Hi, Just installed OpenWRT.
Which solutions for ad blocking and other trackers would you recommend?
Pi-Hole is not a option, since I don't have one laying around.
So anything else I can try which will work out of the box? For links and guides I'd be happy. PS: I got dual antennas what would come into your mind to do with it?
I can switch to cloudflare DNS in Firefox to circumvent DNS routing which is occasionally necessary, mostly to make email links work.
On Apple TV, I have the NextDNS profile installed, but it still doesn’t work.
Most of the community forum posts on NextDNS don’t get any answers. I’m sure the DNS servers exist, but the clients and the configuration options have not been supported by the creators.
I wouldn’t recommend NextDNS to anyone because of this apathy by its creators.
https://www.eff.org/pages/privacy-badger
I've never had the former happen, but it's something to be aware of.
Tangential topic: I see some suggestions for NextDNS here as an additional layer. I can’t speak for Android, but if you’re looking for iOS/iPadOS/macOS/tvOS, note that NextDNS does not work well on these. The app hasn’t been updated for several years and toggling on the app does nothing (I like the app because I can quickly switch it off and on when needed, which cannot be done with a profile). Most of the time the test page at test.nextdns.io shows as “unconfigured”. Even the profile installation approach does not work on Apple TV (I’ve tried this a few times). Overall, the NextDNS servers around the world exist, but there is zero support and maintenance on the client side for the platforms I mentioned. The community forum has posts about issues that the founders don’t respond to.
At least on macOS, I have Little Snitch that acts as a system wide blocker (one can subscribe to blocking lists just like in uBlock Origin).
Ad blockers pretty much all rely on community-maintained block-lists, there are always going to be mistakes in those that break some sites, or some sites might not act well when unable to send ad/tracking events. I recently had an issue booking a train, which was because of this, turned off the ad blocker and it worked fine, not something that's as easy to do with network level blocking, especially if it was set up by someone else and you're not a technical person. Not booking the train because their site is bad is not a realistic option.
> but if you’re looking for iOS/iPadOS/macOS/tvOS, note that NextDNS does not work well on these
If your situation supports it I've had zero issues (since May 2021) using NextDNS via tailscale[1] on all of the above devices[2].
I do realise it's not feasible to ask people to set up a VPN just for some adblocking but it's a decent option if you were going to do it anyway :)
[1]: https://tailscale.com/kb/1218/nextdns
[2]: Yes even tvOS: https://tailscale.com/kb/1280/appletv
Phone: Hyperweb (for redirections to alternative frontends) + AdGuard Pro + ControlD DNS-over-HTTPS
Router: ControlD DNS-over-HTTPS
If you're using OpenWRT, check out AdGuard Home. But keep in mind that DNS blocking solutions aren't going to be as effective as tools like uBlock that review the DOM and apply styling filters. Both would work hand-in-hand.
[0] https://nextdns.io [1] https://github.com/openwrt/packages/blob/master/net/adblock/...
The software runs fine on a lot of hardware. I have it dockerized (via ansible) and deployed on a couple of regular mini-PCs.
You can run it on a lot of hardware these days, or containerized.
Check out running dnsmasq with dnscrypt-proxy too.
After 15 years of using NoScript this way I have developed a sixth sense for the minimal set of individual hostnames/ips need to be JS allowed on a typical site. I'm quite fast at it. But wix.com hosted sites and others like it that have one JS domain required to load another and so on serially 5x deep I just close rather than refreshing the page 5 times.
One advantage of using only a script blocker in favor of a proper ad blocker is that I don't shut off reasonable ads but only the ones that do shady stuff with a lot of computation and tracking on the client PC.
uMatrix has the advantage that it additionally blocks cookies by default, making the tracking even harder.
https://openwrt.org/docs/guide-user/services/dns/adguard-hom...
[1] https://stonegray.ca/dns/#performance
Edit: for the curious, I use technetium as the server, nginx to proxy it (security stuff, prioritize traffic from my zerotier network, do DNS/DoT translation, etc) and docker/letsencrypt/watchtower/netdata for auto updating and status reporting, packaged as a single docker compose I can deploy easily.
I've kept de blocklists in adguard home small, and then it works fine, but if I add hundreds of thousands of blocked domains, it gets painfully slow on my Edgerouter X running OpenWRT
Tangential question - what is the best solution for iPhone? On Androids you can use Firefox with uBlock, but it seems none of the Safari extensions on iPhone actually work, I tried some paid ones too. Brave seems to work decently well, but I have no idea why - if other browsers have some OS limitation, how does Brave go around it?
Deleted Comment