A new reason to block ads

After years of refusing to install extensions in my browsers or proxies on my machine, I have, for the past few months, started to work seriously on blocking connections to ad servers. The reason? The increasing number of security issues linked to these ad networks and their ability to inject code in relatively "trusted" web sites.

Are such drive-by downloads a danger to the average Mac user? Pretty unlikely for the time being. However, since ad networks don't bring any useful content in the first place, even the slightest negative tips the balance clearly. They are a relatively easy thing to get rid of, at least technically speaking, and refusing connections to them is extremely unlikely to cause any damage to applications or network users.

(On a side note, before content publishers accuse me of depriving them of revenue, there are some ad networks, such as The Deck, that I do not block. I only block the generic garbage-peddling domains that no self-respecting site should be dealing with in the first place. You know, those who offer me to meet busty singles in my area, while I am reading about 802.11 networks.)

Like many Mac users, I am concerned by Safari's poor security record, despite being absolutely in love with the browser for its standards-compliance, speed and interface. This explains why I spend most of my time in Firefox or Opera, even though I feel a lot less at home with them.

However, many Mac applications rely on WebKit to do their work: Mail, NetNewsWire, all these daily staples that establish network connections to sometimes untrusted parties. Short of installing a proxy, there is no way to prevent connections from those applications to known offenders.

I did play with the excellent Privoxy but it ended up interfering with Little Snitch, my favorite whistle-blowing, cap-wearing, bushy brow-ed network monitor. Until Objective Development releases an update, that was not a practical solution.

So, what works? Apart from securing Firefox with extensions and about:config tweaks or using Opera for RSS — a nightmarish thought —, I have found the "hosts" file to be a surprisingly reliable ally. By pointing ad networks to 127.0.0.1, I basically make it impossible to connect to them. Certainly, it does not make all my WebKit using applications inherently more secure, but it does provide a bit of mitigation.

Security considerations aside, since 127.0.0.1 is a fast-recognized dead-end, I also ended up cutting my RSS loading time in half, which in itself was worth the few minutes it took setting up the file. This also applies to many web sites since most of them not only use ads from external sources but rely on tracking code from the very thorough but speed-challenged Google Analytics.

What domains should you plug there? There are a great many lists out there, many maintained for the excellent Firefox extension AdBlock. I have found pgl.yoyo.org to be of use in the past in compiling my own.