There are potential issues with web site functionality, ethics, and breaking your OS if you follow the below steps. Your Mileage May Vary. If you break something or find yourself in existential anguish over the moral implications of this recipe (see Ethics, &c. below), they are totally on you.
I take a "defense in-depth" approach to security. While I use ad blocking add-ons in my web browsers and often use text-only browsers to reduce the attack surface, they don't help for other apps. Here is how I keep my hosts file updated for another layer of ad blocking on my hosts.
First, we need to get the latest version of an ad blocking hosts file. I get mine from winhelp2002.mvps.org.
cd ~/Downloads
wget http://winhelp2002.mvps.org/hosts.txt
Then we need to calculate the difference between the system's current hosts file and the one we downloaded.
diff -ud /etc/hosts hosts.txt > hosts.patch
Let's back up the hosts file including permissions in case we make an error.
sudo cp -p /etc/hosts hosts.bak
Next, we apply the patch to the hosts file as root.
sudo patch -b /etc/hosts hosts.patch
Finally, we need to refresh the DNS cache to reflect the changes.
sudo killall -HUP mDNSResponder && echo macOS DNS Cache Reset
If you find something is wrong with your host or your soul, you can revert the change.
sudo cp -p ~/Downloads/hosts.bak /etc/hosts
… and then re-execute the DNS cache refresh command just above.
For Windows hosts, download the hosts.zip file from the above link. It includes a batch file to automate the process.
For GNU/Linux, BSD, and Unix hosts something similar to the macOS instructions will work for you.
Many will argue that this type of system-wide ad blocking is unethical up to and including theft. This is a valid argument. However, I do subscribe to the sites and services I value the most, such as the New York Times & Japan Times for home delivery(!), magazines like the Atlantic, and websites like the Brooks Review.
There are security risks, privacy concerns, and system performance issues that are equally valid. And some ads (auto-playing videos, anyone?) consume an inordinate amount of bandwidth at additional cost to me when I am on a metered network. These tip the scales toward blocking, in my humble opinion.
Once ad networks and the sites that use them prove their commitment to effective security practices, exhibit proper security hygiene, and respect users' privacy by default I will reconsider my approach.
Please feel free to comment constructively. Don't be evil.
Also on: