add some form of adblocking by default to improve privacy, security, and web browseing experince of users

[fosslover306]

Just what it sounds like, one of the first things i install on all of my systems is to install hblock to block malware, ads, and phishing sites with no CPU overhead or RAM overhead.

The benefit is obvious, making it easier to install or having it pre-installed protects all users from tracking, malware, phishing, ads, spyware, ransomware, or being part of a DDOS botnet. improving the user experience.

Making Linux Mint more attractive overall, and actually saves electricity and is green.

https://github.com/hectorm/hblock
https://akmatori.com/blog/hblock-guide
https://github.com/100savage/Savage-Blocker

Please note, going forward anyone asking questions previusly answered will be be told to read the prior comments, I don't like to set rules but to save everyones time I have been forced to.

[AtomicRobotMan0101]

My first thoughts are that using Pihole is easy, but even easier is the free AdGuard Public DNS: https://adguard-dns.io/en/public-dns.html

My second thought goes towards a very good post I saw from @clefebvre here: linuxmint/mint22.1-beta#4 (comment) WRT new user overload.

Perhaps it would be worth considering a "Value Pack" or "28 Days Later" pack :-) where users can be introduced to the Whats Next of ideas that will help them along their journey after a reasonable settling in period.

New users have a mighty steep learning curve, one that Mint does an outstanding job of flattening out, but more tools/options always leave more to learn (and maintain). Blocking things needs to be considered carefully - for in some ways it goes against the ethos of Openness - even if we are blocking Evil.

[fosslover306]

And now users would need to change dns settings for every network and device which is a pain, and now you are trusting the dns provider to protect you which still allows data to be scraped by the goverment and ISP, so basicly useless. While still wasting internet bandwith, unless you use pi hole but at that point you are using hblock with extra steps.

[Fantu]

Blocking at the system level with the hosts file is not optimal and from what I've seen from experience, it is often necessary to disable this for certain sites (which block access if you use adblock software or if they have problems with "false" positives) so for single PCs and the majority of users it is better to use a browser extension instead (even if unfortunately some recent browsers are complicating things) so you can disable it for specific sites if necessary quickly and easily (doing it in a central block by whitelisting sites in many cases does not work because there are elements on other domains), furthermore it is almost only useful for browsers.
Regarding blocking access to infected websites and addresses, it's technically impossible to have complete or near-complete protection; there are too many, variable, and constantly growing threats. Blocking some of them can help, but the fact that users must be vigilant is still very important. Unfortunately, there's also the annoying fact that recently, "minimal" malware that attacks at the browser level has become increasingly common. It's impossible, or almost impossible, to block them with antivirus, antimalware, or block lists (which, in fact, can't track them all). These malware attempts to trick users, particularly by using system notifications and playing on fear (displaying messages about an infected PC). They also perform limited actions to avoid being blocked by antivirus and antimalware programs (even modern ones), such as asking users to change their search engine, installing extensions, etc. In general, most of them simply acquire data from the browser.
To mitigate this, I was recently thinking that by default notifications should be blocked in the browser (instead of asking the user, that is the more common setting), as the cases in which they are really needed are so rare that they can easily be enabled on the given site in such cases.

In cases with several devices or small companies, solutions like pihole are useful and better (for example I have been using pihole for years at my home on an old rpi2). But this too has its limits.

[fosslover306]

That does not mean we can't provide tools, not telling them any tools exist and then also not including any is a false choice, and it is ridiculous I have to make there points If anyone cared some form of hostfile based ad blocking would already be included, these ads they "chose" to not be protected from are 70% financial scams, 30% ad-ware, and 100% malicious even the FBI recommends everyone to use a ad-blocker for security reasons so if nothing is going to be done proactively about removing infections that get in, at the very least build in a ad-blocking tool that will provide protection from them.

And whose this "we" you speak of? Any "we" begins with a "me" I'm trying to do my part wheres yours?

