Replying to Avatar liminal 🦠

nostr:npub18ams6ewn5aj2n3wt2qawzglx9mr4nzksxhvrdc4gzrecw7n5tvjqctp424 & nostr:npub1wtuh24gpuxjyvnmjwlvxzg8k0elhasagfmmgz0x8vp4ltcy8ples54e7js (and anyone else who'd like their input) I have a few privacy/security questions that I'm having trouble wrapping my head around and wanted to know if you had any guidance for a pleb that is just getting into the self-custodial internet space. Maybe it could also help other plebs interested in taking control over their own internet.

1) I've got Pi-hole running and connected to my router, but I also know that my router has a toggle option for AdGuard. What would the reason be to prefer one over the other (other than that sweet Pi-hole dashboard)?

2) I understand the reasons for a VPN, but wouldn't that mean all your traffic is being passed on to someone else? Sure, many VPN's have a 'no data logging policy', but wouldn't that mean we'd have to emphasis(trust) their word to (a) be trustworthy and (b) they wont backpedal on in the future? There is a great incentive to actually be collecting your data covertly.

3) My understanding is that by using a VPN, you'd actually be subverting any DNS sinkhole because the traffic is being routed somewhere else, so what would be the benefit of using both? If there is a reason, how would you go about making them both work collaboratively?

4) Last but not least, any advice on removing trackers/ads from this cursed, demented piece of technology from hell that is the Samsung Smart TV?

Avatar
Derek Ross 2y ago

I run a Pihole and have for several years. I don't have any experience with AdGuard. If you have AdGuard on your router then the only reason to run one yourself is to maybe have more control or maybe you like AdGuard better.

Sure, it's a trust me bro situation with VPNs. Mullvad VPN was contacted by authorities and had zero information to give them. They seem trustworthy because of this. But yes, they could backpedal. No one knows the future. I guess a less trust me bro situation here is for you to use Bitcoin to buy a VPS and setup Wireguard on it. Then use Wireguard on your home Internet to route traffic through the anonymous Wireguard VPS.

Yes. All traffic, including DNS resolution, goes through the VPN.

Nope. Sorry. Tell your Samsung agent I said hello.

Reply to this note

Please Login to reply.

Discussion

Avatar
liminal 🦠 2y ago

I've had a pi for a while and was finally in a situation where I could have my modem/router situation and configure it with a Pi-Hole. Happy and excited for the learning experience, I found out that my router has a setting to just switch on AdGuard so I'm really gauging what the options are and why.

With VPNs I've mostly thought they weren't as much a necessity as many YouTubers would claim and haven't explored that space, but after hearing about the reasoning wrt nostr its gotten me curious again. I might use one on my phone when I'm away from my home network.

That's a big oof on that last point 😭. Might end up just disconnecting it from the internet and running a HDMI whenever I need to use it 💁‍♂️

Much appreciated kind ser! 🫂

72
nobody 2y ago

I’ll add to the VPN conversation because Derek has already said everything I would on pihole. I’ve run one, I liked it, but did have troubles towards the end. It probably needed to be reflashed or had SD card issues.

VPN is useful for exactly six things:

1. Obfuscating your location.

If you don’t want people to know where you live, run a VPN. They can get city-sized resolution off where you live based on IP address. If this doesn’t matter to you, press on.

2. Making advertising tracking slightly more difficult. It really doesn’t, unless you do a half dozen other things.

3. Securing your data on an untrusted Wi-Fi network. If you’re on coffee shop Wi-Fi, you should use a VPN to make sure nobody can intercept your information.

4. Accessing content that is geo-restricted. If you live in a country that don’t have access to certain shows, some of these restrictions can be bypassed with a VPN server located in a country that does.

5. Torrenting. You don’t want your ISP to send you ugly letters from movie companies. Too many, and they will disconnect you, and you could become the target of a lawsuit.

6. Accessing your home network securely from a remote location. If you run syncthing, have self hosted services, or a NAS you want to access remotely, you should use a VPN to your home. Wireguard is very easy to self host on a Pi, Anna I world look into that rather than depend upon what might be outdated software on your router.

In a corporate setting, there are some slightly different but similar scenarios. Running a VPN at home for almost any other reason at all does not yield benefits, but just moves one possible layer of trust to another place (your ISP to the VPN provider) and does nothing to actually make your data more secure. Trackers use a number of metrics, of which IP addresses are only one, so you’ll need to use a combination of things to avoid fingerprinting.

Consider your threat profile at all times. Security against an ad tracker or against doxxing online is very different from security from a state actor.

Avatar
liminal 🦠 2y ago

Wow, this cleared up a lot for me. Thanks so much for your input! So far, Pi-Hole is working great, and I've gotten it to be my DNS provider with Unbound. Its all been a great learning experience and maybe at some point I will need to use a some sort of VPN as I go further into the self-hosting world. Hopefully others could be pointed to this thread, or even add their own perspectives.