Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: What ist your AdBlock strategy?
99 points by laserstrahl 35 days ago | hide | past | favorite | 183 comments
Hi, Just installed OpenWRT. Which solutions for ad blocking and other trackers would you recommend? Pi-Hole is not a option, since I don't have one laying around.

So anything else I can try which will work out of the box? For links and guides I'd be happy. PS: I got dual antennas what would come into your mind to do with it?




Firefox + uBlock Origin works well for me! It's all I use.


Ditto except NextDNS as default on my network for DNS blocking.

I can switch to cloudflare DNS in Firefox to circumvent DNS routing which is occasionally necessary, mostly to make email links work.


NextDNS does not work many a times. I prefer the iOS app so that it’s easy to disable when needed, but the app has not been updated for a few years. Many a times the test page at test.nextdns.io will show as unconfigured and sometimes it will show as passing the test.

On Apple TV, I have the NextDNS profile installed, but it still doesn’t work.

Most of the community forum posts on NextDNS don’t get any answers. I’m sure the DNS servers exist, but the clients and the configuration options have not been supported by the creators.

I wouldn’t recommend NextDNS to anyone because of this apathy by its creators.


NextDNS was working a treat for me, and it was only through NextDNS's meticulous logging that I immediately discovered that my consumer grade router was hopelessly compromised: joined a botnet, trafficking porn, IDK.

So I threw the router out the window, and signed up to rent CPE from my ISP; edge router security is now 100% their responsibility!


What’s a CPE?


It's an networking term to distinguish between ISP-owned and customer-owned equipment. https://en.wikipedia.org/wiki/Customer-premises_equipment


minor nitpick, but it's not ownership so much as location. Sometimes the ISP will own the equipment, but it will be located on the customer premises rather than the ISP premises. It's an important distinction as you can't just rock up and do stuff to it.


NextDNS is definitely worth the money. Setting up profiles for your kids devices is very useful functionality as well.


In addition to that, I use EFF's Privacy Badger

https://www.eff.org/pages/privacy-badger


The ublock origin FAQ recommends not using additional content blockers or you may run into effectiveness/detection problems.

I've never had the former happen, but it's something to be aware of.


afaik there's nothing ublock doesn't block (or can't block with an extra filter or two) that Privacy Badger does, sorta redundant


I had a pihole for a while, but found ublock was more reliable. Occasionally the dns routing to 127.0.0.1 would wreck havoc on "Smart" devices, such as firetv etc


The same addon, but prefer Ungoogled Chromium as browser. Chrome, Firefox, Brave etc. have too many features I never asked for.


I just use Firefox and disable Pocket, search suggestions, and everything on the new tab page and it feels fine to me.


Same, but discovered a nice alternative Firefox fork recently: Floorp

https://github.com/Floorp-Projects/Floorp

https://floorp.app/


Also checkout the Mullvad browser which I believe is based on the Tor browser with the Tor bit removed. (You dont need the Mullvad vpn to use it).

https://mullvad.net/en/browser


Floorp is great! Also discovered it recently. Works really well.


Found out 1Password doesn't work in this, so it killed my plan to switch to it. Currently using Brave, which seems like the next best choice.


I do that plus adguard dns hosted on my local network and I use their paid dns on my phones when remote.


Brave browser + uBlock Origin is still great for a Chromium-flavored experience too.


Whatever you end up using, make sure that there is an easy way to turn it off and on from each client device. A network wide blocker could cause issues with some sites (like banking, as an example).

Tangential topic: I see some suggestions for NextDNS here as an additional layer. I can’t speak for Android, but if you’re looking for iOS/iPadOS/macOS/tvOS, note that NextDNS does not work well on these. The app hasn’t been updated for several years and toggling on the app does nothing (I like the app because I can quickly switch it off and on when needed, which cannot be done with a profile). Most of the time the test page at test.nextdns.io shows as “unconfigured”. Even the profile installation approach does not work on Apple TV (I’ve tried this a few times). Overall, the NextDNS servers around the world exist, but there is zero support and maintenance on the client side for the platforms I mentioned. The community forum has posts about issues that the founders don’t respond to.

At least on macOS, I have Little Snitch that acts as a system wide blocker (one can subscribe to blocking lists just like in uBlock Origin).


If an ad blocker causes issues with banking sites then you either need a new blocker or a new bank


Bit of an unrealistic comment, this might be a choice you can make for yourself, but most people don't live alone and share their internet connection with others – I doubt telling your partner or housemates to get a new bank because of the DNS ad blocker you set up on the network will go down well.

