proposal for more options in gnu/services/networking.scm for blocklist

proposal for more options in gnu/services/networking.scm for blocklist

[Nils Gillmann]

Some weeks when I first talked about GuixSD with someone who shares my
dislike for facebook, they came up with this idea "Why stop at facebook
with the block options?"

Giving users who want to (and this is what it should be marked as and
documented as) the choice to exclude most of the big players in
advertising by /etc/hosts blocking.
I know this is not very effective and it does not fix the overall
situation plus might introduces some problems if we get torbrowser in
for example, but just for the people who want to block ads this way it
could be a useful feature.
I am thinking of sending in several patches for services following up to
the facebook block. These services will be big advertising players only
and not be focused on specific things.
Eventually it could all be renamed to a different name set like
ads-$name-host-aliases to make the functionallity more clear.
The service facebook-host-aliases does block all of facebook, my
intention is to just block ad distribution networks.
I can't test it all, but I try to rule out problematic, site breaking
hosts in time, which is why this service set will be described with
something like "this might break some websites, if you encounter
problems please file a bug" (or similar).
Giving people who want these kinds of blocks the freedom to choose
this.

A first version for google I just came up with starts like the attached
code.

What do you think?

PS: For consistency with code and mailinglist I will use my legal name
now (etc, long reasoning and positions and pro/contra could follow but I
won't do this here)



(define %ads-google-host-aliases
  ;; This is a list of known google services excluding google.com
  "\
# Block Google Services IPv4.
127.0.0.1 www.google-analytics.com
127.0.0.1 ssl.google-analytics.com
127.0.0.1 www.google-analytics.l.google.com
127.0.0.1 google-analytics.com
127.0.0.1 googletagservices.com
127.0.0.1 video-stats.video.google.com
127.0.0.1 googleads.g.doubleclick.net
127.0.0.1 adservices.google.com
127.0.0.1 affiliate.googleusercontent.com
127.0.0.1 buttons.googlesyndication.com
127.0.0.1 feedads.googleadservices.com
127.0.0.1 m4.afs.googleadservices.com
127.0.0.1 mimageads*.googleadservices.com
127.0.0.1 mpartner.googleadservices.com
127.0.0.1 pagead*.googlesyndication.com
127.0.0.1 tcp.googlesyndication.com
127.0.0.1 www.googleadservices.com

# Block Google Services IPv6
fe80::1%lo0 www.google-analytics.com
fe80::1%lo0 ssl.google-analytics.com
fe80::1%lo0 www.google-analytics.l.google.com
fe80::1%lo0 google-analytics.com
fe80::1%lo0 googletagservices.com
fe80::1%lo0 video-stats.video.google.com
fe80::1%lo0 googleads.g.doubleclick.net
fe80::1%lo0 adservices.google.com
fe80::1%lo0affiliate.googleusercontent.com
fe80::1%lo0 buttons.googlesyndication.com
fe80::1%lo0 feedads.googleadservices.com
fe80::1%lo0 m4.afs.googleadservices.com
fe80::1%lo0 mimageads*.googleadservices.com
fe80::1%lo0 mpartner.googleadservices.com
fe80::1%lo0 pagead*.googlesyndication.com
fe80::1%lo0 tcp.googlesyndication.com
fe80::1%lo0 www.googleadservices.com\n")




-- 
ng/ni*
vcard: http://krosos.sdf.org

Re: proposal for more options in gnu/services/networking.scm for blocklist

[Ludovic Courtès]

Nils Gillmann <niasterisk@grrlz.net> skribis:

> A first version for google I just came up with starts like the attached
> code.
>
> What do you think?

I would use it!  (Although I use Tor + Privoxy for most of my web
browsing, so I would also need the black list there.)

The only downside I see it having to maintain it.  Do you know if anyone
maintains a list of these hosts somewhere?  If yes, we should put the
URL as a comment and have a somewhat streamlined process to update the
list.

If there’s no publicly-maintained list of hosts, I think we won’t go
beyond Google, because that would easily become unmaintained, and people
would be disappointed to get an incomplete/outdated host list.

What do people think?

> PS: For consistency with code and mailinglist I will use my legal name
> now (etc, long reasoning and positions and pro/contra could follow but I
> won't do this here)

Your call!

> (define %ads-google-host-aliases
>   ;; This is a list of known google services excluding google.com

[...]

> 127.0.0.1 mimageads*.googleadservices.com
> 127.0.0.1 mpartner.googleadservices.com
> 127.0.0.1 pagead*.googlesyndication.com

Wildcards are not permitted here.