"unless someone like you care's a whole awful lot, nothing going to get better it's not, plant a new trufufla do it care, and protect it from axes that hack"

Dr. Suess

FYI linux lite had a built in script to add hblock like 8 years ago, surely a skilled team of Linux Mint users and team members can write a one time use shell script? And in case you have forgotten me a total shell script novice wrote one that works perfectly the first time and no further interactions with hblock is required and was then told it was not good enough when no one else was doing anything to help or had any other ideas.

And setting a custom dns per network as a replacement is far beyond the skills of 90% of computer users, not even server admins want to mess with dns settings, so why would you expect grama to change them?

[fosslover306]

Even some buisnesess want you to use an ad blocker if you don't want ads, because other wise they have to pay google an extra few million dollars a year for irelivent ad placements which only benifits google and no one else.

[fosslover306]

I gotta ask, what is the real reason to not include any form of adblock as an option?

be honest with me here, where is the spirit of opensource? Freedom, choice, privacy, and pro user not pro corpate.
What are people so scared of?

1. The tool already exists.
2. It's the industry and community standard method.
3. It works without distracting users.
4. The FBI even recomends everyone use ad-block to prevent scams, identity theft, viruses, malware, and would save billions of dollars a years in scams and identity theft alone.
5. What i'm proposing is a simple way to add hblock without users needing to use google which will most likly confuse or direct them to a malioucis version, and they can chose to use it or not.

If you actually care about user security then make one that meets your standards, reminder vpn connections are an option, and can be automaticly configured if advertised corectly.

Hell thier is literally a privacy section in settings, with a option to not check the connection by pinging google which were incedibly small potatos 10 years ago, and is now pointless when going to any website pings google, 15 other advertisers, and only like 4 of the 20 connections are needed to use the site.

Stop stepping over 20$ bills to pickup a penny.

[Fantu]

hblock doesn't seem good enough to me to have it as default. If you want something as default, is better adding a good browser extension:
https://packages.debian.org/source/trixie/ublock-origin
It can be configured to add other lists. Unlike hblock, the risk of creating problems for users is almost zero, and users can disable it if sites prevent access when advertising is blocked or if it does not work properly (you can disable it with a single click, even just to try it out).

[fosslover306]

@Fantu Both google and firefox want ad blocking gone, google has tried 8 times in the last 2 years, and mozila would like it gone so they could make an addional 2 million dollars a year from the advertising company they purchased, v3 extensions is the goal they both want because adblock would be Almost useless because it would not be able intercept anything meaningful, and v2 is dieing slowly so how is ad-blocking web extensions going to work long term? And that leaves everything else exposed, nevermind flatpaks and small browsers with poor ad blocking.

And I said "an option in the privacy section" and "you can make one that meets your standards"

So the reaction is to cope harder, instead of being honest.

I suspect the reason is nobody cares about privacy or security here. I made the script to run the install commands and setup the update systemd timer in one click or command, and you can add or whitelist urls if you want so your 'gotcha' is void.

Besides A PRIVACY OPTION is a option that can be enabled, and if you you want to make it easyer to change the lists be my guest.

And it can be removed by unistalling hblock and removing the block list section, so a disable script could be made.

[Fantu]

Beyond annoying advertising and security issues, I find it ridiculous that people obsessed with privacy continue to make absurd demands (not so much in this case, but I'm speaking in general) for minor real results, yet do little or nothing about the bigger issues.
Almost everyone wants privacy, but how many would make the effort to do what is necessary to achieve REAL privacy? I'm sure that at least 999/1000 would give up immediately when they learned even a fraction of those things, perhaps without even resorting to the most drastic measures, but simply by not using so-called “AI”, social media, subscriptions to various services, and being very limited in their choice of devices, operating systems, programs, search engines, and email.
In truth, almost no one is willing to make enormous efforts for true privacy. At most, they prefer to complain, add something that gives the appearance of privacy rather than remove something that gives real privacy.

