Skip to content

Commit

Permalink
Update README
Browse files Browse the repository at this point in the history
  • Loading branch information
Magnesium1062 authored and Magnesium1062 committed Jun 16, 2024
1 parent 898932c commit af57645
Showing 1 changed file with 30 additions and 4 deletions.
34 changes: 30 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# **Welcome to BadBlock!**

NOTE: This project can be found on both [Codeberg](https://codeberg.org/Magnesium1062/BadBlock), which will act as the main & preferred way to contribute, and [GitHub](https://github.com/Retold3202/BadBlock).
**NOTE:** This project can be found on both [Codeberg](https://codeberg.org/Magnesium1062/BadBlock), which will act as the main & preferred way to contribute, and [GitHub](https://github.com/Retold3202/BadBlock).

These are DNS blocklists that I personally maintain covering a variety of different services, applications, & platforms. We will generally block the following types of domains:

Expand Down Expand Up @@ -34,7 +34,7 @@ With that said though, it should be noted that we also don't want to cause break

We are also going to make it a point **not** to break important features for security. For instance, software updates will never be intentionally broken or blocked by our lists. The same goes for CRL & OCSP checks, time servers, etc. The keyword here is **important** though, because this doesn't always apply. For instance, in our Microsoft list, we block Smartscreen. The reason is simple: It's extremely invasive from a privacy perspective, as it directly sends every URL you visit & other sensitive information to Microsoft, without any obfuscation or attempt at anonymizing the data. Not to mention this is not made clear or transparent to the user at all. Therefore, we have no problem blocking it due to the extreme privacy risk it poses. However, we don't block Google's Safe Browsing, as it is generally not a concern for privacy unless you enable the "Enhanced" mode, and the benefits it brings outweigh the negatives.

It should also be noted that we report our findings upstreams to other blocklists, particularly [HaGeZi's](https://github.com/hagezi/dns-blocklists).
It should also be noted that we report our findings upstreams to other blocklists where relevant, particularly [HaGeZi's](https://github.com/hagezi/dns-blocklists).

We additionally offer an extensive [Whitelist](https://codeberg.org/Magnesium1062/blocklists/_edit/main/whitelist.txt), which we would also recommend using. The goal of the list is to ensure that domains required for important functionality or legitimate security features are never blocked, as well as unblocking other harmless domains.

Expand All @@ -46,13 +46,39 @@ We currently offer the following formats for use of our lists:

* Wildcard Domains (With and without `*`) - If you are unable to use the ABP lists, we also provide our lists in the wildcard domains format, one variant with the `*` before domains, and one without. This is also extremely effective at blocking, and can be a great option depending on your blocker of choice.

⚠️ We are **NOT** planning to create "HOSTS" files at this time. We would recommend reading the reasons OISD lists [here](https://oisd.nl/faq#legacysyntaxes), as we strongly agree with them. HOSTS files are simply very time consuming to maintain, unnecessarily large, and plain and simple just not effective at blocking.
⚠️ We are **NOT** planning to create "HOSTS" files at this time. We would recommend reading the reasons OISD lists [here](https://oisd.nl/faq#legacysyntaxes), as we strongly agree with them. HOSTS files are very time consuming to maintain, unnecessarily large, and above all else: just not effective at blocking.

⭐️ We would generally recommend using [AdGuard Home](https://adguard.com/adguard-home/overview.html) as your DNS content blocker of choice if possible, as it is free and open source, and offers the strongest amount of customization & features. You can see our recommended set-up for AdGuard Home [here](https://codeberg.org/Magnesium1062/adguard-home-settings). These lists are also compatible with various other content blockers & firewalls, such as uBlock Origin, AdGuard, Brave Shields, Little Snitch, Pi-hole, & more. Our lists are currently not available on any cloud DNS blocking solutions (ex. NextDNS, ControlD, AdGuard DNS), but we hope that will change, as we feel like our lists could prove to be valuable and needed additions to those services.

# Should I use any other lists, and if so, what?

Yes, you should **not** solely rely on any BadBlock lists. I'm of the firm belief that it's always a good idea to use a combination of high quality lists for your blocking purposes. I would generally also recommend using the following, depending on what's best available to you:

* ⭐️ [HaGeZi's Multi Pro++](https://github.com/hagezi/dns-blocklists?tab=readme-ov-file#orange_book-multi-pro---maximum-protection-) - Without a doubt, hands down, HaGeZi maintains the best DNS blocklists out there. There's a reason we mainly contribute upstream domains to him. His lists are comprehensive, very high quality with carefully considered domains, no nonsense, with little to no breakage or false positives. If you're fine with a little breakage, we would recommend using [HaGeZi's Ultimate list](https://github.com/hagezi/dns-blocklists?tab=readme-ov-file#closed_book-multi-ultimate---aggressive-protection-) instead of Multi Pro++, but Multi Pro++ is still an excellent option.

* ⭐️ [HaGeZi's Threat Intelligence Feeds](https://github.com/hagezi/dns-blocklists?tab=readme-ov-file#closed_lock_with_key-threat-intelligence-feeds---increases-security-significantly-recommended-) - Another fantastic list maintained by HaGeZi, focused on blocking malicious domains, with a wide variety of high quality sources. There is also a [complementary list focused on blocking malicious IP addresses](https://github.com/hagezi/dns-blocklists?tab=readme-ov-file#closed_lock_with_key-threat-intelligence-feeds---ips-), which you should also use if possible.

