top | item 42057409

(no title)

For me the two things that show this well are:

1. Quick and easy: Install pihole and add every reasonable list you can find of tracker urls to block. And just watch the live log.

2. Takes a bit more time: install opnsense or pfsense. Block dns out of your network (but allow pihole) and watch the live log of blocked dns requests. Assuming everythong has been told to use pihole

3 (bonus round). A bit more time again: create vlans or similar put the devices that you have checked every do not call home option on and block their internet access. And watch the live logs of blocked traffic

Its quite a depressing process and not sure its worth maintaing as a live setup, but its certainly an eye opener.

Each one of these steps blocks an order of magnitude less stuff, but is interesting whats in each bucket. Pihole gets hits at an astounding rate

discuss

lokimedes|1 year ago

I tried this exact setup with a combination of Ubiquiti and pihole config. It is really unmaintainable and I missed a verification / audit layer, especially for verifying that the Chinese grass/vacuum robots didn’t leak data, etc.

It would be a full time job, and then some, when the kids’ apps didn’t work due to my block lists…

Since then I have surrendered and now use a custom Cloudflare DNS endpoint.

goodlinks|1 year ago

Fwiw ubiquity devices are some of the "set every setting to never call home but still did" devices. I cant remember if they also tried to bypass the configured dns.