A pi-hole simply black holes DNS lookups from known advertising networks and malicious domains, so your computer is unable to connect to those domains. This is good because you probably want to block those domains, but it doesn’t protect against everything. Adblocking in browser using uBlock Origin will achieve similar results, but only applies to the browser, not other applications on your computer, or say your phone or IoT device on the same network, which does DNS lookups via pi-hole. Both pi-hole and uBlock Origin do not provide any protection from hiding your real IP or your location. This is where a VPN comes in.
Personally, at the router, I black hole a minimal set of hosts from lists I know I will never want anything connecting to. For example, you could use one of the OISD lists: https://oisd.nl/. Then in your browser, you can add uBlock Origin and add more lists which you can selectively allow on websites. uBlock Origin has lists which block against internet annoyances, which pi-hole can’t block against (since it’s blocking DOM objects, and not DNS lookups). This is also useful because it’s easier to control uBlock Origin in the browser, and you can disable it for only some sites. Adding a VPN in addition to this satisfies IP and location hiding, which you can add on the whole router if it supports that, or just your computer/browser if you want.
I don’t think so, since the pi-hole (running on a raspberry pi or other computer) just acts as a DNS server which you configure as the DNS to be assigned to clients as they connect to the router.
If you’re not able to configure a VPN on the router, then setting up a VPN on the computer you’re using, not the raspberry pi, is the only option. This would only mask your computer’s IP address. This would need to be repeated on your phone and other devices as well.
One thing you may want to consider is investing in your own WiFi router; you can ask your ISP to set their modem to “bridged mode” and this will turn off their WiFi and firewall and present you with a single gateway IP to connect to. You can then connect this to your own WiFi router.
Why would you want to do this?
Well, currently your ISP is managing the device all your network connects to; it likely is able to have real time updates of all the devices that enter and leave your home, where they are in your home, and what IPs those devices connect out to at any given time.
If you run your own router, you can set up your own VPN, but also your ISP now only knows where your router connects to, and knows nothing about what goes on inside your network.
To add to this, some ISPs ([1]used to) charge monthly fees for using their router or modem. A $7/month adds up, and in a year or two, investing in your own hardware will pay for itself and give you more control.
[1] 10 years ago, you had to rent the routers, but nowadays, the router could be free. You can bet though they’re getting that $7/month another way, and it’s likely because they’re selling your data.
A pi-hole simply black holes DNS lookups from known advertising networks and malicious domains, so your computer is unable to connect to those domains. This is good because you probably want to block those domains, but it doesn’t protect against everything. Adblocking in browser using uBlock Origin will achieve similar results, but only applies to the browser, not other applications on your computer, or say your phone or IoT device on the same network, which does DNS lookups via pi-hole. Both pi-hole and uBlock Origin do not provide any protection from hiding your real IP or your location. This is where a VPN comes in.
Personally, at the router, I black hole a minimal set of hosts from lists I know I will never want anything connecting to. For example, you could use one of the OISD lists: https://oisd.nl/. Then in your browser, you can add uBlock Origin and add more lists which you can selectively allow on websites. uBlock Origin has lists which block against internet annoyances, which pi-hole can’t block against (since it’s blocking DOM objects, and not DNS lookups). This is also useful because it’s easier to control uBlock Origin in the browser, and you can disable it for only some sites. Adding a VPN in addition to this satisfies IP and location hiding, which you can add on the whole router if it supports that, or just your computer/browser if you want.
Thanks, good answer. The ISP’s router won’t run a VPN. If i ran a VPN on the pi-hole machine would that cover all devices on the network?
I don’t think so, since the pi-hole (running on a raspberry pi or other computer) just acts as a DNS server which you configure as the DNS to be assigned to clients as they connect to the router.
If you’re not able to configure a VPN on the router, then setting up a VPN on the computer you’re using, not the raspberry pi, is the only option. This would only mask your computer’s IP address. This would need to be repeated on your phone and other devices as well.
Ok, got it. many thanks
One thing you may want to consider is investing in your own WiFi router; you can ask your ISP to set their modem to “bridged mode” and this will turn off their WiFi and firewall and present you with a single gateway IP to connect to. You can then connect this to your own WiFi router.
Why would you want to do this?
Well, currently your ISP is managing the device all your network connects to; it likely is able to have real time updates of all the devices that enter and leave your home, where they are in your home, and what IPs those devices connect out to at any given time.
If you run your own router, you can set up your own VPN, but also your ISP now only knows where your router connects to, and knows nothing about what goes on inside your network.
good info. thanks
To add to this, some ISPs ([1]used to) charge monthly fees for using their router or modem. A $7/month adds up, and in a year or two, investing in your own hardware will pay for itself and give you more control.
[1] 10 years ago, you had to rent the routers, but nowadays, the router could be free. You can bet though they’re getting that $7/month another way, and it’s likely because they’re selling your data.
So pi-hole is essentially the same as something like NextDNS, just self hosted?
That’s it. Self hosted, personalisable, and that can be used network-wide (as a DHCP server) AND as a VPN (in correlation with piVPN)