How do I block ads on YouTube?

Update 2020-10-24

It's not likely that you'll be able to block in-video ads with Pi-hole. For that, you'll need something like uBlock origin for desktop, or vanced for android (Now defunct), or pay for premium

This thread has been closed as there is not much more discussion to be had around the topic.

Update 2018-11-14

User's have had good success here:

I'm updating this top-level post as of 2018-10-16 since a lot of people land here.

Blocking ads on YouTube is hit or miss with Pi-hole. The reason for this is because ads are typically served from the same domain as the video is.

Many users see unique domains in the logs such as r4---sn-vgqs7nez.googlevideo.com and have had some success in blocking these, but there are so many and it's different for different people, so it's not foolproof.

Also, within this thread, you'll find lots of scripts and regexs, which may or may not work for you. Feel free to explore and report your findings on this thread.

Bottom line: blocking YouTube ads is a moving target, and you'll probably have the best luck crafting a complex regex to add to your blocklist.

Hi,

youtube-ui.l.google.com crippled YouTube.com...
I removed that and all sorted.
I have another YouTube site to block, but not sure it's already in the standard lists:
s.youtube.com
(it probably is ,but mention it anyway.

Best regards,

Jeroen

s.youtube.com is actually a commonly whitelisted domain, as it seems to be the one that saves videos to your view history!

Thanks! Blocking video ads is kind of like Whack-A-Mole. The domain names often change, so it's a moving target. We'll do our best to keep these lists updated, but feedback from the community is very helpful.

Hi,

and thank you for the list. Jeroen1 seems to be right. youtube-ui.l.google.com doesn't need to be blocked. It cripples Youtube.

And there seems to be another url that is blocked and lowers the user experience: No video that I watched is marked as 'watched'.

Do you have any clou which url it could be?

Best regards

Thanks. I'll update the original post.

See above. That's probably s.youtube.com beeing blocked.
Have you tried to whitelist and check?

Oh, you are right. Sorry i missed that.

Thank you very much

clients6.google.com

is causing issue for Google Drive.

When I remove it from blacklist, google drive is loading fine.

I had to whitelist clients6.google.com as well --- it was causing issues with google chat. That said, this list doesn't seem to fully block youtube ads. Some ads are blocked, which is indicated by the fact that some videos sit and do nothing for a few seconds before playing. Unfortunately there are still ads that play, and can be skipped with the skip ad button. Has anyone fully blocked youtube ads with Pi Hole?

For youtube ads, essentially, Google has an entire array of domains to point to. Which is why it seems hard to pin down YouTube adblocking for Pihole.

I've been testing out and gathering data about the domains for entire GoogleVideo parent domain (seems to be the only connection for all the ad domains). Using wildcards through the dnsmasq.d doesn't work. Youtube will not playback any video at all. The only way to stop ads from rolling is to blacklist them one by one.

Luckily, it seems that you only need to add this seemingly simple domain structure in the pihole -b domain1 domain2 ... command :

r{N..M}---fingerprint.googlevideo.com
and/or
r{N..M}.fingerprint.googlevideo.com

where N is the beginning and M is the end. (Basically recursively adding the domains.)

Explanation:

Each domain starts with an r followed by a number. This number doesn't seem to go beyond 20. It is then followed by either three dashes, its unique ID (fingerprint) then .googlevideo.com

e.g. r7---sn-vgqs7ne7.googlevideo.com

Sometimes, the domain doesn't have the three dashes:

e.g. r7.sn-vgqs7ne7.googlevideo.com

Basically, to block an entire unique ID domain, you have to know the fingerprint of each and every variants (from r1 to r20).

So far I've found these fingerprints:

1. sn-8xgp1vo-xfgk
2. sn-8xgp1vo-xfge7
3. sn-p5qlsnll
4. sn-a5mekner
5. sn-vgqs7nez
6. sn-vgqs7n7k
7. sn-vgqsenes

By knowing this, you are creating a whole entire array of possible ad-serving DNS for youtube. But using this means that you'll end up having 100s or even 1000s of googlevideo domains.

Edit: This also takes care of ads going to mobile and Chromecast. But knowing the whole entire fingerprint army is another question.

Edit 2: You can help ID the fingerprint army by using Whitelist Assistant by DNSThingy for Chrome, and surf youtube and watch cat videos. If you spot an ad, open the extension and take note of the fingerprint and post it here.

Assuming your information is correct, I couldn't resist the scripting opportunity. Here is what I came up with to generate the list:

# Array of fingerprints
# Add new ones here and the script below will generate the list
fingerprints=(sn-8xgp1vo-xfgk
sn-8xgp1vo-xfge7
sn-p5qlsnll
sn-a5mekner
sn-vgqs7nez
sn-vgqs7n7k
sn-vgqsenes)

# For each fingerpint, 
for ((i = 0; i < "${#fingerprints[@]}"; i++)); do
  # Generate the list based on https://discourse.pi-hole.net/t/how-do-i-block-ads-on-youtube/253/11?u=jacob.salmela
  echo r{1..20}---${fingerprints[$i]}.googlevideo.com
  echo r{1..20}.${fingerprints[$i]}.googlevideo.com
done

You can also continue to use the brace expansion to calculate every fingerprint possibility with something like this:

echo sn-{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}

which will run through every possibility from sn-aaaaaaaa to sn-99999999. I think...

