If I implement my service to use the same underlying IP address for the primary service/critical access that I use for advertising services (e.g., I put a load balancer and have Windows Advertising integrated with Windows Update via the same IP addresses), you can’t block the IP without breaking Windows Update.
That’s worse for other ingrained systems, e.g., a news app that actually has to send you content could do this instead of using separate IPs for the advertising service, and then if you want to use their service you have to accept the advertising packets.
If you’re relying on DNS for your blocking as well, it’s entirely possible to distribute the IP address information without ever involving DNS by syncing up the appropriate IPs out of band on some built in IP addresses hard coded in the binary (plenty of things do this sort of thing already for security purposes, they want to minimize the risk of a local DHCP server handing out some garbage DNS record and sending you a virus via their update mechanism).
I could go on.
Do yourself a favor and learn a bit more about how this shit works lest you look like an idiot.
Don’t be a dick; especially if you don’t know what you’re talking about. Thanks.
DNS based blocking only works for regular DNS requests.
At this point, any app that wanted to bypass that could use DoH/DoT+ECH to completely bypass your DNS and thus the blocking it provides. With these tools, all you’d see is an outgoing TLS connection to a remote IP; all other data is encrypted.
DNS based ad blockers (I run one, it’s great, highly recommend) can’t block something if the address is both legit and also serves ads. For instance, if MS used the same domain name for updates and windows key validation as it does for ads, you’d quickly run into an issue. Especially if (please don’t read this MS), they required validation on every boot, then replied with a payload combination of a the ads and a “yea you’re legit and can boot”.
Also, MS could easily (and has) coded some processes to not lookup DNS addresses in things like LMHOSTS or HOSTS, they could just as easily bypass DNS itself. They certainly have plenty of public IPs they could have a process submit to the network stack.
Until it turns itself back on during an update. Or hey implement another version that has its own off switch buried somewhere, etc.
It’s bloat and hassle.
You shouldn’t have to do maintenance on a brand new Windows install. Set preferences and install apps? Sure. But expecting everyone to go through a checklist of shit to turn off? Nah. That’s user hostile and so tedious.
Checklists and debloating procedures like that can feel like something an expert would do. And can feel like what a good computer user should do, but that’s a limited mindset that is a niche among all Windows platform users.
Warning, car analogy:
Imagine if you bought a new car and had to scrape a bunch of advertisement decals off it. And you have to remove unneeded features like spoilers that are dragging you down. Oh, and randomly in the middle of the night the dealer tracks your car down and applies new decals that you will want to scrape off your windshield when you get a chance.
I’ve worked with a Linux installation that had plenty of bloat and marketing by default too, I spent a fair bit of time combing through it turning off stuff I definitely didn’t want. Whether it “should” or “shouldn’t” doesn’t change that it is.
Imagine depending on a company giving you the privilege of turning off ads in the operating system you paid $100USD for.
MS can get bent, I’m sick of advertising. Read the news, ads, watch any video without Adblock, ads, go out in public to enjoy a day out with my family, ads on every road and square foot of space. Now they want to put ads on the main menu of an operating system I only use to for relaxation and entertainment, but they were oh so kind to give me the option of turning them off for now. I’m not waiting for them to decide to remove the option, I’m going to remove myself from the equation.
I already gave these greedy bastards my money, I just want some peace and quiet while I relax, but that’s too much to ask for these days.
Clicking a checkbox in a settings menu is so complicated, though!
Simpler to install Linux, a whole new operating system, and try to figure out how to either run your Windows apps there or find new equivalent applications to use.
I’m pretty sure you can turn these off with local group policy. And if you can, I’m sure someone will make a script to do it for you.
Personally, I set up AD for my own devices a long time ago, when I got pissed off about Windows 10 rebooting my PC while I’d stepped away to eat dinner and killing everything I had open. So I also use it to set group policy to turn off things like this. But this is far overkill for the average person.
Sounds like we need to start developing ad-blockers based directly within the OS.
Those exist. Use dns based adblockers. You can pick from a variety of services already out there or run your own with pihole.
Yeah, though … those don’t always work and it is entirely possible to break them if they become overly “pesky” for the corporations.
Removed by mod
If I implement my service to use the same underlying IP address for the primary service/critical access that I use for advertising services (e.g., I put a load balancer and have Windows Advertising integrated with Windows Update via the same IP addresses), you can’t block the IP without breaking Windows Update.
That’s worse for other ingrained systems, e.g., a news app that actually has to send you content could do this instead of using separate IPs for the advertising service, and then if you want to use their service you have to accept the advertising packets.
