1984 called

Hmm. This is a difficult post. Mainly because it will be easy to misinterpret but I will try.

I currently run infrastructure – namely DNS servers that form the backbone of my ad-blocking software for Galaxy phones. The software runs a custom DNS server that blocks a list of domains containing malware, phishing, ads and tracking websites.

I created the infrastructure out of frustration from not being able to control what my phone was doing in the background. The idea is rather simple. It uses a VPN service inside Android to use my own DNS servers. This stops ads from loading, and stops apps from “phoning home” to send analytics data.

Now. I hate ads – but they are necessary as people are not willing to pay for content. This means companies are resorting to more nefarious ways to make a return on their investment – mass surveillance.

Here are the raw stats – make up your own mind.
Queries: 1190297, blocked: 656566
March 25 – Jun 02

Total for top blocked domains:
124282	=>	graph.facebook.com
84096	=>	mobile.pipe.aria.microsoft.com
76623	=>	www.googleadservices.com
36648	=>	ssl.google-analytics.com
34621	=>	googleads.g.doubleclick.net
28338	=>	app-measurement.com
23909	=>	reports.crashlytics.com
23116	=>	graph.accountkit.com
21129	=>	graph.instagram.com
18301	=>	api.segment.io
12424	=>	settings.crashlytics.com
9919	=>	lt.andomedia.com
9861	=>	e.crashlytics.com
8487	=>	device-api.urbanairship.com
7639	=>	analytics.localytics.com
7057	=>	t.appsflyer.com
6864	=>	s.youtube.com
6364	=>	cmdts.ksmobile.com
5690	=>	profile.localytics.com
5670	=>	app.adjust.com
5350	=>	data.logentries.com
5300	=>	secure-dcr.imrworldwide.com
4694	=>	mobile-collector.newrelic.com
4329	=>	pubads.g.doubleclick.net
3790	=>	data.flurry.com
3483	=>	ip-api.com
3305	=>	gjapplog.uc.cn
3171	=>	vortex.data.microsoft.com
3091	=>	z.moatads.com
3077	=>	www.googletagmanager.com
2761	=>	www.google-analytics.com
2622	=>	decide.mixpanel.com
2284	=>	api.mixpanel.com
1746	=>	ads.nexage.com
1739	=>	ads.mopub.com
1602	=>	api.facebook.com
1581	=>	securepubads.g.doubleclick.net
1484	=>	device-metrics-us.amazon.com
1238	=>	geo.yahoo.com
1151	=>	stats.pandora.com
1107	=>	wzrkt.com
1071	=>	rts.mobula.sdk.duapps.com
1060	=>	live.chartboost.com
1049	=>	stats.appsflyer.com
996	=>	cdn.optimizely.com
867	=>	pagead2.googlesyndication.com
853	=>	hotstar.pubnub.net
816	=>	www.startappexchange.com
785	=>	events.appsflyer.com
770	=>	adservice.google.com
761	=>	wd.adcolony.com

Totals for top domains:
134631	=>	graph.facebook.com
87022	=>	mobile.pipe.aria.microsoft.com
79471	=>	www.googleadservices.com
77897	=>	freebsd-cloud (host name of my server)
42356	=>	ssl.google-analytics.com
37064	=>	googleads.g.doubleclick.net
32577	=>	app-measurement.com
24627	=>	reports.crashlytics.com
23663	=>	graph.accountkit.com
21893	=>	graph.instagram.com
18726	=>	api.segment.io
15076	=>	settings.crashlytics.com
14603	=>	android.clients.google.com
12929	=>	www.googleapis.com
12537	=>	e.crashlytics.com
10968	=>	www.google.com
10570	=>	play.googleapis.com
9919	=>	lt.andomedia.com
8885	=>	device-api.urbanairship.com
8120	=>	api.samsungcloud.com
7743	=>	analytics.localytics.com
7399	=>	t.appsflyer.com
6892	=>	s.youtube.com
6571	=>	cmdts.ksmobile.com
6340	=>	app.adjust.com
6119	=>	mqtt-mini.facebook.com
5698	=>	profile.localytics.com
5431	=>	secure-dcr.imrworldwide.com
5350	=>	data.logentries.com
5238	=>	clients3.google.com
4749	=>	mobile-collector.newrelic.com
4727	=>	data.flurry.com
4716	=>	inbox.google.com
4483	=>	pubads.g.doubleclick.net
4429	=>	youtubei.googleapis.com
3846	=>	analytics.query.yahoo.com
3752	=>	www.google-analytics.com
3666	=>	clients4.google.com
3490	=>	ip-api.com
3423	=>	gjapplog.uc.cn
3367	=>	z.moatads.com
3314	=>	www.googletagmanager.com
3309	=>	edge-mqtt.facebook.com
3303	=>	imap.gmail.com
3267	=>	safebrowsing.googleapis.com
3218	=>	mtalk.google.com
3173	=>	vortex.data.microsoft.com
3168	=>	cloudconfig.googleapis.com
3121	=>	i.instagram.com
2956	=>	i.ytimg.com
2941	=>	www.youtube.com
Advertisements

6 thoughts on “1984 called

  1. The crashlytics servers are fairly standard for native mobile app crash reporting. They were bought by Google and now integrated into Firebase, so in the future they will likely be rebranded. Blocking them prevents developers from getting user crash reports.

    Liked by 1 person

    1. Thanks for your input. It is hard to figure out what to block or what to allow. It would be better if it were an opt in. As crash reports may contain sensitive data.
      But yes I get your point some of the domains are legitimate and some are necessary but it adds up to a fairly disturbing picture. I need for information.

      Like

      1. Crashlytics filters out personal information by default, so unless the developer went out of their way to include it, all the dev will see is the device model, OS version, screen info (size, resolution, dpi), the country you’re in (often wrong), and a few other info about the app (app version, install time, etc.)

        Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s