Hi !
A couple of days ago, my friend Luca (@lucavgobbi) told me about PiHole: A Network-wide Ad Blocking. Even better, let me copy the official description from their GitHub repo:
The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content, without installing any client-side software.
Easy-to-install: our versatile installer walks you through the process, and takes less than ten minutes
Resolute: content is blocked in non-browser locations, such as ad-laden mobile apps and smart TVs
Responsive: seamlessly speeds up the feel of everyday browsing by caching DNS queries
Lightweight: runs smoothly with minimal hardware and software requirements
Robust: a command line interface that is quality assured for interoperability
Insightful: a beautiful responsive Web Interface dashboard to view and control your Pi-hole
Versatile: can optionally function as a DHCP server, ensuring all your devices are protected automatically
Scalable: capable of handling hundreds of millions of queries when installed on server-grade hardware
Modern: blocks ads over both IPv4 and IPv6
Free: open source software which helps ensure you are the sole person in control of your privacy
I setup this in an extra Raspberry Pi 3 that I have at home, and keep it running for the last couple of days. I was in shock when I realized that aprox 30% of my internet traffic is … not so good.
One of the cool features of PiHole, os that you can work with their logs. So I decided to apply some very powerful Machine Learning algorithms to detects anomalies and strange behaviors.
In the meantime, I decided to read the logs, and make some filters just using Excel. And I found a lot of very strange urls. Today I’ll share some of the Microsoft ones.
So, in example, do you know what does this set of urls have in common?
- location-inference-westus.cloudapp.net
- licensing.mp.microsoft.com
- watson.telemetry.microsoft.com
- …
They are all Microsoft endpoints ! It seems that Windows 10 is sending a lot of diagnostic and other type of data. Lucky for us, most of this endpoints are well explained for each one of the Windows 10 versions. So, in example, I don’t use a lot of UWP apps, and it seems to me that the localization service does not need to send a lot of information, from a FIXED PC.
I decided to add some of this domains to the blacklist of domains and so far, so good. Windows is still working amazing, I enabled some of the urls so I can use also Visual Studio and Azure DevOps, and my user experience is still the same (with 30% less of traffic!)
So, I may want to also write about some domains I found other chatty devices uses like my Amazon Alexa, my Roku, and more … maybe in the next post! And kudos to the PiHole team!
Happy Coding!
Greetings @ Burlington
El Bruno
References
- PiHole, https://pi-hole.net/
- GitHub, https://github.com/pi-hole/pi-hole
- Manage connection endpoints for Windows 10, version 1809, https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1809-endpoints
El Bruno 