As you've researched how best to block ads (and also the trackers that frequently come with them), you've probably come across mentions of uBlock Origin and Pi-Hole.

uBlock Origin is the gold standard for adblocking; but Pi-Hole has numerous unique benefits as well. So, which blocking solution should you use?

What if we told you... you should probably look at using both if possible?

Don't worry; the reasons for this argument are below.

What is uBlock Origin?

NOTE: Not to be confused with the commercial option, "uBlock!"

uBlock Origin is a free and open source adblocker - but more specifically, a wide-spectrum tracker blocker - for browsers. It's available as a plugin for most browsers; you can install uBlock Origin as an add-on for Gecko based browsers like Firefox or as an extension for Chromium based browsers.

uBlock Origin is very often highly recommended in the privacy community for tracker blocking on the browser level. In fact, you could probably run only uBlock Origin in your browser and receive the most comprehensive tracker blocking available in a browser.

You'll also find that privacy browsers, such as Librewolf, ship out with uBlock Origin pre-installed as the default ad and tracker blocking solution. You can sometimes find some version or derivative of uBlock Origin being used for browsers other browsers, such as Falkon, that feature their "own" ad and tracker blocking capabilities.

What is Pihole?

Pi-Hole is a free and open source project that turns your (Linux) device into a local filtered DNS for your entire network. Simply put, it allows you to block ads and malicious domains on your network by preventing DNS queries for domains known to be associated with malware/advertising/tracking.

If you're curious about figuring out how to install Pi-Hole, then feel free to check out the avoidthehack guide for installing and configuring Pi-hole . While you're at it (or if you already have Pi-Hole installed), be sure to check out our curation of the best Pi-hole blocklists! .

In the general privacy community, you'll find Pi-Hole mentioned frequently as a recommendation for those looking for a network adblocking solution. It's frequently mentioned alongside other compatible solutions such as Unbound, a self-hostable encrypted DNS client, and other trusted DNS service providers such as Quad9 or NextDNS.

Key differences

Scope

The biggest difference between uBlock Origin and Pi-Hole is the scope of each solution's blocking abilities.

Remember:

• Pi-Hole is a network-wide ad and tracker blocker. When properly set up, Pi-Hole provides a "service" to the entirety of the network, blocking ads and trackers for any device connected to the network Pi-Hole sits on.
• On the other hand, uBlock Origin is limited to the device on which it is installed. Specifically, it''s a browser plugin, so it's actually limited to whatever web browser on which it is installed.

Think of it like this: one installation of Pi-Hole can provide blocking protection for more than one device whereas one installation of uBlock Origin can only provide blocking for the browser of the device its installed on. This does not make uBlock Origin inferior in any way; uBlock Origin can block the majority of ads and trackers within the browser before their associated DNS requests even make it to your Pi-Hole installation. Additionally, uBlock Origin is designed as a browser plugin, so naturally the scope of it's blocking would be limited to the browser.

Additional functionalities

In addition to their respective ad and tracker blocking abilities, both uBlock Origin and Pi-Hole offer additional functionality beyond their primary functions. Given the broad difference in scope of their blocking capabilities, these additional functions differ enough to note here.

Pi-Hole can act as the DHCP server for your network, assigning the leases for the internal IP addresses on your network. In most traditional set-ups, the DHCP server on the router handles this function. Allowing Pi-Hole to act as the DHCP server for your network faciliates some of Pi-Hole's more advanced settings, such as providing blocking for a "group" of devices on the network.

On the other hand, uBlock Origin can disable Javascript, block remote fonts, and remove large media elements on a per site basis. For Chromium based browsers, it can also prevent WebRTC from leaking your IP address. These functions are all easily controlled from within the plugin itself, which requires little to no "digging" on behalf of the user.

Key similarities

Use of blocklists

Both uBlock Origin and Pi-Hole perform the bulk of their ad and tracker blocking by using blocklists.

These blocklists frequently contain known hosts (read: domains) that host undesired content/advertisements/tracking methods. Hosts for ads and trackers are numerous, for lack of better terms. These hosts also frequently change and keeping up with each potential server change can be excessively time consuming.

Because of the seemingly endless supply of ad and tracker-related servers, some blocklists may even have a "theme" or "niche." For example, one blocklist might be dedicated to blocking hosts related to SmartTV ad/tracker domains whereas another might be dedicated to blocking content that is not safe for work (NSFW). Some lists are niched down further, focusing on specific vendors or companies known to host servers primarily used for serving ads and facilitating tracking.

Customization

Pi-Hole and uBlock Origin are easy-to-use for more average users, but boast a ton of customization options that many advanced users may find beneficial. These customization options allow anyone to truly tailor the software to their specific wants and needs; the versatility of each fits into a wide range of threat models common to the end-user.

Much of the customization found in Pi-Hole and uBlock Origin lie in the additional functionalities unique to both. However, a lot of customization also resides in the settings of each piece of software.

For example, uBlock Origin's "advanced options" allows tweaking of the nitty-gritty of the plugin itself. On the other hand, PiHole allows the application of blocklists to specific user groups or devices (assuming Pi-Hole also serves as your network's DHCP server.)

Ease-of-Use

Pi-Hole and uBlock Origin are both easy to use. Pi-Hole is a more complicated installation process, but after everything is said and done, it's relatively easy to manage while using the bundled (but optional) web interface. With Pi-Hole's intuitive web interface, you can easily manage blocklists. This can proveespecially helpful for users who either are 1) not familiar with the command line interface {CLI} or 2) prefer not to use the CLI for more complicated tasks.

uBlock Origin is far easier to install in comparison - it only requires installation of the extension (Chromium-based browsers) or add-on (Gecko/Firefox), which can easily be found in the Chrome Web Store or the Mozilla Add-on Website.

Alternatively, you can opt for installing the plugin manually. Though manual installation is more of a process on Chromium-based browsers, avoidthehack does have a nice write up on how to install Chromium extensions manually.

Recommendation: which blocker to use?

The short answer is: using both Pi-Hole and uBlock Origin as a combination is a more ideal ad/tracker blocking solution.

Ideally, it isn't a question of "either/or" because using Pi-Hole and uBlock Origin in tandem provides you with comprehensive tracker and ad blocking, as demonstrated by our crude illustration:

uBlock Origin is a comprehensive wide-spectrum blocker all on its own; its effectiveness can lend a helping hand to your Pi-Hole installation by not working it so hard. This is because when uBlock Origin blocks something, this request doesn't get "seen" by Pi-Hole. Therefore, Pi-Hole doesn't have to use any resources to block, answer, or forward the query to upstream DNS servers.

However, as noted earlier, uBlock Origin is a browser plugin, meaning it can't provide adblocking outside of the browser itself. This may not seem like a large issue, as must internet connectivity stems from browser activity. However, with the ever growing amounts of devices that aren't necessarily reliant on browsers, there is a high chance you also run various apps outside the browser. This can be the case with Internet of Things devices such as smart appliances, smart TVs, and fitness trackers/smart watches; it can also be the case with more mobile devices like your smartphone or tablets.

Apps installed can perform their own DNS queries, and if they serve ads or are "phoning home," then uBlock Origin is effectively helpless to stop this activity. This can be true whether an app is installed on your desktop, laptop, smartphone, or tablet.

Ideally, this is where Pi-Hole would step in and shine. Pi-Hole sits on your network as a filtered DNS server; it can catch these requests originating outside the browser and block them from resolving. Furthermore, if something "slips through" Pi-Hole, hopefully, if you're using a trusted encrypted DNS resolver that provides domain blocking as the upstream, it could be blocked there instead. Regardless, the query remains unanswered.

Since Pi-Hole sits on the network, it can also block ad and tracker-related DNS queries from other devices as well; even devices that traditionally don't have web browsers as noted above. It can also block queries sent from apps on your devices that originate outside the web browser; examples can include blocking excessive operating system telemetry (are you using Windows or macOS?), blocking telemetry from the browser installation itself (use a privacy-oriented browser to better mitigate this!), and blocking telemetry from other IoT devices that may be present on your network.

Once the DNS request is blocked, there is typically no connectivity, so you're safe - as a side effect, the blocking means less reosurces are consumed to answer the query, so you're also saving bandwidth on your network too!

Other recommendations to consider

While the primary focus of this post is to examine uBlock Origin and Pi-Hole and how they compare, it's important to understand that they don't exist in a vacuum. In other words, it remains important to consider other factors - AKA the total picture - in addition to deplying (additional) methods for tracker blocking.

Admittedly, there are a lot of things to consider and this can seem overwhelming. You should stick to your threat model. Some basic points you can springboard from include:

• Ensuring that you're using HTTPS at all times - you should be forcing HTTPS when browsing and avoiding connections to websites that don't have a valid TLS certificate or show errors when attempting to establish a HTTPS connection.
• Switching from an operating system like Windows and macOS or going through steps to harden privacy-unfriendly operating systems such as Windows
• Not logging into services or apps using a Google, Apple, or Microsoft account
• Using a private search engine instead instead of a search engine that tracks your search queries

It's also worth mentioning other software out there can complement your usage of uBlock Origin and Pi-Hole. For some examples, perhaps you would like to self-host your own recursive DNS resolver by running an Unbound server - or perhaps you're savvy and confident enough to securely set up your own VPN so that you can take advantage of your network while in a different physical location.

Or perhaps you seek to complement uBlock Origin's blocking functionality with a more "niche" blocker - such as LocalCDN, which blocks CDN connections and injects the content locally, eliminating the CDN as the middleman in the connection with a website.

Or maybe you're concerned about fingerprinting and are looking for more protection, so you opt to tweak specific settings or even run another extension that hardens your browser's resistance to various fingerprinting techniques. In any case, if you need guidance on different ways to block ads and trackers, then refer to the comprehensive adblocking guide.

Final thoughts

When it comes to Pi-Hole and uBlock Origin, understand that it doesn't have to be a case of either or. They are both valuable when it comes to providing comprehensive ad and tracker blocking protection for your devices.

In fact, they should both be used as these software pieces greatly complement each other. You can receive even more enhanced benefits by customizing them exactly to your liking, or even using other trusted blocking software.

With that said, if there is a situation where you have to choose, in many cases you'll find that uBlock Origin is the definitive answer because of its insanely easy installation and deployment; again, you download the add-on or extension for your browser and with near-zero set up time, you have one of the most effective browser adblockers on the market.

Additionally, given the number of people who may be using their ISP's router, Pi-Hole becomes a less attractive option. However, if you have the opportunity, you should definitely set it up as its a fantastic benefit to your entire network as opposed to a single browser/device!

With all of that said, stay safe out there!