Summary
The Human Side of Cyber Defense
The Defenders Log recently hosted Peter Lowe, the curator of one of the internet’s longest-running blocklists. Host David Redekop and Lowe explored the intersection of language, human behavior, and digital privacy.
The Art of the Blocklist
For 28 years, Peter Lowe has maintained a human-curated list of over 3,400 domains used for ads and tracking. What started as a teenager’s experiment with DNS servers in 1997 has evolved into a global security pillar, now integrated into tools like uBlock Origin.
Key Takeaways:
- The Power of DNS: Lowe highlighted how DNS-based blocking (null-routing domains like
doubleclick.net) remains a potent tool for privacy. - Philosophy over Profit: Unlike mega-corporations, Lowe’s work is driven by a policy of blocking domains primarily used for tracking, even under legal or social pressure from “ethical” ad companies.
- The “Human” Element: The duo discussed how language and culture inform our digital habits—noting that even an AI might struggle to replicate the specific failure of a human trying (and failing) to mimic a foreign accent.
Privacy in a Post-Privacy World
The conversation took a serious turn regarding Facebook’s “Shadow Profiles.” Redekop noted that even non-users are tracked via the Facebook pixel (connect.facebook.net), emphasizing that “free” services often come at the cost of deep personal telemetry.
Looking Ahead
Lowe remains optimistic, comparing the current state of AI maturity to the early days of the internet. Both experts agreed that the future of digital safety relies on a “hybrid” model: robust technological blocks (like allow-listing) paired with strong human relationships and education.
Full episode of The Defender’s Log here:
TL;DR
- 28 Years of Privacy: Peter Lowe has curated his famous ad/tracker blocklist since 1997, now serving 60M+ requests daily through tools like uBlock Origin.
- The Microsoft Push: Critique of Windows 11 for removing workarounds that allowed users to bypass online accounts in favor of local accounts.
- Shadow Tracking: Discussion on how
connect.facebook.netbuilds data profiles on people who don’t even use Facebook via site-embedded pixels. - Blocking Ethics: Lowe only blocks domains primarily used for tracking. If a domain has legitimate utility (like certain URL shorteners), he keeps it off the list to avoid “breaking the internet.”
- Tech & Language: Insights into how accents and linguistics shape identity, suggesting that human “failure” at accents could become a way to distinguish people from AI.
- Resilience: Despite 27 years of legal threats and hate mail from ad companies, Lowe remains committed to a human-curated, open-source approach to security.
Links
View it on YouTube: https://www.youtube.com/watch?v=1MplgH8URh4
Listen to the episode on your favourite podcast platform:
Spotify
https://open.spotify.com/episode/5iudDsFEWah3oGFhgK0lrh
ADAMnetworks
https://adamnet.works
The Defender’s Log Full Transcript -Episode 013
Host (David Redekop): Windows 11. They’ve disabled the tricks that people used to use for getting around having a local account. I can understand from Microsoft’s point of view that they would want to do that, right?
Guest (Peter Lowe): Ah, I get why they’re doing it. It’s just I don’t like it.
David Redekop: It is so annoying. The only difference I see from the full version to the light version is that a manifest version 3 has forced developers to not have the extension auto update its own lists.
Peter Lowe: It is scary. I think it is really scary.
David Redekop: My policy is that any domain which is primarily being used for ads or trackers goes on the list.
Narrator: Deep in the digital shadows, where threats hide behind any random bite, a fearless crew of cyber security warriors guards the line between chaos and order. Their epic battles rarely spoken of until today. Welcome to the Defenders Log, where we crack open the secrets of top security chiefs, CISOs, and architects who faced the abyss and won. Here’s your host, David Redekop.
David Redekop: Well, hello and welcome back to yet another episode of the Defenders log. And I have my friend, if I can call him friend, I feel like a friend to Peter Lowe. Peter, welcome.
Peter Lowe: And thank you, David. It’s good to be Thank you for inviting me on. I’m I’m honored to be on a podcast that has had such distinguished guests as Dr. Paul Mocha. I I mean that was absolutely I’m very jealous that you you got to chat to him.
David Redekop: He’s quite the jam, isn’t he? He’s I just love it when people that make a difference are still real humans and you can still connect with them. And uh man, you’ve got your own claim to fame with what you’ve done. But you know, when we started this call, I was going to say Peter, but but I I kind of heard my son saying, “Dad, don’t try the British accent. It doesn’t work.”
Peter Lowe: Yeah.
David Redekop: Tell me on on a scale of on a scale of 1 to 10, how did I do?
Peter Lowe: I’m not I don’t think I should I don’t want to hurt your feelings, David. I’m sorry.
David Redekop: Look, I am not hurtable.
Peter Lowe: I’m not really awful.
David Redekop: That was awful.
Peter Lowe: I agree with your son wholeheartedly. Don’t Don’t try and do it.
David Redekop: Fair enough.
Peter Lowe: Yeah. To be fair, I can’t do a Canadian accent. I I uh I end up doing a kind of like um Texas South Texas.
David Redekop: Yeah. American. Are we really that distinguished from Texan?
Peter Lowe: Um I guess that’s a bit of a more of a draw in in Texas. And it’s a Yeah. Any thing. It’s not a thing.
David Redekop: Yeah. But on the accent front, when we first immigrated to Canada, it was 1986 and I was like 15 years of age.
Peter Lowe: Okay.
David Redekop: And in my previous languages were already somewhat diverse in terms of tongue muscle movement, you know, lateral movement, vertical movement. I’m not even sure how you say that in linguistics
Peter Lowe: that I Yes. The dexterity. Thank you.
David Redekop: I felt like coming to Canada at that age was the perfect age.
Peter Lowe: Yeah.
David Redekop: To learn a new language and adapt to a local accent. And my proof is in that I come from a family of seven and I’m the middle of seven.
Peter Lowe: Wow. Okay.
David Redekop: So, my older siblings all retained a distinguished accent. So, when they speak English, they are competent, but they get asked, “Where are you from?” from me on down, my siblings, we are never asked where you’re from.
David Redekop: So, but it wasn’t but it wasn’t it’s not universal. Like if you come from a an an Asian country and you learn to speak English, it doesn’t happen at the same age. You need to be younger in order for it to be completely neutral.
David Redekop: Yeah. Likewise from pure German. So my background was low German, high German, Spanish. So the mix of three already gave me enough of the dexterity to be able to adapt Canadian English.
Peter Lowe: That’s fascinating.
David Redekop: Now I’m older older than 15 and the British part hasn’t I have not succeeded at. So
Peter Lowe: I wonder there’s probably some sort of developmental thing of reason for that. Like your your brain is still plastic enough and you I don’t know. But is that the whole thing with like I think some people are naturally better like you know that there’s a gene that defines whether you can roll your tongue or not.
David Redekop: Yes.
Peter Lowe: It’s one of the things that we learned in biology, one of the few things I remember from biology at school, which is a is an actual gene for that. My my claim to fame as far as pronunciations in different languages go is in so I lived in in Prague for a long time, right?
David Redekop: Right.
Peter Lowe: Moved down when I was 17 and I lived there for for 10 years. And they have very interesting set of noises that they make that I shouldn’t say my Czech friends out there. But there’s one in particular which is there’s a little hat that they put on like a a V that they put on letters and usually it makes the letter soft. So it takes a a C goes to a CH and an S sounds like a sh and Z is but on top of an R it’s it’s called a hard check by the way. Um it goes to which is like rolling an R and saying D and Z at the same time. And most people cannot say it at all. And it’s S. I’m quite proud that I can actually pronounce that that letter, right?
David Redekop: Yeah. What does all what does all this have to do with being on defenders log?
Peter Lowe: Oh, yeah. No, probably.
David Redekop: But but no, seriously, like I I think about these things all of the time that if someone were to impersonate me or you because you and I both have enough public audio feeds that can be used to very quickly emulate our voices.
David Redekop: What someone would have to do is get us to speak in another accent that we would fail at because it would probably be very difficult for an AI version of you and I to fail. Like you would have to prove yourself to try to speak Canadian English and your failure would not be AI emulatable.
Peter Lowe: That’s a really interesting point. Now I’m wondering whether whether the the checks check texttospech models are able to pronounce the now.
David Redekop: Yeah. Right. Right. One of our engineers is Czech and he’s and I remember it being so important to me to speak and pronounce his name properly that I’d practice it. Well, in his last name in in Canadian English is Trabiki. I said, “Well, how would you say it in Czech?” And so, I had to practice it. It’s Traitzky.
Peter Lowe: Yeah.
David Redekop: And uh and and he tells me he’s impressed. Maybe I scored better than a three out of 10 on that one. I I hope so.
Peter Lowe: I think it comes down to the tongue dexterity again. If you can put roll your eyes a little bit and Yeah. Yeah. Yeah.
David Redekop: Well, you know, getting names right is is important. I remember going through a Dale Carnegie training course years ago, multiple times actually. And one of the things that I remember there is that the sound of your own name is actually the sweetest sound to your own ears.
Peter Lowe: Really?
David Redekop: So when people get it right, it actually makes a relational an emotional difference in how you connect with that other person.
Peter Lowe: That’s fascinating.
David Redekop: So when we don’t pay attention to someone’s name, it actually sends a subconscious message that this person doesn’t care about me, right? And so I’ve always felt even before I understood that, I felt an intuitive need to speak the names, right? which makes me all the more concerned about people who have difficult to learn names.
Peter Lowe: Yeah.
David Redekop: And it makes me want to appeal to parents that, you know, make sure that you get do your kids a favor with the name you give them, please.
Peter Lowe: Yeah. I I I know what you mean. I had a guy at school who So, at my school, it was a um I guess if you call it private school, it would be in in in Yes. Canada, a public school here. It was quite an old place. in anyway the boarding school and the second year um we have you get told to look after the first years and the guy that the boy that I had been assigned to look after his name if you’re out there his name was John Joseph Julian Jackson
Peter Lowe: and yeah and sorry to name check it but it was very long time ago so I don’t know what he’s up to now but I do wonder about what his parents were thinking when they called him that like it just I don’t know I mean obviously going to probably cause him issues at some point in life that
David Redekop: JJ
Peter Lowe: I mean it was Shakespeare that introduced the concept of alliteration and there is something to that like it makes it memorable right if you ask me a year from now I might remember that um you know John Jillian Jackson well at least at least the fact that it was an eliterative name I might remember that poor
Peter Lowe: James say just talking about languages I know this is we’re not too much to do with cyber security. Yeah, very much a warm up. A long time ago when when goo Google translate came out, I wrote a little program called Babelfish and it was all it did was really simple thing and it just fed one translation into Google Translate and there were two options. You could have it do 10 cycles to one language and back to so to English to Chinese and back like 10 times
Peter Lowe: or you could have it cycle through lots of different languages and have it see what came out the other end. But it was really interesting to do the single language thing multiple times because you often got a flavor for the the language itself by what happened. So the the test sort of sentence was it’s all Scott’s fault really because it all came about because we were chatting with someone called Scott who had this idea of oh wonder what happens if you just you know you get rubbish out of Google Translate when translation wasn’t very good.
Peter Lowe: still not perfect, but you know, and so when you put in it’s all Scots fault anyway, if you did it into like German or something, it would be like it’s Scots fault. It was sort of very direct and to the point. French or Italian was like more flowery like it is the fault of Scots perhaps. And then in like Chinese it was or or some of the Asian languages, it was very almost flowery like it could be considered to be the fault of Scots in some under some circumstances.
Peter Lowe: It’s really fascinating and I think it kind of gave you an idea about what the the cultures are like just from the language. So I think that kind of informs how people think.
