How I like my pi

Edit:
Panel 3: PiHole + uBlock Origin
Panel 4: PiHole + uBlock Origin and recurring donations to pay creators

88 comments

Pi-hole won't block Youtube ads. uBlock Origin does.
- Is there any router side solutions for YouTube adds? I want to block for my family, but they don't see the point.
  
  Nope. Youtube ads are served from the same domains as the videos so there is nothing you can to to block them via DNS. Your best bet is just installing Ublock for them. Now a days an ad blocker is a security necessity anyways.
  
  You have to set up a proxy.
  Even for those who are technical enough to set up a pihole, it's annoying to set up a proxy and some apps simply won't work with it.

Pihole is a great project, but it is objectively less capable than uBlock Origin.
That is not a criticism of the software. It is just a fundamental fact that DNS based adblockers are less powerful, and less granular/precise than Browser based adblockers.
They do work well in combination though (the DNS level adblockers gives you moderately effective network wide blocking, and uBlock Origin gives you exceptional blocking but is limited to the browser.
- I'm not technical enough, but why can't pihole do as much as ublock? It's at the router level before anything gets to the browser, it has all the same info the browser will eventually get.
  Shouldn't it be theoretically possible to do the same?
  
  It's at the router level
  It’s a DNS server and does not have the same capabilities as the router
  It has all the same info the browser will eventually get.
  It does not. Not just because of the previous reason but also because most traffic is encrypted nowadays (https) which means that even the router can’t read/modify the traffic to the device.
  Another issue is that some things blocked by uBlock are hard to detect with static analysis in comparison to reading the rendered HTML.
  
  pihole does not deceypt https traffic, so it cant change dom. even if it could, it can't modify stuff added by js.
  also it can only block whole domains, not individual urls
  
  uBlock has direct access to the DOM and so can modify what the browser renders. For example, YouTube ads are hosted on the same domains as their videos and so PiHole cannot block them, but uBlock can.
- At least from using both, I feel like pihole kinda sucks. It's rather limited and breaks a lot of stuff.
  
  I’m using both uBlock and Pi-Hole and I have to say that Pi-Hole is great. The monitoring features are pretty good and the ad blocking that it offers is, although way less than uBlock, still way better than none at all. It blocks most ads from the random apps I have installed on my phone and a surprising amount of trackers that are sent through my network. It also acts as a pretty good fallback if whatever I’m using physically cannot use a browser like an app or an embedded system.
  For me personally I also like to use Pi-Hole for network wide site filtering. If I find a website that’s really sketchy or obviously a scam or trying to make you download malware, I just add it to my blacklist.
  Of course each serves its own purposes and it won’t always be useful for everyone. I personally find the tools that it offers has a lot of benefit for what I do.
  TLDR; The ad blocking, although way less than uBlock, is more than enough to act as a basic ad blocker. Not to mention the monitoring tools are an added bonus. It also acts as a great fallback if something I’m using physically can’t make use of uBlock.
  
  UBlock is awesome. Pihole only really breaks if you add too many or too aggressive blocklists. The main benefit of pihole is you can block ads and trackers from any device on your network. I find the biggest offenders to be smart devices.

Pihole and uBlock Origin have different purposes. Pihole blocks ad domains network-wide. uBlock Origin can remove specific elements from specific webpages with surgical precision regardless of the domain the content is served from, so it is a much more precise wide-spectrum content blocker.
In other words, uBlock Origin can block basically everything, but only works in your browser. Pihole blocks fewer things and less precisely but works for all your devices.
- Thank you, this clears it up really well!

pihole is not a replacement for ublock
- Use both together!
  
  Is pi hole any better than using adguard DNS?
- Thanks for catching that. I have updated the description.

pfsense with blockerng anyone?
- This sounds like something I should look into. I already run pfsense and wanted to look into a pihole, but if I can do it all in pfsense that'll work out even better. Thanks!
  
  There are a lot of public DNS that do the stuff pihole does.
  
  I’d recommend it, not very hard to setup and there’s tons of guides online if you need help
- Opnsense with unbound dns for me

This might be a good place to ask this. I was messing around with my Asus router setting last night and noticed that it had Ad Guard, which works similarly to PiHole with DNS. To test it I went to Reddit and saw ads still. Is Ad Guard not as effective as PiHole or Reddit ads are DOM based?
- As a rule of thumb, I expect that Asus as a business only cares about adbock from two angles:
  A feature to slap on the box for advertising.
  A B2B feature for helping business management make workers more productive.
  To the first, there's little incentive to ever update the lists after you've bought the device, so it's quickly outdated. To the second, it's like to be far more optimized for Amazon or Newegg, then for Reddit. Between the two, I don't generally expect them to hold a candle to pi-hole and similar software.
- You need to flush your local DNS cache after turning that on for it to be 100% effective.

