too. I don't subscribe to any
> hosts files, because I found them overly agressive and slow to update
> compared to other blacklists.
>
> Adblockers are not just about blocking ads. They also block content
> (cosmetic filtering) and resources other than ads (e.g., tracking,
> privacy). All depends on which blacklist to which the adblocker
> subscribes. Adblocker is a generic name, but it's easier than saying
> ad/privacy/security/content blocker. With uBlock Origin (uBO), I have
> it subscribed to the following blacklists:
>
> My filters
> uBlock - ads
> uBlock - privacy
> uBlock - quick fixes
> uBlock - unbreak
> AdGuard - ads
> EasyList
> AdGuard URL Tracking Protection
> EasyPrivacy
> Online Malicious URL blocklist
> Phishing URL blocklist
> AdGuard - annoyances
> AdGuard - mobile app banners
> AdGuard - other annoyances
> AdGuard - popup overlays
> AdGuard - social media (I don't visit sites for the socially needy)
> AdGuard - widgets
> AdGuard - cookie notices
> EasyList - annoyances
> EasyList - chat widgets
> EasyList - newsletter notices
> EasyList - other annoyances
> EasyList - social widgets
> EasyList - cookie notices
> Fanboy - anti-Facebook
> uBlock - annoyances
> Custom: PUP domains blocklist
>
> In addition, I can subscribe to other blacklists (which is the case with
> the PUP blacklist) by adding the URLs to point at those. I could add
> the Peter Lowe's hosts file (a mere 3627 entries), or others found
> online, but I find those cause more problems than they solve. I have
> only about half a dozen cosmetic filters that I defined. From the
> blacklists to which I subscribe, and which contain both network
> (resource) and cosmetic filters (and I do not disable cosmetic filtering
> although an option), I end up with a count of:
>
> 222,186 network filters + 235,763 cosmetic filters = 457,949 filters
>
> That far exceeds what Google permits using their v3 Manifest scheme, and
> why I continue to use Firefox. Mozilla has stated they will continue to
> support Manifest v2 add-ons as well as adding support for Manifest v3
> addons. uBO came out with a v3 compatible add-on, but has far fewer
> blocks, so is far less effective.
>
> Hosts files are not limited by Google, or anything in a web client, as
> to how many hosts (not resources) that can get blocked (redirected with
> fail presumably). However, hosts files are not loaded into memory for
> quick access. They are opened, and read line by line to parse entries,
> and closed on every lookup. Lots of file I/O, and large hosts files are
> slower to read. It's not just one lookup performed when loading a web
> page. Every resource in the web page has a lookup, so N resources
> result in N opens, read serially and parse, and close file operations.
> The hosts file was never designed to be used for blocking. It was meant
> to be small to provide lookups for local (intranetwork) hosts.
>
> The hosts file can only block on an entire hostname. Adblockers can
> block by entire hosts, but they can also block paths to resources on a
> domain. Instead of having to smash the entire domain, just the unwanted
> resource can be blocked. That's why hosts files are overly aggressive.
>
> At one time, uBO let you subscribe to about 3 pre-defined hosts file
> sources, but now it's down to just 1 (Peter Lowe's hosts list). Guess
> Raymond figured the others were too inaccurate, were too aggressive
> (blocked more than just ads, security, and privacy sources), or too slow
> to update. You can still add your own choice of blacklist to what uBO
> subscribes.
>
> For example, in the past, uBO let you easily subscribe to the MVPS hosts
> file (https://winhelp2002.mvps.org/hosts.htm). Well, if you visit
> https://winhelp2002.mvps.org/hosts.txt, that hosts file has not been
> updated since 2021. You'll notice the lookup points to 0.0.0.0 instead
> of 127.0.0.1. The latter requires a connection attempt and fail, but
> the first is a broadcast address. 127.0.0.1 is slower to reject than
> using 0.0.0.0, plus 0.0.0.0 won't accidentally attempt to connect to a
> local server or proxy you have running on your computer.
>
> Compare the ancient date of the mvps hosts file with Peter Lowe's
> (https://pgl.yoyo.org/as/serverlist.php?showintro=0;hostformat=hosts)
> which was last updated Jan 18, 2024. However, the Lowe's hosts file
> uses 127.0.0.1, so rejects will be slower, and could accidentally
> connect to a local server or proxy.
>
> If you don't use an adblocker to subscribe to hosts files, and you don't
> build your own, but uses someone else's pre-compiled hosts file, you
> really should keep it up to date. I remember seeing there was a hosts
> updater that would schedule when to get newer versions of hosts files.
> Bad enough to use the most recent hosts file which don't get updated as
> often as other blacklists without you using a stagnant one that never
> gets updated.
>
> Also note the hosts file is only useful when a resource is addressed
> using a FQDN (fully qualified domain name). If the resource is
> addressed by IP address, the hosts file is not involved. It provides a
> lookup from hostname to IP address (so pointing the lookups to 127.0.0.1
> means the lookup returns your localhost, so be sure not to be running a
> local server or proxy which will pickup the connect request).
>
> Nope, adblockers are NOT just about blocking ads. They cover far more
> content and better focus on the unwanted content than do hosts files.
> Using a hosts file is like trying to hew a tree by ramming it with a
> bulldozer than taking a chainsaw to it.
>
> Nobody would've wasted the effort to develop adblockers if all they
> could do is the same as using a hosts file.

Most of the technical pro & con is over my head but many of the
suggested capabilities are either ON or OFF. I want to be liberal when
doing my online banking for example (having no choice) or watching a
movie on netflix (if it's worth watching at all). Other times I'd want a
darkstar browser that sends out nothing besides a wanted URL, a bit like
the cLi browsers. I could use some progressively agressive buttons for
such features laid out in a row of different severities, and when I'd
click on the last one of these that says *black-hole* I wouldn't really
give a shit how the web site behaves in response! Somewhere along the
road the majority (the users) will have to have their way with the
minority (the snoops).

bad sector,

> I want to be liberal when doing my online banking for example (having no
> choice) or watching a movie on netflix (if it's worth watching at all).
> Other times I'd want a darkstar browser that sends out nothing besides a
> wanted URL,

That is what the "Request Policy" add-on does for me (1). Though I have no
idea if it, after the great plug-in support change (that took place a bit
after FF v52), is still available for the version of FF you're running.

(1) By default blocking all third-party resource requests, but can be told
to allow some, or even all third-party resource requests on a
website-by-website basis.

Regards,
Rudy Wieser

"R.Wieser" <address@is.invalid> wrote:

> bad sector,
>
>> I want to be liberal when doing my online banking for example (having no
>> choice) or watching a movie on netflix (if it's worth watching at all).
>> Other times I'd want a darkstar browser that sends out nothing besides a
>> wanted URL,
>
> That is what the "Request Policy" add-on does for me (1). Though I have no
> idea if it, after the great plug-in support change (that took place a bit
> after FF v52), is still available for the version of FF you're running.
>
> (1) By default blocking all third-party resource requests, but can be told
> to allow some, or even all third-party resource requests on a
> website-by-website basis.
>
> Regards,
> Rudy Wieser

Found it at:

https://www.requestpolicy.com/

which says the new site is at:

https://requestpolicycontinued.github.io/

I didn't find it when searching addons.mozilla.org. The "Add to
Firefox" button at their site points to a page no longer at Mozilla.
The Github project for it is at:

https://github.com/requestpolicycontinued/requestpolicy/

which states:

"a web browser extension that gives you control over cross-site
requests. Available for XUL/XPCOM-based browsers."

The "great plug-in support change" was dropping XUL/XPCOM extensions
(not plug-ins) to using WebExtensions after Firefox 57 for the release
channel, after FF 52 for the ESR channel.

https://wiki.mozilla.org/WebExtensions/FAQ

On 2024-01-19 15:28, R.Wieser wrote:
> bad sector,
>
>> I want to be liberal when doing my online banking for example (having no
>> choice) or watching a movie on netflix (if it's worth watching at all).
>> Other times I'd want a darkstar browser that sends out nothing besides a
>> wanted URL,
>
> That is what the "Request Policy" add-on does for me (1). Though I have no
> idea if it, after the great plug-in support change (that took place a bit
> after FF v52), is still available for the version of FF you're running.
>
> (1) By default blocking all third-party resource requests, but can be told
> to allow some, or even all third-party resource requests on a
> website-by-website basis.

anyone use any of these?

https://addons.mozilla.org/en-US/firefox/search/?q=request-policy

"bad sector" <nomail@_invalid.nos.pam> wrote

| > (1) By default blocking all third-party resource requests, but can be
told
| > to allow some, or even all third-party resource requests on a
| > website-by-website basis.
| | anyone use any of these?
| | https://addons.mozilla.org/en-US/firefox/search/?q=request-policy
|

It sounds like what you really want is something like a HOSTS
file. It's not about redirects. It's about 3rd-party linking to things
like script and ads -- especially script. And many sites load fonts
from Google. All of that allows you to be tracked.

I have maybe 15 domains blocked from Google and another 15
from Facebook. My HOSTS file is about 300 entries. Unlike Vanguard
said, HOSTS IS loaded into memory and runs almost instantly.
There's no bloat and it doesn't require 3,000 entries. Those pre-made
HOSTS are a lazy solution.

If you use a DNS resolver then you can also use wildcards:
*.doubleclick.com, for example.

If you use that with NoScript then you can block nearly all ads
and tracking without an adblocker. The only domain that I sometimes
find I need is gstatic.com. That's where Google recaptchas come from.
For example, I go to Netflix and enable the Net* domains for script,
while leaving Google domains blocked by NoScript. (And my HOSTS
is blocking them anyway.)

