Stuff a Pi-hole in your router because your browser is about to betray you

Yes, or — if you&#x27;re lazy like I am, and don&#x27;t want to manage another device or container — use something like NextDNS, which has a very generous free plan and an extremely inexpensive yearly plan. Control D is a popular alternative with similar plans.<p>In the last 3 months, NextDNS has blocked nearly 9% of 10M DNS queries from devices in my household with no ill effects that I&#x27;m aware of. (I&#x27;m not affiliated with NextDNS in any way, other than as a satisfied paying customer.)

An alternative option for those already running an OpenWRT router - whether that be on dedicated hardware (usually a reflashed commercial wifi access point + router) or as a virtual router (e.g. running in a container or VM, this is how I use it) - is to use the Adblock package and configure it to force local DNS (<i>Redirect all DNS queries from specified zones to the local DNS resolver, applies to UDP and TCP protocol</i>). This partly works but it is not effective against applications (e.g. TikTok) and devices (e.g. &#x27;smart&#x27; televisions) using DoH (DNS over HTTPS) since that traffic is indistinguishable from normal web traffic without deep packet inspection. I have tried to run ipset-based blocklists to force such applications and devices to use &#x27;normal&#x27; DNS but this is not really feasible as DoH servers can be hosted just about anywhere.

Unfortunately, moving to DNS blocking could only be a brief refuge before the creeping anti-adblock efforts target it as well.<p>Adtech and the web are identifiable by mostly unique domains, but what if that could be hidden? What if the adtech industry builds and pushes a reverse proxy tech of sorts for page content <i>inside the page</i> where the web server goes and loads 3rd party content for the page render before sending it you? The theoretical result could make every request looks like it comes from the domain you requested and there&#x27;s nothing to discriminate on when it comes to DNS requests.<p>Unrealistic? Today, maybe. Wait until DNS ad blocking goes mainstream, Manifestv2 addons are long since stamped out and Manifestv3 addons are proven to be gutted and defeated. If click-through rates are noticeably higher with some kind of anti-dnsblocking proxy, we&#x27;ll probably see proxies everywhere. What we&#x27;d do then for ad-block is beyond me.

Note that when I tried PiHole years ago, travel&#x2F;flight-booking sites frequently required exemptions in order to operate. Not sure if the filtering is finer grained now, but it is not entirely a risk free proposition to set this up for an entire household.

My Chrome browser has just announced that uBlock Origin was turned off as it&#x27;s no longer supported. Time to install another browser. Edit: actually uBlock Origin Lite has been recommended as an alternative.

Both Pi-Hole and AdGuardHome are good; I&#x27;ve used both and settled on AdGuardHome as I&#x27;ve found it to be slightly faster to resolve (with the same Quad9 upstream for both).

This is infuriating. &quot;This browser is shit, so here&#x27;s how to install a program that makes this browser tolerable&quot;.<p>No! Stop using Chrome! There are other browsers you could (and should) use instead!

Do you think Google is going to let you get away with this? pahahaha. Nope.<p>The next thing they&#x27;ll do is to claim that DNS over TLS (probably port 443 mind you) is mandatory.<p>On a side note, Safari&#x27;s latest version seems to do this, and there&#x27;s no way I can figure out how to disable the behavior.<p>Per usual, they&#x27;ll claim is &quot;for safety&quot;, but the real motive is to kneecap extremely useful tools like PiHole.

It&#x27;s a bit ironic that the article is all about blocking ads whilst essentially being an ad for pihole.

Why is PiHole even mentioned as alternative to UbO? It is not a comparable thing! There is SO MUCH stuff you cannot do without access to the page contents. cookies. tracking parameters. &quot;pixels&quot;. javascript. etc etc

Pi-hole shouldn&#x27;t be recommended anymore. The recent breaking change pretty much broke everyone&#x27;s instances and also the downstream projects which has a plugin for pi-hole. Plus, pi-hole has very less configurable options and it&#x27;s nothing more than a giant wrapper of dnsmasq. Instead, AdGuard Home seems to be more reliable and can be highly configurable with options to separate the DNS resolvers based on groups