🙅♂️ Whole network ad blocking
September 02, 2019
Article after article I read about how insidious online advertisers are. We are being tracked everywhere we go on the Internet, and off to a certain extent. I don't mind paying for services. I have been a YouTube Premium member for years. It brings me value. I pay for it. I have said I would pay for Facebook not to track every little thing I do. It's creepy, nobody likes it.
There are a slew of ad-blocking extensions for every browser out there. Some are good, some not. Watching an episode of Linus's Tech Tips the other day, "Block EVERY Online Ad with THIS" I became inspired. I had a couple retired Raspberry Pi 2's previously running Rasplex in the basement.
Within 25 minutes of Linus's how-to article I had Pi-Hole up and running on my entire network. Pi-hole can do ad blocking for every device on your network. After I set it up I updated the whitelists and blacklists.
I'll spare you rewriting an already good how-to article but I will say that it's been running on the entire network now for a week, flawlessly. The dashboard is great, I can see what has been blocked, quickly whitelist if needed, and tweak to my heart's desire. The Raspberry Pi now lives atop my switch. I couldn't be happier.
Recently ISP's have been have been grumpy about Google's plans for encrypted DNS. This is via DNS-over-HTTPS, or DoH, which encrypts your DNS requests so that your ISP cannot track and sell that information. Quickly after setting this pi-hole up I ran into an article by Scott Helme, "Securing DNS across all of my devices with Pi-Hole + DNS-over-HTTPS + 188.8.131.52". In this article he details how to get how to get cloudflared running on the same Raspberry Pi. This is done through Cloudflare's 184.108.40.206 service using their argo-tunnel. Following Scott's instructions this was up and running in no time.
I would like to setup Let's Encrypt as he explains in the Bonus Round of the article. I think that would be a nice topping on the security cake. For now, I a happy knowing my ISP is no longer snooping on my DNS requests, they are probably also faster on Cloudflare's network, and I am blocking many many ads from all of my devices.