If you’re relying on DNS for your blocking as well, it’s entirely possible to distribute the IP address information without ever involving DNS by syncing up the appropriate IPs out of band on some built in IP addresses hard coded in the binary (plenty of things do this sort of thing already for security purposes, they want to minimize the risk of a local DHCP server handing out some garbage DNS record and sending you a virus via their update mechanism).
I could go on.
Don’t be a dick; especially if you don’t know what you’re talking about. Thanks.
DNS based blocking only works for regular DNS requests.
At this point, any app that wanted to bypass that could use DoH/DoT+ECH to completely bypass your DNS and thus the blocking it provides. With these tools, all you’d see is an outgoing TLS connection to a remote IP; all other data is encrypted.
Removed by mod
Removed by mod
DNS based ad blockers (I run one, it’s great, highly recommend) can’t block something if the address is both legit and also serves ads. For instance, if MS used the same domain name for updates and windows key validation as it does for ads, you’d quickly run into an issue. Especially if (please don’t read this MS), they required validation on every boot, then replied with a payload combination of a the ads and a “yea you’re legit and can boot”.
Also, MS could easily (and has) coded some processes to not lookup DNS addresses in things like LMHOSTS or HOSTS, they could just as easily bypass DNS itself. They certainly have plenty of public IPs they could have a process submit to the network stack.
Or literally just use the existing option in the settings menu that has been there since Windows 10 to turn this shit off.
All of this is clickbait.
Until it turns itself back on during an update. Or hey implement another version that has its own off switch buried somewhere, etc.
It’s bloat and hassle.
You shouldn’t have to do maintenance on a brand new Windows install. Set preferences and install apps? Sure. But expecting everyone to go through a checklist of shit to turn off? Nah. That’s user hostile and so tedious.
Checklists and debloating procedures like that can feel like something an expert would do. And can feel like what a good computer user should do, but that’s a limited mindset that is a niche among all Windows platform users.
Warning, car analogy:
Imagine if you bought a new car and had to scrape a bunch of advertisement decals off it. And you have to remove unneeded features like spoilers that are dragging you down. Oh, and randomly in the middle of the night the dealer tracks your car down and applies new decals that you will want to scrape off your windshield when you get a chance.
Other than the dealer sneaking up in the middle of the night to reapply decals, that is sadly exactly what buying a new car is like.
Or, well, at least from what I’ve seen and heard from others. Who has money these days for new cars?
Setting preferences is exactly what this is, though.
Having to tell your computer that “My preference is no bloat and marketing.” is a sad state of affairs though.
My whole point is these things shouldn’t need to be configured. Because the bloat and marketing shouldn’t be part of the OS like this.
I’ve worked with a Linux installation that had plenty of bloat and marketing by default too, I spent a fair bit of time combing through it turning off stuff I definitely didn’t want. Whether it “should” or “shouldn’t” doesn’t change that it is.
But updates can and do reset them.
Group Policy really helps - I don’t think I’ve had an update reset a policy… Yet.
Imagine depending on a company giving you the privilege of turning off ads in the operating system you paid $100USD for.
MS can get bent, I’m sick of advertising. Read the news, ads, watch any video without Adblock, ads, go out in public to enjoy a day out with my family, ads on every road and square foot of space. Now they want to put ads on the main menu of an operating system I only use to for relaxation and entertainment, but they were oh so kind to give me the option of turning them off for now. I’m not waiting for them to decide to remove the option, I’m going to remove myself from the equation.
I already gave these greedy bastards my money, I just want some peace and quiet while I relax, but that’s too much to ask for these days.
Yep. It’s my goal to be as unprofitable a citizen for our corporate overlords as possible.
I want them to lose money by doing business with me.
I want them to go bankrupt so that their future replacements can learn from their mistakes and not repeat them.
If they choose to be user hostile, I’ll match their energy and multiply it. Fuck em.
Clicking a checkbox in a settings menu is so complicated, though!
Simpler to install Linux, a whole new operating system, and try to figure out how to either run your Windows apps there or find new equivalent applications to use.
Think of the corporations!
I’m pretty sure you can turn these off with local group policy. And if you can, I’m sure someone will make a script to do it for you.
Personally, I set up AD for my own devices a long time ago, when I got pissed off about Windows 10 rebooting my PC while I’d stepped away to eat dinner and killing everything I had open. So I also use it to set group policy to turn off things like this. But this is far overkill for the average person.