Remove almost all online garbage using Dnsmasq

<p><pre><code> General policies * Should not break useful websites or apps * Blocks tracking servers * Blocks advertising servers * Blocks analytics servers * Blocks fake websites * Blocks malware servers * Blocks webminers </code></pre> A. &quot;useful websites or apps&quot;<p>B. &quot;tracking servers&quot; &quot;advertising servers&quot; &quot;analytics servers&quot; &quot;fake websites&quot; &quot;malware servers&quot; &quot;webminers&quot;<p>If B is larger than A, then a whitelist for A is easier to maintain than a blocklist for B.<p>Following this logic is not for everybody, much depends on the user&#x27;s particular web&#x2F;app usage, but it has worked for me.<p>It forces an otherwise naive user like me to get to know the &quot;useful websites&quot; and &quot;apps&quot; better, e.g., to be aware of the domains and any third party resources they are using. Some are much more dynamic than others. Thus, some may require constant attention where others may only require an upfront, one-time sunk cost of my time.<p>Whereas reading through continually updated &quot;blocklists&quot;, lists of servers that purportedly have nothing to offer me, is not something I want to be forced to spend time doing. How can we know that the people making the blocklists are not in collusion with the people behind the servers listed in B. At some point, we will be forced to look at what is listed in the blocklists.<p>I would rather spend that time on a personalised whitelist.

The problem with things like this is it&#x27;s hard to disable on a case-by-case basis. I enabled something similar in a VPN and found that certain redirecting tracking links from emails were blocked. Ok great, they don&#x27;t know that I clicked on the link, but also I <i>don&#x27;t know what the link led to, since it was blocked</i>, and it was something I actually wanted to go to.

If tunneled DNS becomes prevalent, these hostname&#x2F;domain approaches won&#x27;t work. So it&#x27;ll come down to blocking at IP level. And that will likely be harder.

What would be the pro&#x27;s and con&#x27;s of using this vs. uBlock Origin and Privacy Badger, assuming somebody like me browsing on the desktop with Firefox?

I&#x27;ve been using privoxy forever, along with 255.255.255.255 entries in &#x2F;etc&#x2F;hosts for domains I want to block.<p>Not sure what using dnsmasq would buy me over this setup.

&gt; DNS over HTTPS will prevent clients in your network from using the default local DNS services.<p>Relevant: Windows will improve user privacy with DNS over HTTPS<p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=21562295" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=21562295</a>

What’s the difference to pihole?

At this point I wonder if a whitelist approach might be better for accessing the web. Does anyone know of any solutions for that?

see pihole

Why dnsmasq?<p>Why not unbound&#x2F;bind&#x2F;etc?

You’re better off using a DoH client like unbound and pointing it at a nextdns.io upstream.<p>dnsmasq simply isn’t very good.