Page 3: Editing Hosts Without Disabling SIP
Using Nano
Nano is a text editor in Terminal, and to open the hosts file with it, we can type the following command:
sudo nano /etc/hosts
Enter your administrator password and hit enter. Using your arrow keys, move the cursor down until you reach the blank space after the default entries. You can still copy and paste the list of domains as usual. When you’re done, hit Control + X. Then, press Y so it will save the changes.
After this, you’ll still want to flush the DNS cache using the command we used before:
sudo killall - HUP mDNSResponder
Now you can exit out of Terminal like normal.
I went into Recover Mode and disabled SIP.
After reboot, in Terminal the csrutil status shows disabled.
I open the /etc/hosts file in TextEdit and it shows Locked.
Any tips?
Mac OS 10.13.3
Moving onward, I tried using Nano in Terminal and that worked to edit the hosts file. Also simpler and quicker.
I use this exact system to block Facebook and other trackers. The host list I have is much longer, but my system is fast enough to prevent delays when browsing.
I used this a couple of years, but then my sister moved abroad and started to share information about her new life through Facebook. I started thinking how can I have my cake and eat it. At first I used a script that swapped my host file full of domains to be blocked for one with none in it. This didn’t work well, because i had to reboot to use the changed host file. Then I started thinking about VPN’s, but that was not practical either. Because then my DNS queries would still go through my host file first.
My solution was keeping my host file full with blocked domains for normal surfing with Safari and all the other normal things I do with a computer. Now when I want to visit Facebook or Instagram, I fire up the Opera browser. This browser has a build in VPN and for DNS queries it bypasses my host file. Because of this I have no problem visiting Facebook with the Opera browser. When I’m done I close the Opera browser. I only use that browser for this purpose. So I’m only tracked for the things I do in Facebook, the rest of the time I’m not. Even when I’m on Facebook, my normal Internet traffic is blocking trackers, because it doesn’t go through the VPN.
That’s a clever workaround, thanks for sharing.