Ad blockers pretty much all rely on community-maintained block-lists, there are always going to be mistakes in those that break some sites, or some sites might not act well when unable to send ad/tracking events. I recently had an issue booking a train, which was because of this, turned off the ad blocker and it worked fine, not something that's as easy to do with network level blocking, especially if it was set up by someone else and you're not a technical person. Not booking the train because their site is bad is not a realistic option.


> Bit of an unrealistic comment

For other sites agreed, but a bank that can’t coexist with an adblocker you really have to ask yourself wtf said bank is doing.

Everything on that site should come from ad free reputable domains.

Also wouldn’t hurt if said bank tested their site with common browser configurations like ublock


Aren't banks sort of the poster children for legacy practices though? Only works with this or that browser, here are some weird password rules, yes I have an SVGA monitor, no I can't search older than 90 days, etc. I'm used to turning off my modern expectations and just getting into the 20 years-old flow for the time I'm logged into the average bank. No, I don't want to switch banks (where my mortgage and dozens of ACH linkages are set up) to have better ad blocker compatibility.


Thankfully legacy practices didn't include advertisements in paid sites, i.e. where you are the customer.

If you value your finances at all, you won't allow advertisers into the connection.


They aren't using advertisers. They're incorrectly* using user behavior instrumentation for diagnostics and anti-fraud, especially blocking on login if tracking is disabled as they are trying to prevent credential stuffing bots.

* Bug, or feature, many fail if the tracking is blocked, due to other code that assumes it's there or depends on it. They fail closed instead of fail open.


Sorry, but I laughed at your comment. Didn’t mean to be disrespectful, but it is laughable.

Banks and other financial institutions have a duty to prevent fraud and their malicious actors. Could they do better, yes. They still have a duty nonetheless.

Adblockers do more than just domain blocking, such as anti-fingerprinting, bot detection—which includes a lot of, sadly, invasive checks against the browser.

UBlock has annoyance lists, tracking lists, and others and others…

From what you’re telling me, you’re wanting a bank that’s protecting their clients or at least attempting to. Ooookay


Delta airlines site absolutely flips out when using uBlock and or Privacy Badger


As a possible counter to

> but if you’re looking for iOS/iPadOS/macOS/tvOS, note that NextDNS does not work well on these

If your situation supports it I've had zero issues (since May 2021) using NextDNS via tailscale[1] on all of the above devices[2].

I do realise it's not feasible to ask people to set up a VPN just for some adblocking but it's a decent option if you were going to do it anyway :)

[1]: https://tailscale.com/kb/1218/nextdns

[2]: Yes even tvOS: https://tailscale.com/kb/1280/appletv


I use NextDNS for adblocking on Android via the Private DNS Provider setting, which works nicely. For a while I'd have to disable it to use the Wells Fargo app, but they finally removed whatever dumb dependency (Firebase?) that was breaking that.


NextDNS does support creating a profile, you can just install that and it does the dns configs for you etc that method seemed to work fairly well for me.


ControlD is now replacing nextdns apps and functionality


Computer browser: Brave + uBlock, LocalCDN, Privacy Badger, SponsorBlock (+ Invidious, Redlib, Nitter, etc, when it makes sense)

Phone: Hyperweb (for redirections to alternative frontends) + AdGuard Pro + ControlD DNS-over-HTTPS

Router: ControlD DNS-over-HTTPS

If you're using OpenWRT, check out AdGuard Home. But keep in mind that DNS blocking solutions aren't going to be as effective as tools like uBlock that review the DOM and apply styling filters. Both would work hand-in-hand.


I am using NextDNS [0], which also integrates well within Tailscale across all my devices. Or are you looking for a solution that works offline within OpenWRT, without relying on third parties? It appears that there are AdBlock packages available for OpenWRT[1].

[0] https://nextdns.io [1] https://github.com/openwrt/packages/blob/master/net/adblock/...


Pi-Hole doesn't need an actual Raspberry Pi.

The software runs fine on a lot of hardware. I have it dockerized (via ansible) and deployed on a couple of regular mini-PCs.

You can run it on a lot of hardware these days, or containerized.


Yea this seems to be a really big misconception. There is nothing magical about pi-hole that requires a Raspberry Pi or even the actual pi-hole software either. It’s just dnsmasq. A generic Linux box running dnsmasq gets you 95% of what branded “pi-hole” gets you.


> dnsmasq

Check out running dnsmasq with dnscrypt-proxy too.


Noscript temporary whitelist only combined with uBlock origin and sponsorblock. A CSS toggle button is important too to be able to read text when the page doesn't display correctly. As well as a "superstop" button to (near) completely end all JS execution in a tab after loading.

After 15 years of using NoScript this way I have developed a sixth sense for the minimal set of individual hostnames/ips need to be JS allowed on a typical site. I'm quite fast at it. But wix.com hosted sites and others like it that have one JS domain required to load another and so on serially 5x deep I just close rather than refreshing the page 5 times.