The trick is in dealing with very dirty websites, like retail stores.
If you go to something like Home Depot or Target you may find that
it's pulling in script from 7 domains. If you enable those then another
6 domains get in on the action. Which ones do you need? That's
where it becomes work. You may have to enable all of them at
Target for their site to work. Those sites are spyware infestations.
At your bank or doctor's you shoudn't need to enable much because
they require security.

The trouble with all of this is that there's no easy solution. It's
a kind of arms race. On my own system I use HOSTS with NoScript,
and I use 2 Mozilla browsers, one of which has 3rd-party files blocked.
I also use Secret Agent, an extension that's no longer available, as
far as I know. With the HOSTS file I use Unbound or Acrylic DNS
resolver, for the wildcard capability. It all works very well. I haven't
seen an ad or moving page elements for decades, for the most
part. (I also use a userContent.css file to block things like CSS
animation.)

My set-up is mostly work-free, but I still have to deal with NoScript.
On my computers that I don't use so much, like the one that streams
Netflix to the TV, I haven't bothered with HOSTS. I install NoScript
and UBlock Origin. I don't configure them, except to disable all the
default-enabled domains in NoScript. I figure UO catches some junk
and NoScript blocks most of what's coming in from outside. It's good
enough for occasional use. For the woman I live with I give her UO
for good measure. She won't deal with NoScript. UO is a "can't hurt"
solution for dummies.

There are sites like google-analytics
that will try to make you load a web beacon if they can't run script.
Is UO catching that? I don't know. Doubtful. If I used my streaming
computer very much then I'd set up HOSTS and a DNS resolver. Since
I'm mostly only going to Netflix, DDG and Wikipedia (to look up movie
ratings) I don't take the trouble.

You're not going to find an on-off button. You can get that for script
and CSS, but webpages vary in terms of how much outside content
they require to work. And even if you had on-off, that would be nearly
useless in terms of privacy and security. Most sites now use their own
"3rd-party" domains. For example, yahoo.com puts images on yimg.com.
So most commercial sites won't fully work if you just have a wholesale
3rd-party blockade. So you'd end up turning off the filter on nearly
every site.

To give you some idea of how extensive the spying is, ferom just
Google alone, here's my Acrylic HOSTS section for them:

127.0.0.1 *.googlesyndication.com
127.0.0.1 *.googleadservices.com
127.0.0.1 *.googlecommerce.com
127.0.0.1 *.scorecardresearch.com (this is not Google, but it's ubiquitous.)
127.0.0.1 *.1e100.com
127.0.0.1 *.1e100.net
127.0.0.1 *.doubleclick.net
127.0.0.1 *.doubleclick.com
127.0.0.1 *.googletagservices.com
127.0.0.1 *.googletagmanager.com
127.0.0.1 *.google-analytics.com
127.0.0.1 google-analytics.com
127.0.0.1 fonts.googleapis.com
127.0.0.1 *.2mdn.net
127.0.0.1 googleadapis.l.google.com
127.0.0.1 *.gstatic.com (this is the only one that most people need.)
127.0.0.1 plusone.google.com
127.0.0.1 cse.google.com
127.0.0.1 www.google.com/cse
127.0.0.1 www.youtube-nocookie.com
127.0.0.1 *.appspot.com

I still allow www.google.com, for occasional search.

