You could just ignore AS32934: <a href="https://www.radb.net/query/?keywords=AS32934" rel="nofollow">https://www.radb.net/query/?keywords=AS32934</a> ..?<p>...which includes the downtown Palo Alto address, hah. It’s linked from facebook.com/peering/<p>Here’s a list of the IP prefixes:<p><a href="https://bgp.he.net/AS32934#_prefixes" rel="nofollow">https://bgp.he.net/AS32934#_prefixes</a><p><a href="https://bgp.he.net/AS32934#_prefixes6" rel="nofollow">https://bgp.he.net/AS32934#_prefixes6</a>
Unfortunately this won't do much anymore, as Facebook and others are transitioning to server-side data transmission. Businesses now log data onto their own servers, then transmit it directly to adtech companies so that your device never directly touches the adtech server.
I have not used this list but I do block fb and ig servers in pi-hole. Though I will now move to using this list: <a href="https://github.com/jmdugan/blocklists/blob/master/corporations/facebook/all-but-whatsapp" rel="nofollow">https://github.com/jmdugan/blocklists/blob/master/corporatio...</a>
I have (also) been blocking their IP ranges [1] with ufw, just in case they try to bypass DNS.<p>[1] <a href="https://gist.github.com/Whitexp/9591384" rel="nofollow">https://gist.github.com/Whitexp/9591384</a>
I just block Facebook.com in NextDns together with the graph.facebook.com and connect.facebook.net domains.
Messenger and WhatsApp still work fine.<p>The same can be done in a hosts file.
I block with dnsmasq on the main router, depending on your needs just using the domain name can be enough.<p>E.g.<p>address=/facebook.com/0.0.0.0
address=/fbcdn.net/0.0.0.0<p>Also block DoT ports, all known DoH resolvers (real pain in the ass), VPN services and proxy sites for the best results.
Find all of Facebook's IP addresses here: <a href="https://whois.arin.net/ui/advanced.jsp" rel="nofollow">https://whois.arin.net/ui/advanced.jsp</a><p>Search by organization for Facebook, then click each organization and then, Related Networks