Indeed, it might certainly be worthwhile to extend this tool to provide a means for people to protect themselves from their own devices and spyware.
> I guess that we tend to think of firewalling as mostly protection from > inbound connections, but.... There is an increasing academic corpus that draws attention to the idea that the enemy is within: https://moniotrlab.ccis.neu.edu/wp-content/uploads/2019/09/ren-imc19.pdf In my view, the best use of a firewall is to block outbound connections. You can absolutely (using iptables, etc) block some of the prefixes that you describe below. iptables -A OUTPUT -s 142.241.0.0/16 -j DROP Alternatively, suggest you can achieve most of what you want simply by blocking DNS requests for the names of dodgy services. What names should you block? Well, you can start with lists maintained by others: http://winhelp2002.mvps.org/hosts.txt https://someonewhocares.org/hosts/zero/hosts https://pgl.yoyo.org/adservers/serverlist.php?mimetype=plaintext You can also block other horrible names too, such as, for example: "incoming.telemetry.mozilla.org." Bonus points for pointing this name at a web server that runs locally and returns the response that Microsoft Windows expects: "www.msftconnecttest.com." Happy hacking -- Geoff On Tue, 23 Aug 2022 at 01:27:33PM +0100, mp wrote: > > cool, thx! > > Disclaimer: I did not write this code, I merely downloaded, typed 'cmake .' > and 'make' and then ran it. > > It is discussed here (on evil Twatter): > https://twitter.com/bert_hu_bert/status/1561466204602220544 > > It is a simple, indicative tool, but it is a sort of proof of concept and > wake up tool that potentially could be expanded with blacklisting those > outbound connections of the apps/cookies/whatever they call home and > elsewhere. > > I guess that we tend to think of firewalling as mostly protection from > inbound connections, but.... > > ... > .. > . > > On 23/08/2022 12:08, Geoffrey Goodell wrote: > > Hi mp, > > > > This is a great idea. I hypothesise that: > > > > (1) People have no idea how much data they are sending to online services; > > > > (2) People have no idea how often their various devices (not only PCs and > > smartphones but also 'internet of things' devices) send data, even when the > > user is not actively using them; and > > > > (3) People have no idea how often routine activities such as web browsing to > > ostensibly unrelated sites, email checking, and so on result in telemetry > > being > > sent. > > > > And of course, people might not realise that their physical movements and > > the > > cadence of their activities over time are part of the accumulated data set. > > > > I'm surprised that the Google prefixes are hard-coded. Suggest using the > > updated prefixes from the global routing table instead. > > > > https://thyme.apnic.net/ipv4/ap/2022/08/23/ > > > > (replace with whatever date is today) > > > > Download and unpack the five files in this directory. > > > > Inside you will find a file 'data-used-autnums'. You can search this file > > for > > the names of autonomous systems (networks), or 'ASes', that together > > comprise > > the Internet. > > > > You can search this list, e.g.: > > > > $ grep " GOOGLE" data-used-autnums > > > > Let's not single-out Google. Indeed you can look for other possible > > offenders > > too, e.g.: > > > > $ grep " MICROSOFT" data-used-autnums > > > > The first column of the results are the AS numbers. There is another file, > > 'data-raw-table', which maps the numbers to prefixes. You can use this > > file to > > identify all of the prefixes you want to examine. > > > > $ grep -w 15169 data-raw-table > > > > I hope this helps. > > > > Happy hacking, > > > > Geoff > > > > On Tue, 23 Aug 2022 at 10:18:12AM +0100, mp wrote: > > > > > > Great, thanks. > > > > > > Though, just for reference, this: > > > > > > sudo tcpdump -n -l dst net 192.0.2.1/32 $(for a in $(cat > > > goog-prefixes.txt); > > > do echo or dst net $a; done) | ./teller > > > > > > from here: > > > > > > https://github.com/berthubert/googerteller > > > > > > .. makes the map noisy: https://map.casariolab.art > > > > > > Ear opening tool. # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: http://mx.kein.org/mailman/listinfo/nettime-l # archive: http://www.nettime.org contact: nett...@kein.org # @nettime_bot tweets mail w/ sender unless #ANON is in Subject:
