Pi-hole is wonderful for blocking ads, but It doesn’t do as much for protecting your privacy as some people think. For the most part, it passes your DNS requests over unencrypted UDP to upstream servers, which means that your ISP can, and does, spy on those requests - even if you’re sending them to Cloudflare/Quad9/NextDNS. I wish that folks understood the scope of DNS snooping done by ISPs. It’s far easier than unencrypted SNI snooping to build out.
It seems like the best way to block ads and protect privacy is to run another resolver (cloudflared, NextDNS proxy, etc) in parallel. It’s extra work, but the privacy is probably worth it. I look forward to PiHole directly supported encrypted DNS over TLS or DNS over HTTPS/QUIC in the future.
In the mean time, if you want to avoid running an upstream resolver in parallel, AdGuard Home supports native DNS over HTTPS/TLS/etc.
I dont use pihole but I wasn't into my local ISP knowing about my dns queries so I run unbound with dns over tls and it communicates with the root servers. It works really nicely so far and I avoid the various dns censorships by my ISP
I agree. It's all about what you're protecting yourself against.
I'm protecting myself against malware and insane ads and arbitrary tracking from every site I go to.
I accept that my ISP knows what sites I go to, because I'm not running a full time VPN. For many sites, just the IP address is enough to infer what you're going to.
I agree though, if someone goes through the effort of setting up pihole, it isn't too much further to set up cloudflared and have DoH or something... then only Cloudflare knows what sites you see!
Indeed though this is not a problem in Europe as such, ISPs are not allowed to.
Of course they can do it anyway as it's not very detectable. The process is completely undetectable in fact but you can monitor for the effects by setting up a domain only you know about.
Love pi-hole! I’m running it on a tiny ROCK Pi S[1] next to my router and haven’t had any issues whatsoever.
Always amazed at the amount of requests blocked by just the default list included with pi-hole. Although I’m a bit concerned that more and more apps/devices will start using DNS over HTTPS to get around pi-hole like solutions…
I wonder what the differences are in these 3 versions. Their home page doesn't mention them.
It's a great product though. I know it's basically a wrapper around dnsmasq. But the ease of use takes it from an item on a todo list to figure out some rainy day to a piece of software even many non technical people have running.
It seems like the best way to block ads and protect privacy is to run another resolver (cloudflared, NextDNS proxy, etc) in parallel. It’s extra work, but the privacy is probably worth it. I look forward to PiHole directly supported encrypted DNS over TLS or DNS over HTTPS/QUIC in the future.
In the mean time, if you want to avoid running an upstream resolver in parallel, AdGuard Home supports native DNS over HTTPS/TLS/etc.