How do I block ads on YouTube?

blacklisting

#1

Some users have mixed results, but we have found that blacklisting these domains neutralizes YouTube ads:

r4---sn-vgqs7nez.googlevideo.com
r4.sn-vgqs7nez.googlevideo.com
www.youtube-nocookie.com
i1.ytimg.com
r17---sn-vgqsenes.googlevideo.com
r2---sn-vgqs7n7k.googlevideo.com
clients6.google.com
r1---sn-vgqsen7z.googlevideo.com
r1.sn-vgqsen7z.googlevideo.com
r20---sn-vgqs7ne7.googlevideo.com
r20.sn-vgqs7ne7.googlevideo.com

Still seeing youtube ads?
Youtube 10-Second Black Screen
Long delay for a video to start on youtube
New PiHole setup not blocking on clients
Youtube 10-Second Black Screen
YouTube Ads Getting Through
Youtube 10-Second Black Screen
YouTube Ads Getting Through
How do I block Youtube entirely?
Statistic Improvement
Youtube ads are not being blocked
Youtube running fine with ATV and AFTV but not in OSX
Block or minimize hulu and youtube ads with wildcards?
Anfänger hat Probleme
#2

Hi,

youtube-ui.l.google.com crippled YouTube.com
I removed that and all sorted.
I have another YouTube site to block, but not sure it’s already in the standard lists:
s.youtube.com
(it probably is ,but mention it anyway.

Best regards,

Jeroen


#3

s.youtube.com is actually a commonly whitelisted domain, as it seems to be the one that saves videos to your view history!


#4

Thanks! Blocking video ads is kind of like Whack-A-Mole. The domain names often change, so it’s a moving target. We’ll do our best to keep these lists updated, but feedback from the community is very helpful.


#5

Hi,

and thank you for the list. Jeroen1 seems to be right. youtube-ui.l.google.com doesn’t need to be blocked. It cripples Youtube.

And there seems to be another url that is blocked and lowers the user experience: No video that I watched is marked as ‘watched’.

Do you have any clou which url it could be?

Best regards


#6

Thanks. I’ll update the original post.


#7

See above. That’s probably s.youtube.com beeing blocked.
Have you tried to whitelist and check?


#8

Oh, you are right. Sorry i missed that.

Thank you very much :slight_smile:


#9

clients6.google.com

is causing issue for Google Drive.

When I remove it from blacklist, google drive is loading fine.


#10

I had to whitelist clients6.google.com as well — it was causing issues with google chat. That said, this list doesn’t seem to fully block youtube ads. Some ads are blocked, which is indicated by the fact that some videos sit and do nothing for a few seconds before playing. Unfortunately there are still ads that play, and can be skipped with the skip ad button. Has anyone fully blocked youtube ads with Pi Hole?


#11

For youtube ads, essentially, Google has an entire array of domains to point to. Which is why it seems hard to pin down YouTube adblocking for Pihole.

I’ve been testing out and gathering data about the domains for entire GoogleVideo parent domain (seems to be the only connection for all the ad domains). Using wildcards through the dnsmasq.d doesn’t work. Youtube will not playback any video at all. The only way to stop ads from rolling is to blacklist them one by one.

Luckily, it seems that you only need to add this seemingly simple domain structure in the pihole -b domain1 domain2 ... command :

r{N…M}—fingerprint.googlevideo.com
and/or
r{N…M}.fingerprint.googlevideo.com

where N is the beginning and M is the end. (Basically recursively adding the domains.)

Explanation:

Each domain starts with an r followed by a number. This number doesn’t seem to go beyond 20. It is then followed by either three dashes, its unique ID (fingerprint) then .googlevideo.com

e.g. r7---sn-vgqs7ne7.googlevideo.com

Sometimes, the domain doesn’t have the three dashes:

e.g. r7.sn-vgqs7ne7.googlevideo.com

Basically, to block an entire unique ID domain, you have to know the fingerprint of each and every variants (from r1 to r20).

So far I’ve found these fingerprints:

  1. sn-8xgp1vo-xfgk
  2. sn-8xgp1vo-xfge7
  3. sn-p5qlsnll
  4. sn-a5mekner
  5. sn-vgqs7nez
  6. sn-vgqs7n7k
  7. sn-vgqsenes

By knowing this, you are creating a whole entire array of possible ad-serving DNS for youtube. But using this means that you’ll end up having 100s or even 1000s of googlevideo domains.

Edit: This also takes care of ads going to mobile and Chromecast. But knowing the whole entire fingerprint army is another question.

Edit 2: You can help ID the fingerprint army by using Whitelist Assistant by DNSThingy for Chrome, and surf youtube and watch cat videos. If you spot an ad, open the extension and take note of the fingerprint and post it here.


