Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TLC Roku TV 9.3.0 still shows the large 1/3 ad on the Home screen #230

Closed
jasonpearce opened this issue Sep 15, 2020 · 16 comments
Closed

TLC Roku TV 9.3.0 still shows the large 1/3 ad on the Home screen #230

jasonpearce opened this issue Sep 15, 2020 · 16 comments
Labels
help wanted Extra attention is needed question Further information is requested

Comments

@jasonpearce
Copy link

jasonpearce commented Sep 15, 2020

This is a "New domains to block" comment for Roku TV version 9.3.0 build 4194-30. I'm using your list via NextDNS.io and am still seeing the large 1/3 ad on the right hand side of Roku's Home screen (where you select which app to launch).

I've yet to figure out what domain(s) these ads are being served from. This comment is a both a reminder for me to keep trying as well as an opportunity to engage other Roku users who might also use your list but still see ads.

Roku Logs/Domains that are being blocked:

  1. cloudservices.roku.com
  2. customer-feedbacks.web.roku.com
  3. liberty.logs.roku.com
  4. scribe.logs.roku.com

Roku Logs/Domains that are not being blocked:

  1. api.roku.com
  2. api.rokutime.com
  3. api.sr.roku.com
  4. api2.sr.roku.com
  5. captive.roku.com
  6. channels.roku.com
  7. cigars.roku.com
  8. configsvc.cs.roku.com
  9. image.roku.com
  10. keysvc.cs.roku.com
  11. lat-services.api.data.roku.com
  12. longview.sb.roku.com
  13. navigation.sr.roku.com
  14. roku.com
  15. rokutime.com
  16. tis.cti.roku.com

Of course, it's possible that they are serving ads from domains other than roku. If I figure it out, I'll update this ticket. Thanks for your time and service.

@lightswitch05
Copy link
Owner

lightswitch05 commented Sep 15, 2020

I have TCL roku tv too. Some ideas:

  • Ensure direct port 53 access is either blocked or redirected to your DNS server of choice - this will prevent Roku from talking directly to 8.8.8.8, which it loves to do
  • Go through your settings and turn off all the smart features. I'm not in front of my TV at the moment, but some of them is 'Limit Target Advertising' and things that are worded in a way to make you think its a feature like making content suggestions. Make no mistake, Roku is an advertising company and they aren't trying to help you find things, but rather advertise to you.
  • I'm sure its loading things through the API subdomains, but blocking that will break things.

@lightswitch05 lightswitch05 added help wanted Extra attention is needed question Further information is requested labels Sep 15, 2020
@jasonpearce
Copy link
Author

jasonpearce commented Sep 15, 2020

Thank you for responding.

Port 53:
I'll have to figure out how to do this on my router (I assume). I will attempt.

Smart Features:
TCL > Roku TV > Settings > Privacy > Advertising > Limit ad tracking (enabled)
TCL > Roku TV > Settings > Privacy > Advertising > Reset advertising identifier (did so, ads still appear)
TCL > Roku TV > Settings > Privacy > Smart TV experience > Use info from TV inputs (not selected)
TCL > Roku TV > Settings > Privacy > Smart TV experience > Enable auto notification (not selected)

Those were the only related settings I found, but will keep looking, will keep reviewing my DNS logs, and will attempt your port 53 suggestion (I do see *.roku.com logs in NextDNS.io, so at least some of its DNS requests are being fielded by NextDNS.io as desired).

@jasonpearce
Copy link
Author

jasonpearce commented Sep 16, 2020

In NextDNS.io, I added the following to my Deny List and the ad still appears in the Roku Home screen. NextDNS shows they were blocked in the logs. Maybe my router or the Roku is caching DNS values. I did reboot the Roku, but not the router (wife factor).

Blocked, but ad still appears:

  1. ads.roku.com
  2. amoeba.web.roku.com
  3. assets.sr.roku.com
  4. captive.roku.com
  5. cloudservices.roku.com
  6. configsvc.cs.roku.com
  7. keysvc.cs.roku.com
  8. lat-services.api.data.roku.com
  9. longview.sb.roku.com
  10. ls.cti.roku.com
  11. navigation.sr.roku.com
  12. prod.mobile.roku.com
  13. rokutime.com
  14. wwwimg.roku.com

@jasonpearce
Copy link
Author

jasonpearce commented Sep 16, 2020

Next set of notes as I continue to work on figuring out how to block the Roku ads on the home screen...

On the router, I rebooted the TCL Roku TV a few times and monitored the System Log Active Connections. This is the history log of active connections from my Roku TV to the Internet, sorted by unique destination IP address.

