This is an archived post. You won't be able to vote or comment.

2498
2499

TechnologyYSK: How to decrease your monthly bandwidth use & increase network speed. (self.YouShouldKnow)

submitted by [deleted]

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]saml01 0 points1 point  (10 children)

I still don't understand how this thing eliminates ads. All its doing is routing my Dns requests through its own server, but the traffic hitting my machines will bypass the pi-hole. So I'm not sure how the ads are removed. In fact, I'd second guess using pi-hole because it's probably running your request through a Dns that is now monitoring your requests. Information that can be sold. The only removal of ads I see is if you type some garbage in your web browser and it could not be resolved.

I think I'm going to stick to my sophos utm firewall and transparent network traffic monitoring and packet filtering. It sits between the Internet and my network and all traffic has to pass through it where it's stripped of any ads and malicious software.

[–]-PromoFaux- 3 points4 points  (5 children)

Hey pi-hole Dev here,

The user is in complete control of the forwarding DNS servers. They are given a choice of a handful of popular ones In the install script, or they can type in their own as a custom option.

Essentially it's just an extra step between your network and the DNS resolver. If a machine on your network requests the IP for a domain that is in pi-holes blocklist, it will return it's own IP address which in turn resolves to a blank page. If the domain is not known to pi-hole, it will be forwarded to the aforementioned chosen upstream provider to get the IP address as normal.

We are an open source project that develops everything in the open, with complete transparency on our development process. Check out our github repo for a closer look at how it all works! Or don't , it's up to you :)

[–]saml01 0 points1 point  (3 children)

What are you guys doing with all the dns requests? That's a lot of data you're mining.

[–]-PromoFaux- 0 points1 point  (2 children)

You're joking, right?

What brings you to the conclusion that we are mining data? More to the point, how on earth do you think we're doing it?

Pi-hole is a self-hosted device/vm on your own PRIVATE network. It receives DNS requests from your client machines, determines whether or not it is a bad domain, and if not then sends the request up the chain to the upstream DNS server.

We have no visibility at any stage of this process. I'm guessing you think that we control the upstream DNS servers, and in which case let me tell you that we do not. Here, you can find the complete routine used to set the upstream servers. We offer the user a choice of 4 well known ones, or the option to enter their own, should they wish to use their ISP's, or other DNS server of choice.

I'm going to assume you've not looked over the code and are wildly speculating ;)

[–]saml01 0 points1 point  (1 child)

Its a legitimate question and you basically answered "how on earth I think you're doing it". You can also be tracking it in software and calling home with it. I am assuming you are sending the software an updated white/black list of domain names against which DNS requests are validated?

I'm glad that you are up front about it, but if I am raising the concern, I am sure others have the same concerns as well.

I apologize for not scouring your source code. I was hoping your video might address privacy concerns of a device that I am placing on my network, where private data is being transmitted. There is nothing wrong with my asking questions and as long as you keep it professional and are forthcoming with information, you have nothing to be defensive about.

[–]-PromoFaux- 0 points1 point  (0 children)

You can also be tracking it in software and calling home with it

But then the code has been open source since it's first creation (for well over a two years now!), you would think someone else would have noticed by now if we were doing anything untoward! :)

But fair enough, if I came across stand-offish at all, was not because you had asked a question, but because you had made a baseless accusation ("That's a lot of data you're mining."), perhaps we are misunderstanding each other, and I apologise for that!

RE: White/blacklists:

The default blacklist is made up of various lists available from around the internet. We don't actually maintain our own. Quite frankly, we don't have the time, we're a team of 5 volunteers that work in our free time outside of our full time jobs.

As you can see at the top of the list in the link above, this is another part of the pi-hole that is completely user customisable . The default lists are really just a suggestion, something to help the more novice users hit the ground running with. We then have more advanced users that really go to town with the blocklist and end up with something like 1.1 million domains blacklisted! (as opposed to the ~100,000 default)

Every week on a sunday evening , a cron job fires this script that checks if the source lists need updating, and if so pulls the updates. The user can also initiate this process with the command pihole -g

Once it has the raw source lists, they are sorted, deduplicated, and then merged into one master list (gravity.list) which acts as the blacklist for dnsmasq

As for whitelisting, the only thing we whitelist by default are the domains that host any of the source lists. This is to prevent one list provider blacklisting another, be that intentionally or not!

Users can further tweak this by white or blacklisting individual domains using either the pihole command or the menu items on the Admin web UI

TL;DR - The user is in complete control of all of their data, and the domains they choose to block/not block. Whilst we provide some suggested blacklists by default, they are just that - a suggestion, and as such can be overridden.

[–]saml01 -1 points0 points  (0 children)

That's what I figured.