What finally got me to setup pi-hole on an old Raspberry Pi was getting an LG OLED TV. The webOS apps for YouTube and Plex are pretty convenient, but the TV was absolutely packed with ads via the home screen and pop-up toasts. To add insult to injury, the home screen would lag for several seconds at boot while it pulled down all those ads. And then I discovered that even after opting out of all the telemetry options, it was making DNS queries for _several_ data mining services that analyze what's being shown on the TV. I didn't Wireshark it to see what API calls it was making, but clearly opting out in the menu wasn't enough. After some passes of scanning the pi-hole logs and adding to the blacklist, my TV is snappier and ad-free. :) Definitely will not be going with LG for my next TV, though. It's mind blowing to me that this is the user experience on a TV that costs over $1k.
As for the pi-hole setup itself, it's working great. It's a great backup to locally installed adblockers, and I have my EdgeRouter as the primary DHCP DNS server, which makes requests to pi-hole. Both the router and pi-hole have caching, and my DNS query latencies are good. Pi-hole also has a nice interface for pointing `.local` domains to local IP addresses, which is much easier than messing with dnsmasq settings on the EdgeRouter.
Wait, you want a telescreen that doesn’t watch you back? Citizen, this is ungood crimethink. Plusungood crimethink!
Thankfully, it’s almost unpossible to buy a telescreen without telemetry (and always has been), so Big Brother will know what you are doing. But you should still stop by the local MiniLuv for reeducation, just in case.
Probably all it would take is defining peoples private property to include their personal information and “generated data” or something. Might even be something a suitable legal eagle could win in a lawsuit.
I emailed the LG CEO and some of the executive board and said (in colorful language) that the only reason I bought this TV was because the quality was unmatched. For the moment LG is the only vendor where I can get an OLED TV like this. But as soon as there are competitors I will remember never to buy LG again for the terrible ad and tv menu experience. I also said how annoying it was that you commit to a particular smart assistant (google or alexa), and the TV will nag you to set up Alexa. I made my choice leave me alone.
The analogy is Tesla is the only one making good electric cars. When there's competition, I will never buy Tesla because of the shitty experience.
Also for >$1k it should let you use the TV as an HDMI multiviewer. It has 4 HDMI ports on the back, let me view plug in my personal laptop on the port 1, work laptop on port 2, and divide the screen to give each laptop a "2nd monitor". Or even 2 monitors each.
What got me was when my LG tv updated itself. In doing so it broke the Ethernet connection which I was using because the wifi has an issue where it just stops all of a sudden for no reason.
I was able to resolve the wifi issue by resetting the region to another and back and turning off the auto setting for it, but frankly it’s appalling an update can go out that breaks something as basic as Ethernet.
This is one of the reasons why I've never connected mine to a network. All features thankfully work fine OOB, and I don't see any ads, but I fear that updating it would only harm the UX, not improve it.
The fact a premium TV shows ads is appalling. Does LG really need to sacrifice their brand reputation just to get that advertising revenue? Whoever is calling the shots for this decision should be fired.
I update via USB. Features do get added that improve the experience but I think that's probably and edge case because I'm using the VRR and HDR heavily as a PC monitor. I haven't had any issues except that I can't turn off bluetooth advertising and, every now and then, a neighbor tries to pair.
Reputation isn't what it used to be. Which tech news org is willing to risk the wrath of LG, losing early access, losing invitations to events.
Money can buy reputation, so as long as the revenue from ads exceeds the cost to repair reputational damage, this will continue.
This is also a case where the manufacturer takes advantage of the unstable software Zeitgeist to gaslight users into thinking this is just how things are now, it's normal and natural and if you don't like it you're old/disruptive/weird.
This is why I don't update my Sony TV. It's still on the original version of Android it shipped with. I think I'm missing out on DolbyVision, but I don't care. My TV is snappier and lacks ads that the newer software updates added to the same model.
Is it a security hole? Probably. I have it siloed away from my network on its own router with its own subnet.
I was really questioning the size of big monitors (40+) as a convergence to tv, but unusable as desktop monitor, but now it appears they are a good replacement for a tv, sans the ads tracking, spam, and crappy interface.
Don't worry, Apple TV will soon get ads and the experience will be much the same as the "Smart" TVs.
I'm pretty sure the smart features were put into TVs so they could become the one entertainment device just like those external set top boxes in the early 2000's. All consumer media hardware is headed in this direction of having advertisements, even in paid/subscription services. I base this on the fact that Foxtel (effectively the one and only paid TV service in Australia) has more ads per hour than free to air TV as people that pay a subscription are considered to have a higher income than ones that don't.
Adding ads to a product is one of the easiest ways to get a huge bonus. All of the revenue is attributed to you and most of the reputation is diffused throughout the company and only occurs much later.
This almost guarantees that at lesson one person is working on it, without a strong customer focused leadership it’s hard to say no to that amount of money.
Yes, when you accidentally tap an address and you don’t have Maps installed but you have Google Maps installed, it will entirely ignore the better maps service and force you to the Maps installation on the app store.
Maps has sent me to cornfields a few too many times to be trustworthy. It’s incredibly annoying that they refuse to let me choose google maps to open an address. Anti-trust needs to step in some day.
It doesn't compare to Frank's 2000 inch tv... But 48" is plenty. If you need more than that you can get a projector. Vote with your money and don't buy smart TVs! They're almost universally user-hostile trash.
I just use a PC plugged into my TV, and a wireless keyboard/trackpad. I don’t see a reason to get an Apple TV or similar —- typing anything is such a pain, and the trend is that no matter what, you’re eventually gonna see some ads. Ublock Origin in a browser is still working great, though.
You mean for advertising, showing timetables, etc?
Those are usually "digital signage" panels. Colors may or may not be OK on those, but there are two things to keep in mind:
1. They are outrageously expensive because they're made to be run blindingly bright 24/7.
2. They are less and less dumb, complete with ridiculously long startup times.
The company I work for uses these. And while a few years ago only the higher-priced ones used to feature "smart" features, the "cheaper" ones now have them, too. Now, in our case, we like those because it allows us to control the screens from a central location, and they don't require setting up a Raspberry Pi or similar to show content on them. But "dumb" they are not anymore.
They're typically running some form of Android or Samsung's Tizen. I don't directly use them, so I don't know the details, but a quick glance at Samsung's website seems to show that consumer models use Tizen, too.
I wonder how difficult it would be to stand up a new panel manufacturer or just tv manufacturer? The current prices of TVs makes it seem cheaper than the past, but could be just locking out entrants.
LG TVs constantly try to get you to install Alexa. To the point that it'll pop up and you'll accidentally install it when you were pressing buttons for something else. I've had to uninstall multiple times between me and visiting friends accidentally installing Alexa.
Lol, I was thinking that. I’m pretty sure in maximizing profit it’s important to figure out the limit of abuse customers will take, telling them that you’ve reached your limit is almost like saying job well done.
You could get a Sony TV, they’ve been making OLED tvs since 2017. A lot of them (all? I had a hard time finding sources on some) use the exact same panels as LG.
Just be aware that some apps will bypass the local net DNS settings and hard code Google DNS or a third party DNS. I have a firewall rule in my router that redirects those queries to my pi-hole.
I have no idea how people are going to defeat DNS over HTTPS, as it seems to mean (and please correct me if I am wrong) that allowing this thing on my network, well, I will just never be able to know what it is doing or to whom it is talking.
I happen to develop an open source, no-root, network monitor, and firewall for Android.
We let users block connections to IPs that have no corresponding DNS request. Of course, genuine reasons to connect directly to IPs exist, but not so much for installed apps.
I just found your app a few weeks ago and it's exactly what I had been looking for in networking control on android. Thank you for making such a wonderful tool!
My only problem now is that android seems to only allow a single VPN 'tunnel'/connection, so I can't -so far as I know- simultaneously use your app with a dedicated VPN service like Mullvad. Is there any easy-ish way to get around that?
In my searching around, at least one person has suggested using something like insular/Island with all installed apps, then use the 'VPN' service on the non-insular side, but that to me seems to leave open all the 'system apps'.
I don't actually expect that you'd help some rando with this, but it's super cool to encounter a maker of an app that I love, so I thought I would ask on the off chance.
> I can't -so far as I know- simultaneously use your app with a dedicated VPN service like Mullvad.
If your VPN app supports on-device SOCKS5 proxy, then that's one way to chain Rethink (check Settings) to it. Rethink, for example, can chain up to Orbot (Tor as a proxy over on-device SOCKS5) just fine.
> Is there any easy-ish way to get around that?
If not, wait until we release WireGuard integration. It has been complete for a good part of 5 months now, but we never built a UI for it and now in the meantime upstream impl we rely on (both gVisor/netstack and WireGuard) has changed, and we need to pick those changes up. Expect it to happen in a month or two, along with the UI bits.
Won't this stop working if DNS-over-HTTPS becomes the norm? There are good reasons to hope it does (looking at you, ISPs), but if it happens then you won't be able to differentiate.
To handle that scenario, we implemented a per-app network sandbox / isolation mode a few months back. An app is only allowed to connect to IPs one explicitly trusts for that particular app.
The other one is to use the web browser more (since the likes of Firefox have super effective content blockers baked in) and not install apps.
1. have separate vlan (named vspy ;) for all the external devices like appletv etc
2. all traffic to internet dns ports (53, 853 etc) is completely blocked from this vlan
3. all trafic to ips list (using ipset matching for speed) containing manually curated few dozens of publicly known DoH servers (including 8.8.8.8 et. al) is completely blocked from this vlan
In other words: use my own dns server or go away.
all services works fine (apple,google, tv/movies streaming etc.) while being in this vlan, and I see "my" devices continuously hit the 2&3 bariers.
What if they use a lesser known DOH server, or run their own in EC2?
My setup is similar (hairpin NAT for DNS to rewrite UDP 53 to my own server, seperate VLAN), but I also have squid set up (whitelist only) with TLS bumping, and have installed my root CA on the TV. The ipset method is good thinking, but you're playing cat and mouse.
With DNS-over-HTTPS, after the DNS query is performed, does the client machine then connect directly to the IP address that was resolved by the DNS query? If so, would it be possible to do a reverse DNS search on all IP addresses that client(s) connect to and block based on those results?
If your router can do it, have it route all of your DNS queries to your (pi-hole|adguard|nextdns). Doesn't matter if they are hardcoded to 8.8.8.8, anything to port 53 goes through the blocker.
Maybe not the best place to ask, but how does one do that with a UNIFI CK gen1, that is, using their Network OS?
I have a RaspPi working wonders but I suspect some devices have hardcoded connections which bypass the DNS request. Is there a simple way to forward to that RaspPi for correct “gate keeping”?
I had issues with just DNAT following some ui forum posts, and I think it's because I'm using switch0 as the interface, with devices across LAN ports on my EdgeRouter. The SNAT masquerade was the key to getting the replies from the pi-hole routed properly.
I was previously using my EdgeRouter as the DHCP DNS server, and using DNS Forwarding on switch0 w/ dnsmasq to forward queries to the pi-hole. With a large cache, this avoided a couple hops for every DNS query on my network. However, this meant that I couldn't see which IP was making the query in the pi-hole query logs, so I've flipped it so that the pi-hole is the DHCP DNS server, and the pi-hole queries the EdgeRouter, which then forwards the requests to public DNS w/ caching. I then assigned every device a '.local' domain in the pi-hole Local DNS tab, which lets pi-hole displays a friendly name for each query in the log.
For completeness sake, here's everything I needed on the EdgeRouter. The EdgeRouter was setup with no VLANs, and with all LAN ports switched w/ a single subnet (switch0 interface exists in the dashboard).
EdgeRouter:
* In the bottom left "System" pop up drawer, set "System domain-name" to "local" (or whatever domain of your choice, like "lan" or "home").
* Services > DHCP Server > [Your DHCP Server] > View Details: Set DNS1 to your pi-hole IP (make sure it's statically mapped!), set Domain to "local"
* Firewall/NAT > NAT: Follow above guide
* Services > DNS: Enable DNS Forwarding for switch0, set appropriate cache size
* Config Tree > service > dns > forwarding: set name server to public DNS server of your choicse
Pi-hole:
* Settings > DNS: Disable all external DNS servers, set custom upstream DNS server to the EdgeRouter
* Local DNS > DNS Records: Look at your EdgeRouter DHCP lease list, give everything you care about a static IP assignment, and then give them ".local" DNS records in pi-hole. SSH-ing in and editing `/etc/pihole/custom.list` may be faster, as pi-hole seems to bring services down and then back up for each entry added via the web UI.
Not sure how to do it on that device but with iptables you would do a DNAT rule with masquerade, so it NATs both src and dst IP and src becomes the IP of your router.
A strange game. The only winning move it not to play.
Eventually, yes, device/software manufacturers will start using encrypted solutions, but until then, ya do what ya can do. Maybe the blocking solutions will evolve and adapt as well.
At some point the last solution will be opening it up to rip out the antennas, as some models already automatically connect to open Wi-Fi’s when you happen to live near a hotspot.
(#inlcude my typical rant about why in the US the consumers are not better protected against such ads, this is completely illegal in Europe)
I used to have an EdgeRouter which was a huge improvement to the ISP-provided crappy box but ultimately the configuration was so complicated and inconsistent that I switched to a small fanless debian box. I put Pi-Hole there, which also covered DHCP and DNS services (synchronized together).
It has been a blast and I have more confidence that I will understand what is happening (vs the ER magic)
I have a PiHole, but I also disable networking on any TV in the house and use an AppleTV instead of the native TV apps. LG and Samsung will eventually route around ad blockers by bypassing DNS altogether.
Eventually they’ll just route around this by connecting to your neighbor’s Ring doorbell or your Nest thermostat or whatever random internet connected thing that it can reach out and pass packets through.
Most likely they will start coming with their own cellular network capabilities built in, bypassing any need for a network connection.
They would also be able to screen capture and analyze whatever you watch, even on external devices like apple tv and inject ads directly as an overlay.
The thought just sickens me.
I'd argue the TV is one of the most harmful inventions of the modern age.
Sitting for hours a day is the new smoking. And the ever more hyper-partisan news rots the mind. All so you can watch the latest trite bollocks Disney et al. has just put out.
Lets not even get started on how they're all streaming services now. So much content yet a fraction of the quality.
I got rid of my TV when I saw a man being gruesomely killed on BBC news ~2014. It was without a doubt the smartest decision I ever made.
Yeah, but it's not just about TVs. If cellular devices become small, cheap and ubiquitous enough, I'm fully expecting these vile corporations to start inserting them in all electronics. If there's not a large enough outrage, we can expect all devices to eventually be phoning home.
A Faraday cage home seems like it would be simple enough to build and fully proof you from such idiocy forever.
This is what scared me most when Volvo switched their infotainment over to Google products (and a contributing reason why I chose not to purchase a new XC60 Recharge).
> Pi-hole also has a nice interface for pointing `.local` domains to local IP addresses, which is much easier than messing with dnsmasq settings on the EdgeRouter.
This is why I have Pi-hole set up as well. I wanted to have custom DNS records so I can resolve multiple named services to the single IP they're hosted on. With my Ubiquiti Security Gateway you have to do this by SSHing in and modifying the dnsmasq settings. It's much easier for me to manage this on Pi-hole. The DNS request metrics and blocking are just a bonus for me.
I bought an LG OLED TV couple of months ago during the Cyber Monday sale.
> but the TV was absolutely packed with ads via the home screen and pop-up toasts. To add insult to injury, the home screen would lag for several seconds at boot while it pulled down all those ads.
I was shocked to read this. I've been running AdGuard Home for awhile now and had no idea that my TV was capable of showing me so many ads. Even my spouse breathed a sigh of relief (and possibly admired my setup just a little!) when I read her these lines.
I got an LG C2 and immediately plugged a Roku into it. I've spent less than 5 minutes total looking at WebOS. I also have OpenWRT's ad block setup enabled on my router. If there are ads on its home screen, I am blind to them.
We use a Roku with an LG OLED, mostly to avoid connecting the TV to the internet. Turns out if you use the HDMI ARC for audio (we connected to a soundbar) and everything in the chain is new enough, then the Roku remote volume buttons will adjust the soundbar volume just fine. Roku remote can also turn the TV on and off, so we don't need the LG remote now except to change to a different input.
The Roku remote controls TV power and soundbar volume just fine. CEC didn't seem to work quite right, so I enabled the Roku's IR blaster feature. The LG remote can control the Roku as well, through CEC.
I've heard that the high end Sony Bravia TVs are better in this regard, but haven't confirmed it myself. They are quite a bit more expensive than the other OLED TVs on the market, however.
One thing I've been feeling lately with internet-connected home devices is that I'm being pushed towards products from big tech companies like Google. Google might mine my data still, but at least they'll ostensibly do it competently and securely. Not a great feeling. Despite not really being in the Google ecosystem, maybe my next TV will be one with Android TV support. On the smart home side, I did get into self-hosting Home Assistant recently. I didn't expect much from it at first, but it's remarkable how liberating and useful it feels compared to the one-size-fits-all approach of Google Home or HomeKit. I'm actually excited to try and get some more smart home devices now, beyond just a few lightbulbs.
Anon gathered around and hacked Sony back in 2011 (mainly) because of the absorbent information they were gathering from everyone's PlayStation 3 consoles. They never stopped gathering an obscene amount of information from their users, and nether did any other mid-major technology company.
Google knows everything about you/us if you use their services. It's really bad, we know. For some of us that's inescapable because of our careers/jobs, or if we use Google search on our own devices on our networks compared to alternative platforms. Even your smart lightbulbs are gathering data on you. Android (AND Android TV) is Google:
I have an LG TV (bedroom), one of the higher end Sony's (main TV), and the Sony is much better, IMO. The LG is constantly nagging for software upgrades, and once there is an available option it puts up a nag screen EVERY time you turn it on, making it very difficult to ignore. The LG also seems to be constantly removing apps and features, or just needlessly altering things. The Sony software updates have seemed less frequent and more logical.
I bought a Sceptre because of another HN thread like this a couple of years ago and have been very happy with it. It's not as good looking as an 8K OLED, but it displays games and movies very satisfactorily, and best of all it's just a TV with no "smart" nonsense.
I also bought a sceptre 50” 4k dumb tv at the end of last year for around $225 and I have been very happy with it. It wasn’t HDR, but they are rolling out with HDR models now. Even so the color out of the box is pretty good and there are plenty of adjustments in the menu to tweak. Whats not to like?
I'm watching TV right now while having lunch. I'm watching it on a tablet, with VLC, started by TVH Client, which is a client for TVHeadend, running on a Raspberry with a TV hat. I'm also using that tablet to type this message because VLC has a popup player. I can use the tablet to run every app I could run on a smart TV. I also own a 32" LG TV which I almost never use because carrying the tablet with me around my house is much more convenient thn sitting in front of the TV. I block ads with Blockada and I don't have ads in YouTube because I use NewPipe.
Maybe it depends on the country? I've got a LG C9 and can't recall _ever_ getting any ads in webOS since buying it. In fact, the most annoying thing is the Rakuten button I never use on the "smart" remote.
I've overall been very happy with our LG TV and have been recommending it highly over our old Samsung - which was slowly updated to remove features and eventually took about 45 seconds to boot up.
I have also never seen a single ad on my LG TV in Germany. I'm mostly using the Netflix and Prime Video apps, but still the overall user experience seems way ahead of Samsung TVs.
Was it? On my CX when I press "home" on the remote it only opens a little bar at the bottom of my screen with all the apps. Or do you mean something else?
This is in the US. If you search online, it seems to be a commonly reported issue, with some articles saying LG started ramping up the ads a year or two ago. Maybe older firmwares don't get the ads?
I'm literally on the very latest firmware on my LG CX, connected to the internet, use the apps all the time and I have zero ads on mine, never did anything to block them either - I'm in the UK.
I wonder if that's actually some kind of EU/UK regulation that's absent in the US that's preventing this.
tl;dr: If the TV is working well enough already, it may be ill-advised to connect it to the network. The apps, while convenient, can be supplanted by an external AppleTV or similar for minimal cost relative to a nice TV. This protects the TV not only from being a privacy threat and general ad-ridden nuisance, but also from receiving potentially harmful updates that can lead to performance regressions.
That just seems to shift all concerns from one device to another. Is AppleTV or similar devices so much better when it comes to privacy? Or is the selling point just that they don't show ads?
Luckily I came accross knowing this abysmal insult from the greedy and user hostile TV manufacturers and avoided LG in the first place. They are banned in my household for life. But in second place thought to go for a huge PC monitor (for me it is 43", enough in this household) and AppleTV (which is ok so far concerning ads ... so far) which eventually turned into a Sony instead disconnected from netwoks completely (I simply like the Sony's screen features, build style and hardware quality). But in the very first place I kept my old TV as long as it was physicly possible. I will not feed this dishonest bullying of intrusive schemers.
Pi-hole seems a more elaborate and powerful approach though.
There's been cases where TVs sent data signals back to the cable boxes over coax. There's now high-frequency, outside-human-hearing ID triggers the that are released into the air and ‘heard’ by smart phones with proprietary apps installed with trackers and too many permissions allowed. They can even send out signals via gyroscopes.
Do that pcap, it's doing _a lot_. Mine's on a seperate VLAN and runs via squid, as well as being rooted. 95% of packets out from it are dropped.
That said, good luck finding something better. Most smart TVs run Android garbage that gets progressively worse as updates fome
out, and no dumb TVs (in my country) have the feature set of the big boys. I can't find anything better than LG, even with the absurd lengths I have to go to make it suit my needs.
> but the TV was absolutely packed with ads via the home screen and pop-up toasts
i also have an oled tv from lg and haven’t seen any ads on the home screen but did get 1-2 pop-ups about a year ago. but that’s about it. it’s a 4 year old model, running a webos version that can’t be updated to the latest one. i also bought it in europe.
does anyone know if what the poster describes happens based on continent/country, or webos version? it seems so strange to have such a great panel, pretty much the best OS, and relatively high prices just to spoil it all with ads worth pennies.
Same experience here from another European user. I've only accepted the bare minimum to be able to use and update the TV and its apps. I haven't seen any ads ever, or not that I can remember anyway. Not even recommendations for TV shows and the likes. It's an LG C9 with an older version of webOS. I do see in the DNS logs that the TV and some of the apps connect to analytics domains.
I also have a pihole in my network and it blocks 30% of all requests. But for TV I use a NEC MultiSync ME501 50“. A dump display. Use it my home gym for Zwift and workout displays.
"It's mind blowing to me that this is the user experience on a TV that costs over $1k."
Perhaps this will put to rest the idea that internet-based tracking and advertising are necessary for products and services to be "free" and paying for these products and services is a way to "remove the ads". Even paying a high premium to a company that privacy washes^1 its products will not stop the data collection and advertising.
Some companies can survive without using the internet to violate privacy for profit. Anyone born before 1993 knows this is true. Certainly a company like LG could survive, however "tech" companies cannot.^2 Conducting commercial surveillance on internet users is too easy. It's like money on the table. There is still inadequate regulation to slow it down, let alone stop it. Companies that connect their products to the internet can cash in on "tech" company intermediary-style surveillance. Welcome to the "Internet of Things".
Being able to control DNS in the home is essential, IMHO. Hopefully Pi-Hole users are not pointing dnsmasq at shared caches run by entities engaged in data collection for commercial purposes and internet advertising services, whether those are ISPs or Google or similar.
The now classic "tech" company meme is that the internet, what other folks would call the web, would not exist without advertising. Yet it did exist before advertising was permitted, so that cannot be true. It still worked and no one using it wanted to see advertising. The person who put the first ad on the internet was globally lambasted.^3 Citing this historical fact does not imply anyone wants to go back in time to the early internet. It just means that the "tech" company meme that the internet does not work without advertising, without "tech" company intermediaries conducting extensive surveillance on every internet user to support this advertising, is pure BS. "Tech" companies try to use FUD something like, "If anyone changes anything that interferes with advertising, then the internet and therefore life itself will suck." Yeah, right.
As if "tech" companies are the only sources of vision for the future. They want a future that continues to let them profit obscenely from using the internet for unregulated data collection and advertising.
The Atlanta Journal-Constitution offered trial subscriptions that claimed to bring back the "newspaper reading experience". While the layout was nicer, the ads far fewer in number, and it gave access to long form reporting before it was released to non-subscribers, almost none of the trackers were gone. Newspapers are some of the worst about using third party trackers to make money and even a subscription to the online version of the paper doesn't keep you from being tracked. The double dipping might work short-term but ultimately it seems self defeating as the demographics of those most likely to pay for a subscription likely overlaps quite a bit with those who don't want to be spied on. If there's a potential revenue stream, some manager somewhere in the company is going to try to access it and leverage it for their own benefit, regardless of the larger long-term impact on the company as a whole.
I used to swear by LG TVs because their smart features used to be one or the few on t he market that wasn’t intrusive. I even have a bunch of friends who have bought LG TVs based on my recommendations. But the one I bought a couple of weeks ago had the same issues you described and it has left a really sour taste in my mouth too.
As an aside, can you share the additional domains you added to PiHole please.
> it was making DNS queries for _several_ data mining services that analyze what's being shown on the TV.
What? I don't believe you.
Are you saying if you are using it as a PC monitor it would effectively send data back about apps you're using, games you're playing, etc?
this would have incredible privacy violation implications.
we just got a super shiny brand new samsung s95b that's oled and really nice but it will never see the light of day on the Internet precisely because of this bullshit.
I used to use pi-hole. Then I replaced it with adguard home. Adguard home is a single go binary, and it properly supports HTTPS and secure DNS out of the box. Pi-hole is great, Adguard home is greater I think.
At the end of the day though they both provide the same service. But I like that with adguard home I can have TLS DNS so I can have my mobile phone use private DNS via it even when it's not at home.
This always makes me conflicted about AdGuard. I don’t mind they’re Russians, they cannot help “their” president being a tool. But the shadiness and opaqueness doesn’t jive well with me for a company that can basically see all my internet traffic.
I’m currently happily using https://nextdns.io/ but I don’t thing you can install that on a Raspberry Pi.
What do you mean add blocklist in batch? Do you mean assign a particular blocklist to a particular client? If so then yes, this is the one feature missing from Adguard home.
Its other features more than make up for it.
Setting up blocklists is a one time thing. I mean I get your point but I see why not a lot of effort goes into this aspect.
I also think for DNS blocking you're best off just adding one list and being done with it. Adding lots and lots of lists only opens you up to more fault positives and problems down the line IMHO.
Is anyone compiling from source or are most all installing precompiled binaries? How does one verify a binary matches the source with no additional code? This is a rhetorical question meant as an excercise for the reader.
I use to be anti AdBlock, as a lot of the creators I follow get food over the table thanks to ads... But man, things got out of control, the industry have gone so hostile, where a typical site went from 30% ads 70% content to the inverse and worse.
What I hate the most it's how the try to scam no savvy tech people, like grandparents and for those scenarios pi hole it's a tool made in heaven (specially as there are not global adblocks extensions for mobile devices)
I still don't use for my personal network, but for my senior family members that use tech only for video streaming or reading the news, this it's an amazing gift.
> What I hate the most it's how the try to scam no savvy tech people, like grandparents and
Oh, that's my utter bane. My mom knows better, I've taught her how the manipulations work, and then she'll show me a pertinent article on her tablet, and see an utterly outrageous clickbait link from Outbrain or Taboola or the like, like "This mom found out her kids were smoking WHAT?!" and pictures of some bugs or whatever.
And she'll get a guilty and tortured expression and say "Oh, I know they're probably manipulating me, but I have to find out what this is about." No!!! You really don't have to!
I tried to sneakily install ublock, but I made ONE mistake when trying to add a custom filter on a site she regularly visits, which broke her user experience for 3 minutes before I fixed it, and she demanded I immediately uninstall the "hacker programs".
My grandmother was like that with the National Enquirer and Weekly World News. She knew it was fake garbage but she couldn't resist reading it and you could tell some of it did end up sinking into her mind as being true on some level. But at least those tabloids weren't tracking her. She bought them at the grocery store each week so they didn't even have her on a mailing list. I do believe they had some scammy ads in the back of each issue but I don't recall that ever being a problem for her. Granddad had no interest and just kept to his Popular Mechanics and Popular Science magazines, both of which at times had articles and ads of questionable quality but were far better than the tabloids and modern online clickbait.
I’m in adtech, and it always frustrates me that the product managers make all of their projects around how can we squeeze out more demand out of existing listeners/viewers. One would think it would be a better experience for all to see fewer, but higher quality/higher CPM ads.
Viewers see less ads, but probably wouldn’t resort to ad blockers if they only saw one ad on a website instead of 10. Advertisers would get better click through rates because you aren’t competing with as many ads. The downside is advertisers have a higher CPM, and maybe the data shows high CPM campaigns don’t work.
Regardless, after working in it for awhile I see how we got where we are. I don’t foresee a world with no ads since the vast majority of people don’t want to subscribe to every website they visit, but maybe there will be a better model in the future.
I even wrote an article on a related topic: push notifications acting as a way to deliver malware to devices by relying on non-technical users being scared into clicking allow.
Yeah a lot of sites (articles) there's an ad between every paragraph or they scroll you to the bottom which has those garbage sites as you try to leave.
One crucial thing I use my pihole for is to forward traffic going to the .lan top level domain to my reverse proxy (traefik), I couldn't figure out how to do this in the pihole UI so I just added a custom config file to /etc/dnsmasq.d which works perfectly.
I'm not sure what adguard uses but would be interested to here if it's possible!
EDIT: just seen it supports DNS rewrites, which seems to do a similar job. Nice! I might give this a shot for a while
For me, it was the fact that AdGuard Home supports a lot of good things out of the box. For e.g., DoH/DoT for upstream resolvers, really easy to enable DoH to the AdGuard Home interface itself etc.
I had a pi-hole set up for quite a little while, but my partner complained that they could no longer click on google shopping links. It boggled my mind that anyone actually clicked on these, but now I have to find a way to whitelist their devices.
We implemented a web extension specifically to allow this. It basically worked by giving the user a warning that they would be tracked if they proceeded, then gave them a button to proceed anyway. This was a top feature request for our first year of business, driven mostly by our users' wives.
It was actually a pretty tricky bit of technology to build, as it had to work not only for the original link, but all of the associated trackers which were triggered by the event (otherwise the ad might not load).
As others have stated I worked around it by setting up a wifi connection with different DNS servers and adding '- No Adblock' to the SSID.
Not all routers have this functionality and if it doesn't you should be able to flash Tomato or similar, or use PfSense. Depending how home baked you want to go.
Using Google Shopping is a cheat code to getting cheaper prices. Companies will mark their products down way more than any other coupon that can be found online, just to appear at the top of the results. It's amazing at saving money, if you already know what you want to buy.
Exact same reason I stopped using pi-hole. It bugged out Google shopping and my partner complained. And the whitelisting / access control is annoying UX imo so I went back to normal DNS. Might return to it eventually but not enable it for every dhcp client.
Edit: and her iPhone changes its MAC address randomly so the access control was tricky to maintain.
I don't use Google shoppings, but I click Amazon shopping ads on some indie/personal sites all the time.
For example, one of the them is a music database website. Its ad shows the links to buy the CDs (it's in Japan, FWIW). I find it very continent; I often just go Amazon to check info even if I don't want to buy.
The developers made a great release awhile back that allowed you to make custom groups of users with their own whitelists. I created a group that whitelisted all google shopping links and then put her in it. Works flawlessly
My Pi-hole has been running in a Docker container on my main workstation for several years. I tend to refresh it once a month or so with a simple configuration as shown in the example files.
Been using this software for years, it's excellent. It's really eye opening when you have it turned off as well, like suddenly the filters are lifted and you see what the reality is for most people.
Sadly the cat and mouse game between ad vendors and systems like this is, the DNS sinkholing method is either being circumvented thanks to rapidly changing/randomised hostnames outpacing the adlist authors, or ads are rendered server side.
I've never been able to get it to work as the primary DNS source on the router though, so I always have to configure my devices to statically point to the IP of the pihole, but that's just a minor inconvienience (although annoying when devices like TVs don't allow you to configure DNS, or override it secretly for their own stuff)
Opened the comments to put in a recommendation for NextDNS. The free plan allows 300k DNS queries and is more than enough for me across three devices (Mac/iPhone/iPad).
I have not needed an ad-blocker for the past 2 years and hardly see any websites breaking. Often syndicate links break, which is not a big deal for me.
Aside from it just working, their mobile client is a fantastic thing. When I am off wifi, my phone routes DNS to NextDNS and I get the same adblocking when I am on cellular data.
For those who prefer Pi-Hole, I set up a VPN server on my PfSense so my devices can use the DNS server in my home network when I'm out. The fact that traffic is encrypted is a nice bonus.
I do this on a symmetrical 500Mbit fiber line, YMMV.
I gave pihole a shot but an update went wrong and I had to muck around getting it to work again (it was also my dhcp, so was a pain whilst working from home!)
Back to nextdns and it’s smooth. I have different profiles set up - a home one (for everything that can’t take DoH, including my work laptop), one for my son (his iPad), one for my wife (no logging, minimal ad blocking, allowing Facebook) and one for my devices (lots of different blockers).
It also works outside of my network too.
I pay the £17/year as I feel allo of this is worth supporting.
I used it at home and liked it... for 10 days, after which it stopped working because I'd hit some limit. For 1 computer, 1 Amazon TV stick, and 1 phone that I barely use, 10 days max is pretty bad.
So I uninstalled it and went with adguard, which doesn't arbitrarily stop working.
> because I'd hit some limit (..) 10 days max is pretty bad
The free(!) plan includes 300,000 queries per month. That is transparent everywhere. On the website, pricing page and in the dashboard. You can even see how much you have already used. That's pretty fair for a free service for which you pay nothing. For me, that's enough for a whole month.
> (..) which doesn't arbitrarily stop working
1. NextDNS sends an email before the limit is reached
2. Once the limit is reached, no more ads are blocked, but dns continues to work
Hey if it works for you, great. It didn't work for me. 10 days casual use for 1 person and then "pay me" is not a positive experience, so I found another solution.
How many days should a paid service give you free casual use for a positive experience?
You are using a consumable (CPU & data transfer, along with your desired amount of analytics data storage) that they pay for, and, shockingly, they are not ad supported.
I currently use a pi-hole. In a home of 2, we have 74k queries per day. That would effectively be a 4 day trial... so I can understand the other person's frustration.
The only feature NextDNS is missing that I’d love (and am tempted to switch to Pi-Hole / Adguard to get) is Custom DNS records. I really don’t wana run my own DNS Server forwarding to NextDNS just to do this.
Edit: I just discovered this is a thing “Settings > Rewrite”
I'm thinking of getting a hi-res projector instead of a smart TV.
I had a Samsung smart TV but got rid of it last year because of the ads, slow start up, bad sound, and just all-round bad anti-user crapware that was on it. Reverted back to my old (10 year old) dumb Samsung and it's much better hooked up to a streaming stick.
I long for the days when all you had to consider when getting a new TV was color, resolution, picture quality, frame rate, etc. Instead of what OS it's running, how long you'll get update, how bad the advertisings going to be, as well as the above.
I dont have smart TV, however I have BenQ MH550 over 3 years. Just for Kodi and pictures. It's great. Since then I'm barely go to cinema, except film festivals. And I'm partly work in film industry.
Look for DLP projectors if you want watch primally films. They can adjust frequency to FPS of played media and colour reproduction is more pleasant to watch. Avoid LCD projectors. They are great for presentations and graphic in bright environment, not for film reproduction in dark room.
I never had that issue. I also use "eco" mode that reduces brightness and contrast. In dark room full brightness could indeed hurt your eyes. And colour reproduction is not that great.
I am currently testing out Epson ls500 as a tv replacement. It has been great so far. Only downside is the ugly "periscope" on top and the throw distance being a bit too far so it takes too much space away from the living room. Epson ls800 looks like the perfect projector but is still a bit pricey. Ls800 has a much shorter throw distance and looks much better in the living room.
