Hi Andres, yes - I have read about OpenDNS' services and that many out there are really happy with them.
But I try to do my homework first before relying on s.o. else: I _do_ have this OpenBSD-based squid-server - why not use it to it's full potential? Might not be a big deal traffic-wise, but it adds up... Anyway - thank you for sharing. Regards, STEFAN Am Fri, 18 Oct 2013 17:42:31 -0500 schrieb Andres Genovez <andresgeno...@gmail.com>: > Regards, > > The way it gets blocked (but not all for a wise kid) properly is via > CDIR and block DNS via OpenDNS services > > > Greetings. > > > 2013/10/18 Stefan Wollny <stefan.wol...@web.de> > > > Hi there, > > > > having a personal dislike of Facebook (and the MeeToo-systems alike) > > for their impertinent sniffing for private data I tried on my > > laptop to block facebook.com via hosts-file. Interestingly this > > failed: Calling "http://www.facebook.com" always resulted in a > > lookup for "httpS://www.facebook.com" and the respective site > > showed up in the browser (tried firefox and xombrero). > > > > Well: Beside excepting the fact that those facebook engineers did a > > fine job circumventing the entrys in /etc/hosts I felt immediatly > > insecure: The reports on this company's attitude towards even > > non-customers privacy are legendary. Their respective track record > > earns them the honorable title of "NSA's fittest supporter"... > > > > Anyway: I think I finally managed to block all their IPs via PF and > > on this laptop I now feel a little less 'observed'. [Yes, I know - > > this is just today's snapshot of IPs!] > > > > My question is on the squid-server I have running at home: What > > would make more sense - blocking facebook.com via pf.conf alike or > > are there reasons to use squid's ACL instead? Performance? Being > > ultra-paranoid and implementing both (or even additionally the > > hosts-file-block?)? From my understanding squid should not be able > > to block https-traffic as it is encrypted - or am I wrong here? > > > > Curious if there is a particular (Open)BSD solution or simply how > > you 'guys and gals' would do it. > > > > Thank you for sharing your thoughts. > > > > Cheers, > > STEFAN > > > > > > > -- > Atentamente > > Andrés Genovez Tobar / DTIT > Perfil profesional http://lnkd.in/gcdhJE > Mit freundlichen Grüßen, STEFAN WOLLNY Regulatory Reporting Consultancy Tel.: +49 (0) 177 655 7875 Fax.: +49 (0) 3212 655 7875 Mail: ste...@wollny.de GnuPG-Key ID: 0x9C26F1D0