Dafuq are you talking about? I’ve been using it on android for years and before that I was editing the appropriate files on windows to forward or block access to certain domains/ips.
It’s all about how you implement it. It’s also about what services you use, for example, geicos app was so fucky that it never wanted to work right even with enough of the app and domains whitelisted. On my pc I tend to use chrome only when I need to access a site but don’t want to whitelist some or all the domains even on a temporary basis, FF basically blocks any and all ads I may come across. My lifes goal is to see as close to zero ads as possible.
I’m guessing that you haven’t actually used them and I’m going to also guess that you have no idea what dns actually is and therefore how ridiculous your claim here is. Do yourself a favor and learn a bit more about how this shit works lest you look like an idiot.
If I implement my service to use the same underlying IP address for the primary service/critical access that I use for advertising services (e.g., I put a load balancer and have Windows Advertising integrated with Windows Update via the same IP addresses), you can’t block the IP without breaking Windows Update.
That’s worse for other ingrained systems, e.g., a news app that actually has to send you content could do this instead of using separate IPs for the advertising service, and then if you want to use their service you have to accept the advertising packets.
If you’re relying on DNS for your blocking as well, it’s entirely possible to distribute the IP address information without ever involving DNS by syncing up the appropriate IPs out of band on some built in IP addresses hard coded in the binary (plenty of things do this sort of thing already for security purposes, they want to minimize the risk of a local DHCP server handing out some garbage DNS record and sending you a virus via their update mechanism).
I could go on.
Do yourself a favor and learn a bit more about how this shit works lest you look like an idiot.
Don’t be a dick; especially if you don’t know what you’re talking about. Thanks.
DNS based blocking only works for regular DNS requests.
At this point, any app that wanted to bypass that could use DoH/DoT+ECH to completely bypass your DNS and thus the blocking it provides. With these tools, all you’d see is an outgoing TLS connection to a remote IP; all other data is encrypted.
Any app or chunk of windows that went that route would be uninstalled post haste.
I’m not surprised by the lack of knowledge here. There are tons versions of windows with all kinds of pieces missing and guaranteed that a version of 10/11 with the ad module missing or deactivated would be available ASAP if this kind of thing moves forward.
You lot should be proud of yourselves, you made sure to bring the worst parts of reddit here and your going to stop getting people like me contributing because of your idiocy.
In simpler terms for those who can’t handle the above. There are alternatives to the default start menu, one would simply have to install one of those or at the least block the start menu module from accessing the internet.
You were so focused on being right and holier than thou that you failed to recognize those among you who have been playing with computers since word processors were all the rage. Some of us have been using and abusing windows since the pre 3.x days.
DNS based ad blockers (I run one, it’s great, highly recommend) can’t block something if the address is both legit and also serves ads. For instance, if MS used the same domain name for updates and windows key validation as it does for ads, you’d quickly run into an issue. Especially if (please don’t read this MS), they required validation on every boot, then replied with a payload combination of a the ads and a “yea you’re legit and can boot”.
Also, MS could easily (and has) coded some processes to not lookup DNS addresses in things like LMHOSTS or HOSTS, they could just as easily bypass DNS itself. They certainly have plenty of public IPs they could have a process submit to the network stack.
Dafuq are you talking about? I’ve been using it on android for years and before that I was editing the appropriate files on windows to forward or block access to certain domains/ips.
It’s all about how you implement it. It’s also about what services you use, for example, geicos app was so fucky that it never wanted to work right even with enough of the app and domains whitelisted. On my pc I tend to use chrome only when I need to access a site but don’t want to whitelist some or all the domains even on a temporary basis, FF basically blocks any and all ads I may come across. My lifes goal is to see as close to zero ads as possible.
I’m guessing that you haven’t actually used them and I’m going to also guess that you have no idea what dns actually is and therefore how ridiculous your claim here is. Do yourself a favor and learn a bit more about how this shit works lest you look like an idiot.
If I implement my service to use the same underlying IP address for the primary service/critical access that I use for advertising services (e.g., I put a load balancer and have Windows Advertising integrated with Windows Update via the same IP addresses), you can’t block the IP without breaking Windows Update.
That’s worse for other ingrained systems, e.g., a news app that actually has to send you content could do this instead of using separate IPs for the advertising service, and then if you want to use their service you have to accept the advertising packets.
If you’re relying on DNS for your blocking as well, it’s entirely possible to distribute the IP address information without ever involving DNS by syncing up the appropriate IPs out of band on some built in IP addresses hard coded in the binary (plenty of things do this sort of thing already for security purposes, they want to minimize the risk of a local DHCP server handing out some garbage DNS record and sending you a virus via their update mechanism).
I could go on.
Don’t be a dick; especially if you don’t know what you’re talking about. Thanks.
DNS based blocking only works for regular DNS requests.
At this point, any app that wanted to bypass that could use DoH/DoT+ECH to completely bypass your DNS and thus the blocking it provides. With these tools, all you’d see is an outgoing TLS connection to a remote IP; all other data is encrypted.
Any app or chunk of windows that went that route would be uninstalled post haste.
I’m not surprised by the lack of knowledge here. There are tons versions of windows with all kinds of pieces missing and guaranteed that a version of 10/11 with the ad module missing or deactivated would be available ASAP if this kind of thing moves forward.
You lot should be proud of yourselves, you made sure to bring the worst parts of reddit here and your going to stop getting people like me contributing because of your idiocy.
In simpler terms for those who can’t handle the above. There are alternatives to the default start menu, one would simply have to install one of those or at the least block the start menu module from accessing the internet.
You were so focused on being right and holier than thou that you failed to recognize those among you who have been playing with computers since word processors were all the rage. Some of us have been using and abusing windows since the pre 3.x days.
DNS based ad blockers (I run one, it’s great, highly recommend) can’t block something if the address is both legit and also serves ads. For instance, if MS used the same domain name for updates and windows key validation as it does for ads, you’d quickly run into an issue. Especially if (please don’t read this MS), they required validation on every boot, then replied with a payload combination of a the ads and a “yea you’re legit and can boot”.
Also, MS could easily (and has) coded some processes to not lookup DNS addresses in things like LMHOSTS or HOSTS, they could just as easily bypass DNS itself. They certainly have plenty of public IPs they could have a process submit to the network stack.