I use Firefox + uMatrix to achieve a similar setup.

One advantage of using only a script blocker in favor of a proper ad blocker is that I don't shut off reasonable ads but only the ones that do shady stuff with a lot of computation and tracking on the client PC.

uMatrix has the advantage that it additionally blocks cookies by default, making the tracking even harder.


I haven't looked at pihole once after I discovered adguard home.

https://openwrt.org/docs/guide-user/services/dns/adguard-hom...


How do you reduce the latency of the upstream DNS resolvers? The closest Cloudflare servers give me 20-25ms DNS resolution times, but with Cloudflare as the upstream DNS in Adguard Home, I'm getting more around 80-110ms.


Maybe not what you’re looking for, but I put adguard home on a VPS (although later switched to a “real” dns software prior to benchmarking) and is faster^1 than connecting directly to cloudflare from home.

[1] https://stonegray.ca/dns/#performance

Edit: for the curious, I use technetium as the server, nginx to proxy it (security stuff, prioritize traffic from my zerotier network, do DNS/DoT translation, etc) and docker/letsencrypt/watchtower/netdata for auto updating and status reporting, packaged as a single docker compose I can deploy easily.


This looks really interesting. I am not in North American region and hence this would be slow from my region. But nonetheless interesting project. Have you documented the entire setup journey on a blog or video?


If you run adguard home with long blocklists on a consumer-level router, this will cause big delays, simply because the blocklists are large and eat all available memory and lots of processing on any dns request.

I've kept de blocklists in adguard home small, and then it works fine, but if I add hundreds of thousands of blocked domains, it gets painfully slow on my Edgerouter X running OpenWRT


The Edgerouter X had good specs for the time it was released but that was over 9 years ago at this point. I had to replace mine a few years ago because it didn't have the thruput for my 1Gbs internet connection.

Many modern consumer routers contain processors and memory which can easily handle Adguard Home. I have a GL.iNet MT-6000 with a MediaTek Filogic 830 processor which has 4 ARM A53 cores running at 2Ghz and offloads wifi and wired network packet processing from the cores. It also has 1GB of DDR4 memory. It has no problem handling Adguard home, my 1Gbs internet connection and gives me around 900Mbs of wirguard thruput.


I'm using same set of Blocklists (800k-1M rulesets) in my comparison between Adguard and Blocky with same upstream resolver.

I'm running them as system service on my laptop, and using my localhost as dns proxy.


What sort of workloads are you doing where 60ms extra time on your DNS lookups is an issue?


I naively assumed most OS + routers cache DNS queries so that your typical sites will not even require a lookup. Or is that a bad assumption?


I switched from Adguard Home to Blocky because I noticed how much faster page loads were on Blocky. I've configured it to cache any query I resolve more than once in a 24 hour window. This makes most of my page loads really, really fast.

Adguard also has the ability to cache. But I haven't seen it to significantly speed up my page loads. The default resolution itself is much slower on Adguard + Cloudflare DNS compared to Blocky + Cloudflare DNS. So this makes Adguard double whammy.


DNS records commonly have cache lifetimes (“TTLs”) of a few minutes. It would be an error to cache those for much longer.


Nothing interesting particularly, but cached + faster DNS resolution is usually perceptible in general web browsing.


Is there a specific way to test that or just nslookup/dig/drill and look at the number there? I want to check this and get back to you.


Adguard Dashboard shows average DNS resolution time. I eventually shifted to Blocky which tracks logs of every DMS query. I strung a quick python script to make a dashboard similar to Adguard's and calculating avg resolution time for each resolved A records.


Blocky looks good too. I will check it out at some point. Thanks.


On a computer, just uBlock Origin and it works wonders.

Tangential question - what is the best solution for iPhone? On Androids you can use Firefox with uBlock, but it seems none of the Safari extensions on iPhone actually work, I tried some paid ones too. Brave seems to work decently well, but I have no idea why - if other browsers have some OS limitation, how does Brave go around it?


AdGuard is really good, amd almost as good as uBlock for me.


I used Orion Browser from kagi. It lets you install extensions.


I use Wipr on iOS+Safari and MacOS+Safari. It works just as well as Firefox+uBlock Origin on Windows/Linux.


Nextdns, install profile on apple devices and block the ads on dns level for all of your devices.


I do brave on Android, it just works. If it's on iphone I'd use that.


I use ublock Origin on the Orion browser on iOS.


An additional ad blocker shouldn't be necessary in Orion, as it has one built-in.


