Banning Facebook and blocking ads from you network

Introduction

Removing the Facebook application from your devices does not means you have remove all communication of your devices with Facebook. Other applications that you use and web pages that you visit maybe using the Facebook API, and so, passing data to Facebook. Adding an ad blocker to your browser helps eliminate some of that communication. However, adding and correctly configuring ad blockers in all your devices may not be practical. In some cases, it is hard or impossible to configure and block unwanted API calls (for example in your TV).

One practical alternative is to use a DNS sinkhole in your network and configure it to ignore (or blacklist) the unwanted APIs (in this case the Facebook APIs). An excellent open source DNS sinkhole project is Pi-hole.

Pi-hole

I have been running Pi-hole in my home network for several years using an old Raspberry Pi 1 model A from 2012. Initially, I was concerned with the impact on my network, but it turns out that it has a positive impact on my network traffic, by eliminating ads from the network traffic. This machine has 512 MB of ram and runs at 700 MHz, so it is a very minimal machine, but Pi-hole runs perfectly in that hardware.

My installation is very simple, just the Raspberry Pi running Pi-hole and connected to my main router/cable modem. The normal status is for the Raspeberry Pi to be at 112.9F, with Pi-hole using 14% of the available memory as reported by the Pi-hole dashboard. Just for fun, let ssh to the Raspberry Pi and see the memory and CPU specs, as follows:

~$ ssh pi@192.168.0.251
pi@192.168.0.251's password: 
Linux MY-DNS-PI-HOLE 4.14.98+ #1200 Tue Feb 12 20:11:02 GMT 2019 armv6l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Sep 14 21:44:54 2020 from 192.168.0.15

pi@MY-DNS-PI-HOLE:~ $ free --mega
              total        used        free      shared  buff/cache   available
Mem:            443          46          45          37         351         305
Swap:           102           0         102

pi@MY-DNS-PI-HOLE:~ $ cat /proc/cpuinfo
processor	: 0
model name	: ARMv6-compatible processor rev 7 (v6l)
BogoMIPS	: 697.95
Features	: half thumb fastmult vfp edsp java tls 
CPU implementer	: 0x41
CPU architecture: 7
CPU variant	: 0x0
CPU part	: 0xb76
CPU revision	: 7

Hardware	: BCM2835
Revision	: 000e

pi@MY-DNS-PI-HOLE:~ $ lscpu
Architecture:          armv6l
Byte Order:            Little Endian
CPU(s):                1
On-line CPU(s) list:   0
Thread(s) per core:    1
Core(s) per socket:    1
Socket(s):             1
Model:                 7
Model name:            ARMv6-compatible processor rev 7 (v6l)
CPU max MHz:           700.0000
CPU min MHz:           700.0000
BogoMIPS:              697.95
Flags:                 half thumb fastmult vfp edsp java tls

pi@MY-DNS-PI-HOLE:~ $ exit
logout
Connection to 192.168.0.251 closed.
~$ 

Raspberry Pi

For this project, you need a Raspberry Pi, an Ethernet cable to connect the Raspberry Pi to your main router, an SD card and a power supply for the Raspberry Pi. As I describe before, any old Raspberry Pi with an Ethernet port will work fine. Depending of the Raspberry Pi, you could use a phone charger as the power supply. Just be sure it has the right voltage and enough amperage to drive the Raspberry Pi. Even if you buy all the components, you should be able to do this project for less than 50 dollars.

Installing and configuring Pi-hole

There are several good tutorials on installing Pi-hole, so I will not cover that in here. A search for “pi hole raspberry pi headless install” should give you a good set of tutorials. The Pi-hole page have also installation instructions.

Tips

It is important to configure your main router to redirect DNS traffic to your Pi-hole. But, don’t forget any other router that your may have in your house. So, be sure to configure all your routers. In my case, I have two routers and their configuration was different, as follows:

  • Main router. LAN Setup => LAN Settings => DNS Override
  • Secondary router. Internet => internet setup => Domain Name Server (DNS) Address

You want to be sure your Pi-hole up to date. Once in a while, I logon into the Pi-hole dashboard and check that I’m running the latest version (in the bottom of the main dashboard page will list the current version and if it needs to be update). If the version need to be updated, just exit from the dashboard and logon into the Raskpberry Pi using ssh and run the following command:

pihole -up

Blocking Facebook

By default, Pi-hole block most ads, including several google analytic APIs. However, it does not blocks applications, including Facebook. Therefore, I have specifically blocked Facebook and its APIs.

To block Facebook just login to the Pi-hole dashboard and look at the Query Log section. By default, in the Query Log section you can see the last 100 DNS queries. Each DNS query is listed in green if it was not blocked, and in red if it was blocked. On each query you has the ability to blacklist it or whitelist it by pressing a button.

The easy way to block Facebook is from the Query Log, by looking at any query that includes a Facebook domain and blacklist it. Alternatively, you can go to the Blacklist section of the dashboard and add the domains to block or a regular expression. For example: (\.|^)(facebook|fb|fbcdn|fbsbx|tfbnw)\.(com|net)$ and ‘^(fbstatic|fbexternal|fbcdn).*akamaihd.net$’ that will block most of the facebook domains.

Conclusion

Having a DNS sinkhole at home as a companion to the main router can be done easily and cheap using Pi-hole. In addition to block Facebook, you will be able to block ads and improve the speed of the network

This morning, looking at my Pi-hole dashboard, I noticed in the top blocked domains, www.facebook.com with 262 hits and graph.facebook.com with 218. So, blocking is working. But, I also notice a different trend, our cellular phones are very active at night with a minimum of 56 queries each 10 minutes. For a device that should be just charging, having 336 DNS queries per hour seems excessive. This will merit further research and a potential solution.