I'm comfortable with a DNS based blocker (pi-hole) and it seems to work quite well. Bonus: It works across all devices on the network, rather than installing something onto the OS.
I seem to end up regretting anything I do at the network level to block traffic. It always seems to pop up that one weird time I actually do need something from a blocked domain to load, and it takes me way too long to remember that's what I did to block it.
I have a network configuration with 2 dnsmasqs, 1 with pi-hole-style hosts block, and 1 without, and most of my devices get the ad-blocking DNS, 1 gets the "unfiltered" DNS.
I'm not refuting what youre saying in any way; this is just a related suggestion for anyone using PiHole who occasionally runs into what you've described.
There's an Android app called flutterhole which can connect to and activate your pihole's 'pause blocking' feature. I have found this to be the easiest way around the scenario the poster above has mentioned. Doesn't help with figuring out PiHole is responsible obviously. HTH.
I personally setup an instance of Homebridge on the device running Pi-Hole, then use HomeKit on my Apple products to turn Pi-Hole on/off as if it were a light bulb.
ISP’s router has unrestricted Wi-Fi access. I run a router behind it with restricted (via pi-hole) access.
All devices connect to the restricted Wi-Fi. Any time I need unrestricted access, I connect to the ISP router Wi-Fi for some time and back to the restricted when done.
I had that same issue until I started using mine over tailscale. One of my computers acts as the DNS server for the whole network with pihole on it, and then anytime I need to get around something I temporarily disconnect from my tailnet. Super nice cause then I get no ads on my phone too.
Good point. Its fine if I'm the only one using the network, but I'll admit it can take a bit before I connect the dots between pi-hole and "this link I'm clicking off google won't load".
I find it also a bit frustrating because browsers may even ignore your network's DNS settings so you can easily get unexpected behavior (yes, I know it's expected if you are a domain expert but I'm not and it shouldn't be surprising when users are shocked that they implement a pihole and see their machine is using a different DNS than expected. I'd actually expect novice users to be surprised in this case)
FF enables this and they aren't not ignoring the ISPs. Settings > Privacy and Security > DNS over HTTPS
There is a reason to do this btw. The name should say it all. It'll default to cloudflare but they let you specify what you want. The utility? Let's say I'm not an advanced user, what's my DNS look like? Is it DoH? We both know the answer. So defaulting so users' traffic is default DoH sounds like a security improvement. There's also an additional utility. If I take my laptop and move from my home network to another one, I actually don't end up using a different DNS.
You can also use Mullvad's DNS[0], or switch to 1.1.1.2/1.0.0.2 if you want malware protection on Cloudflare's DNS.
Stop making up conspiracies that don't exist. There's enough BS in the world already that we don't need to make ones up to be upset.
I recommend adding a tray icon that disables it for 60 seconds (super helpful for the odd site that serves something critical from an ads domain… like my bank).
Only downside is apps don’t have to use system DNS and a few mobile ones are wise enough to bypass.
I don't mind PiHole, but it doesn't do nearly as good a job of ad blocking as a "real" browser plugin does.
The amount of crap that still comes through when I turn off uBlock -- but am still using PiHole DNS, which is always active on my home network -- is a lot.
Honestly I don't think DNS-based adblocking is really viable, long-term. It's just too easy for advertisers and dirtbag website operators to get around it. There's just no substitute for controlling the retrieval of content elements and their presentation from the application where the user is doing the interaction.
This is why keeping browsers out of the hands of adtech corporations is pretty important; once they control that presentation layer it's largely game over. They can just tunnel all the traffic through a single connection to a relay server, if they want to, and there won't be shit a user can do about it once they've decided that's the only browser they can use.