> fe80::1%lo0affiliate.googleusercontent.com

Missing space.

> fe80::1%lo0 mimageads*.googleadservices.com
> fe80::1%lo0 mpartner.googleadservices.com
> fe80::1%lo0 pagead*.googlesyndication.com

Wildcards.

Would you like to turn this into a patch?  See
<https://www.gnu.org/software/guix/manual/html_node/Submitting-Patches.html>
(not everything is applicable here, though.)

Note that the manual also needs to be updated;
‘%ads-google-host-aliases’ can be documented just below
‘%facebook-host-aliases’.

Thanks,
Ludo’.

Re: proposal for more options in gnu/services/networking.scm for blocklist

[Nils Gillmann]

ludo@gnu.org (Ludovic Courtès) writes:

> Nils Gillmann <niasterisk@grrlz.net> skribis:
>
>> A first version for google I just came up with starts like the attached
>> code.
>>
>> What do you think?
>
> I would use it!  (Although I use Tor + Privoxy for most of my web
> browsing, so I would also need the black list there.)
>
> The only downside I see it having to maintain it.  Do you know if anyone
> maintains a list of these hosts somewhere?  If yes, we should put the
> URL as a comment and have a somewhat streamlined process to update the
> list.

There are many lists out there which are not limited to google.
The downside I see with this is external authorities and the trust you
have to put into them, plus unnecessary downloads.
If it should be moved into a file, I would put it into the Guix system
source. (-> maybe mirrors of those listed below?)
I could try and see if I can find a blacklist which is not very long and
does not need extensive checking.

>
> If there’s no publicly-maintained list of hosts, I think we won’t go
> beyond Google, because that would easily become unmaintained, and people
> would be disappointed to get an incomplete/outdated host list.
>
> What do people think?

Ublock Origin uses the following sources:
https://easylist.adblockplus.org/en/policy#easylist
http://pgl.yoyo.org/adservers/policy.php
http://www.malwaredomainlist.com
http://www.malwaredomains.com
https://github.com/gorhil/uBlock/tree/master/assets/ublock

Pro: Other people and collections of people maintain these lists. less
work for us
Pro: widely accepted and maintained

Con: see section above (other authorities, traffic)


>
>> PS: For consistency with code and mailinglist I will use my legal name
>> now (etc, long reasoning and positions and pro/contra could follow but I
>> won't do this here)
>
> Your call!
>
>> (define %ads-google-host-aliases
>>   ;; This is a list of known google services excluding google.com
>
> [...]
>
>> 127.0.0.1 mimageads*.googleadservices.com
>> 127.0.0.1 mpartner.googleadservices.com
>> 127.0.0.1 pagead*.googlesyndication.com
>
> Wildcards are not permitted here.

Ah, good to know, thanks.

>
>> fe80::1%lo0affiliate.googleusercontent.com
>
> Missing space.
>
>> fe80::1%lo0 mimageads*.googleadservices.com
>> fe80::1%lo0 mpartner.googleadservices.com
>> fe80::1%lo0 pagead*.googlesyndication.com
>
> Wildcards.
>
> Would you like to turn this into a patch?  See
> <https://www.gnu.org/software/guix/manual/html_node/Submitting-Patches.html>
> (not everything is applicable here, though.)
>
> Note that the manual also needs to be updated;
> ‘%ads-google-host-aliases’ can be documented just below
> ‘%facebook-host-aliases’.
>

I was thinking of turning it into an patch once a discussion about this
has come to an conclusion.

> Thanks,
> Ludo’.

ng
-- 
ng/ni*
vcard: http://krosos.sdf.org

Re: proposal for more options in gnu/services/networking.scm for blocklist

[Ludovic Courtès]

Nils Gillmann <niasterisk@grrlz.net> skribis:

> ludo@gnu.org (Ludovic Courtès) writes:
>
>> Nils Gillmann <niasterisk@grrlz.net> skribis:
>>
>>> A first version for google I just came up with starts like the attached
>>> code.
>>>
>>> What do you think?
>>
>> I would use it!  (Although I use Tor + Privoxy for most of my web
>> browsing, so I would also need the black list there.)
>>
>> The only downside I see it having to maintain it.  Do you know if anyone
>> maintains a list of these hosts somewhere?  If yes, we should put the
>> URL as a comment and have a somewhat streamlined process to update the
>> list.
>
> There are many lists out there which are not limited to google.
> The downside I see with this is external authorities and the trust you
> have to put into them, plus unnecessary downloads.
> If it should be moved into a file, I would put it into the Guix system
> source. (-> maybe mirrors of those listed below?)
> I could try and see if I can find a blacklist which is not very long and
> does not need extensive checking.

OK.

>> If there’s no publicly-maintained list of hosts, I think we won’t go
>> beyond Google, because that would easily become unmaintained, and people
>> would be disappointed to get an incomplete/outdated host list.
>>
>> What do people think?
>
> Ublock Origin uses the following sources:
> https://easylist.adblockplus.org/en/policy#easylist
> http://pgl.yoyo.org/adservers/policy.php
> http://www.malwaredomainlist.com
> http://www.malwaredomains.com
> https://github.com/gorhil/uBlock/tree/master/assets/ublock
>
> Pro: Other people and collections of people maintain these lists. less
> work for us
> Pro: widely accepted and maintained
>
> Con: see section above (other authorities, traffic)

Yeah.  OTOH I don’t see us (Guix) claim maintenance of such lists.

Another option would be for you to publish such lists, signed and
versioned, on a hosting site you have access to?  The advantage would be
less churn in Guix proper, and the responsibility would be moved to you
(or the collective that maintains the list) rather than Guix.  We could
refer to it in the manual.

WDYT?

Thanks,
Ludo’.

Re: proposal for more options in gnu/services/networking.scm for blocklist

[Nils Gillmann]

ludo@gnu.org (Ludovic Courtès) writes:

> Nils Gillmann <niasterisk@grrlz.net> skribis:
>
>> ludo@gnu.org (Ludovic Courtès) writes:
>>
>>> Nils Gillmann <niasterisk@grrlz.net> skribis:
>>>
>>>> A first version for google I just came up with starts like the attached
>>>> code.
>>>>
>>>> What do you think?
>>>
>>> I would use it!  (Although I use Tor + Privoxy for most of my web
>>> browsing, so I would also need the black list there.)

Appending to what I've written further down below, do you still want me
to push the google ads related servers as an patch and proceed with the
rest like what I've written below?

>>>
>>> The only downside I see it having to maintain it.  Do you know if anyone
>>> maintains a list of these hosts somewhere?  If yes, we should put the
>>> URL as a comment and have a somewhat streamlined process to update the
>>> list.
>>
>> There are many lists out there which are not limited to google.
>> The downside I see with this is external authorities and the trust you
>> have to put into them, plus unnecessary downloads.
>> If it should be moved into a file, I would put it into the Guix system
>> source. (-> maybe mirrors of those listed below?)
>> I could try and see if I can find a blacklist which is not very long and
>> does not need extensive checking.
>
> OK.
>
>>> If there’s no publicly-maintained list of hosts, I think we won’t go
>>> beyond Google, because that would easily become unmaintained, and people
>>> would be disappointed to get an incomplete/outdated host list.
>>>
>>> What do people think?
>>
>> Ublock Origin uses the following sources:
>> https://easylist.adblockplus.org/en/policy#easylist
>> http://pgl.yoyo.org/adservers/policy.php
>> http://www.malwaredomainlist.com
>> http://www.malwaredomains.com
>> https://github.com/gorhil/uBlock/tree/master/assets/ublock
>>
>> Pro: Other people and collections of people maintain these lists. less
>> work for us
>> Pro: widely accepted and maintained
>>
>> Con: see section above (other authorities, traffic)
>
> Yeah.  OTOH I don’t see us (Guix) claim maintenance of such lists.
>
> Another option would be for you to publish such lists, signed and
> versioned, on a hosting site you have access to?  The advantage would be
> less churn in Guix proper, and the responsibility would be moved to you
> (or the collective that maintains the list) rather than Guix.  We could
> refer to it in the manual.
>
> WDYT?
>
> Thanks,
> Ludo’.

Interesting idea, although I have an issue with signing commits.
I did not dive much into the topic itself, but if you have more
knowledge about it and could say that signed commits can not be abused
in my name to let's say pretend a fork with malicious intentions end up
being signed in my name, I'm open for it. What's you experience on
signed commits?

I am on savannah, gna (not sure), and notabug, so either one of those
would work, where I have not much experience with savannah myself but
more with notabug.

If I find reasonable policy and standards of what should, could, would
be included and what will definitely not be included,
and will find people who are interested in keeping it up to date,
it's an doable project which can be linked to in Guix but not promoted
as official Guix related.

I try to make it happen this year, can't tell when exactly but I'll talk
about it with other people and see if they have ideas and criterias in
addition to mine.
It shouldn't be main priority to anyone as maintaining such lists can
take time.
If I come to the conclusion that it is doable without being the 40th
invention of the wheel, I'll start this.

-- 
ng/ni*
vcard: http://krosos.sdf.org