[fosslover306]

So what you are doing? My only big tech account is this one, just so I can share ideas and feature requests on github.

So if privacy settings are pointless, why is thier a privacy catagory in the settings? And why does it only effect connection check pings?

And while I agree for the most part with your statement why does that void a privacy option for those that want it? I just want some form of adblocking to be included by default, even if it was disabled by default, a simple on switch is a big improvment and far more impactful then an option to not check the connection by pinging google.

A warning box would be fine if that is what it takes to make this happen, also I brouht up more then just privacy concerns.

[Fantu]

I don't mean that privacy doesn't matter and that we shouldn't do anything about it, but complaining about wanting privacy and pushing for things that improve it only slightly, while doing nothing about things that make it much worse, is becoming stressful.

Some quick examples:
Users who want privacy, but when something is done about it, they complain about the limitations and the time wasted on such things. Then you give them a little privacy, and they immediately sign up for a ton of things, spreading their data to a mountain of parties, increasing the risks and increasing spam, both in emails and phone calls.
Inexperienced users who have been told many times to be careful, even when registering, to pay a little attention and at least uncheck the boxes regarding receiving advertising and sharing their data, and then you find yourself spending hours helping them locate and delete useless accounts or unsubscribe from newsletters to receive even fewer useless emails.
There's a lot more to say, but I don't want to waste too much time.

Returning to this discussion, if something is added by default, it must be something that works well, that does not risk creating problems for users, and that they can disable or modify quickly and easily.
hblock has significant (albeit relatively low) risks of problems due to the way it is designed; it is not easy enough for most users to disable and configure. Having a browser extension that makes it easier to disable on individual sites in case of problems (many users have difficulty even with that, so imagine) makes a huge difference.

[fosslover306]

I hear you but problem with this idea is...

I agian will point out "optional", and privacy is not the only reason I listed.

I also said that could be improved, if one wants to put in the work, maybe I can ask the hblock dev if that would be possible.

[Jopp-gh]

@fosslover306
It's sad to see how in the world of open source nice ideas and little requests are often completely ignored or belittled / fight against for a long time until somebody in a higher position, decides to implement it.

Privacy is still a very personal matter albeit the catastrophic security threads nowadays (user internet)

As long as stuff works, nobody cares..prevention? Completely alien concept…

I guess everything touching money in some way is by default sabotaged.

Linux mint is great but from a security point, it should invest more dev time in security features too, like a preconfigured Selinux package, see Fedora's spin.

Further, good reading: https://github.com/orgs/linuxmint/discussions/34

[fosslover306]

I have used hblock on 20 systems over the last 12 years, and it has never broken or caused connection issues.

Just so you know hblock does not modify the original configurations at the top, it just inserts the blocklist below what is already their, because hectorm desigied it explicitly not to break the host file.

That fact that you are trying to gate keep over a problem that does not exist, says you have never used hblock nor have spent any time to understand it. Therefore you have no grounds to stand on about the imaginary techinical problems you are woried about.

Connetion isses also don't seem to have been reported either, out side of false positives and negitives as the internet changes, hence why blocklists are updated every 24 hours, and as far as I know only one hostfile can exist otherwise it would be useless, because what ever rules are on one of them might not match the other one and now what happens? Bugs, glitches, and bypasses which would actually cause problems.

"hblock that is separate from the main hosts file or made so that it does not create problems with other operations outside of it (I don't have time to investigate and test it)."

So you also admit you have tried to learn nothing, and self admited you have no understanding even how the host file works.

For the record it has 2 lines, and sets local and remote ip adress ranges and what ip adresses and urls you want blocked,whitlisted or redirected, and that's my uderstanding after i read the host file both before using hblock, and actully resurching the host file.

In short hblock working is not a bug, it's a explicitly intended feature for servers being used to it's maximum potentiol for normal users, and why would a server admin put enteries into a hostfile? To reduce attack surfaces, and block connections known to be malicus to prevent future security problems.

