Stories with Tag ad blocking

• Block YouTube ads on AppleTV by decrypting and stripping ads from Profobuf (2022)

  permalink

  Posted: 2025-03-18 07:59:50

  Verbose tl;dr

  This blog post details a method for blocking YouTube ads on Apple TV by intercepting and manipulating encrypted traffic using pfSense, a firewall and router platform. The author leverages pfSense's ability to decrypt TLS/SSL traffic, then uses a custom Python script to parse and filter Google's Protocol Buffer (protobuf) messages, removing the components associated with advertisements before re-encrypting and forwarding the modified traffic to the Apple TV. This approach eliminates ads without relying on DNS blocking or other methods that YouTube might easily circumvent. The post provides a detailed explanation of the setup process, including installing necessary packages, configuring pfSense, and implementing the Python script.

  This blog post by Eric Draken details a complex method for blocking YouTube advertisements on Apple TV by intercepting, decrypting, and modifying the network traffic responsible for delivering those ads. The core issue stems from YouTube serving ads within the same protocol buffer (protobuf) stream as the video content itself, making simple blocking based on URL or domain insufficient.

  Draken's approach leverages pfSense, an open-source firewall and router distribution, as the primary tool for manipulating this traffic. The process begins with configuring pfSense to act as a transparent proxy, effectively intercepting all network traffic flowing to and from the Apple TV. This interception allows pfSense to analyze the data passing through.

  Since YouTube utilizes HTTPS, the encrypted traffic must be decrypted to analyze the protobuf messages. This decryption is achieved through a man-in-the-middle (MITM) attack, where pfSense intercepts the SSL/TLS handshake and presents its own certificate to the Apple TV, effectively posing as the YouTube server. To facilitate this, the root certificate authority (CA) generated by pfSense needs to be trusted by the Apple TV. Draken explains the process of generating and installing this certificate.

  Once decrypted, the traffic, specifically the protobuf messages containing the video stream and embedded ads, is accessible. Draken utilizes a Python script executed by pfSense, leveraging the python-protobuf library. This script parses the intercepted protobuf data, identifies messages pertaining to advertisements, and effectively removes or "strips" these messages from the stream before forwarding the modified, ad-free stream to the Apple TV.

  The blog post provides detailed instructions on setting up the necessary pfSense components, including the installation of required packages, configuration of the transparent proxy, and setup of the SSL/TLS interception. It also includes the Python script responsible for protobuf manipulation, meticulously explaining the logic behind identifying and removing the ad-related messages. The post highlights the complexity involved in decoding and manipulating protobufs, demonstrating how different protobuf definitions are required based on factors like video resolution and other stream parameters. Furthermore, Draken addresses the maintenance aspect of this method, acknowledging the need to update the protobuf definitions and Python script as YouTube evolves its ad delivery mechanisms. He suggests strategies for maintaining effectiveness, such as monitoring logs for errors and adapting the script to changes in YouTube's protobuf structure.

  • YouTube
  • ad blocking
  • AppleTV
  • pfSense
  • Decryption
  • Protobuf
  • Proxy Server
  • TLS Interception
  • network security
  • Ad Removal
  • 2022

  Summary of Comments ( 385 )
  https://news.ycombinator.com/item?id=43396735

  Verbose tl;dr

  Hacker News commenters generally express skepticism about the effectiveness and practicality of the described method for blocking YouTube ads on Apple TV. Some doubt the claim that all YouTube ads are served via protobuf, suggesting the method is likely to break frequently. Others point out the resource intensiveness of decrypting and re-encrypting TLS traffic on less powerful hardware like the Apple TV. Several commenters propose alternative ad-blocking solutions like Pi-hole or NextDNS, arguing these are simpler and more robust. The privacy implications of MITMing TLS traffic are also raised. While some acknowledge the cleverness of the approach, the consensus leans towards it being more of a proof-of-concept than a practical, long-term solution.

  The Hacker News post discussing the blog post about blocking YouTube ads on AppleTV by decrypting and stripping ads from Protobuf has a moderate number of comments, sparking a discussion around the effectiveness, ethics, and technical aspects of the approach.

  Several commenters express skepticism about the longevity of this method. They predict that Google will likely adapt and change its ad delivery system, rendering this specific decryption technique obsolete. This cat-and-mouse game between ad blockers and ad providers is a recurring theme. Some even suggest that Google might intentionally introduce breaking changes to specifically target this method, while others take a more neutral stance, viewing it as an inevitable evolution in the arms race between ad blockers and platforms.

  The legality and ethical implications of bypassing ads are also debated. While some argue it's within the user's right to control their viewing experience, others point out that YouTube's terms of service likely prohibit such manipulation. This leads to a discussion about the broader issue of ad-supported content and the balance between user experience and content creator compensation.

  Technical details of the implementation are discussed, with some questioning the efficiency and potential side effects of decrypting and re-encrypting the stream in real-time, particularly on less powerful devices like the AppleTV. The use of Protobuf for ad delivery is also mentioned, with some commenters expressing surprise or noting its prevalence in Google's infrastructure.

  Alternative ad-blocking methods are suggested, including Pi-hole and other DNS-based solutions, which some commenters consider more robust and less prone to being circumvented. There's also a mention of using a custom DNS setup to block known ad servers.

  Finally, some users share their personal experiences with ad blocking and express frustration with the increasing prevalence of ads on streaming platforms. This sentiment fuels the discussion about the ongoing struggle between users seeking an ad-free experience and platforms relying on advertising revenue.

• WebShield – A new wide-spectrum content blocker for Safari

  permalink

  Posted: 2025-02-28 11:21:04

  Verbose tl;dr

  WebShield is a new, free, and open-source content blocker for Safari designed to provide comprehensive protection against a wide range of online annoyances. Leveraging a constantly updated blocklist, it tackles intrusive ads, trackers, cryptocurrency miners, EU cookie banners, and other unwanted content, aiming for a cleaner and faster browsing experience. Users can customize their blocking preferences and add their own custom rules. Built using only native WebKit APIs, WebShield emphasizes performance and privacy by ensuring all processing is done locally on the device.

  WebShield is a newly developed content blocking extension specifically designed for the Safari web browser. It aims to provide comprehensive protection against a wide array of undesirable online content, functioning as a robust and multifaceted shield against various intrusive elements. The extension leverages a layered approach to content blocking, utilizing several distinct mechanisms to achieve its protective goals. These mechanisms include the utilization of Safari's built-in content blocking functionality, employing meticulously curated filter lists sourced from reputable providers, and integrating custom rule sets to further refine the blocking process.

  WebShield distinguishes itself by offering granular control over the blocking experience. Users are empowered to selectively enable or disable specific filter lists, effectively customizing the level and type of content blocked. This allows for a tailored browsing experience, balancing protection with accessibility to desired content. This adjustable nature sets it apart from more rigid content blockers that offer limited user customization.

  The extension's underlying architecture emphasizes efficiency and performance. By utilizing native Safari APIs and optimized filtering algorithms, WebShield strives to minimize its impact on browsing speed and system resources. This focus on performance ensures a smooth and responsive browsing experience, even with extensive filtering rules activated.

  Furthermore, WebShield prioritizes transparency and open-source principles. The project's source code is publicly available on GitHub, encouraging community involvement and allowing for independent auditing of its functionality. This transparent approach fosters trust and allows users to understand precisely how the extension operates.

  In summary, WebShield presents itself as a versatile and powerful content blocking solution for Safari users. Its multi-layered approach, granular control options, performance-conscious design, and open-source nature combine to offer a comprehensive and customizable shield against unwanted online content, promoting a safer and more streamlined browsing experience.

