[goodlinks]

For me the two things that show this well are:

1. Quick and easy: Install pihole and add every reasonable list you can find of tracker urls to block. And just watch the live log.

2. Takes a bit more time: install opnsense or pfsense. Block dns out of your network (but allow pihole) and watch the live log of blocked dns requests. Assuming everythong has been told to use pihole

3 (bonus round). A bit more time again: create vlans or similar put the devices that you have checked every do not call home option on and block their internet access. And watch the live logs of blocked traffic

Its quite a depressing process and not sure its worth maintaing as a live setup, but its certainly an eye opener.

Each one of these steps blocks an order of magnitude less stuff, but is interesting whats in each bucket. Pihole gets hits at an astounding rate

[lokimedes]

I tried this exact setup with a combination of Ubiquiti and pihole config. It is really unmaintainable and I missed a verification / audit layer, especially for verifying that the Chinese grass/vacuum robots didn’t leak data, etc.

It would be a full time job, and then some, when the kids’ apps didn’t work due to my block lists…

Since then I have surrendered and now use a custom Cloudflare DNS endpoint.

[goodlinks]

Fwiw ubiquity devices are some of the "set every setting to never call home but still did" devices. I cant remember if they also tried to bypass the configured dns.

:(

[lokimedes]

Yeah, I have noticed that I may have bought into a bit too much "slick Apple UX" syndrome with my Ubiquiti "conversion", but it was sooo pretty.

[goodlinks]

I still use it but keep the devices on a vlan that cannot dial out.

And use the software not an appliance to manage it.

Its not just the slick ui, its the devices themselves, and how well it all works. I got fed up of wifi at home not being as good as at work. And unifi are cheap compared to some corporate grade stuff