Not sure if dnsmasq could even handle all of those ...

You can also continue to use the brace expansion to calculate every fingerprint possibility with something like this:

echo sn-{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}
which will run through every possibility from sn-aaaaaaaa to sn-99999999.

Just curious, if we create this whole entire array of domain (which I would assume, be millions), would that mean the RPi would expend more resource to complete tasks (as in querying, running Gravity, displaying the blacklist on the web server)?

Here is my loot for today:

sn-8xgp1vo-xfgd
sn-hp57kn7e
sn-p5qlsnz6
sn-8xgp1vo-xfgr
sn-aigllnze

Quick tip: if you google the fingerprints and click on VirusTotal, you can see WhoIs information, the domain's expiry date, and most importantly Domain Siblings. If we can compile all those domain siblings all at once, we can possibly crack Youtube Adblocking for Pihole.

Yes.

Very cool. Thanks!

We know from past experience that dnsmasq can handle over a million host entries. Google's reach is vast, so who knows how many fingerprints they use.

I was thinking about this script last night and if you really wanted to try it, you can put the braced expansion into an array and not have to figure out all of the domains as a community effort.

# Brace expanded array of Google Video fingerprints from sn-aaaaaaaa to sn-99999999
fingerprints=($(echo sn-{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}))
# For each fingerpint, 
for ((i = 0; i < "${#fingerprints[@]}"; i++)); do
  # Generate the list based on https://discourse.pi-hole.net/t/how-do-i-block-ads-on-youtube/253/11?u=jacob.salmela
  echo r{1..20}---${fingerprints[$i]}.googlevideo.com
  echo r{1..20}.${fingerprints[$i]}.googlevideo.com
done

Oh and just a tip, don't try this on an older Pi model as I was experimenting and it locked up my Pi for a good while. Ctrl+C couldn't even cancel it

Few additional observations on my end:

sn- is indeed always the start.
the following signature is either 8 characters long
or the signature is 7 long followed by a - and then either 4 letters or 2 letter and 1 number.

sn-a1b2c3d4
sn-a1b2c3d-abcd
sn-a1b2c4d-ab1

There seems to be no preference to any characters except letter over number due to there being more of them.
From what i can tell there is no realistic way pihole could handle a list containing all these possible entries, so it might not be possible this way unless we can use regular expressions or something in these lists.

But i hope we can get this done, because i really dont like ads! xD

# Brace expanded array of Google Video fingerprints from sn-aaaaaaaa to sn-99999999
fingerprints=($(echo sn-{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}{{a..z},{0..9}}))
# For each fingerpint, 
for ((i = 0; i < "${#fingerprints[@]}"; i++)); do
  # Generate the list based on https://discourse.pi-hole.net/t/how-do-i-block-ads-on-youtube/253/11?u=jacob.salmela
  echo r{1..20}---${fingerprints[$i]}.googlevideo.com
  echo r{1..20}.${fingerprints[$i]}.googlevideo.com
done

@jacob.salmela Can you humor me with this idea:

Create a script to generate the entire array from a more powerful machine (The one from above seems to be a good starting point). Then have a function that pings each of those domains. If the domain gets a response, the script writes that domain in a separate list. If the domain has no response, the script drops that domain.

The idea is to narrow down the list of possible ad-serving domains that actually responds, as opposed to having millions dud domains on the Pi.

After that is filtered out, upload it to the Pi and blacklist.

I want to actually do this but I don't know how to create shell scripts efficiently. I apologize if I sound so bossy and demanding .

@Excelerate246 We have an implementation for wildcard blocking already available that might make it into the next release:

You could maybe find a simple wildcard routine that can do what you want with one single entry?... Just thinking aloud.

The PR @DL6ER referenced should address this issue. But it would still be fun to try @Excelerate246's idea to generate the list and then ping each one to see if it's alive. It may be inaccurate if they are blocking ICMP though, but I'm sure you could get a good idea. It actually wouldn't be that difficult. You just need another for or while loop that goes through the array and pings each one (or use the same one), and then use an if else to see if it's pingable.

Again, might be more trouble than it's worth since wildcarding may arrive soon, but nonetheless, I'm sure @jacob.salmela would think it is fun to write the script.

Unfortunately the new wildcards don't seem to work on this, if you wildcard googlevideo.com it simply wont load any video anymore.

I'm guessing the googlevideo.com domain is used for the videos themselves, and then the fingerprints subdomains are used for the ads. We might still be able to use the script to get the fingerprints and the wildcard the rest of the subdomains.

This is, of course, assuming @Excelerate246's findings are true, but I think it's a step in the right direction.