Youtube ads getting through Pihole / Any advances in 100% blocking without also blocking Youtube videos?

I tried searching for help on the forums regarding Youtube ads still getting through PiHole but the last ones seemed several years old. I'm currently in a battle to block adverts without then blocking the video I want to watch. I'm blacklisting the domains that start with R then a number from google but as mentioned in another thread it seems that the adverts and videos are piped from the same source, so either I get adverts and the video, or I get the first few seconds of the video then the perpetual loading notification

I'm expecting that my pihole should be able to identify the adverts and drop them off, or filtering unexpected extra connections, since there's always a pair of requests in the query log that are veeeery subtly different. I've black and white listed as I've gone along and it seems like it alternates between the addresses feeding videos or adverts (sometimes I even get the adverts but not the video / only the first 5 seconds of the video). Are there recommendations for additional settings/setup to sort this at all?

  • Running PiHole (latest) on RaspPi 4 8gb, no additional bits, User is also running n00bOS in relation to RaspPi and Pihole.


Youtube ads getting through Pihole

This is normal and expected.

Pi-hole only sees DNS requests for domains (in this case, the Youtube domain).
Pi-hole can completely block the domain, or allow the domain. There is no third option.

In addition to the comments by rdwebdesign, a few more thoughts:

  1. Pi-hole cannot reliably block YT ads, since the ads are served from the same domains as the content.

  2. Browser based adblockers (i.e. uBlock Origin) can block YT ads, but you have to be watching YT on a browser with that extension installed.

  3. The most reliable method of blocking YT ads is a subscription to YT Premium. This subscription applies at your account level, and will not show ads on any device that is logged into your account.

Ahh, thanks everyone. Apologies for the delay in reply (real life stuff being more front and centre to online). It's dissappointing that this is the case as it was the original reason I schlepped to Cambridge in person to get a RasPii. Still, it's a nice little device and I'm having fun with it so it's not wasted.

On the second point of JFB's post, how come a web browser extentsion is able to filter the adverts but PiHole not? Is there something I can read about to give me a head start before trying something already attempted and failed? Is it to do with languages used that a browser can utilise that PiHole would find too intensive scanning each connection maybe?

That's commitment!

It's as mentioned – Pi-hole allows or blocks domains. It's very common for organisations to use dedicated domains for hosting adverts, tracking, reporting, monitoring, etc. Pi-hole can block those because it can block those domains. Youtube serves its adverts and videos from the same domains so Pi-hole can only block both or neither. It's nothing to do with Pi-hole finding it too intensive or anything like that.

uBlock Origin sits in the browser as an extension and can see the data at the consumption level, if you want to call it that. So it can make a determination about what is content data and what is advert data, and block the latter.

1 Like

Ahhhh, I get you now! PiHole basically isn't looking at the content, just where it's coming from. This is probably a very silly question but I'll ask anyway, is there something that could filter like this that sits on a network and possibly could be installed on something like a RasPii if specific incoming traffic was flagged for it? Or even is there something else entirely?

I've fallen down the rabbit (pi)hole now and this is fascinating to me (belligerency aside)! :smiley:

Given most content is served via secure connections from the sever to the requesting client, no. You are looking for a 'man-in-the-middle' approach (attack) which violates all manner of security.

Your browser (or device) makes an HTTPS request for content, only it can decrypt and inspect. Browser plugins operate AFTER the decryption takes place and inspect the content and modify it.

Even if such a thing could be done (decrypt and modify 'in transit') signatures would change on the payload and likely the device would balk and fail to process the content.


Maybe but I think it would be quite specialised. The data between your browser and Youtube is encrypted (the https bit) so devices on the network cannot "see" videos or adverts or anything else. It would need to be some kind of proxy which acts as the endpoint for the data, and then something on there that filters out the adverts and presents the non-advert stream to your browser. Your devices would need to have special certificates installed to allow something like that to work.

It might be something you see in a corporate environment but then I guess they're liable for using Youtube that way, so they are instead going to either just block Youtube entirely (which Pi-hole can do) or else subscribe to an ad-free service at the corporate level.

@tomporter518 says it well there, the browser really is the best place for it, since the data gets to you and is decrypted, and now something like uBlock Origin can have at it.

Pi-hole is still worth keeping on your Pi, you'll see just how much stuff is being blocked.

1 Like

Thank you both! Yes my PiHole is earning it's keep in blocked nonsense and it's still great fun to play with and learn stuff. It was just a bit of a hit discovering it can't do the thing I originally got it for no fault of its own.

It is indeed and your hard-won Pi can do even more. Here's a couple of future tweaks you can try.

Install your own DNS server using a package called Unbound. Instead of using an external DNS server like Google you'll be using your own DNS server right there alongside Pi-hole. This gives you more privacy because you're not sending your lookups to a third-party. It's really easy to set up and there's an official guide to guide you through it. Just go through it methodically step by step.

Install your own VPN using a package called WireGuard. That will let you send your DNS traffic through your Pi-hole securely even when you're away from home on 4G or another wifi, so you get filtering everywhere. There's an official guide for this one too.

1 Like

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.