[close04]

DNS filtering can only do so much. For apps that hardcode addresses you'd have to set up your own firewall. And then to protect yourself when you are "in the wild" you'd have to use an always on VPN to your own network.

There might be commercial products that do this for you. Setting this up is definitely outside of the comfort zone for the overwhelming majority of phone users.

[benologist]

One of the main things Pi-hole does is give you transparency into what domains are being contacted and with what frequency, so you can identify and block relevant domains manually.

https://discourse-cdn.pi-hole.net/uploads/default/original/2...

https://discourse.pi-hole.net/uploads/default/original/2X/5/...

[close04]

So and so. I have a PiHole and a firewall. Plenty of stuff bypasses the PiHole and doesn't show up in the dashboard. It's much better than nothing but vendors are also getting sneakier. Also when you go out of your WiFi you're competently exposed unless you VPN back into your network or use some service that provide similar functionality.

[stordoff]

Not if the analytics companies start being contacted by hardcoded IP address, or the apps otherwise avoid DNS. May not by a common technique now, but it could become one.

[lostlogin]

All of this describes my Chromecast nicely. There are others that do it too. Forcing this traffic through the Pihole isn’t always helpful though, as blocking it entirely breaks the Chromecast (which is used mainly for playing local media).

[lostlogin]

Some routers can do something like NAT !<Pihole> and on port 53 —> pihole. Mine is a Uniquiti Edgerouter. It’s not a thing for everyone though, as you say.