cname-trackers
cname-cloaking-blocklist
Our great sponsors
cname-trackers | cname-cloaking-blocklist | |
---|---|---|
25 | 3 | |
369 | 136 | |
1.1% | 0.0% | |
8.2 | 0.0 | |
9 days ago | about 1 year ago | |
JavaScript | ||
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cname-trackers
-
uBlock Origin Lite now available on Firefox
Note that CNAMEs is literally caused by GDPR, and the pathway every single ad or tracking company seems to go sooner or later.
For people not understanding how it works: you can set a CNAME entry on your tracker.domain.tld to bypass all Browser's third-party tracking preventions, and make it look like it's a normal subdomain of your website.
You need to make a CNAME tracker database manually by resolving the reverse entries for known IPs. Usually there is hundreds or thousands of CNAME entries pointing to the same IP address.
The AdGuard team also made a database for this, in case anyone needs it for UBOL [1]
-
Disguised trackers are blocked regardless of toggle (which is a good thing)
So nextdns’s third party disguised trackers is actually really tiny of a list, like 30 domains. (Im trying to add more so it has the same amount of cname’s blocked as adguard). Anyways, the reason why the list is so tiny is because it uses wildcard logic so all subdomains get blocked. It already uses some of the cname companies that adguards cname-tracker list uses but not all. Hopefully my pull request can get merge eventually because then the setting will be a little bit more effective
-
How to block fathom tracking
I see fathom on Adguard CNAME tracker. Example:
- Does the Adguard Tracking Protection List protect Chrome and Safari from CNAME trackers?
-
YouTube ads in Safari: you see them now, will you see them in the future?
> uBlock Origin already performs CNAME decloaking and blocks this approach, it’s pretty cool.
... which in return is a static list of domains which needs to be regularly updated, and therefore is not really failsafe. uBlock0 uses Adguard's scraped dataset [1] as a source to do this, as Chrome Extensions cannot make DNS requests without a DNS-via-HTTPS endpoint.
- New Adguard CNAME Tracker List that works on Pi-hole!
-
AdGuard CNAME Tracker List
Just wanted to point out there's also a "justdomains" variant: https://github.com/AdguardTeam/cname-trackers/blob/master/combined_disguised_trackers_justdomains.txt
-
CNAME cloaking - is there a countermeasure coming to Pi-Hole?
I stumbled across AdGuard publishing a new list of trackers abusing the CNAME cloaking technique and, AFAIK, Pi-Hole does not offer any protection against these. So, I was wondering if there was something planned to do so.
- AdGuard publishes a list of 6K+ trackers abusing the CNAME cloaking technique
cname-cloaking-blocklist
-
Disguised trackers are blocked regardless of toggle (which is a good thing)
I've just done some testing and I thought that some of you might find the results interesting. As you all know, NextDNS has a setting to block disguised third-party trackers (CNAME cloaking). What bothers me about this setting, is that it uses its own blocklist. I like to use a selection of blocklists that I trust, in order to avoid false positives and let the occasional false positive be fixed quickly. This led me to two questions:
So nextdns’s third party disguised trackers is actually really tiny of a list, like 30 domains. (Im trying to add more so it has the same amount of cname’s blocked as adguard). Anyways, the reason why the list is so tiny is because it uses wildcard logic so all subdomains get blocked. It already uses some of the cname companies that adguards cname-tracker list uses but not all. Hopefully my pull request can get merge eventually because then the setting will be a little bit more effective
-
New Adguard CNAME Tracker List that works on Pi-hole!
We've been discussing this new list source on another forum. As stated by some other users, a lot of the entries are already included in other lists, even that isn't very efficient. A long time ago, NextDNS published something similar on GitHub, after looking into that, I created and published a script that turned these entries into regex blacklist entries, which provide adequate protection against CNAME cloaking. Now the Adguard Team has published their version, however, using a similar technique to create regex blacklist entries also provides adequate protection, without adding thousands of new (some duplicate) entries to gravity. The file of interest in the entire repository is the json file, it contains the domains that would require regexes to efficiently block everything in the lists. When adding the regex entries, using a script, it turned out most of them are already covered by the NextDNS entries, only 9 additional regexes are added. For those who are interested in using the regex blacklist method, as opposed to adding big lists, you can find the entire explanation (and how to) in my pihole manual, section 15 (Deep CNAME inspection). the domain users.telenet.be may require whitelisting!
What are some alternatives?
pihole-regex - Custom regex filter list for use with Pi-hole.
stealth - :rocket: Stealth - Secure, Peer-to-Peer, Private and Automateable Web Browser/Scraper/Proxy
wirehole - WireHole is a combination of WireGuard, Pi-hole, and Unbound in a docker-compose project with the intent of enabling users to quickly and easily create a personally managed full or split-tunnel WireGuard VPN with ad blocking capabilities thanks to Pi-hole, and DNS caching, additional privacy options, and upstream providers via Unbound.
WebKit - Home of the WebKit project, the browser engine used by Safari, Mail, App Store and many other applications on macOS, iOS and Linux.
AdguardFilters - AdGuard Content Blocking Filters
AdGuardDNS - Public DNS resolver that protects you from ad trackers
FTL - The Pi-hole FTL engine
metadata - This repository contains the data behind our Security, Privacy and Parental Control features.
Filterlist-for-AdGuard-or-PiHole - A very aggressive filter-list that consolidates over 370 lists for use in AdGuard Home, Pi-Hole or similar.
uBlock-issues - This is the community-maintained issue tracker for uBlock Origin
masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.