
Pi-Hole: Why You Need a Network-Wide Ad-Blocker - gszathmari
https://blog.cryptoaustralia.org.au/2018/08/06/why-you-need-network-wide-ad-blocker-pi-hole/
======
t3ra
I am actively using PiHole in my home network with over 8 devices doing around
~30k requests per day. Some highlights:

* By a huge margin the nosiest device is my Android Phone. >40% traffic is coming from just my phone (which is crazy!)

* I have 650,000+ in my domain blacklist and folks complaining about "it doesnt work on pihole" just have taken that tiny bit of error to unblock some domains like "ssl.googleanalytics.com" which break a lot apps. It took me about 1 day to see what isnt working (ex Facebook app break if graph.facebook.com is blocked)

* On avg 28% of my requests are blocked and 42% are cached. I am quite sure generally my surfing experience is snappier

\-- Things like learn running PiHole :

How prevalent tracking really is across the web. A lot of apps dont go
"online" if google analytics is blocked (example Toggl)

Manufacturers like Xiaomi are spamming the network with requests - mostly for
notification spam

How amazingly scalable, stable RPi+PiHole is - we ran a workshop with 150+
DHCP leases and nearly a few 100k DNS requests without a glitch. Pi didnt even
heat up a bit

SmartTV are freaking noisy. Samsung TV makes ~300 DNS requests in <5 min of
startup. Literally every button press in the "smart home" is tracked

~~~
natch
When something isn't working, how do you determine with a tiny bit of effort
which one or more domains out of the 650,000+ domains to whitelist?

~~~
michaelbuckbee
Here is what I do:

1\. Switch off DNS from PiHole to ISP DNS (or Google/CF, whatever non blocking
DNS)

2\. Reload page in Chrome with uBlock Origin and selectively allow domains to
load until the page loads.

3\. Whitelist domain in PiHole

This works b/c both uBlock Origin and PiHole out of the box use basically the
same blocklists (or you can force them to).

~~~
natch
Thanks. Can you expand on what you mean in step 2?

What is involved in selectively allowing domains to load?

Could you do it if the domain is a completely unrelated string to whatever
site you are visiting? (Say for site example.com, it requires something from
whwehkhsfasfs.com in order to load)... how does step 2 work exactly in this
case? Are you being prompted for a small subset of domains that the page is
trying to load, for example?

~~~
michaelbuckbee
So, PiHole has a web interface to blacklist/whitelist items, but it's hard to
use for debugging as what it "sees" are just a bunch of DNS requests come
through (they aren't grouped by page/user - at least in the version I had
going).

But in Chrome with uBlock Origin - it very clearly tells you what's happening
and you can selective unblock domains until the page starts working and then
turn around and add that domain to the whitelist.

I'm making this sound harder than it actually is, it's honestly just a couple
mouse clicks and page refreshes in Chrome with uBlock origin going.

~~~
erikbye
I've always found it trivial to know what to whitelist.

Pi-hole admin -> Query log -> Show all -> Search filter <domain>

Whitelist whatever necessary.

------
Jaruzel
My experience with Pi-Hole is that there are too many sites that detect that
their adverts and tracking scripts don't load and refuse to let you in. It's
really hard to white-list for a site in Pi-Hole, as it's blocking for the
whole network, so finding what domains you need to unblock is quite laborious.
Additionally, if you are not around, and a family member or co-worker can't
get to a site then they have no way to bypass it unless they also know how Pi-
Hole works.

Personally, I find a browser based advert/tracking blocker add-on to work
better.

If Pi-Hole had a webpage where you could put in a domain, i.e. cnbc.com, and
it went off and loaded the html of that page, worked out all the other domains
that html connects to, and then gives you a 'unblock' button to click, that
would improve usability significantly, as even a non-techie user could use it.

~~~
jackson1way
I couldn't agree more. Pi-Hole is essentially useless for real world
scenarios.

