What's new

Ad Blocking

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

djtech2k

Senior Member
I am looking for a decent ad blocker that I can run on my Asus AC68U. I want to make sure that it is not going to be a performance issue either. I saw the wiki with the adblock, but according to what I read I cannot get it with my router.

I have read several threads on the forum on this topic but I am not sure which method seems to work the best. I saw the adsuck option, but I am not sure how it turned out.

What is the best low performance impact option?
 
Last edited:
Anything? I really want to get a handle on the stupid ads. My family gets riddled with them and its exhausting to fight.
 
If you'd consider dd-wrt firmware, there's ad blocking built into it. It uses privoxy, and you can use it passively/transparently, or design your own rules if you want.

If you did some searching around in this forum, I think that you'll find several threads on this, as well, though.

There are also ad blockers for Chrome, Firefox, and Internet Explorer, as well as the iOS Atomic browser.
 
Well I chose Merlin because I was told by many people that its a much better option on the AC68U.

I have done lots of searching on the forum. I found many threads here, but most have an unclear ending. For example, the dnsmasq option is said to really impact performance or web surfing. The adblock option on the RMerlin wiki says that it requires entware, but my router isn't on the list I saw so I have optware instead. Plus I am not sure about the performance of it.

I also saw a mention of some adsuck option, but I did not see in the thread where it said if it would work on my model and if it had a negative impact on performance. I just don't want to slow the whole network down just to do ad blocking.
 
Well I chose Merlin because I was told by many people that its a much better option on the AC68U.

I have done lots of searching on the forum. I found many threads here, but most have an unclear ending. For example, the dnsmasq option is said to really impact performance or web surfing. The adblock option on the RMerlin wiki says that it requires entware, but my router isn't on the list I saw so I have optware instead. Plus I am not sure about the performance of it.

I also saw a mention of some adsuck option, but I did not see in the thread where it said if it would work on my model and if it had a negative impact on performance. I just don't want to slow the whole network down just to do ad blocking.

That's one of the reasons that I do this via browsers...the fact that if you do this in the router, seems like it would be hard to avoid slowing everything down to some degree. Privoxy with dd-wrt definitely adds network latency through the router, for example. Reinforced by my own experience with it.
 
Do we have any idea on the performance impact of the method mentioned above?
That's why I like the idea of doing simple blocking with the hosts file. There isn't the overhead of running another piece of software (i.e. proxy server) and the memory consumed (the biggest performance hit for routers) is minimal.

With a block list of 24033 addresses here are some comparative benchmarks. The routers upstream DNS is 208.67.222.222.
Code:
NOT AD FILTERED
===============

  192.168.  1.  1 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  + Cached Name   | 0.000 | 0.000 | 0.000 | 0.000 | 100.0 |
  + Uncached Name | 0.020 | 0.080 | 0.299 | 0.079 | 100.0 |
  + DotCom Lookup | 0.020 | 0.081 | 0.164 | 0.054 | 100.0 |
  ---<-------->---+-------+-------+-------+-------+-------+
                     router.asus.com
                Local Network Nameserver


  208. 67.222.222 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  - Cached Name   | 0.018 | 0.020 | 0.024 | 0.001 | 100.0 |
  - Uncached Name | 0.020 | 0.080 | 0.284 | 0.082 | 100.0 |
  - DotCom Lookup | 0.019 | 0.079 | 0.163 | 0.055 | 100.0 |
  ---<-------->---+-------+-------+-------+-------+-------+
                  resolver1.opendns.com
                OPENDNS - OpenDNS, LLC,US

AD FILTERED
===========


  192.168.  1.  1 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  + Cached Name   | 0.000 | 0.000 | 0.000 | 0.000 | 100.0 |
  + Uncached Name | 0.020 | 0.085 | 0.320 | 0.083 | 100.0 |
  + DotCom Lookup | 0.020 | 0.091 | 0.173 | 0.057 | 100.0 |
  ---<-------->---+-------+-------+-------+-------+-------+
                     router.asus.com
                Local Network Nameserver


  208. 67.222.222 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  - Cached Name   | 0.019 | 0.020 | 0.024 | 0.001 | 100.0 |
  - Uncached Name | 0.020 | 0.081 | 0.289 | 0.081 | 100.0 |
  - DotCom Lookup | 0.019 | 0.079 | 0.166 | 0.057 | 100.0 |
  ---<-------->---+-------+-------+-------+-------+-------+
                  resolver1.opendns.com
                OPENDNS - OpenDNS, LLC,US
You can see that the blocklist adds about 5 to 10 ms to an uncached query.

To my mind that overhead is negligible compared to the massive time savings achieved by not having to download ads from multiple remote ad servers that most web pages would require.

