Privacy Cookbook - Chapter 6.6 - PCs, Desk & Laptops - DNS and Firewalls

We have mentioned previously just how important DNS is on iOS and  Android and we've also been over how you can secure your WiFi network with a Pi-Hole and with AdGuardHome.

But, of course, there is always the problem of when you are on the road with  your notebook. You won't have many problems if you're using Tails or Qubes.

Likewise, you'll maybe have seen our articles (and those of others) recommending VPN services to achieve a secure setup in a coffee shop or other place with public WiFi and which allow you to connect securely. However, you still rely on a single point of failure. You could insist that your notebook by itself is a single point of failure but you do have options, and some pretty good ones, for security on the GO!

One product we keep mentioning in the Privacy Cookbook is AdGuard. We've had it on Android, there is  an iOS version (not my recommendation as there are better alternatives) and we've had the AdGuardHome solution on the RaspberryPi! And AdGuard also has versions for MacOS and Windows.

As there are effectively 2 solutions, let's start with the better one:

The Firewall solution - which blocks malware, ads and every website you don't want to see. The best part it also blocks YouTube Ads and lets you control re-directions and your own DNS server.  

The other solution is, of course:

The Hostfile solution - simple, free and always working!

One beauty of a hostfile is that it can easily be modified on Windows, Linux or Mac. However, more recently, Windows 10 has made it more difficult to open apps such as administrator but it’s not impossible! Search on your Notepad, then right-click on Notepad in the search results list and  choose to run it as administrator.

Once you’ve done that, open up the following file using the File -> Open feature

c:\windows\system32\drivers\etc\hosts
   
After which you can edit as usual once notepad is open.

In this example we will block Facebook. To do this just enter in the following after the # mark.

0.0.0.0    www.facebook.com #suckerberg

Now that you have edited your Hostfile make sure to save it, Facebook should now be blocked on your browser!

On Linux and Mac it is simpler, just open the terminal and type

sudo nano /etc/hosts

Or if you use vim

sudo vim /etc/hosts

Add the same format

0.0.0.0 Facebook.com #deletefacebook

Save it and you're free of facebook.com

Now that's probably not the only page you want to block so here is a list of great hostlists, copy all the entries to your list and you will be golden!

Adguard Simplified - English filter, Social media filter, Spyware filter, Mobile ads filter, EasyList and EasyPrivacy
AdAway - Blocking mobile ad providers and some analytics providers
hpHosts - Ad and Tracking servers only
CHEFKOCH - NSA Blocklist
CHEFKOCH - Canvas font fingerprinting
CHEFKOCH - Audio fingerprinting
CHEFKOCH - Canvas fingerprinting
CHEFKOCH - Trackers
CHEFKOCH - Facebook
StevenBlack - with the fakenews, gambling and social extensions
Google - Blocks all Google domains and services
Facebook & FB - Blocks Facebook and its Apps

Privacy Cookbook - Chapter 3 - Ad and Bad traffic filtering

This solution does not help you modifying your DNS.

However, AdGuard has a great guide for each OS on their website

How to set up AdGuard DNS

Full guide on how to set up DNS level ad blocking and protection against tracking and phishing on any operating system or device.

AdGuard can already block (out of the box) a great list of services by just using the DNS servers for them. However, feel free to check for the DNS  servers on any of our recommended lists above.

This solution is free vs the Firewall solution which will cost.

OK, we said two but here is a 3rd possible solution, where we recommend NextDNS

This  works for all 3 OSs, Linux, Mac and Windows and the beauty of this  one is that you can block and unblock sites and services.

Have a look at the writeup for NextDNS as we explained it back in Chapter 2.

Privacy Cookbook - Chapter 2.1 - nextDNS

NextDNS - easy adblocking with DoT and DoH On paper, nextDNS would appear to be the Holy Grail when it comes to DNS services, but let’s not get carried away ;) ​nextDNS is basically a DNS service that has an “integrated pi-hole” to the cloud.They use their own proprietary software, so it is not ac…

Privacy AdvocateDecentralise.Today

I like to stress DNS as it is so important! ISPs are known to slow down  your internet connections, redirect traffic and block websites. You can go around all of this with a simple DNS change whilst blocking bad  traffic at the same time.

Bear in mind, however, that this  solution does not hide the traffic from your ISP. Your Internet service provider will still be able to see every website you visit and log every  move you made. If you want to go around this you need to consider using the Tor Browser which is by far the best solution.

For more on hiding your identity online, we recommend the following:

The Tor Enigma

You have nothing to fear, if you have nothing to hide. This is the message we hear repeatedly drummed across Social and mainstream media platforms, News anchors, celebrities, academics, politicians all parroting the same script in one form or another, leading you to believe that it’s weird to want…

Decentralize.todayDecentralise.Today

Privacy Cookbook - Chapter 4.5 - VPN multiple big solutions

Lets be honest, Algo, which we covered in the last chapter of the Privacy Cookbook, is probably the best and easiest solution to get your own VPN installed, up and running. However that doesn’t mean there aren’t other solutions that are only a click or a few lines of script away! Some are provid…

Privacy AdvocateDecentralise.Today

Privacy Cookbook - Chapter 4.4 - Algo VPN (Wireguard and IKEv2)

We promised you an even easier solution than we proposed in Chapter 4.3 (OPENVPN) so today we cover a setup that allows IKEv2 with strong encrypto (AES-GCM, SHA2 and P-256), and WireGuard with a built-in ad and tracking blocker! This solution is called Algo VPN! https://github.com/trailofbits/algo…

Privacy AdvocateDecentralise.Today

Perhaps  one of the best solutions, which works as a combination of a Firewall,  a DNS provider and an OpenVPN (hiding your IP) is to be found in:

Privacy Cookbook - Chapter 4.3 - OpenVPN+Pi.hole

Today we have a look on how to install OpenVPN+Pi.hole on a digitalocean. Remember it is best if you can pay with crypto but unfortunately there are not many good crypto powered solutions out there! Hetzner is great and gives way more traffic than digitalocean, but they ask for an ID even after …

Privacy AdvocateDecentralise.Today

For Mac, Linux and Windows we've had dedicated write-ups on additional firewall solutions to be found here:

Privacy Cookbook - Chapter 6.1 - PCs, Desk & Laptops - MacOS

Before we jump into secure Linux distribution and what options you have to make your computer really secure, let’s cover off MacOS. Firstly, I recommend to start with a fresh copy of your OS. Even though this step is optional for you, I strongly recommend you to do so. Boot into Recovery Mode H…

Privacy AdvocateDecentralise.Today

Privacy Cookbook - Chapter 6.3 - PCs, Desk & Laptops - Linux Hardening

Before we jump into Tails and QubesOS, let’s get a hardening guide out to make your Linux system as secure and private as possible. Physical System Security 1. Configure BIOS to disable booting from CD/DVD, External Devices, Floppy Drive in BIOS. 2. Enable BIOS password and protect GRUB with a pa…

Privacy AdvocateDecentralise.Today

And in our next Chapter I will provide recommendations for software on MacOS, followed by the same for Linux. I won't be covering Windows, as I don't use it, and I strongly recommend you ditch it yourself, as quickly as possible!

Stay safe, people!

The PA