I can't hear this short-sighted comments "it doesn't load with pi-hole? then I
just close the tab!"

oh really? that's how easy it is in your world? and then you just don't buy
that flight ticket? because that shitty online ticket agent uses third-third-
party payment providers etc. whos domain is unfortunately blocked in pi-hole?
even one single incident might force you to entirely disable pi-hole. most
people can't afford to play around with that until it works.

you can't seriously maintain these block lists yourself. you have to rely on a
3rd party, usually some volunteers - great people btw - but even a huge crowd
like them can't make sure, that from time to time, in some part of the
internet, in some specific country and language, something will be blocked by
mistake and you are stuck. with a browser plugin, at least you can disable it
for that specific case. with pi-hole there is no such feature. i have to
disable my browser adblocker at least once a month, because something doesn't
load. and its always off for sites like paypal, because I really want that
payment to work and not suddenly screw up the whole transaction.

~~~
jackstraw14
> Pi-Hole is essentially useless for real world scenarios.

This is a surprising statement because I've used mine at home with 6+ devices
and zero issues for almost two years now. It seems fair to say it's not ideal
for your needs, but why say something like this that will only deter people
from seeing if it works for them?

~~~
olyjohn
Same here, I've never even touched the PiHole other than checking stats and
doing updates. I've got about 15-20 devices on my network (a few phones,
multiple computers, smart TV, Hue Lights, Nest, WeMo, etc). Haven't had a
single problem. My Pi just sits there running constantly without even having
to reboot it. Can't say the same for any other device that I own.

------
r3vrse
> In other words my current smartphone will be unsafe for everyday use after
> September 2018, but it may have some life left in it by protecting its
> operating system with some network level security.

I stopped paying attention when I read this.

Pi-Hole is an ad blocker and it is fit for that purpose. No argument from me.
However, to give this advice to people for whom device and network security is
not a major or even minor concern is frankly dangerous.

Buy an iPhone. Buy a Mac. Keep your Windows PCs updated. Get a mesh WiFi
solution that takes care of firmware patches automatically. Run a browser-
based blocker that updates in the background without interaction.

These are the low-hanging fruit that should be done _long_ before you are
trying to set up what is essentially MITM-as-an-appliance without any paid
support or guarantee.

Who is this article actually helping?

~~~
paulcarroty
> Buy an iPhone. Buy a Mac. Keep your Windows PCs updated.

What?

~~~
jacobush
An iOS device tracks a lot of what you do, especially if you don't opt out of
_anything_ iCloud. But the bulk of the tracking is done by one "evil"
corporation, who takes the majority of its money from selling devices.

With a normal Android device, you are tracked every step of the way, by apps,
by Google, by Samsung and their awful software quality or by random Chinese
entities.

If you don't spend a lot of time, an iOS device is the lesser evil when it
comes to tracking. An iOS device with automatic app updates turned off, no
iCloud, and where you say no to most apps asking for permissions on first run,
is pretty locked down.

There are downsides, of course. It's kind of sad that you can't buy a mobile
device which is just a network node by default, not a spying machine by
default.

~~~
sgt
Agree with this. Android is unfortunately a bit of a disaster in terms of
privacy and security. The easiest security advice you can give to say friends
and family would be to just buy an iPhone. As for asking them to buy a Mac - I
can list a few dozen reasons why that is also a good idea.

------
Tomte
I love how the Protestant Church of Germany has a very good installation
description on their web site: [https://datenschutz.ekd.de/2018/04/12/pi-hole-
ein-erfahrungs...](https://datenschutz.ekd.de/2018/04/12/pi-hole-ein-
erfahrungsbericht/)

~~~
dvfjsdhgfv
I found this bit interesting:

> After meanwhile four weeks "leisure mode" of the Pi-hole in my network this
> comes up stately 12245 DNS inquiries, of which 7102 DNS inquiries were
> blocked. That's 58%. It's interesting, if not surprising, that six of the
> top 10 blocked domains come from Microsoft, two from Google, and one each
> from Amazon and Vungle.com.

~~~
erikbye
If you block Windows telemetry domains and run Windows, naturally those
domains will be at the top... I have a lot of blocklists, but I think one of
the default ones includes Windows telemetry.

watson.telemetry.microsoft.com 15110

v10.vortex-win.data.microsoft.com 11338

fls-na.amazon.com 4397

nexus.officeapps.live.com 3547

settings-win.data.microsoft.com 3463

collector.githubapp.com 3396

www.google-analytics.com 3379

www.googletagmanager.com 2246

www.googletagservices.com 2204

clc.stackoverflow.com 2173

------
JumpCrisscross
For some reason, I was reminded of the message iOS’s original top-selling as
blocker posted when pulling their app [1]. (TL; DR They felt bad about denying
advertisers their revenues.) While the web is gnarly and unforgiving, we’ve
progressed—as a culture—in our general treatment of ads and ad blockers.

[1] [https://marco.org/2015/09/18/just-doesnt-feel-
good](https://marco.org/2015/09/18/just-doesnt-feel-good)

~~~
rangibaby
What an odd thing to feel bad about.