David Redekop: Yeah. Not not only that but the in English we don’t have this notion of articulation of male or female to an object whereas that is existent in many other languages. And so one of the things that I always look at is to say okay between German and Spanish what’s the difference? And the simple example I like to use is the moon. In Spanish it’s la luna, right?
Peter Lowe: Right.
David Redekop: But in German it is demon. So in German it’s male. In Spanish it’s female.
Peter Lowe: Wow.
David Redekop: The sun is reverse which which is a male. The sun is a male in Spanish but in German it’s don. So it’s a female. And so the way we articulate male female gender to objects in different languages also informs you of the culture in that language, right? And so that’s why in in French and and Spanish, you have certain romanticized elements of nature that are not at all romantic in German.
Peter Lowe: That is fascinating. I did not know that, David. Thank you.
David Redekop: Well, now now now we’re almost at the point where we have to rename the podcast to the language offender log or something like that. But uh anyway, Peter, you’re the first guest that I have on the podcast where I’m just like I got to get on someone that I have no script for. I have no pre-prepared questions. It just needs to flow naturally and see what happens. We don’t even talk about cyber defense.
David Redekop: But I do want to mention I want to start out now on that front. I just looked at your block list this morning as a refresh. So for those that don’t know Peter, Peter has been maintaining a very valuable block list for 27 years and at the moment it has 3,495 domain names as of this morning. and he gets a lot of love and he gets a lot of hate.
David Redekop: So, so you’re looking at a guy here who’s got pretty thick skin and yet you can see just by the kind of character he is. Actually, the way it works out for people to actually see who Peter is is probably a good thing because I I’m not the first one to let the world know here’s a guy who did good things, but those good things for people upset a lot of people.
David Redekop: I don’t want to focus on the upsetness a lot today, but rather on I’m wondering if you have a bit of a story to tell on how this whole thing started. Like 27 years ago, what were you doing that made you feel like you had to start a blog list?
Peter Lowe: Well, I was 27. It was 28 actually, I should say. 1997.
David Redekop: That’s right. We don’t know the calendar year change.
Peter Lowe: 1997. So is when it when I I first kind of put my list on the internet and I was just like I think I was 17 or something like that at the time and lots of things happened. I was learning about the internet. Um and I feel actually roughly about that point is how I feel about AI now in that I think that AI is about roughly around the same point in its sort of maturity and that is this big thing that has exploded and it’s going to change change human life on earth and it has still has a long way to go
Peter Lowe: but at the time the internet was that thing and I in those few years I just I just remember just learning so much and being fascinating and fell in love with the internet completely. Anyway, so I’d learned about DNS and running name servers and how that all worked and I realized that I’d set up my own local DNS server and configured it to be, you know, registered my first dom uh domain, which by the way I’ve lost completely.
Peter Lowe: I made the rookie mistake of yeah cuz you know you needed two two name servers to assign it to and I made the I was like I was desperate to get this domain and I didn’t have a second name server so I assigned another IP address to the same name server and used the same one name server to be authoritative for the domain and then I lost access to that name server so I I could not get it back and and internet I think at the time was just wouldn’t let me do anything
Peter Lowe: and so I and and stupidly I I used this the admin at or or hostmaster at that domain. So, I couldn’t even I’ lost access to the MX records, everything, and there was no way to to prove that I owned it. Anyway, never make that mistake again. You know, I was 17, so I think it’s it’s forgivable. Anyway,
David Redekop: is that a domain name that you want to share? What was that? Or is that never.org,
Peter Lowe: and I had a few little pages up on there and it was kind of a cool domain. I tried to get access to it from the internet archive, but then someone bought it and they put up a robots text which said that um agent star disallow everything. So it got swiped from the the internet archive sadly.
David Redekop: Yeah.
Peter Lowe: Anyway, but yes, I’d run my own name server and I’ I’d understood about how authoritative domains and and wild cards and all sorts and I realized that if I set my local name server, which I was using for resolutions as the master for like doubleclick.net, right, then I could any request from my my machine to doubleclick.net would be effectively um dev nullled.
Peter Lowe: Um, so yeah, and I was I thought I was very clever and I thought that was great. So every time I was on a web page that I saw some ads, I would look up where the ads were being hosted and I would add that zone as my to as a to the configuration of my local bind. And and then eventually I put it up on the internet. I thought, well, maybe some other people would use this. And yeah, that’s the that’s the story. There’s about 200 or so domains on it at the time and and it was good.
Peter Lowe: And then I found other people doing the same thing and host list was the most common trick which was the same thing and I felt also very clever because my method you don’t have to maintain a host’s file of individual subdomains right and yeah
David Redekop: so that’s you just point any other device to the same DNS server they immediately get the same benefit.
Peter Lowe: Yeah.
David Redekop: And and how did you choose to respond? What was the DNS answer at the time? Did you do 127.0? 0.1 or NX domain or
Peter Lowe: yeah so throughout over time I’ve tried all sorts of different things you can do NX domains you can do zero like a an invalid IPs you could do local host you can have like a central server which I I at one point set up a machine to like to be able to see the visibility for what your machine is trying to do what your browser is trying to do what other devices trying to do is really interesting
Peter Lowe: um and the different log files you get out of it so you can look at your name server resolution log like what’s it what’s it failing at. You can do a web proxy and actually look at the inspected traffic that’s going through. So I tried all sorts of different things. There was some different issues at the time like I remember trying 0.0.0.0 and Windows the Windows TCP stack didn’t like that and it would hang for a long time.
David Redekop: Uh-huh.
Peter Lowe: It I mean I think it’s not not the case. That obviously must be solved by now because that is Cloudflare’s default is 0000
David Redekop: because this was obviously started before the standardization of ED the extended DNS errors which we’re in the middle of like we have deployed ED on our software. Quad9 is in the process of rolling it out but Cloudflare doesn’t do it. Open DNS doesn’t do it the last time I checked. And so we’re in the middle of this. It’s amazing. 27 years later, the actual method of blocking is still not finally standardized where everybody does the same thing.
