Seven free blocking filters for ads
Ads Subtracted
Some websites overdo advertisements, piling on pop-ups, video snippets, and product placements in your browser. If the editorial content only appears as an afterthought, it's time to filter out the ads.
An ad filter can be applied to each individual device or make the ad invisible for all clients on a network at a central location. In this article, I compare ad blockers that run on the router or on a device on the network, in which case, the terminal devices do not require any additional software.
Requirements
The ideal setup would have an ad blocker running on low-cost hardware or directly on the existing router, and I would like to be able to make changes to the blacklists if the software filters out too much (or too little).
The ad filter must function in the local language. Even the best software is useless if it does not recognize regional advertising. Finally, I want the ad blocker to prevent access to websites with dubious content or adult entertainment, where applicable.
Candidates
The test candidates come in the form of add-ons for an existing (router) operating system or as additional hardware. Pi-hole, the best-known candidate, has to face the challenger AdGuard Home and the outsider eBlocker. pfBlockerNG, Unbound-Plus, and Adblock join the fray for networks with pfSense, OPNsense, and OpenWrt, respectively. The NxFilter DNS appliance rounds out the list.
All candidates in Table 1 are free of charge and use free blacklists. If no suitable hardware is available on the local network, costs are incurred for a small-board computer (SBC) such as a Raspberry Pi.
Table 1
Ad Filters
Software | Adblock | AdGuard Home | eBlocker | NxFilter | pfBlockerNG | Pi-hole | Unbound-Plus |
---|---|---|---|---|---|---|---|
Examined Version | 3.8.15-1 | 0.102.0 | 02.04.05 | 04.03.06 | 2.1.4_21 | 5.0 | 0.5 |
Origin | Germany | Russia | Germany | Korea | USA/Canada | USA | Austria/Czech Republic |
Popularity | + | ++ | + | + | +++ | +++++ | + |
Language | Ash | Go | Java, Ruby | Java | Shell | Bash, PHP, C | Python |
Platform | OpenWrt | Linux, FreeBSD, macOS | Rasp Pi 2/3/4 | Linux, macOS, Windows | pfSense | Linux | OPNsense |
Available Since | 2015 | 2018 | 2016 | 2013 | 2015 | 2016 | 2019 |
Mode of Operation | DNS sinkhole | DNS sinkhole | DNS sinkhole or firewall | DNS sinkhole | Firewall rule | DNS sinkhole | DNS sinkhole |
Multilanguage Blocking Lists | + | +(1) | + | +(1) | +(1) | + | +(1) |
Additional Blacklists | + | + | + | + | + | + | + |
License | GPLv3 | GPLv3 | EUPL | EUPL free for up to 25 users | Apache v2 | EUPL v1.2 | BSD 2-clause "Simplified" |
DHCP Server | +(1) | + | – | – | + | + | + |
Hardware Costs (approx.) | $45 | $50 | $50 | $50 | $150 | $50 | $150 |
Admin Interface | + | + | + | + | + | + | + |
Graphical Evaluation | – | + | – | + | – | + | – |
Protection of Minors | – | + | + | + | +(2) | – | – |
Safe Search | – | + | – | + | +(2) | – | – |
DNS over HTTPS | – | + | – | + | + | +(3) | + |
Clients Individually Configurable | – | + | + | + | +(2) | + | – |
(1) Upgradable. (2) With pfSense methods (complex in part). (3) Manual adaptation at the command line. |
Black Holes
Most ad filters work on the same principle: They integrate into the network as DNS servers and respond to queries from the clients. The terminal devices ask the new DNS server for name resolution and receive a stored IP address.
Unlike a conventional DNS server, however, the ad blocker answers those DNS queries that are on its blacklist with a shrug of the shoulders (i.e., a DNS sinkhole). From the client's point of view, this website does not exist, and the browser cannot load the advertisement.
How does the advertising filter know that a DNS query leads to an advertising domain? The software uses publicly available lists that collect web addresses and domains for advertising. These blacklists work like spam lists for email servers.
Buy this article as PDF
(incl. VAT)