> People are taking the piss out of you everyday. They butt into your life,
> take a cheap shot at you and then disappear. They leer at you from tall
> buildings and make you feel small. They make flippant comments from buses
> that imply you're not sexy enough and that all the fun is happening
> somewhere else. They are on TV making your girlfriend feel inadequate. They
> have access to the most sophisticated technology the world has ever seen and
> they bully you with it. They are The Advertisers and they are laughing at
> you. You, however, are forbidden to touch them. Trademarks, intellectual
> property rights and copyright law mean advertisers can say what they like
> wherever they like with total impunity. Fuck that. Any advert in a public
> space that gives you no choice whether you see it or not is yours. It's
> yours to take, re-arrange and re-use. You can do whatever you like with it.
> Asking for permission is like asking to keep a rock someone just threw at
> your head. You owe the companies nothing. Less than nothing, you especially
> don't owe them any courtesy. They owe you. They have re-arranged the world
> to put themselves in front of you. They never asked for your permission,
> don't even start asking for theirs.

Banksy

~~~
javajosh
Wonderful quote. The concept I have been playing with I call "consensual
communication". We dont allow people to run up to us and shove food in our
mouths, and yet we allow information to be shoved into our minds - and as the
quote notes, they have the gall to place restrictions on the object of
assault.

~~~
xg15
> _We dont allow people to run up to us and shove food in our mouths_

"You can trespass my private roads as you like, you just have to take this new
experimental medication and report the results..." \- sounds like an
intriguing new business model! /s

~~~
freehunter
That's actually close to reality. A lot of US universities have some kind of
for-pay drug research going on. Since college kids are notoriously low on
cash, they sign up to get injected with something and report the results
afterwards.

My university didn't offer it but my sister's did. She made a few bucks
getting injected with a trial flu vaccine and reporting if she got sick
afterwards.

------
ramshanker
When I am on home wifi, no ads in my mobile thanks to PiHole. So many apps are
filled with ads while on the move. Clearly pihole version of web feels more
snappy.

There are apps serving the App Add tiles BEFORE they load real content from
their own far-away (by latency) servers.

------
schappim
The install process is curling a script into bash:

    
    
        curl -sSL https://install.pi-hole.net | bash
    

:-)

~~~
bigiain
They do at least call it out in the writeup as being poor form. But they don't
explain why or offer any alternative...

~~~
pbhjpbhj
If by they you mean the pi-hole website then I recall being told I could
download it and run the download if I didn't want to pipe curl to bash.

~~~
ziftface
I mean really how is that different from downloading .exe installers and
running them?

~~~
Karunamon
The more realistic fear is what happens if your connection goes away mid-
download. While a partial binary won't run, a partial shell script will, and
it might just do something bad to your system if you're unlucky.[1]

That said, the chances of your connection crapping out in the second or two it
takes to download the average sub-couple-kilobyte shell script is minuscule.
The fear is seriously overblown.

[1]: [https://www.seancassidy.me/dont-pipe-to-your-
shell.html](https://www.seancassidy.me/dont-pipe-to-your-shell.html)

~~~
bigiain
I reckon the biggest problem is normalising the pattern.

Piping (https) curl to shell from a site who you were going to trust and
download software/run from if they had an alternative method anyway - is no
less secure than downloading a tarball or .dmg from the same site.

Getting into the habit of piping curl to shell is a bad idea though. It's
gonna be easier when you're in a rush to not notice you're copy-pasting "curl
-sSL [https://install.pi-hole.ru](https://install.pi-hole.ru) | bash" from
some "helpful" forum post...

------
b3lvedere
My experiences using a Pi-Hole at home (Debian VM) have been very good.

Recently i upgraded to version 4.0 ([https://pi-hole.net/2018/08/06/pi-
hole-v4-0-released-with-ft...](https://pi-hole.net/2018/08/06/pi-
hole-v4-0-released-with-ftldns-improved-blocking-modes-regex-docker-and-
more/)) and it seems working perfectly fine.

Great job Pi-Hole team! Thank you!

~~~
j0hnml
Is there any reason you chose running on a VM as opposed to something like a
RPi3?