On 1/20/24 08:50, Newyana2 wrote:
> "bad sector" <nomail@_invalid.nos.pam> wrote
>
> | > (1) By default blocking all third-party resource requests, but can be
> told
> | > to allow some, or even all third-party resource requests on a
> | > website-by-website basis.
> |
> | anyone use any of these?
> |
> | https://addons.mozilla.org/en-US/firefox/search/?q=request-policy
> |
>
> It sounds like what you really want is something like a HOSTS
> file. It's not about redirects. It's about 3rd-party linking to things
> like script and ads -- especially script. And many sites load fonts
> from Google. All of that allows you to be tracked.
>
> I have maybe 15 domains blocked from Google and another 15
> from Facebook. My HOSTS file is about 300 entries. Unlike Vanguard
> said, HOSTS IS loaded into memory and runs almost instantly.
> There's no bloat and it doesn't require 3,000 entries. Those pre-made
> HOSTS are a lazy solution.
>
> If you use a DNS resolver then you can also use wildcards:
> *.doubleclick.com, for example.
>
> If you use that with NoScript then you can block nearly all ads
> and tracking without an adblocker. The only domain that I sometimes
> find I need is gstatic.com. That's where Google recaptchas come from.
> For example, I go to Netflix and enable the Net* domains for script,
> while leaving Google domains blocked by NoScript. (And my HOSTS
> is blocking them anyway.)
>
> The trick is in dealing with very dirty websites, like retail stores.
> If you go to something like Home Depot or Target you may find that
> it's pulling in script from 7 domains. If you enable those then another
> 6 domains get in on the action. Which ones do you need? That's
> where it becomes work. You may have to enable all of them at
> Target for their site to work. Those sites are spyware infestations.
> At your bank or doctor's you shoudn't need to enable much because
> they require security.
>
> The trouble with all of this is that there's no easy solution. It's
> a kind of arms race. On my own system I use HOSTS with NoScript,
> and I use 2 Mozilla browsers, one of which has 3rd-party files blocked.
> I also use Secret Agent, an extension that's no longer available, as
> far as I know. With the HOSTS file I use Unbound or Acrylic DNS
> resolver, for the wildcard capability. It all works very well. I haven't
> seen an ad or moving page elements for decades, for the most
> part. (I also use a userContent.css file to block things like CSS
> animation.)
>
> My set-up is mostly work-free, but I still have to deal with NoScript.
> On my computers that I don't use so much, like the one that streams
> Netflix to the TV, I haven't bothered with HOSTS. I install NoScript
> and UBlock Origin. I don't configure them, except to disable all the
> default-enabled domains in NoScript. I figure UO catches some junk
> and NoScript blocks most of what's coming in from outside. It's good
> enough for occasional use. For the woman I live with I give her UO
> for good measure. She won't deal with NoScript. UO is a "can't hurt"
> solution for dummies.
>
> There are sites like google-analytics
> that will try to make you load a web beacon if they can't run script.
> Is UO catching that? I don't know. Doubtful. If I used my streaming
> computer very much then I'd set up HOSTS and a DNS resolver. Since
> I'm mostly only going to Netflix, DDG and Wikipedia (to look up movie
> ratings) I don't take the trouble.
>
> You're not going to find an on-off button. You can get that for script
> and CSS, but webpages vary in terms of how much outside content
> they require to work. And even if you had on-off, that would be nearly
> useless in terms of privacy and security. Most sites now use their own
> "3rd-party" domains. For example, yahoo.com puts images on yimg.com.
> So most commercial sites won't fully work if you just have a wholesale
> 3rd-party blockade. So you'd end up turning off the filter on nearly
> every site.
>
> To give you some idea of how extensive the spying is, ferom just
> Google alone, here's my Acrylic HOSTS section for them:
>
> 127.0.0.1 *.googlesyndication.com
> 127.0.0.1 *.googleadservices.com
> 127.0.0.1 *.googlecommerce.com
> 127.0.0.1 *.scorecardresearch.com (this is not Google, but it's ubiquitous.)
> 127.0.0.1 *.1e100.com
> 127.0.0.1 *.1e100.net
> 127.0.0.1 *.doubleclick.net
> 127.0.0.1 *.doubleclick.com
> 127.0.0.1 *.googletagservices.com
> 127.0.0.1 *.googletagmanager.com
> 127.0.0.1 *.google-analytics.com
> 127.0.0.1 google-analytics.com
> 127.0.0.1 fonts.googleapis.com
> 127.0.0.1 *.2mdn.net
> 127.0.0.1 googleadapis.l.google.com
> 127.0.0.1 *.gstatic.com (this is the only one that most people need.)
> 127.0.0.1 plusone.google.com
> 127.0.0.1 cse.google.com
> 127.0.0.1 www.google.com/cse
> 127.0.0.1 www.youtube-nocookie.com
> 127.0.0.1 *.appspot.com
>
> I still allow www.google.com, for occasional search.

Thanks, that's close to what I have in mind though I have never dealt
much with the hosts file before. I have nothing to hide but being tailed
violates my right to freedom and to privacy!

Using Linux how can I force a different /etc/hosts file to be loaded at
will? Is it possible at all? I could make me some buttons or icons for
appropriate executable file substituting script and place them in a
quick-launch on the panel.

--
https://imgur.com/Q7iwFbQ.png

"bad sector" <forgetski@_INVALID.net> wrote

|
| Thanks, that's close to what I have in mind though I have never dealt
| much with the hosts file before. I have nothing to hide but being tailed
| violates my right to freedom and to privacy!
| | Using Linux how can I force a different /etc/hosts file to be loaded at
| will? Is it possible at all? I could make me some buttons or icons for
| appropriate executable file substituting script and place them in a
| quick-launch on the panel.
|

It doesn't work like that. Whatever resolves DNS will
load HOSTS at startup. With the system HOSTS file
I assume that's at boot. Even if you use something like
Unbound on Linux, Unbound would need to be stopped
and restarted in order to recognize the edits. It would be
absurd to load the file with every website, so it's just
holding the list in RAM.

It might be possible to automate all that with scripts using
Unbound, but what would be the point? You'd have to wait
for the transition. And it defeats the purpose. Nothing should
be in HOSTS that you expect to need. For example, if you
use Google maps then you don't want to put that in HOSTS.
But google-analytics or scorecardresearch? That's just pure,
useless tracking. Googletagmanager is used to target and
show ads. It only exists on sites that are using Google ads.
Doubleclick? Ads. No redeeming social value, as the saying
goes. Fonts? You might want to allow those, but without them
pages will just use your preferred font,the fonts provide for
more Google tracking, and font downloads are a security risk.
So I see no reason that I'd ever want to allow contact with
fonts.googleapis.com.

