Update: A couple of people have reached out to me, saying that it’s possible to edit the hosts file without disabling SIP. This is great news because SIP is an important security feature of macOS. Even though we only disable it temporarily, it would be much better if we didn’t have to do it at all. You can find new instructions on Page 3.
We’ve shared plenty of tips on how to delete Facebook, remove third-party apps, control privacy settings, and delete bulk content. But what if you want to go even further? It turns out we can, and we can block Facebook completely by editing the hosts file.
In this guide we’ll be adding Facebook-owned domains to the hosts file, which will block them from our system. This is important because even if you deleted your Facebook account, Facebook can still track you around the web like Google does via its advertising platform.
So only go through with this guide if you deleted your Facebook account and want nothing more to do with it. This is basically the scorched earth nuclear option. The list of Facebook domains includes WhatsApp, Instagram, and of course Messenger. If you still plan to use those services, you can opt to remove them from the list we’ll be adding to the hosts file.
What is Hosts?
The hosts file is a system-level file that maps IP addresses to host names. Think of it as a local DNS system. You can edit the file to point domains to a different IP address, or block domains altogether. The latter is what we’re aiming for here.
You can edit the hosts file with Terminal or using TextEdit. For our purposes it’s easier to use TextEdit because editing the hosts file requires that we temporarily disable System Integrity Protection (SIP) a feature that Apple added in modern macOS.
Disabling SIP
First, we’ll check to see if we need to disable SIP at all, although we’ll probably have to. Open Terminal and type or copy/paste the following command:
sudo open -a TextEdit /etc/hosts
Type your password when prompted. This will automatically open TextEdit with the hosts file. If you see the word “Locked” at the top, that means we need to disable SIP. But don’t worry, we can turn it back on once we’re done.
Disabling SIP requires that we reboot the Mac and enter Recovery Mode. Before you do this, if your iPhone is handy, type the following commands into Notes or somewhere else so you don’t forget.
Restart your Mac by click the Apple () icon in the menu bar > Restart. After you hear the startup chime, quickly hold down the buttons Command + R at the same time.
Now we’re in Recovery Mode. At the top of the screen, click Utilities > Terminal. Type the following command and then hit Enter (Return):
csrutil disable; reboot
A message will appear saying that System Integrity Protection is disabled, and the Mac will reboot.
I went into Recover Mode and disabled SIP.
After reboot, in Terminal the csrutil status shows disabled.
I open the /etc/hosts file in TextEdit and it shows Locked.
Any tips?
Mac OS 10.13.3
Moving onward, I tried using Nano in Terminal and that worked to edit the hosts file. Also simpler and quicker.
I use this exact system to block Facebook and other trackers. The host list I have is much longer, but my system is fast enough to prevent delays when browsing.
I used this a couple of years, but then my sister moved abroad and started to share information about her new life through Facebook. I started thinking how can I have my cake and eat it. At first I used a script that swapped my host file full of domains to be blocked for one with none in it. This didn’t work well, because i had to reboot to use the changed host file. Then I started thinking about VPN’s, but that was not practical either. Because then my DNS queries would still go through my host file first.
My solution was keeping my host file full with blocked domains for normal surfing with Safari and all the other normal things I do with a computer. Now when I want to visit Facebook or Instagram, I fire up the Opera browser. This browser has a build in VPN and for DNS queries it bypasses my host file. Because of this I have no problem visiting Facebook with the Opera browser. When I’m done I close the Opera browser. I only use that browser for this purpose. So I’m only tracked for the things I do in Facebook, the rest of the time I’m not. Even when I’m on Facebook, my normal Internet traffic is blocking trackers, because it doesn’t go through the VPN.
That’s a clever workaround, thanks for sharing.