Privacy? Why bother?

As you know, google guys shared their findings about a trillion dollar company that their tracking protection ... well ... sucks and they can work around it!!

So, I'm just wondering those of us who avoid google altogether and use DDG and or other so-called privacy-first search engines and some people like myself who has been banging my head to understand why I cannot get Unbound to work (see my other posts if curious!!) and so much more -- to protect ourselves because then they wouldn't know where we came from or where we go next etc etc etc!!

But, why bother?!!

I guess the only way to protect our privacy is stop using the Internet and perhaps move to North Pole!!

OK, I'm done mumbling!!

This is rich, coming from Google researchers. Their company makes the vast majority of it's revenue from advertising, and the engine that drives the dollars is data, and the data comes from users of their products and services and websites.

Exactly!

And, instead of keeping it to themselves and do their usual ‘things’, they decided to brag about it and show the world that 1) Apple is dumb and 2) nothing can stop them from tracking people!!

Google and its Alphabet mother company have demonstrated in the past, over and over, that they will protect the advertising core of their business by all means.

They do so by applying a sophisticated embrace, extend and extinguish strategy.
They provide quite useful technology to end users, usually without a price tag, in exchange for unrestrained collection of private data that they monetarize unscrupulously to their business customers..

While the public obviously benefits from this in many ways, looking at the hefty profits Alphabet accumulates (32 billions in 2019), I wonder who indeed got the better end of this deal?

Naturally, this makes them discern ad blocking facilties as a threat to their business model:

New and existing technologies could affect our ability to customize ads and/or could block ads online, which would harm our business.

Technologies have been developed to make customizable ads more difficult or to block the display of ads altogether and some providers of online services have integrated technologies that could potentially impair the core functionality of third-party digital advertising. Most of our Google revenues are derived from fees paid to us in connection with the display of ads online. As a result, such technologies and tools could adversely affect our operating results.

This is cited from their 2018 official annual report to the US SEC, page 17.

In light of this statement, their late 2018 announcement for changing Chromium's API into a more restrictive mode that quite possibly limits and even cripples adblocking browser extensions, along with banning of popular adblocking extensions (if temporarily only), gain another quality (read more about this here , here, here and here).

It is comforting to know that they cannot control or influence Pi-hole in the same way as browser extensions for Chrome.

Yet, I feel uneasy about their recent push for browser-initiated DoH. I sometimes fantasize them making DoH the default in Chrome and then removing any options to change it after a while - all in our best interest to protect our privacy from unrelated third parties (which their paying customers do not get classified as).

But that would just be me being paranoid, wouldn't it?

1 Like

Just reporting this, NOT sure what happened.
Yesterday, I was working all day on beta5 list performance, regularly shutting down my pihole, thus no DNS resolution during that time (no problem, expected).
Since rewriting my SD card (etcher) requires about 30 minutes, I was not suprised to see the windows 7 (can use dns but cannot connect to internet / firewall) and windows 10 icons (internet connectivity) change (no connection)
By now, we all know this is triggered by a DNS query (www.msftncsi.com msftncsi.com ipv6.msftncsi.com), not resolved -> no internet connection.

I was (am) really concerned when after some 20 minutes of pihole downtime, the windows 10 icon changed back to 'internet access'. This would indicate windows 10 also has some way to resolve DNS, even if the system configured DNS server(s) are down.

No explanation for this yet, but very alarmed. Can windows 10 bypass pihole?

Yes, it can - if you are employing IPv6.
Or rather, to be more precise, any IPv6 capable device can.

The reason lies with one of IPv6's core features: auto-configuration.

An IPv6 device will try to integrate itself in a network autonomously, calculating its IPv6 addresses on its own, as opposed to receiving them via DHCP, as is common for IPv4.

As such, a device will consider any information issued by network authority devices like gateways or routers, but at its own discretion.
Also, though Stateful DHCPv6 (about equivalent to classic DHCP) is available, it is the device's (or rather, its OS's) choice to subject itself to that procedure or to use Stateless DHCPv6 or SLAAC for network integration instead. While Android employs solely the latter, Windows clients until recently preferred the former.

This behaviour is one of the most common reasons why smartphones often showing ads while other devices on the network don't.

In your case, your IPv6 Windows client observed a failure to contact its assigned local DNS server and may thus have tried to negotiate a different DNS server with your ISP via IPv6. You should be able to verify this by taking a look at your Windows client's ipconfig.

(Forgive me if you were already aware of this and have reason to suspect a totally different cause)

Windows 10 is running IPv6, so your explanation appears to be correct, however, as I noticed the internet access sttus, I immediately ran ipconfig/all, the DNS server was NOT changed, e.g. pihole IP address.

That's strange. If this would indeed apply to your IPv6 address DNS server (which I find harder to read than IPv4, though the prefix is the give-away here), you may be on to something different.

Not sure whether I would be able to come up with further advice (I don't run Win10), but if this continues to bother you, it'd probably warrant a separate topic.

I'm using pfsense, track interface' to get IPv6 addresses for my devices, which means, simply said (not the correct technical terms), I get assigned a range on my WAN, pfsense assigns an IPv6 address from that range to clients.

I doubt it is assigning IPv6 addresses.

I do not know pfsense, but my guess would be that 'Track Interface' is their own term to subsume SLAAC and/or Stateless DHCPv6 (as opposed to Stateful DHCPv6), offering PD and RA to its clients. Clients are taking up the delegated prefix and may pick a gateway from the range of advertised routers they have received, but they would still calculate their interface identifiers on their own.

Not sure how this relates to your original question, which in turn makes me feel this discussion is moving a further bit away from its original intent :wink:

This can be easily remedied by running a second Pi-Hole in parallel.

Paranoid you are not!!

Google and other usual suspects have made mess out of Internet.

I’ve been forced to use Cloudflare DoH for now because somehow Unbound prevents me to access and use certain Apple related services - like App Store, iPhone & Apple Watch app syncing and things like that.

Those issues still not 100% resolved as I still see the infamous error “iTunes Store is unable to process purchases at this time ...” but with Unbound it was impossible to pass that error!!

I tried to figure out how to fix it for over 4 months - no luck!!

Have you compared the IP returned by unbound with the IP returned from another DNS service? If unbound (which is not location aware) is getting IP's from different nameservers, they may be different. You can always get the "best" IP for each domain and map that in /etc/hosts, and then you would get the IP you want without a third party lookup.

1 Like

Thanks @jfb.
I forgot to do that. I know you mentioned it in another thread but I missed it. I’ll try to try it this weekend, It’s a nasty weekend and nothing better to do!!

This can be easily remedied by running a second Pi-Hole in parallel.

On the same RPI or on another?
I guess you suggest to use an old RPI laying around somewhere.

Unless you are using containers, you can only run one Pi-Hole instance on a single Pi.

Either this or buy a new Zero W, which is inexpensive and draws little electricity.

The advantage to having independent host platforms is that if either platform has a problem, the other Pi-Hole instance is unaffected.

Another option, if you have a server that is on 24/7 - install Pi-Hole on that server.