What Are Filter Lists, and Why Are They at Risk?

Almost all of the threats our devices face come from the Internet, so security solutions for malicious websites have never been more important. Other than antivirus software and browser-based scanning like Microsoft SmartScreen and Google Safe Browsing, home users have few realistic options for blocking these malicious connections.

DNS and content blocking browser extensions offer amazing additional protection and have one thing in common: filter lists. Filter lists are crucial, but they face an uncertain future. So what are they? What could the future hold for us?

What are filter lists?Graphic illustration of website and globe seen on red background.

Filter lists are text files of rules that tell solutions what to block and how to block it. They are absolutely essential for content blockers and DNS services with any type of blocking capability, as they would not function without them. The easiest way to think of the Domain Name System is the concept of an Internet phone book. You visit a domain, like “makeuseof.com,” and your device asks DNS for your IP address, so it can connect.

Users can choose from thousands of filter lists to block security threats, trackers, pornography, gambling, dating, and other inappropriate content to make the Internet safer for themselves, online children, or businesses.

The filter lists and the hosts file in your operating system have very similar blocking capabilities but with different formats and intended uses. The hosts file tells your operating system what a domain leads to, i.e. an IP address. To block a domain with your hosts file, you can use the correct format to tell your operating system to point the domain to a fake IP address like 0.0.0.0 instead of the real one.

Your computer will visit 0.0.0.0 instead of the harmful IP address and your browser will take you to an error page since it doesn’t exist, thus keeping you safe. DNS blocking does the same thing, by not giving your computer the IP address, so it can’t connect to the dangerous website.

Your hosts file and DNS services essentially do the same thing, except that hosts files are not used on most systems. In the 2000s, it was common for professional users to download host files created by the Internet community to block malware, ads, and other unwanted content before alternative DNS services and content blockers became available.

While you can still use hosts file lists, they don’t update as much, aren’t as user-friendly compared to DNS services, and sometimes cause slowdowns. One DNS can block millions of domains and make no difference to performance since the blocks are on the DNS server; locking thousands of hosts files can cause noticeable performance degradation. Many legacy host file lists have been converted to filter lists, for use with content blockers and DNS solutions, giving you more choice and flexibility.

Why is the future of filter lists at risk?

Hand coming out of the computer to shake the hand of the person in front of it.

Most public filter lists are voluntary projects, with a few exceptions, such as those supported by larger companies.

The largest and most widely used filter lists are volunteer projects, and they often have communities of contributors. These communities make sure that the filter lists are always up to date and that false positives are eliminated. This is good for users, as there is no company behind most of these lists that decides what gets blocked and what doesn’t. This is especially important in filter lists for ads and trackers. With most public filter lists, anyone can contribute, add, or suggest removal of individual filters.

However, this comes with drawbacks. Volunteer filter lists rely on the donations and motivation of individual contributors to remain effective in blocking and staying current. For the most part, there is no concern about a lack of contributors, or even a lack of donations. However, there are concerns that the money these projects have will not be sustainable in the long term, as problems that arise can be expensive to mitigate.

Spikes in region-specific browser traffic and a general increase in users have put these budget-minded projects to the test. Even by blocking some of this traffic, hundreds of terabytes in bandwidth can be used to deliver blocked pages. Also, content delivery networks (CDNs) like Cloudflare don’t want to stream content as text files; they want proxy from normal websites. Without CDNs, filter list hosting costs would increase dramatically. This was a problem that a popular filter list, EasyList, had as explained by AdGuard.

Cloudflare also has its own free DNS service that resolves numerous DNS privacy risks. It’s one of the fastest services out there, competing with (and sometimes beating) Google based on your location.

An illustration of a lens scanning digital devices

Future incidents like these could cause hosting costs to rise, resulting in massive slowdowns, making it much slower to download and update filter lists. It could even cause some projects to go into a dormant state if hosting costs get too high.

Fortunately, Cloudflare resolved the EasyList related incident, but it showed how quickly issues like this can occur. There shouldn’t be anything to worry about as the contributors volunteering their time to make these filter lists awesome will continue, but it’s a situation worth monitoring if you use these filter lists via DNS or blockers. of content.

Anyone can make a list of filters, and there are thousands to choose from, but only a few have communities and contributors large enough to have hundreds of thousands of rules to be as effective as they are. Filter lists generally aren’t going anywhere, especially those backed by companies like AdGuard, but we should appreciate the community projects that are leading the way.

You will always have antivirus software and browser scanning to keep you safe. Browser extensions created by antivirus companies may use their own lists or check the websites you visit directly against the antivirus cloud. Larger company content blockers are likely to combine their own lists with public ones as well.

Leave a Reply

Your email address will not be published. Required fields are marked *