Just for the sake of argument - to block trackers that are built into other software, eg. chat clients and some such.

Pi-hole already does that. You can run pi-hole on your local OS with Docker. It's 5 minutes to install.

Aside from competition being a good thing, Docker itself introduces attack vectors.

Surely not more so than curling scripts from the web and executing them as root, which is the exact install procedure described for this program.

IMHO, it's way easier to check the script content before sudoing and validate its security than validate the Docker ecosystem.

I mean, ok. But you're allowing a chat client to run code on your PC... in the case I saw it was sudo. You can do a shitload more with sudo than you can with a browser extension.

I still don't get it.

> I still don't get it.

Think of it like a DNS-layer firewall. Plenty ways to get circumvent it, but works wonderfully, nonetheless.

> in the case I saw it was sudo

This isn't an all-in-one security product. Just one way to firewall trackers, ads, and whatever else one wants.

Software that's not running in a web browser but on a machine where you can install a local DNS proxy.

It's not a broad use case but it's also really cheap to do and doesn't have a lot of maintenance cost.

Chrome, for example, has banned some adblockers. Makes sense to me.

Out of curiosity which ones and is there a common pattern in their blockage philosophy?

They banned the best one in my opinion https://adnauseam.io/ Blocks ads and helps poison the data they have collected on you

> Who is this for, what's the point?

People who want to learn and/or want something simple. This version is super simple with the whole application being a ~150 line shell script. This makes it very easy to understand and adapt.

Eg. I have a file-server that runs our DHCP and DNS. I've looked into using Pi-hole's setup on it before and it just wasn't worth the trouble due to mismatches between their setup and mine. OTOH this version is very easy to understand and tweak to my needs (eg. using unbound vs. dnsmasq).

If it functions like pihole, one benefit is blocking ads in ad-supported software outside the browser.

A lot of websites (news sites especially) detect in-browser ad blockers and urge users to whitelist the site before continuing to read the article.

This is a good workaround for that use case.

No, the websites detect that a resource wasn't loaded which triggers the annoying stuff. This happens with a pihole, adblocker, maza, or plain ol' hosts file. Ad blockers aren't magic.

In fact it's a good argument for using in-browser adblockers, since in-browser adblockers are capable of blocking such nag screens whereas DNS-based ones are not

Agrees. Also, in-browser adblockers can do much more than a DNS-based adblocker. Such as removing dom element, injecting css to fix websites...

This is also easily detectable.