What ist your AdBlock strategy?

Firefox + uBlock Origin works well for me! It's all I use.

Whatever you end up using, make sure that there is an easy way to turn it off and on from each client device. A network wide blocker could cause issues with some sites (like banking, as an example).

Tangential topic: I see some suggestions for NextDNS here as an additional layer. I can’t speak for Android, but if you’re looking for iOS/iPadOS/macOS/tvOS, note that NextDNS does not work well on these. The app hasn’t been updated for several years and toggling on the app does nothing (I like the app because I can quickly switch it off and on when needed, which cannot be done with a profile). Most of the time the test page at test.nextdns.io shows as “unconfigured”. Even the profile installation approach does not work on Apple TV (I’ve tried this a few times). Overall, the NextDNS servers around the world exist, but there is zero support and maintenance on the client side for the platforms I mentioned. The community forum has posts about issues that the founders don’t respond to.

At least on macOS, I have Little Snitch that acts as a system wide blocker (one can subscribe to blocking lists just like in uBlock Origin).

Computer browser: Brave + uBlock, LocalCDN, Privacy Badger, SponsorBlock (+ Invidious, Redlib, Nitter, etc, when it makes sense)

Phone: Hyperweb (for redirections to alternative frontends) + AdGuard Pro + ControlD DNS-over-HTTPS

Router: ControlD DNS-over-HTTPS

If you're using OpenWRT, check out AdGuard Home. But keep in mind that DNS blocking solutions aren't going to be as effective as tools like uBlock that review the DOM and apply styling filters. Both would work hand-in-hand.

I am using NextDNS [0], which also integrates well within Tailscale across all my devices. Or are you looking for a solution that works offline within OpenWRT, without relying on third parties? It appears that there are AdBlock packages available for OpenWRT[1].

[0] https://nextdns.io [1] https://github.com/openwrt/packages/blob/master/net/adblock/...

Pi-Hole doesn't need an actual Raspberry Pi.

The software runs fine on a lot of hardware. I have it dockerized (via ansible) and deployed on a couple of regular mini-PCs.

You can run it on a lot of hardware these days, or containerized.

Noscript temporary whitelist only combined with uBlock origin and sponsorblock. A CSS toggle button is important too to be able to read text when the page doesn't display correctly. As well as a "superstop" button to (near) completely end all JS execution in a tab after loading.

After 15 years of using NoScript this way I have developed a sixth sense for the minimal set of individual hostnames/ips need to be JS allowed on a typical site. I'm quite fast at it. But wix.com hosted sites and others like it that have one JS domain required to load another and so on serially 5x deep I just close rather than refreshing the page 5 times.

I haven't looked at pihole once after I discovered adguard home.

https://openwrt.org/docs/guide-user/services/dns/adguard-hom...

On a computer, just uBlock Origin and it works wonders.

Tangential question - what is the best solution for iPhone? On Androids you can use Firefox with uBlock, but it seems none of the Safari extensions on iPhone actually work, I tried some paid ones too. Brave seems to work decently well, but I have no idea why - if other browsers have some OS limitation, how does Brave go around it?

[Blocky](https://0xerr0r.github.io/blocky/latest/) + uBlock Origin with OISD blocklists (https://oisd.nl/) and Hagezi Blocklists (https://github.com/hagezi/dns-blocklists)

Firefox and uBO, plus pi-hole on an old Celeron NUC alongside some other stuff (Samba, HA, etc).

Pi-Hole is worth it, I highly recommend it. You don't need a Pi, just grab a cheap used mini PC off eBay. It's been a total set-and-forget thing.

I use Firefox + uBlock Origin for the most part.

I also have whole-network blocking via AdGuard running on a Pi. AdGuard also has a hosted option and you can just run it in a Docker container on a machine on the network.

I also have WireGuard setup on my Ubiquiti network so I often will be running my machines through that when remote which blocks ads for them too.

You don't need a pi to run pihole. It can run in docker as well. And really it's just dnsmasq with some automation and nice web interface.

Desktop: uBlock Origin in Firefox

Mobile: PiHole running in AWS. I VPN into it, with the VPN configured to only tunnel DNS lookups. Allows me to easily temporarily disable the PiHole by just disconnecting from the VPN. Gives me ad blocking in all apps.

Ignorant question: what ad blocking is required outside of your browser to require anything more than something like ublock?

My strategy is based around a single premise: zero tolerance on advertising other than self-promotion or mentions of products directly related to subject of the page I am on. With that last bit I mean the products actually have to be part of the thing I'm reading, e.g. when I'm reading something about how to solder some specific type of component I'm fine with the solder being mentioned together with a link where the stuff can be bought. I'm not fine with 'electronics-related advertising' in a story on electronics, that falls under the zero tolerance part.

I use a defence-in-depth strategy to block unwanted content:

1: on the router (OpenWRT running in a container on Proxmox), network blocking using nftables sets. This includes both advertising-related networks as well as emerging threats.

2: on the router, DNS blocking using several block lists as well as my own custom lists.

3: on the router, DNS masquerading to enforce the use of my own DNS server. This only works for applications which use normal DNS so I tend to disable DoH (DNS over HTTP) and other such things when possible. If applications insist on trying to force me to use their own idea of what a DNS service looks like I will stop using those applications if there are useable alternatives. This is my network, these are my computers, this is my domain, this is my internet connection and I am the one who controls which traffic goes where.

3: on client devices, network blocking using nftables sets or (on some devices) ipset lists.

4: on client devices, DNS blocking using the host file

5: on some Android client devices, content blocking through a device-local VPN

6: on client applications like browsers, content blocking through either extensions like uBlock Origin and/or by using native content blocking capabilities (e.g. the Cromite browser on Android which I use when I have to test something with a non-Firefox browser)

7: as a last resort, my hands and eyes. If somehow advertising makes it way past all the hurdles I throw in its path I just close the page/application/window/. Thou Shall Not Pass and that's it.

While all this may sound like a lot of work it actually is not. I set up the blocking on the router once and keep the lists up to date automatically using a cron job. The same is true for client devices. Once installed the stuff mostly does its job without bothering me apart from some pages not working - so what, there's enough alternatives out there. I don't like ads, get it? No ads, zip, nada, zilch. Don't Advertise On Me.

Firefox and uBlock Origin at the browser level on desktop/laptop. For trackers specifically Firefox also has its built in tracking protection.

NextDNS at the network level for all of my devices that support tailscale[1] wherever they may be in the world.

NextDNS for any other home devices via my router's DNS settings.

[1]: https://tailscale.com/kb/1218/nextdns

I use Firefox forks with uBlock. Librewolf on desktop and Fennec on android.

My husband uses an iPhone, so I run DNS level ad blocking on my OpenWRT router.

Works pretty well most of the time

Control D for DNS blocking and Ublock origin on all browsers.

It would be nice to setup something locally, but I'm lazy (spend my time on other things) and just want it to work.

Brave + ublock origin. Almost never see YT ads and haven’t seen a Twitch ad for awhile. If I accidentally see a YT ad refreshing the page makes it go away.

Pihole with like 2 million blocked domains, no major social media use, wireguard on mobile, Brave browser, don't watch TV

DNS filtering is good enough these days. I have very few ad-thirsty apps that I need. On my Android VPN + Cromite browser does the job, on my PC uBlock Lite will do it.

Am always using gluetun VPN hosted on a VPS with these two options: BLOCK_ADS=on BLOCK_SURVEILLANCE=on and I don't see any ads anywhere, even on the Twitter site!

Not mentioned yet: Paying for YouTube Premium if you and your other family members watch a lot of YT. This is only needed for Smart TVs. It's $23 per month for up to a family of five. You also get YouTube Music as well.

Otherwise, I use Firefox + uBlock Origin + Privacy Badger and also have redundant PiHole servers.

I literally JUST set this up for myself on Openwrt (Running on my Pi4) this past week. I tried two popular solutions that both didn't work well and/or I felt were not very intuitive to setup if I needed to re implement them in the future. I started with fresh factory images after each attempt.

The third one I found a very easy method and now am currently using Control-D DNS with free ad/tracker/malware blocking over the modern DoQ protocol. Got it running in less than 30 minutes. ControlD latency appears as fast as any free DNS I've tried (Quad9, OpenDNS for years, etc), including my own ISP, so I am lucky location-wise.

I'll send you all my notes and guidance if want. Email me at my throwaway xyzx

@

duck.com

I just use Brave. It works on my phone.

and Chrome for Google integration.

I’ve used Pi-Hole before, and I had to troubleshoot in a few instances when I was traveling away from home. I stopped using it to simplify my setup.

The ideal setup I want to try is to have something like AdGuard Home at the Router. My current setup on our devices already has AdGuard App running with NextDNS as the DNS Resolver. This setup works pretty well while connecting to any network. NextDNS handles the DNS, while AdGuad AdBlocker works well with the client side on all browsers.

Issues pop up occasionally when the OS gets upgraded, but they are bearable. https://brajeshwar.com/2024/i-block-ads/

Brave browser, Mullvad/Proton, uBlock Origin, Privacy Badger, AdBlock, Cookie Auto Delete

I run privacy badger. It doesn’t block ads, it blocks sites that seem to try and track you around the net. That suits my goals nicely.

My problem isn’t being shown an ad beside content I’m consuming, it’s being tracked.

I use:

* portmaster on any desktop - for better security and privacy

* tracker control on android - not technically written for ad blocking but it works for 90% of ads

* ublock origin + decentralzeyed + consent-o-matric and cookie flag on Firefox.

Pi-Hole is not a option, since I don't have one laying around.

Why not buy one?

For DNS-based on openwrt specifically: https://openwrt.org/docs/guide-user/services/ad-blocking

Try them out and see which one you prefer.

All these work similarly to pihole. If you choose an option that integrates with ipset, you can get slightly stronger than by blocking IPs associated with hostnames.

As others mentioned, it's good to couple with a client-side filter like uBlock origin.

Switched to Adguard a couple of months ago and have been very happy. Before that I mostly used UBO on Chrome together with consent-o-matic for cookie banners.

What I like about Adguard is that I can more freely switch between browsers without needing to take into account how well their builtin blocking works or if they still support Mv2. And just like with my choice to use 1password over self-hosting Bitwarden, I’ll gladly pay a bit more if it means not having to maintain yet another service.

I, not yet wanting particularly to extricate myself from Chrome, use Ublock Origin Lite. It works about as well as the original (although it's less good with paywalls and blocking individual site elements, by which I mean 'not good at all'.) If you can and don't already I would try to replace as much as you can with RSS (which is also really good with paywalls - I use feeder.co and it lets me get around the Atlantic's paywall. Its privacy policy is here: https://feeder.co/help/legal/privacy-policy/. It's hosted in Sweden, in the EU, for what that's worth.)

But as you might have figured out from my use of Chrome, I'm mostly ok with the fact that Google knows everything about me. So I'm probably not the best person to ask.

I use uBlock on Firefox on the desktop and don't really use my phone for browsing. I specifically bought as dumb of a TV as I could find. I also pay for services to avoid ads where I feel okay doing so. I pay for Netflix, for example, but don't pay for YouTube Premium because I have less of a history of fighting ads on Netflix than YouTube. I also avoid mainstream cable (have for 20+ years).

I live alone, though, which changes the equation somewhat.

Safari: Adblock, Hush (will stop the day any FOSS browser becomes closer to it in speed and resource usage; I doubt it as Safari literally comes baked with OS)

Firefox: uBlockOrigin, AdBlocker for YouTube, Adguard, Disconnect, DDG Privacy Essentials, Sponsor Block for YouTube, Unhook (Firefox is used very little, just because compared to Safari it is still sluggish on Mac)

On iPhone: tried NextDNS (and few more things) but result was such a mess that I stopped.

Desktop and phone: Firefox + uBlock.

Router is OPNsense with its own validating recursor, domain blacklist, and routing blackhole.

Phone runs a private VPN to my router when not on my home network.

Brave

Got a pihole a few years ago, works like a charm. The only annoyance is when you actually look for produces and nearly all links in google are dead due to ads.

My home wireless network uses two SSIDs. One uses Pihole as it's DNS server and the other just 8.8.8.8. That's handy when too many domains are getting blocked and you could just swap over and back.

Then i use Noscript in Firefox. I also have a VPN server setup whose DNS uses the same Pihole too.

Firefox + uBlock origin on the desktop and Safari + AdGuard (browser extension, not DNS) on iOS.

I also use the OISD (https://oisd.nl) blocklist for DNS level blocking with NextDNS. OISD prioritizes functionality over blocking, which is exactly the way I like it for DNS level blocking. Never had to manually whitelist anything.

