Update: A couple of people have reached out to me, saying that it’s possible to edit the hosts file without disabling SIP. This is great news because SIP is an important security feature of macOS. Even though we only disable it temporarily, it would be much better if we didn’t have to do it at all. You can find new instructions on Page 3.
We’ve shared plenty of tips on how to delete Facebook, remove third-party apps, control privacy settings, and delete bulk content. But what if you want to go even further? It turns out we can, and we can block Facebook completely by editing the hosts file.
In this guide we’ll be adding Facebook-owned domains to the hosts file, which will block them from our system. This is important because even if you deleted your Facebook account, Facebook can still track you around the web like Google does via its advertising platform.
So only go through with this guide if you deleted your Facebook account and want nothing more to do with it. This is basically the scorched earth nuclear option. The list of Facebook domains includes WhatsApp, Instagram, and of course Messenger. If you still plan to use those services, you can opt to remove them from the list we’ll be adding to the hosts file.
What is Hosts?
The hosts file is a system-level file that maps IP addresses to host names. Think of it as a local DNS system. You can edit the file to point domains to a different IP address, or block domains altogether. The latter is what we’re aiming for here.
You can edit the hosts file with Terminal or using TextEdit. For our purposes it’s easier to use TextEdit because editing the hosts file requires that we temporarily disable System Integrity Protection (SIP) a feature that Apple added in modern macOS.
First, we’ll check to see if we need to disable SIP at all, although we’ll probably have to. Open Terminal and type or copy/paste the following command:
sudo open -a TextEdit /etc/hosts
Type your password when prompted. This will automatically open TextEdit with the hosts file. If you see the word “Locked” at the top, that means we need to disable SIP. But don’t worry, we can turn it back on once we’re done.
Disabling SIP requires that we reboot the Mac and enter Recovery Mode. Before you do this, if your iPhone is handy, type the following commands into Notes or somewhere else so you don’t forget.
Restart your Mac by click the Apple () icon in the menu bar > Restart. After you hear the startup chime, quickly hold down the buttons Command + R at the same time.
Now we’re in Recovery Mode. At the top of the screen, click Utilities > Terminal. Type the following command and then hit Enter (Return):
csrutil disable; reboot
A message will appear saying that System Integrity Protection is disabled, and the Mac will reboot.