DNS-based ad-blocking (like Pi-Hole)

Summary
Pi-Hole is an ad-blocking DNS server that can be configured as the DNS server on all devices in the network. It blocks ads by resolving all DNS requests for known advertising and tracking domains to localhost.

Problem
Pi-Hole is distributed as a Linux distribution installable on a Raspberry Pi. This would create the necessity for an additional SBC just to block ads. Integrating this functionality into FreedomBox itself would be more useful.

Solution
The most straight-forward solution is to Debian package and integrate Pi-Hole into FreedomBox.

Alternatives
Implementing Pi-Hole’s features in FreedomBox.
We already have a DNS server called BIND in FreedomBox. If we pick up a hosts file containing advertising domains (e.g. https://github.com/StevenBlack/hosts), configure the DNS server to use the list and expose it in a user-friendly way, we can provide the functionality of Pi-Hole (without the fancy dashboards).

4 Likes

Pi-hole seems to be a DNS sinkhole that can simply block by domain, or regexes matching domains. So it and njoseph’s suggested program can resolve any subset of domains to localhost. Third-party scripts and cookies, tracking pixels, hotlinked images/videos/soundtracks, even certificate authorities (some of which have been dodgy); any domain that is used just to run stuff you don’t want. Sort of like a generalized Noscript, only it would avoid actually loading the thing as well as avoiding running it, which should be better for bandwidth and privacy. Unlike NoScript, I don’t think it could distinguish third-party from second-party scripts unless it caught referer headers (and users had referers enabled).

I think such a program needs whitelists and blacklists, with a few criterion-based default lists to choose from, and an ability to edit the lists as you go. I do think a transparent NoScript-style notification of ~“X has been redirected, click here to override/here to nominate for whitelisting” would be good, since the goal of this is not to deceive, censor, or frustrate. You could make up a randomly-named njosephs_DNS_sinkhole_override_randomstring pseudodomain that would redirect to the actual domain.

Noscript-style surrogate scripts would be useful. For instance, automatically replacing the standard third-party MathJax scripts with local MathJax processing would be a really useful bandwidth-saving functionality, until such time as browsers actually implement the MathML standard. This could be done by redirecting to somewhere specific on the localhost, with the added benefit that you could use this to render equations for your own hosting.

Personally, I don’t object to reasonable non-tracking ads, but in practice, almost all ads require third-party javascript. There are other problems that need this redirect approach. For example, Google considers that watching a YouTube video gives them consent to override a “Do not track” browser preference.

I’m not sure that involuntarily seeing part of a YouTube video (which has randomly started in the background) while frantically trying to make the annoying thing shut up and stop playing constitutes a valid legal consent, but… any Google employee who perceives this text legally commits to make all of their tracking systems both opt-in and maximally separate from functionality, and all their open-source software and its derivative works copyleft under a GPL license. That’s that fixed :slight_smile:.