Going Nuclear: How to Block Facebook Completely From Your Mac [Update]

17 minute read
| How-To

Update: A couple of people have reached out to me, saying that it’s possible to edit the hosts file without disabling SIP. This is great news because SIP is an important security feature of macOS. Even though we only disable it temporarily, it would be much better if we didn’t have to do it at all. You can find new instructions on Page 3.

We’ve shared plenty of tips on how to delete Facebook, remove third-party apps, control privacy settings, and delete bulk content. But what if you want to go even further? It turns out we can, and we can block Facebook completely by editing the hosts file.

In this guide we’ll be adding Facebook-owned domains to the hosts file, which will block them from our system. This is important because even if you deleted your Facebook account, Facebook can still track you around the web like Google does via its advertising platform.

So only go through with this guide if you deleted your Facebook account and want nothing more to do with it. This is basically the scorched earth nuclear option. The list of Facebook domains includes WhatsApp, Instagram, and of course Messenger. If you still plan to use those services, you can opt to remove them from the list we’ll be adding to the hosts file.

What is Hosts?

The hosts file is a system-level file that maps IP addresses to host names. Think of it as a local DNS system. You can edit the file to point domains to a different IP address, or block domains altogether. The latter is what we’re aiming for here.

You can edit the hosts file with Terminal or using TextEdit. For our purposes it’s easier to use TextEdit because editing the hosts file requires that we temporarily disable System Integrity Protection (SIP) a feature that Apple added in modern macOS.

Image of the hosts file, which can be used to block Facebook completely.

Disabling SIP

First, we’ll check to see if we need to disable SIP at all, although we’ll probably have to. Open Terminal and type or copy/paste the following command:

sudo open -a TextEdit /etc/hosts

Type your password when prompted. This will automatically open TextEdit with the hosts file. If you see the word “Locked” at the top, that means we need to disable SIP. But don’t worry, we can turn it back on once we’re done.

Disabling SIP requires that we reboot the Mac and enter Recovery Mode. Before you do this, if your iPhone is handy, type the following commands into Notes or somewhere else so you don’t forget.

Using a Terminal command to edit the hosts file to block Facebook completely.

Restart your Mac by click the Apple () icon in the menu bar > Restart. After you hear the startup chime, quickly hold down the buttons Command + R at the same time.

Now we’re in Recovery Mode. At the top of the screen, click Utilities > Terminal. Type the following command and then hit Enter (Return):

csrutil disable; reboot

A message will appear saying that System Integrity Protection is disabled, and the Mac will reboot.

Next Page: Facebook Domain List and Editing Hosts

4 Comments Add a comment

  1. Frank V

    I use this exact system to block Facebook and other trackers. The host list I have is much longer, but my system is fast enough to prevent delays when browsing.

    I used this a couple of years, but then my sister moved abroad and started to share information about her new life through Facebook. I started thinking how can I have my cake and eat it. At first I used a script that swapped my host file full of domains to be blocked for one with none in it. This didn’t work well, because i had to reboot to use the changed host file. Then I started thinking about VPN’s, but that was not practical either. Because then my DNS queries would still go through my host file first.

    My solution was keeping my host file full with blocked domains for normal surfing with Safari and all the other normal things I do with a computer. Now when I want to visit Facebook or Instagram, I fire up the Opera browser. This browser has a build in VPN and for DNS queries it bypasses my host file. Because of this I have no problem visiting Facebook with the Opera browser. When I’m done I close the Opera browser. I only use that browser for this purpose. So I’m only tracked for the things I do in Facebook, the rest of the time I’m not. Even when I’m on Facebook, my normal Internet traffic is blocking trackers, because it doesn’t go through the VPN.

  2. dougbromac

    I went into Recover Mode and disabled SIP.
    After reboot, in Terminal the csrutil status shows disabled.
    I open the /etc/hosts file in TextEdit and it shows Locked.
    Any tips?
    Mac OS 10.13.3

    • dougbromac

      Moving onward, I tried using Nano in Terminal and that worked to edit the hosts file. Also simpler and quicker.

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account