Steps towards a more private life, one DNS at a time.

Just about 2 weeks ago I finally installed a Pi-hole on my home network. Pi-hole is an ad blocker that blocks ad queries for your whole network, on DNS level.

Now, I don’t particularly mind online ads; I don’t like them either of course, heck, if I use a service and there’s a paid version, I’ll pay for the ad free version. I do this with most of my Android apps, player.fm (a separate post in itself), Inoreader (another separate post), and for example I would do this happily with Twitter. Or Youtube, but of course Red is not available where I live because Google, and installing a VPN so that I can pay for something seems a bit too much self humiliation. (And yes, I do understand ad supported art is important, although in that respect I am more into the patron supported model.)

What I do mind though, is my kids being exposed to ads. They won’t (can’t) pay for ad free stuff, and they can’t control well enough what reaches them and what to say no to. They are also more susceptible to dark patterns in ads. (And before you start saying I should control it; yes, we try to. But not possible to a 100%.) Bottom line is, I want them ad free in our home at least.

Pi-hole is very convenient: you sacrifice a Raspberry Pi (I’m using an old 2B that is happily serving my home of ~12 devices with a load close to 0, temperature of 41.2°C and a memory usage of just over 16%; you are probably perfectly fine with a Zero), install a base Raspbian (plus whatever you want on it; for example, mine is also a Bluetooth audio sink project) and go to pi-hole.net. You copy the one command you see there (after reviewing their source code of course), and answer a couple of questions. And boom, you have a working Pi-hole. Oh, you also have to set it as the default DNS for your home network — you would typically do this on your home router that provides DHCP for the network. Also, you probably want to minimally harden your Raspbian: change or lock default users, install unattended-upgrades, etc.

As I said, I’ve been running my Pi-hole for 2 weeks: one week of “closed beta” (closed from my wife and kids), and one week fully operational.

Conveniently, on 1/Apr (no joke) Cloudflare has introduced 1.1.1.1, their new privacy focused, faster DNS. So I quickly changed upstream DNS to 1.1.1.1 (and 1.0.0.1), and entered ad-free, fast browsing heaven. You should change to 1.1.1.1 too by the way, regardless of whether you install Pi-hole on your network.

The nice thing about Pi-hole is it provides a nice dashboard with some stats for the stats geeks like me. For instance, a recent 24 hour period looked like this:

Not bad, although I saw this past saturday Blocked percentage climbing to as high as 20%. Also remember, this is only about DNS queries. It gives a good indication of amount of ads, but not, for example, the amount of data you save by not even downloading said ads (as DNS points to elsewhere, of course).

The only direct downside of the Pi-hole I could find so far is lack of redundancy. If my Raspberry Pi goes down and I’m not there, the family is without internet. Luckily Raspberry Pis don’t go down often, I have Kodi mediacenters in the house running for years. I just hope the Pi-hole doesn’t overwhelm the microSD card of the Pi.

The other downside of course is that it’s local. Starting up an ultra-lightweight vm just to run the Pi-hole could be an option, but considering the hassle, it might just be easier to simply have the Disconnect plugin on my laptops, and, well, accept the concession of ad content on my phones. (Or pay for the premium that I just discovered exists for mobile.)

It could also use some additional remote management support improvements: a browser plugin to add ads to the blacklist (or an API to support this and let the community do the rest); easier remote admin, maybe AD or other SSO support for company use; and, while keeping the free/patron supported version for single/family users (to stay in line with the mission), an extended or premium support for companies. Maybe some alerting… but then very quickly we are in the realm of a product with a different focus, so maybe not.

In summary though, I like the initiative. Deserves a donation!

2 thoughts on “Steps towards a more private life, one DNS at a time.”

  1. Pingback: Gergo Lippai

Leave a Reply

Your email address will not be published. Required fields are marked *