Protocol | DestinationIP | Port | State

  1. tcp | 3.94.16.137 | 443 | TIME_WAIT
  2. tcp | 3.209.42.208 | 443 | ASSURED
  3. tcp | 3.220.141.182 | 443 | ASSURED
  4. tcp | 3.223.113.242 | 443 | ASSURED
  5. tcp | 3.225.19.195 | 443 | TIME_WAIT
  6. tcp | 3.225.160.242 | 443 | ASSURED
  7. tcp | 3.225.233.246 | 443 | ESTABLISHED
  8. tcp | 8.8.4.4 | 53 | TIME_WAIT
  9. tcp | 8.8.8.8 | 53 | TIME_WAIT
  10. tcp | 13.226.94.52 | 80 | TIME_WAIT
  11. tcp | 13.226.94.100 | 443 | ESTABLISHED
  12. tcp | 18.235.34.113 | 443 | ESTABLISHED
  13. tcp | 18.235.34.113 | 443 | TIME_WAIT
  14. tcp | 23.246.37.161 | 80 | ESTABLISHED
  15. tcp | 23.246.37.161 | 443 | ESTABLISHED
  16. tcp | 34.195.156.93 | 443 | ASSURED
  17. tcp | 34.196.86.2 | 443 | ASSURED
  18. tcp | 34.196.86.2 | 443 | TIME_WAIT
  19. tcp | 34.199.98.223 | 80 | ESTABLISHED
  20. tcp | 34.201.192.100 | 443 | TIME_WAIT
  21. tcp | 34.202.70.210 | 443 | TIME_WAIT
  22. tcp | 34.204.134.72 | 443 | ASSURED
  23. tcp | 34.204.248.161 | 443 | ESTABLISHED
  24. tcp | 45.57.40.1 | 443 | ESTABLISHED
  25. tcp | 45.57.90.1 | 443 | ESTABLISHED
  26. tcp | 52.2.192.239 | 443 | ASSURED
  27. tcp | 52.7.221.15 | 443 | TIME_WAIT
  28. tcp | 52.26.96.39 | 443 | ESTABLISHED
  29. tcp | 52.44.151.196 | 443 | ESTABLISHED
  30. tcp | 52.54.130.155 | 443 | ASSURED
  31. tcp | 52.206.135.16 | 443 | TIME_WAIT
  32. tcp | 54.84.43.170 | 443 | TIME_WAIT
  33. tcp | 54.87.239.249 | 2350 | ESTABLISHED
  34. tcp | 54.87.239.249 | 2350 | TIME_WAIT
  35. tcp | 54.209.231.45 | 443 | TIME_WAIT
  36. tcp | 54.224.135.9 | 443 | ESTABLISHED
  37. tcp | 172.217.4.33 | 443 | ESTABLISHED
  38. tcp | 172.217.4.33 | 443 | TIME_WAIT
  39. tcp | 172.217.4.34 | 443 | TIME_WAIT
  40. tcp | 172.217.4.225 | 443 | ESTABLISHED
  41. tcp | 172.217.4.225 | 443 | TIME_WAIT
  42. tcp | 172.217.6.1 | 443 | CLOSE
  43. tcp | 172.217.6.1 | 443 | ESTABLISHED
  44. tcp | 172.217.6.97 | 443 | ESTABLISHED
  45. tcp | 172.217.6.97 | 443 | TIME_WAIT
  46. tcp | 172.217.8.194 | 443 | TIME_WAIT
  47. udp | 8.8.8.8 | 53 | UNREPLIED

lightswitch05 is right in that there are some port 53 entries to Google's DNS at 8.8.8.8 and 8.8.4.4.

@jasonpearce
Copy link
Author

jasonpearce commented Sep 16, 2020

The following appears to be successful in blocking ads on the Roku TV home screen.

Step 1, block these domains:
Use NextDNS or a Pi-Hole to block DNS queries to these domains.

  1. amoeba-plus.web.roku.com
  2. display.ravm.tv
  3. liberty.logs.roku.com
  4. ravm.tv
  5. scribe.logs.roku.com
  6. track.sr.roku.com
  7. wwwimg.roku.com

I perform step 1 by configuring my home router to use NextDNS.io. I then added those domains to my Deny List in NextDNS.io.

Step 2, block LAN to WAN connections from the Roku over port 53:
Use your router's firewall to block Roku LAN to Port 53 WAN.

  1. Replace ASUS router with ASUSwrt-merlin
  2. LAN > DHCP Server > Manually assign IP to the Roku (e.g. make sure it has a static IP or DHCP reservation)
  3. Firewall > Network Services Filter > Enable
  4. Firewall > Network Services Filter Table > add these two entries

One TCP entry for Port 53, one UDP entry for Port 53:

  • Source IP: The static IP of your Roku
  • Port Range (source): empty
  • Destination IP: empty
  • Port Range (destination): 53
  • Protocol: TCP for one row, UDP for the second row

The Network Services filter blocks the LAN to WAN packet exchanges and restricts devices from using specific network services.

