tl;dr: Cut out Cloudfare’s recursive resolver (or anyone else’s) and run your own via PiHole and Unbound.
Tell me you didn't read the article without telling me you didn't read the article. Let me point out the relevant part for you:
"A recursive resolver (also known as a DNS recursor) is the first stop in a DNS query. The recursive resolver acts as a middleman between a client and a DNS nameserver. After receiving a DNS query from a web client, a recursive resolver will either respond with cached data, or send a request to a root nameserver, [...]"
See that last part with "or send a request to a root nameserver"? That is the DNS server on the internet your Unbound DNS server will ask if it doesn't have the answer cached for you already.
Umm, Unbound is on your machine. So you’re saying you are your own middle man lol…
Exactly! Since the Unbound DNS server is your server you created your middle man server yourself. "middle man" has a very negative taste but in this case it really isn't bad at all.
It asks the authoritative nameservers, which is who external DNS servers ask. By using Unbound, you are cutting out those external DNS servers, because you/Unbound is the DNS server. You are asking the authoritative name server directly instead of inserting someone else to ask on your behalf.
Okay, so you get it but you don't get it fully. Again: Your Unbound DNS server can't magically know which IPs are behind a domain name. So what does it do? It asks a DNS server on the internet because they know the answer. When you Unbound DNS server got the answer it then tells your computer.
Unbound (your machine) is asking the DNS nameserver.
YES! And where do you think is the DNS server Unbound asks if it doesn't know the answer because it's not cached yet? It's some server on the internet.
You’re saying you are your own middleman lol.
I said you create your own middle man. Unbound is your middle man in this case because you make it look up the IPs behind the domains and it tells your computer these IPs then.
Instead of:
<Client> --> asks --> <DNS server on the internet> --> answers --> <Client>
You do:
<Client> --> asks --> <Unbound DNS (the middle man)> --> asks --> <DNS server on the internet> --> answers --> <Unbound DNS (the middle man)> --> answers --> <Client>
Let me say it again: Your Unbound DNS server being the middle man isn't a bad thing so please don't think "middle man" is always a negative term.
I’m saying cut out Cloudfare’s recursive resolver and run your own via PiHole and Unbound.
I just linked Cloudflare's article about it because they explain it well. Doesn't mean one must use Cloudflare's DNS servers.
Did you read the article I linked?
Yes, I did. But I knew what a recursive resolver is before I checked the link because I'm a professional IT administrator and I know how DNS works. It's part of my job.
The question still remains because what upstream DNS server in Pi-hole will you use? You'll always need to use a DNS server on the internet unless you use hyperlocal.
Anyway, sorry for not reading all of that, but I'll make it short and stop discussing because I feel like this is leading nowhere.
Unless you're using hyperlocal and cover all TLDs and wanna browse the internet there's technically no way around but to use an online DNS server. So coming back to the privacy aspect of this topic the question is: Which one do you trust?
True. I recommend a DNS based adblocker like Pi-hole and an extra adblocker like uBO in your browser. If you can't access a website you'll immediately know who is the culprit blocking the site you're trying to access.
I did that a while ago but always ran in timeouts for some search engines (varied from time to time). Also the order of search results is often completely fucked up. And sometimes I search for something and got something completely different. For example I searched for something like "open source software" and the search results were filled with porn lol.
Also what's bad about self hosting this in your home network is that your SearXNG instance does the searches from your home network of course. That means all the searches to all the selected search engines like Google, Bing etc. are made from your IP which is counterproductive when it's privacy you're trying to achieve.
Dunno. That would mean websites would know what filter lists inside an adblocker browser addon you use, which I can't imagine tbh. But I'd say it's a gamble. With more block lists you can achieve more privacy but maybe (if privacybro is right) fingerprinting you is easier. You decide what is the right choice to make here.
Sadly Plex collects some data about its users. I remember opting out of some telemetry stuff but I can't remember where that was. If you want a self-hosted streaming service like Plex that completely respects your privacy, Jellyfin is what you're looking for. I tried it and it's okay but not as good as Plex imo. But if your main focus is privacy then you should definitely check it out. It's FOSS.
Edit:
I found where I had to opt out some data collection for Plex. Open this site, scroll halfway down the page. You'lle see two checkboxes for "Send playback data to Plex" and "Advertising Consent".
Blocking app access to the internet
Question for the group on a problem I’m trying to solve: How can I block internet access for some apps on standard, OOTB Android?...
deleted_by_author
Multiple Adblockers in a row - does it make sense or is it even harmful?
Hi, I was wondering, is it useful to use multiple adblockers in a row?...
deleted_by_author
What custom uBO filter lists do you use? (kbin.social)
Title says it all. Do you use custom filter lists in uBO? If yes: Which ones?...
I learned about startpage recently. (www.startpage.com)
Heard some sketchy stuff about duckduckgo recently, found out about start page.many users?
What is your favorite cybersecurity tool and why? (discuss.tchncs.de)