We can block trackers and ads while we browse the web with Firefox. But there are still a lot of apps and connected devices that may be tracking us. By setting up network-level ad blocking through DNS, we can further protect our privacy and prevent annoying ads. We will be using Pi-Hole, an excellent free and open-source solution.
This is the sixth post in a series about protecting your privacy by self-hosting, while attempting to maintain the conveniences of public cloud services. See the bottom of this post for a list of other topics covered in the series.
In my previous post, I described how to set up Firefox to protect yourself online with add-ons and settings.
1. Purchase the Necessary Hardware
While Pi-Hole runs on desktop PCs as well as under Docker, I chose to run Pi-Hole on a dedicated Raspberry Pi. This allows me to keep the system running all the time and not be dependent on another system or server that may be rebooted more frequently. Although the Raspberry Pi 4 is now available, Pi-Hole runs great on a Raspberry Pi 3. At time of writing, you can pick one up with case, power supply, and microSD card for around $50.
2. Install OS Pi-Hole
I installed the standard Raspbian Linux distribution that is provided by the Raspberry Pi foundation. The Lite version works fine, as you won’t need to run any GUI software on the system.
After you get your OS up and running, follow these instructions to get the Pi-Hole software installed. It’s very easy, and you simply need to follow the prompts on-screen.
3. Configure your Home Router
Next, you’ll want to configure your router or DHCP server to point DNS requests to your new Pi-Hole system. Simply follow these instructions. Again, it’s quite straight-forward.
4. Configure Pi-Hole
Out of the box, Pi-Hole is already configured to do pretty much what you want already. The primary option is to configure which upstream DNS provider to use. From the Settings menu on the left, you can select DNS to see your choices. I have mainly been using OpenDNS but you can choose any one you like or specify the IP addresses manually.
My personal blacklist as of this writing:
Regex & Wildcard Blocking
Windows 10 has some built-in telemetry that is not so pleasant. Microsoft lists the host names of the servers that Windows will connect to automatically. I would recommend viewing this list and adding them to the Pi-Hole blacklist as you desire.
I purposefully don’t use a lot of “smart-devices” like TVs as most of them collect lots of viewing or other personal data. If you do, you can watch the Pi-Hole logs and then blacklist hosts that you feel are not appropriate. Just watch the Query Log in the Pi-Hole web interface.
There are some cases where you want to unblock a host. You can do this with the Whitelist feature.
5. Configure VPN Clients
If you set up your own VPN as described in the first post of this series, you can also configure devices connecting to your VPN to use your Pi-Hole DNS server.
Simply add this line to the client configuration files (.ovpn):
dhcp-option DNS 10.10.10.252
Make sure to set the IP address above to the actual IP address of your Pi-Hole system on your network. This is especially nice if you are only routing traffic to your home network through your VPN (as opposed to all Internet traffic). This allows you to use your Pi-Hole DNS server while browsing the web as usual on your phone or other mobile device. I even use this on my PC at work.
We’re another step closer to our self-hosting goal.nLater in this series, I’ll cover hosting alternatives to Gmail and Google Photos.
This is the sixth in a series about protecting your privacy by self-hosting, while attempting to maintain the conveniences of public cloud services.
- Setting up OpenVPN
- SMB File Server with Automated Backups using Rsync/Rclone
- Note-taking with Nextcloud & Syncthing
- Movies and Music using Emby
- Protect Yourself Online with Privacy Tools
- Ad and Tracker Blocking with Pi-Hole
- Email, Contacts, and Calendars
- Bookmarks and Browsing History using Firefox Sync and Accounts Server
- Photos and Home Movies using Custom Tool
Amazing series! I have been comtemplating this for a while and finding your articles is just the motivation I needed!
Please keep it up and I was wondering the best to way to reach you (possibly) if you offered any advice or collobaration of ideas.
I wanted this for mobile without wireguard to home so I now use DoH NextDNS. At home I use pfSense features for hosts blocking. Same idea.
Gotta prevent apps from STEALING mobile data for ads or STEALING other data.
Comments are closed.