PiHole. Or use free AdGuard DNS. Or lots of other methods. Try googling free ad block dns. If you want control, PiHole. If you want someone to manage, there are many choices.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Best Mac Adblocker for PRIVACY and data protection? [MERGED]
- Thread starter Silly John Fatty
- Start date
- Sort by reaction score
..but you’ll likely want a pihole. AdGuard’s free DNS is only good for 300k requests/month, which my 60 devices would chew through pretty quickly.
I don't get the hate for Russia. So what if a company is Russian? I get it if its a Russian gov. company. Not that any US or UK based company any safer from their governments. Remember Snowden fled from USA to Russia after exposing NSA.
It adds if it has tracker and adblockers built in
Of course they can, via your IP. No log policy you have to trust them on that. I also heard Crypto is not anonymous. I think Monero is but bitcoin atleast is not.
It was more wild west in 2000s. Today its more of a 1984 Oceania dystopian. Controlled, monitored, and tracked.
Trust has a lot to do with it. I for example trust ProtonVPN and Mullvad. I do not trust Nord VPN, hotspotshield, PIA VPN, nor ExpressVPN.
actually, If you install an app you never know where it placed its files or what their names are. It will be very hard digging around for it. You trust the app developer to have all file names under the app name (ex. Adgaurd) and just delete those.
I installed Homebrew for MacOS. I have no idea where in the directories it installed its files or under what name. But I trusted their uninstall method.
How can I manage my certificates and delete ones that are unnecessary and know which ones are safe to keep? There are a lot of certificates in my Keychain Access. Some called My Certificates and others plain Certificates.
I have one called ProtonVPN root certificate that has a red X sign on it and labeled "This root certificate is not trusted"
I agree with everything you said in your posts except that Setapp dropping them shouldn't mean much. Why should we trust Setapp decisions?
You are being carefully and following "best procedures" method and you are 100% right. @Queen6 POV is that if there is no evidence on it then there is no reason to be paranoid. It all comes down to who you trust and choice honestly.
Example. Silicon Valley bank collapsed. Prior to that there was no reason to be "paranoid" about keeping your money with them. But would you trust Silicon Valley Bank over Citibank prior to that? Personal choice.
You have to understand what DNS is. Its a big index that ties domain names to their IP address (internet address).
When you type: CNN.COM , the computer does not understand what this is. It goes to a DNS server it looks up what is CNN.COM it finds that it correlates to IP address 151.101.131.5 and send you to that address(website).
Now if you have a adblocking DNS what happens is you go to cnn.com and in that site there is an advertisement that is coming from adserver.com so it goes to look it up in the DNS records only tp find its IP address listed as (x), nothing, so it it returns a null result. Nothing, comes back. So the space reserved for the ad remains blank.
If the DNS server you use has no adblocking , it will give the IP address of adserver.com (ex.184.22.34.1) and the ad will show up on the website.
there are many free and paid DNS adblockers.
Then which trusty DNS adblocker do you recommend (other than Pihole), that is not a subscription on some other site (like Mullvad)? I mean an extension/plugin that you download and install in your web navigator (Safari or Firefox)?
I don't want to pay a monthly or yearly subscription to some external DNS service.
That's actually crazy, is there really no way to see what an app has installed? Man, I've installed so much stuff over the years, my computer must be nasty. 😆 Especially those trash apps like CCCleaner, but also trash games, tiny useless tool apps for nothing that didn't even work 90% of the time, etc. etc. …
Isn't there an app or a script or something that can show you what software has created or modified which files in which locations?
That would be a great idea for an app … not sure if that's possible to do, however.
No, actually in MacOS this is dead easy, Apple made sure the apps can physically place their files only in certain places. Doesn't take a science degree to fish'em out. Or use AppCleaner or KnockKnock if you don't feel like doing it manually.
Two words: install log.
I must admit it's a brave move to install something as powerful as Homebrew without even basic knowledge about it.
BTW Homebrew shows the paths it can use - explicitly - during install. That's why it symlinks A LOT.
And from a regular private customer point of view, nothing happened. Everything they had in their accounts is available as if nothing happened.
