How to Disable Ads on the Roku Home Screen

If you own a Roku streaming media player or Roku TV and want to disable the advertisements that occupy one-third of the Home screen, you will discover that Roku does not provide you a way to opt out.

According to How-To Geek, Roku makes more money from ads than it does selling hardware ($740 million in ad revenue in 2019).

Don’t be deterred. If you are technically savvy and motivated, this article documents how to engineer an ad-free Roku home screen — like this one.

Roku without ads on Home screen

A summary of what needs to be done (overview)

There is more than one way to remove Roku ads. If you are a talented technical engineer, this is what you are trying to accomplish.

  • Prevent your Roku from reaching a list of domains (see below)
  • Provide your Roku a fixed/static IP address
  • Prevent your Roku from using DNS port 53 for LAN to WAN queries

Settings within the Roku (easy)

Most of the steps that you will take to remove ads resides outside of the Roku. If you simply want a little more privacy and fewer customized ads, at least perform these easy steps on your Roku.

Roku Features to Disable:

  • Roku TV > Settings > Privacy > Advertising > Limit ad tracking (enabled)
  • Roku TV > Settings > Privacy > Advertising > Reset advertising identifier (do this often)
  • Roku TV > Settings > Privacy > Smart TV experience > Use info from TV inputs (not selected)
  • Roku TV > Settings > Privacy > Smart TV experience > Enable auto notification (not selected)
  • Roku TV > Settings > Home Screen > Featured Free > Hide
  • Roku TV > Settings > Home Screen > Movie Store and TV Store > Hide
  • Roku TV > Settings > Home Screen > My Offers > Hide

Block these domains (medium)

Using some network capturing tools, I logged about fifty unique IP addresses the Roku attempts to access within the first two minutes of it powering on. Blocking them all would result in a loss of functionality. Instead, you want to prevent the Roku from accessing just the following domains (LAN to WAN traffic).

  • ads.roku.com
  • amarillo.logs.roku.com
  • amoeba-plus.web.roku.com
  • austin.logs.roku.com
  • bryan.logs.roku.com
  • camden.logs.roku.com
  • cloudservices.roku.com
  • cooper.logs.roku.com
  • customer-feedbacks.web.roku.com
  • digdug-g2.logs.roku.com
  • digdug.logs.roku.com
  • display.ravm.tv
  • esp.logs.roku.com
  • giga.logs.roku.com
  • gilbert.logs.roku.com
  • griffin.logs.roku.com
  • hereford.logs.roku.com
  • i.ads.roku.com
  • identity-dev.ads.roku.com
  • identity.ads.roku.com
  • lagrange.logs.roku.com
  • liberty.logs.roku.com
  • littlefield.logs.roku.com
  • logs.roku.com
  • longview.logs.roku.com
  • midland.logs.roku.com
  • mobile.logs.roku.com
  • p.ads.roku.com
  • paolo.logs.roku.com
  • raps-perf.ravm.tv
  • raps.ravm.tv
  • ravm.tv
  • richmond.logs.roku.com
  • rollingwood.logs.roku.com
  • rxr.ravm.tv
  • samples.voice.cti.roku.com
  • scribe.logs.roku.com
  • sugarland.logs.roku.com
  • traces.sr.roku.com
  • track.sr.roku.com
  • tyler.logs.roku.com
  • victoria.logs.roku.com
  • windsor.logs.roku.com
  • wwwimg.roku.com

Perhaps the easiest way to do this is to use either NextDNS.io or a Raspberry Pi Pi-Hole as your DNS provider, and subscribe to the Lightswitch05 Ads & Tracking block list. All of the domains above, except for amoeba-plus.web.roku.com and wwwimg.roku.com (in bold) were already included in Lightswitch05’s block list at the time of writing.

I accomplished DNS filtering by installing ASUSwrt-Merlin on my home router. I then configured my router to use NextDNS.io as the router’s DNS-over-TLS / DNS-over-HTTPS source. Using NextDNS.io at the router level will help you block ads for all devices on your home network, not just your Roku.

Here’s how I configured my home router to use NextDNS.io.

ASUS Merlin NextDNS.io settings

And how I configured NextDNS.io to filter out most Roku ads and tracking.

  • NextDNS.io > Privacy > Blocklists > Add > Lightswitch05 Ads & Tracking
  • NextDNS.io > Privacy > Native Tracking Protection > Add > Roku
  • NextDNS.io > Denylist > Add > amoeba-plus.web.roku.com (missing from Lightswitch05)
  • NextDNS.io > Denylist > Add > wwwimg.roku.com (missing from Lightswitch05)

NextDNS Roku Settings

Optionally, if you prefer to roll your own DNS filtering solution, build a Pi-Hole or install Diversion via AMTM on your ASUSwrt-Merlin router.

Once you have a DNS filtering solution in place and have configured your home router to use it, all devices on your network should (by default) have their DNS traffic filtered. Except for the Roku, of course, which has hard coded its own public DNS source for some of its queries.

Provide your Roku a static/fixed IP address (medium)

To perform the last step, which involves creating firewall rules, you need to first provide your Roku a static IP address. I accomplish this by letting DHCP provide the Roku a dynamic IP address, and then configure my router to always reserve that IP for the Roku.