David Redekop: So, so from our point of view, it’s just like, okay, but it’s so important to gather that telemetry.
Peter Lowe: Yeah.
David Redekop: because it’s nice to be able to have this kind of protection of having a block list and not resolving a domain name, but at some point someone’s going to say, well, what have we actually been blocking or someone who’s offering as a service needs to be able to, you know, show how often it’s been done. And so, it’s pretty interesting that after all these years, we’re still working on it.
Peter Lowe: It’s what it’s one of the frustrating things about DNS is that because it’s one of those things that kind of just works in the background. It doesn’t have a high visibility that and because it’s sort of almost difficult to justify the expense of of deploying new but useful technologies or additions or you know extensions to it that often it just kind of gets left behind
Peter Lowe: and it’s things like ED are like would be amazingly useful to the tech community behind it but you know it does is it worth the money so it’s hard to convince people to spend money on it you know it’s hard to go as a network admin to go to his boss or their boss, our boss, sorry, and say, “Hey, can we can we, you know, spend a couple of months deploying this and testing it?” And uh it’d be really useful. And they’ll say, “Well, what’s the ROI?” And it’s it’s zero because, you know,
Peter Lowe: and um yeah, it’s frustrating. I think there’s a few things like that. What was it the other day? Sorry.
David Redekop: No, no. I was just going to say that we wrestled with this a lot. And where we ended up was, well, we’re going to do all of the sinkholing in a distributed fashion, right? Because we’re strong proponents of distributed everything that you can be distributed. We think that the future of freedom like literally getting political and philosophical that we stand the best chance of long-term liberty by having it be as distributed as possible.
David Redekop: So we want to always encourage in that direction. So that included the synholding part. So the way we do distributed synholding is that it resolves to your gateway and your gateway listens on port 80 so that it can display a one by one transparent pixel GIF if in case you’re trying to reach out to a destination that just tries to pull down a GIF. Well, why not just put a transparent pixel there instead of you know this the having the browser say cannot connect.
David Redekop: And yet when it’s an HTTPS connection attempt, then it gets a reset packet which then triggers our extension to show the block page. So as far as I know, we’re the only ones who chose that path, but it works so well that I’m like, why isn’t that the standard everywhere?
Peter Lowe: Yeah. Well, I think it’s again at the expense. It’s a very neat solution. I have to say it it’s a very nice way of doing it because the the HTTPS thing is the is the problem. usually with that. But then browsers like if if Eddie was deployed properly and globally then browsers could start to understand that that response and we could we could do having to have an extension to you know to trigger that.
Peter Lowe: But yeah,
David Redekop: the Safari browser actually interprets it all now. So in some regards I’m always I’m always admiring Apple for doing things that are you know what I call the removing the floppy drive standard, right? Like you remember when they you remember when they killed a floppy drive?
Peter Lowe: Everybody’s like what? How am I going to transfer files?
David Redekop: Um but in hindsight that was a really good thing. And the way I see it is it’s a small enough market share globally. It’s not the Windows world where you you you can’t just remove stuff that fast, but it’s small enough and the people that live on the Apple side, they’re used to Apple just doing this. So, they just kind of tolerate Apple uh doing things at the very bleeding edge. And that’s what they do with Safari.
David Redekop: And it’s an amazing amount of market share that they do have in the Apple ecosystem, but everybody on a Mac also has an alternate browser. So, everyone’s always used to, oh, I like Safari, but that site doesn’t work there. I’ll open that up in my alternative browser, right?
David Redekop: And so, yeah, I noticed that, for example, they do interpret ED. So if there’s an error, an ED error that I forget one, one of the standard errors is where law enforcement has required it to be blocked. So for example, if you’re in the Middle East and a certain website has been requested to be blocked and the ED includes that detail, then the browser will actually give you that relevant message right inside the browser. But only Safari does that.
Peter Lowe: Wow.
David Redekop: I I also noticed last week that Safari actually favors type 65 responses over A records. So if you have an inconsistency in your public DNS records of type 65 that are different from your A or quad A, it will actually ignore A and quad A and just go with the type 65 responses.
Peter Lowe: Interesting.
David Redekop: But only Safari does that.
Peter Lowe: Yeah. I wonder if that has something to do with because they they worked I mean it was a couple years ago but they the oblivious do was deployed.
David Redekop: Oh no. Yes.
Peter Lowe: Um and their whole sort of the private VPN thing that was added to Apple. I’ve never actually checked it out but I I knew about it being deployed but they did a lot of work on the infrastructure side of things of that and so implementing those they probably looked at the standards thought okay that’s useful to implement and that’s good to to add.
David Redekop: Yeah. uh and they were also the first to to deploy the DO uh upgrade standard DDR in an nonopportunistic fashion which is very cool. So it’s really nice to see. I I’d like to have them take it a step further but Apple does Apple things in the Apple way. Very very rarely do we have any sort of influence but when things are based on merit then sometimes do things do trickle into the right direction.
Peter Lowe: Yeah. Yeah. There was some discussion about that. I was at the ad filtering dev summit last last year not this year in Cypus and there was a talk by Andre Meshkov this the the CEO and founder of Adgard one of the hosts did a talk about ad ad blocking with oh gosh I’ve forgotten the part of it but it he talked about how this implementation had been Apple are like partially supporting it
Peter Lowe: and other people are partially it’s I think the things that they decide to support are not driven very carefully Y and very incrementally and yes they I would love to see to see inside that that machine honestly the discussions that go on there.
David Redekop: Yeah I I would too and it’s amazing how often we see things going in the right direction for a short period of time and then kind of re retracing after they figure out what’s going on. I’m a glutton for punishment and so I end up getting the the the beta stuff as sometimes too early, but you get insight into what’s changed.
