We have mentioned previously just how important DNS is on iOS and Android and we've also been over how you can secure your WiFi network with a Pi-Hole and with AdGuardHome.
But, of course, there is always the problem of when you are on the road with your notebook. You won't have many problems if you're using Tails or Qubes.
Likewise, you'll maybe have seen our articles (and those of others) recommending VPN services to achieve a secure setup in a coffee shop or other place with public WiFi and which allow you to connect securely. However, you still rely on a single point of failure. You could insist that your notebook by itself is a single point of failure but you do have options, and some pretty good ones, for security on the GO!
One product we keep mentioning in the Privacy Cookbook is AdGuard. We've had it on Android, there is an iOS version (not my recommendation as there are better alternatives) and we've had the AdGuardHome solution on the RaspberryPi! And AdGuard also has versions for MacOS and Windows.
As there are effectively 2 solutions, let's start with the better one:
The Firewall solution - which blocks malware, ads and every website you don't want to see. The best part it also blocks YouTube Ads and lets you control re-directions and your own DNS server.
The other solution is, of course:
The Hostfile solution - simple, free and always working!
One beauty of a hostfile is that it can easily be modified on Windows, Linux or Mac. However, more recently, Windows 10 has made it more difficult to open apps such as administrator but it’s not impossible! Search on your Notepad, then right-click on Notepad in the search results list and choose to run it as administrator.
Once you’ve done that, open up the following file using the File -> Open featurec:\windows\system32\drivers\etc\hosts
After which you can edit as usual once notepad is open.
In this example we will block Facebook. To do this just enter in the following after the # mark.0.0.0.0 www.facebook.com #suckerberg
Now that you have edited your Hostfile make sure to save it, Facebook should now be blocked on your browser!
On Linux and Mac it is simpler, just open the terminal and typesudo nano /etc/hosts
Or if you use vimsudo vim /etc/hosts
Add the same format0.0.0.0 Facebook.com #deletefacebook
Save it and you're free of facebook.com
Now that's probably not the only page you want to block so here is a list of great hostlists, copy all the entries to your list and you will be golden!
Adguard Simplified - English filter, Social media filter, Spyware filter, Mobile ads filter, EasyList and EasyPrivacy
AdAway - Blocking mobile ad providers and some analytics providers
hpHosts - Ad and Tracking servers only
CHEFKOCH - NSA Blocklist
CHEFKOCH - Canvas font fingerprinting
CHEFKOCH - Audio fingerprinting
CHEFKOCH - Canvas fingerprinting
CHEFKOCH - Trackers
CHEFKOCH - Facebook
StevenBlack - with the fakenews, gambling and social extensions
Google - Blocks all Google domains and services
Facebook & FB - Blocks Facebook and its Apps
Privacy Cookbook - Chapter 3 - Ad and Bad traffic filtering
This solution does not help you modifying your DNS.
However, AdGuard has a great guide for each OS on their website

AdGuard can already block (out of the box) a great list of services by just using the DNS servers for them. However, feel free to check for the DNS servers on any of our recommended lists above.
This solution is free vs the Firewall solution which will cost.
OK, we said two but here is a 3rd possible solution, where we recommend NextDNS
This works for all 3 OSs, Linux, Mac and Windows and the beauty of this one is that you can block and unblock sites and services.
Have a look at the writeup for NextDNS as we explained it back in Chapter 2.

I like to stress DNS as it is so important! ISPs are known to slow down your internet connections, redirect traffic and block websites. You can go around all of this with a simple DNS change whilst blocking bad traffic at the same time.
Bear in mind, however, that this solution does not hide the traffic from your ISP. Your Internet service provider will still be able to see every website you visit and log every move you made. If you want to go around this you need to consider using the Tor Browser which is by far the best solution.
For more on hiding your identity online, we recommend the following:



Perhaps one of the best solutions, which works as a combination of a Firewall, a DNS provider and an OpenVPN (hiding your IP) is to be found in:

For Mac, Linux and Windows we've had dedicated write-ups on additional firewall solutions to be found here:


And in our next Chapter I will provide recommendations for software on MacOS, followed by the same for Linux. I won't be covering Windows, as I don't use it, and I strongly recommend you ditch it yourself, as quickly as possible!
Stay safe, people!
The PA