Advanced filtering for wild card blocking
Blacklisting/Whitelisting disallowing links with special characters
#12

Assuming your information is correct, I couldn’t resist the scripting opportunity. Here is what I came up with to generate the list:

# Array of fingerprints
# Add new ones here and the script below will generate the list
fingerprints=(sn-8xgp1vo-xfgk
sn-8xgp1vo-xfge7
sn-p5qlsnll
sn-a5mekner
sn-vgqs7nez
sn-vgqs7n7k
sn-vgqsenes)

# For each fingerpint, 
for ((i = 0; i < "${#fingerprints[@]}"; i++)); do
  # Generate the list based on https://discourse.pi-hole.net/t/how-do-i-block-ads-on-youtube/253/11?u=jacob.salmela
  echo r{1..20}---${fingerprints[$i]}.googlevideo.com
  echo r{1..20}.${fingerprints[$i]}.googlevideo.com
done

You can also continue to use the brace expansion to calculate every fingerprint possibility with something like this:

echo sn-{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}

which will run through every possibility from sn-aaaaaaaa to sn-99999999. I think…

Not sure if dnsmasq could even handle all of those :question:


#13

You can also continue to use the brace expansion to calculate every fingerprint possibility with something like this:

echo sn-{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}
which will run through every possibility from sn-aaaaaaaa to sn-99999999.


Just curious, if we create this whole entire array of domain (which I would assume, be millions), would that mean the RPi would expend more resource to complete tasks (as in querying, running Gravity, displaying the blacklist on the web server)?

Here is my loot for today:

sn-8xgp1vo-xfgd
sn-hp57kn7e
sn-p5qlsnz6
sn-8xgp1vo-xfgr
sn-aigllnze


Quick tip: if you google the fingerprints and click on VirusTotal, you can see WhoIs information, the domain’s expiry date, and most importantly Domain Siblings. If we can compile all those domain siblings all at once, we can possibly crack Youtube Adblocking for Pihole.


#14

Yes.

Very cool. Thanks!

We know from past experience that dnsmasq can handle over a million host entries. Google’s reach is vast, so who knows how many fingerprints they use.

I was thinking about this script last night and if you really wanted to try it, you can put the braced expansion into an array and not have to figure out all of the domains as a community effort.

# Brace expanded array of Google Video fingerprints from sn-aaaaaaaa to sn-99999999
fingerprints=($(echo sn-{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}))
# For each fingerpint, 
for ((i = 0; i < "${#fingerprints[@]}"; i++)); do
  # Generate the list based on https://discourse.pi-hole.net/t/how-do-i-block-ads-on-youtube/253/11?u=jacob.salmela
  echo r{1..20}---${fingerprints[$i]}.googlevideo.com
  echo r{1..20}.${fingerprints[$i]}.googlevideo.com
done

Oh and just a tip, don’t try this on an older Pi model as I was experimenting and it locked up my Pi for a good while. Ctrl+C couldn’t even cancel it :smile:


#15

Few additional observations on my end:

sn- is indeed always the start.
the following signature is either 8 characters long
or the signature is 7 long followed by a - and then either 4 letters or 2 letter and 1 number.

sn-a1b2c3d4
sn-a1b2c3d-abcd
sn-a1b2c4d-ab1

There seems to be no preference to any characters except letter over number due to there being more of them.
From what i can tell there is no realistic way pihole could handle a list containing all these possible entries, so it might not be possible this way unless we can use regular expressions or something in these lists.

But i hope we can get this done, because i really dont like ads! xD


#16
# Brace expanded array of Google Video fingerprints from sn-aaaaaaaa to sn-99999999
fingerprints=($(echo sn-{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}))
# For each fingerpint, 
for ((i = 0; i < "${#fingerprints[@]}"; i++)); do
  # Generate the list based on https://discourse.pi-hole.net/t/how-do-i-block-ads-on-youtube/253/11?u=jacob.salmela
  echo r{1..20}---${fingerprints[$i]}.googlevideo.com
  echo r{1..20}.${fingerprints[$i]}.googlevideo.com
done

@jacob.salmela Can you humor me with this idea:

Create a script to generate the entire array from a more powerful machine (The one from above seems to be a good starting point). Then have a function that pings each of those domains. If the domain gets a response, the script writes that domain in a separate list. If the domain has no response, the script drops that domain.

The idea is to narrow down the list of possible ad-serving domains that actually responds, as opposed to having millions dud domains on the Pi.

After that is filtered out, upload it to the Pi and blacklist.


I want to actually do this but I don’t know how to create shell scripts efficiently. I apologize if I sound so bossy and demanding :disappointed:.


#17

@Excelerate246 We have an implementation for wildcard blocking already available that might make it into the next release:

You could maybe find a simple wildcard routine that can do what you want with one single entry?.. Just thinking aloud.


#18

The PR @DL6ER referenced should address this issue. But it would still be fun to try @Excelerate246’s idea to generate the list and then ping each one to see if it’s alive. It may be inaccurate if they are blocking ICMP though, but I’m sure you could get a good idea. It actually wouldn’t be that difficult. You just need another for or while loop that goes through the array and pings each one (or use the same one), and then use an if else to see if it’s pingable.

Again, might be more trouble than it’s worth since wildcarding may arrive soon, but nonetheless, I’m sure @jacob.salmela would think it is fun to write the script.


#19

Unfortunately the new wildcards don’t seem to work on this, if you wildcard googlevideo.com it simply wont load any video anymore.


Blacklisting/Whitelisting disallowing links with special characters
#20

I’m guessing the googlevideo.com domain is used for the videos themselves, and then the fingerprints subdomains are used for the ads. We might still be able to use the script to get the fingerprints and the wildcard the rest of the subdomains.

This is, of course, assuming @Excelerate246’s findings are true, but I think it’s a step in the right direction.