But I guess only servers for multinational corperorations are deserving of improved security for free right?

[Fantu]

I don't think I've ever used hblock, but I've used several programs that block from the hosts file or other blocking solutions, the first ones dating back over 20 years on Windows.
I've also seen infected PCs (Windows) where the hosts file has been used by malware.
Given the problems I had some time ago on Windows, I tended not to use anything that modifies the hosts file. On Linux, I also saw that when I tried to add records to the hosts file as a workaround, it was useless because the program use externally resolution.
From what I've seen over time with users, a browser ad blocker is better, as I've already explained.
Regarding global blocking solutions, only a few customers have used them or are using them. For example, the last two added have asked us to block access to specific social media sites, I assume to avoid wasting time managing whitelists.
The pihole I have on my home network required changes to the lists, for example, for apps on my Android TV that didn't work. I've also excluded two of my computers from the pihole and use ublock origin to avoid wasting time managing exceptions by connecting there and, in some cases, searching for the specific thing that needs unblocking (not tied to the site's domain).

I saw that hblock has the possibility to set it in other ways too: https://hblock.molinero.dev/
for example a resolver like dnsmasq seems better to me but in general I fear that there are too many cons to have it as default

[fosslover306]

You need sudo permissions to edit the host file, windows runs almost all applications as admin, linux does not and if your system has been comprimised to the point a random person, orginazation, or software installed without your knowlage has sudo access the host file is the least of your concerns.

Also you can actually read the host file yourself if you want to check.

And yes dnsmasq based solutions cause problems because that inserts it's self where it does not belong, and one missed hook and it brakes your networking i would know, i used one of those and it had more problems in 6 months then the oh so horrible hostfile based one, 6-8 problems over two machines in 6 months, vrs 0 problems on 20+ computers over atleast 10 years.

And yes you should not mess with the hostfile, the fact you have messed with and broke yours is on you, not hblock or me or anyone else.

Often a automatic system that works correctly is better then someone who does no what they are doing.

Case in point hblock 1, you 0.

Congratulations on actully doing reseach this time, and reading the documenation.

Also a ad block browser exension is only better if you can still use it, firefox relies on a add-on store, and has automatic blacklist functions.

So over night ublock origion goes poof, or is just disabled if you are lucky and mozila removes it from the store, which they already considered doing but "it would feel off mission, but itwould only make us 2 million dollars".

So users should just trust ublock will be around, availible, and usable long term?

[Fantu]

Trying to summarize too much and too few cases doesn't help, and then I don't know if it's me who can't explain myself, if you can't understand, or something else. Also, recently Google Translate seems to have gotten a bit worse (I use translators because I'm not good at English but many recent translations are much worse than how I would write without a translator, it even starts to modify my sentences completely and I hadn't always noticed it); I guess they've started using "AI" instead of something more optimized.

I don't understand what you mean by dnsmasq, with it is better than the hosts file both in terms of performance and features, my doubts were whether it could be less bad regarding using hblock (or other lists) on it as default instead of the hosts file.

However, I'm starting to think that trying to help discussions like this lead to acceptable improvements is just a waste of time and the Mint team is right not to waste time even replying, it could be better invested differently

[fosslover306]

So why do you keep coming back?

And I can't help but notice you doged most of the questions I have asked so far.

[AtomicRobotMan0101]

The entire discussion can be broken down into some basic premise:

• Blocking ads is good/bad
• Blocking certain domains or IPs is good/bad
• Blocking things can lead to unexpected breakages
• Users are simple creatures. They are NOT administrators.

Further, if one were to block ads/domains/IPs the solutions are:

• Browser blockers (which is diminishing in effectiveness due to Evil Companies)
• Local blockers via hosts file (regardless of how this is implemented)
• Area blocking via PiHole
• Organisation level blocking via a DNS based solution (such as adguard-dns.io )

Each of the above two breakdowns have positives and negatives. NONE are universally perfect. Each exist as each serves a specific purpose. They all work, as intended and each is inherently good.