~~~
crtasm
Mine is on a Debian VM too, I already had a server to put it on and my RPI is
busy running 4player super bomberman :-)

~~~
BLKNSLVR
I only ever played 2-player super bomberman on the SNES, but it was once of
the most fun games I've ever played. Now I've gotta make this possible for /
with my kids!

~~~
crtasm
Back in the 90s I read about this new HDTV thing they had in Japan and how
they could play TEN player bomberman on it - mind blown.

SNES bomberman 3 I believe actually supports five players (one on joypad port
1 and four more via multitap on port 2). Runs great on Retropie, my nephews
love it.

------
moltar
Just got one a month ago. Doesn’t work for YouTube ads, which was my primary
use case. In Canada, we don’t have YouTube Red, and thus there’s no way to buy
out of the ads.

Also I loaded all block lists marked as safe. Yet many sites are broken.

Now I’m contemplating as to how best to repurpose the Pi.

~~~
greenshackle2
Since mid-June it's been renamed YouTube Premium and you can get it in Canada.

~~~
moltar
Sweet! Thank you for letting me know! Problem solved :D

------
alexrsagen
The page is very self-contradicting...

It says in verbatim "However, I do have a problem with: Pop-up and pop-under
ads that hi-jack my internet browsing experience".

However, the site itself has a "subscribe" overlay that has to be removed with
developer tools or manually blocked if uBlock Origin is enabled with
annoyances filters.

~~~
ziftface
I guess he made his point

------
kevlar1818
If you run OpenWRT/LEDE on your home router, you can just install this
package:

[https://github.com/openwrt/packages/tree/master/net/adblock/...](https://github.com/openwrt/packages/tree/master/net/adblock/files)

------
muxator
Alternative for those who run OpenWRT on their modem/router: you can opkg
install adblock, and also get an easy web based administrator interface via
LuCi.

------
paulcarroty
[https://github.com/StevenBlack/hosts](https://github.com/StevenBlack/hosts)

and you don't need a device.

~~~
badbug
Where do I edit the hosts file on my iPhone? Or my Android device? Or my
smartTV, etc, etc, etc

~~~
hello_asdf
I put mine on router with dnsmasq.

------
pbhjpbhj
I tried pi-hole (a few months back on an rpi3) and am pretty sure it got
hacked, making something like 100,000 DNS requests in a few minutes during a
low use period. I'd guess that's some sort of advertising impressions hack.

Unfortunately I didn't have time to sort the issue, so can't guarantee I
didn't err. But I stopped using it; which was a shame as I really liked the
device usage reporting in particular.

Anyone else had similar? Make sure to check your stats.

~~~
Majestic121
This article might be of interest to you : [https://docs.pi-
hole.net/guides/vpn/overview/](https://docs.pi-hole.net/guides/vpn/overview/)

It describes how your Pi-Hole can be used for DNS Amplification Attacks by
attackers, and how to prevent it

~~~
24gttghh
If the case is the pi-hole was an open resolver, then a simple firewall rule
should have been enabled to block port 53 from the WAN...

------
la_oveja
why is it based on the raspberry when it has so terrible network interface?
literally a +6 year board with a cual core and a gigabit interface can do this
for better.

~~~
dev_dull
It’s just resolving dns queries. What types of resources do you think it
needs?

Also, newest revision of rpi (model 3 b+) is quad core 1.4ghz with gigabit
lan. Overkill for a project like this.

~~~
Jaruzel
> with gigabit lan

Although, tests have shown it's not _really_ gigabit in speed, but it _is_
faster than the old 100mbit NICs previous Pis.

~~~
Fnoord
IIRC the bus of the NIC is shared with USB which is USB (v2) which is 480 Mbps
or about half of 1 Gbps. If you care about throughput, don't use the USB ports
when you care about it. But either way, 100 Mbps is more than fine for a Pi-
Hole. I'd worry more about any possible latency overhead.

------
admax88q
It really seems like the only reason I need this device is that most of my
devices are not truly under my control.

The fact that my phone does not have these features baked in and comes with
apps that violate my privacy and serve me ads without regard for malware those
ads may contain is because my phone doesn't truly obdy me first.