[Blocky](https://0xerr0r.github.io/blocky/latest/) + uBlock Origin with OISD blocklists (https://oisd.nl/) and Hagezi Blocklists (https://github.com/hagezi/dns-blocklists)


Firefox and uBO, plus pi-hole on an old Celeron NUC alongside some other stuff (Samba, HA, etc).

Pi-Hole is worth it, I highly recommend it. You don't need a Pi, just grab a cheap used mini PC off eBay. It's been a total set-and-forget thing.


>You don't need a Pi, just grab a cheap used mini PC off eBay

I run pihole in a VM myself. And it works nicely. It doesn't use very much in the way of resources either. In fact, I've been thinking about moving to a docker/podman container.

I don't use "upstream" resolvers either. Rather, I use my own recursive resolver.

Those plus uBlockOrigin do the job quite nicely for me.


You certainly put in more effort than I did! I just grabbed the boilerplate Docker and systemd stuff off the web, told it "go" and added a few extra adlists. I also stuck nginx in front of it, but that was really just so that I could route different subdomains to HA, IPFS, and Pi-Hole.


I use Firefox + uBlock Origin for the most part.

I also have whole-network blocking via AdGuard running on a Pi. AdGuard also has a hosted option and you can just run it in a Docker container on a machine on the network.

I also have WireGuard setup on my Ubiquiti network so I often will be running my machines through that when remote which blocks ads for them too.


You don't need a pi to run pihole. It can run in docker as well. And really it's just dnsmasq with some automation and nice web interface.


Desktop: uBlock Origin in Firefox

Mobile: PiHole running in AWS. I VPN into it, with the VPN configured to only tunnel DNS lookups. Allows me to easily temporarily disable the PiHole by just disconnecting from the VPN. Gives me ad blocking in all apps.


Why AWS? You can do this with a RPi and Tailscale.


I already run an AWS EC2 t3.micro for an IRC bouncer and other small projects, so figured why not put it there?


Ignorant question: what ad blocking is required outside of your browser to require anything more than something like ublock?


Mobile apps show ads and use trackers, for instance.


ProtonVPN blocks ads and trackers, it's my solution and reasonably affordable.


It saves me bandwidth to not serve ads to family members and other guests on my Wi-Fi.


Plenty of "smart" appliances phone home unnecessarily.


That isn’t adblocking, though


Well, it's blocking the data being sold on to advertising companies.


Security works best in layers


Even with ublock the network wide blockers catch stuff. Ublock is good but not perfect


Billboards


My strategy is based around a single premise: zero tolerance on advertising other than self-promotion or mentions of products directly related to subject of the page I am on. With that last bit I mean the products actually have to be part of the thing I'm reading, e.g. when I'm reading something about how to solder some specific type of component I'm fine with the solder being mentioned together with a link where the stuff can be bought. I'm not fine with 'electronics-related advertising' in a story on electronics, that falls under the zero tolerance part.

I use a defence-in-depth strategy to block unwanted content:

1: on the router (OpenWRT running in a container on Proxmox), network blocking using nftables sets. This includes both advertising-related networks as well as emerging threats.

2: on the router, DNS blocking using several block lists as well as my own custom lists.

3: on the router, DNS masquerading to enforce the use of my own DNS server. This only works for applications which use normal DNS so I tend to disable DoH (DNS over HTTP) and other such things when possible. If applications insist on trying to force me to use their own idea of what a DNS service looks like I will stop using those applications if there are useable alternatives. This is my network, these are my computers, this is my domain, this is my internet connection and I am the one who controls which traffic goes where.

3: on client devices, network blocking using nftables sets or (on some devices) ipset lists.

4: on client devices, DNS blocking using the host file

5: on some Android client devices, content blocking through a device-local VPN

6: on client applications like browsers, content blocking through either extensions like uBlock Origin and/or by using native content blocking capabilities (e.g. the Cromite browser on Android which I use when I have to test something with a non-Firefox browser)

7: as a last resort, my hands and eyes. If somehow advertising makes it way past all the hurdles I throw in its path I just close the page/application/window/. Thou Shall Not Pass and that's it.

While all this may sound like a lot of work it actually is not. I set up the blocking on the router once and keep the lists up to date automatically using a cron job. The same is true for client devices. Once installed the stuff mostly does its job without bothering me apart from some pages not working - so what, there's enough alternatives out there. I don't like ads, get it? No ads, zip, nada, zilch. Don't Advertise On Me.


I think your process is quite reasonable, and should be adopted as SOP by most. Advertising (any sponsored messaging) is a bane, it plays on conflicts of interest in trusting others' to induce you to hand resources over.


Firefox and uBlock Origin at the browser level on desktop/laptop. For trackers specifically Firefox also has its built in tracking protection.