David Redekop: Like I don’t know if you noticed how they handled the whole random MAC address defaults that initially was on by default and then they quickly changed it so that the default now is a random MAC address but it’s fixed on a per SSID basis.
Peter Lowe: Okay.
David Redekop: And that really is because when they introduced the the MAC address default that would change every other day, there was way too many aspects of the identification ecosystem that would use the MAC address as a useful signal, not necessarily as the only identity, but a as a useful signal.
David Redekop: And so by still leaving it random but fixed on a per SSID basis, it was like, okay, this is fine, but you can change it. So for example, when I go to Starbucks, I change it to truly random, which basically is going to change every 24 hours, right? But when I go to my own network, I want it to be fixed because I use it for other ways of identifying what, you know, my device can do on the network.
David Redekop: But it’s still nice to be able to have it randomized. And there’s other features that go with it. So yeah, I it would be really interesting to be a fly on the wall when those when that feedback comes in and and then they decide, okay, we need to tweak this a little bit before it becomes a production.
David Redekop: And that’s what makes the production release so good most of the time that most of us Apple users have no hesitation that the moment there’s a new version, you know, we go for it.
Peter Lowe: Yeah, I think a lot of these things come down to like sensible defaults and what’s what’s good for the end user. And the problem with most of the tech world is that the incentives for the defaults are coming from ultimately I think ads and tracking right and Apple are the I think the one the only mega corporation who have their own ecosystem and it doesn’t depend on ads right
Peter Lowe: and so they can afford to actually do things which are better for the user. So, you know, they’re they’re pretty famous with their privacy um priv approach to privacy and it’s I think it’s only because they can afford to do that. Whereas like the Google stuff and the Windows stuff and everything else is they’re making so much money from from the tracking there.
David Redekop: Yeah. The amount of things that you have to change on Windows defaults the dark design is still there to some degree. Although I have noticed that Microsoft has made quite significant improvements as well. Now there’s an option where there is no default. You have to select, right?
David Redekop: But at the very least, it’s usually the bottom option that you want to opt out, right? So just like you you walk through the Windows 11 installation, you know, if it’s not like a a business or enterprise MDM based version and it’s still a and you’re like on a retail box, you still have to go through that initial approach. So the dark design is a little less dark because you’re actually actually selecting something each time. Just the bottom option.
Peter Lowe: Well, I don’t know. At the same time, I heard that they recently in the latest builds of of Windows 11, you can they’ve disabled the tricks that people used to use for getting around having a local account. You they’re doing as much as they can to force people to create a Microsoft account, a https://www.google.com/url?sa=E\&source=gmail\&q=Microsoft.com account.
David Redekop: I just grabbed the very latest two days ago and if it’s the pro then you can still say after you try three times then it says domain join instead and you choose that but you don’t join a domain and you specify your own account and
Peter Lowe: all right
David Redekop: so that’s what I did with my last one. I was kind of surprised because I had read the same thing that you just mentioned that that it has to be done with a with an online account. So,
Peter Lowe: all right. Well, I mean, I can understand from Microsoft’s point of view that they would want to do that, right?
David Redekop: Yeah, I get why they’re doing it. It’s just I don’t like it.
Peter Lowe: It’s so annoying.
David Redekop: Yeah, the same. So, back to your back to your blog list.
Peter Lowe: Oh, yeah.
David Redekop: With with you maintaining 3,495 human curated list of domains that are ads and trackers. First of all, thank you, Peter. If I haven’t said it enough, thank you. Um, may maybe our audience doesn’t know that’s a default with the Ublock Origin extension and Ublock Origin, even the light version that is now available on on Safari and on iOS Safari. It is amazing.
David Redekop: The only difference I see from the full version to the light version is that a manifest version 3 has forced developers to not have the extension auto update its own lists that it’s literally an app update or an extension update to get the new list. But so what? So every couple of couple times a week, you know, you get your app update and it pulls down a new list.
David Redekop: To me, it works as well as ever to to do it that way. And I don’t know if you have any telemetry on that because it is open- source and free and anybody can bake it in and you block origin has tens of millions of installs uses it by default. Do you have any idea what kind of an impact you’ve had over the last 27 years?
Peter Lowe: Uh it’s a little difficult to tell because your book origin when I do offer the list in lots of different formats I think 30 different formats. So for Squid or for as a bind include file as as a host file etc. And the way that Ublock Origin has always downloaded my list is as a host file because Raymond Hill the developer of Ublock Origin um that’s how he did it first and it works.
Peter Lowe: I pointed out to him hey I I’ve added an ad block plus format and he’s like ah it this works so fair enough. So I can’t really tell the difference between the Ublock origin download and another one. It comes from the browser the client itself. So it looks like it’s just a standard web request. Um and and actually I don’t even look at web blogs anymore because the we added caching.
Peter Lowe: I have to say one thing about this list is I have the people that never get filter list authors rarely kind of thanked for the work which is a bit of a shame because I think a lot of them do such hard work. I’m very lazy. I don’t do that much work but other people do.
Peter Lowe: But the people who are even behind me is my ever patient CIS admins the the owners of yoyo.org who have for the last 27 years been dealing with me crashing the the server that is hosted on in various different ways like it was so much like that the number of tech problems they’ve had to solve because of my list it’s been unbelievable you know like mysql dying Apache dying they switched to engineext
Peter Lowe: they put it in like different virtual hosts at one point it got so bad that they they actually implemented they put it behind Cloudflare and they put some proper cash caching implemented and it’s all because of like it’s just a little server that has been running for a bunch of people a bunch of friends all that time. So yeah yoyo.org or admins, thank you so much for all your help.
Peter Lowe: But yeah, because of the caching, I don’t actually I used to have some little stats that I could see and and look at my web blogs to see where the requests are coming from, which I, you know, just had a look at. I get deleted after every week or something, but I don’t really know.
