Better ad & tracking blocking with the hosts file

What is the hosts file?

The hosts file is a special plaintext file used by all major operating systems to map hostnames to IP addresses. This lets you override the default DNS resolution used by your computer when you access the internet (or an internal network for that matter).

As an example, let’s say you would very much like to encourage the users of a computer to use DuckDuckGo instead of Google. One way to encourage this behavior is to setup the machine to load the DuckDuckGo website whenever a user tries to visit Google.com.

By default, Let’s assume Google.com resolves to 172.217.1.14 and DuckDuckGo resolves to 40.89.244.232. We want to change that on this computer so that Google.com resolves to 40.89.244.232 instead, thus forcing the user to load the DuckDuckGo website instead of Google.

To do this, it’s simple. We would simply add a line to the computer’s hosts file that said “40.89.244.232 google.com.”

Now, let’s take this to the next level. Let’s say that we wanted to set up our computer so that anyone trying to load Google.com didn’t get any useful result. In this case we would add the line “127.0.0.1 google.com.” In this case, instead of pointing Google.com to the DuckDuckGo server we’ve pointed it to the computer making the request which isn’t likely running a webserver…and thus effectively pointing it to nowhere.

127.0.0.1 is what’s known as localhost. It’s a special IP address that always refers to the current device. That’s the trick we’re using here, we’re taking a domain that we don’t want to ever be accessible and pointing it to the current device instead of letting it access the internet. Since a typical desktop doesn’t run many servers, it will never return anything.

Now, that may seem like limited utility. Sure you can block Google.com (or whatever) but it’s still accessible by IP address and other domain names so why bother? It won’t keep a determined user from accessing it — that’s true. That’s not really our use case though, just a gentle introduction to what we’re really going to do.

Blocking ads & blocking trackers with the hosts files

Our use case is blocking ads, gross-out sites and known untrustworthy sites so that we aren’t forced to load them by malicious ads or tricked into opening them. We’re going to build a list of sites that we never want to be accessible on our computer and point them to localhost so they can’t do anything.

Let’s say we’re a frequent visitor to MSN but we don’t want to see their advertising. We would identify that their ads are served from ads.msn.com and then add a line to our hosts file “127.0.0.1 ads.msn.com.” Voila! Now there are no more ads showing up on MSN because we’ve blocked their entire ad system. Their ad code never loads, their trackers never load and nothing disturbs or tracks us.

Now, this would take forever if you had to build the list yourself. Fortunately large, passionate groups of people are working together to build lists of ad servers, tracking servers and malicious websites. Two of the best are SomeoneWhoCares.org and StevenBlack’s github list. SomeoneWhoCares’s list is somewhat easier to manage for a newbie while StevenBlack’s list will allow for more customization and a wider block.

Virus Prevention

One incredible advantage of using this layer of protection is that it closes a major vector of virus and malware infection. It’s incredibly common for advertisements to deliver malware code onto computers. By blocking entire ad networks that code never has a chance to touch your computer.

How do I update my hosts file

On windows, run notepad as an administrator by right clicking on notepad and clicking on “run as administrator.” Then use notepad to open up the file c:\Windows\System32\Drivers\etc\hosts. Note that there is no file extension for this file, it’s just called “hosts.”

Paste your blocklist into the hosts file and save it. It takes effect immediately and does not require a reboot. You’re done. I’ve attached a copy of the SomeoneWhoCares list here (current as of Jan 2022) but you should update your blocklist every couple of months and always keep it current as new domains are constantly added when they are discovered.

Download the archived blocklist from Jan 2022 here

Limitations

This isn’t a complete security measure on it’s own, it’s merely an incredibly useful additional layer of security that’s simple and fast to implement. While it does not remove the surface area of attack entirely, it dramatically reduces it and increases your quality of life for what amounts to less than two minutes of work.

It blocks domains but to block the domain that domain must be explicitly identified and added to the list. There’s no heuristic analysis taking place. It also doesn’t block direct connections to IP addresses so any software that’s hardcoded ip addresses instead of domain names will still connect normally.

This method also requires you to continue to manually update your hosts files. While you won’t lose protection if you do it once and forget about it, your protection will become less effective over time as ad servers, tracking servers and malicious actors setup new domains to work from.

You also need to be aware that sometimes a Windows update will come out that removes all the entries in a hosts file. It’s rare but it’s annoying when it does happen every once in a blue moon.

Should you do it

Yes. It takes less than five minutes and delivers a nice layer of protection at very little cost.