[nyolfen]

on ios, if you have a pihole set up, you can use dnscloak[1] to block advertising and tracking servers. (alternatively you can use one of the servers listed in the app by default if you care to trust someone else's dns server.)

you can set it to 'connect on demand', ie always on mode, at the cost of a bit of battery (not enough for me to be bothered). it acts as a vpn but only for your dns queries. afaik this is the best single step privacy option on ios at the moment.

[1] https://itunes.apple.com/us/app/dnscloak-secure-dns-client/i...

[kmlx]

pihole? you have got to be kidding. i’d trust basically anything else than a dns box.

[snazz]

If you don’t trust the Pi-hole developers themselves, it isn’t too hard to build an equivalent setup with dnsmasq and your own configuration. Pi-hole does prioritize convenience over security in a number of ways so this isn’t an unreasonable choice.

[nyolfen]

okay

[revvx]

Why?

[kmlx]

All of your traffic, every single DNS query going thru a single unverified codebase off of github? i mean i know regular folk are quite naive with tech. but i hoped us tech people are less so.