------
expertentipp
Internet without ad and tracking blocker is unwatchable and unusable at this
point. Occasionally I get taste of it while browsing on the iphone (unable to
edit the hosts file) and it is a nightmare. Advertisers and tracking providers
hijacked the web.

~~~
ectospheno
iOS has several nice ad blockers and has for quite some time now.

------
guu
I had issues with Pi-Hole slowing down page loads significantly until they
introduced NXDOMAIN and NULL blocking as an option.

These features made it to the stable build this week so it might be worth
trying again for those who had issues in the past.

~~~
moviuro
I do it differently on my own DNS ad blocker: it returns the IP of my "happy"
webserver that always returns `204 No Content`, whatever query you send to it.
Of course, there's still the issue of https failing, but I've never had any
performance issues - much more the opposite actually.

I wrote a tiny bit about how I do it:
[https://try.popho.be/byeads.html](https://try.popho.be/byeads.html)

------
veritas3241
There's a persistent bug with my Pi-Hole where every time it's active it
causes my wife complains that several of the websites she wants to visit are
unusable. :-D

------
ohiovr
Pi-Hole has dnsmasq built in so it is also handy for doing things like
connecting to ssh servers in your network with your own hostnames instead of
just ip addresses.

------
vmp
I wrote a lightweight DNS proxy for this purpose in python+twisted and
sqlite3:
[https://gitlab.com/Sharky/blocklist2bind/blob/master/twisted...](https://gitlab.com/Sharky/blocklist2bind/blob/master/twisted-
dnsblocker.py) which also works really well on a RaspPi 3 with pypy3.

------
kstenerud
I've added an LXC container builder for it:
[https://github.com/kstenerud/virtual-
builders/tree/master/ma...](https://github.com/kstenerud/virtual-
builders/tree/master/machine-builders/pi-hole)

------
randop
For me i use [http://www.ipcop.org/](http://www.ipcop.org/) then use the
blacklist on [http://www.shallalist.de/](http://www.shallalist.de/) Using this
on an old laptop.

------
binbag
I could be on the wrong track here, but the MACE ad-blocker built into the PIA
VPN seems to work very well by itself. It's not free like PiHole is, but
pretty cheap, and a VPN is probably a better starting point for security than
a local blocker. Am I missing something here?

~~~
Fnoord
> and a VPN is probably a better starting point for security than a local
> blocker. Am I missing something here?

Why? A VPN is just another (S)POF. I'm not afraid my ISP will MITM me. With a
VPN, who knows what they log or not? Also, OpenVPN's performance is terrible.
If you want to avoid detection of BitTorrent, sure, but then just route only
_that_ over a VPN. If your ISP MITMs you, and you're paying them, consider to
jump ship.

I see uBlock being mentioned throughout this thread. uBlock Origin is (very)
nice, but its client-side overhead and you can't use it on "apps". What I do
is catch all DNS requests and forward them to my DNS-based adblocking (I
basically run Pi-Hole on an ER-L) and forward that to DNS over TLS (which
works with Quad9). This is all used even if I'm roaming (via WireGuard, ie.
very low overhead). So it is irrelevant which network my roaming clients use.

~~~
binbag
The performance of my network is certainly not terrible when connected to the
VPN. Download speed is not noticeably affected and my ping to quake servers (I
run VPN all the time, even while gaming) is often lower with the VPN
connected.

Regarding your 'why is it more secure' question - because I live in the UK
where the government and a myriad of its approved bodies are now allowed to
look at user traffic and see my IP and what websites I've visited. I don't
have to worry about that now - although yes I need to trust that PIA really
are not logging.

~~~
Fnoord
PIA is a company from the USA.

The problem with "no logging" policy is you cannot verify it. They can log if
they 1) want to 2) mistakenly do so 3) while claiming they _really_ don't 4)
are obliged to by (secret) court order (with whatever collateral damage). Its
also not anonymous (e.g. correlation attacks). So it seems to be just snake
oil to me. I'd rather depend on something like Tor.

