AdGuard Home = Bye Bye ISP Spying
TLDR; Comcast won't be able to see which sites you are going to.
Sure, we have all heard that our ISP is spying on us. YouTubers all the time recommend a trial of <INSERT VPN NAME HERE>. While VPNs do work, they can often slow down your network and can cause latency issues.
Imagine that there was a way to block your ISP from spying on you. Imagine there was also a way to block all ads on your home network. Imagine that you could block adult websites, piracy websites, all social media, all tracking, all Google, all Facebook…
What if I told you that there is a tool that can make all your dreams come true.
*AdGuard Home has entered the chat.
“AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that. With the rise of Internet-Of-Things and connected devices, it becomes more and more important to be able to control your whole network.” - https://adguard.com/en/adguard-home/overview.html
Now that’s great and all, but what does that actually mean.
It’s actually very simple if you think of it this way…
In the following example, someone on my home network is searching for google.com.
The device asks the router to look up google.com through what’s called a DNS server. A DNS server is able to find the correct IP address or location for google.com
In this scenario (as with most home networks today) the DNS server is Xfinity’s. The DNS server address for Xfinity is 75.75.75.75. Simply put, you are going to Xfinity’s servers to find google.com
This is where AdGuard Home comes in. In this new scenario, instead of reaching out to Xfinity’s DNS server, our router is reaching out to OUR AdGuard Home server. If the server is on your home network (say on a server in your homelab) your DNS queries cannot be seen by your ISP.
This can be especially handy when we are trying to block certain things.
Here we can see that someone tried to access freerealestate.com (respect the meme). Let’s say for the use of this example that freerealestate.com is a malicious website. Our AdGuard server will see the query, (shake its head and ask what society has come to) realize that it is a malicious website, and it will zero out the users IP address.
But hold on, what does that mean?
Here is an Internet 101 explanation:
First, the user searches for freerealestate.com
Second, the request is processed through the router to the DNS server.
Third, the DNS server passes the request to the actual web server that freerealstate.com is hosted on.
Fourth, the web server sees the IP, says awesome, now I know who to send my website back to, and replies with the content of the website.
If, however, we have added a blocklist that includes malicious IP addresses or websites and freerealestate.com is on there, this is what the trail or handshake process looks like.
First, the user searches for freerealestate.com
Second, the request is processed through the router to the DNS server.
Third, the DNS server sees that the address is on a blocklist and decides to not allow it to be accessed. Instead, a zeroed-out IP is sent to the web server.
Finally, the DNS server sends back a message that 12.345.678.912 was not going to hear back from freerealestate.com because it was a malicious website.
With AdGuard Home, you can control access to websites, services, and you can limit tracking and telemetry.
Currently I am running AdGuard Home on an Ubuntu 21.10 server which is located on my Proxmox 7.1 HomeLab server. I will be putting out another post to explain the setup process and why you should pair Unbound with AdGuard Home.
Thanks all,
Joe