pi-hole is worse at adblocking than browser based adblockers (ublock origin, abp, etc.) because they can only block on domains. so it can't block ads such as
somesite.example/ads/banner1.jpg
or
somecdn.example/adcompany/ads.js
it also can't block inline ads such as those in google search results.
Exactly. DNS-based blocking is basically using an oversize hammer to drive nails. It works in some cases, but eventually you're going to run in to either false positives or false negatives depending on how it's configured.
It's basically only actually useful for locked down platforms like certain fruit-flavored mobile devices that don't allow their users to install a proper ad blocker. If you use platforms that respect their users' choices of software you don't need it.
>It's basically only actually useful for locked down platforms like certain fruit-flavored mobile devices that don't allow their users to install a proper ad blocker
Sure, it would be chaos if you expect everything to just work out OK. But if you defang Windows 10 properly, it doesn't need to reach Microsoft servers. That is, blocking is a supplementary measure.
When I last used Windows, you could host updates locally. And I believe that Microsoft actually recommended that for large firms.
Yes, but the server that gets and shares those updates need contain no PII.
I do not trust Microsoft. And so, when I need to use Windows 10, I do it in a very careful way. I start with an anonymously obtained installer. I install and update in a VM, with Internet connectivity through a nested VPN chain. Then I clone the VM, and work in the clone, with *.microsoft.com blocked.
When necessary, I update another fresh clone. Then I clone that, and securely transfer files from the first clone. That way, Microsoft never sees anything except for a clean install, and has no PII to track.
The relevant question is whether it's 80% of people who are using pihole; that number is probably still pretty high, but lower than the average population I expect.