URL filtering with Pi-hole

Avoiding Legal Worries

Unlike a proxy filter, filtering using Pi-hole does not directly interfere with your users' data packets. Despite this, Pi-hole logs the systems' DNS calls. An administrator could use the Pi-hole logs and the DHCP leases of the underlying dnsmasq to determine exactly when a specific user issued a specific DNS query. The request can be traced back to the workstation via the MAC address. Short lease times in the DHCP segment help to make this more difficult. For example, if you specify a time of four hours as the lease time, clients need to request an IP address from the DHCP server every four hours. The client usually tries to renew and reuse the already existing IP, but if users turn off their workstations overnight, there is a high chance of them receiving a different address the next morning. The administrator can reliably trace a request back to the source for the time of an IP lease.

Finishing Up in the Browser

Thanks to DNS-based Pi-hole, you have already removed a large part of the unwanted content from the data stream. However, some content remains if it can hide from the filter or it is actually included in the original source URL. The only thing that helps to get rid of the last remaining trackers and ads is a browser plug-in. From the mass of available add-ons, we picked two at this point: Ghostery and AdNauseam.

Ghostery is one of the most popular and reliable ad filters. Besides the plug-in for Chrome and Firefox, Ghostery is also available as a ready-to-use browser, based on the Chrome source files. This also means that Ghostery runs on smartphones and tablets. It makes a big difference whether you watch YouTube videos on your phone in the unfiltered app or via the regular YouTube website within the filtered Ghostery browser for Android or iOS.

AdNauseam adds a special feature to the plain-vanilla filter function. Although the filter does not display the embedded banners in the browser, the plug-in clicks on all advertising links in the background. Advertisers seek to present personally tailored ads to users. This means that advertisers can create a profile of a user's browsing behavior by analyzing the kind of ads that users click on. AdNauseam waters down your profile: If you seem to be interested in everything from sports betting to laxatives, the advertiser can't create a personalized profile at all.

This filter is recommended if you have already created profiles for your browser and you are repeatedly confronted with the same advertising topics. However, the tool is controversial, because advertisers often have to pay for banner clicks – whereas you as a user then do not get to see the paid content. Google has therefore removed AdNauseam from the Chrome Store and you need to set up the plug-in manually as a Chrome user. The automatic installer is still available for Firefox.

Conclusions

If you are fed up with the flood of ads on the Internet and do not want to be tracked, the combination of a DNS black hole and a browser plug-in will be a big help. As a side effect, tools such as Pi-hole can also fend off phishing attacks, as many of the known phishing URLs are already blacklisted. Ghostery, as an established add-on, then also removes the remnants of things that Pi-hole cannot block.

Infos

  1. Pi-hole: https://pi-hole.net
  2. GitHub Pi-hole filter lists: https://github.com/topics/pihole-ads-list

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • The sysadmin's daily grind: Pi-hole

    A strange rule seems to dictate that the most useless products and services have the most annoying online advertising. Columnist Charly blocks the garish advertising for all computers on his network centrally with the Pi-hole tool, which is not only for Raspberry Pi devices.

  • Privacy Appliances

    A Raspberry Pi with the right software filters out annoying ads and nasty trackers for end devices on your local network.

  • FOSSPicks

    The promised profusion of extra time has failed to materialize for Graham this month, leaving him with too many synth kits to build, a table littered with components, and a leaking toilet.

  • Mistborn

    Mistborn bundles important Internet services on your home network and secures them with a WireGuard VPN tunnel, Pi-hole, iptables rules, and separate containers.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News