  • Safari
  • Content Blocker
  • Web Extension
  • privacy
  • ad blocking
  • Tracking Protection
  • WebShield
  • browser extension
  • macOS
  • iOS
  • iPadOS

  Summary of Comments ( 6 )
  https://news.ycombinator.com/item?id=43204406

  Verbose tl;dr

  HN users generally expressed interest in WebShield, praising its open-source nature and potential effectiveness. Several commenters appreciated the developer's focus on privacy and the detailed explanation of the blocking process. Some raised concerns about the reliance on JavaScript and the potential for performance impact, suggesting native implementation would be preferable. Others questioned the long-term maintainability of the project and the feasibility of keeping the block lists updated. A few users mentioned existing content blockers and questioned WebShield's differentiation, while others welcomed it as a valuable addition to the Safari ecosystem. The developer actively engaged with the comments, addressing questions and clarifying the project's goals.

  The Hacker News post for WebShield has several comments discussing its functionality, potential, and limitations.

  One commenter expresses excitement about the project, specifically highlighting the ability to block cookie banners. They see this feature as a significant advantage and hope it works effectively. Another user echoes this sentiment, focusing on the annoyance of cookie banners and the desire for a reliable solution.

  A discussion arises around the technical details of WebShield's implementation. One commenter inquires about the method used to block content, specifically asking whether it relies on a declarative approach with filter lists like uBlock Origin or employs a procedural method involving JavaScript. The developer of WebShield responds, clarifying that it uses a hybrid approach. While primarily declarative with filter lists, it also incorporates limited JavaScript execution within a sandboxed environment to handle more complex blocking scenarios. This exchange reveals a nuanced understanding of content blocking techniques within the commentariat.

  Further technical discussion ensues regarding the performance implications of WebShield. One commenter raises concerns about potential slowdowns due to the use of JavaScript, referencing the performance impact observed with similar browser extensions. The developer acknowledges this valid concern and emphasizes their commitment to minimizing JavaScript usage to maintain optimal browser performance. They further explain that the careful and limited use of JavaScript is a deliberate design choice to balance functionality and performance.

  A separate thread emerges comparing WebShield to existing content blockers. One commenter mentions uBlock Origin and its comprehensive features, questioning the need for a new solution. Another user counters this argument by pointing out the specific focus and potential advantages of WebShield, particularly in its approach to handling cookie banners and other targeted annoyances. This exchange highlights the diverse preferences and needs within the content blocking user base.

  Finally, a commenter raises a question about the project's license. The developer promptly responds, confirming the use of the GPLv3 license, thereby addressing the inquiry about open-sourcing and community involvement.

  Overall, the comments demonstrate a mix of enthusiasm for the potential of WebShield, particularly its cookie banner blocking capabilities, alongside pragmatic concerns about its technical implementation and performance. The developer actively engages with the commenters, providing insightful responses and clarifications, fostering a constructive discussion about the project's strengths and limitations.

• Pi-hole v6

  permalink

  Posted: 2025-02-18 18:31:36

  Verbose tl;dr

  Pi-hole v6.0 is a significant update focusing on enhanced user experience and maintainability. It features a redesigned web interface with improved navigation, accessibility, and dark mode support. Under the hood, the admin console now uses Vue 3 and the API utilizes PHP 8.1, modernizing the codebase for future development. FTL, the DNS engine, also received updates improving performance and security, including DNSSEC validation enhancements and optimized memory management. While this version brings no major new features, the focus is on refining the existing Pi-hole experience and laying the groundwork for future innovation.

  The Pi-hole project has announced a significant update, Pi-hole v6.0, marking a major evolution in its network-wide ad-blocking and internet privacy capabilities. This version introduces a completely redesigned web interface built with Vue 3, providing a more modern, responsive, and user-friendly experience. The new interface offers improved navigation, real-time statistics updates, and enhanced accessibility.

  Beyond the visual overhaul, Pi-hole v6.0 boasts substantial performance improvements. Query logging and filtering are now significantly faster, thanks to optimized database interactions and code refactoring. This leads to reduced system load and improved responsiveness, especially noticeable on devices with limited resources like the Raspberry Pi.

