Feeling attacked with Leggable and Fleable. I’ve been known to write a concern or two in Ruby on Rails but what can I say? I like my code DRY.

looks at community I hope so?

Well I MITM myself quite often to confirm it. I’m also smashing together hundreds of blocklists, and I always check the network tab of my browser’s developer tools and very rarely see anything coming from third-party domains.

Sure, sometimes assets are on the actual domain I’m visiting (or its CDN) but most of the time, even tracking scripts there are broken because they still call the blocked scripts.

By the way, it’s hilarious that everyone wants to fight so hard about this yet when someone says “use an adblocker” nobody says anything as if it’s the end-all solution.

I didn’t say “I have a bulletproof, surefire way to fix this.” I said “use network-based blocking.” However effective that is is up to the person implementing it; you have no idea how effective my setup is because you don’t have access to its configuration.

They’re not hard to circumvent, sure but then why am I so effectively blocking almost everything not tied to the “real” first-party domains?

Proxy? Is it that hard to figure out how to bundle and serve assets from the same domain? 😂

I’m a broken record: block Google (or whomever) with network-based blocking (IP and/or DNS), these guys have third-party tracking in virtually every website and app.

This is the correct answer. Facebook has third-party scripts all over the internet. I wish people would understand this — just because you’re not a Facebook user doesn’t mean Facebook (or anyone else) doesn’t track you.

I’m not sure about Facebook but tons of trackers are in apps too so the typical “use an adblocker” grumble isn’t even accurate either.

they’re perennially jealous of the shit Apple can get away with.

😒

I’d almost go through the trouble of getting the content out of Wordpress. The nice thing about static site generators is you can completely switch out the framework, runtime, base Docker image and/or OS at any time.

Your router probably does have one, but your end devices should too. If your router is some piece of trash ISP-supplied one, it might not even have a firewall for IPv6 (if it even supports IPv6 at all).

I would add from an end-user privacy perspective, they might want HTTPS. If I hit a website not using HTTPS, I pretty much immediately back out. Bad actors like hostile governments and hackers can use seemingly meaningless data against you.

I can’t remember exactly what happened but I remember back when WebMD was fighting against rolling out TLS hackers were able to find medical weaknesses against people.

Yes I have a DNS service listening on both UDP and TCP to respond to DNS queries from clients using the standard DNS port; crazy me. 🤪

DNS

You can’t have UDP and TCP on the same port? I don’t think that makes sense, I have DNS listening on UDP and TCP both on port 53.

I mean, I agree that that sucks but as was previously stated Chromium can be forked.

Oh yeah I always forget people still cry about that. I’m a big fan of the unified experience that the software and hardware bring together, and that experience hasn’t been poor for me.

I killed off ads in the News app by blocking doh.apple.com. I find it kind of funny that it looks up its DoH server IP using the existing DNS server and that simply returning NXDOMAIN cuts it off.

Not sure if they use it for much more than that though (doesn’t seem like it).

One thing I want to bring up just so you’re conscious of it is WiFi calling.

I currently use Tailscale and a sophisticated setup to route traffic via commercial VPNs. I also do a ton of DNS ad/tracking blocking which Tailscale wasn’t really designed for (and requires a rat’s nest of routing, iptables and the like).

I’ve noticed I never receive incoming calls now even while attempting to send traffic to my carrier’s WiFi calling server (it’s just another traditional VPN server at a technical level) through the nearest Tailscale exit node.

All this is to say, if you want WiFi calling to work you should consider this. I believe it’s the same for Android and iPhone.

As for the traditional VPN bit I kind of discovered this a few years ago when using one of those mobile cellular gateways you can plug into your LAN (I lived in a dead zone). When looking up my current carrier’s WiFi calling server (a different carrier) I realized the port matches the same VPN thing they were doing on the cellular gateway, so I think it’s fairly common for wireless carriers to just use a VPN to get you into their backend.

Isn’t a Docker registry just HTTP? Would a caching proxy be too hard to use for this?

This should be the top comment (if valid)