Raspberry Pi Zero (v1.3) as a dongle-based ad blocker


#1

I've just built a very cool new gadget. Imagine a Raspberry Pi Zero inside a trim printed case with a USB Type A cable that comes out of the end. (Photos later when I get this finished up.)

It's running in dongle mode where it presents the USB as an ethernet adapter to the computer it's plugged into. And I've got dnsmasq running so it's a DNS server with pass-through.

Typical workflow

  1. Decide that you never want to see another website ad from serve-east.acuityplatform.com, for example
  2. Add an /etc/hosts entry of 127.0.0.1 serve-east.acuityplatform.com on this server
  3. Restart dnsmasq with sudo service dnsmasq restart

Instructions

  1. Plug it in
  2. Point your workstation's DNS to this server as your primary DNS
  3. Try to access the indicated serve-east.acuityplatform.com website, it's a 404 (which is good)
  4. That's one down, many to go in the war against advertisements

Building it

It does require a USB cable that you're going to cannibalize for this project. And it requires some soldering skills on very tiny pads on the Raspberry Pi Zero. I'll ultimately glue the case together once I've made some project photos. And it could use a nice label for the outside, methinks.

13%20PM

25%20PM

59%20PM


#2

blackhole

More fun behind-the-scenes (it now supports a database behavior which ought to be programmatically controllable from a website interface):

$ sudo mkdir /etc/hosts.d
$ sudo touch /etc/hosts.d/hosts._
127.0.0.1	localhost
::1		localhost ip6-localhost ip6-loopback
ff02::1		ip6-allnodes
ff02::2		ip6-allrouters

127.0.1.1	blackhole
$ sudo touch /etc/hosts.d/hosts.blocked
127.0.0.1	serve-east.acuityplatform.com
$ sudo touch /etc/hosts.d/hosts.redirected
10.20.30.62	gitjs.io
$ sudo touch /usr/local/bin/makehosts
$ sudo chmod a+x /usr/local/bin/makehosts
#!/bin/sh

cat /etc/hosts.d/hosts.* > /etc/hosts
$ sudo makehosts
$ sudo service dnsmasq restart

#3

So .. why not pihole?


#4

Great idea and kudos for building from scratch, but why not just install PiHole - all the hard work has been done already for you and personally I think the web interface is lovely.


#5

True, but there's nothing like building something from the ground, up.

I made one of these before as a discovery for the Agar.io API so that I could cheat the advertisements on that game. It worked out beautifully. It's also a great way of documenting APIs like the kind you might find on a bus schedule phone app, for example. You can then write your own phone app which uses their scheduling server, say. Or you could write a gadget that flashes a light when the #2 bus downtown is ten minutes north of me.

I was talking to my students Friday evening about million- and billion-dollar apps that they could build and this concept is way too easy: Build something that even remotely gets in the way with Google's revenue stream and they'll buy you out in order to remove the problem. (This isn't my intent, though. I'm trying to demonstrate to my students how fast an idea can go to prototype.)


#6

rpi won't really be useful on modern internet links... regular links in europe these days are 200mbps to 1gbps for home network, placing a pos rpi between your computer and your network won't bring you happiness :frowning: ... make a proper router with some proper routing software (like pfsense for e.g., add snort and few other plugins and enjoy .. ) on a proper hw capable of handling modern internet speeds..


#7

It'll work just fine for DNS requests. It's not being used as a packet filter or anything.


#8

I use a web-based version of Outlook and it's got some pretty obnoxious galley ads (normally). It seems to do a great job of knocking them out.


#9

if you don't use it as router what's the point? open and edit your local hosts file, it's faster and easier then ssh-ing to rpi and editing file there? I'm not getting the point really .. it would make sense if you run proxy that's hiding and auto updating things, if you are just going to manually add entries to mdns, open your hosts file (on linux /etc/hosts on doze it's in %SystemRoot%\System32\drivers\etc\hosts on macos /etc/hosts .. ) and add your 127.0.0.1 directly and it works... how does adding a piece of hw makes this simpler/faster/cheaper?


#10

It auto-updates, it runs a webserver to serve content (rather than spinning on connect), it applies to all hosts- including mobile phones.


#11

?!?!?

the original post shown this:

$ sudo mkdir /etc/hosts.d
$ sudo touch /etc/hosts.d/hosts._
127.0.0.1	localhost
::1		localhost ip6-localhost ip6-loopback
ff02::1		ip6-allnodes
ff02::2		ip6-allrouters

127.0.1.1	blackhole
$ sudo touch /etc/hosts.d/hosts.blocked
127.0.0.1	serve-east.acuityplatform.com
$ sudo touch /etc/hosts.d/hosts.redirected
10.20.30.62	gitjs.io
$ sudo touch /usr/local/bin/makehosts
$ sudo chmod a+x /usr/local/bin/makehosts
#!/bin/sh

cat /etc/hosts.d/hosts.* > /etc/hosts
$ sudo makehosts
$ sudo service dnsmasq restart

what here "autoupdates", "serves web content", "prevents spinning on connect", applys to "all hosts" ?! it is a usb dongle that will hold your new hosts file instead of editing hosts file on local fs ?!?!? what else does it offer except it forces you to manually setup DNS to the dongle to perform the same what a simple hosts file edit will do ?


#12

@tedder42 or your "auto update.." was relating to pi-hole? that's a whole different beast, not really what OP is making .. if you don't have a good router (where you can set this up yourself) it's not a bad thing to have... I'm not seeing the point of the OP's device.. pi-hole has it's use, especially if you use ISP provided router


#13

My apartment already has lots of dedicated Raspberry Pi computers (there's four for the printer alone). I could easily park another Raspberry as a Pi-Hole and call it a day. But then when I go to work, I'd be leaving behind that ad protection so I like the idea of a dongle-based solution.

Believe it or not, I have three laptops which do different things for me. A dongle-based solution would in theory allow that portability/mobility and function-specificity that would be nice to have.

I have edited my hosts file and this has been my solution in the past, redirecting a known offender to 127.0.0.1, for example. I note that some of the bigger players like Google/Microsoft are upping the stakes—if it fails to resolve the ad content like this with a 404 they're moving on to the next ad provider. So it's not enough to redirect the DNS A name record. You also have to return a 200 status on the pull.

Additionally, Google's own use of SSL for everything is quite likely a move to block the ad blockers, if you will. If the https pull doesn't deliver a solid 200 response (without the obvious certificate error) then they'll dish up a different one.


#14

pyhole dongle makes sense (partially), but hosts file dongle like this is makes zero sense to me, sorry :frowning: ..

I personally use the DNSBL list with web server returning 1x1px (so similar to pihole) trough pfsense both in house and in office and have one configured pfsense as a vm on the laptop to handle stuff (intrusion, vpn, dnsbl..) when I'm out of the office/home... anyhow, I don't mind pihole dongle, I mind manually configured mqdns dongle :slight_smile: as I don't see the point