Problem: I am using Pi-Hole on my network to block quite a few ADs and trackers. However, the blocking does not work reliably on Android devices on our WiFi (This thread suggests that this also concerns Apple devices – but we don’t have any at home, though).
I noticed this when I was researching some cycling products and my wife suddenly started getting cycling ADs in her Facebook stream on her tablet. We don’t share devices or accounts or anything – but we do share the same network and therefore the IP of our router.
At first I was confused because my wife was only getting the ads when I searched on my mobile – not the days before when I did the same on my PC. Then I noticed the coincidence of the switch from PC to mobile. That was the first time I really became aware of IP usage for ad tracking. (I’ll probably write another post about this – it would go off topic too much here)
Cause: Android devices do not (necessarily) use the DNS server in the home network, but connect to Google DNS. So, the tracking requests aren’t blocked by Pi-Hole.
Changing the DNS on Android can be possible (depending on the vendor!), but it’s just not meant to be done easily. And I simply did not want to fiddle around in the client settings. A proper network side solution was needed.
Solution: Well, I had to block the requests at the router. Either by rerouting all traffic through a RaspberryPi with something like Privoxy installed, or by using the filter lists in my FRITZ!box router.
- Privoxy would definitely be the more elaborate solution! But it is also more complex and requires more configuration for the routing.
- The filter list on the FRITZ!Box on the other hand is really simple. But it is just a static list, the list can only use the first 500 entries and there is no logging.
For a first step, I was just too lazy to configure routing and Privoxy, so I used the FRITZ!Box Filter list: To get the top 500 hosts to block, I didn’t want to rely on any arbitrary list from the internet but to use something that respected our home usage.
As we have been Pi-Hole running for quite a while, I extracted the top 500 most blocked hostnames from the Pi-Hole logfiles and entered them into the filter list:
sudo zgrep "gravity blocked" /var/log/pihole/pihole.log* \
| awk '{print $7}' \
| sort | uniq -c | sort -rn \
| head -n 500 \
| awk '{print $2}'
The advantage is that it’s a dynamic source (with the manual update step), tailored to our surfing habits, the 500 limit is not an issue in our case and it’s just super easy. Let’s see if it stands the test of time …
Issues?
One week later I’m still mostly happy with this solution. Yet, at some rare times, the Fritz!Box seems to overreact and block hosts that are not on the list. I wasn’t able to identify a pattern yet but I’ll keep an eye on it.
@blog
https://www.kuketz-blog.de/pi-hole-einrichtung-und-konfiguration-mit-fritzbox-adblocker-teil1/
Pi-hole is really great, easy and with so low maintenance. It’s a pleasure to have it.