Surprisingly, I've yet to see a service which fronts Pi-Hole or similar and allows you to point your DNS resolver(?) at it, so you can use it on the go -- without having to use a VPN.

I tried to set this up on my own using a VPS and Pi-Hole and it did work for a while. However, bad actors eventually found the server and started using it to perform DNS amplification attacks against, of all things, cricket news websites. I don't know too much about networking, so this may be a limitation of the DNS protocol. However, it seems like Quad9, Cloudflare and the like have figured out a way to prevent this sort of abuse... So, if any provider out there is reading this, please add this capability and I will gladly pay to use your DNS service.

You mean a public Dns server with ad blocking?

https://adguard.com/en/adguard-dns/overview.html

Note that obviously since you are sharing all your dns requests with them, it's terrible for privacy... :'(

> Not that obviously since you are sharing all your dns requests with them, it's terrible for privacy... :'(

Right. I'm not defending this service in any way, but couldn't you say the same about Quad9 or Cloudflare?

True.

You could set up pi-hole as a recursive dns server: https://docs.pi-hole.net/guides/unbound/ That way you don't have to use a public dns server like Cloudflare. However, since (as far as i know) dns requests are not encrypted, this is not perfect either (security wise).

At least when using Cloudflare you can use DNS-Over-HTTPS: https://docs.pi-hole.net/guides/dns-over-https/

https://adfreetime.com does this, as well as proxying location checking (like MLB's video streaming).

Cool! Thanks for sharing this.

Out of curiosity, do you have any idea how they prevent the scenario I outlined (e.g. metadata, traffic analysis)?

>$1.99 US a month, less than a cup of coffee!

At that price, I doubt they do.

Editing the hosts file is a security risk.

You don't want a malicious app do this in your back so that when you type alice.com, you see bob.com instead.

Fortunately, to some extent, HTTPS or GPG come to the rescue.

Firefox for android can run extensions so its trivial to just install ublock origin. You can even use choose to sync extensions across devices and as soon as you login to your Firefox account all your extensions will be installed automatically.

You can edit the hosts file on Android apparently and the Pi-hole is just a shared hosts file.

It's a self-updating hosts file. If you only do it once in a month you'll start seeing ads again. Also you can edit the hosts file if you're rooted, but you definitely can't if you're running a stock unmodified ROM. If you're rooted and you only care about your Android phone, you can also install Adaway, which does pretty much the same thing without the whitelist capability (Get it on F-Droid), but if you have a number of devices to protect, and some of them are iOS devices, TVs or whatever that can't be rooted, jailbroken, or you don't have administrative privileges to, Pi-hole is a good choice (if you run pfSense at home you can also use pfBlockerNG, which is essentially the same thing too).

Host file blocking on mobile devices produces some weird web browsing. I like using browser plugins because it gets rid of the whole chunk of html so it's like the ad was never there in the first place. On android, there are these huge blank spots you have to scroll past to keep reading. I still keep adaway on but I wish I could just use ublock origin with android's chrome.

You can use uBlock Origin in Firefox on Android, and I've found DNS66 to be a good non-rooted adblocker on Android.

Now there's also Blokada which is a little bit better (found it to block some ads that DNS66 actually let through; it was a random discovery, I am not a researcher).

There are devices that are not easy to free up from ads, eg. unmodified WP mobiles. This way they are protected from ads as well when tehy are conmected to the same network with wifi.