A guide to block
Facebook, Twitter, and TikTok
from your Linux machine



Facebook (now Meta) has eyes everywhere on the Internet. It spies on everyone, sells data to advertisers and governments violating your privacy and basic civil freedoms and rights.

It does not only spy on you if you have an account. It also spies on you through irrelevant sites by planting cookies to your machine through several mechanisms. Even simple buttons on a news site send data to Facebook.

Facebook knows you *better* than your friends and family.

With the following guide you completely block Facebook from accessing your machine. Both IN and OUT traffic to/from Facebook is blocked.

Of course it does not help if your friends give information to Facebook about you. But in any case it is better than nothing.

Quick setup


1. Install whois (Ubuntu: sudo apt-get install whois   ArchLinux: pacman -S whois), and (similarly) awk

2. Copy this script blockfacebook and allowfacebook as root in /usr/local/bin and make sure it is executable

sudo cp blockfacebook /usr/local/bin/
sudo cp allowfacebook /usr/local/bin/
sudo chmod +x /usr/local/bin/blockfacebook
sudo chmod +x /usr/local/bin/allowfacebook

3. Copy blockfacebook.service in /etc/systemd/system/ and make it executable

sudo cp blockfacebook.service /etc/systemd/system/ 
chmod +x  /etc/systemd/system/blockfacebook.service

4. Copy blockfacebookrestart in /etc/cron.daily/ and make it executable

sudo cp blockfacebookrestart /etc/cron.daily/
chmod +x /etc/cron.daily/blockfacebookrestart

5. Enable and start the service

sudo systemctl enable blockfacebook
sudo systemctl start blockfacebook

If you want for some reason to unblock temporarily the access to Facebook then execute
sudo /usr/local/bin/allowfacebook

See below for Twitter and TikTok.

Explanations

Facebook and all big companies use a lot of addresses and IPs. So how do you find them in order to block them? Each company has an AS number. All IPs are bind to the same AS number. This number for Facebook is AS32934. So if you get the AS number you can now find all the IPs assigned to the company and then block them with standard firewall tools.

Assume you want to block Facebook. First get an IP in their block:
nslookup www.facebook.com

This will return at least one IP. For example, among other things, I got:
Address: 31.13.84.36

Now we find the AS number that this IP belongs to:
whois -h whois.radb.net 31.13.84.36

Among other things we read:
origin:     AS32934

Now we got the AS number of this company.

The script blockfacebook given above has just two lines that it executes and these are:

/usr/bin/whois -h "whois.radb.net" -- '-i origin AS32934' | grep -E "^route:" | awk '{print $NF}' | sed -r 's/(.*)/iptables -I OUTPUT -d \1 -j REJECT/' | source /dev/stdin

and for IP6

/usr/bin/whois -h "whois.radb.net" -- '-i origin AS32934' | grep -E "^route6:" | awk '{print $NF}' | sed -r 's/(.*)/ip6tables -I OUTPUT -d \1 -j REJECT/' | source /dev/stdin

The whois command asks whois.radb.net to get all IPs assigned to origin AS32934; i.e., all Facebook IPs. Then the grep command filters out only the lines that contain the IPs and the awk command filters just the IPs. For each of them sed prepares a firewall iptables command to block traffic to that IP. The last source command executes them one by one.

The script allowfacebook does the opposite and disables the block.

Then we have two more files, the blockfacebook.service and the blockfacebookrestart for the cron service. The first one guarantees that the blocking script will be executed every time you reboot. The cron script placed in /etc/cron.daily/ guarantees that the blocking script is executed at least once per day to catch IPs that Facebook may have added to it's IP-block during the day.


How to block TikTok

TikTok has now trackers in many many sites. This is reason to block it as well. Edit the blockfacebook script, and create inside it a copy of its main command changing the Facebook AS number to TikTok's AS number which is AS138699.

How to block Twitter

Same goes for Twitter. It's AS number is: AS13414.


This does not work for all companies.


Small companies do not have their own AS number necessarily. Many rent IP blocks from larger companies, so if you block all the IPs associated with the AS number you will block more than the target company. But Facebook and other large companies have their own AS number. So their strength becomes their Achilles' heel and it is turned against them with the above method.

So if you want to block a small company first check that they own the AS number. You can check this from the output of
whois -h whois.radb.net IP-number
as above.




A. Tsolomitis
Created Dec 6, 2022.