If you approach it that way then you can block most ads and
tracking without needing to think about it. Adbot? Adbrite?
Adserver? Adobetm? BS. BS. BS. Probably BS. I block all of it.
I even block noscript.net and mozilla.com. They have no business
calling home. I can comment them out if the need ever arises.
Facebook, messenger, instagram, whatsapp? If you use them,
don't add them. I don't use any of those things, so I block them
along with fb.com, fb.me, fbcdn.net, and so on.

I actually keep a VBScript on my Desktop for additions. If I
come across an unusually dirty page then I might download it,
drop it on my script, then optionally ad any new crap to HOSTS.
But I don't use it very often. That's one good thing about the
Google/doubleclick monopoly. They serve most of the ads.

I don't use any HOSTS services or sources. Those files are
bloated crap, not listing some crucial things, but listing plenty
of junk, like bobsfishingtackle.co.es.

In case it's useful, here's my Acrylic HOSTS file on Windows:

http://www.fileconvoy.com/dfl.php?id=g290a845151694e1f1000536549acb2d4c894b16678

Acrylic doesn't run on Linux. Unbound does, but the config
for that is a pain, and their HOSTS file is unnecessarily
complicated, using two lines of gobbledygook for each
entry. (But if you like Linux then you might be very much
at home with unnecessary gobbledygook that looks like
it was made up by a teenager wearing 3 secret decoder rings. :)

Here's what one entry in Unbound hosts.conf looks like:

local-zone: "adsafeprotected.com" redirect
local-data: "adsafeprotected.com A 0.0.0.0"

I ended up writing a script to generate that nonsense automatically
from a domain. It's too much trouble to type them out by hand.

If you really don't want to deal with all these
details, then NoScript with UBlock Origin with default settings
makes for a much simpler approach. But those things are
designed to not cause hassles. Therefore they're designed
to allow major commercial domains by default. Anything you
use without carefully dealing with details is going to be poor
for privacy. The average commercial website may have a half
dozen trackers, from Google, FB, scorecardresearch, Adobe,
etc. But especially Google and FB.

Google is very difficult to avoid because they provide free
services to webmasters who don't know what they're doing.
And most don't. So there are not only the ads. There
are the maps, the fonts, the analytics... Each of those means
that a webmaster can skip understanding a whole topic. They
can skip making a map of their store. They can skip learning how
to read their server logs. They can jazz up their site with custom
fonts. They can even make a few cents from ads by just adding
a snippet of script...

Each of those can be done with little more than a single line of
javascript, copied from online. The result is Google tracking nearly all
webpages. It's ubiquitous and insidious. There's no easy solution.
Most people these days can't even function without being spied
on. They're subscribed to the spyware services. (Gmail, Facebook,
etc.) They're carrying a cellphone, always on, with apps that
sell their personal data. They've bought into the whole thing.
So if you really try to travel without a tracking collar then you're
an outlier and have to assume there'll be hassles.

And don't get me started on CDN. :) That's a whole other topic
that's not talked about much. For example, Akamai serves 30% of
pages online and acknowledged years ago that they're selling
personal data. But when their pages are served there seems to be
some kind of pass-through. If you load acme.com then Akamai may
be tracking you. The only way to know is to run something like
wireshark that shows connections. You might be connected to Akamai.com,
but it's somehow coming through acme.com, so if you block Akamai
in HOSTS, you don't block 1/3 of the Internet. You don't actually block
anything! Even Microsoft uses Akamai, for load balancing.
Googleusercontent seems to work the same way. I'm not sure that
it can be blocked. In short, the oribginal design of http, providing
privacy from any outside domiain when visiting a webpage, has been
subverted big time. Many webpages won't work at all without allowing
a whole team of outside spyware and adware.

Newyana2 <Newyana2@invalid.nospam> wrote:
> "bad sector" <forgetski@_INVALID.net> wrote

This last post doesn't seem to have made it to the server I'm using
for some reason.

> | Thanks, that's close to what I have in mind though I have never dealt
> | much with the hosts file before. I have nothing to hide but being tailed
> | violates my right to freedom and to privacy!
> |
> | Using Linux how can I force a different /etc/hosts file to be loaded at
> | will? Is it possible at all? I could make me some buttons or icons for
> | appropriate executable file substituting script and place them in a
> | quick-launch on the panel.
> |
>
> It doesn't work like that. Whatever resolves DNS will
> load HOSTS at startup. With the system HOSTS file
> I assume that's at boot.

It's re-read when edited on Linux, but Firefox caches it when it
starts up so it won't see edits done afterwards. One argument
against big hosts file block lists that I've read but not verified
is that they cause Firefox to take longer to start up while it adds
all those entries to its own hosts cache.

