What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Please excuse my ignorance:

I installed Diversion. So far no adds blocked. I'm assuming I need to import the cert. Ummm how do I do that? Thanks.
Know that the ads count on the SSH UI is updated twice daily. Run ac to count them manually.
 
Add the URL in diversion under b, 1, 2, 1 menu options.
Code:
____________________________________________________



1. Add hosts list
2. Remove hosts list
3. Disable hosts list
4. Enable hosts list

Enter selection [1-2 e=Exit] 1

  i  Hosts list can be in "IP domain" pair or
     domain only format.

Paste web address and press [Enter]

Enter hosts list  [q=Quit]  https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt


Just wondering,is my hostlists on the right track ?Thanks alot for help.
 

Attachments

  • hostlist.png
    hostlist.png
    80.8 KB · Views: 180
Anyone seen this yet? Two domain requests, one which gets around the sinkhole? Is this an iOS 14 thing? Screenshot is from uiDivStats.

View attachment 26326


Edit: Yep, it sure is. I wonder if I can disable it: https://support.umbrella.com/hc/en-...DNS-Resolver-Selection-in-iOS-14-and-macOS-11
I wonder if it is the random mac address issue? Can you see the mac for those two entries? Are they the same? You might try this.
 
I wonder if it is the random mac address issue? Can you see the mac for those two entries? Are they the same? You might try this.
Yeah, that's what it seems like. My iOS14 devices generate a new MAC address for each WiFi network it joins. But not sure I want to turn it off; it only generates a new MAC address once for each unique network. What's more disconcerting is that this new DNS type=65 is getting around Diversion (at least according to uiDivStats) and Apple doesn't seem to provide a way (like Firefox does) to prevent client Auto DoH. Won't this be a nightmare for network admins in schools and such?

Can also confirm that the router setting does not prevent it, again likely because Apple just ignores it or didn't provide a way to disable it at the network level?
@RMerlin @thelonelycoder @Jack Yaz

Screen Shot 2020-09-18 at 10.20.18 AM.png


Edit: I turned it off for my home network... just another thing to remember now when joining other networks...
 
Last edited:
I've decided to try the youtube adblocking (beta) feature. Can you tell me what this means in the log?
Screenshot - 18_09_2020 , 21_37_34.jpg

Thanks.
 
Yeah, that's what it seems like. My iOS14 devices generate a new MAC address for each WiFi network it joins. But not sure I want to turn it off; it only generates a new MAC address once for each unique network. What's more disconcerting is that this new DNS type=65 is getting around Diversion (at least according to uiDivStats) and Apple doesn't seem to provide a way (like Firefox does) to prevent client Auto DoH. Won't this be a nightmare for network admins in schools and such?

Can also confirm that the router setting does not prevent it, again likely because Apple just ignores it or didn't provide a way to disable it at the network level?
@RMerlin @thelonelycoder @Jack Yaz

View attachment 26330

Edit: I turned it off for my home network... just another thing to remember now when joining other networks...
i'd be interested to see a snippet of the dnsmasq.log file to make sure its not just a parsing error on my part
 
Anyone seen this yet? Two domain requests, one which gets around the sinkhole? Is this an iOS 14 thing? Screenshot is from uiDivStats.

View attachment 26326


Edit: Yep, it sure is. I wonder if I can disable it: https://support.umbrella.com/hc/en-...DNS-Resolver-Selection-in-iOS-14-and-macOS-11
I'm getting the exact same thing on my iPad now that it updated to the final GM version of iOS 14. Beta versions were fine. I was seeing tons of ads in Apple News yesterday which made me question if Diversion was even running. My logs look the same, two identical requests at the same time, one class A blocked, and the other with type=65 showing as allowed.

Here is what I see in dnqmasq.log for an iAd query:
Sep 18 19:29:42 dnsmasq[20954]: query[type=65] iadsdk.apple.com from 192.168.1.133
Sep 18 19:29:42 dnsmasq[20954]: forwarded iadsdk.apple.com to 75.75.75.75
Sep 18 19:29:42 dnsmasq[20954]: query[A] iadsdk.apple.com from 192.168.1.133
Sep 18 19:29:42 dnsmasq[20954]: /opt/share/diversion/list/blockinglist iadsdk.apple.com is 192.168.1.2

I've also noticed a giant increase in iOS youtube app ads over the last two-three weeks on my iPad. I shrugged and figured it was just new domains being used (I have over 400 counted in my youtube blocker), but I do recall looking and noticing that I wasn't getting new youtube host found messages in my system log on a consistent basis when I was being served ads. Sometimes I'd get a log entry, other times I'd see youtube app ads and have no entry for a new host. I didn't think much of it at the time and shrugged it off...
 