ASUS merlin manually assigned IP

Firewall LAN to WAN Port 53 (hard)

DNS queries traditionally use Port 53 via TCP or UDP. You want to force your Roku to always use your router (and thus NextDNS or Pi-Hole) for all of its DNS queries.

In order to prevent your Roku from quering Google’s public DNS servers at 8.8.8.8 and 8.8.4.4 directly, you’ll need to configure a network firewall to block LAN to WAN traffic over Port 53 (TCP and UDP).

How to do this differs for each router. Here’s how I did it using ASUSwrt-Merlin.

  • ASUSwrt-Merlin > Firewall > Network Services Filter > Enable
  • ASUSwrt-Merlin > Firewall > Network Services Filter Table > add these two entries
  • Entry 1 > Source IP (the static LAN IP address of your Roku), Destination Port Range 53, Protocol TCP
  • Entry 2 > Source IP (the static LAN IP address of your Roku), Destination Port Range 53, Protocol UDP

Asus Merlin Network Service Filter Port 53

That should do it. Reboot your router to clear your DNS cache then reboot your Roku. Hopefully you will be rewarded with an ad-free Roku.

Closing

Removing Roku ads will take some work. And for some of these steps, like installing ASUSwrt-Merlin or a Pi-Hole, take some effort and require specific hardware you might not yet own. There are likely other ways to perform these steps on your own hardware — but I leave that to you. You know what needs to be done, and now just have to figure out how to do so if you want an ad-free Roku.

EFF Dice-Generated Passphrases via Microsoft Excel or Google Sheets

In 2016, the Electronic Frontier Foundation created some enhancements over the original Diceware Passphrase list by creating the EFF Dice-Generated Passphrases list. This post is my effort to use Microsoft Excel or Google Sheets to semi-randomly generate random passwords by using the EFF’s Long Wordlist [.txt].

Please note, while I am an IT professional, I’m not a cryptographer or mathematician. The passwords generated via these Microsoft Excel formulas are semi-random. They represent a good-enough approach to creating passwords users can memorize. Use passed.pw or LastPass’ Password Generator for longer passwords that contain more entropy. As always, use a good password manager and enable multi-factor authentication when available.

TL/DR: Links to the live Microsoft Excel and Google Sheets worksheets

If you just want some semi-randomly generated passphrases based on the EFF Large Wordlist, select either of these read-only publicly-accessible links.

Results

This is what you’ll find: 10- to 16-character easy-to-remember semi-random passphrases. Refresh your browser (F5) to generate a new round of passphrases.

Screenshot

A screenshot of the EFF Dice-Generated Passphrases via Microsoft Excel.

EFF Dice-Generated Passphrase via Microsoft Excel
EFF Dice-Generated Passphrase via Microsoft Excel

Example

Here is a static example of the semi-random passphrases these worksheets randomly create.

14Good14Better15Good15Better16Good16Better
DarnLungScuff1stoic-UNWIND-8GoryKudosStove0tidbit-FOOTSIE-4GiftRelicHuddle6baggie-WOMANLY-1
IckyLionCacti1pagan-PRECUT-9EpicAlbumVerse4stingy-ARMBAND-8ShunWharfBootie3varied-SCALLOP-8
GrubLifeSkies8humid-STINKY-2MoveClassPurge3sudoku-HAGGLER-0IconGauzeEclair5lively-SHELTER-8
RushWindZesty7shape-JAILER-9OvenAptlyFruit5tattoo-SLOUCHY-9DawnVersePurple6affirm-CONDONE-4
RiftLateTweak7mummy-CLAMMY-9JeepPhonyFetal5drudge-CLOTHES-0OmitBakedStress9idiocy-SWOONED-5
TallBlipUsher2crock-CUDDLE-0WishCacheChest1tinker-PROWLER-2VoidAtlasGravel1panama-IMPLANT-6
BathHaltKooky8shock-DELETE-8HateBootsPesky0violet-RUBDOWN-9DialEruptTaking2deeply-SCROOGE-1
JawsLarkSandy0grape-CIRCUS-2RakeEruptRigor0myself-SKYWARD-3DoleUsherTissue0idiocy-MUSTANG-6
DarnLeftChaos6visor-WANTED-6HateDingoIdiom4saloon-CLATTER-4LurkTiaraHarbor2awaken-DENSITY-8
HurtEbayYield0couch-GANDER-4GulpBunnyDecaf9unholy-PROWESS-5OozyJuicyGrudge1specks-OUTLOOK-5

How it works

The essential components to using Microsoft Excel or Google Sheets to generate semi-random passphrases are:

You will find a few more hidden sheets of data (like city names or shorter versions of the EFF dice words) that you may use if you want to customize your own formulas. Please, do make a copy of either worksheet and modify to meet your needs.

Formulas

My files generate 10- to 16-character passphrases. The 10Good column contains a 10-character passphrase of lowercase, uppercase and numbers. The 10Better column simply adds punctuation. Please look at the examples above to get a good idea.

Good Formula

This Excel formula does not include punctuation.

