Pihole on the home network and my phone has constant VPN connection to the home network via Wireguard.
Privacy
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
Out of curiosity, you have to open a port in the router for that to work, right? How does that work in the security aspect? Do you need to do some constant maintenance in your setup or something in order not to be vulnerable?
While you have to open a port for wireguard, it doesnt respond to anything other than your clients with a key. It should be safe enough without any maintenance, but security updates are always a good idea. If you don't want to open port there are alternatives like tailscale or zerotier, but I have never tried them
Meshvpns like you described work good but having a real WAN connection works best in my experience.
Yes, wireguard requires an open port. No security issues in the years I've had this setup.
I have the same configuration running on all my devices, my kids and my wife's too, it's wonderful.
Did you use a guide to configure it all? I'd love to get started but networking has always been a weak spot for me
How much battery do you think this consumes? I've always thought an always on VPN set up but never tried it as I assumed it would drain the battery too quickly.
The battery consumption is negligible. I use Invisible Pro with so many different types of blocks and circumventions that it's almost ridiculous, and it runs at about a 3% in 24 hours. Invisible Pro has to be way up on the battery sucking scale for similar products.
1-2% with always on VPN. My kernel is very old (3.18) and it doesn't have wireguard kernel module.
My personal favorite is RethinkDNS, which is technically capable of running your favorite VPN provider alongside blocking ads and blocking/logging domains on a per-app basis.
It's a bit frustrating to set up for my taste, but it definitely works. (Kudos to Mozilla for sponsoring their project, BTW.)
RethinkDNS is super awesome! 🙌
It also works with Orbot
You want a DNS based adblocker. I like nextdns because I can customise it.
AdGuard can filter all (or select) traffic blocking ads in other apps.
Doesn't that require root? Or am I getting it confused with another solution with "ad" in the title? :/
The one you are thinking is Adaway which makes changes to the system host file.
AdGuard creates a local VPN connection and lets all traffic run through that blocking based on filters. Your VPN slot is taken up here.
NextDNS just changes your phone DNS to its servers and blocks based on filters. Here, your VPN slot is essentially free for use with actual VPN apps.
Your VPN slot is taken up here.
Oof, yeah, that wouldn't work for me anyway since I currently use a VPN. Lol.
Thanks for clearing it up though! :)
NextDNS just changes your phone DNS to its servers and blocks based on filters. Here, your VPN slot is essentially free for use with actual VPN apps.
That sounds promising! :D
What address should I type in the settings to use NextDNS dns?
You can also use their DNS server without having to install anything
That is true but then it applies to everything and you can't pick and choose which app to filter and which not (I exclude banking app for example), what level of filtering you want for each app (my phone is not rooted so there are some apps which will reject https filtering), and additionally I can quickly turn off and on filtering in the app for example when there's a need for troubleshooting why something is not loading etc. In short, with an app you have more control and access to stats:
NextDNS
+1 for nextdns, it allows me to track all the connection requests and it saves the logs on Swiss.
I use Blokada - but not the latest version since the company switched from the free open-source standalone app paradigm to a cloud-based continual paid subscription model. It seems like Blokada version 4 (obtained either from the company's webpage or F-droid I forget which) blocks a heck of a lot more stuff than version 5 for some reason.
On the other hand, it also noticeably heats up my phone if a not-well-behaved app (examples include Freemium games) continually resubmits queries over & over again every (or even multiple times a) second. You can block every request that it makes... but it can also keep making them so... at some point you may question whether the cost is worth it.
This arguably relates more to "tracking" than actual advertisements, since there can only be a finite number of the latter but the former can happen all day every day even when the app is not running, if it decides to be aggressive about checking in with its home base. These days, even if you do pay for something, your data is STILL the actual "product" that is the reason the company is in business at all to obtain.:-(
If you still want to use a VPN style adblocker, I moved from Blokada some time ago to Adaway. Works the same.
Thank you for helping fill out this list. May I ask why you moved away from Blokada? Version 5 is bad ofc, and 6 is far, FAR worse, but 4 worked well for me.
It looks like AdAway has some nice features since I saw it last, like the ability to whitelist a particular app. If it does not require root permissions, it might be a clear winner even.
blokada to netGuard and the reason is precision
https://github.com/M66B/NetGuard/releases or izzysoft or fDroid
it doesn't need root
I use Blockada 5 and haven't noticed any heating issues, it might be worth a go! I did have to enable most of the lists to get good coverage (and then a couple custom selected on/off over time) but I mostly don't think about it after a little setup. The only thing I do have to worry about is swapping which VPN is on when I want a real VPN- but fortunately the VPN I like (Mullvad) has adblock built in too.
Yeah I still use Blokada 5 on my daily driver - it generally works "well enough" for most things, so I never bothered to switch to 4 on it. But I did notice that if you try to play a game on it, it's like the ad blocker isn't even there, whereas version 4 worked a lot better straight away. I may just not have played around enough with the settings of 5 though:-).
I use 5 and I noticed it was hit or miss so I just said fuck it and enabled all of the available lists lol haven't seen an ad since
AdGuard. You can get a lifetime license through stack social for anywhere between $16-$30. It also does HTTPS filtering.
Same I love adguard. I only wish there was a way to use it with a third party VPN (without root)
Mullvad DNS or libredns
+1 for LibreDNS! I don't see it mentioned enough.
Go to your Settings app. Click on Network and Internet. Click on Private DNS. Click on Private DNS provider hostname and a type. "p2.freedns.controld.com". Click OK and you're done.
RethinkDNS is a great option unless you already have something in place that you want to use as well.
For example, I have a pi-hole and a server that I'd like to use 24/7. There's a few ways to do it, but I'm an idiot and need a simple, hard-to-ruin method. So I use the pi-hole as an exit node with TailScale
uBlock Origin on Mull browser (if not Firefox), Mullvad DNS or NextDNS for "Private DNS" (its DNS-over-HTTPS iirc) if you are not rooted
Probably a good VPN with adblocking features. Iirc, protonvpn and mullvad do this pretty well. I've tried the dns methods like other people mention and on some public networks, it won't work because they force a specific dns so you need to vpn for it to work.
And if they force a particular DNS they're is a reason for that and I don't use that Wi-Fi
Use ublock origin
I'm a fan of nextdns
DNS