* ⭐️ [HaGeZi's Encrypted DNS Servers](https://github.com/hagezi/dns-blocklists?tab=readme-ov-file#outbox_tray-encrypted-dns-servers-only-) - This is another important & effective list from HaGeZi, as it helps to prevent apps & services from using their own DNS servers to bypass your DNS content blocking.

* ⭐️ [HaGeZi's Badware Hoster Blocking](https://github.com/hagezi/dns-blocklists?tab=readme-ov-file#computer-badware-hoster-blocking---protects-against-the-malicious-use-of-free-host-services-) - Another great list from HaGeZi, helps to further reduces the risk of getting malware.

* ⭐️ [HaGeZi's Most Abused TLDs](https://github.com/hagezi/dns-blocklists?tab=readme-ov-file#crystal_ball-most-abused-tlds---protects-against-known-malicious-top-level-domains-) - Blocks TLDs that are commonly abused for malicious purposes, with little to no breakage. I have seen this work first-hand, so I also highly recommend making use of it.

* ⭐️ [xRuffKez's Newly Registerd Domains (NRDs)](https://github.com/hagezi/dns-blocklists?tab=readme-ov-file#new-newly-registered-domains-nrds-) - If you are unable to block NRDs on your DNS content blocking solution (like NextDNS), this is another vital risk to add, as it heavily improves security by blocking newly registered domains, which are extremely commonly used for malicious purposes. We would recommend using the `14 days` variant.

* ⭐️ [HaGeZi's Dynamic DNS Blocking](https://github.com/hagezi/dns-blocklists?tab=readme-ov-file#lock_with_ink_pen-dynamic-dns-blocking---protects-against-the-malicious-use-of-dynamic-dns-services-) - Similar to above, if you are unable to block Dynamic DNS servers with your DNS content blocking solution (like NextDNS), this is another very important list to take advantage of, as it heavily improves security by blocking Dynamic DNS servers, which are very commonly abused.

* ⭐️ [Divested Combined List](https://divested.dev/pages/dnsbl#combined) - Excellent high quality blocklist covering advertising, tracking, spam, & malicious domains from lots of different sources. Maintained by [Divested Computing Group](https://divested.dev), known for their [award winning](https://www.fsf.org/news/free-software-awards-winners-announced-eli-zaretskii-tad-skewedzeppelin-gnu-jami) privacy & security work through various projects such as [DivestOS](https://divestos.org/), [the Mull browser](https://f-droid.org/packages/us.spotco.fennec_dos/), & [Hypatia](https://f-droid.org/en/packages/us.spotco.malwarescanner/).

* ⭐️ [Developer Dan's Ads & Tracking](https://github.com/lightswitch05/hosts) - While this list is unfortunately not actively maintained anymore, it is still a very high quality & comprehensive blocklist with little to no false positives. I still regularly see domains being blocked from it that other lists miss.

* ⭐️ [EasyList](https://v.firebog.net/hosts/Easylist.txt) - Classic must-have list focused on blocking online advertising, parsed specifically for DNS content blocking.

* ⭐️ [EasyPrivacy](https://v.firebog.net/hosts/Easyprivacy.txt) - Also maintained by EasyList, another must-have list, this time focused on blocking unwanted tracking & data collection.

# Additional General Recommendations

* Please do **not** rely on DNS blocking as your only defense against advertising, tracking, and other nastiness. You should also use a strong and reputable browser content blocker, such as [uBlock Origin](https://github.com/gorhill/uBlock), as well as making use of your browser's Safe Browsing technology if it is not done in a privacy-invasive way, and using a (reputable) Anti-virus. On most platforms, you should simply stick to the built-in protection, but on Linux, we would recommend [ClamAV](https://www.clamav.net/), and on Android, we would recommend [Hypatia](https://f-droid.org/packages/us.spotco.malwarescanner/).
* Please do **not** rely on DNS blocking as your only defense against advertising, tracking, and other nastiness. You should also use a strong and reputable browser content blocker, such as [uBlock Origin](https://github.com/gorhill/uBlock) *(See recommended settings [here](https://codeberg.org/Magnesium1062/ublock-origin-settings)) *, as well as making use of your browser's Safe Browsing technology if it is not done in a privacy-invasive way, and using a (reputable) Anti-virus. On most platforms, you should simply stick to the built-in protection, but on Linux, we would recommend [ClamAV](https://www.clamav.net/), and on Android, we would recommend [Hypatia](https://f-droid.org/packages/us.spotco.malwarescanner/). **NOTE:** You should install Hypatia through the [DivestOS Official Repo](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) instead of F-Droid's main repo, as it will allow you to receive quicker updates directly from the developer. It's also recommended to use [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic/) as your F-Droid client of choice.

* You should use a privacy-respecting browser that respects you as a user. [Firefox](https://www.mozilla.org/firefox/) with a user.js like [Arkenfox](https://github.com/arkenfox/user.js) is a great choice.

Expand Down

0 comments on commit af57645

Please sign in to comment.