179
If Start menu ads in Windows 11 aren't bad enough, something worse might be on the horizon
(www.xda-developers.com)
This is a most excellent place for technology news and articles.
If I implement my service to use the same underlying IP address for the primary service/critical access that I use for advertising services (e.g., I put a load balancer and have Windows Advertising integrated with Windows Update via the same IP addresses), you can't block the IP without breaking Windows Update.
That's worse for other ingrained systems, e.g., a news app that actually has to send you content could do this instead of using separate IPs for the advertising service, and then if you want to use their service you have to accept the advertising packets.
If you're relying on DNS for your blocking as well, it's entirely possible to distribute the IP address information without ever involving DNS by syncing up the appropriate IPs out of band on some built in IP addresses hard coded in the binary (plenty of things do this sort of thing already for security purposes, they want to minimize the risk of a local DHCP server handing out some garbage DNS record and sending you a virus via their update mechanism).
I could go on.
Don't be a dick; especially if you don't know what you're talking about. Thanks.
DNS based blocking only works for regular DNS requests.
At this point, any app that wanted to bypass that could use DoH/DoT+ECH to completely bypass your DNS and thus the blocking it provides. With these tools, all you'd see is an outgoing TLS connection to a remote IP; all other data is encrypted.
DNS based ad blockers (I run one, it’s great, highly recommend) can’t block something if the address is both legit and also serves ads. For instance, if MS used the same domain name for updates and windows key validation as it does for ads, you’d quickly run into an issue. Especially if (please don’t read this MS), they required validation on every boot, then replied with a payload combination of a the ads and a “yea you’re legit and can boot”.
Also, MS could easily (and has) coded some processes to not lookup DNS addresses in things like LMHOSTS or HOSTS, they could just as easily bypass DNS itself. They certainly have plenty of public IPs they could have a process submit to the network stack.