I really encourage to get some "informed approach". I know it's hard to research for people who haven't been taught to research, but it ends up in conspiracy theories and personal disasters otherwise.
On my very old system, there was an app (AppCleaner) that was doing exactly this.
I intend to have a very clean (pure) system on my new mini (that should come next week. Still waiting for it). Like you, I installed so much unclean stuff on my old Macs. I'll be very severe on what I'll install on my new mini. So no Adguard on it (I don't trust the Russians at all!).
I don't think a SVB vs. Citi analogy works that well for this discussion because federal government-backed insurance covers some amount of losses for all depositors. Further, any depositor who chooses to hold uninsured funds at any institution, particularly those with stock traded on the major exchanges, can easily find information about the institution's capitalization, investors, and customer base.
Security and privacy software, in contrast, is not regulated or guaranteed by any government agency, insurance against losses or breaches is not provided to all users automatically, and the level of corporate disclosure is determined by each developer. This is why trust, both backward and forward looking, is such an important criterion when choosing hardware and software that will be used with sensitive data.
I use the public dns server from adguard - no limits but little config options
AdGuard DNS — ad-blocking DNS server
Create your ad-blocking DNS server that will protect your personal data, prevent tracking and allow you to control access to specific content on the Internet.
Use config manually and tcp instead of http
1Blocker’s Safari Extension configuration is the same on macOS, iOS, and iPadOS. The content filter is what you need. You do not have to enable the “extension“ for blocking YouTube Ads. Or, only enable it for YouTube and Deny it for every other site. 1Blocker got me with the family licensing model which worked out very well. Their support team was also very responsive a few years ago when they needed to work harder to block taboola ads for example.
1Blocker + NextDNS is a great combination. NextDNS is basically PiHole in the cloud. Allows many things to be blocked at the DNS level (such as malware sites) and provide encrypted DNS requests too.
I don't hate Russia, but to answer this we have to get very political, so I'll try to just summarize the technological part why for myself I don't see it as a good choice to use Russian based services at the moment:
Russia tried to follow the China way of handling the Internet and Internet user data.
Some examples:
In 2016, it was reported that Russian authorities had requested that LinkedIn provide them with access to user data stored on servers located within Russia. LinkedIn refused to comply with the request, and as a result, the Russian government blocked access to the site.
In 2018, it was reported that the Russian government had attempted to hack into routers and other networking equipment in order to spy on users and gain access to sensitive information. The US and UK governments issued a joint warning about the campaign, which they said was being conducted by Russian state-sponsored hackers.
In addition, there have been concerns about the use of surveillance technologies by the Russian government to monitor online activity and access user data.
In 2019, it was reported that the Russian government had developed a system that can intercept and decrypt HTTPS traffic, potentially allowing them to access sensitive user data transmitted over secure connections.
These incidents, along with others, have raised concerns about online privacy and security in Russia, particularly with regards to government surveillance and access to user data.
So I'm very reluctant to install a root certificate by a (former) Russian based company.
We already know from China based companies that they have to work close with the government to even exist. Look at everything considering Tencent.
Yes, you are right, you have to trust them. But they are one of a handful VPNs that have a clean record and have yearly audits by external entities that proof their policy.
I don't trust them more or less than Adguard. It's just another point that adds up to the list of issues I have with them.
There are adguard DNS:
94.140.14.14
94.140.15.15
and ControlD:
76.76.2.2
76.76.10.2
You just have to type them in your device's dns settings or the router to block ads for everything that connects to your router. You do not have to worry about privacy because you can not use the internet without a DNS server. idk if you can build your own! Your are most likely using your ISP's currently.
The best thing you can do (i think) is back up your entire drive to an external source (do double backup just in case) then set up your currently mac as new. Then use the migration tool that will import your settings and current settings. AFAIK this should not import junk files built over the years hidden deep in the system files.
If you use AppCleaner and drop an app in there you can see all the nice places that app has files in . Stuff like /library/C and what ever. Thats not files your average joe wants to deal with. I consider myself computer savvy but even I wouldn't like to go in those directories and mess with them.
none readable for the average guy. If you mean the one installed in /var/install.log or something like that. Mine only goes back to 2022 and also non readable for the average person.
