Hi there, having a personal dislike of Facebook (and the MeeToo-systems alike) for their impertinent sniffing for private data I tried on my laptop to block facebook.com via hosts-file. Interestingly this failed: Calling "http://www.facebook.com"; always resulted in a lookup for "httpS://www.facebook.com" and the respective site showed up in the browser (tried firefox and xombrero).
Well: Beside excepting the fact that those facebook engineers did a fine job circumventing the entrys in /etc/hosts I felt immediatly insecure: The reports on this company's attitude towards even non-customers privacy are legendary. Their respective track record earns them the honorable title of "NSA's fittest supporter"... Anyway: I think I finally managed to block all their IPs via PF and on this laptop I now feel a little less 'observed'. [Yes, I know - this is just today's snapshot of IPs!] My question is on the squid-server I have running at home: What would make more sense - blocking facebook.com via pf.conf alike or are there reasons to use squid's ACL instead? Performance? Being ultra-paranoid and implementing both (or even additionally the hosts-file-block?)? From my understanding squid should not be able to block https-traffic as it is encrypted - or am I wrong here? Curious if there is a particular (Open)BSD solution or simply how you 'guys and gals' would do it. Thank you for sharing your thoughts. Cheers, STEFAN
