I have a question regarding server site tracking. Since I used to use the so-called eBlocker, I still receive information about upcoming updates etc..
In the last info it was claimed that the eBlocker can protect against server site tracking through advanced pattern recognition (pattern blocker), but the Pi-hole or the Ad-Guard cannot.
Is this the case, or if so, is such a function being considered, or is this not actually a function of Pi-hole?
Perhaps someone has information on this.
Many thanks in advance!
I have no idea what an eblocker would be, or what that 'advanced pattern blocking' marketing mumble would refer to.
Regardless, server-side tracking usually refers to some HTML resources served by webservers via HTTP(S).
As any filtering DNS resolver, Pi-hole never sees any HTTP(S) traffic - it only ever receives DNS requests.
That said, Pi-hole can block known tracking servers, by blocking their respective domains from being resolved, as long as they appear on a blocklist that Pi-hole has been configured to use.
Of course, if such a tracking domain would also deliver actual contents, then that would also be blocked, i.e. you wouldn't be able to access it.
They are using DNS blocklists (similar to Pi-hole) and do Deep Packet Inspection through SSL Bumping or SSL Man-in-the-Middle techniques. Plus it is possible to tunnel outgoing traffic via VPN.
For DPI you have to install a certificate in each and every browser. All applications without the chance to install a certificate are just blocked with DNS blocklists.
Sorry, maybe I should have added a link right away.
This is exactly the German project I'm talking about!
I'm not an expert on the exact processes, and it wasn't meant to be a criticism,
but just a question in this regard, as it was explicitly emphasized in the info mail.
The approaches of Pi-hole and eBlocker are probably somewhat different.
Ah, I think I remember now: That used to be a startup selling ready-to-use boxes - they seem out of business, but have open sourced their software.
I think I've written a longer piece on the differences some years past.
The main one is that eBlocker works as a gateway/router, analysing all your network's traffic instead of a DNS filter like Pi-hole just filtering DNS (which is but a fraction of overall traffic). This also requires much beefier hardware than Pi-hole, preferable with two network ports, so you wouldn't halve available bandwith.
Comparing both approaches is a bit like comparing a bookshop with a supermarket where you also can buy some books. There are perfectly valid reasons for visiting one or the other, or both.
When comparing only DNS, last time I checked eblocker was missing some books (to stick with the analogy), e.g. it couldn't block CNAME cloaking.
Also, listening on HTTPS traffic isn't trivial, and requires client side configuration to accept eblocker's forged certificates, and may break even then when certificate pinning is in use, and I recall them using ARP spoofing to transparently introduce their services into your network (or rather, tried to infiltrate it), which is bound to fail in presence of more complex configurations involving additional network equipment.
But if your intention is to filter your entire traffic, go ahead and add an eblocker device to your network.
I'd probably still prefer to have Pi-hole handle DNS, though I don't know if eblocker could be configured to use it instead of its built-in resolver.
Thank you very much for the detailed answer. Now I realize, that pi-hole and eBlocker are like apples and oranges, so they are not directly comparable.