It's also worth bearing in mind that Ad blocking (with a hosts file) has no impact on other internet activity like downloads, gaming or streaming video.


UPDATE: I've just changed my upstream DNS server to that of my ISP which is faster (but more unreliable) than OpenDNS. Not only was the overall response time improved but the overhead from ad blocking was 2 to 3 ms. [I suspect that any variation below 10ms is just random fluctuation in the test]
Code:
AD FILTERED
===========

  192.168.  1.  1 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  + Cached Name   | 0.000 | 0.000 | 0.000 | 0.000 | 100.0 |
  + Uncached Name | 0.011 | 0.058 | 0.258 | 0.070 | 100.0 |
  + DotCom Lookup | 0.029 | 0.038 | 0.052 | 0.008 | 100.0 |
  ---<-------->---+-------+-------+-------+-------+-------+
                     router.asus.com
                Local Network Nameserver


  194.168.  4.100 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  - Cached Name   | 0.005 | 0.006 | 0.008 | 0.001 | 100.0 |
  - Uncached Name | 0.009 | 0.056 | 0.257 | 0.070 | 100.0 |
  - DotCom Lookup | 0.029 | 0.035 | 0.051 | 0.006 | 100.0 |
  ---<-------->---+-------+-------+-------+-------+-------+
             cache1.service.virginmedia.net
               NTL Virgin Media Limited,GB
 
Last edited:
Does it really require entware? The required packages all seem to be available on optware.
 
That's why I like the idea of doing simple blocking with the hosts file. There isn't the overhead of running another piece of software (i.e. proxy server) and the memory consumed (the biggest performance hit for routers) is minimal.

With a block list of 24033 addresses here are some comparative benchmarks. The routers upstream DNS is 208.67.222.222.
Code:
NOT AD FILTERED
===============

  192.168.  1.  1 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  + Cached Name   | 0.000 | 0.000 | 0.000 | 0.000 | 100.0 |
  + Uncached Name | 0.020 | 0.080 | 0.299 | 0.079 | 100.0 |
  + DotCom Lookup | 0.020 | 0.081 | 0.164 | 0.054 | 100.0 |
  ---<-------->---+-------+-------+-------+-------+-------+
                     router.asus.com
                Local Network Nameserver


  208. 67.222.222 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  - Cached Name   | 0.018 | 0.020 | 0.024 | 0.001 | 100.0 |
  - Uncached Name | 0.020 | 0.080 | 0.284 | 0.082 | 100.0 |
  - DotCom Lookup | 0.019 | 0.079 | 0.163 | 0.055 | 100.0 |
  ---<-------->---+-------+-------+-------+-------+-------+
                  resolver1.opendns.com
                OPENDNS - OpenDNS, LLC,US

AD FILTERED
===========


  192.168.  1.  1 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  + Cached Name   | 0.000 | 0.000 | 0.000 | 0.000 | 100.0 |
  + Uncached Name | 0.020 | 0.085 | 0.320 | 0.083 | 100.0 |
  + DotCom Lookup | 0.020 | 0.091 | 0.173 | 0.057 | 100.0 |
  ---<-------->---+-------+-------+-------+-------+-------+
                     router.asus.com
                Local Network Nameserver


  208. 67.222.222 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  - Cached Name   | 0.019 | 0.020 | 0.024 | 0.001 | 100.0 |
  - Uncached Name | 0.020 | 0.081 | 0.289 | 0.081 | 100.0 |
  - DotCom Lookup | 0.019 | 0.079 | 0.166 | 0.057 | 100.0 |
  ---<-------->---+-------+-------+-------+-------+-------+
                  resolver1.opendns.com
                OPENDNS - OpenDNS, LLC,US
You can see that the blocklist adds about 5 to 10 ms to an uncached query.

To my mind that overhead is negligible compared to the massive time savings achieved by not having to download ads from multiple remote ad servers that most web pages would require.

It's also worth bearing in mind that Ad blocking (with a hosts file) has no impact on other internet activity like downloads, gaming or streaming video.


UPDATE: I've just changed my upstream DNS server to that of my ISP which is faster (but more unreliable) than OpenDNS. Not only was the overall response time improved but the overhead from ad blocking was 2 to 3 ms. [I suspect that any variation below 10ms is just random fluctuation in the test]
Code:
AD FILTERED
===========

  192.168.  1.  1 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  + Cached Name   | 0.000 | 0.000 | 0.000 | 0.000 | 100.0 |
  + Uncached Name | 0.011 | 0.058 | 0.258 | 0.070 | 100.0 |
  + DotCom Lookup | 0.029 | 0.038 | 0.052 | 0.008 | 100.0 |
  ---<-------->---+-------+-------+-------+-------+-------+
                     router.asus.com
                Local Network Nameserver


  194.168.  4.100 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  - Cached Name   | 0.005 | 0.006 | 0.008 | 0.001 | 100.0 |
  - Uncached Name | 0.009 | 0.056 | 0.257 | 0.070 | 100.0 |
  - DotCom Lookup | 0.029 | 0.035 | 0.051 | 0.006 | 100.0 |
  ---<-------->---+-------+-------+-------+-------+-------+
             cache1.service.virginmedia.net
               NTL Virgin Media Limited,GB



So which method are you suggesting? Like this one http://forums.smallnetbuilder.com/showthread.php?p=139936#post139936 or something different?
 