This entire discussion is pointless. OP is flogging a dead horse. Ultimately users (consumers) will take an interest, or they won't. IF they do, they quickly find the above solutions and their compromises/weaknesses/benefits.

I'd imagine the Mint team want NOTHING to do with this entire scenario because its not inherently useful. Its worse than useless, as new users of Mint will have yet another "problem with Linux" they need to know/solve/fix/tweak. Mint works because its design is elegant.

The Mint team is limited in their people hours. They already achieve a stupendous quantity of work on an absurdly tiny budget (hint - donate). They (if I were to guess) absolutely DO NOT want to become some sort of advocate of what is right or wrong with the current advertiser-supported Internet, for a multitude of political, commercial or resource issues.

@fosslover306, what we are better off doing is raising awareness. @Jopp-gh is 100% correct to point out the galactally important document here: https://github.com/orgs/linuxmint/discussions/34 done by the mighty @MikeNavy

THAT is a project worth putting your energies behind. I could easily imagine that it needs constant tweaking.

If I were to posit an actual opinion on what the Mint team should consider it would be a "28 days Later" document, where a new install has a popup, after a Suitable Period, that advises newly-Minted users the next steps - the advantages of considering security and some of the ways it might be achieved.

Its worth considering.

[fosslover306]

You do realize nobody in the mint team responds at all to these unless someones feelings get hurt right?

I again will point to the privacy settings and say it is thier for a reason, please actually use it for something.

And raise awarness how? A public psa? A blog post? And unless I pay for advertising and hosting no one will ever find or read it.

Hi, There is a choice to make between a rich "/etc/hosts" file and a reduced hosts file and a rich uBlock Origin:

* The IP addresses you block in the hosts file work "system wide", for any application and any connection; that's good. However, you can't disable them for some reliable websites that could not work correctly with the filters.

* At the opposite, the filters you put in uBlock Origin work only on the browser. But with uBlock Origin you can disable the filtering for a complete website, or for a given web page, or even continue browsing for once when a filter prevents it.

The problem is the same if you use a filtering DNS (see §4.11 page 49) such as Mullvad ones: you can't disable a filter for a given website. I do use Mullvad "base.dns.mullvad.net" as a private DNS on my Android smartphone, but on my Linux Mint computer, that I use more than my smartphone, I use another filtering DNS "zero.dns0.eu", security oriented, that mainly filters phishing websites.

Same problem finally with some extensions: ClearURLs is a nice anti-tracking extension, but I prefer to use "ClearURLs for uBo" filters list in UBlock Origin, since I can disable it when I disable uBlock Origin.

So, my compromise for my Linux Mint computer is to use "/etc/hosts" to filter malware, spam, and crypto miners, and to use a "light" filtering DNS; I use uBlock Origin for anti-tracking, privacy, ads and some more malware filter lists not available as hosts format but as AdBlock one. Particularly, the use of Steven Black hosts list in the hosts file would make a lot of websites to dysfunction; if you want to block some ads in the hosts file, just use Yoyo adservers block list, lighter than Steven Black's one, https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext

I will mention your Savage-Blocker in a future revision of my guide (I prepare a paragraph about private / anonymous messaging).

Regards,

MN

So his take is to use the hostfile to block the main stuff, and use ublock origion or something for the finer stuff, which is exactly what am asking for and talking about, it's so nice to told i'm wrong just to be pointed to the 'right' idea just to read what I already stated several times.

I'm starting to suspect the ones freaking out the most about this idea have reading compreshion issues.

With resounding support like this, i'm sure mikenavy will have great success.😒🙄.

[fosslover306]

To be very clear, hblock forms the base level of ad-blocking, and ublock does the trickier stuff.

And ad-blocking dns services are extremly questioable as a long term solution, you don't know what they are blocking, they most liklely log your traffic and sell it, and all isp's and cell carriors are all reqired to have goverment aproved traffic sniffing devices so that privacy benifit is directly undermined.