I just copy and pasted the install command on their website
Someone came in to save them? I don't care I still do not feel safe keeping my money in there or invest in the bank itself.
I am thinking of getting 1blocker out of support to the company if they still offer the license option. I like their effort. I was reluctant before since its closed source and I thought it was Russian. If it can't read my data I am good to go.
But I honestly can't recommend them. They are Safari only + paid + closed source. Using something like Brave or FF+uBO is FOSS and free and does exactly if not more of the same thing.
I use the public dns server from adguard - no limits but little config options
AdGuard DNS — ad-blocking DNS server
Create your ad-blocking DNS server that will protect your personal data, prevent tracking and allow you to control access to specific content on the Internet.adguard-dns.io
Use config manually and tcp instead of http
I heard DoH and DoT just adds to the complexity of the setup and does not add any real security or privacy. I also think it adds some lag
I think your money in the bank is only insured up to $100K per depositor. So if you have $1M and the bank goes bankrupt you will only get $100K but idk
I agree with all you said but a US or UK company isn't any better.
Revealed: how US and UK spy agencies defeat internet privacy and security
• NSA and GCHQ unlock encryption used to protect emails, banking and medical records• $250m-a-year US program works covertly with tech companies to insert weaknesses into products• Security experts say programs ‘undermine the fabric of the internet’
UK Government acknowledges past violations of individuals’ rights and the fight continues...
The UK government has acknowledged that section 8(4) of the Regulation of Investigatory Powers Act (“RIPA”) (which has since been repealed) violated Articles 8 and 10 of the European Convention on Human Rights (ECHR).
"Edward Snowden revealed several things about the NSA, including the existence of Tempora, a program established by GCHQ that gathers phone and internet traffic"
NSA files decoded: Edward Snowden's surveillance revelations explained
In the last five months, the NSA's surveillance practices have been revealed to be a massive international operation, staggering in scope. But how do all of the NSA's programmes fit together – and what does it mean for you?
"Snowden's leaks also revealed that Verizon had been providing the NSA with virtually all of its data"
The 10 Biggest Revelations From Edward Snowden's Leaks
The 10 Biggest Revelations From Edward Snowden's Leaks
mashable.com
As of the writing of this post, these are the main actions affecting Silicon Valley Bank, Signature Bank, First Republic Bank, and Credit Suisse. SVB and Signature were taken over by the FDIC. SVB and Signature depositors have had all deposits, even beyond the FDIC limits, guaranteed for the full amount by agencies of the US government. First Republic received funds from a consortium of larger US banks and financial insititutions. Credit Suisse received support from Switzerland’s central bank.
Something to keep in mind is that depositing money with a bank is different from investing in a bank. Deposits are closely regulated and supervised by multiple government agencies. As we've seen recently, the US government and the banking industry will go to extraordinary lengths to protect bank depositors. Investors, including buyers of a bank's stock, on the other hand, always bear the risk of losing their entire investment. In the cases of SVB and Signature, depositors were made whole but investors in these banks were wiped out.
In other words, an individual can deposit money into First Republic today without any risk of loss as long as they stay below the FDIC limit. In contrast, anybody buying shares of First Republic today is taking on a lot of risk.
----------
Note: the FDIC limits were raised to more than $100,000 following the 2008 financial crisis. Also, if the FDIC takes over a bank and another bank acquires the failing bank's assets, deposits in excess of the FDIC limit usually become available to depositors after a delay (FDIC insured amounts are available immediately following a FDIC take over).
Last edited:
The FDIC insures banks up to $250k per bank. per covered account type.
This saves all common folks (who’d typically have less than $250k, or can easily spread money around in multiple banks), which was the intent of the FDIC guarantees (basic guarantee of the financial system, basic guarantee for the population) but doesn’t fully help a Ford or a GM or a Kelloggs, who might need 10000x that amount in funds in order to ensure daily, normal operations.
