A couple of days ago, my friend Luca (@lucavgobbi) told me about PiHole: A Network-wide Ad Blocking. Even better, let me copy the official description from their GitHub repo:
The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content, without installing any client-side software.
Easy-to-install: our versatile installer walks you through the process, and takes less than ten minutes
Resolute: content is blocked in non-browser locations, such as ad-laden mobile apps and smart TVs
Responsive: seamlessly speeds up the feel of everyday browsing by caching DNS queries
Lightweight: runs smoothly with minimal hardware and software requirements
Robust: a command line interface that is quality assured for interoperability
Insightful: a beautiful responsive Web Interface dashboard to view and control your Pi-hole
Versatile: can optionally function as a DHCP server, ensuring all your devices are protected automatically
Scalable: capable of handling hundreds of millions of queries when installed on server-grade hardware
Modern: blocks ads over both IPv4 and IPv6
Free: open source software which helps ensure you are the sole person in control of your privacy
I setup this in an extra Raspberry Pi 3 that I have at home, and keep it running for the last couple of days. I was in shock when I realized that aprox 30% of my internet traffic is … not so good.
One of the cool features of PiHole, os that you can work with their logs. So I decided to apply some very powerful Machine Learning algorithms to detects anomalies and strange behaviors.
In the meantime, I decided to read the logs, and make some filters just using Excel. And I found a lot of very strange urls. Today I’ll share some of the Microsoft ones.
So, in example, do you know what does this set of urls have in common?
They are all Microsoft endpoints ! It seems that Windows 10 is sending a lot of diagnostic and other type of data. Lucky for us, most of this endpoints are well explained for each one of the Windows 10 versions. So, in example, I don’t use a lot of UWP apps, and it seems to me that the localization service does not need to send a lot of information, from a FIXED PC.
I decided to add some of this domains to the blacklist of domains and so far, so good. Windows is still working amazing, I enabled some of the urls so I can use also Visual Studio and Azure DevOps, and my user experience is still the same (with 30% less of traffic!)
So, I may want to also write about some domains I found other chatty devices uses like my Amazon Alexa, my Roku, and more … maybe in the next post! And kudos to the PiHole team!
Greetings @ Burlington
- PiHole, https://pi-hole.net/
- GitHub, https://github.com/pi-hole/pi-hole
- Manage connection endpoints for Windows 10, version 1809, https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1809-endpoints