LS500 is quite noisy on full brightness (100% 4000 lumens) but almost silent in eco mode (50% brightness). But at 50% I would not call it a tv replacement anymore because the brightness is not great for daytime viewing. Not sure about the LS800.
Projector is good if you only use a Tv for Watching Movies or Playing Games. Capitalised for importance But if you just want to have the TV on and browse your phone while glancing at it or channel/stream surf, it's not that practical.
I lived with a projector only for a good decade, when I had no kids and very few hobbies outside of TV/Movies/Games. It was amazing to have a 120" screen with a pretty minimal investment. Fully darkened room and two proper recliners for me and the SO. Great stuff.
Then we had kids. And when the rugrats want to watch Pocoyo or Octonauts or whatever is in fashion at the time, then having the projector on seems just wrong. Never mind that you can't see crap if you have the lights on at the same time.
Yes, you can get modern projectors that have amazing brightness and short-throw projectors that can just be put on a table. But still a 60-70" 4k HDR TV is more practical unless you have a separate theater room.
You should look at the oisd blacklist. It's curated to ensure that it doesn't break anything and in my testing The last 3 months, it lives up to its name very well. I haven't had any sites break or any reports from the kids about things not working. Prior to that the block list I use would sometimes stop the Apple store from working and those sorts of things, it was very annoying.
There's lots of other solutions, but I've had zero problems since swithcing to osid and I pipe a lot of things (Nintendo Switch, kids iPads, my Google phones, my laptops) through it and it hasn't given me a single issue.
It certainly DOES let through a few more trackers, but that's the cost of a list that doesn't cause problems.
That's like saying your seatbelt is uncomfortable so you don't wear it while you're driving. Don't take it off, find a solution to make it work.
Use a better block list (OISD has been mentioned already), or use NextDNS. Neither of those cause breaks in most sites and stop the most bothersome/prevalent ads.
True, more and more sites get broken, even page content for our DMV website. I've gotten used to activating the pi-hole Disable for N seconds/minutes feature regularly.
If your router can do it, have it route all of your DNS queries to your (pi-hole|adguard|nextdns). Doesn't matter if they are hardcoded to 8.8.8.8, anything to port 53 goes through the blocker.
I finally ended up setting up my own router with opnsense which you can do for pretty cheap. Either a pc with two ports, a vm on a server if you are into that , or going dedicated hardware like mentioned above. If you really want to understand what goes on your network this is the way to go.
Does anyone know of a version of, or way to run, Pi-Hole on TrueNAS Core? That's what my home NAS runs, and while its list of "appliances" is quite long, it doesn't contain any network ad-blockers, AFAICS.
I am not bothered on the TV. I bought a ~15YO Panasonic Viera TH-46PZ80E, a huge plasma thing that is almost totally dumb. It cost me £/$ 60 a year ago, and it's great. It talks to a cable TV box and an elderly Mac mini for playing videos. Works a treat, costs very little, and zero online advertising.
I have got Kodi on it and our phones for a "ten foot UI", but using macOS is easy enough that we never need it.
Interesting. Do you have any pointers to how to do that?
TrueNAS Core is a FreeBSD distro. Docker is a Linux tool. That implies to me I'd need a Linux distro in a VM, then Docker on that, then more config on top.
Which sounds hard.
Which is why people run this stuff on dedicated small cheap computers.
I predicted containers were the next big thing 3 years before Docker was founded, but I do not run containers on production servers. My job is writing about this stuff, not running servers. :-)
I write about it because I used to run servers in production for a living, and I didn't like doing it. I prefer writing.
I am not inclined to remove a tool that's working pretty well and replace it with something entirely different just to get access to this one small function. I think that's reasonable, isn't it?
I mean, even if I did, I think Scale is likely to be less efficient on my servers, maxed out at 8GB RAM, and there still isn't a plug-in for PiHole for Scale, is there?
This is absolutely essential if you care at all about reducing Internet ads. Runs on anything, is dead simple to use and you can funnel your entire home internet through it.
I tried this a couple of times and I was never able to completely turn off YouTube ads on my LG TV, no matter how many blocklists I pulled. I wonder... is there's a special setting for DNS routing inside of the TV that allows YT to bypass pi-hole?
I'm always (pleasantly) surprised to see that DNS sinkholing is still a viable option. Couldn't smart tv vendors or the like simply hardcode DNS resolvers and use DNSSEC or DoH (with certificate pinning) to circumvent it?
They don't bother (yet). As long as they know only tech geeks are attempting this custom DNS config, and those tech geeks are unlikely to click on ads, they don't bother going the next step.
Now, if Pi-hole or similar suddenly becomes mainstream, that'd be a different story.
I use pfblockerng on my pfsense, which is the sole reason why I haven't migrated to OPNsense yet. No ads for the last 5 years in my whole private lan and wifi - what a blessing!
As for the pi-hole setup itself, it's working great. It's a great backup to locally installed adblockers, and I have my EdgeRouter as the primary DHCP DNS server, which makes requests to pi-hole. Both the router and pi-hole have caching, and my DNS query latencies are good. Pi-hole also has a nice interface for pointing `.local` domains to local IP addresses, which is much easier than messing with dnsmasq settings on the EdgeRouter.