Over the years, I've become a big advocate of privacy, security and being protected against adds, tracking, surveilance and bad actors.
At this point I've spent about 8 years learning and testing tools to keep my system safe, and the best tool I've found in all these years it's called hBlock.
hBlock is basically a script that automatically downloads a list of public databases with thousands of Internet domains that big tech and other companies and bad actors have in place to spy, serve adds and even "attack" your system. hBlock automatically downloads, merges and edits your hosts file ( https://en.wikipedia.org/wiki/Hosts_(file) ) in the system to automatically block every single attempt to connect to any of the domains in the list.
This is surprisingly simple and effective! It takes a few minutes to run the script and immediately after finishing, your system is protected!
hBlock is free and open source, and like I said, all domain block lists are public, so there's nothing hidden or opaque. You can create or add more domains to be blocked and you can, of course, remove blocked domains from the lists… Let's see how to use hBlock now:
First, you need to download/install hBlock. Go to their github page ( https://github.com/hectorm/hblock ) and follow instructions for your operating system. For my System (Arch-based Linux distro) I just put in my Terminal:
sudo pacman -S hblockAnd I follow the usual install instructions… Once installed, you can just run in your Linux Terminal:
hblockAnd the script does everything! At the end of the process, it will ask for your sudo password so it can write the hosts file (which is in a privileged folder in the system) and that's it! now your system is fairly well protected from adds, tracking and even some malicious sites!
Now, let's dive in deeper to understand exactly what hBlock does and what you can do to improve even more your protection:
hBlock first downloads the default builtin domain lists, which is actively updated and maintained by its creator Héctor Molinero Fernández ( https://github.com/hectorm ), then, like I mentioned before, it unifies everything in one single database and finally puts everything in the hosts file. In very simple words, the hosts file can be configured like a DNS resolver (again, in simple words)… hBlock uses this feature to tell the system to send to a "black hole" all the domains blacklisted in that hosts file, so when any web site, application or service tries to reach any of those domains, it won't be able to.
Ideally, you should re-run hBlock periodically to update the hosts file to the latest version of the blocklists databases. I would suggest every 2 weeks or maybe once every month. That should be enough for 99% of users.
With the builtin domains list in hBlock, you effectively block around 500.000 domains that track, spy, serve adds or try to hurt your system. but there are a few things you might want or need to do to taylor hBlock to your specific needs.
One problem you could encounter (although very seldom) is that hBlock blocks a domain you do need (but I repeat, this is rather uncommon). If this happens, you should create a list of "allowed" domains and next time you run hBlock, this allowed domains list is used to make sure the domains you add to that list are not included in the blocklist.
The way of making that list is super simple, for example. Let's say you want to make sure StackerNews is not blocked, you just create a text file with stacker.news in one line, save the file and place that text file somewhere you can point to it, e.g.: /home/user/allowlist.txt… Let's say you also want to make sure Github is not blocked, well, in that same file add in another line "github.com"… So the file will look like this:
stacker.news
github.com
Next time you run hBlock, the terminal command should be this:
hblock -A /home/user/allowlist.txtThis tells hBlock to look for the "allowlist.txt" file in /home/user/. (of course, change this argument according to your specific naming and location).
Now, let's say you actually want to add your own blocklist entries, e.g.: facebook.com… Well, you just create a new text file with the domains you want to block in there. The file could be somewhere like /home/user/blocklist.txt and the contents of that file could look like:
facebook.com
instagram.com
tiktok.com
So these domains will be added to the blocked domains database next time you run hBlock, and the next time you run hBlock, the command should be like this:
hblock -D /home/user/blocklist.txt -A /home/user/allowlist.txtFinally, let's say you want even more protection than what the default builtin database provides, you can add your own block list sources creating a new text file with the URLs of those lists, for example: https://easylist.to/easylist/easyprivacy.txt … Create a new text file in, for example /home/user/listsources.txt with the lists URLs you want:
https://hblock.molinero.dev/hosts
https://easylist.to/easylist/easyprivacy.txt
And once again, next time you run hBlock, the command should be:
hblock -S /home/user/listsources.txt -D /home/user/denylist.txt -A /home/user/allowlist.txtAs an extra tip, if for some reason you want to revert your system to the default way things are (clean your hosts file), just run this command:
hblock -S none -D noneAnd that's pretty much it. With hBlock you have an incredibly good protection against traking, adds and some malware in your entire operating system… You can adapt it to your needs and be as relaxed or paranoid as you want… I, for example, take kBlock capabilities to the extreme and my hosts file has more than 5 million domains being blocked! This of course is extreme and frequently I have to investigate why some website, application or service is not working correctly and eventually find the domain(s) being blocked, add it to the allowlist and re-run hBlock to update the hosts file. I certainly don't recommend being this extreme.
Anyway, I hope you find this post interesting, I hope you try hBlock and as always, please, consider donating to the developer of this fantastic open source tool!