Setting up a pi-hole DNS server for my wifi network was one of the best decisions I've ever made. Horrifying to see what percentage of traffic is on the ad server blacklist though...
I wasn't aware that my Samsung Smart TV had been logging almost my every action on the TV until I set up a PiHole server. Also, my respect for Apple grew by the fact that only device that wasn't doing loads of telemetry turned out to be my Macbook in the whole household.
Yes!! I was so grossed out by all the logs from my Smart TV. I'm embarrassed to say that I worked in ad tech (as an engineer) for years but I still didn't fully comprehend how pervasive that kind of tracking is in literally every environment.
> Also, my respect for Apple grew by the fact that only device that wasn't doing loads of telemetry turned out to be my Macbook in the whole household
Turns out that modern electronic devices are expensive. If you are not charged up-front, there's a good chance that you are being charged in some other way.
Apple devices still contact the mothership nonstop even with telemetry disabled, for a bunch of different reasons, even if you don’t use any iCloud or Apple services. Don’t be fooled by the DNS logs.
I wanted to do that, but I had a look at Pi Hole and ran away screaming. Instead of proper packaging, they have a 3000 line install script they want you to pipe into Bash.
I went a saner route, and used dnsmasq and a blocklist[1] updated nightly via cron. Dnsmasq in turn queries Stubby that talks to uncensoreddns.org via DNS-over-TLS. Boom, DoT on my entire LAN.
They acknowledge that piping to bash is controversial in their install guide and they provide other options for installation. I think they were intending for it to be as accessible as possible to non-technical users and piping to bash was the easiest way to make installation a one-line command that requires zero additional knowledge and still works on the tiny raspberry pi zero w. I can't say I agree with it as a general practice but it wasn't enough to turn me off since their software takes like 15 minutes to set up, provides a nice monitoring dashboard, and runs on the raspberry pi I'd relegated to my junk drawer. Your route may be saner to you but it certainly isn't for a lot of people who tinker with raspberry pi and want something like pi-hole but don't have extensive technical knowledge (I am not one of those people I am just a lazy engineer so it works for me too).
Would you feel better with a 3000 line install script inside a package? Or maybe you would prefer the same 3000 lines of code nicely compiled in a single binary?
I'd feel better if the install process didn't rely on manipulating the system package manager using janky scripts. That's a very poor way of handling dependencies, not to mention it's difficult to port.
My assumption here was that you didn’t like some rando script running on your machine with escalated permissions.
I figured running it in a sandbox in a rocker container would be safer to you. Also, it’s easier to get up and running, though more difficult to update.
My favorite one continues to see the 1000+ dns requests that my Philips Hue lights send after disabling diagnostics on them. It was the same beforehand :)
Hah, what a strange dystopia we live in where it's impossible to stop your LIGHTBULBS from tracking you via the internet!! I'm a total curmudgeon about smart home stuff, I don't want any of it beyond a TV in my house if I can help it. It freaks me out seeing people with no technical knowledge outfit their entire home with Nest/Ring/Google Home/Echo/Phillips Hue and even smart refrigerators, while they know virtually nothing about how much privacy they've just relinquished to these companies and they don't have the technical skills to even attempt to mitigate it. I feel like a paranoid doctor who's starting to notice the damage done by cigarettes while the general public is still blissfully puffing away...
You are not alone. It's pretty heartbreaking to see how so many promising products are really surveillance nightmares. I've noped right out of using some nice-but-not-necessary features on some things, because their app wants location access, contact lists, or other things they have no business accessing. WTF?!
I was going to do this, but you can usually just change the DNS and add a hosts file to your router assuming it can run firmware that allows it (like tomato or ddwrt). It seemed pointless to try since the charts work for http and everything is https now.
I didn't setup specs for traffic but the setup I use is much lighter. Just wanted to suggest this for anyone who might want to block on their home network. I also use it as a NAS with USB3.0 to SATA with An SSD.
You can set up DNS over https with pi-hole btw, I did that for mine. It's definitely not the only way to achieve this kind of ad blocking but if you're like me and have several old raspberry pi's laying around from abandoned projects then it's a nice way to put one to good use.