[fosslover306]

Shoutout to https://github.com/100savage/Savage-Blocker
For it's host file based ad-blocking with a gui easyly installed with a .deb package. If it lands in the repos and keeps getting maintanied I will use it in the future.

And that removes one more barrior to os level ad blocking, and 3 excuses.

[MikeNavy]

Hi,

I do not think that it should be the role of a distribution, Linux Mint or other, to impose its users a way to be protected against malware / ads. Any user should choose his / her way and adapt his / her protections to what is thought adequate.

Here is the way I protect myself on Linux Mint:

1. At the system level, I use a filtering DNS resolver, set in "/etc/systemd/resolved.conf"; the DNS resolver I use is "noads.joindns4.eu", filtering malware and ads, in encrypted DoT mode. I complete this with an "/etc/hosts" with mainly malware / spam and some ads. I update my hosts file with a bash script, and I use sed command, example "sed -i /t.notif-colissimo-laposte.info/d hosts" to remove the websites I don't want to filter (a kind of "whitelist").

2. I use Firefox and Mullvad Browser (on Tor Network). In both browsers, Google Safe Browsing is enabled (note that in those browsers, filtering is done locally, preserving your privacy, and not on Google servers for Chrome or on Microsoft ones for Edge). I have several extensions protecting privacy and security:
   • "Canvas Blocker", fingerprinting protection,
   • "CSS Exfil Protection", privacy protection,
   • "DuckDuckGo Search and Tracker Protection", privacy protection, it installs DuckDuckGo
   search as home page, DuckDuckGo search engine by default and DuckDuckGo Privacy
   Essentials extension,
   • "Privacy Badger", privacy protection,
   • "Font Fingerprint Defender", fingerprinting protection,
   • "uBlock Origin", one of the best ads, privacy and malware filter.
   • "NoScript Security Suite", which allows activating javascript only on trusted websites.
   For Firefox and Mullvad Browser, I also made some changes in "about:config" (disabling JIT compilation, preventing scripts in integrated PDF reader, showing punycode and others).

All that is addressed in my "Security, Privacy and Anonymity in Linux Mint" guide, https://nallino.net/stockage/security/Linux_Mint_Security.pdf.

I also use an Android smartphone. On Android, almost all applications use tracking and display ads, very aggressively. So, my defense is stronger.

1. At the system level I use "Personal DNS Filter"; I have set it to use the same DNS resolver as with Linux Mint, "noads.joindns4.eu" on DoT mode; I complete this with extensive filters lists, in hosts or DNS formats, filtering malware, trackers, crap, ads etc. Personal DNS Filter allows to whitelist websites and even applications.

2. I use IronFox browser; it is a fork of Firefox, security and privacy hardened (based on Phoenix). In IronFox I use the same extensions as mentioned above, and uBlock Origin has more filters than with Firefox on Linux. Safe Browsing is also set.

3. Finally, I use some partial "degoogling", by uninstalling, disabling and replacing the Google applications I don't (want to) use.

All that is addressed in my "Enhancing your Smartphone Security, Privacy and Anonymity" guide, https://nallino.net/stockage/security/Smartphone.pdf.

Both guides can be accessed from my cybersecurity page: https://nallino.net/cyber/index.html,
and from my publications on archive.org: https://archive.org/search?query=michel+nallino.

Note that using filtering is just a part of a complete strategy for security and privacy.

Regards,

MN

[Jopp-gh]

I do not think that it should be the role of a distribution, Linux Mint or other, to impose its users a way to be protected against malware / ads.

First, thanks a lot for your guides and to share your time generously with us and thanks also for expanding your guide to mobiles !

"Roughly", I see a curated blacklist as some simpler form of firewall to guard us against a variety of annoyances and threads. I strongly believe, nobody nowadays doubts:

• if a firewall is useful
• if a firewall is imposing something.

You can use it or not but it's shipped by default. Of course, using hblock isn't a complete security suite, just yet another but meaningful puzzle to make our system a bit safer.

Of course, usefulness depends of the kind of blocklists one downloads to curate this malware/ad list. The defaults in that file are basically nil, you don't get much protection from it. So this file sits there almost "for nothing".

Any user should choose his / her way and adapt his / her protections to what is thought adequate.

Right, but I fear generally everyone is busy to deal with applications for work and therefore happy to have some useful services already shipped by default.

At the end of the day we don't use computers to maintain computers, but to do our stuff with the apps we need.
Dealing with computers anyway requires always a ton of configuration effort to be useful for the user, at least in my experience .

[fosslover306]

Exactly hostfile based blocking is just like an advanced firewall, you found the perfect anology, thank goodness firewalls were not suggested to be added today other wise these the reponses would be like the ones here.

[Jopp-gh]

I enjoy discussions even when people disagree but keep up with topics to get different insights. This is tiresome, but there's always something to learn.

Better than getting no answers at all on a topic. Maybe tomorrow is a better day for answers. @fosslover306

[MikeNavy]

Hi, Firewall is another kind of beast, not comparable to filtering: while filtering prevents access to a selection of websites (using IP addresses, DNS format) or to parts of websites (using keywords), a firewall can block or allow incoming or outgoing connections on a list of ports / IP addresses for some or all applications. Generally, for home users without any server hosted on their computers, a firewall blocks all incoming connections on all ports from any IP address and allows outgoing connections on all ports for all IP addresses for all applications. Some users block outgoing connections for some applications, with an application firewall; but this has been defeated by non-legit software from long: applications not allowed to connect put them in memory just below an application allowed to connect and take profit of it. So, you can block outgoing connections for a legit application phoning home, but not for malware. Finally, some applications, such as Portmaster https://safing.io/, group features of firewall, filtering and network intrusion detection. Portmaster calls itself an "application firewall" while it does much more than a firewall. A firewall is mandatory, UFW (using Netfilter kernel feature) is enabled by default in Linux Mint, while filtering is a user's choice (some people are not disturbed by ads...). Enabling filtering by default would mean an arbitrary choice of websites to filter (what filters lists to use among thousands?). This is what is reproached to Google with its Safe Browsing (personally, I just reproach the way Safe Browsing is done in Chromium, Chrome or in Edge, but I am happy with the way it is done by Firefox, on your device). Regards, MN Le 07/02/2026 à 16:53, fosslover306 a écrit :

…

Exactly hostfile based blocking is just an advanced firewall, you found the perfect anology, thank goodness firewalls were not suggested to be added today other wise these the reponses would be like the ones here. — Reply to this email directly, view it on GitHub <#1108 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AO7MW3YOFM6K7UQ6KJJPXVT4KYDBLAVCNFSM6AAAAACFIXPDU6VHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTKNZSG42DOMI>. You are receiving this because you were mentioned.Message ID: ***@***.***>

[MikeNavy]

Hi,
I reacted to two messages confusing firewall and filtering; confusion might come from applications such as Portmaster, which call themselves "application firewall" while they also include filtering.
About Savage Blocker, it has been mentioned for long in my guide, in "4.7) Safe browsing", as an alternative to a script to update "/etc/hosts". In the current revision, 70, it is mentioned at page 32.
Regards,
MN

[MikeNavy]

Hi, 1. Yes. 2. Yes. Please stop wasting your time answering questions I didn't ask. Regards, MN Le 7 février 2026 18:46:34 GMT+01:00, fosslover306 ***@***.***> a écrit :

…

1. Did you read everything above before replying? 2. Do you know what "anology" means? -- Reply to this email directly or view it on GitHub: #1108 (comment) You are receiving this because you were mentioned. Message ID: ***@***.***>

[JosephMcc]

Keep this civil, please. Otherwise it's getting locked.