We previously identified that the Roku was using Google's public DNS servers 8.8.8.8 and 8.8.4.4 instead of querying the ASUS router for DNS.

If the Roku only queried the ASUS router, all of its DNS queries would have been answered by the ASUS router and then by NextDNS.io.

By blocking outbound port 53 for both TCP and UDP protocols (just for the Roku), the Roku is unable to resolve Google-provided DNS queries (that don't get blocked) and must fall back to using ASUS+NextDNS DNS queries (that do get blocked).

Result: No more ads on the Roku home screen (for now).

@lightswitch05
Copy link
Owner

lightswitch05 commented Sep 16, 2020

All those are currently blocked on my list except:

  • amoeba-plus.web.roku.com
  • wwwimg.roku.com

the image one seem super generic. Do you have any functionality breaking?

@jasonpearce
Copy link
Author

jasonpearce commented Sep 16, 2020

My result. No ad on the right 1/3 of the home screen.

Google Photo of a TCL Roku TV without an Ad:

@lightswitch05 I have not yet identified a loss of functionality, but I've been living with this change for only 15 minutes. What works:

  • I've rebooted several times, no ads
  • Netflix, Amazon Music, Radio Paradise, Soma FM, and even Roku Channel work fine

According to NextDNS.io, all of the "Step 1, block these domains" I listed are a) being queried from my ASUS to NextDNS and b) are being blocked by NextDNS.

I'd welcome others to test also blocking amoeba-plus.web.roku.com and wwwimg.roku.com before you add it to your wonderful block list. I'll return to comment if I do observe missing functionality.

@lightswitch05
Copy link
Owner

lightswitch05 commented Sep 17, 2020

I added the two domains to my local black list and will test them out

@lightswitch05
Copy link
Owner

lightswitch05 commented Sep 17, 2020

  • Settings -> home screen:
    • featured free: Hide
    • movie store and tv store: hide
    • my offers: hide

@jasonpearce
Copy link
Author

jasonpearce commented Sep 17, 2020

@lightswitch05 Thank you again for your block list. I hope my research will be helpful to you and your users.

Over on my blog, I wrote more about what I learned and the steps I took to remove the ad. I agree that it appears to require more than just a DNS block list. That you must also prevent the Roku from making its own DNS queries to public DNS servers 8.8.8.8 and 8.8.4.4. Meaning, a savvy user must also be able to create some firewall rules to block Roku ads.

Thanks again.

@jasonpearce
Copy link
Author

jasonpearce commented Sep 17, 2020

I forgot to provide you a link to my article:

https://jasonpearce.com/2020/09/16/how-to-disable-ads-on-the-roku-home-screen/

@lightswitch05
Copy link
Owner

lightswitch05 commented Sep 17, 2020

I'm glad you figured it out. I'm sure it will be useful to others. I think suggesting people going into Settings -> Home Screen and disabling the My Offers section is also applicable since that is specificaly referencing advertising on the home screen.

@jasonpearce
Copy link
Author

jasonpearce commented Sep 17, 2020

Thanks for the suggestion. I'll review this evening and update my blog post.

@jasonpearce
Copy link
Author

jasonpearce commented Sep 17, 2020

Updated blog post.

Roku Features to disable:

  • Roku TV > Settings > Privacy > Advertising > Limit ad tracking (enabled)
  • Roku TV > Settings > Privacy > Advertising > Reset advertising identifier (do this often)
  • Roku TV > Settings > Privacy > Smart TV experience > Use info from TV inputs (not selected)
  • Roku TV > Settings > Privacy > Smart TV experience > Enable auto notification (not selected)
  • Roku TV > Settings > Home Screen > Featured Free > Hide
  • Roku TV > Settings > Home Screen > Movie Store and TV Store > Hide
  • Roku TV > Settings > Home Screen > My Offers > Hide

BTW, I did not have this option "Roku TV > Settings > Home Screen > My Offers > Hide"

@jasonpearce
Copy link
Author

jasonpearce commented Sep 25, 2020

@lightswitch05 So far, no problems using my Roku with the settings documented in this tread and here: https://jasonpearce.com/2020/09/16/how-to-disable-ads-on-the-roku-home-screen/.

If you are also satisfied, you may close this ticket. Thanks for your help. The suggestion to use a firewall to block the Roku from accessing 8.8.8.8 and 8.8.4.4 was the direction I needed.

@lightswitch05
Copy link
Owner

lightswitch05 commented Sep 25, 2020

Thanks for the update. I too did not notice any broken features from the added blocks and have added:

  • amoeba-plus.web.roku.com
  • wwwimg.roku.com

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Extra attention is needed question Further information is requested
Projects
None yet
Development

No branches or pull requests

2 participants