I want to block twitter / x on my Mac. I found a number of suggestions to block websites using the host file. I can block twitter but x.com still comes through. Could this have something to do with how short the url is?
I am opening hosts file (terminal - sudo nano /etc/hosts)
adding line for each website I want to block, e.g. 127.0.0.1 x.com or 127.0.0.1 twitter.com
then saving file, flushing DNS cache and testing (sites do get blocked using this method but not x.com)
Any ideas / suggestions on how to block a website such as x.com using this method or another? Thanks!
I don’t think it would have anything to do with the actual domain. I just tried, and had no problems blocking x.com using that approach.
In the past, I have occasionally found that the hosts file is sensitive to what kind of whitespace is used. In particular, avoid tabs between IP address and domain name, and use spaces instead.
You might also look at whether your router provides the ability to block domains. If you block it at the router, then it will affect all devices on your network, rather than each device individually using the hosts file. That’s what I’ve done on my firewalla router - I’ve blocked several domains, and also several countries where I know that malware and hacking is prevalent. Depending on the router, it might also offer the ability to block apps rather than specifying the domain. On mine, I can block Facebook, Fortnite, Hulu, Instagram, Netflix, Roblox, Snapchat, TikTok, Twitch, Twitter, and YouTube (note that some of those are “beta”). The advantage here is that they update the domains internally - so that Twitter will block both the twitter and x domain names, but also other related domains.
Another option is if you’re using a network monitor, like LittleSnitch - you can also block the traffic at that level (but again, that’s going to be at the individual device rather than your network). I’m actually using both - I have some things blocked in LittleSnitch, and others blocked at the router.
I did some more research, because I’ve seen “use 0.0.0.0 instead of 127.0.0.1”, but the stackexchange question below has some good information, and makes me more confident about recommending blocking either in your router or by using LittleSnitch or something similar.
0.0.0.0 can be equally dangerous, as it acts like 127.0.0.1 on some
operating system such as Linux.
In order to block domain names, you'd better use a DNS proxy such as
dnscrypt-proxy. In addition to being way faster than hosts files with
large datasets, DNS proxies can block suffixes,
prefixes and regular expressions.
Instead of returning an actual IP address, these proxies return
responses with the REFUSED error code, which is the standard
way in the DNS protocol to refuse queries.
Good idea about the router but I am using Eero and blocking domains is part of the paid options and I’m not interested in a recurring fee from my router.
Since blocking from hosts file is supposed to work, I’m going to keep trying (banging my head against keyboard) until I figure it out. Thanks!
You can always disable your router’s server and run your own DNS server instead.
On my LAN, I use a Raspberry Pi for this. Here’s an article I wrote five years ago about how to set that up.
Other articles in that series describe how to set up a DHCP server on a Raspberry Pi and configure it to serve static IP addresses.
It’s a bit of work, but it’s not very hard and you only have to do it once. (Well, you may need to tweak the zone files as you add/remove hosts from your network.)
If you only want to use DNS for ad blocking or if manually setting up a DNS server is too much work for you, you can also set up a Pi-hole on your LAN. You can run it on any Linux-based computer, not just a Raspberry Pi.