Git Product home page Git Product logo

nsablocklist-pi-hole-edition's Introduction

NSABlocklist© project original created under the MIT license 2015 by CHEF-KOCH.

Say Thanks to CHEF-KOCH (the original creator of list)!

Description

This isn't yet another hosts file or DNSBL that claims to secure the web, it's specially designed to stop known NSA / GCHQ / C.I.A. or F.B.I. servers from being connecting to you without permission, of course the IP's also can be used for Bot Revolt or other tools. The list is not designed to block common malware, spyware/ads or anything that is already available on the net via a proper designed hosts for such special case. This hosts or the super ranges lists could block some of your sites/servers you may need, so you'll be warned!

My list is original based on 2007 published Wikileaks documents and includes my CHEF-KOCH's modifications from 2008, 2012, 2014 and 2015.

This fork:

  • Removes most of the documents that aren't blocklists
  • Makes blocklists compatible with pi-hole
  • Adds a blocklist that removes the excessive GOV URLs (since pi-hole blocks at DNS level)
  • Updates README (while giving complete credit and donor link to CHEF-KOCH to continue to his work)

This forked project includes

  • A 'HOSTS (excluding most GOV URLs)' file that includes all Servers/DNS domains that are known to be involved in spying. The confirmation is given within the Research link(s) at the bottom and with my own tests.
  • A 'HOSTS (including excessive GOV URLs)' file that includes all Servers/DNS domains that are known to be involved in spying. The confirmation is given within the Research link(s) at the bottom and with my own tests.
  • An 'LICENSE' File to shows the MIT license.
  • The 'README' (this) file that includes the latest news, updates and explanations,...
  • The 'References.txt' which contains relevant information about spying or additional topics which may related to reveal surveillance.

Any problems, questions or something wrong?

  • Feel free to open an issue ticket and I will look at it asap. - Pull Requests or ideas are always welcome!

Important Notice

  • A true list of compromised IPs would list the entire Internet, then on to the fuller range open mouth blabbering of blogs, email, chat rooms, texting, aided and abetted by the world's telecoms, postal services, and, most reliably, bedroom murmurings.
  • I do not accept donations, I'm not doing this because I want $$money or hype, I'm doing this because I didn't found a proper list on the whole internet and of course I want to share my knowledge for free. I always think that such information should be available for everyone on the world.
  • Please keep in mind that updates/encryption/knowledge is our only weapon against NSA and other agencies, since I not encrypt this list (for what?) the update argument is important so I always search for maintainer to complete the list(s). It's currently not possible to update everything daily or every x hours since there is no tool/software/script which detect such servers automatically - it needs to be checked against domain servers, trace-routes, documents - all by hand!

Do you hate the NSA or other agencies?

  • I do not hate the NSA or other agencies but I really don't like that everyone is automatically under the microscope (mass surveillance) and of course that there is no 'opt-out' or transparency except lies and more lies (and some excuses ...yeah, we are doing this because terrorism, go f$ck yourself with such statements!)
  • Everyone have something to hide, passwords, private data, accounts, other meta-data, [...]

Known problems

  • An HOSTS file is no guarantee that if the NSA is already 'in your system/network' - to protect you - it's just to late.
  • HOSTS files are no guarantee that NSA or any other attacker/organization could simply bypass it via 0day or other vulnerabilities on your system/router.
  • HOSTS files can't protect against attacks directly in hardware, e.g. if the router is already compromised or comes with backdoors this list will be easily bypassed anyway.
  • Due the complex of the entire file I can't explain every single IP/Domain/PTR record. If something was changed, feel free to open a pull request or send me an eMail.
  • The GOSTS file may present an attack vector for malicious software because the file could be modified to redirect the entire traffic e.g. adware/trojans can do this. Ensure that the file was marked as read-only and you're not logged in as administrator.
  • Trace-route analysis especially on IPv4 networks are sometimes outdated (due the mass of requests).
  • Be careful when blocking IP addresses, as IP addresses change frequently and can block people you don't intend to block.
  • NSA and other agencies can spy on traffic directly from supercomputers like infamous Echelon connected directly to some backbone without revealing any IP. This is an common problem, only strong and proper implemented encryption helps.

Utils

Snowden documents compilations

Providers

Videos

Tips directly from nsa.gov

Backbone Providers

  • AT&T
  • ATM S.A.
  • Cable & Wireless
  • Global Crossing
  • Comcast
  • Cox Communications
  • Sprint Nextel
  • Level 3 / Level 2 / Level 1
  • NTT Communications
  • SAVVIS Communications
  • Net By Net Holding LLC
  • Verizon Communications
  • ATM-Telekom
  • IBM
  • ...

VPN providers which are not secure

The following providers know you 'Secret Key' or spying on you.

Keys:

  • Astril / way2stars
  • EarthVPN / earthvpn
  • GFwVPN / gfwvpn
  • GoldenFrog / thisisourkey
  • IBVPN / ibVPNsharedPSK!
  • IPVanish / ipvanish
  • NordVPN / nordvpn
  • PureVPN / 12345678
  • SlickVPN / gogoVPN
  • TorGuard / torguard
  • TigerVPN / tigerVPN
  • UnblockVPN / xunblock4me
  • VPNReactor / VPNReactor

Spying:
HotSpotShield

Research:

Recommendation from Cauchon:

Other services providers + social media platforms

  • Facebook
  • PushTalk / PalTalk
  • MySpace
  • Google Inc. alias Alphabet
  • Amazon
  • Microsoft
  • Apple
  • Wikipedia, well it's for all
  • Automattic, Inc
  • LLC
  • Yahoo
  • Twitter (FBI records)
  • ....

Spying systems

Spying programs

  • Traceroute "Packaged Goods" / "Treasure Map"
  • VOIP: Hammerchant
  • WEALTHYCLUSTER
  • APEX
  • COMSAT
  • IRRITANT HORN (hijack's Google Play Store contained apps)
  • HACIENDA
  • ....

Passwords

Thanks goes to everyone which are fighting for www. security! Give spying no chance!

nsablocklist-pi-hole-edition's People

Contributors

cauchon avatar florenthemmi avatar gnmmarechal avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.