As you've researched how best to block ads (and also the trackers that frequently come with them), you've probably come across mentions of uBlock Origin and Pi-Hole.
uBlock Origin is the gold standard; but Pi-Hole has numerous unique benefits as well. So, which blocking solution should you use?
What if we told you... you should probably look at using both if possible?
Don't worry. Let us explain.
NOTE: Not to be confused with the commercial option, "uBlock!"
uBlock Origin is a free and open source adblocker - but more specifically, a wide-spectrum tracker blocker - for browsers. It's available as a plugin for most browsers; you can install uBlock Origin as an add-on for Gecko based browsers like Firefox or as an extension for Chromium based browsers.
uBlock Origin is very often highly recommended in the privacy community for tracker blocking on the browser level. In fact, you could probably run only uBlock Origin in your browser and receive the most comprehensive tracker blocking available.
You'll find that privacy browsers, such as Librewolf, ship out with uBlock Origin pre-installed as the default ad and tracker blocking solution. You can sometimes find some version of uBlock Origin being used for browsers that feature their "own" ad and tracker blocking capabilities.
Pi-Hole is a free and open source project that allows you to turn your (Linux) device into a local filtered DNS for your entire network. Simply put, it allows you to block ads and malicious domains on your network.
If you're curious about how to install Pi-hole, then feel free to check out the
avoidthehack guide for installing and configuring Pi-hole
. While you're at it (or if you already have Pi-hole installed), be sure to check out our
curation of the best Pi-hole blocklists!
In the general privacy community, you'll find Pihole mentioned frequently for those looking for a network adblocking solution. It's frequently mentioned alongside other compatible solutions such as Unbound, a self-hostable encrypted DNS client, and other trusted DNS service providers such as Quad9 or NextDNS.
The biggest difference between uBlock Origin and Pi-Hole is the scope of each solution's blocking abilities.
- Pihole is a network-wide ad and tracker blocker. When properly set up, Pihole provides a "service" to the entirety of the network, blocking ads and trackers for any device connected to the network that Pihole sits on.
- On the other hand, uBlock Origin is limited to the device on which its installed. Specifically, its a browser plugin, so it's actually limited to whatever web browser its installed on.
Think of it like this: one installation of Pi-Hole can provide blocking protection for more than one device whereas one installation of uBlock Origin can only provide blocking for the browser of the device its installed on. This does not make uBlock Origin inferior in any way; after all, it's a browser plugin with limited overall scope.
In addition to their respective ad and tracker blocking abilities, both uBlock Origin and Pi-Hole offer additional functionality beyond their primary functions. Given the broad difference in scope of their blocking capabilities, these additional functions differ enough to note here.
Pi-Hole can act as DHCP server for your network, assigning the leases for the internal IP addresses on your network.
Use of blocklists
Both uBlock Origin and Pi-Hole perform the bulk of their ad and tracker blocking by using blocklists.
These blocklists frequently contain known hosts (read: domains) that host undesired content/advertisements/tracking methods. Hosts for ads and trackers are numerous, for lack of better terms.
Because of the seemingly endless supply of ad and tracker-related servers, some blocklists may even be "themed" or "niche." For example, one blocklist might be dedicated to blocking hosts related to SmartTV ad/tracker domains whereas another might be dedicated to blocking content that is not safe for work (NSFW).
Pi-Hole and uBlock Origin are easy-to-use for more average users, but boast a ton of customization options that many advanced users find beneficial. These customization options allow anyone to truly tailor the software to their specific wants and needs; the versatility fits into a wide range of threat models common to the end-user.
Much of the customization within Pi-Hole and uBlock Origin lie in the additional functionalities that are unique to both. However, a lot of customization also resides in the settings of each piece of software.
For example, uBlock Origin's "advanced options" allows you to tweak of the nitty-gritty of the plugin itself. On the other hand, PiHole allows you to to apply blocklists to specific user groups or devices (assuming you allow Pi-Hole to be your network's DHCP server.)
