Adverts are wasteful

The advertisements you see are just the tip of the iceberg. What you don't see is the vast tracking infrastructure that records your on-line activity in order to serve you ever more relevant ads. Together, they waste your bandwidth, slow your Internet access and distract you from your work or leisure activities.

Adverts are creepy

Furthermore, many people are concerned about the privacy implications of unregulated collection of personal information and it's exploitation to profile individuals for commercial purposes. We all know the creepy feeling we get when something we have previously Googled then appears as an advert on an unrelated web page.

Network Ad Blockers can protect your privacy

Filtering DNS Servers like PiHole do great job of removing advertisements from apps and web pages by disrupting connectivity to ad serving technologies. Furthermore, they also disrupt tracking networks to prevent them harvesting personal data or activities. Unlike browser plugins, they transparently protect your entire network.

What is the scale of the problem?

Our home lab network consists of around 40 hosts. In addition to my technical research we perform typical SOHO and home tasks such as remote working, reading the news, streaming Netflix and playing video games. So, what portion of our Internet DNS lookups might be due to advertising and tracking?

According to my PiHole server, it is about 60%!

The chances are, your profile of Internet usage does not significantly differ, meaning it is very likely that that the majority of your DNS traffic is to enable tracking and adverts.

But there are further advantages to using a filtering DNS server like PiHole that extend beyond blocking adverts and tracking to offer even more value.

Introducing Protective DNS

Protective DNS is a superset of the type of DNS filtering that PiHole was designed to perform, alternatively and / or additionally filtering destinations known to partake in malware distribution and control, ransomware, fraud, crime, scams, phishing and undesirable content such as offensive material and pirated intellectual property.

Used in combination with other security approaches, Protective DNS is a very effective way of reducing threat to your network, users and data; so much so that the National Cyber Security Centre compels UK government organisations to use their own Protective DNS offer, and highly recommend private sector businesses pay for a commercial alternative such as Cisco Umbrella DNS Security or a range of others, compared here.

These are all fine services, but only accessible if you are a UK Public Sector organisation, or have a considerable budget to spend. So, what about the rest of us?

Well, the great news is that the DNS filtering technology that drives PiHole can be easily extended to make a free Protective DNS service for your network by simply adding the many freely available lists of known undesirable domains. Furthermore, PiHole can continue to block Ads and trackers as per it's original intent, unlike many commercial Protective DNS services which exclude Ads.

Why you need a network Ad Blocker

So, in summary, you need a Network Ad Blocker like PiHole to help:

  • Build a Protective DNS service to protect your network, users and data
  • Block adverts, save bandwidth, speed-up browsing
  • Block trackers, improve privacy
  • Block malware, crime and undesirable content

Practical suggestions for building your Protective DNS using PiHole

PiHole is free and open source software. It can be run in a number of ways:

  • It can be installed on a cheap and easily accessibly Raspberry Pi computer for a total cost around £70 to provide Protective DNS services to a home, SOHO or SME network of up to a few hundred devices.
  • It can also be run as a virtual server on your exiting hosting infrastructure. In such cases, a scaled-up virtual machine, or multiple instances thereof, could support many more clients to provide more highly available services to larger networks.
  • Finally, you could rent a hosted cloud instance, shared or dedicated, for a very reasonable cost saving you the cost and trouble of building or operating your own infrastructure.

Living with Protective DNS annoyances

Living with a Protective DNS can have annoyances, particularly if you make use of Ad blocking because so many of the modern services and apps we use have tracking and advertising so deeply embedded within them; particularly so for free services. Consequently, you may find that some social networks, media streaming sites, applications and games fail with DNS related errors, such as being unable to find or connect to blocked servers.

Allowing blocked services

In such cases, you may wish to allow access to required hosts on a service-by-service basis. This can be achieved easily by 'whitelisting' blocked URLs. By accessing the Pi Hole admin interface and observing the Query Log we can observe the evaluation of internet DNS access requests in real time. Blocked URLs, highlighted red, can then easily be 'white listed' by simply clicking the button adjacent to the URL to enact whitelisting. Then, retry your service and confirm it works; if not, repeat with additional blocked URLs until the service works.

Keep in mind that whitelisting sites that are known to engage in ad serving and tracking may impact upon your privacy. The key thing is that you can decide to accept risk on a site-by-site basis depending upon your perception of the value that individual apps and services offer versus the risk to your privacy and security.

How I can help

I'd be delighted to help you with any of the above solutions, please contact me for assistance.