This is straightforward with browser addons like uBlock Origin where you can add and choose blocklists, but I did searches for doing so system wide and using a VPN but didn’t find clear answers. I could use a DNS service that provides blocklists but isn’t it best practice to leave DNS to the VPN provider? I looked up blocklists and VPNs but didn’t find relevant results.
On Android, I didn’t find any apps that let you filter blocklists and using your own VPN other than Rethink, but the blocklists feature requires using Rethink’s DNS.
So what’s the best way to filter ads and trackers on both 3rd party apps and on OS’s like Android (specific Samsung phones) while still using a VPN?
The DNS config is really a totally separate piece from your Honeypot. Sorry, I mean your vpn.
You can use whatever DNS service you wish, or better yet set up your own with pihole or zenarmor or something like that.
You could set up a PiHole on your local network, and have the VPN’s DNS be secondary.
Wouldn’t that still leak your DNS? I guess that’s not a big deal if you don’t care about timing correlation attacks.
Why would it? The PiHole would be on your local network, so it would never need to go past your router. So the request itself would be private, what matters is what you do with the response. Theoretically, the PiHole would only give responses for things it’ll block (usually directing it to localhost or something), and have no response for everything else (check your configs).
So if you get a response from the PiHole, you route the request locally, which does nothing. If you don’t get one, you’ll check the secondary DNS, which is provided by the VPN service.
You should certainly confirm this before completely trusting it, but it should work fine.
Adguard can work with adguard VPN to provide adblocking through the VPN. This applies to Android and Windows, and maybe even iOS versions.
With other VPNs, I’ve used some with their own adblocker, but they aren’t nearly as good at filtering.
Essentially, you outsource the blocking to your VPN server in that scenario. You can have a blocklist of advertisers, trackers, or bad-behaviour like SSH/HTTPS scans, etc. You would generally download a list of misbehaving netblocks and block them on your firewall, then download a list of known-bad domain names, and block them from being resolved by DNS (i.e. just return 127.0.0.1, which is your local device, which always fails)
deleted by creator