As someone who uses a whitelist approach, I am curious whether people ever experience false positives or missing entries with these lists? I have little experince with those lists except for going through one of them once and being shocked at what was in there.

The setup I use is customised for me, i.e., Rube Goldberg would be proud. I can view and manipulate all traffic from outside the application and outside the origin computer. I can strip cookies based on IP, domain or URL very easily. I also control DNS so only domains I approve would even return an IP address.

There are many false positives or grey negatives when using those filters.

But it mostly happen during these kinds of redirects where one or more actors wants to be in the redirect loop. This could be URL shorteners or price comparison websites.

uBlock asks if you want a one time exception when a redirect leads you to a blocked url.

What is the user interface for your setup like? It sounds attractive but possibly prohibitively frictious to be workable for me.

I currently use a combination of uBlock Origin blacklisting, NoScript whitelisting, and Little Snitch alerting, if you need a baseline to compare. I've also run a Pihole instance in the past to loop my phone in, but that's not running as of today.

No GUI.

I think what I have created is something like a cross between Pi-Hole, Burp and something yet to be named. But it's faster, more flexible, uses different software and is Java-free.

Sorry if I was unclear, I wasn't asking about a GUI. I mean how do you interface with it as the user? I assume it isn't just something you launch and forget about given your description.

Oh, sorry I misunderstood. It is ideally run on a gateway, but can also be run on the same machine if using a UNIX-like OS that isn't locked own. I do interface with it a lot because I like to look at logs and dumps and experiment with configurations, but that's not required. Setup consists of a single script that sets up all the servers and imports the data. Any changes while using consist of editing text files. There are some tiny shell scripts and some helper tools I wrote in C to facilitate hands-on DNS management as I am very active in managing DNS data, I like to see IP addresses rather than hide them. I intentionally do many DNS lookups semi-manually. This is purely personal preference, not required. This system could be "set it and forget it" once you have the proxy configs and DNS data you want. The amount of DNS data I actually need to survive is quite small. Those outsourced blocklists the ad blockers use could be larger than personally curated whitelists, depending on the user. The DNS and proxy servers use little system resources.

A programmer with an excellent track record for reliability once said something like "The best interface is no interface." This is how I like things. I do not want to be required to costantly interact. He is the author of the DNS server and daemontools, which I use to control the servers.

HTH

That sounds so cool, I'd love to know more about your setup!

Tried in a new profile and didn't see any viglink.com.

Edit: the link should be https://tinyurl.com/examplezoom (which does have viglink.com).

For some reason you wrote the preview link, https://preview.tinyurl.com/examplezoom, which does not have the tracker.

I think that's their point: preview.tinyurl.com is lying to you.

Ah, I misunderstood.

TBF I think they have direct link on preview page simply because they don't want to track the traffic from these pages (instead of trying to disguise), but the practice is still bad.