PrivacyRightsWatch.org

Mission

Urgent Threats to Privacy

info@privacyrightswatch.org

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

-- United Nations Universal Declaration of Human Rights, Article 12

Blocking Undesirable Internet Connections

There are a number of ways to prevent your computer from connecting to Internet sites that you consider undesirable – whether those sites are unwanted social media sites, ad-serving sites, malware sites or otherwise.

On this page, we explain two general approaches – short-circuiting DNS lookups to bypass an undesirable site, and constructing firewall rules to block connections to the IP address(es) of an undesirable site. Because of the variety of operating systems (and versions), one might find that the general instructions below do not work in a specific case. If one understands the approach, however, he or she should be able to do an online search for more specific instructions for the particular operating system (and version).

Hosts File

One can use his or her computer's hosts file to "high-jack" Internet traffic destined for an undesirable site and redirect that traffic back to his or her own computer – essentially sending it down a dead-end alley.

In network parlance, a "host" is simply a computer connected to a network. The hosts file is the oldest and most basic way of associating a host's human-friendly name (e.g., "www.facebook.com") with the numeric IP address that one's computer would actually use to connect to that host. For more information on the hosts file, including its usual file system location under various operating systems, see this Wikipedia article.

A hosts file is a plain text file with two types of entries. The first type are comments, which may contain any text, as long as each line begins with a hash ("#") character. Comments are for humans only, and are ignored by a computer's operating system, as are entirely blank lines.

The second type of entry in a hosts file begins with an IP address, followed by white space (one or more spaces or horizontal tabs), followed by one or more host names. For example, a typical Mac OS X hosts file will look something like this:

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1       localhost
255.255.255.255 broadcasthost
::1             localhost

The IP address "127.0.0.1" (and its IPv6 equivalent "::1") is a special address (called the "loopback" address) – and the host name "localhost" is a special name – that a computer uses to refer to itself. Similarly, the IP address "0.0.0.0" is a special one that is reserved for "local identification." That address is sometimes suggested rather than "127.0.0.1" for use in blocking undesirable sites.

In order to "high-jack" Internet traffic destined for an undesirable site, one needs to add to the end of the hosts file, entries pointing the host name(s) of the undesirable site back to the loopback address. For example, if one wanted to block Facebook, one would add these entries (and perhaps others, as well, depending upon the host names used by Facebook) to the end of the hosts file:

# block facebook

127.0.0.1     facebook.com
127.0.0.1     login.facebook.com
127.0.0.1     www.facebook.com
127.0.0.1     blog.facebook.com
127.0.0.1     apps.facebook.com

Linux

Note: In order to edit the hosts file in Linux, one will need to log in as an user with administrative privileges.

The location of the hosts file in most Linux distributions is "/etc/hosts". One who is comfortable editing files directly in a terminal may use his or her favorite command line text editor to append the appropriate entries to the hosts file, being careful not to delete the existing localhost entries.

For those who are uncomfortable with a command line text editor, the following steps enable one to use a text editor with a graphical user interface – note that after typing (or copying and pasting) each required command in a terminal window, execute it by hitting the "enter" or "return" key:

Log in using an account that has administrative privileges.
Launch a terminal program, e.g., "Gnome Terminal".
Back up the hosts file with the following command in the terminal window:
```
sudo cp /etc/hosts /etc/hosts.backup
```
Enter the administrator's password when requested – the password will not be echoed to the screen.
Make a temporary working directory for editing the hosts file with the following terminal command:
```
mkdir ~/tmp.hosts.d
```
Copy the hosts file to the temporary working directory with the following terminal command:
```
cp /etc/hosts ~/tmp.hosts.d/hosts.copy
```
Open the hosts.copy file in a text editor, e.g., to use "gedit", use the following terminal command:
```
gedit ~/tmp.hosts.d/hosts.copy
```
In the text editor, add the appropriate entries to the hosts.copy file, then save it.
Make a note of the owner, group and permissions of the original hosts file with the following terminal command:
```
ls -hl /etc/hosts
```
Overwrite the original hosts file with the edited copy with the following terminal command:
```
sudo mv ~/tmp.hosts.d/hosts.copy /etc/hosts
```
Enter the administrator's password if requested.
Correct the owner and group of the new hosts file with the following terminal command:
```
sudo chown root:root /etc/hosts
```
Enter the administrator's password if requested.
Check the owner, group and permissions of the new hosts file to ensure that they match those of the original hosts file with the following terminal command:
```
ls -hl /etc/hosts
```
Remove the temporary working directory with the following terminal command:
```
rmdir ~/tmp.hosts.d
```

Mac OS X

Note: In order to edit the hosts file in Mac OS X, one will need to log in as an user with administrative privileges.