Chrome with Ublock origin until June 2025, as "browsers using the ExtensionManifestV2Availability policy will be exempt from any browser changes until June 2025". Discussion on how to enable: https://news.ycombinator.com/item?id=41812638

Ublock origin on desktop browsers.

Pihole with the default ad list and additional ones to block some social media sites.

Then Pihole is configured to use Cloudflare 1.1.1.1 for families, and I use the adult+malware filter.

I’ve got WireGuard running on the pihole server to make this all available for mobile devices when out and about.

- Pi-Hole can run on OpenWRT if your router is powerful enough, on a Linux box, in a Docker container, and on a Synology. You don't need a Raspberry Pi to run it.

- Look at https://nextdns.io as an alternative.

- I use uBlock Origin and NextDNS at home.

I have PiHole running on a Raspberry Pi 4, along with a couple of home automation services. PiHole acts as my DNS and DHCP servers, and works GREAT! Plus, I'm able to manually block sites on a per-client basis (such as when my kids are on YouTube a bit too much)

For ad blocking on OpenWRT, you could try AdGuard Home

it’s pretty straightforward to set up and works out of the box. Also, if you’re building any sites yourself, something like GetProduct dev could be useful for subtle monetization with affiliate links instead of cluttering with ads.

Keeps things clean!

uBlock Origin in Chrome and Arc.

I don't like the idea of network level blocking because I have to disable my adblocker due to broken websites on a fairly regular basis, and disabling a network blocker is just too much hassle, especially when thinking about DNS results caching etc.

I feel sort of odd never having installed an ad blocker, but firefox must do some stuff also because a few websites still complain and tell me to turn it off, whatever "it" is. I'm pretty good with the youtube skip button does that count?

Using Lightening, Fulguris and Privacy Browser browsers on Android with the with the ad-block setting enabled and turning off JavaScript are my main methods.

Turning off JavaScript in browsers is magic, it works everywhere, PCs, Android, Windows, etc. It not only kills ads but almost all of the other garbage that website programmers do to deliberately annoy the hell out of web surfers.

JavaScript programmers take note: turning JS off makes the web sing, up goes the rendering speed, pages appear much, much faster, and all that jerkiness disappears, and most of the spying on users also disappears. Web pages often drop from 7 or 8MB per page to as low as several hundred kB—that's over a 20:1 reduction in download size! It's a magic solution.

Websites that won't render with JS turned off I simply bypass, as they say "there are plenty more fish in the sea" — many more webpages than I can ever hope to visit in a lifetime.

If only users knew the advantages of turning of JS many more would do it. Remember, JS is there to mostly benefit advertisers and website owners who want to spy on users—it's not to benefit you the user!

Despite what they say almost everything that can be done on the web can be done without JavaScript. Sorry JavaScript programmers and aficionados, it's just a fact.

Turning JS off is one of the few remaining defenses we have against you nasty advertisers and website owners.

Windows - Firefox with uBlock origin Android - Private DNS: adguard.adguard-dns.com

DNScrypt-proxy on openWRT + Unified blocklist text file is far superior than any of the alternatives in the comments.

It’s not an ”out of the box” solution. But when it’s set up you get encrypted DNS requests and network wide ad blocking.

All in a few megabytes.

OpenWRT, Adguard, Firefox strict, drop cookies, no-script or ublock origin.

I’m trying Quad9 on the upstream DNS but not very familiar with it. What y’all think?

I view these as security and telemetry blockers primarily, they happen to block a lot of ads too.

currently just firefox + ublock + a host of other extensions i've picked up over the years

i used to use pihole, and i'll totallyyyyy get around to setting my homelab back up soon ( and adguard home is also on my radar :3 )

I've got one of the Steven Black hosts files. Besides that I have Floorp set up with uBlock Origin and NoScript. On Brave, Edge, and Chrome I don't have anything special set up.

I have PiHole running on a cloud VM that’s a part of my Tailscale network, and I configure Tailscale to use it for DNS resolution so that everything in my network has access to it.

After piHole and AdGuard app in the router now my wide used solution that works it to override dns settings to adguard, works in maaany routers i have tested.

AdGuard DNS 94.140.14.14 94.140.15.15

Perhaps convoluted for average user, but for me it's on-demand VPN + proxy + DNS with heavy filtering on NS and proxy.

All my devices are connected to it all the time.

Works great with no issues for many years.

