The web is increasingly funded by garbage & bloat that comes packaged along with the content you want to see. I happily pay for online services (Spotify, Soundcloud, Evernote, etc) but many services, like Facebook or random news sites don’t offer this. Nor do I want to subscribe to every news website - my friend sent me a random link to click on, I don’t want a lifetime subscription.
It’s not just about seeing annoying ads, it’s about privacy (being tracked by ad networks), page load time (have you tried loading CNET.com lately???), safety (malware), and for mobile clients, minimzing data usage. Thus, Adblockers have started to become more mainstream.
But what about native apps? Or using my iPhone / Android?
Now you can even do that.
Pihole is a nice way to set up a homegrown server on a Raspberry Pi that filters every web request you make - even on smartphones, iPads - anything on your Wifi network.
Here’s the dead simple instructions. From start to finish this took me less than an hour.
Setting up Headless (no Monitor) Pihole
You can set up a headless Pihole with just a Raspberry Pi, a power cable that comes with it, your laptop, and an SD card. No need for mouse, keyboard, or monitor.
- Order a Raspberry Pi. I like the 3B since it has decent storage + Wifi. It was $27.
- You have to load an operating system (OS) image (from here) onto SD card. The Pi can’t boot without an SD card with a boot image on it. I choose
RASPBIAN STRETCH LITE.
- Download the ZIP of the OS image.
- Install Etcher.
- Feed ZIP into Etcher and burn image onto SD card.
- Reload the SD card onto your computer - should be called “boot”.
- Execute the following in the terminal:
$ cd /Volume/boot $ touch ssh # this enables SSH on startup $ cd ..
- Eject the SD card, put it into the Pi.
- It should use this boot image, boot OS, and start the SSH server.
- Install nmap:
$ brew install nmap
- Find local IP in Mac OS X:
System Preference > Network, should be like
- Find devices connected to the same Wifi network:
$ nmap -sn 10.0.0.0/24 # scan ports for 10.0.0.xxx where xxx is 1 - 255 Nmap scan report for 10.0.0.1 Host is up (0.023s latency). Nmap scan report for 10.0.0.92 Host is up (0.017s latency). Nmap scan report for 10.0.0.142 Host is up (0.056s latency). Nmap scan report for 10.0.0.150 Host is up (0.00030s latency). Nmap scan report for 10.0.0.241 Host is up (0.020s latency). Nmap scan report for 10.0.0.254 Host is up (0.019s latency). Nmap done: 256 IP addresses (6 hosts up) scanned in 2.57 seconds
- For each IP address, try the following:
$ ssh pi@<ip-address-here>
- Eventually, you’ll see the following:
The authenticity of host '10.0.0.92 (10.0.0.92)' can't be established. ECDSA key fingerprint is SHA256:JWu8wZKPNVN/oqeBWZCQT7/h62+a67euoa3HFaJeizM. Are you sure you want to continue connecting (yes/no)?
- Type ‘yes’, type the password ‘raspberry’, and you’re in.
$ uname -a Linux raspberrypi 4.14.79-v7+ #1159 SMP Sun Nov 4 11:50:20 GMT 2018 armv7l GNU/Linux
- To set locale, timezone, Wifi SSID + password (if Wifi enabled Pi):
$ sudo raspi-config
- Then change the password:
- Then run PiHole installer:
curl -sSL https://install.pi-hole.net | bash.
- Choose a static IP address, remember this.
- Mostly can just stick with the defaults
- Restart the Pi to take that
- SSH back into the Pi with:
- We confirmed that Pihole is running. Great.
- Go to your iPhone and go to your Wifi network (same network Pi is running on or plugged into modem/router)
- Change DNS setting to first use your Pihole’s static IP
- I’d also recommend removing Comcast or
insert-other-shitty-ISP’s DNS server as well
- If you’re worried about the Pi going offline or whatever, stick
22.214.171.124(Google’s DNS servers) at the end of the list
- If you’re even more privacy conscious, look up OpenDNS and use their DNS server IP addresses
- I’d also recommend removing Comcast or
- Now you’re good to go! Try visiting CNET.com on your iPhone browser and watch the blissful speed you get and lack of ads as you scroll down.
Visit it at
Here you can manage blocklists, see how much blocking is going on, and even watch logs to see requests come through in realtime.
Or even the top blocked tracking domains:
After using for a couple hours I was shocked - around 30% of all requests made on my iPhone were adservers, trackers, and/or malware.
Setting up passwordless SSH
It’s annoying to log into the Pi all the time without this. To add SSH passwordless login:
$ ssh-copy-id -i ~/.ssh/id_rsa.pub firstname.lastname@example.org
And add to
Host pihole Hostname 10.0.0.10 User pi
Now you should be able to do:
$ ssh pihole
Blocklists are located at:
/etc/pihole/adlists.list. To change the lists:
$ sudo nano /etc/pihole/adlists.list
Comment out with # any you don’t want, or add more. Then to reload the blocklists:
$ pihole -g
To see what is being blocked in realtime:
$ pihole -t # same as: tail -f /var/log/pihole.log
For example, in the first 100 ms when opening Messenger (blocked ones are with