On Linux distros using GlibC (the vast majority) in theory you
can use Network Namespaces to launch programs in different
namespaces, which have different hosts files. This way you can
do what Bad Sector suggests. Except that Firefox refuses to run two
separate browser processes on the same machine so you won't be able
to run two Firefox+hosts combinations at once.

I've considered using that approach for blocking tracking things
like tracking pixels in other browsers such as Dillo and Links. But
I haven't tried it yet because I wanted to use the data from
DuckDuckGo Tracker Radar to generate the hosts file, but the size
of the data there is a roadblock to me processing it at home since
I'll use up all my monthly internet data. Running a VPS just for it
is a bit of a pain, so I keep abandoning that project.

--
__ __
#_ < |\| |< _# | Note: I won't see posts made from Google Groups |

"Computer Nerd Kev" <not@telling.you.invalid> wrote

| > It doesn't work like that. Whatever resolves DNS will
| > load HOSTS at startup. With the system HOSTS file
| > I assume that's at boot.
| | It's re-read when edited on Linux, but Firefox caches it when it
| starts up so it won't see edits done afterwards. One argument
| against big hosts file block lists that I've read but not verified
| is that they cause Firefox to take longer to start up while it adds
| all those entries to its own hosts cache.
| | On Linux distros using GlibC (the vast majority) in theory you
| can use Network Namespaces to launch programs in different
| namespaces, which have different hosts files. This way you can
| do what Bad Sector suggests. Except that Firefox refuses to run two
| separate browser processes on the same machine so you won't be able
| to run two Firefox+hosts combinations at once.
| | I've considered using that approach for blocking tracking things
| like tracking pixels in other browsers such as Dillo and Links. But
| I haven't tried it yet because I wanted to use the data from
| DuckDuckGo Tracker Radar to generate the hosts file, but the size
| of the data there is a roadblock to me processing it at home since
| I'll use up all my monthly internet data. Running a VPS just for it
| is a bit of a pain, so I keep abandoning that project.
|

HOSTS seems to be wrapped in a cloud of misconceptions. I don't
understand where that comes from. It's easily the most bang for
the buck in terms of privacy. It may not even be possible to prevent
Google and Facebook tracking without HOSTS. There are so many
ubiquitous URLs in webpages. Will UBlock Origin block googletagmanager?
I don't know. I very much doubt that it does that by default because
it would be breaking advertising on the Internet. Even NoScript now sets
a lot of crap to get through by default, in order to seem more functional
with less trouble.

HOSTS slowing things down:

My HOSTS file is about 13 KB. String parsing functions are incredibly
fast. http://www.xbeat.net/vbspeed/c_InStr.htm

On that page are tests of the InStr function in VB6. It shows that
a typical call takes well under 1 microsecond, on older CPUs. And that's
in VB6, passing through a support library on its way to the Win32 API.
That means you could check 1000 HOSTS entries in 2 ms at most. That
may seem hard to believe, but you need to remember that the average
CPU core these days is doing 3 billion operations per second. That's 3
million per ms.

Time to load HOSTS:
Browsers don't use HOSTS. Recently Firefox has
begun offering DNS over HTTP, but in general, the browser is not doing
DNS resolution. It's the OS DNS server, or in the case of Acrylic, Acrylic
is doing it. DNS calls are typically in the ms range. They're certainly far
faster than the time required for Firefox to download and parse a 300 KB
javascript file from AdsAreUs.com.

In other words, when you go to acme.com, the browser is calling for
DNS, the DNS resolver checks HOSTS, then if the URL is not there, it
calls a domain name server online. Basically it checks its own phonebook
and then calls "information" and asks, "What's the numeric address for
acme.com?" It's a misconception to think that without HOSTS a DNS
resolution takes zero time.

In my experience, Firefox is a bloated pig that takes several seconds
to pick itself up off the floor when it's started. That's true on all
systems.
It's a mess of unmaintained code. (Just look at the evergrowing prefs
settings to get an idea. And the newer policies.jsn has at least two
settings
to stop FF updating itself.) But once FF is loaded I find that most webpages
load almost instantly. That's partly because I'm eeding out junk with HOSTS
and partly because NoScript is blocking 5-20 MB of script. Probably most
of the time used by FF is in parsing the incredibly bloated CSS that many
sites
are auto-generating.

The only drawback of HOSTS, so long as you stick to URLs that you
know you'll never want to allow, is the job of initial setup. But if you
use a wildcard DNS server program then you don't need to duplicate
anything. *.doubleclick.com covers the whole domain. If Google switches
to www2.google-analytics.com, you're covered.

So you could use a HOSTS file like mine, set up a DNS resolver (which
admittedly will be a nightmare on Linux, but is simple on Windows) and
you're done. No more tracking by google-analytics. No more contact
with doubleclick. Only include the domains that you definitely won't need.

