[bilekas]

> Privaxy is also way more capable than DNS-based blockers as it is able to operate directly on URLs and to inject resources into web pages.

I'm not sure I understand why it would be more capable than a DNS blocker ?

If it's just because you can inject into the traffic that's comparing apples and oranges ? Or am I missing something ?

[captn3m0]

Let’s say a text based ad shows up in a div with the id “advert”.

A DNS based blocker will not be able to block it, but an extension or a proxy based blocker that looks at the HTML content will be able to block it.

So yeah, inject as well as as modify the HTML directly.

It could do things like shimming advertising libraries as well defanging them potentially.

[sumtechguy]

To add to that. DNS block is basically 'built in' for this type of filtering as you can just make your filter strings your list of DNS sites. It does have the downside that not everything is http. That is where a real DNS filter comes into play with known malicious endpoints. So a combination is very nice to have.

[bilekas]

Okay, that makes a bit more sense now actually!

[Septem9er]

Simply because it isn't always enough to look at the domain to decide if it should be filtered (for serving ads or whatever). That's one reasons why DNS blockers can filter less effectively than e.g. browser addons.

So yes, the reason is exactly as stated in the quote. It is more capable because it can operate on URLs and on the resources of the website directly.

[ThePhysicist]

Because you can modify HTML and other resources on the fly, i.e. you can remove tracker scripts before they would even be able to send stuff to a third party.