Privacy Technologies

Posted by Michael Davie on Saturday, April 2, 2022

Privacy Technologies

A few years ago I read Tim Wu’s excellent book, The Attention Merchants, which opened my eyes to the pervasiveness of what’s become known as surveillance capitalism. (The documentary The Social Dilemma also did a great job of highlighting this problem.) Afterward, I basically declared war on advertising in our family’s lives, and deployed a number of technologies on our devices and our home LAN to block as much of it as possible. Here’s our setup:

Brave Browser

brave-logo

We use Brave as the primary browser on all of our devices. It blocks ads and trackers directly in the browser, and generally just works out of the box as a drop-in replacement for Chrome.

AdGuard Home

AdGuard stats

I run AdGuard Home in a container as the local DNS server for our LAN. It blocks ads and trackers at the DNS level, and configuring it with just four blocklists causes 25-30% of our network’s DNS queries to be blocked, without breaking anything. As a bonus it also blocks adult content.

Canadian Shield / Quad9

Canadian Shield Quad9 Logo

We use both CIRA’s Canadian Shield and Quad9 as upstream DNS providers. Both provide protection against known malicious domains, while supporting encrypted DNS-over-TLS to keep our DNS queries private from our ISP.

I also wrote a custom configuration for our iOS devices so that they use Canadian Shield via DNS-over-TLS whenever they’re not connected to our home wifi. I’ve published a copy as a gist; just plug in your local SSID and install the config on your devices if you’d like to do the same.

If you’re a more normal person who doesn’t run a local DNS server at home:

  • You can configure Canadian Shield as the DNS server on your home router, which will protect your whole LAN.
  • Paul Miller has published configuration profiles that will enforce encrypted DNS on your iOS and macOS devices, including for Canadian Shield (contributed by me!).

Wireguard

wireguard

When I’m traveling and need to connect to some dodgy wifi (which is admittedly not too often lately), I use Wireguard to make a VPN connection back to our home LAN. I’ve got profiles deployed on our phones and laptops, and it also just works. It also provided a handy workaround when my son was having trouble getting Stardew Valley’s multiplayer mode to work with his cousin. Virual LAN party FTW!

CATALOG