Peter Lowe: But I did hear the other day, which was a little milestone for me. I think one of the admins was looking at the the CloudFo logs or some logs and said that this the page was getting 60 million hits a day which is kind of nice I think and when I was looking at the stats it was about sort of 10 million was a good day so it’s it’s still growing which is nice as to your book origin I don’t know individually really and I’m just I’m just glad that people are using it honestly so yeah
David Redekop: wow that is a huge impact if it’s 60 million a A you know you expand that over 27 28 years and even if that was you know a regular growth pattern that is really remarkable. I I remember how I felt when we estimated that we had blocked connect.fas.net about a billion times and you probably you’ve probably reached that like you know any number of your domains like doubleclick many times over many maybe a billion times since then.
David Redekop: Um, so I I have to ask you, I’ve never asked you this in person yet or or or in our chats, but have you ever considered adding connect.fas.net to your blog list?
Peter Lowe: Um, well, I don’t honestly I’ve never looked into it to be that’s the honest truth.
David Redekop: And we can this is this is a matter of public anyway. We we I I feel like people need to know about what that does. So connect.fas.net net is what gets used when you display the Facebook pixel on a on a website and you want people to link to your your Facebook page.
David Redekop: So even if your public website of your own domain has a user that doesn’t click on the link just by you including that JavaScript on your web page you’re actually pulling that Facebook pixel down. So, Facebook now has the telemetry of you, the user, that’s gone to yoyo.org, even if you’re not on Facebook.
David Redekop: You know, when I got the really shocker of a lifetime, was when someone that’s in my circle said, “I need to get on to Facebook.” And some of people in my circle have just yes we were on Facebook in the early days but once we realized that what it was doing in terms of it being a fake fake dopamine that really yielded no positive you know value to society or to our lives.
David Redekop: That’s when we became like okay let’s not do that and let’s inform people that it really is just a time waster. Oh, and by the way, that’s when someone said, “I need to get on there for a Facebook marketplace.” And so, we did end up helping get this guy onto Facebook. And the very first time he signed up, never having been on Facebook before, it knew remarkably the, you know, what’s the the famous 2500 data points that data bookers have on us individually. It knew exactly who this individual was.
Peter Lowe: Yeah.
David Redekop: And that’s when I found out, this was many years ago. That’s when I find out that it was through connectup Facebook.net working it backwards that ended up giving Facebook all that data. So they are data rich and they would argue that it’s with our permission and I would say that’s like you know all of these signed consents that we’ve signed but we actually never read.
Peter Lowe: It it is scary. I think it is really scary.
Peter Lowe: Yeah. I So I to answer your question first of all I would definitely consider it. I think what I would need to do is actually block it locally for a while and then see what the impact is on my browsing experience. That my policy is that any domain which is primarily being used for ads or trackers goes on the list.
Peter Lowe: Um and the problem with that policy is that if there’s other uses for the domain like legitimate uses then I don’t put it on the list. there’s some which I would like to and some which I block locally for myself because I don’t have any use for them which other people do have a legit use for right
Peter Lowe: and so for example the one of the more well-known times that I’ve done this is when I blocked t.co which is used to be or I think it still is Twitter’s URL shortener. So every time you put a link in Twitter it would bounce it through t.co. And I can I know that URL shorteners do have a use sometimes.
David Redekop: Yes.
Peter Lowe: So whenever I I always consider whether I add it to the list or not and I look at how it’s being used and if you went to t.co’s home like just t.co the plain URL it would say this is being used for malware protection and blah blah blah but I looked at I tried to find any examples of like one instance of it actually blocking a malware URL and I couldn’t find any at all.
Peter Lowe: And so my conclusion was the only reason and also if you put a T.CO O link in or other URL shortened links in, they would still get bounced through to so and it didn’t affect the length of the tweets. So it it like it didn’t shorten the URL and mean that you had more characters to play with in your tweet.
Peter Lowe: So I the the conclusion is that it was just being used as a tracker and that’s why I added it. Other ones which are like bit.ly I don’t add or um I don’t know what the other URL shorteners are.
Peter Lowe: Some of them I do if I I look at the URLs that are being used what’s being redirected to if it’s actually read being used as a shortener because a lot of the times this it’s happening automatically anyway. So with connect.fas.net if it’s actually being used for something other than tracking as well as it then according to my own policy I shouldn’t put it on there. even if I want to.
David Redekop: Yeah. And you you might discover I mean we have hundreds of thousands of cases where that’s blocked and the I don’t know of any cases ever where it has prevented legitimate functionality.
Peter Lowe: Right.
David Redekop: Okay. We had uh a similar instance with Google https://www.google.com/url?sa=E\&source=gmail\&q=adervices.com. In cases like in Safari on iOS, there is no way for you to have Ublock Origin suppress the sponsored section of a Google search for example, right?
David Redekop: Um, and because of the billion a year malicious ads that get served, our stance has been if you’re able to suppress the ads to begin with and then then only bypass the ad blocking or enable ads when you really want to see ads, that is the right approach for us to take.
David Redekop: And I know that there’s some more holistic kind of approaches to say, well, you’re using Google’s free services and the way you’re getting it for free is by having the sponsored ad display. But our response usually is, well, no, the browser is called a user agent. It’s my agent and so I’m going to tell the agent what to do cuz I’m in charge and I’m just going to suppress them.
David Redekop: But on iOS, you couldn’t. So what would happen is with the sponsored link would show up and you we all know people that when they go to a website, instead of going to the website, they’re googling for it and then clicking on the first link, right? Including people that are on Facebook. They Google Facebook and then click on the link.
David Redekop: So if there is a sponsored link there, it would then bounce through Google Google https://www.google.com/url?sa=E\&source=gmail\&q=adservices.com. And so we struggle with well what what do you do with blocking that by default versus not blocking it by default because of the typical user behavior that isn’t even aware that they are clicking on a sponsored link.
Peter Lowe: Yeah.
David Redekop: And Yeah. So it’s frustrating. It’s one of those discussions which never goes away and is I think difficult to come to a you know a conclusive answer like like something that you it feels satisfying to say it’s like this because of you should always do this because of you know because of these reasons.
David Redekop: You’re right. There is. So, one of the ways I used to justify using a domain list was also that if people hosted ads locally, like if they had a slash ads and a little local ad server running, then they weren’t big enough to to matter.
Peter Lowe: Yes.
David Redekop: And that was okay to let them have their ads, right?
Peter Lowe: Um, but yeah, I don’t know. Google ad services, by the way, that is also one of the ways that like you’re saying about malicious ads. Um, having a sponsored ad that looks like that. Yes. You know, Facebook you put is a way of spreading malware that’s used quite a lot, I think.
David Redekop: Right. Right.
Peter Lowe: So, I don’t know. One of the discussions I have for people that contact me is tracker companies who Right. tell me that that I’m I’m breaking their their business model because or ad companies that are saying that I’m taking money away from them because they have a legitimate business model and they host data privately and and uh they they’re ethical and everything and I just have to say that you know this is my decision to block your stuff and other people have decided to use my list so it’s not really a question I do kind of like deflect that discussion quite a bit
Peter Lowe: But yeah,
David Redekop: I I I don’t want to gloss over this too much. I I know we’ve talked a lot about the good aspects of what you’ve done and all the good work that you’ve done, Peter, but how bad are things when you get hate messaging of any kind? Have you ever had a death threat?
Peter Lowe: No, no, no. I haven’t had a death threat. I’ve had someone, you know, veiled threats. I did a little presentation recently about some some some correspondents I had and one of the messages said ended with PS I know who you are Peter Lowe which was quite funny.
David Redekop: Yes,
Peter Lowe: I’ve had legal threats. I’ve had a lot of failed legal threats. Um but no actual death threats. Nobody who’s been that angry about that.
David Redekop: Glad to hear.
Peter Lowe: I’m glad to hear. I I don’t want to give anybody that that that idea either. You live in a in a in a safe in a safe space and a safe country where law enforcement would protect you quite well, I’m sure.
David Redekop: And over the years, you’ve learned a lot about Osent, right? You can have your voice and your face and your video present on the internet uh but still not be that easily found. Although nowadays, I’m not sure anybody can protect the OENT so well that that it’s absolutely impossible. Still, still I’m I’m very glad to hear that on the whole it’s it’s just been enough to make you have tough skin, but not enough to to shut you down.
Peter Lowe: Let me answer that though, cuz you said I have tough skin. I don’t think I do have that tough skin really because, you know, if somebody says something that is, you know, personal to me, then I I’m quite sensitive, I would say. But, but the thing is I I always try and remember the context of when people are messaging me.
Peter Lowe: I as an internet user have been frustrated on the internet more than once m many times a day. Sometimes you get to a website and there’s a popup or you get to a website and and there’s I don’t know the the video doesn’t load properly or something annoying happens and if it happens a few times a day then it can sort of build up and you you’re like you you want to sort of just hit your keyboard or something sometimes.
Peter Lowe: And so when I get a message from people, usually I just remember what it was like for me half an hour ago when I went I was getting annoyed at some popup or something. And that’s all it is. A lot of the times when I get messages from people and I just give them a little bit of patience that they end up calming down and going, “Oh, I didn’t understand. And thank you.” And you know, they’re nice about it.
Peter Lowe: So you know ah it reminds me of the wise words of richest man who ever lived who said a gentle word turns away wrath.
David Redekop: Yeah and you are clearly a really good example of that.
Peter Lowe: Thank you.
David Redekop: So okay so if you don’t have tough skin you are somehow able to just have it uh you know bounce off like like rubber or you you you respond kindly.
Peter Lowe: Yes.
David Redekop: Okay. So that that that makes me wonder how many hours a week are you still spending on the maintenance of the list and or answering queries?
Peter Lowe: Um good question. I would say on average two or three hours a week, not much.
David Redekop: Wow.
Peter Lowe: You know, just enough time to kind of respond to like D-listing requests. So the legitimate ones I get are from people who have, you know, bought a domain or it’s changed hands or for some reason and it’s no longer being used for its original purpose.
Peter Lowe: Um, and occasionally I have to look into it and just verify what they’re saying. Sometimes I have more involved discussions with people that which are about like tracking companies that say I what I do is if I find a tracking company, I usually list their parent domain and then sometimes they get annoyed and say, “Well, you’re blocking our whole domain. You’re blocking sales from us.”
Peter Lowe: Which is hilarious to me, but um, okay. And I always say, well, if you’ve got specific subdomains that you’re using for tracking your ads, give me a list and I’ll replace the parent with that and then I go and verify that and check for other subdomains and blah blah blah.
Peter Lowe: I get some submissions sent to me and occasionally I’ll find one myself and there’s a couple of other sources I get new additions from and corrections, but it’s not a lot. I mean, not that a huge amount. I at the moment I have a few requests in my inbox because one of the things about uh the list is that there’s a lot of different communities that use it.
Peter Lowe: So there’s like Pi Hole, there’s people who using it for Unbound. I’m looking at my inbox now and looking at the requests I’ve got. There’s a RPZ format request somebody wants me to add. There’s some improvements to that and those are like coding changes and that needs a little bit more testing and and stuff. So yeah, there you go. Two, three hours a week. Is that about right? I think.
David Redekop: Are you still having fun?
Peter Lowe: Yeah. Yeah, I am. Absolutely.
David Redekop: Are you are you still having fun? You do, you know, running out of networks.
Peter Lowe: There isn’t a day that I wake up without the expectation that it’s going to be a fun day.
David Redekop: There you go. Yeah. you you you just like yourself, you end up dealing with the brown smelly stuff. And the thing is, if you deal with it first thing in the morning or as soon as possible, then you can move on to the things that you want to accomplish and and achieve that day.