NextDNS at the network level for all of my devices that support tailscale[1] wherever they may be in the world.

NextDNS for any other home devices via my router's DNS settings.

[1]: https://tailscale.com/kb/1218/nextdns


I use Firefox forks with uBlock. Librewolf on desktop and Fennec on android.

My husband uses an iPhone, so I run DNS level ad blocking on my OpenWRT router.

Works pretty well most of the time


How do you deal with sites you try accessing but have apps installed. I have hard time opening things in apps. And I end up going back to chrome just for ease.


Control D for DNS blocking and Ublock origin on all browsers.

It would be nice to setup something locally, but I'm lazy (spend my time on other things) and just want it to work.


Brave + ublock origin. Almost never see YT ads and haven’t seen a Twitch ad for awhile. If I accidentally see a YT ad refreshing the page makes it go away.


Pihole with like 2 million blocked domains, no major social media use, wireguard on mobile, Brave browser, don't watch TV


DNS filtering is good enough these days. I have very few ad-thirsty apps that I need. On my Android VPN + Cromite browser does the job, on my PC uBlock Lite will do it.

Am always using gluetun VPN hosted on a VPS with these two options: BLOCK_ADS=on BLOCK_SURVEILLANCE=on and I don't see any ads anywhere, even on the Twitter site!


Not mentioned yet: Paying for YouTube Premium if you and your other family members watch a lot of YT. This is only needed for Smart TVs. It's $23 per month for up to a family of five. You also get YouTube Music as well.

Otherwise, I use Firefox + uBlock Origin + Privacy Badger and also have redundant PiHole servers.


I hooked up an old PC to my TV and then taught my extremely tech illiterate wife to use VNC on her phone to control the PC. Now her YouTube and Chinese streaming sites are ad-free. My kids will have to wait until they can operate a web browser on a computer before I’ll let them on YouTube. Until then I let them use Netflix or VLC on an iPad with local content I downloaded (yt-dlp, etc).


It’s not mentioned because we’re on HACKER NEWS discussing adblocking, FFS.


If you're going to pay for YouTube, then at least VPN to a 3rd world country for cheaper YT Premium subscription.


Or you could be honest.


I literally JUST set this up for myself on Openwrt (Running on my Pi4) this past week. I tried two popular solutions that both didn't work well and/or I felt were not very intuitive to setup if I needed to re implement them in the future. I started with fresh factory images after each attempt.

The third one I found a very easy method and now am currently using Control-D DNS with free ad/tracker/malware blocking over the modern DoQ protocol. Got it running in less than 30 minutes. ControlD latency appears as fast as any free DNS I've tried (Quad9, OpenDNS for years, etc), including my own ISP, so I am lucky location-wise.

I'll send you all my notes and guidance if want. Email me at my throwaway xyzx

@

duck.com


I just use Brave. It works on my phone.

and Chrome for Google integration.


I’ve used Pi-Hole before, and I had to troubleshoot in a few instances when I was traveling away from home. I stopped using it to simplify my setup.

The ideal setup I want to try is to have something like AdGuard Home at the Router. My current setup on our devices already has AdGuard App running with NextDNS as the DNS Resolver. This setup works pretty well while connecting to any network. NextDNS handles the DNS, while AdGuad AdBlocker works well with the client side on all browsers.

Issues pop up occasionally when the OS gets upgraded, but they are bearable. https://brajeshwar.com/2024/i-block-ads/


I got one r-pi zero running pi-hole at .220, and another pi-hole on a server dockerized at .221. If that server goes down, another server has a dockerized pi-hole that takes over the .221 IP. The failover is handled with keepalived.

At parents house they got one r-pi set as DNS 1, and 9.9.9.9 as DNS 2.


I run adguard on a raspberry pi - setup similar to pi-hole. It works well but does not block YouTube ads. Is there a setting I am missing to enable this?


I don't think you can do that with Adguard right now. You can use a browser with adblock for desktop/mobile, and there are smart TV apps with adblock and sponsorblock both for Tizen [0] and webOS [1].

[0]: https://github.com/reisxd/TizenTube/

[1]: https://github.com/webosbrew/youtube-webos


Change VPN to India and signup YT Premium individual for less than $2/month, or share Family plan with 5 people for less than $1/month.

I'm sure even VPN + YT Premium would be cheaper than local subscription pricing .


Brave browser, Mullvad/Proton, uBlock Origin, Privacy Badger, AdBlock, Cookie Auto Delete


I run privacy badger. It doesn’t block ads, it blocks sites that seem to try and track you around the net. That suits my goals nicely.

My problem isn’t being shown an ad beside content I’m consuming, it’s being tracked.


I use:

* portmaster on any desktop - for better security and privacy

* tracker control on android - not technically written for ad blocking but it works for 90% of ads

* ublock origin + decentralzeyed + consent-o-matric and cookie flag on Firefox.


Pi-Hole is not a option, since I don't have one laying around.

Why not buy one?


Pi-Hole is the worst-named software. You don’t need to buy a Raspberry Pi to block ads at the DNS layer, and you don’t even need branded pi-hole software. It’s just dnsmasq which can run on anything.


Using an RPi might be the simplest way for the OP to solve the problem because hardware is a useful abstraction. My response addressed the hard part of engineering: humans in the loop.


Your comment reminds me a lot of the classic "Dropbox will never succeed, I can just use a Linux box with ftp" hn comment.

It's all about user experience.


For DNS-based on openwrt specifically: https://openwrt.org/docs/guide-user/services/ad-blocking

Try them out and see which one you prefer.

All these work similarly to pihole. If you choose an option that integrates with ipset, you can get slightly stronger than by blocking IPs associated with hostnames.

As others mentioned, it's good to couple with a client-side filter like uBlock origin.


Switched to Adguard a couple of months ago and have been very happy. Before that I mostly used UBO on Chrome together with consent-o-matic for cookie banners.

What I like about Adguard is that I can more freely switch between browsers without needing to take into account how well their builtin blocking works or if they still support Mv2. And just like with my choice to use 1password over self-hosting Bitwarden, I’ll gladly pay a bit more if it means not having to maintain yet another service.


I, not yet wanting particularly to extricate myself from Chrome, use Ublock Origin Lite. It works about as well as the original (although it's less good with paywalls and blocking individual site elements, by which I mean 'not good at all'.) If you can and don't already I would try to replace as much as you can with RSS (which is also really good with paywalls - I use feeder.co and it lets me get around the Atlantic's paywall. Its privacy policy is here: https://feeder.co/help/legal/privacy-policy/. It's hosted in Sweden, in the EU, for what that's worth.)

But as you might have figured out from my use of Chrome, I'm mostly ok with the fact that Google knows everything about me. So I'm probably not the best person to ask.


I use uBlock on Firefox on the desktop and don't really use my phone for browsing. I specifically bought as dumb of a TV as I could find. I also pay for services to avoid ads where I feel okay doing so. I pay for Netflix, for example, but don't pay for YouTube Premium because I have less of a history of fighting ads on Netflix than YouTube. I also avoid mainstream cable (have for 20+ years).

I live alone, though, which changes the equation somewhat.


I use to have a pihole at home to deal with advert. Alas that is now gone. Would highly recommend though.


Safari: Adblock, Hush (will stop the day any FOSS browser becomes closer to it in speed and resource usage; I doubt it as Safari literally comes baked with OS)

Firefox: uBlockOrigin, AdBlocker for YouTube, Adguard, Disconnect, DDG Privacy Essentials, Sponsor Block for YouTube, Unhook (Firefox is used very little, just because compared to Safari it is still sluggish on Mac)

On iPhone: tried NextDNS (and few more things) but result was such a mess that I stopped.


Desktop and phone: Firefox + uBlock.

Router is OPNsense with its own validating recursor, domain blacklist, and routing blackhole.

Phone runs a private VPN to my router when not on my home network.


Brave


I wonder why this one is not higher up, as the blocking works like a charm

I do have problems updating it on my MacBook though


Got a pihole a few years ago, works like a charm. The only annoyance is when you actually look for produces and nearly all links in google are dead due to ads.


Add *.google.com to the blacklist: problem solved.


This was a major factor in getting a Kagi subscription for my wife.


My home wireless network uses two SSIDs. One uses Pihole as it's DNS server and the other just 8.8.8.8. That's handy when too many domains are getting blocked and you could just swap over and back.

Then i use Noscript in Firefox. I also have a VPN server setup whose DNS uses the same Pihole too.


Firefox + uBlock origin on the desktop and Safari + AdGuard (browser extension, not DNS) on iOS.

I also use the OISD (https://oisd.nl) blocklist for DNS level blocking with NextDNS. OISD prioritizes functionality over blocking, which is exactly the way I like it for DNS level blocking. Never had to manually whitelist anything.


Chrome with Ublock origin until June 2025, as "browsers using the ExtensionManifestV2Availability policy will be exempt from any browser changes until June 2025". Discussion on how to enable: https://news.ycombinator.com/item?id=41812638


Ublock origin on desktop browsers.

Pihole with the default ad list and additional ones to block some social media sites.

Then Pihole is configured to use Cloudflare 1.1.1.1 for families, and I use the adult+malware filter.

I’ve got WireGuard running on the pihole server to make this all available for mobile devices when out and about.


- Pi-Hole can run on OpenWRT if your router is powerful enough, on a Linux box, in a Docker container, and on a Synology. You don't need a Raspberry Pi to run it.

- Look at https://nextdns.io as an alternative.

- I use uBlock Origin and NextDNS at home.


I have PiHole running on a Raspberry Pi 4, along with a couple of home automation services. PiHole acts as my DNS and DHCP servers, and works GREAT! Plus, I'm able to manually block sites on a per-client basis (such as when my kids are on YouTube a bit too much)


For ad blocking on OpenWRT, you could try AdGuard Home

it’s pretty straightforward to set up and works out of the box. Also, if you’re building any sites yourself, something like GetProduct dev could be useful for subtle monetization with affiliate links instead of cluttering with ads.

Keeps things clean!


uBlock Origin in Chrome and Arc.

I don't like the idea of network level blocking because I have to disable my adblocker due to broken websites on a fairly regular basis, and disabling a network blocker is just too much hassle, especially when thinking about DNS results caching etc.


I feel sort of odd never having installed an ad blocker, but firefox must do some stuff also because a few websites still complain and tell me to turn it off, whatever "it" is. I'm pretty good with the youtube skip button does that count?


Likely referencing Firefox's enhanced tracking protection.

You can control it with the lil purple shield icon to the left of the address bar (not that you're obliged to disable it for some website just because they asked, of course!)

https://support.mozilla.org/en-US/kb/enhanced-tracking-prote...


+1 informative!


Using Lightening, Fulguris and Privacy Browser browsers on Android with the with the ad-block setting enabled and turning off JavaScript are my main methods.

Turning off JavaScript in browsers is magic, it works everywhere, PCs, Android, Windows, etc. It not only kills ads but almost all of the other garbage that website programmers do to deliberately annoy the hell out of web surfers.

JavaScript programmers take note: turning JS off makes the web sing, up goes the rendering speed, pages appear much, much faster, and all that jerkiness disappears, and most of the spying on users also disappears. Web pages often drop from 7 or 8MB per page to as low as several hundred kB—that's over a 20:1 reduction in download size! It's a magic solution.

Websites that won't render with JS turned off I simply bypass, as they say "there are plenty more fish in the sea" — many more webpages than I can ever hope to visit in a lifetime.

If only users knew the advantages of turning of JS many more would do it. Remember, JS is there to mostly benefit advertisers and website owners who want to spy on users—it's not to benefit you the user!

Despite what they say almost everything that can be done on the web can be done without JavaScript. Sorry JavaScript programmers and aficionados, it's just a fact.

Turning JS off is one of the few remaining defenses we have against you nasty advertisers and website owners.


Windows - Firefox with uBlock origin Android - Private DNS: adguard.adguard-dns.com


DNScrypt-proxy on openWRT + Unified blocklist text file is far superior than any of the alternatives in the comments.

It’s not an ”out of the box” solution. But when it’s set up you get encrypted DNS requests and network wide ad blocking.

All in a few megabytes.


OpenWRT, Adguard, Firefox strict, drop cookies, no-script or ublock origin.

I’m trying Quad9 on the upstream DNS but not very familiar with it. What y’all think?

I view these as security and telemetry blockers primarily, they happen to block a lot of ads too.


currently just firefox + ublock + a host of other extensions i've picked up over the years

i used to use pihole, and i'll totallyyyyy get around to setting my homelab back up soon ( and adguard home is also on my radar :3 )


I've got one of the Steven Black hosts files. Besides that I have Floorp set up with uBlock Origin and NoScript. On Brave, Edge, and Chrome I don't have anything special set up.


I have PiHole running on a cloud VM that’s a part of my Tailscale network, and I configure Tailscale to use it for DNS resolution so that everything in my network has access to it.


After piHole and AdGuard app in the router now my wide used solution that works it to override dns settings to adguard, works in maaany routers i have tested.

AdGuard DNS 94.140.14.14 94.140.15.15


https://adguard-dns.io/en/public-dns.html go to Our server addresses > Plain DNS > default servers


Perhaps convoluted for average user, but for me it's on-demand VPN + proxy + DNS with heavy filtering on NS and proxy.

All my devices are connected to it all the time.

Works great with no issues for many years.


Firefox, ublock origin on desktop and on phone. Also AdAway on phone. They are usually pretty aggressive and can break things, so I don't use any network wide blockers.


In case you have an older webOS tv and don’t want to setup a home media server: https://rootmy.tv/


That has a very narrow target. I have an old webos TV and it's been patched for these vulnerabilities years ago.

People who never connected their TV to the Internet maybe...


uBlock origin, or just avoiding the site if it doesn't work.


uBlock Origin with Firefox on desktops, DNS66 (was AdAway in the past but it started crashing) on Android, and I don't have any other devices.


Adguard on my iphone.

Firefox with Ublock Origin on my browser.

Youtube Premium family plan.

I tried pihole but it just caused way too many small hiccups that annoyed my family more.


uBlock Origin on Chrome. Which any day now will become uBlock Origin on Facebook.

DNS ad blocking doesn't work well anymore, too many sites block you if you use it. But I use NextDNS for my mobile devices anyway because there's nothing you can easily use that's better. Firefox does have an Android build that will load uBlock Origin but I am still using Chrome on my phone.


nextdns for whole network dns if you don't want to host yourself. if you feel like hosting, there is pihole and adguard home.


Either ublock origin with all filter lists checked

Ghostery with ad-blocking, anti-tracking and Never Consent enabled with Fanboy's Annoyance List added to custom filters

Mullvad DNS

https://mullvad.net/en/help/dns-over-https-and-dns-over-tls


You do not need all filter lists checked in uBlock. Maybe 3 or 4 + what it gives you out of the box.


I use PiHole along with YogaDns which is a great little windows app for managing your dns config.


Firefox with uBlock Origin, Privacy Badger, I still don't care about cookies and NextDNS.


I have GL-inet brume 2 which runs in drop in gateway mode alongside my main router, and on it I have AdGuard home


1. Fallback Adblock DNS Server (root)

2. pi-hole

3. Firefox with ublock origin

4. wireguard VPN


Ads pay for much of the content we consume or services we use, my policy is to give a site a chance to show that they run ads in a respectful way- that is, ads don’t interfere with the user experience. If they abuse ads, then I block them, otherwise you’re basically stealing content.


It sounds like a small network with no need to block outbound 53.

Nextdns.io for out-of-the-box if you can’t run pi-hole.


I don’t use an ad blocker on any device.

Despite claims to the contrary by people here on HN, it’s fine.


I guess having my device run code that doesn't benefit my experience, unnecessarily consumes resources, and comes from somewhere I don't know is technically "fine". To me, it sounds like a security, privacy, and efficiency nightmare.


Just a browser adblocker extension but I intend to set up Pi-Hole soon.


Iridium browser with Ublock Origin on my Mac and Wipr with Safari on my phone.


pfBlockerNG on pfSense does industry-standard DNSBL and IP filtering. That'd be an entirely separate alternative to what you just set up though, and quite a bit more complex.


Orion browser with native ad-blocking does the job for me.


ublock origin in my browsers, Adguard home in my OpenWRT router, setup to block various chinese cloud providers, facebook and other unwanted 'malware'.


U block + zen (firefox fork basically)

really love this combo

On android brave browser


At home Pihole, on mobile Firefox + uBlock Origin


Don't waste your time with dns adblocking.

If you are serious about network side blocking do tls interception (lmao) but that is a lot of maintenance, adds other attack surface and the average openwrt device isn't beefy enough for such things.

Firefox and Ublock Origin against ads.

There is cooler stuff for Openwrt. Mesh nets between friends, to share internal services. Just tinkering with and learning about network stuff. Adding ipv6 to tunnel if isp doesn't support. Having Wifi whose autochannel doesn't suck.

Dual Antennas -> Sword fighting. Only fun with multiple devices and dabbling with mesh mode or throughput maxing. In ax dual channel 40mhz +160mhz bandwidth the throughput is faster than some cables.


A combination of Pi-Hole and Tailscale https://dancocos.com/2024/10/20/Tailscale-and-Pi-hole-ad-blo...

tl;dr * It works across all devices (will block ads on the DNS level when using your phone on the cell network you usually cannot set the DNS servers in this case) * To disable ads for minutes just disconnect from TS or deselect "Use TS DNS."


Brave web-browser


a docker of pihole on laptop, adaway on rooted android phone.


Ive got enough "mental fortitude" not to really care that much about ads.


The ad industry is very proud of you


hosts file is a really nice global block


I use the one at https://someonewhocares.org/hosts/

It seems to be all I need. I like that it blocks the crap on all browsers without needing to install extensions. Youtube is still practically useless though.


I often use it for self controlling my Hacker News and Reddit addiction.


Firefox + ABP


Safari + Ka-Block! + Vinegar


Brave and Controld.


uBlock Origin

Qubes OS

Mullvad Browser

Tor Browser

OpenWRT router uplinks to [insert VPN provider] automatically

NewPipe

Kodi

BitTorrent


I don't. I pay for premium services which I use often (YouTube and YouTube music mainly) and am okay with free sites funding themselves by showing me ads


lol…good for you man.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: