π

Blocking facebook on GNU/Linux via iptables

Show Sidebar

I am not using facebook for a broad variety of reasons. Unfortunately, this does not stop facebook on tracking your online behavior with their like-buttons, permanent cookies and such. With this top-of-the-art surveillance technology, facebook knows you better than most of your friends.

When you have the fortune of not having to use facebook directly, you can start thinking of radical ways to block most parts of facebook from your life.

For example, you can use your GNU/Linux iptables firewall to block the IP ranges of facebook. Don't execute this script I got from here unless you understand, what it does:

/usr/bin/whois -h "whois.radb.net" -- '-i origin AS32934' | \
    egrep "^route:" | \
    awk '{print $NF}' | \
    sed -r 's/(.*)/iptables -I OUTPUT -d \1 -j REJECT/' | \
    sudo -s source /dev/stdin	  

The script retrieves information of facebook via their AS number, extracts the routing IPs, and sends them to the iptables firewall to reject outgoing packages directly to facebook once and for all.

I execute this via cron-job after each reboot in order to get the most current IPs.

This is not bullet-proof. First of all, many sites cooperate with facebook, sharing their data with facebook. Several information retrieval scripts are not run by facebook directly and therefore use different IPs than those registered by facebook.

And then there is the side-channel attack you can't avoid: your friends and acquaintances who are happy to upload their contact database (smartphone) to facebook in order to «find their friends in the most convenient way». This data is therefore leaked to and stored by facebook to maintain your profile even when you don't have created one by yourself.

Minimizing the footprint is the way to go.

Comment via email (persistent) or via Disqus (ephemeral) comments below: