Vexz

@[email protected]

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Vexz,

On my device: Settings > Internet & Connectivity > VPN > Cogweel next to the VPN settings > There's the option

Vexz,

I don't have a Samsung but on my device:
Settings > Internet & Connectivity > VPN > Cogweel next to the VPN settings > There's the option

Vexz,

I use AdGuard and do the same with its built in Firewall feature for GBoard. The thing is, since I don't use custom ROMs I can't be sure that GBoard won't just use Google Services for spying/tracking.

Vexz,

The first thing that pops up in my mind is your public IPv4. You see, in your home LAN every device uses the same public IPv4 to communicate in the internet. So if one device browses for something like an iPhone and you're being tracked then those ad brokers deliver iPhone ads to this public IPv4 and every device behind this public IPv4 will see those ads. Nobody on the internet knows whether behind this public IPv4 is a single device or a LAN with many devices.

Vexz,

Either they're okay with a switch and it's easy or they are not open for that and it's impossible to change their mind.

Pretty much nobody I know wants to switch to Signal or any other messaging app. So it's SMS communication with them because I definitely won't install WhatsApp.

Vexz,

Not even gonna name the source where you got that from? :P

Vexz,

But afaik it only works in the browser, not on mobile apps unless that changed in the last few months.

Vexz,

Imo only in terms of privacy. I tried it a few times over like two to three days but I always went back to Plex. Jellyfin is a nice piece of software though. I can imagine my switch will happen in a few years.

Time to ditch #duckduckgo (lemmy.world)

In the last couple of months I have noticed an increasing trend of supplying me search results that are completely unrelated to the current query and tie back to my location or previous searches. I can say this with a high degree of certainty this is without a doubt beyond the 100th instance this has happened....

Vexz,

Me too. I was so reluctant to pay for a search engine at first since there are good alternatives out there I don't have to pay for. But I just at least wanted to try the first 100 free searches and was blown away by how great it is. It has some unique features like prioritizing or blocking specific domains, lenses and custom bangs. I payed the $10 the same day for Pro tier and 5 days later (yesterday) I even upgraded to Ultimate tier with ChatGPT-4 (called Kagi Assistant). I really, really enjoy Kagi so far. Most probably it's gonna be my one and only search engine for the next years to come.

Vexz,

Kagi is awesome! I recently fell in love with it.

Vexz,

Yes, you can. You can block any domain you want to appear in your search results. Here's the documentation for this feature.

Vexz,

I have a Synology NAS so I use Hyper Backup and upload my backups in the Synology C2 Cloud. Of course all my files are encrypted first before they get uploaded.

Vexz,

Why would they want to stop? This is their fight against adblockers and on Chromium based browsers it's an effective way so of course they keep pushing. ;)

Vexz,

The question still remains because what upstream DNS server in Pi-hole will you use? You'll always need to use a DNS server on the internet unless you use hyperlocal.

Vexz,

You don't cut the middle man, you create the middle man with Unbound. And Unbound needs to ask other DNS servers on the internet to resolve DNS queries. Your local DNS server can't just magically know which IP is behind a domain like for example google.com. It needs to ask other DNS servers that know the answer. So unless you're not using hyperlocal you will always need a DNS server on the internet to browse the web.

Here's an explanation by Cloudflare.

Vexz,

tl;dr: Cut out Cloudfare’s recursive resolver (or anyone else’s) and run your own via PiHole and Unbound.

Tell me you didn't read the article without telling me you didn't read the article. Let me point out the relevant part for you:
"A recursive resolver (also known as a DNS recursor) is the first stop in a DNS query. The recursive resolver acts as a middleman between a client and a DNS nameserver. After receiving a DNS query from a web client, a recursive resolver will either respond with cached data, or send a request to a root nameserver, [...]"

See that last part with "or send a request to a root nameserver"? That is the DNS server on the internet your Unbound DNS server will ask if it doesn't have the answer cached for you already.

Umm, Unbound is on your machine. So you’re saying you are your own middle man lol…

Exactly! Since the Unbound DNS server is your server you created your middle man server yourself. "middle man" has a very negative taste but in this case it really isn't bad at all.

It asks the authoritative nameservers, which is who external DNS servers ask. By using Unbound, you are cutting out those external DNS servers, because you/Unbound is the DNS server. You are asking the authoritative name server directly instead of inserting someone else to ask on your behalf.

Okay, so you get it but you don't get it fully. Again: Your Unbound DNS server can't magically know which IPs are behind a domain name. So what does it do? It asks a DNS server on the internet because they know the answer. When you Unbound DNS server got the answer it then tells your computer.

Unbound (your machine) is asking the DNS nameserver.

YES! And where do you think is the DNS server Unbound asks if it doesn't know the answer because it's not cached yet? It's some server on the internet.

You’re saying you are your own middleman lol.

I said you create your own middle man. Unbound is your middle man in this case because you make it look up the IPs behind the domains and it tells your computer these IPs then.

Instead of:
<Client> --> asks --> <DNS server on the internet> --> answers --> <Client>
You do:
<Client> --> asks --> <Unbound DNS (the middle man)> --> asks --> <DNS server on the internet> --> answers --> <Unbound DNS (the middle man)> --> answers --> <Client>
Let me say it again: Your Unbound DNS server being the middle man isn't a bad thing so please don't think "middle man" is always a negative term.

I’m saying cut out Cloudfare’s recursive resolver and run your own via PiHole and Unbound.

I just linked Cloudflare's article about it because they explain it well. Doesn't mean one must use Cloudflare's DNS servers.

Did you read the article I linked?

Yes, I did. But I knew what a recursive resolver is before I checked the link because I'm a professional IT administrator and I know how DNS works. It's part of my job.

Vexz,

Looks like my answer wasn't saved, great...

Anyway, sorry for not reading all of that, but I'll make it short and stop discussing because I feel like this is leading nowhere.

Unless you're using hyperlocal and cover all TLDs and wanna browse the internet there's technically no way around but to use an online DNS server. So coming back to the privacy aspect of this topic the question is: Which one do you trust?

Vexz,

My thoughts exactly. Next is: "OMG did you know there's the all seeing eye on the dollar notes! That means you're being spied on wherever there is cash!!!!"
Stuff like this just makes me wanna roll my eyes.

Vexz,

True. I recommend a DNS based adblocker like Pi-hole and an extra adblocker like uBO in your browser. If you can't access a website you'll immediately know who is the culprit blocking the site you're trying to access.

Vexz,

Do you know any minimal Invidious UI you can run from a Podman/Docker container? Like just the frontend, so that I can use Firefox instead of that. I think having that as a base and adding the freetube features would be great.

Use your favorite search engine and you'll probably find something. Or self host a Piped instance. It's very similar to Invidious but imo even better.

Vexz,

I did that a while ago but always ran in timeouts for some search engines (varied from time to time). Also the order of search results is often completely fucked up. And sometimes I search for something and got something completely different. For example I searched for something like "open source software" and the search results were filled with porn lol.

Also what's bad about self hosting this in your home network is that your SearXNG instance does the searches from your home network of course. That means all the searches to all the selected search engines like Google, Bing etc. are made from your IP which is counterproductive when it's privacy you're trying to achieve.

Vexz,

Better use the fork I still don't care about cookies. The reason why is stated on the GitHub page.

Vexz,

Open uBO settings > Filter lists > scroll down and click on import > a text box opens where you put the links of your custom filter lists (one per line) > apply changes

Vexz,

Dunno. That would mean websites would know what filter lists inside an adblocker browser addon you use, which I can't imagine tbh. But I'd say it's a gamble. With more block lists you can achieve more privacy but maybe (if privacybro is right) fingerprinting you is easier. You decide what is the right choice to make here.

Vexz, (edited )

To me it looks more like this website tries to guess what filter lists I'm using. In my case it for example detects "EasyList Portuguese", "Latvian List" and some others that I definitely don't use. Also there are some lists it doesn't detect. It definitely makes it easier to fingerprint me but it can't tell exactly all the lists I use.

But it also detects other addons like Dark Reader. And since pretty much everyone has their own set of addons in their browser they're easy to fingerprint anyway. One probably should just use uBO with standard filters as the only addon and that's it. But I can't live without Dark Reader and some other addons that I use. That sucks but it is what it is. At this point adding additional filter lists probably won't make it worse.

Vexz,

Depends on what is secure enough to you. For me that is secure enough but I know a ton of people out there who would say it's not secure enough for them. So in the end it's up to you. Think about the risks and make a decision.

Vexz,

More like to avoid them even better. :D

Vexz,

I second mailbox.org. Great email provider that I use too.

Vexz,

Startpage was bought by an advertising company. I suggest to not bother with that search engine anymore.

Vexz,

That's true but we're here at [email protected] so people here only care about the privacy aspect and not how companies finance their services. If you still wanna use Startpage and risk your privacy then go for it.

Vexz,

I use a Synology NAS which I can access from everywhere as long as I have internet connection.

Vexz,

I second this. Been using this tool since it was first released. It's a must for everyone who uses Win10/Win11, has a sense of privacy and has a reason why he cannot switch to Linux.

Vexz,

Good choices! Though Privacy Badger is not advised.

Vexz,

The title is misleading. The article only talks about LinkedIn.

Vexz,

There are even services that send you newsletter shit although you made sure you're opted out.
Also there's newsletter with a link to opt out but the link is just fake. I hate it so much.

Vexz,

Maybe because that's just a firewall that can be installed on Windows, Debian/Ubuntu and Fedora. What about your mobile devices? This is where Pi-hole, AGH, NextDNS etc. win.

Vexz,

I use Pi-Hole and works great. I’ve heard about AdGuard and seems the same thing as PiHole

Only if you're talking about AdGuard Home, then yes. When you talk about AdGuard you usually just mean the adblocker app which is something completely different.

I used all three of them. While AdGuard Home has some nice features that Pi-hole doesn't, it in my experience has much more problems and has been unstable on some updates. So since you prefer stability for your DNS server I'd recommend Pi-hole over AdGuard Home.
NextDNS doesn't need to be self-hosted because it's a service on the internet. The disadvantage is that you are offered a list of blocklists from which you can choose but unlike Pi-hole or AdGuard Home you cannot add more lists. But they offer many lists so that's not a big problem. If you need more than 300k queries a month you need to pay for their service. But since NextDNS is a service on the internet it means that you can use it on all of your devices no matter where you are.

Vexz,

… any app can bypass easily your DHCP DNS provided…

In my network it can only do that if the app has a hardcoded encrypted DNS server because I use NAT rules to force all unencrypted DNS to be processed by my OPNsense (which uses NextDNS as upstream DNS servers). And I highly doubt many apps even have a hardcoded DNS server anyway (no matter if unencrypted or encrypted).

and as I said, I don’t install any weird app on my phone, I just use it as a phone, to communicate, chat and to download podcasts to listen on night.

That's your personal use case but not everyone elses. I do much more with my phone. For example browsing. And I think most people do it too. Anyway, as long as you use mobile internet even your OS on your phone could spy on you with tracker domains. Most people don't use a custom ROM so you're just one of few people who this doesn't apply to.

While you just win at your local home network… xD

Wrong. I use NextDNS so I have it everywhere. ;)

Vexz,

Read the whole sentence. That "just" belongs to the fact that it's only available on a few selected OSes and none of them are for mobile devices.

Vexz,

and I was talking about Pi-Hole

Well, you said "you" so I thought you were talking about me since you replied to my comment.

Firefox and Telegram for example has built-in DNS if I’m not wrong. (you can disable it easily)

Right. I don't know about Telegram but in Firefoxes case I think it's disabled by default. I specifically checked that on my Firefox so it won't bypass my OPNsense.

We are sharing our use cases. And my context was “I don’t understand why people even talks about Pi-Hole”

You don't see it, do you? First you talk about your use case but then you talk about other people. So not your use case anymore. In their use case a Pi-hole, AdGuard Home, NextDNS or whatever else maybe makes sense and isn't a bad choice.

EDIT: Also, I think using your phone for other things is wrong, they aren’t really designed for that, they aren’t that secure as a PC can be.

Erm... what?? Smartphones are designed for many different things. Browsing the internet is just one of many things it's made for. It's called "smartphone" for a reason.

Vexz,

Really? How do I do that? I'd love to add the Neo Dev Host List to NextDNS.

Vexz,

As long as it works fine for you I'm glad. :)
If you're interested here are my three bad experiences with AGH:

  • The "use AdGuard browsing security web service" option made all DNS queries so slow after a week to the point where nothing was resolved anymore. (That was 2 years ago, maybe fixed now)
  • They removed some library with an update which caused a panic when booting AGH so it wouldn't start anymore. That library was needed to use the DoH encryption of one of my upstream DNS servers. I had to remove that one from my config.
  • The next update didn't fix this issue but added another one: A few hours of running this version ( I don't remember the version number) the AGH service suddenly crashed. I started it again but 5 minutes later it would crash again. That was the point where I stopped using AGH because it didn't feel reliable anymore and updates only made it worse.
Vexz,

Good choice. I've switched from pfSense to OPNsense over a year ago and I never looked back. Now that the news are out there's one more reason for me to not look back.

Vexz,

Does it have to be an app? I decided against an app because there are good websites like dict.cc with a mobile browser version which does its job very well. Another app less.

Looking for a website like tracker control app

Not to long ago I had a website that functioned like the tracker control app. When using the site it would test against a list of trackers and tell me what my 1Blocker app is actively blocking. I cannot for the life of me remember the url or find it. I’m hoping someone here knows what I’m looking for. TIA

Vexz,

Haha, you're welcome. :D

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • uselessserver093
  • Food
  • aaaaaaacccccccce
  • test
  • CafeMeta
  • testmag
  • MUD
  • RhythmGameZone
  • RSS
  • dabs
  • KamenRider
  • TheResearchGuardian
  • KbinCafe
  • Socialism
  • oklahoma
  • SuperSentai
  • feritale
  • All magazines
    •