Removing the Facebook application from your devices does not means you have remove all communication of your devices with Facebook. Other applications that you use and web pages that you visit maybe using the Facebook API, and so, passing data to Facebook. Adding an ad blocker to your browser helps eliminate some of that communication. However, adding and correctly configuring ad blockers in all your devices may not be practical. In some cases, it is hard or impossible to configure and block unwanted API calls (for example in your TV).
One practical alternative is to use a DNS sinkhole in your network and configure it to ignore (or blacklist) the unwanted APIs (in this case the Facebook APIs). An excellent open source DNS sinkhole project is Pi-hole.
I have been running Pi-hole in my home network for several years using an old Raspberry Pi 1 model A from 2012. Initially, I was concerned with the impact on my network, but it turns out that it has a positive impact on my network traffic, by eliminating ads from the network traffic. This machine has 512 MB of ram and runs at 700 MHz, so it is a very minimal machine, but Pi-hole runs perfectly in that hardware.
My installation is very simple, just the Raspberry Pi running Pi-hole and connected to my main router/cable modem. The normal status is for the Raspeberry Pi to be at 112.9F, with Pi-hole using 14% of the available memory as reported by the Pi-hole dashboard. Just for fun, let ssh to the Raspberry Pi and see the memory and CPU specs, as follows:
~$ ssh email@example.com firstname.lastname@example.org's password: Linux MY-DNS-PI-HOLE 4.14.98+ #1200 Tue Feb 12 20:11:02 GMT 2019 armv6l The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Mon Sep 14 21:44:54 2020 from 192.168.0.15 pi@MY-DNS-PI-HOLE:~ $ free --mega total used free shared buff/cache available Mem: 443 46 45 37 351 305 Swap: 102 0 102 pi@MY-DNS-PI-HOLE:~ $ cat /proc/cpuinfo processor : 0 model name : ARMv6-compatible processor rev 7 (v6l) BogoMIPS : 697.95 Features : half thumb fastmult vfp edsp java tls CPU implementer : 0x41 CPU architecture: 7 CPU variant : 0x0 CPU part : 0xb76 CPU revision : 7 Hardware : BCM2835 Revision : 000e pi@MY-DNS-PI-HOLE:~ $ lscpu Architecture: armv6l Byte Order: Little Endian CPU(s): 1 On-line CPU(s) list: 0 Thread(s) per core: 1 Core(s) per socket: 1 Socket(s): 1 Model: 7 Model name: ARMv6-compatible processor rev 7 (v6l) CPU max MHz: 700.0000 CPU min MHz: 700.0000 BogoMIPS: 697.95 Flags: half thumb fastmult vfp edsp java tls pi@MY-DNS-PI-HOLE:~ $ exit logout Connection to 192.168.0.251 closed. ~$
For this project, you need a Raspberry Pi, an Ethernet cable to connect the Raspberry Pi to your main router, an SD card and a power supply for the Raspberry Pi. As I describe before, any old Raspberry Pi with an Ethernet port will work fine. Depending of the Raspberry Pi, you could use a phone charger as the power supply. Just be sure it has the right voltage and enough amperage to drive the Raspberry Pi. Even if you buy all the components, you should be able to do this project for less than 50 dollars.
Installing and configuring Pi-hole
There are several good tutorials on installing Pi-hole, so I will not cover that in here. A search for “pi hole raspberry pi headless install” should give you a good set of tutorials. The Pi-hole page have also installation instructions.
It is important to configure your main router to redirect DNS traffic to your Pi-hole. But, don’t forget any other router that your may have in your house. So, be sure to configure all your routers. In my case, I have two routers and their configuration was different, as follows:
- Main router. LAN Setup => LAN Settings => DNS Override
- Secondary router. Internet => internet setup => Domain Name Server (DNS) Address
You want to be sure your Pi-hole up to date. Once in a while, I logon into the Pi-hole dashboard and check that I’m running the latest version (in the bottom of the main dashboard page will list the current version and if it needs to be update). If the version need to be updated, just exit from the dashboard and logon into the Raskpberry Pi using ssh and run the following command:
By default, Pi-hole block most ads, including several google analytic APIs. However, it does not blocks applications, including Facebook. Therefore, I have specifically blocked Facebook and its APIs.
To block Facebook just login to the Pi-hole dashboard and look at the Query Log section. By default, in the Query Log section you can see the last 100 DNS queries. Each DNS query is listed in green if it was not blocked, and in red if it was blocked. On each query you has the ability to blacklist it or whitelist it by pressing a button.
The easy way to block Facebook is from the Query Log, by looking at any query that includes a Facebook domain and blacklist it.
Alternatively, you can go to the Blacklist section of the dashboard and add the domains to block or a regular expression.
(\.|^)facebook.(com|net)$ that will block any domain ending on
Having a DNS sinkhole at home as a companion to the main router can be done easily and cheap using Pi-hole. In addition to block Facebook, you will be able to block ads and improve the speed of the network
This morning, looking at my Pi-hole dashboard, I noticed in the top blocked domains, www.facebook.com with 262 hits and graph.facebook.com with 218. So, blocking is working. But, I also notice a different trend, our cellular phones are very active at night with a minimum of 56 queries each 10 minutes. For a device that should be just charging, having 336 DNS queries per hour seems excessive. This will merit further research and a potential solution.