DNS-based tracker blocking vs local app-based tracker blocking,
DNS-based tracker blocking vs local app-based tracker blocking,
cross-posted from: https://kerala.party/post/347631
which is more effective, useful, and efficient?
Ideally you'd use both. Something like a pihole to serve as a first wall of defense for the entire network, and then additional things like uBlock Origin for any device with a browser that supports it, for some more granular control.
I'm the kind of person who also uses the hosts file from DivestOS on my PC, because why not. Always fun to see how the pihole doesn't have to block anything on that device because of this.
On that note, Safings' Portmaster is a nice app if you want to have a graphical overview of what's going on on a device.
45Ideally you'd use both. Something like a pihole to serve as a first wall of defense for the entire network, and then additional things like uBlock Origin for any device with a browser that supports it, for some more granular control.
This is how I keep my home setup.
The pihole has a fairly loose blocking setup because some people in the house need access to things that would normally get blocked and I'm not spending weeks unblocking specific things until everyone is happy.
Behind the pihole everyone has their own suite of browser extensions and software to block what they would like at a much more personal level.
8Funny (to me) story when I ran pi-hole in a house with housemates (all friends): I bought an rpi zero and installed pi-hole on it. I notified all housemates that I would be installing an adblocker on the network so if anyone has any problems with sites not working to just let me know.
Years go by and finally the rpi zero dies which makes the internet inaccessible as the router was pointing to it. I reconfigure the network back to default in the meantime. I didn't have time to update everyone before one of my housemates made a funny comment.
He mentions that the internet is working again! And something else, he's now able to click on Google search result ads!
Because I don't use Google search I never realised Google ads links were being blocked, and even if I did I wouldn't have realised how common it is for people to rely on the ads!
After some discussion with this housemate he confessed he actually likes seeing ads as it could show him stuff he wants to buy. Needless to say I didn't bother putting pi-hole back on the network.
8I'm not too annoyed by whitelisting certain things, doesn't happen all too often for our household. So my pihole is fairly strict already, with over one million domains blocked.
Because honestly, I love my familiy, but I can't trust them to block the right things, and I want them to be as safe and unbothered by ads as possible.
5
Well DNS based blocking has its problems mainly devices bypassing your network defined DNS with some encrypted DNS(DoT,DoH) or using hardcoded custom DNS servers.
16A. Device part of a business infrastructure:
Just don't change anything; those policy are there for a reason!B. Consumer device:
1/ If we're talking about proprietary hardware/software forcing your network to use a specific DNS, then you need to provide more details because you should be able to change it.2/ There is also the case for a malware:
A fresh start is preferable.
Disinfect the system while offline, then back up the needed files.
Reinstall the system on a new/old formatted drive.
With the exception of taking your privacy/security seriously this time.4Sounds like you shouldn't use those devices. I go for custom software personally so I can control the device itself
3
Why do one? Both work in their own way.
9What is local app based tracker blocking ? Like ublock origin?
7On Android, DuckDuckGo provide an app called App Tracking Protection which blocks everything trying to track you/phone home via the apps you've got installed. Drawbacks are you that you can't run a VPN client at the same time.
4Internally these types of apps are using DNS based blocking similar to this app https://f-droid.org/packages/dnsfilter.android/
4Install nextdns on your router and unlock origin on your browser.
1
Permanently Deleted
-1The way Adaway works is similar to DNS blocking, it modifies the system hosts file which is like a local DNS. I would divide ad blockers into name resolution based (Pihole, Adguard, Adaway) and client side filters (Ublock origin etc).
1
Firefox with Ublock Origin, Router forwarded DNS over TLS to NextDNS. Plus firewall rules to forward all DNS from LAN to the router, on mobile same browser and using Android native DNS over TLS forward to NextDNS
6Honestly I use both on my phone via RethinkDNS, which also can act as a firewall.
5How does it compare to NextDNS? i've never heard of it but it looks good!
3
For me its a moot point - my ISP doesn't allow altering DNS on my router so I just installed Mullvad on all my devices and use their DNS.
4I'm trying to find the article but it looks like just a question?
Local lets you customize what you want to block, which lists to subscribe to and quickly change settings or disable blocking which is useful for troubleshooting when something doesn't load. However local apps (I'm talking smartphone apps) can be blocked or routing https traffic through those apps can be refused by the apps you are filtering.
DNS filtering will let you filter all your devices at once but I don't think you have much control over what's exactly being blocked and it's less convenient to pause filtering (switch DNS).
If you're talking about tracker blocking on PC rather than mobile then it's a no brainer - use uBlock Origin addon your browser and you're golden.
3open source proxy / DNS blocker don't (or shouldn't) have commercial agendas & obligations that commercial OS & Browsers may impose.
1DNS based blocking never works for me.
0Permanently Deleted
2