=INDEX(DataEFFLong1!$F$84:$F$550,RANDBETWEEN(1,ROWS(DataEFFLong1!$F$84:$F$550)),1)
&INDEX(DataEFFLong1!$F$551:$F$1478,RANDBETWEEN(1,ROWS(DataEFFLong1!$F$551:$F$1478)),1)
&CHAR(RANDBETWEEN(48,57))

There are two INDEX functions that use the RANDBETWEEN function to select a random EFF word from a range of words that are pre-sorted by how many characters are in each word; followed by a CHAR function that uses the RANDBETWEEN function to select a random number.

Better Formula

This Excel formula adds punctuation. In cell B14, I use this formula to select a semi-random delimiter from the ASCII table (characters , – . /).

=CHAR(RANDBETWEEN(44,47))

Then I simply include this semi-randomly selected punctuation into the formula.

=INDEX(DataEFFLong1!$E$2:$E$83,RANDBETWEEN(1,ROWS(DataEFFLong1!$E$2:$E$83)),1)
&$B$14
&INDEX(DataEFFLong1!$D$84:$D$550,RANDBETWEEN(1,ROWS(DataEFFLong1!$D$84:$D$550)),1)
&$B$14
&CHAR(RANDBETWEEN(48,57))

The result is that the user must only memorize a single punctuation value and number — along with the EFF dice words — to memorize their password.

Again, these passphrases have less entropy than passed.pw randomly-generated passwords like “U7p2uk>R,v)]HTRc”; but they are easier to memorize and should be sufficient when also protected by multi-factor authentication.

Google Sheets formulas

The formulas that Google Sheets’ uses to produce the same results as Microsoft Excel are different, but the concept is the same. Google uses ARRAY_CONSTRAIN and ARRAYFORMULA to wrap the original Excel formulas.

=ARRAY_CONSTRAIN(ARRAYFORMULA(INDEX(DataEFFLong1!$F$84:$F$550,RANDBETWEEN(1,ROWS(DataEFFLong1!$F$84:$F$550)),1)
&INDEX(DataEFFLong1!$F$551:$F$1478,RANDBETWEEN(1,ROWS(DataEFFLong1!$F$551:$F$1478)),1)
&CHAR(RANDBETWEEN(48,57))), 1, 1)

Closing

Feel free to use these worksheets as is. Optionally, add your own data sources and modify the formulas to better meet your needs.

Fragment and Social Distance Drives

During the COVID-19 pandemic, Microsoft should have updated its Defragment and Optimize Drives tool to do the inverse by maintaining at least six-bits of separation from neighboring data.

Social Distance Drives
Maintain at least a six-bits of separation.

It says “You can fragment your drives to help your data maintain a safe social distance (at least a six-bits of separation). Only drives on or connected to your computer are shown.”

Here’s how they should have placed it in your start menu.

Fragment and Social Distance Drives
How to find Fragment and Social Distance Drives in the Windows 10 start menu.

My Google Maps photos have been viewed more than 25 million times

I enjoy adding photos to Google Maps. That enjoyment really increased a few years ago when I bought a 360-degree camera. Since 360-degree cameras are still a bit of a novelty, my images get more views than most.

Last week, Google sent me an email saying:

Hi Jason, You’re a top photographer on Google Maps You’ve just accomplished what very few people have done: reached 25,000,000 photo views. Congratulations on the amazing accomplishment

To be specific, that’s 3,426 images generating 25,198,085 views on Google Maps as of today, February 29, 2020. An average of 7,354 views per image.

The most popular image is this 360-degree photo I quickly snapped while exiting a Cincinatti Reds baseball game, which has achieved 5,051,046 views.

It’s a nice motivating bit information information that encourages me to keep traveling and adding 360-degree photos to Google Maps.

Wells Fargo cannot follow its own phishing security advice

Wells Fargo has a reasonably good security page educating customers about phishing email and texting scams.

They make three good comments about how to recognize a phishing email scam, informing the user to look out for a combination of red flags:

Non-Wells Fargo email address: The email address of the sender does not include the wellsfargo.com domain name, instead using something like [email protected]

Urgent call to action: The email includes an urgent request in the subject line and message copy, such as “Don’t miss your chance to win $1,000. Complete the survey today.”

Suspicious URL: The email contains a link to a non-Wells Fargo URL, which could be a fraudulent website, such as https://mail.gallupmail.com/track?xyz.

As you may have guessed, I replaced their actual examples with similar but real content that I received by email from Wells Fargo.

On the left is a screen shot of Wells Fargo’s good security advice regarding phishing emails. On the right is a screen shot of an actual Wells Fargo email violating its own advice (verified months later as legitimate by the Wells Fargo Executive Office).

Wells Fargo emails look like phishing emails

Wells Fargo, you have a responsibility to perform email best practices. All emails from Wells Fargo should come from the wellsfargo.com domain or a subdomain of wellsfargo.com, and all links in said emails should link back to the wellsfargo.com domain or a subdomain of wellsfargo.com. Nothing less is excusable.

Follow your own security advice. Don’t send customers emails that look no different than phishing emails. By doing so, you are training your own customers to trust emails they should not trust.