I believe Colin uses the method I posted a while ago.
I still believe this is the best and (once installed) simplest method to block a LOT of ads and spam sites.
 
I agree with those who recommend browser based privacy control. I once looked into moving it to the router. I decided against it because I lost control by doing that. Some sites become useless if you block ads, including those sites you actually want to use. Moving blocking to the router makes it difficult to get past this.

On a practical level, do you really want your spouse or kids nagging you to fix the router every time they can't get to an important site?

I recently read an article about AdBlocker Plus that bragged about the ability to block canvas footprinting. This technique theoretically gives snoops the ability to identify your computer by isolating a large number of characteristics about your computer and logging them. When those characteristics pop up around the internet, in theory, they know it's you. In reality, it's not that capable, but still offers identification I prefer to keep to myself.

https://adblockplus.org/blog/adblock-plus-and-the-canvas-fingerprinting-threat
 
I throw this in for interest/comment (run it up the flagpole and see who salutes it), taken from the News section in my Network Toolbox iPhone app (Marcus Roskosch) - original can also be found on the website http://networktoolbox.de


"......The situation is still quite scary. Many apps are sending detailed information about your app usage, device and personal information to third party companies. This is not new but seems to get even worse. Yelp for instance uses three services in total such as adjust.io (see www.adjust.com), sb.scorecardsearch.com (see scorecardresearch.com), settings.crashlytics.com (see crashlytics.com) and of course google analytics. Other well-known candidates are graph.facebook.com.

The worst thing I have seen was however flurry.com (see www.flurry.com). Apps using the flurry service connect to data.flurry.com and loads of information regarding my device type, name, several IDs, app usage, settings etc. will be submitted to flurry. Even worse, most apps even don’t even encrypt this information when it’s being sent.......


.......The solution is to use the child protection mechanism of your router, if available.

In my favorite AVM Fritz router, I can maintain a blacklist of websites or IP addresses that should not be available from inside my network. This is basically to prevent kids from visiting certain websites. However, this also works perfectly to protect against these evil flurry scammers. Most routers have a similar blacklist available. Sometimes it’s quite hidden and cumbersome to maintain and enable but it’s worth to spent some time in this research.

So just add data.flurry.com (or even flurry.com) to that blacklist and you are fine.

You can also add the following for some of the other scammers:

adjust.com
adjust.io
scorecardsearch.com
crashlytics.com

and you may also want to consider:

graph.facebook.com
google-analytics.com

and if you finally want to get rid of most of the adware even in apps, just add:

googleadservices.com
doubleclick.net
iadsdk.apple.com
admob.com

So once this is done, you will even experience that some of your apps will run faster, as some of those scammers didn’t even invest in fast servers. Flurry has a extreme high latency, at least in Europe and it even takes quite some time to submit all the device information and app usage to flurry."


I implemented this in the blocked URLs list in Merlin's firmware; in DD-WRT, I was limited to blocking around 8 URLs.

Martin
 
Ghostery does the same, indeed, but it's not that easy to block those domains in all of the internet connected devices of the house.

Martinr, do you think that blocking those domains could prevent some web sites or android apps from working correctly?
I sometimes see that some web sites fail to display relevant information or popup windows when ghostery is enabled.
 
Thank you; I don't remember coming across Ghostery before.

On my laptop I use the MVP Hosts file as well as browser add-ons like NoScript, Adblock and Adblock Plus, and ScriptBlock (formerly NotScripts) in Chrome I hadn't realised there was something similar for my iPhone. So I've downloaded it and will give it a go - even after reading the criticism of Evidon, the owner of Ghostery, on Wikipedia.

Many thanks for that tip.

Martin

EDIT: Ghostery didn't last a day on my iPhone. Firstly, it didn't feel at all comfortable, and, more importantly, it didn't stop the ad at the top of www. Whatsmyip.org (from googleads.g.doubleclick.net) which is the only ad I've noticed on my iPhone.

But what really appeals to me is being able to put one word, such as doubleclick, in the URL filter and any address with that in it gets blocked. So I don't need lots of entries such as http://doubleclick.net, www.doubleclick.net.......
 
Last edited:

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top