Firefox, ublock origin on desktop and on phone. Also AdAway on phone. They are usually pretty aggressive and can break things, so I don't use any network wide blockers.

In case you have an older webOS tv and don’t want to setup a home media server: https://rootmy.tv/

uBlock origin, or just avoiding the site if it doesn't work.

uBlock Origin with Firefox on desktops, DNS66 (was AdAway in the past but it started crashing) on Android, and I don't have any other devices.

Adguard on my iphone.

Firefox with Ublock Origin on my browser.

Youtube Premium family plan.

I tried pihole but it just caused way too many small hiccups that annoyed my family more.

uBlock Origin on Chrome. Which any day now will become uBlock Origin on Facebook.

DNS ad blocking doesn't work well anymore, too many sites block you if you use it. But I use NextDNS for my mobile devices anyway because there's nothing you can easily use that's better. Firefox does have an Android build that will load uBlock Origin but I am still using Chrome on my phone.

nextdns for whole network dns if you don't want to host yourself. if you feel like hosting, there is pihole and adguard home.

Either ublock origin with all filter lists checked

Ghostery with ad-blocking, anti-tracking and Never Consent enabled with Fanboy's Annoyance List added to custom filters

Mullvad DNS

https://mullvad.net/en/help/dns-over-https-and-dns-over-tls

I use PiHole along with YogaDns which is a great little windows app for managing your dns config.

Firefox with uBlock Origin, Privacy Badger, I still don't care about cookies and NextDNS.

I have GL-inet brume 2 which runs in drop in gateway mode alongside my main router, and on it I have AdGuard home

1. Fallback Adblock DNS Server (root)

2. pi-hole

3. Firefox with ublock origin

4. wireguard VPN

Ads pay for much of the content we consume or services we use, my policy is to give a site a chance to show that they run ads in a respectful way- that is, ads don’t interfere with the user experience. If they abuse ads, then I block them, otherwise you’re basically stealing content.

It sounds like a small network with no need to block outbound 53.

Nextdns.io for out-of-the-box if you can’t run pi-hole.

I don’t use an ad blocker on any device.

Despite claims to the contrary by people here on HN, it’s fine.

Just a browser adblocker extension but I intend to set up Pi-Hole soon.

Iridium browser with Ublock Origin on my Mac and Wipr with Safari on my phone.

pfBlockerNG on pfSense does industry-standard DNSBL and IP filtering. That'd be an entirely separate alternative to what you just set up though, and quite a bit more complex.

Orion browser with native ad-blocking does the job for me.

ublock origin in my browsers, Adguard home in my OpenWRT router, setup to block various chinese cloud providers, facebook and other unwanted 'malware'.

U block + zen (firefox fork basically)

really love this combo

On android brave browser

At home Pihole, on mobile Firefox + uBlock Origin

Don't waste your time with dns adblocking.

If you are serious about network side blocking do tls interception (lmao) but that is a lot of maintenance, adds other attack surface and the average openwrt device isn't beefy enough for such things.

Firefox and Ublock Origin against ads.

There is cooler stuff for Openwrt. Mesh nets between friends, to share internal services. Just tinkering with and learning about network stuff. Adding ipv6 to tunnel if isp doesn't support. Having Wifi whose autochannel doesn't suck.

Dual Antennas -> Sword fighting. Only fun with multiple devices and dabbling with mesh mode or throughput maxing. In ax dual channel 40mhz +160mhz bandwidth the throughput is faster than some cables.

A combination of Pi-Hole and Tailscale https://dancocos.com/2024/10/20/Tailscale-and-Pi-hole-ad-blo...

tl;dr * It works across all devices (will block ads on the DNS level when using your phone on the cell network you usually cannot set the DNS servers in this case) * To disable ads for minutes just disconnect from TS or deselect "Use TS DNS."

Brave web-browser

a docker of pihole on laptop, adaway on rooted android phone.

Ive got enough "mental fortitude" not to really care that much about ads.

hosts file is a really nice global block

Firefox + ABP

Safari + Ka-Block! + Vinegar

Brave and Controld.

uBlock Origin

Qubes OS

Mullvad Browser

Tor Browser

OpenWRT router uplinks to [insert VPN provider] automatically

NewPipe

Kodi

BitTorrent

I don't. I pay for premium services which I use often (YouTube and YouTube music mainly) and am okay with free sites funding themselves by showing me ads