Difficulty of HOSTS:
I find this discussion especially odd with Linux people. Last week I built
myself a new computer. I'm putting Xubuntu on a dual boot with Win10.
In trying to get Linux to stop torturing me with tiny scrollbars that
disappear
when the mouse moves away, I found that I needed to edit a CSS file
in the current theme folder. Of course. Why would Linux do anything
sensibly? But I'm in a tinkering mood, so I may as well waste my day
fucking around with Linux nonsense. After all, I'd already dealt with
Suse corrupting my BIOS. How hard can it be to adjust scrollbars on
Linux, right?

So, I got to the file, found likely lines in thousands of lines of
bloated, quirky CSS, and edited them. But Linux wouldn't let me save the
changes! I didn't have permission. So I went back online to figure out
a solution. The fix was to open a console window in that folder, then
type: "sudo chmod 777 gtx.css". That's like my stove telling me that I
can't boil water until I go get some firewood, even though the stove
doesn't use firewood! I don't have permission to write to the file, but if
I just type "sudo" with a bunch of obscure nonsense then I can do anything
I like. I find it amazing that so many Linux geeks actually enjoy pretending
that they're "down and dirty" by making everything so difficult. Even the
convoluted mess on Windows of having to take ownership at least works
in a GUI window. It's discoverable. chmod 777 is not discoverable. One
has to learn the incantation.... Yet HOSTS seems like a hassle?

On 1/22/24 08:59, Newyana2 wrote:
> "Computer Nerd Kev" <not@telling.you.invalid> wrote
>
> | > It doesn't work like that. Whatever resolves DNS will
> | > load HOSTS at startup. With the system HOSTS file
> | > I assume that's at boot.
> |
> | It's re-read when edited on Linux, but Firefox caches it when it
> | starts up so it won't see edits done afterwards. One argument
> | against big hosts file block lists that I've read but not verified
> | is that they cause Firefox to take longer to start up while it adds
> | all those entries to its own hosts cache.
> |
> | On Linux distros using GlibC (the vast majority) in theory you
> | can use Network Namespaces to launch programs in different
> | namespaces, which have different hosts files. This way you can
> | do what Bad Sector suggests. Except that Firefox refuses to run two
> | separate browser processes on the same machine so you won't be able
> | to run two Firefox+hosts combinations at once.
> |
> | I've considered using that approach for blocking tracking things
> | like tracking pixels in other browsers such as Dillo and Links. But
> | I haven't tried it yet because I wanted to use the data from
> | DuckDuckGo Tracker Radar to generate the hosts file, but the size
> | of the data there is a roadblock to me processing it at home since
> | I'll use up all my monthly internet data. Running a VPS just for it
> | is a bit of a pain, so I keep abandoning that project.
> |
>
> HOSTS seems to be wrapped in a cloud of misconceptions. I don't
> understand where that comes from. It's easily the most bang for
> the buck in terms of privacy. It may not even be possible to prevent
> Google and Facebook tracking without HOSTS. There are so many
> ubiquitous URLs in webpages. Will UBlock Origin block googletagmanager?
> I don't know. I very much doubt that it does that by default because
> it would be breaking advertising on the Internet. Even NoScript now sets
> a lot of crap to get through by default, in order to seem more functional
> with less trouble.
>
> HOSTS slowing things down:
>
> My HOSTS file is about 13 KB. String parsing functions are incredibly
> fast. http://www.xbeat.net/vbspeed/c_InStr.htm
>
> On that page are tests of the InStr function in VB6. It shows that
> a typical call takes well under 1 microsecond, on older CPUs. And that's
> in VB6, passing through a support library on its way to the Win32 API.
> That means you could check 1000 HOSTS entries in 2 ms at most. That
> may seem hard to believe, but you need to remember that the average
> CPU core these days is doing 3 billion operations per second. That's 3
> million per ms.
>
> Time to load HOSTS:
> Browsers don't use HOSTS. Recently Firefox has
> begun offering DNS over HTTP, but in general, the browser is not doing
> DNS resolution. It's the OS DNS server, or in the case of Acrylic, Acrylic
> is doing it. DNS calls are typically in the ms range. They're certainly far
> faster than the time required for Firefox to download and parse a 300 KB
> javascript file from AdsAreUs.com.
>
> In other words, when you go to acme.com, the browser is calling for
> DNS, the DNS resolver checks HOSTS, then if the URL is not there, it
> calls a domain name server online. Basically it checks its own phonebook
> and then calls "information" and asks, "What's the numeric address for
> acme.com?" It's a misconception to think that without HOSTS a DNS
> resolution takes zero time.
>
> In my experience, Firefox is a bloated pig that takes several seconds
> to pick itself up off the floor when it's started. That's true on all
> systems.
> It's a mess of unmaintained code. (Just look at the evergrowing prefs
> settings to get an idea. And the newer policies.jsn has at least two
> settings
> to stop FF updating itself.) But once FF is loaded I find that most webpages
> load almost instantly. That's partly because I'm eeding out junk with HOSTS
> and partly because NoScript is blocking 5-20 MB of script. Probably most
> of the time used by FF is in parsing the incredibly bloated CSS that many
> sites
> are auto-generating.
>
> The only drawback of HOSTS, so long as you stick to URLs that you
> know you'll never want to allow, is the job of initial setup. But if you
> use a wildcard DNS server program then you don't need to duplicate
> anything. *.doubleclick.com covers the whole domain. If Google switches
> to www2.google-analytics.com, you're covered.
>
> So you could use a HOSTS file like mine, set up a DNS resolver (which
> admittedly will be a nightmare on Linux, but is simple on Windows) and
> you're done. No more tracking by google-analytics. No more contact
> with doubleclick. Only include the domains that you definitely won't need.
>
> Difficulty of HOSTS:
> I find this discussion especially odd with Linux people. Last week I built
> myself a new computer. I'm putting Xubuntu on a dual boot with Win10.
> In trying to get Linux to stop torturing me with tiny scrollbars that
> disappear
> when the mouse moves away, I found that I needed to edit a CSS file
> in the current theme folder. Of course. Why would Linux do anything
> sensibly? But I'm in a tinkering mood, so I may as well waste my day
> fucking around with Linux nonsense. After all, I'd already dealt with
> Suse corrupting my BIOS. How hard can it be to adjust scrollbars on
> Linux, right?
>
> So, I got to the file, found likely lines in thousands of lines of
> bloated, quirky CSS, and edited them. But Linux wouldn't let me save the
> changes! I didn't have permission. So I went back online to figure out
> a solution. The fix was to open a console window in that folder, then
> type: "sudo chmod 777 gtx.css". That's like my stove telling me that I
> can't boil water until I go get some firewood, even though the stove
> doesn't use firewood! I don't have permission to write to the file, but if
> I just type "sudo" with a bunch of obscure nonsense then I can do anything
> I like. I find it amazing that so many Linux geeks actually enjoy pretending
> that they're "down and dirty" by making everything so difficult. Even the
> convoluted mess on Windows of having to take ownership at least works
> in a GUI window. It's discoverable. chmod 777 is not discoverable. One
> has to learn the incantation.... Yet HOSTS seems like a hassle?

Thanks a gig, got enough reading to chew on for a week. At my pay-grade
I think I will just start tinkering around with /etc/hosts. If it's read
only on reboot that's not a problem, I'll use different files and reboot
using the one I want. What pleases me most is seeing that so many who
are way over my head ARE interested in the idea as well, I'll sleep
better knowing that :-)

In the old days, in another life, I got fed up with the reboot
key-and-click marathons so I had buttons launching scripts to boot
whatever system I wanted next. They first of all rewrote the legacy grub
file to one making that system default with zero delay, the rest was
just a 'shutdown -r now'. It was rudimentary but all systems had these
so I could always come back or go to yet another system with a *single
click*.

But this web jungle (i.e. hworehouse) is not in my bag, so thanks for
the ideas and I'll kick it around.

"bad sector" <forgetski@_INVALID.net> wrote

| Thanks a gig, got enough reading to chew on for a week. At my pay-grade
| I think I will just start tinkering around with /etc/hosts. If it's read
| only on reboot that's not a problem, I'll use different files and reboot
| using the one I want.

I don't know a lot about Linux, but the DNS resolver may
be some kind of "daemon" that you can stp and start with
a script. And if you get a DNS proxy then the whole thing
is much easier. You can use wildcards and you can stop/start
the proxy at will.

I now put Acrylic on every Windows computer, but before
Acrylic became dependable I decided to get Unbound on
one computer. Unbound has a Linux version. For what it's
worth, this is what I finally got working in services.conf
on Windows. It looks fairly simple, but everything had to
be just so or it wouldn't work:

# Unbound configuration file on windows.
# See example.conf for more settings and syntax
server:
verbosity: 0
directory: "%EXECUTABLE%"
username: "unbound"
use-syslog: no

# on Windows, this setting adds the certificates from the Windows
# Cert Store. For when you want to use forwarders with TLS.
tls-win-cert: yes

# listen interfaces and port
interface: 0.0.0.0
port: 53

# who can query the server
access-control: 127.0.0.0/8 allow
access-control: 192.168.0.0/16 allow

auto-trust-anchor-file: "root.key"

#
https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt
tls-cert-bundle: "ca-bundle.crt"

# https://www.internic.net/domain/named.root
root-hints: "named.root"

prefetch: no
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes

# security/privacy
aggressive-nsec: yes
cache-max-ttl: 14400
cache-min-ttl: 1200
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
val-clean-additional: yes
rrset-roundrobin: yes
use-caps-for-id: yes

include: "hosts.conf"

#Adding DNS-Over-TLS support

forward-zone:
name: "."
forward-tls-upstream: yes
# quad9
forward-addr: 9.9.9.9@853
forward-addr: 149.112.112.112@853