The location of the hosts file in Mac OS X is "/private/etc/hosts". One who is comfortable editing files directly in the Terminal may use his or her favorite command line text editor to append the appropriate entries to the hosts file, being careful not to delete the necessary localhost entries.

For those who are uncomfortable with a command line text editor, the following steps enable one to use TextEdit instead – note that after typing (or copying and pasting) each required command in the Terminal window, execute it by hitting the "enter" or "return" key:

Log in using an account that has administrative privileges.
Launch the "Terminal" program – Applications > Utilities > Terminal
Back up the hosts file with the following command in the Terminal window:
```
sudo cp /private/etc/hosts /private/etc/hosts.backup
```
Enter the administrator's password when requested – the password will not be echoed to the screen.
Make a temporary working directory for editing the hosts file with the following Terminal command:
```
mkdir ~/tmp.hosts.d
```
Copy the hosts file to the temporary working directory with the following Terminal command:
```
cp /private/etc/hosts ~/tmp.hosts.d/hosts.copy
```
Open the hosts.copy file in TextEdit with the following Terminal command:
```
open -e ~/tmp.hosts.d/hosts.copy
```
In TextEdit, add the appropriate entries to the hosts.copy file, then save it.
Make a note of the owner, group and permissions of the original hosts file with the following Terminal command:
```
ls -hl /private/etc/hosts
```
Overwrite the original hosts file with the edited copy with the following Terminal command:
```
sudo mv ~/tmp.hosts.d/hosts.copy /private/etc/hosts
```
Enter the administrator's password if requested.
Correct the owner and group of the new hosts file with the following Terminal command:
```
sudo chown root:wheel /private/etc/hosts
```
Enter the administrator's password if requested.
Check the owner, group and permissions of the new hosts file to ensure that they match those of the original hosts file with the following Terminal command:
```
ls -hl /private/etc/hosts
```
Remove the temporary working directory with the following Terminal command:
```
rmdir ~/tmp.hosts.d
```
Flush the DNS cache:
- For Mac OS X 10.4 and before, use this Terminal command:
```
sudo lookupd -flushcache
```
- For Mac OS X 10.5 and later, use this Terminal command:
```
sudo dscacheutil -flushcache
```

Windows

The location of the hosts file in versions of Windows from NT through Windows 8 is "%SystemRoot%\system32\drivers\etc\hosts".

Note: In order to edit the Windows hosts file in either Windows Vista or Windows 7, you will need to take a number of steps per this Microsoft support page.

Log in using an account that has administrative credentials.
Back up the hosts file.
Start your text editor – click Start, then click All Programs, then click Accessories, then right-click Notepad, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow or Yes.
In the text editor, add the appropriate entries to the hosts file, then save it.
Flush the DNS cache:
- click Start, then click Run, and then type cmd
- In the command prompt, type the following and hit "enter":
```
ipconfig /flushdns
```

To reset the hosts file to its default, you can follow the instructions in this Microsoft support page.

Firewall Rules

One can also use firewall rules to block his or her computer from connecting to the IP address(es) of an undesirable site. One advantage of using firewall rules is that one doesn't have to divine every possible host name that an undesirable site might use – just block the entire range of IP addresses used by that site. For example, to block Facebook, one could simply block its entire IP address range:

NetRange:       66.220.144.0 - 66.220.159.255
CIDR:           66.220.144.0/20
OrgName:        Facebook, Inc.

Another advantage of using firewall rules is that by implementing them on a router, one can protect an entire network without having to fiddle with each computer on that network. While the general instructions below are limited to built-in firewalls for a handful of operating systems, one could apply the same types of firewall rules to just about any home or office router with basic firewall capabilities.

coming soon

coming soon

coming soon

coming soon

Our mission: Privacy Rights Watch vigorously opposes attempts by governments, businesses, individuals or organizations to use the public laws, electronic or other means of surveillance and information gathering to gain unwarranted access to an individual's private actions, personal information, or private property without the knowledge and consent of the individual.

We regard personal information as records of travel by car, air, boat, rail, or other means; personal data, including records of family members, health records, correspondence, professional records including bank and other financial transactions and records, doctors' and lawyers' communications, and employment records. Personal and private records should never be open to review by the government or any group or individual without the specific and documented consent of all individuals to whom that information relates, or a judicially-issued warrant in the case of a specific and legitimate national security threat or law-enforcement action.

Washington, D.C.
info@privacyrightswatch.org
www.privacyrightswatch.org