For most people, there’s just no reason to worry about where their money is deposited. However, investment money (ie a non-FDIC-backed instrument) still has risk, as if a bank or investment firm fails, those items wouldn’t necessarily be protected.
The funds to do all of this protection comes from FDIC insurance fees that the US Government charges banks. It can withstand multiple bank failures without requiring funds from US taxpayers. With a large enough failure, of course, then the taxpayers would need to pony up.
In order to support the American financial system, and to ensure trust in the banks, obviously this is very worthwhile.
Again let it be said: there’s no cause for alarm, even if your bank “fails”, because for FDIC insured deposits, your money is absolutely safe. The run on the banks that other countries see shouldn’t be a problem here, unless you have >$250k in one account. Then there’s risk.
The grandstanding I see on TV leads me to believe no one is even aware of what the FDIC does.
Here you go! I was partially correct initially. It's per-account-type. If you have 5 savings accounts at one bank, they're all covered to a total max of $250k, but if you have a savings and a checking account those are two covered account types, so you're covered to 2x250k, or $500k.
FDIC Insurance: What it is and what types of accounts it covers
FDIC insurance is an independent agency of the U.S. government that offers deposit insurance for account holders at its member banks in the event of a bank failure. Read more here.
FDIC insurance automatically covers deposits up to $250,000 per depositor, per institution, for each account ownership category. These categories include checking accounts, savings accounts, money market accounts and certificates of deposit (CDs). These account categories can be held by themselves or within other account types.
Only these account categories, which hold specific types of assets, are insured. For example, should a 401(k)’s allocation be 50% in stocks and 50% in a money market account, only the portion in the money market account would be insured. Additionally, individuals with more than one account at one member institution are insured for each of the individual eligible account categories they hold. So, if a customer has a savings account, a checking account and a money market account at one bank, they are each individually insured up to $250,000.
Last edited:
I recognize we're going off-topic but I have two things that I think are important to say here:
- Do not rely on online discussions for financial advice. It is better, a lot better, to do your own research, talk to representatives at your financial service providers, and, for planning and ongoing management, hire a Registered Investment Advisor or a credentialed financial planner.
- The JP Morgan Chase article in post #296 and the example I quote above contradict information on the FDIC's website. FDIC insurance coverage is limited by the name on accounts (for example, Alice Jones or Bob Smith) not by the type of account, such as "checking" or "savings". So, if Alice Jones has a checking account and a savings account at Bank XYZ, the amounts in each account are added together by the FDIC and must not total more than $250,000 for Alice Jones' deposits at Bank XYZ to be fully insured.
Here are some sources on the FDIC website I found useful when researching FDIC insurance limits (thanks to @foo2 for motivating me to take a deep look):
(see Example #1 under Single Accounts)
https://www.fdic.gov/resources/deposit-insurance/brochures/insured-deposits/
(online calculator useful for seeing how coverage works–don't worry, you can put in fabricated personal details)
https://edie.fdic.gov/index.html
(pdf of FDIC brochure explaining depositor insurance)
https://www.fdic.gov/resources/depo...s/documents/your-insured-deposits-english.pdf
Last edited:
Standard DNS block, like a pihole or AdGuard DNSOnly:What about Adsorb?
Adsorb
Adsorb is a light weight, fast and efficient network-level ads blocker for macOS.www.murusfirewall.com
This ads blocking is working differently than others. Is it good and trustable? Any opinions on this one?
Adsorb is a network filter. It includes a list of banned hostnames, mainly ads services and trackers. When Adsorb is enabled all outbound connections to banned hostnames will be blocked. This applies to all apps and processes running on your Mac, so it will work with all web browsers without using dedicated browser extensions.
Every time you run Adsorb the filter will be automatically enabled. Adsorb menulet icon will be displayed in macOS menu bar, near the clock. Click this menulet icon to enable/disable Adsorb filter or to change Adsorb Preferences.
Have you tried it? Is it trustable? Could it replace the use of the web navigators plug-ins (uBlock in Firefox, Wipr in Safari)?
There are so much options like this one that it's hard to make a choice.
See my previous comments on dns vs certificates. Gist: dns blocks inherently safer.