It is crazy what kinds of BS you find when you run something like Little Snitch for OSX. On a fresh install of Firefox before I've had a chance to download adblock, there are two dozen popups requesting outbound connections... most of the time, I have NO idea who is behind the request or what these request really want. This is just the start page... news pages are even worse.
Run some apps with Little Snitch turned on and you see the same thing. Tons of outbound requests to domains that I have never heard of and have no idea what they want on my machine.
I just block everything with reckless abandon. I don't give a shit if my "experience" is degraded.
Frankly, with small kids in the house who I would like to protect to the extent I am able... I am considering installing Pi Hole and whatever else I can find in addition to the spartan whitelist I've set up for them to use via parental controls.
Funny, I just bought my first RPi in order to run Pi-Hole. It works decently from my daughter's tablet. I enabled it on the router so the whole house is covered, but due to uBlock I hardly ever see ads on computers. The nice thing is having "boring text" instead of colorful ads on tablets makes them a much smaller target for kids to tap on.
I will say that the installation process can be somewhat painful if you deviate from the norm. I didn't want to use Google DNS and instead opted for OpenDNS, plus I wanted my own directory structure, etc...
Disabled all ad-blockers and still don't get ads, and the whole experience seems faster. Presumably it takes longer for JavaScript-based utilities to block ads compared to just blackholing them in the hosts file? Anyway, might get a Raspberry Pi or just use an old small form-factor PC with it's own DNS server running the same list.
It then installs an updater via cron to check for updated lists every week.
As to your experience with speed, I'm kind of surprised. The only time I noticed a speed difference is when I blackholed domains in the hosts file that didn't resolve to a valid web server (i.e. resolving to 127.0.0.1 without having a web server running), and that's the opposite of what you describe. The pi-hole script also installs lighttpd to serve up a placeholder page, and uses some tricks like mod_expire to improve performance.
Little Snitch is basically a user-friendly general-purpose application Firewall. When a connection hasn't been whitelisted before, it pop up a dialog box allowing you to accept/reject connection to a host/domain/port permanently/temporarily.
uMatrix does not protect you against 'malicious' connections initiated by non-browser applications. Little Snitch does not provide the fine-grained URI-level filtering that uBlock/uMatrix provide.
Edit: if you have a Mac, Little Snitch is well-worth the money. It is very polished, does the job, and the developers are not greedy (I think I purchased an update once after I started using it in 2007 or 2008).
Maybe, but I haven't found anything as polished as Little Snitch. The level of control is amazingly high. I really don't use it to the full extent with profiles and the like. I set up some basic rules and let it work for awhile, then I pick and choose what to allow/disallow permanently... like a King :P
It's one of the first things I install on my Macs. Worth every penny.
Then add iptables to that list and I think you're set :-) seriously, all due respect to Little Snitch - I've heard a lot of good things about it and I'm sure it's much easier to use than the raw tools. But I doubt it's doing anything that can't be done with tcpdump/iptables.
Run some apps with Little Snitch turned on and you see the same thing. Tons of outbound requests to domains that I have never heard of and have no idea what they want on my machine.
I just block everything with reckless abandon. I don't give a shit if my "experience" is degraded.
Frankly, with small kids in the house who I would like to protect to the extent I am able... I am considering installing Pi Hole and whatever else I can find in addition to the spartan whitelist I've set up for them to use via parental controls.