~~~
binbag
Tor is way more secure and anonymous of course, but not at all practical for
high bandwidth / low latency applications. Yes you need to trust the VPN that
they don't log (your points 1-3). If you trust them not to log, then there is
nothing they can reveal under court order (your point 4). It's not snake oil
if it does what the seller says it does.

~~~
Fnoord
Yeah, that's why I use a VPN; for BitTorrent solely. Which here falls under
private law; not criminal law. So the equiv of the RIAA cannot do the
correlation attacks whereas (the equiv of) 3 letter agencies can. But the
latter don't do private law cases.

I also download over Usenet, over TLS. Its basically impossible to catch those
who download over Usenet for copyright infringement since its again private
law, and they don't have the power to sniff my ISP's network (though they'd
also see encrypted data flowing from a Usenet server).

------
eximius
I use wireguard with DNS routed to an `unbound` instance on the wireguard VPS.
The VPS costs me $1/mo. The only problem I've gotten is when `unbound` crashes
because it uses ~400MB of RAM to hold the blacklist and the little vps only
has 256MB of RAM (and 1GB of swap)!

------
mlinksva
Does anyone use Pi-Hole for larger-than-home networks, e.g., for an office,
cafe, school...?

Also, it seems like Pi-Hole ought to be a router feature rather than requiring
a separate device. Does any router vendor or router OS distro integrate Pi-
Hole?

------
adrianN
I like the idea of running a Pi-hole, but my crappy ISP provided router is
unreliable enough as it is, I don't really want to add a second layer of
software that can break. So I'll just stick with UBlock.

~~~
dingaling
I also prefer a blocking list and blocker on each terminal device rather than
central on the network. It is unpleasant otherwise to open one's laptop at the
library or at a friend's house and be bombarded by ads.

~~~
mnw21cam
This is the single greatest argument against getting a Pi-hole.

~~~
j0hnml
Yeah, this is a valid point. But, you can also just keep something like uBlock
installed and just disable it when using pi-hole and then enable it once
you’re on something like a public network.

~~~
Tomte
Why disable uBlock? I have both Pi-Hole and uBlock Origin active.

------
witnessmenow
I have a relatively short video (~8 mins) explaining how pi-hole works and how
to install it if anyone interested

[https://youtu.be/_rZhCLh3WyY](https://youtu.be/_rZhCLh3WyY)

------
robszumski
Does anyone have experience with the optional network ad blocker built into
the eero? I think it’s an additional charge so I haven’t tried it. Does it use
this same rule set?

------
NoPicklez
Quad9 offers a similar type of network-side ad-blocker for free.

[https://www.quad9.net/](https://www.quad9.net/)

------
adultSwim
_I do not have a problem with internet advertising in general._

I do.

------
ocdtrekkie
Finally broke down, got out an old Pi I had in storage and set up a Pi-Hole
last week. So far the experience has been pretty positive.

------
comprev
I've been running Pi-Hole for a while now installed on the same RPi as XBMC.

Occasionally I bump into false-positives and PH blocks legit websites.

------
intopieces
Is this something I can put next to my parents’ router and not kill their
internet experience? They like Facebook.

------
a_imho
Blocking is good, obfuscation is better.

------
corv
Is there a way I can keep a second DNS as a fallback that doesn't get used
unless my pi-hole is down?

~~~
nirav72
Yes. Just set your secondary dns in your client to whatever dns you were using
before. It will fall back on secondary if primary dns via pihole fails.

~~~
corv
Sometimes the secondary will take precedence over the primary even though pi-
hole is reachable.

~~~
WaLLy3K
In my experience, Windows is the worst offender for this. *Nix, macOS and iOS
will always prefer the first resolver if all other variables (ping,
availability, etc) are equal.

~~~
pbhjpbhj
I can't remember the details but something changed in Ubuntu defaults to make
default to distribute the DNS calls rather than order nameservers, it can be
set to use order preference.

In short, don't assume strict ordering on Ubu, at least.

------
phito
I tried pihole once, but it made my whole network incredibly slow...

Also I can't setup the DNS on my router :(

~~~
fyfy18
I like the idea of Pi-hole but I had the same thing, even though I was running
it on a VM much more powerful than a Raspberry Pi.

------
obituary_latte
I love that pi-hole will even block commercials on “free” tv apps that run on
fire/apple tv.

~~~
mlevental
I bought a pi exactly for this and couldn't get the to work. it broke YouTube
because the commercials wouldn't load. have you managed to get that to work?

