search

StevenBlack / hosts

🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
MIT License
25.62k stars 2.14k forks source link

Missing some akamaiedge domains #2604

Closed w0rmr1d3r closed 1 month ago

w0rmr1d3r commented 1 month ago

I see there are some domains related to akamaiedge in the hosts file: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

However, I found out more of those domains that do tracking/ads based on recent browsing and ads being displayed in iOS apps.

These are the domains (they don't appear in the hosts file, already checked):

Hope those can be added.

Thank you :)

bigdargon commented 1 month ago

No! Why do many people want to block akamai's CDN? Apple uses akamai to distribute their services, if blocked Apple devices/products will not work properly. Please do not add these domains!

hagezi commented 1 month ago

I agree with @bigdargon, you shouldn't block such "deep" CNAMES unless you want to paralyse something.

w0rmr1d3r commented 1 month ago

No problem on closing this issue. Quick question then, why are other similar domains within the lists? Aren't they blocking also Apple services?

StevenBlack commented 1 month ago

Thank you everybody.

Closing.

w0rmr1d3r commented 1 month ago

Hello @StevenBlack & @bigdargon , can we go back to the question left unanswered: why are other similar domains within the lists? Aren't they blocking also Apple services?

Why some get in the list and others don't?

Thank you

StevenBlack commented 1 month ago

Ramon @w0rmr1d3r you're trolling us, right?

Please stop wasting our time. This is borderline open source maintainer abuse. So we're clear: we owe you absolutely nothing.

You're aware that Akamai is an ENOURMOUS cloud services company, right? Why would we not block Akamai? Because we're not stupid.

Reference: Akamai Technologies on Wikipedia.

Now please, go away.

kekmacska commented 1 month ago

Akamai Technologies blocks Tor users and FBI & NSA uses this firm to collect data from ordinary people on facebook without their consent. Sure as hell it goes into my blocklist, even if it can't go into offical blocklist

bigdargon commented 1 month ago

@w0rmr1d3r The Apple domains on the blocklist are exactly blocking the domains Apple uses to track and collect user data. The blocklist does not block Akamai CDN domains.

Akamai's CDN domain name may be constantly changing, we are not sure if services Apple (or non-Apple) use the same Akamai CDN domain CNAME.

For example, I have the domain www.apple.com www.icloud.com and x1.c.lencr.org (Let's Encrypt digital certificate authentication domain)

; <<>> DiG 9.16.28 <<>> www.apple.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41150
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.apple.com.                 IN      A

;; ANSWER SECTION:
www.apple.com.          295     IN      CNAME   www.apple.com.edgekey.net.
www.apple.com.edgekey.net. 772  IN      CNAME   www.apple.com.edgekey.net.globalredir.akadns.net.
www.apple.com.edgekey.net.globalredir.akadns.net. 1110 IN CNAME e6858.dscx.akamaiedge.net.
e6858.dscx.akamaiedge.net. 14   IN      A       42.119.185.88

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Apr 15 23:41:31 SE Asia Standard Time 2024
;; MSG SIZE  rcvd: 187

; <<>> DiG 9.16.28 <<>> www.icloud.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15490
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.icloud.com.                        IN      A

;; ANSWER SECTION:
www.icloud.com.         2876    IN      CNAME   www-cdn.icloud.com.akadns.net.
www-cdn.icloud.com.akadns.net. 57 IN    CNAME   www.icloud.com-v1.edgekey.net.
www.icloud.com-v1.edgekey.net. 1420 IN  CNAME   e4478.dscb.akamaiedge.net.
e4478.dscb.akamaiedge.net. 20   IN      A       184.29.96.56

;; Query time: 15 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Apr 15 23:41:48 SE Asia Standard Time 2024
;; MSG SIZE  rcvd: 173

; <<>> DiG 9.16.28 <<>> x1.c.lencr.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22057
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;x1.c.lencr.org.                        IN      A

;; ANSWER SECTION:
x1.c.lencr.org.         76      IN      CNAME   crl.root-x1.letsencrypt.org.edgekey.net.
crl.root-x1.letsencrypt.org.edgekey.net. 2913 IN CNAME e8652.dscx.akamaiedge.net.
e8652.dscx.akamaiedge.net. 20   IN      A       42.119.185.27

;; Query time: 15 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Apr 15 23:42:05 SE Asia Standard Time 2024
;; MSG SIZE  rcvd: 140

All 3 domains have CNAME records with the domain name akamaiedge.net. So blocking Akamai's CDN domains could unintentionally block other affected Apple (or non-Apple) service domains.

If you believe your thinking is correct, use cloud services (NextDNS/ControlD/Adguard DNS..) or local DNS (Pi-Hole/Adguard Home..) to add domains you want to be blacklisted.