David Redekop: Um, and it’s so just a matter of, you know, there’s so many different expressions, boil the frog or, you know, eat the frog first or whatever those expressions mean. I’ve got to learn.
Peter Lowe: Yeah. Yeah.
David Redekop: So whatever. I eat frogs for breakfast. Okay. And then then the rest and and then and then the rest of the day is just very good tasting Canadian coffee.
Peter Lowe: Yeah. No, it’s it’s good. And I I find it very interesting that the internet’s growth, even though it’s still there, in a lot of ways, it has reached a level of maturity where the bad guys know that all of their tricks are having the doors closed on them one by one, one by one, one by one. Right?
David Redekop: And so one of the things that you know we’re excited about is kind of flipping the paradigm and shutting down all of the remaining intent is by just flipping the model to going to allow listing. But then what happens is when you get to allow listing then sometimes you need to still not sometimes all the time you still need to have block listing as a secondary filter.
David Redekop: And so that’s why your list is as important as ever uh even with taking the allow listing approach because when it comes to allow listing you know there being 600 million active domain names of which any organization you know needs about 15,000 the allow listing model is one that is we believe going to win in the long term.
David Redekop: So it is fun because it never stops being a challenge because it depends on the user right if it’s being forced upon a user that doesn’t want the protection that’s a that’s a difficult thing so but a lot of the times we are dealing with it being age-based right
David Redekop: I have teenagers and pre-teens myself and there’s a certain length of of time that we need to protect the the vulnerable right I know that you guys and the British like just like in our Canadian schools, we’re concerned about what content is accessible, that is, you know, unhealthy, that is damaging, that is harmful, that is distracting, um that it’s a lot easier just to prevent the problem before it occurs, right?
David Redekop: So, all of that presents itself in fun ways because at the end of the day, engineers look for an opportunity to problem solve. One thing that the internet has done is that it’s always created more problems than it’s solved and so so the supply is never ending.
Peter Lowe: Yeah, that’s very very true. I think that’s it’s a absolute trism. I think the the same thing will be said about AI. I think all the things that we’ve we’ve gone through with the internet will we’ll see again with AI as well.
Peter Lowe: the the age the age thing is such a tricky problem to solve again to actually to solve but we can definitely do a lot better than we’re doing and working towards a good solution.
Peter Lowe: I think it you know balancing ease of access with what’s being accessed is is so difficult and gauging you know the content based on what’s appropriate and what’s not is is a tricky thing and it moves beyond like sort of techn technological solutions to the more human involvement I think of assessment of things as well which is
David Redekop: our conclusion at the end of the day was that it requires the two elements what you just described right now is the human involvement.
Peter Lowe: Yeah.
David Redekop: So that is the strong parentto- child relationship. That is a strong teacherto student relationship that shouldn’t override the parent to child. But a lot of the times the parent child is absent and so the teacher kind of takes that substitute which is a sad state in in our society today.
David Redekop: But the other aspect is technology. You can’t do it with just one or the other. You actually need the human element. You need the technology element. Both need to be done well. And if both are done well, those children do flourish, right?
David Redekop: And you you end up creating what we now understand more about how our own neural networks work in our own brain is amazing. Absolutely amazing that our childhood experiences literally create the pathway that we use for life. And if those are good pathways, they end up being, you know, to our benefit. But if they are negative, they can be very difficult to reroute, you know, over over a over time, but it’s easier to be preventative rather than being in a repair state.
Peter Lowe: Yeah, that’s very true. I suppose it comes back to like the developmental state of the brain like you were saying when if you learn a new language at 15, then you’ve got a chance of having a good accent because you’re you’re affecting the like neural pathways in the brain to fundamentally rather than just kind of adding in on top. But yeah, interesting.
David Redekop: Yeah. Well, Peter, we have yet to meet in person, although we do regularly interface online, so hopefully uh we do connect very very soon at uh a subsequent event. It just seems like we keep on missing each other at the
Peter Lowe: Yeah, it’s a shame.
David Redekop: Various events. It’s going to happen some sooner or later. You know usually happens almost anyone that you connect with on video online and you meet them in person their height is not what you expected it to be always like sometimes somehow they’re either taller or shorter but never at the height that you expect them to be.
David Redekop: I don’t I’m not sure what you’re expecting but okay let let me peg you and maybe peg you at 5 foot 10. Am I right?
Peter Lowe: Ah close. I’m about 59 and a half.
David Redekop: Oh, okay. So, we are literally eye to eye.
Peter Lowe: Okay.
David Redekop: Cuz I’m I’m 5’9 and a half. So, there we go.
Peter Lowe: Right. Perfect.
David Redekop: Well, we’ll find I’ll verify that in person. Trust but verify. We’re good.
Peter Lowe: Yeah, that’s absolutely right. That’s absolutely right. So, Oh, I had Anyway, yeah, froze for a second there for me. Did my Did my video freeze on you for a second?
Peter Lowe: Yeah, just for a couple seconds.
David Redekop: I have not yet had that happen, but I did see that too. as might be by machine. Peter, it has been such a pleasure having you on. I do look forward to speaking to you again real soon.
David Redekop: Thank you very much for making this I don’t know if it was your first work task in the new year, but have a fantastic 2026.
Peter Lowe: Thank you. You too. It’s always a pleasure chatting with you, David. And I would consider this work. It’s It’s been Yeah, it’s been fun. So, thanks.
David Redekop: All right. Sounds good. See you, Peter.
Peter Lowe: Bye.
Narrator: The defender’s log requires more than a conversation. It takes action, research, and collective wisdom. If today’s episode resonated with you, we’d love to hear your insights. Join the conversation and help us shape the future together. We’ll be back with more stories, strategies, and real world solutions that are making a difference for everyone. In the meantime, be sure to subscribe, rate, write a review, and share it with someone you think would benefit from it, too. Thanks for listening and we’ll see you on the next episode.
[End of Video]