~~~
obituary_latte
Sorry — didn’t try with YouTube — it was working with Crackle and if I
remember correctly the AMC app. That’s odd though because I’m pretty certain
it blocks the YT adds on my phone (unless that’s the Purify/1Blocker add block
apps which it may be).

~~~
mlevental
on appletv it does block ads but it also prevents some videos from playing

------
myf01d
what about path based blocking for https websites? this dns-based method isn't
really effective unless for known ad and tracking domains, I guess most of the
time you need to block a certain path and that cannot be known for the case of
https except inside the browser itself after decrypting the TLS payload. Also
this could break some websites and users don't even recognize this is due to
pi-hole. This is why I believe that adblockers at the endpoint like ublock-
origin are the most effective way to block ads.

------
dingo_bat
What's the advantage over just using ublock everywhere? Why go to all this
effort and include another point of failure in your network when you can just
install an extension?

~~~
class4behavior
Pihole manages your hosts file which redirects domain names to a configured
IP-address; a local one when the goal is blocking. It is a bit overhyped but
useful when you understand what it's for.

It uses the same lists as uBlock, but only the rules which filter the entire
domains. Meaning, uBlock covers a lot more ground and preserves the
operability of most websites.

As such, just for browser activity it is a redundant measure.

The difference is, for everything else it affects all your traffic; that is,
Android or Windows apps, telemetry, bad content in HTML emails, etc.

If you install it on a router, you can cover all your devices. That can
immediately or later cause issues with websites and apps inhibiting usage when
ads or trackers are blocked. So you need to be available for whitelisting.

------
PhasmaFelis
To think it only costs $100 and a few days' shipping time to get all the
benefits of a software ad blocker than anyone can install for free in less
than 60 seconds.

~~~
zaarn
Pi-Hole offers more than a simple software blocker, or rather, something a bit
different.

Everyone on my wifi or LAN benefits from adblocking. Even guests that are just
there for the day. Devices that cannot run adblockers benefit. It doesn't
require any installation at all.

And if you bought a compatible raspi plus PSU for 100$ you go scammed pretty
hard, I'd pay 40$, maybe 50$, for that combination tops.

~~~
PhasmaFelis
> _Devices that cannot run adblockers benefit._

Adblockers have been available on the Android and iPhone app stores for a
while now.

> _And if you bought a compatible raspi plus PSU for 100$ you go scammed
> pretty hard_

I'm quoting from the article, which admittedly uses Australian dollars. But I
still don't see a need to pay any amount of money for the benefit of
hypothetical visitors who already don't care enough to install a free
adblocker on their phone.

I'm sure there are valuable use cases for the Pi-Hole; in an small office
environment, or if you fear some very specific malware, or if you really,
really want a bulletproof way to block ads in free phone games. I object to
the article making it sound like it's something everyone needs in their home,
giving no coherent evidence and ignoring the real drawbacks. (The first thing
I do when a site doesn't work is try disabling AdBlock Plus; even ignoring
anti-adblockers, quite a few poorly-designed sites just break if an adblocker
is running. A hardware adblocker that can't be locally or temporarily disabled
with a few clicks is a bad idea.)

~~~
zaarn
>Adblockers have been available on the Android and iPhone app stores for a
while now.

There are more devices than Android and iPhone, esp. some Android devices with
higher lockdown. Additionally some of them either require Root or routing all
your traffic through a VPN (either local or to some remote server) which costs
battery and bandwidth.

>But I still don't see a need to pay any amount of money for the benefit of
hypothetical visitors who already don't care enough to install a free
adblocker on their phone.

You're not paying money for those visitors, you pay some cash if you need
hardware to run a simple adblocker solution that protects all devices on your
network instead of just the ones you can install software too.

>I object to the article making it sound like it's something everyone needs in
their home, giving no coherent evidence and ignoring the real drawbacks.

Not quite, in your comment you object to the existence of a software based
solution running on any hardware (though preferably on an RPi) over a software
solution running in your browser.

The Pi-hole isn't purely restricted to the RPi and can run on a VPS or old
laptop you have lying around.

Pi-hole can be easily temporarily disabled and I've done so to disable anti-
adblock detectors in the past or debug some DNS issues. It's not hard.

There is definitely some advantage to setting it up for a family, on top of
the advantage of protecting visitors, it's set-and-forget; I haven't touched
our local pi-hole installation in about two years. It's essentially
maintenance free.

I don't block so aggresively that all websites break, the only ones that break
are cancer anyway and people begin to use them less so there is no point in
giving these websites a free pass anyway.

For anything more I still rely on uMatrix due to finer control.

If you want to object to the average family having on of these you should
consider formulating it other than "why buy hardware when I can install
software?" because that's neither covering the argument not particularly
convincing.