  A key feature of this release is the introduction of a new "FTL Engine," the core component responsible for DNS resolution and ad blocking. This redesigned engine brings substantial performance gains and allows for more advanced filtering logic and future extensibility. It facilitates faster query processing, more efficient memory usage, and enhanced stability.

  The update also introduces improved logging capabilities. Users can now access detailed query logs with enhanced filtering options, making it easier to troubleshoot network issues and analyze browsing patterns. This granular control over logging provides valuable insights into network activity and allows for more effective customization of blocking rules.

  Pi-hole v6.0 also offers streamlined installation and update procedures, simplifying the process for both new and existing users. The update mechanism has been refined to ensure a seamless transition and minimize potential disruptions. Comprehensive documentation and guides are available to assist users with the upgrade process and familiarize them with the new features.

  The release highlights Pi-hole's continued commitment to user privacy and security. The project remains focused on providing users with tools to control their network and protect their data. The new version reinforces this commitment by enhancing performance and usability without compromising on its core functionality of blocking unwanted content and improving network performance. This comprehensive overhaul signifies a significant step forward for the Pi-hole project, modernizing its platform and strengthening its position as a leading solution for network-wide ad blocking and enhanced privacy.

  • Pi-hole
  • dns
  • DNS sinkhole
  • network security
  • ad blocking
  • privacy
  • IPv6
  • v6
  • Software Update
  • release
  • Raspberry Pi
  • home network
  • network administration

  Summary of Comments ( 261 )
  https://news.ycombinator.com/item?id=43093328

  Verbose tl;dr

  Hacker News users generally expressed excitement about Pi-hole v6, praising its improved interface and easier setup, particularly for IPv6. Some users questioned the necessity of blocking ads at the DNS level, citing browser-based solutions and the potential for breakage of legitimate content. Others discussed alternative solutions like NextDNS, highlighting its cloud-based nature and advanced features, while some defended Pi-hole's local control and privacy benefits. A few users raised technical points, including discussions of DHCPv6 and unique privacy addresses. Some expressed concerns about the increasing complexity of Pi-hole, hoping it wouldn't become bloated with features. Finally, there was some debate about the ethics and effectiveness of ad blocking in general.

  The Hacker News post "Pi-hole v6" discussing the release of Pi-hole version 6.0 generated a moderate number of comments, mostly revolving around users' experiences with Pi-hole, DNS configuration, and the new features of v6.

  Several commenters expressed their appreciation for Pi-hole and its effectiveness in blocking ads and trackers. One user highlighted how Pi-hole significantly cleaned up their browsing experience, making web pages load faster and look less cluttered. Another shared their long-term satisfaction with Pi-hole, having used it for several years without major issues.

  A significant portion of the discussion centered around DNS configuration and best practices. One commenter advised against using the Pi-hole as the DHCP server, recommending a dedicated router for that purpose. They further explained potential issues with assigning DNS servers via DHCP, particularly if devices ignore the provided settings. Another user detailed their complex home network setup, utilizing multiple Pi-holes and unbound for improved resilience and performance. This spurred a small side discussion about the benefits and drawbacks of different DNS configurations.

  The new features of Pi-hole v6 were also a topic of interest. One commenter inquired about the impact of the new query caching mechanism on performance. Another asked about the improvements related to DHCPv6 support, a feature they were eager to utilize. While some commenters welcomed the new features, others expressed concerns about the increased complexity of the software and potential performance overhead.

  Finally, a few commenters discussed alternative ad-blocking and privacy solutions, including NextDNS and AdGuard Home, comparing their features and performance to Pi-hole. Some users suggested that while Pi-hole is a great option for technically inclined users, other solutions might be more user-friendly for less experienced individuals. Overall, the comments reflect a general positive sentiment towards Pi-hole, with users sharing their experiences, offering advice, and discussing the latest developments in the ad-blocking space.