this post was submitted on 18 Apr 2024
120 points (97.6% liked)

Privacy

32465 readers
502 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
120
My experiences with Pi-hole (scribe.disroot.org)
submitted 8 months ago* (last edited 8 months ago) by [email protected] to c/[email protected]
 

Pi-hole has helped improve my "relationship" with Firefox, or better phrased with Firefox forks like LibreWolf and Tor browser. Cool thing with Pi-hole is that you can watch the query log and see what happened in the background while you were surfing the Internet. I learned that :

  • After removing the sponsored shortcuts in Firefox and putting your own shortcuts there Firefox will make connections each time you start the browser. So, if you would have icons on your quick start page in Firefox for let's say EFF, Lemmy, Mastodon, HackerNews, with each Firefox start up, it would query these sites. which I didn't like so much. Since then I've gone back to a complete blank start page, removing search and all those quick start icons, using just toolbar folders with bookmarks.

  • Pi-hole defaults to blocking telemetry for Firefox and Thunderbird.

  • Signal uses Google servers I saw via Pi-hole. I thought that they were using Amazon servers, but looking at Wikipedia for the history of Signal hosting I learned that Signal went back to Google for hosting.

  • Firefox push notification services are hosted on Google servers. LibreWolf removes a lot of Google things that Firefox has by default, but not the push parts. With Pi-hole it is very easy to block that.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] -4 points 8 months ago (3 children)

Pi-hole is OK, but for good measure it's easy to set up a "hosts" file that blocks all that stuff locally. You can use your findings from Pi-hole. On Linux you just pop your entries in /etc/hosts, or other OS equivalent. Here are some curated lists. For Mozilla telemetry - https://github.com/MrRawes/firefox-hosts/blob/firefox-hosts/hosts Massive list for everything - https://github.com/StevenBlack/hosts

[–] [email protected] 17 points 8 months ago (2 children)

That's for one device.

Where does a smart TV keep it's hosts file? IPhone? Android?

DNS (PiHole) works for all devices on your network, which I'd argue is better than a hosts file.

[–] [email protected] 2 points 8 months ago (1 children)

That’s for one network. That’s why I switched to Next DNS and have protection at home and everywhere else.

[–] [email protected] 3 points 8 months ago

I ran PiHole for years. It started as a way to block ads but then also a way to block games and YouTube for my kids so they get a break. I had to manually control this though. I switched to NextDNS last year because this can be done on a schedule and they can't get around it such as swapping to mobile data on their phones.

In the house though I run AdGuard because there's no way differentiate traffic for each of my kids NextDNS profiles. With AdGuard it can proxy DNS requests to take traffic from the TV in their bedroom and convert it to DNS over TLS so the traffic hits the correct profile. I don't use AdGuard for anything else. It does not filter anything. It's purely to make sure traffic hits the correct NextDNS profile.

[–] [email protected] -2 points 8 months ago (1 children)
[–] [email protected] 11 points 8 months ago (2 children)

Why maintain the same thing in multiple places? If the pi-hole is blocking it, the pi-hole is blocking it. What added value is there in also maintaining the hosts file?

[–] [email protected] 2 points 8 months ago

On mobile or on networks with a bigger load on the DNS server it could make sense to make things faster, but otherwise a pihole is fine I think. If the pihole is not working as it should, that should be found out and fixed ASAP.

[–] [email protected] 1 points 8 months ago (1 children)

The amount of times I've seen people request help because Pi-hole was not blocking/functioning properly, well a hosts file just ensures nothing leaves that you want blocked. Besides, you may have different machines set up to be strict or permissive depending on their use case.

[–] [email protected] 5 points 8 months ago

With Pihole you can restrict or be permissive with different devices, based on MAC or IP address.

[–] [email protected] 6 points 8 months ago

DNS services with blocks lists such as Pi-Hole, AdGuard, NextDNS, etc, provide a centralized config file for all devices on a network, so you only configure once, collect statistics, have built in block lists that can be easily modified and updated either automatically or manually and are fast.

Using large lists in a host file will slow local resolution. It wasn't designed for this use case as it's acting a flat file database with a limited amount of RAM allocated for the process and will get slower the longer the list. While this latency won't be noticeable in the thousands of lines, once you start hitting hundreds of thousand or millions of entries it will start to crawl.

Hosts file are also unable to RegEx or Wildcard entries which means you would have to duplicated lots of variations in domains...

I mean I can also statically assign IPs to ever client and keep a spreadsheet, but why don't I just use DHCP?

[–] [email protected] 1 points 8 months ago (1 children)

That is pretty cool for folks that want a quick and easy way to block ads.

[–] [email protected] 1 points 8 months ago

Absolutely. These lists are created by server admins who collect what the firewall rejects, much like you see with the Pi-hole. They'll automatically block some ads and many threats too. Another tip if you're using Librewolf, Mullvad browser or Firefox with uBlock, enable more of the filter lists.