this post was submitted on 22 Nov 2024
298 points (99.0% liked)
Technology
60102 readers
2701 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
FYI for those using DNS-based adblocking: I discovered that my AndroidTV box asks 8.8.8.8 when my local DNS server blocks a request.
Block all port 53 traffic from your network outside of your DNS server/pihole itself.
Block all known DoH servers.
If you want to get REALLY fancy you can write a NAT rule that will force any outgoing request on port 53 to route to your dns/pihole.
I do all of this. It's actually funny to see the requests that were hardcoded to go somewhere. Giant fuck you to those companies.
Do DoH requests go though 443?
Yes. But there are lists of well known IPs that are serving DoH. So you can just block those. Obviously blocking 443 is not a good idea.
Damn, never digged into that I thought blocking the DNS port would be enough, thanks for the information.
What a shower of twats. Don't block the request in that case, just redirect it to your local server that returns a 1x1 transparent png for all requests.
Depending on your router you can forward all request on port 53 to your DNS server regardless of the IP they try to use.
I always have issues with dns blocking so I tried something sneaky I redirected all DNS requests to 1.1.1.1/1.0.0.1 and it worked brilliantly, for about a month when it stopped working all together, I don’t know if a cache was wiped or google saw what I was doing and made a special exception just for me, obviously I want to believe I’m a special snowflake taking the world’s largest internet company head on in an epic battle of wits and skill but I think the cache thing might be more likely for some reason.
You mean redirecting on your router? How should google stop you from doing that? And why would you redirect to cloudflare lol
It could start using DNS over HTTPS if it had enough failed requests. Those wouldn’t be able to be redirected
Dang, so you'd have to block Google's DNS at the router level too?
I wouldn't mind doing it. I run my own DNS so it wouldn't affect me, but I figure if they're already trying 8.8.8.8 they may as well try 8.8.4.4 and perhaps more, so it'd require a bunch of firewall rules.
Now, all of that is moot point cause I hate the whole "smart TV" thing, so they'd never be connected to the internet.
Right. It's probably easier to give it a whitelist instead of a blocklist.
I set up my firewall to block all outgoing traffic to ports 53 and 853 (except for the upstream traffic from my pihole). I suppose DoH could still sneak through though.
I connected an old laptop with linux mint and put the TV always in HDMI mode. Problem solved.
Only if you mean the tv has no web access
https://www.newscientist.com/article/2449198-smart-tvs-take-snapshots-of-what-you-watch-multiple-times-per-second/
I disabled the wifi yes. I deleted the wifi config and cleared the password too.
Dang what an arseholes they are... I wish there was an easy way to flash it or spoof the update server or some shit that allowed us to change all this ill willed software..
Then block 8.8.8.8 and use 1.1.1.1 or Quad9