Creators put up blinking pop-up windows asking for more donations
Fuck...
- Watch better creators that don't use their fans as a bank account

Adding to the existing comments, there is also invidious which doesn't bombard you with adds and if you have a homeserver you can easily host an instance (acts like a frontend to youtube)

I use Portmaster instead of Pi-Hole

Detail
https://safing.io/blog/2021/12/09/portmaster-vs-pi-hole/
- Portmaster is great, but a network-wide solution like pihole that covers other devices too is invaluable imo
  
  Yes, I know, but my whole network is my Laptop and because of this, I prefer to be able to block individual app conections, not possible with Pi Hole, in which only exist all or nothing.

Does anyone have a link for how to set up a pihole that a dumb dumb like me could understand?
- If you are not so fit in this questions is better to install Portmaster, its downloading and run it, not much more to do (blocking or give permissions to connecting to the network to your apps. Maybe sellecting an DNS which fits your needs in the settings. It's way easier to handle than Pi Hole. It even has an SPN (its like a VPN on steroids), but its an paid option.
  
  May you recover from your stroke quickly.
- Honestly don't bother. Ublock is better at blocking ads. Pihole is for devices on your network that can't use conventional ad blockers and is less effective.

PiHole doesn’t work with VPNs, does it?
- Yes, its a DNS server. You can set up your device to use whatever DNS server you choose, including pihole.
  I've got my VPN connected with pihole as the default DNS server so it works on my phone when I'm not at home.
- Yep it does, most VPN software lets you configure the DNS server to be your pihole.
  If you care about the privacy of your DNS requests, tunnel the pihole through a VPN too
- No because VPNs route your traffic through an encrypted tunnel. But PiHole can filter traffic on any device on your network regardless of whether or not you can install a plugin.

I wonder what number of cents a month is more than what content creators get from youtube or their other sites (sans donation platforms like Patreon).
It could be interesting to set aside like $5 a month to have dividends of that go out to people you actively utilize.
- At least for platforms like YouTube, creators are making $0 unless they have a ton of watch ours and subscribers and can be monetized.

Forgot unbound
- Most install guides include pihole with Unbound DNS but running your own DNS server is not a requirement for ad and tracker blocking.

ADS?
- Ads, as in the stuff that is blocked by ublock and pihole.
  
  Damm i read ABP ... and was confused. Yeh sure ads are smoll brain! (Same as ABP)

If the router provided by my isp won't allow me to change the dns server, is there a workaround for having to set the local dns server on each device that doesn't involve getting a new router?
- Use the pi or whatever little computer that's presumably hosting the pi-hole software to also be a DHCP server (and turn off the DHCP server on ISP's router). It can then advertise itself as the DNS server.
  
  That's a great idea! I will try it tomorrow, thank you.
  Edit: Worked nicely :)
- Most cable modem router combos have the ability to turn off the router part and just act as a modem in Bridge mode. If that's an option, you can get your own router to handle local traffic, including dhcp (and thus dns) for all your local devices.
  Obviously, this goes against your request not to get your own router, but I thought I'd mention it in case you thought you would have to buy your own modem as well (which you are also free to do, assuming your isp supports customer-owned modems). The modem part can stay the same while having a separate router not controlled by the isp.
  If your particular unit doesn't allow that, you can usually still locally override dns settings, though this is more for computers and phones than it is some smart home devices. iPhone and Android phones will let you specify dns ip addresses when you set up a wifi connection. Just edit the wifi config and change to a static ip. You can usually safely use the ip address given to you from dhcp, so make a note of your device ip address before changing it to static, and just use the same values. Then you can manually set the dns ip address.
  
  Or you could just switch DHCP over to the Pi-hole. Most ISP routers support turning off DHCP even if you can't change their DNS.
- You can use a second router and pass through the WAN. It’s a bit complicated to explain in a comment, but it’s also not too difficult. Is your ISP ATT?

Does anyone know if firewalls like OPNSense can do IPS for ads and tracking instead of "normal" intrusions like malware?

NextDNS & a VPN should be in there somewhere.
- NextDNS and pihole serve the same purpose and are redundant. Personally I prefer NextDNS but it wouldn’t make sense in ops meme

I've ran Pihole for years but switched to NextDNS. It gives me more control over my kids access.
For example scheduled access to YouTube and Roblox. Also, since it's a public service it means I can block them regardless of network. So for example when we are on holiday. My eldest worked out he could use network data on his phone to avoid the Pihole.
Oh, and it's DNS over TLS so queries are now encrypted rather than plain text that regular DNS.
None of this will block YouTube ads though. For that I use NewPipe or Firefox and uBlock Origin.
- Can't they change their DNS settings?
  
  Sure. But they aren't at that age to be aware. To be honest unless someone is clued up the average person wouldn't know either.

Also ADguard dns service for your mobile device on Mobile networks

Follow-up question: what open source software projects do you contribute to? I like using Liberapay or Open Collective, with Patreon as a third choice.

Or simply use AdGuard DNS
- IMO NextDNS is a better solution if you don’t wanna roll your own pihole
  
  I'm using Control D dns on my phone, i get better latency

88 comments