More understandable why Pihole is so desirable now.
1 Like
Yes, i once opened port 53 to make use of my pi-hole outside my home, and in no time it got abused as ddos amplifier 
I would like an /e/ pi-hole with a solution for that though . But the pi-hole also needs to query a DNS, so that would not help either.
Gonna have to read more to understand. Thanks for the dialogue.
1 Like
I installed PiVPN to my Pi-hole and opened port for that VPN and connected using wireguard from f-droid. So far no problems.
Sure since I use split tunnel I can’t use that vpn connection when connected to that network wifi (at least I assume that’s causing that issue, I can connect but internet traffic isn’t working by then. I assume dns problem), but on the other hand there’s no need cause Pi-hole works via wifi without connecting to vpn.
Edit. Bit offtopic, but what would be best way to allow ebay and zooplus usage through Pi-hole, but still keeping at least most of trackers blocked? don’t remember which list block those, but whitelisting main site doesn’t help.
Also tried that vpn solution, but in the end there is always gonna be an “external DNS” server you decide to trust. Thats why i stick with nextdns for the moment. That way i can block adds and trackers no matter how connected.
1 Like
Yep, I’ve also been considering should I change or not. about blocking trackers, Tracker Control dev says something like dns can’t block all trackers as effectively as TC app can and that’s why doesn’t support to connect Pi-hole (at least via vpn which would require changes cause TC uses vpn slot). But don’t quote me on this one, should find where he mentioned that…
Anyway I assume you can use NextDNS with Tracker Control, as well as with RethinkDNS. Just wonder which would be best to choose. Especially since I do need access to pivpn when needed for checking MotionEye alerts I get to telegram.
Also would be nice to know more of /e/ upcoming built in privacy protection / privacy central, whatever it will be named.
1 Like
Did TC dev explain why TC app can block more effectively?
Just tested TC + NextDNS, got message “Private DNS must be disabled”, doesn’t that mean TC also uses DNS to block… 
1 Like
I think it was this & following comments:
2 Likes
I am seeing this on my previous mentioned non-root testphone too. Its a little toaster message that pops up for 3 seconds or so then disappears.
The dilemma I see is that I don’t know what I don’t know. I know I can minimize tracking mechanisms but what is still getting through and giving Google/big tech info to fingerprint me?
From my inexperienced perspective (similar, but maybe just a bit more knowledge than the mass population) I keep thinking a setup good for simple users is Quad9/NextDNS/RethinkDNS at the system setting coupled with a VPN or… Blokada (claims DNS/Tracker Blocking/VPN all together)
For those power users/more knowledgeable one of @marcdw suggestions (root) might do a better job of more complete privacy protection. But then some will say, “you can’t have privacy without security and you don’t have verified boot and you have rooted your device…”.
So again the dilemma… What is best? One must have some education or they are somewhat blindly trusting in following any solution.
To get a good chunk of the population to use good privacy tools like /e/ and what is outlined here it must be simple and verifiable for people to gravitate to the said solution. (FOSS, @huuhaa example of RethinkDNS developer/FDroid auditing backend of what was really happening👇)
What is not “simple” for me is this example 
and others like it using different combinations.
I did a quick peek at the TC github repo, as far as i can see it also uses “hosts files”
So not sure why TC can do the job better. (don’t mean to bash TC, just curious)
1 Like
Thanks for sharing, more learning…so TC is using these resouces “mozilla-services”?
Mozilla and their “own” hosts file, extracted from apps as far as i understand.
1 Like
Is there a TC dev here that could dumb it down a bit for those like me?
Adding more tools to the pot. Have no experience with the following item.
On the topic of DNS changing I saw mention of an app called Nebulo (from Frostnerd) awhile back. Sounds like yet another tool to consider. Though it uses a local VPN slot it can also be used in non-VPN ways and possibly together with other apps.
Available from their Git, their own F-Droid repo, Play/Aurora Store, and /e/ Apps.
1 Like
I asked on their Telegram support, tracker-control-android/xray-blacklist.json at master · OxfordHCC/tracker-control-android · GitHub is the file containing domains extracted from apps. Together with the hosts file and the json from Mozilla would sum all domains blocked.
1 Like
xray-blacklist.json, host file, json from Mozilla: from your view is this giving more tracker protection than what you are seeing within the blocklists you are currently using with NextDNS (or Quad9/RethinkDNS/DNSCrypt not used to block trackers, only encrypt)? Im trying to understand the pros and cons of each solution. Thanks.
*Also trying to understand the impact of the blocking taking place locally at the VPN slot vs at DNS servers. The packets from the phone to the DNS are encrypted and I would think the tracking info would be contained therein so I don’t see how the trackers could get “home” unless they went undetected when decrypted by DNS and routed vs blocked.
*Thinking, its likely the preference of having local control (TC) of blocking vs that info being sent to a “trusted” entity (DNS).
Can’t say, therefore i’d have to query nextdns with all domains in the combined list from TC, and all domains in the nextdns block lists in TC.
Someone has to have done this. I’m gonna see if I can find it somewhere on the web. If I knew how I would do it.