Privacy

31833 readers

83 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

121

My experiences with Pi-hole (scribe.disroot.org)

submitted 6 months ago* (last edited 6 months ago) by duikbrilletje@scribe.disroot.org to c/privacy@lemmy.ml

57 comments fedilink hide all child comments

Pi-hole has helped improve my "relationship" with Firefox, or better phrased with Firefox forks like LibreWolf and Tor browser. Cool thing with Pi-hole is that you can watch the query log and see what happened in the background while you were surfing the Internet. I learned that :

After removing the sponsored shortcuts in Firefox and putting your own shortcuts there Firefox will make connections each time you start the browser. So, if you would have icons on your quick start page in Firefox for let's say EFF, Lemmy, Mastodon, HackerNews, with each Firefox start up, it would query these sites. which I didn't like so much. Since then I've gone back to a complete blank start page, removing search and all those quick start icons, using just toolbar folders with bookmarks.
Pi-hole defaults to blocking telemetry for Firefox and Thunderbird.
Signal uses Google servers I saw via Pi-hole. I thought that they were using Amazon servers, but looking at Wikipedia for the history of Signal hosting I learned that Signal went back to Google for hosting.
Firefox push notification services are hosted on Google servers. LibreWolf removes a lot of Google things that Firefox has by default, but not the push parts. With Pi-hole it is very easy to block that.

you are viewing a single comment's thread
view the rest of the comments

[–] retrogirl@lemmings.world -4 points 6 months ago (3 children)

Pi-hole is OK, but for good measure it's easy to set up a "hosts" file that blocks all that stuff locally. You can use your findings from Pi-hole. On Linux you just pop your entries in /etc/hosts, or other OS equivalent. Here are some curated lists. For Mozilla telemetry - https://github.com/MrRawes/firefox-hosts/blob/firefox-hosts/hosts Massive list for everything - https://github.com/StevenBlack/hosts

[–] BearOfaTime@lemm.ee 17 points 6 months ago (2 children)

That's for one device.

Where does a smart TV keep it's hosts file? IPhone? Android?

DNS (PiHole) works for all devices on your network, which I'd argue is better than a hosts file.

[–] suction@lemmy.world 2 points 6 months ago (1 children)

That’s for one network. That’s why I switched to Next DNS and have protection at home and everywhere else.

[–] Swarfega@lemm.ee 3 points 6 months ago

I ran PiHole for years. It started as a way to block ads but then also a way to block games and YouTube for my kids so they get a break. I had to manually control this though. I switched to NextDNS last year because this can be done on a schedule and they can't get around it such as swapping to mobile data on their phones.

In the house though I run AdGuard because there's no way differentiate traffic for each of my kids NextDNS profiles. With AdGuard it can proxy DNS requests to take traffic from the TV in their bedroom and convert it to DNS over TLS so the traffic hits the correct profile. I don't use AdGuard for anything else. It does not filter anything. It's purely to make sure traffic hits the correct NextDNS profile.

[–] retrogirl@lemmings.world -2 points 6 months ago (1 children)

Use both.

[–] null@slrpnk.net 11 points 6 months ago (2 children)

Why maintain the same thing in multiple places? If the pi-hole is blocking it, the pi-hole is blocking it. What added value is there in also maintaining the hosts file?

[–] ReversalHatchery@beehaw.org 2 points 6 months ago

On mobile or on networks with a bigger load on the DNS server it could make sense to make things faster, but otherwise a pihole is fine I think. If the pihole is not working as it should, that should be found out and fixed ASAP.

[–] retrogirl@lemmings.world 1 points 6 months ago (1 children)

The amount of times I've seen people request help because Pi-hole was not blocking/functioning properly, well a hosts file just ensures nothing leaves that you want blocked. Besides, you may have different machines set up to be strict or permissive depending on their use case.

[–] scott@lem.free.as 5 points 6 months ago

With Pihole you can restrict or be permissive with different devices, based on MAC or IP address.

[–] oxomoxo@lemmy.world 6 points 6 months ago

DNS services with blocks lists such as Pi-Hole, AdGuard, NextDNS, etc, provide a centralized config file for all devices on a network, so you only configure once, collect statistics, have built in block lists that can be easily modified and updated either automatically or manually and are fast.

Using large lists in a host file will slow local resolution. It wasn't designed for this use case as it's acting a flat file database with a limited amount of RAM allocated for the process and will get slower the longer the list. While this latency won't be noticeable in the thousands of lines, once you start hitting hundreds of thousand or millions of entries it will start to crawl.

Hosts file are also unable to RegEx or Wildcard entries which means you would have to duplicated lots of variations in domains...

I mean I can also statically assign IPs to ever client and keep a spreadsheet, but why don't I just use DHCP?

[–] duikbrilletje@scribe.disroot.org 1 points 6 months ago (1 children)

That is pretty cool for folks that want a quick and easy way to block ads.

[–] retrogirl@lemmings.world 1 points 6 months ago

Absolutely. These lists are created by server admins who collect what the firewall rejects, much like you see with the Pi-hole. They'll automatically block some ads and many threats too. Another tip if you're using Librewolf, Mullvad browser or Firefox with uBlock, enable more of the filter lists.