evercookie VS hosts

For a bad actor, this is easily work-around-able using various local persistence mechanisms like evercookie. https://samy.pl/evercookie/

If you're talking about the https://samy.pl/evercookie script, for what it's worth, you can defeat it (at least I can with my settings and no extensions) by...

This reminded me of something I haven't thought about in awhile: evercookie - https://github.com/samyk/evercookie

Sure, as Sevetarion said earlier "There is no actual cooke, it's just a metaphor". In contrast to "fingerprinting" a user's unique device configuration (as the rest of this demo does), anti-tracking folks use the term "cookie" broadly to refer to various ways sites can store unique values to be retrieved later. This usage grew out of Samy Kamkar's awesome "Evercookie" work in 2010 (later aka "supercookie") https://samy.pl/evercookie/

Nothing comes to mind directly, sorry. It’s something I want to look deeper into myself as well. One cool thing to look at is evercookie which is a GitHub project that allows you to make tracking cookies and the likes. The repo itself hasn’t been updated in a while but can probably be a good source of information.

Evercookie and the Favicon vuln

Client side: Use Evercookie

Also note, something like the Evercookie may also still be a thing that works. It stores data not only in cookies, but also in everything else that can retain any form of state (localStorage, HTTP browser history, HTTP cache for custom fingerprinted images generated by the server, etc.), and if even one spot doesn't get cleared by the user, the script can re-populate all the spots making for a very persistent "cookie."

Not by default but a blocklist can be found here https://github.com/StevenBlack/hosts

While it is now unblocked, the Steven Black list has been blocking a lot of innocent CDNs.

jQuery: https://github.com/StevenBlack/hosts/issues/2520

How does this compare to using a hosts file with known ad servers?

like: https://github.com/StevenBlack/hosts

I use the Hosts file to block a ton of ads and that works really well. https://github.com/StevenBlack/hosts Something worth considering if your ad blocker isn't working well.

The no-tracking project used by RaspAP is shutting down, so we took the opportunity to search for open source blocklist alternatives. Among the best is Steven Black's hosts list: https://github.com/StevenBlack/hosts

No idea, api.radar.io is on the block list since January 2020.

The commit's comment is "major update from adaway.org"

https://github.com/stevenblack/hosts/commit/4fa0470

You can also use a declarative adblocker like uBlock Origin Lite [1], which only provides the browser with a list of elements to filter, but doesn't have any permissions to read content or perform requests. Or simply use your hosts file to apply OS-wide filtering with no browser add-ons needed: https://github.com/StevenBlack/hosts

Be aware that if you use these "passive" blocking methods, there are some sites like YouTube where you will see ads, because in these cases it's necessary to actually manipulate page content to hide them. What you can do is use a traditional adblocker but enable it only for these few sites where the declarative approach is not enough, take a look at [2] for more details.

[1] https://github.com/uBlockOrigin/uBOL-home

[2] https://seirdy.one/posts/2022/06/04/layered-content-blocking...

https://github.com/StevenBlack/hosts if you want to do it on your PC.

When I select my custom hosts file, it basically breaks internet. However, if I choose a custom hosts file that is a copy of the dev's default, or if I just add a few lines to it, it will work. If I add too many lines, or use a different hosts file altogether (like the ones recommended by the dev), all connectivity breaks. Of course the latest official LetMeBlock is installed and mDNSResponder killed/restarted. I'm using Dopamine on A12+.