Last edited:
Browser and platform shouldn't make any difference - the blocking is done at the router. Works fine on the Macs (and PCs) on my home network.
Its the CA cert I can't get. Just tried it on my PI4 with chromium and no joy. I also tried the reinstall option. still less joy. Any tips would be appreciated. Http:// was missing. hey you can't fix stupid.

Thanks fellas!
 
Last edited:
OK so importing the CRT to safari is not so easy. It was easy with Firefox, but of corse the apples makes everything hard. Working on it. Diversion works great on Firefox. The problem with Mac and Firefox is I can't easily zoom in. Sorry just learning the basics of this stuff. Funny thing is before Merlin I used PFsense. you'd figure I'd know this stuff.


So far not anyway as good as the PiHole. Do I need to do something to add lists? I mean no disrespect the developer. I'm just stating experience. I truly love this stuff.
 
Last edited:
I've decided to try the youtube adblocking (beta) feature. Can you tell me what this means in the log?
View attachment 26342
Thanks.
Following on from this (and which I am still wondering about), does it make any difference if I select "Skip Ad" or do I need to let the advert(s) run to the end to help Diversion gather the information it needs? Also, roughly how many youtube videos might I need to watch before I start to see fewer ads and will someone else watching youtube videos on the network contribute to what Diversion needs to be effective at blocking ads or will it only work from the network devices used to switch on this feature (I suspect the former, but I just want to be sure)?
 
Following on from this (and which I am still wondering about), does it make any difference if I select "Skip Ad" or do I need to let the advert(s) run to the end to help Diversion gather the information it needs? Also, roughly how many youtube videos might I need to watch before I start to see fewer ads and will someone else watching youtube videos on the network contribute to what Diversion needs to be effective at blocking ads or will it only work from the network devices used to switch on this feature (I suspect the former, but I just want to be sure)?
This experimental feature is an attempt to reduce YouTube video ads. The success rate that it prevents ads from playing is relatively low but can be at times very high or frustratingly ineffective.

After setup, all devices running through the router help adding to the forced IP redirect list which typically grows to a unique domain count of about 200-400 over time. The Skip Ad button, if shown, can safely be clicked, the request for the domain has at this time already passed through the router and will be picked up at the next count point (counter at x of xx) and added if not previously seen to the redirect list.

I believe some changes I made in the local development code may have increased the success rate, pending further testing and tweaking. Cross fingers and keep your hopes low...
 
OK, thanks for the explanation. I'll see what happens and report back when I have used it for a while.
 
Just installed Diversion and experimental YouTube ad blocking. It works well on YouTube viewed with a web browser but it doesn’t seem to have an effect on the YouTube app for iOS or appletv. Is this a known limitation? Anything I can configure to make it work? Thanks for the Diversion project!
 
Just installed Diversion and experimental YouTube ad blocking. It works well on YouTube viewed with a web browser but it doesn’t seem to have an effect on the YouTube app for iOS or appletv. Is this a known limitation? Anything I can configure to make it work? Thanks for the Diversion project!
If you’ve updated to iOS 14, Apple is allowing developers to use dns over https (type=65). These requests are currently not being caught by Diversion, even if they point to a blacklisted domain. The iOS YouTube app has been updated recently and appears to be doing this based on what I’m seeing in my logs. The tvOS version hasn’t been updated in months and I think Diversion should still be able to filter it. I haven’t tried YouTube on my Apple TV recently though so I’m not 100% sure.
 
That’s interesting about iOS 14. I checked with my iPad that still has iOS 13 and the ads get through on the YouTube app there too. I’ve been interested in the app for YouTube on the Apple TV. I usually run an adblocker in my browser and never seen them. They’re out of control without blocking. I can just AirPlay and avoid the app. I’m considering premium though because I actually do watch several YouTube vids a day.
 
I see where it goes wrong for you during the blocking list(s) update. The empty hosts list file is the reason why.
Give me a good reason why the hostslist file deliberately is empty and I might consider a workaround for that rather unusual setup.
In any case, adding a direct raw link to a legitimate hosts or domain list that contains a minimum of 200 unique entries will fix this for you.
Gotcha - yeah I just realized that the issue was occurring the morning after it was set to update the blocklists.

The reasoning for this setup was to have certain devices on my network that still used my router for DNS (to take advantage o DNSSEC and DNS over TLS) but not have any ad-blocking. Is it fine to just point those devices to 1.1.1.1 using the dns filter feature? (or is that a risk because I lose DNS over TLS?)
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top