Does pi-hole have the potential to filtering deeper than DNS to potentially block youtube adds like privaxy does?
It does not. Pihole blocks on ads on a domain level only.
Currently, yes. I should have clarified my original post with different wording. When I asked does pi-hole have the potential, I should have asked, "is there any active development to expand the current blocking beyond domain level, like what privaxy offers, or is that completely out of scope of this project?"
It would be out of scope. I believe its been asked before so you may find some more detailed answers in past posts.
Pi-hole is a filtering DNS forwarder.
As such, it sees DNS traffic only. It does not deal with HTTP/HTTPS at all (and neither does dnsmasq, which pihole-FTL is based on).
Privaxy seems to be an HTTP(S) proxy of sorts, so it would be able to block on all elements of an HTTP(S) request, including domains.
DNS requests have to be issued prior to HTTP(S), so if you would use both, Privaxy would never see HTTP(S) requests for URLs containing domains that are already blocked by Pi-hole, as the client would never send them.
You'd need beefier hardware to run such a proxy, especially if that would try to decrypt HTTPS requests, which account for the vast majority of requests.
You'd also need to forge a certificate to do so, which is similar to a MITM attack on your connections (and that is the primary reason why Pi-hole does not provide a blocking page ever since HTTPS was significantly more used than HTTP).
Also, software clients nowadays are more likely to detect that certificates have been tampered with, e.g. when certificate pinning is in use. Such a client would refuse to connect to those HTTPS sites, effectively rendering the proxy futile for that client's HTTPS traffic.
2 Likes
Thanks for the detailed reply 
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.