Table of Contents
- Why ?
- Unbound for Linux, Mac and Windows
- Pihole for Linux, Mac and Windows
- About aggressive trackers
- Extensions for Android and IOS devices
- Adguard for Android TV, Linux, Mac, Windows
- License
Cname-cloacking is in breach of European law (GDPR) and the law in many countries (California and Australia seem well inspired too) because they hide the DNS references of the site you are visiting. It is therefore impossible to obtain user consent for these third-party sites and the immediate effect is that you are tracked on all sorts of sites.
This is a more pernicious method than third-party cookies because it is tacit and there is no recourse. It's a real goldmine for the companies that use it. It's staggering when you consider that some of these companies boast that they can be connected to 600 other trackers.
They can keep your data for as long as they like, since it does not officially exist. This can mean your whole life, as we have seen with databases revealed that have 2 or 3 times the number of people on earth.
Would you like to have a spy on your shoulder from morning to night, analysing your every move throughout the day, right down to the brand of toilet paper you use?
A recent revelation showed that certain viruses could hide in the advertisements of a major global company using information that was not available to the public. This is nothing new, but now it's been proven.
The issue of energy savings and the autonomy of our connected devices is now very important. It's a question of ecological common sense. Premature ageing due to over-solicitation of advertising is a major factor. The image of a vehicle in overdrive dragging advertising hoardings seems appropriate to me.
You can install the excellent DNS software that also caches DNS unbound: You can then include the stub-zone list stub-zone.
For a family or with the multitude of connected objects, installing Pi-hole is very effective:
These solutions offer huge savings in data and bandwidth, not to mention considerable energy savings.
For example, Pihole blocks 35-60% of advertising and trackers. This translates into a 50% increase in battery life for my Samsung smartphone.
I have created blocking lists for Pi-hole. You can download them to your computer and open them with your favourite editor.
- A list based on strict regexes of domain names pihole_domains_list.txt
- A list based on regexes that take sub-domains into account pihole sub-domain list.txt
Do not add these lists as text lists because the regexes will probably be treated as text.
The solution, which only takes a few seconds, is to copy each list and paste it into the pihole graphical interface for adding regexes in :
Domains > Domain management > RegEx filter and paste into the field.
Clicking on the ‘Add to denied domains’ button will add the regexes to Gravity's sqlite3 database in a few seconds.
You will notice that the red icon to the right of "Domains" has increased accordingly.
Pihole remains the ideal solution for protecting all the devices in your home as soon as you can specify a DNS server on your private network.
Pihole even protects you outside your home if you use a VPN that connects you to your web router.
-
In my observations, I have found that it is risky to use Android applications that have hard-coded calls to trackers, bugs and advertising agencies. I assume the same applies to iPhones, but I don't have any to verify this.
As far as possible, use a good browser with extensions that protect your privacy (high marks to cookie-autodelete for taking care of cookies). This will be enough to block all these malicious trackers, although there are a few caveats. -
It is possible that the regexes can block sub-domains of sites that you like with Pihole, the solution is to set the blocked line to ‘Allow’ to authorise this sub-domain or to go faster, you can type the following in a console:
sudo pihole --allow-regex '(\.|^)subdomain\.domain\.com$' -
About my methodology, I use the same one as firewall administrators use on a computer network. I block anything suspicious, then gradually allow what needs to be allowed to create tailor-made exceptions to the rule.
You can create exceptions with the “Allow” button in Pihole's query logs item. Bear in mind that a viral load can be sent via a zero-click ad.
If you're experiencing several thousand connection attempts a day to mobile.pipe.aria.microsoft.com, which are draining the resources of your installation as well as those of your smartphone, you can stop and then disable the Link to Windows application on Android.
On Android 15, go to
Settings > Applications
and search for the Link to Windows application.
This stops all connections immediately.
If you need this app for any interaction with Windows, you can activate it for as long as you need, and deactivate it when you're done.
This application contains trackers that do not justify the tsunami of connections.
If you have hundreds of connections per day (more than doubleclick!) to mobileconfig.sascdn.com, it's also an aggressive tracker that's linked to the Smart AdServer tracker, which in turn is linked to Akamai (akamai.smartadserver.com). These domains are included in my list of domains.
A search in the trackers tab of the excellent Exodus application will show you all the applications containing this bug at the date of their last scan. It is possible to request an online scan of an application.
To put an end to this energy-hungry drain on your smartphone's resources, all you have to do is stop each of the offending applications in turn.
On Android, just go to
_Settings > Applications
to stop the flow of connections immediately.
You are free to deactivate or not the application in question, depending on your usage.
In my case, it was an application from an institutional weather service in my country.
Starting with the excellent ublock origin.
I found a cool Privacy Badger extension that doesn't block ads but all cnames and other vicious trackers.
To block advertising Adguard is stable. In the advanced settings, there is a watchdog option to restart Adguard. This is very useful if you find that Android regularly disables Adguard. It's an admission that this software is powerful.
The Adguard browser extension has a number of advantages Adguard works on Android and IOS.
With Librewolf, it is becoming commonplace to find that more and more websites are taking a fingerprint of your browser (in anticipation of the blocking of third-party cookies that is becoming more and more common?) This is obvious when using Librewolf, which has an activated option
Firefox does not activate it by default, which can be checked on the about:config options page where the privacy.resistFingerprinting item is set to false, as are others.
To protect against fingerprinting and avoid being tracked from site to site and tracker to tracker, there is the CanvasBlocker extension. This extension is available for the Mozilla family and all Chromes.
Simply install it with the default settings. By pinning it to the toolbar, you can see the icon change from green to red, indicating the number of fingerprints blocked.
Adguard exists as software that protects Android computers and televisions from ads, trackers and phishing.
If you wish to value my work and my investment, you can do so in Monero crypto-currency with this account number:
8AwD8HWyj1KSePrnk3VmkLJf3QQYKCHKmHBCZw4YBqEsLQpApAYUjRzQFx8WEQQqz78QXptAJvHQMPB2vp94pxiZTwtput9
I appreciate it.
cname-cloaking_and_tracking © 2022 by Vincent Millane is licensed under CC BY-SA 4.0