Pi-Hole and uBlock Origin are both easy to use. Pi-Hole is a more complicated installation process, but after everything is said and done it's relatively easy to manage while using the Web Interface. With Pi-Hole's intuitive web interface, you can easily manage blocklists. This really helps users who either are 1) not familiar with the CLI or 2) prefer not to use the CLI for everything.
uBlock Origin is super easy to install - it literally just requires you to install the extension (Chromium-based browsers) or add-on (Gecko/Firefox), which can be found in the Chrome Web Store or the Mozilla Add-on Website.
Alternatively, you can opt for installing the plugin manually. Though manual installation is more of a process on Chromium, avoidthehack does have a nice write up on how to install Chromium extensions manually.
The short answer is: Both. Yes, you should use both Pi-Hole and uBlock Origin.
Ideally, it isn't a question of "either, or," because using Pi-Hole and uBlock Origin in tandem provides you with comprehensive tracker and ad blocking:
uBlock Origin is a pretty comprehensive wide-spectrum blocker all on its own; its effectiveness can actually help your Pi-Hole installation by not working it so hard. This is because when uBlock Origin blocks something, this request doesn't get "seen" by Pi-Hole.
However, as we noted earlier, uBlock Origin is a browser plugin. Meaning that it can't provide adblocking outside of the browser itself. This may not seem like a large issue but there's a high chance you also run various apps outside the browser; these apps can perform their own DNS queries, and if they serve ads or are "phoning home," then uBlock Origin is effectively helpless to stop this activity.
Ideally, this where PiHole would step in. Pi-Hole essentially sits on your network as a filtered DNS server; it can catch these requests and stop them. Furthermore, if something "slips through" Pi-Hole, hopefully, if you're using a trusted encrypted DNS resolver that provides domain blocking as the upstream, it could be blocked there instead.
Since Pi-Hole sits on the network it can also block ad and tracker-related DNS queries from other devices too; even devices that traditionally don't have web browsers. It can also block queries sent from apps on your devices that originate outside the web browser; blocking excessive operating system telemetry (are you using Windows or macOS?) is a possibility as well.
Once the DNS request is blocked, there is typically no connectivity, so you're safe - as a side effect, you're also saving bandwidth on your network too!
While the primary focus of this post is to examine uBlock Origin and Pi-Hole and how they compare, it's important to understand that they don't exist in a vacuum. It's definitely important to consider other factors - the total picture - in addition to tracker blocking.
And admittedly, there are a lot of things to consider. Some of the basic points you can springboard from are:
It's also worth mentioning that there is other software out there can complement your usage of uBlock Origin and Pi-Hole. For examples, perhaps you would like to self-host your own recursive DNS resolver by running an Unbound server - or perhaps you're savvy and confident enough to securely set up your own VPN so that you can take advantage of your network while in a different physical location.
Perhaps you seek to complement uBlock Origin's blocking functionality with a more "niche" blocker - such as LocalCDN, which blocks CDN connections and injects the content locally.
Or maybe you're concerned about fingerprinting and are looking for more protection, so you opt to run another extension that hardens your browser's resistance to various fingerprinting techniques.
When it comes to Pi-Hole and uBlock Origin, it doesn't have to be either or. They are both valuable when it comes to receiving comprehensive ad and tracker blocking protection.
In fact, they should both be used as these software pieces greatly complement each other. You can receive even more enhanced benefits by customizing them exactly to your liking, or even using other trusted blocking software.
With that said, if there is a situation where you have to choose, in many cases you'll find that uBlock Origin is the definitive answer because of its insanely easy installation and deployment; again, you download the add-on or extension for your browser and with near-zero set up time, you have one of the most effective browser adblockers on the market.
Additionally, given the number of people who may be using their ISP's router, Pi-Hole becomes a less attractive option. However, if you have the opportunity, you should definitely set it up as its a fantastic benefit to your entire network as opposed to a single browser/device!
With all of that said, stay safe out there!