So, there’s a good chance you have a home network.
And you have kids, and visitors, and smart devices, and smart TV’s, and more electronics than you care to count; all downloading ads like nobody’s business, sending tracking information back to lord knows where, telling who knows what about you.
Albeit that might explain why some Chinese drop-ship site is now advertising chainmail and swords, or maybe not.
There’s also barely enough time in your day to manage it, or work out how to avoid spending dollars on apps or subscriptions to maintain it, or having to screw around with VPN’s, or wondering just what they’re going to do with your data anyway despite paying them for a service to keep data private.
And I’ve not even mentioned about keeping your DNS queries encrypted, and away from prying eyes who want to monitor you, or worse – monetise your browsing data so companies can market to you more easily.
So – can you fix this without going bald? (or balder). Yes, you can.
And here’s how I did it:
- A device that can run Ubuntu or some decent Linux distribution (RaspberryPI, a router like the Synology RT2600ac, or an IoT device)
- A computer you can use for SSH access to your chosen device; and
- If you’re lucky, some scripts to make installing it all a breeze.
Get some installation scripts
When I first did this – I went with running it on my router. That was achieved using syno-router-scripts, which installed not only the Ubuntu environment I needed, plus Adguard Home – an Adblocker i’d not heard of before but was right up to the task.
I just followed the steps, and before I knew it – I had an Adblocking solution deployed and running on my home network.
No need to modify or change settings on all the devices around my house – as the router in question was already the DNS provider, and Adguard Home simply stepped in and did that job.
I’ve since switched over to running it via a RaspberryPI.
Find some blocking rulesets
Once you have Adguard Home installed, you need to tell it which nasty domains don’t get to scale your castle walls.
There’s a lot of existing rules and rule lists out there, and the list of lists I use can be found on GitHub.
Once I’d found the lists I’d like, I’d just added them to Adguard Home > Filters > DNS Blocklists.
Don’t forget to pick some secure DNS services
Yep, Adguard Home also makes delivering secure DNS for everyone in your house a breeze.
For me, I swear by and trust Cloudflare; so their 18.104.22.168 DNS service (which is free) is a breeze, and their privacy position is bankable.
Add in the following list of their DNS servers, and you’ll achieve that extra bit of security in no time.
tls://22.214.171.124 tls://126.96.36.199 https://cloudflare-dns.com/dns-query https://security.cloudflare-dns.com/dns-query 188.8.131.52 184.108.40.206
And for those lucky enough to have IPv6 connections at your disposal, add these entries right at the top of the list:
tls://2606:4700:4700::1111 tls://2606:4700:4700::1001 2606:4700:4700::1111 2606:4700:4700::1001
And that’s it
In less than 10 minutes, I had a fantastic ad and malware blocking solution up and running.
And if you have kids, the solution also has safe search intergrated, block inappropriate content and specified services in a few key clicks (naugty kids this weekend – quickly turn off Steam and Facebook as a punishment).
Most importantly, the data is yours. Nothing additional leaves your network or is sold to 3rd parties. You can even review the logs of what isn’t being blocked, and made a decision about adding things to the blocklist.
Straight off the bat – I almost died of shock when I saw just how much unnecessary data was leaking out of my own Smart TV – and none of it relevant to anything useful. Just the maker and the apps on it collecting unnecessary tracking data.
An example of just how much traffic has been blocked using AdGuard Home – nearly 3 in every 10 requests are ads, trackers, or other tattle tales that shouldn’t be sharing secrets.
My block lists have about 1.26 million entries in them; and I’m dropping about 30% of the traffic requests out of my network.
I’ve found trackers beyond trackers; and some on-device apps that are snitching data constantly when their apps aren’t in use (I’m looking right at you Just Eat and Menulog). Really tempted to unblock them for a while and break out Wireshark and see just what they’re sending out.
And does Youtube go nuts on the video advertising. Turning on one just one blocklist today caused the Youtube app to lose its mind (still functioned without issue), but also to ‘rat out’ a further 50+ domains where they serve video ad content from. Those will be added back to that block list very quickly.
One thought on “Blocking ads at home, easily”
Nice work. I’ve been thinking of putting together a Pi to do a few things for me, including some network security and probably homebridge too. My pi zero W is doing the job, but it seriously lacks memory to be stable enough, and updating is a nightmare.