If you don’t mind DM’ing me or dropping it in a comment here it would be greatly appreciated! The docker engine isn’t something entirely new to me so i’m a bit skeptical into thinking that i missed something but always happy to compare with others, actually Docker is what pushed me to switch fully to Linux on my personal computers.

Snippet from my docker-compose.yml:

  pihole:
    container_name: pihole
    hostname: pihole
    image: pihole/pihole:latest
    networks:
      main:
        ipv4_address: 172.18.0.25
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "127.0.0.1:67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "127.0.0.1:85:80/tcp"
      - "127.0.0.1:7643:443"
    environment:
      TZ: 'America/Vancouver'
      FTLCONF_webserver_api_password: 'insert-password-here'
      FTLCONF_dns_listeningMode: 'all'
    # Volumes store your data between container upgrades
    volumes:
      - './config/pihole/etc-pihole:/etc/pihole'
      - './config/pihole/etc-dnsmasq.d:/etc/dnsmasq.d'
      - '/etc/hosts:/etc/hosts:ro'
  #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
      - CAP_SYS_TIME
      - CAP_SYS_NICE
      - CAP_CHOWN
      - CAP_NET_BIND_SERVICE
      - CAP_NET_RAW
      - CAP_NET_ADMIN
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.pihole.rule=Host(`pihole.my.domain`)"
      - "traefik.http.routers.pihole.entrypoints=https"
      - "traefik.http.routers.pihole.tls=true"
      - "traefik.http.services.pihole.loadbalancer.server.port=80"
      - "traefik.http.routers.pihole.middlewares=fail2ban@file"
 unbound:
   image: alpinelinux/unbound
   container_name: unbound
   hostname: unbound
    networks:
      main:
        ipv4_address: 172.18.0.26
   ports:
     - "127.0.0.1:5334:5335"
   volumes:
     - ./config/unbound/:/var/lib/unbound/
     - ./config/unbound/unbound.conf:/etc/unbound/unbound.conf
     - ./config/unbound/unbound.conf.d/:/etc/unbound/unbound.conf.d/
     - ./config/unbound/log/unbound.log:/var/log/unbound/unbound.log
   restart: unless-stopped

Edit: After re-reading the Unbound github and their documentation it seems i may have missed some volume mounts that are key to the function of Unbound, i’ll definitely have to dive deeper into it.

I got two PiHoles running on my network via Docker Compose, I tried setting up Unbound in Docker-Compose and that fell flat, from my understanding DNSSEC was preventing DNS resolution outright.

Also tried OpenSense + Unbound which led to the same thing.

Eventually got tired of having my network cutting in and out over minor changes so I just stuck with Quad9 for my upstream needs.

I may not know much about software development & programming itself however, I feel like I did my part here.

+1 for Linux folks.

Not nearly as user friendly for the non-networking types hence why I recommend one with a fancy GUI.

Edit: Also, I suspect Microsoft will do Microsoft things and hide/prevent their telemetry from being blocked, ultimately I don’t know the state of Windows right now as I’ve made the switched to Linux many years ago.

Ah I figured Portmaster was only for Linux, I dabbled around their software and found it quite good!

I think the reason I stopped using it in lieu of OpenSnitch was because 1) most features were locked behind a subscription and 2) already had PiHole running so the firewall wasn’t something I really needed.

Regardless thanks for letting me know it works for Windows, I’ll started recommending it over Glasswire!

Quick way of accomplishing the de-bloating of windows is by 1) managing your own DNS and blocking telemetry connections network wide (quite easy to do with PiHole + Docker Engine) or 2) installing Glasswire and blocking connections on the specific device however, I believe Glasswires Firewall is subscription based so this may be a turn-off for people.

Either work and are more efficient than digging around your Windows install and finding all the different variants of the same bloatware.

Late to the conversation but maybe consider https://invidious.io/ or https://docs.piped.video/ - also for an easy to use desktop client there is https://freetubeapp.io/ which utilizes invidious/piped API’s.

Personally I host an invidious instance on a separate machine and route that machine to a VPN my other devices do not use.

Taking a look at both of these, Revolut seems more like a UK bank rather than something anyone can quickly signup for.

Wise seems promising, the question lies whether or not their privacy & security is reputable.

Thank you for this!

I don’t watch YouTube often but I’ve tried Yattee and had little issue with it. While it does use Invidious & Piped API’s I would argue it’s your best choice if your looking for privacy + native functionality.

Yes! PiHole does offer whitelisting profiles for devices however, Apple/IOS devices with their “Private Wi-Fi addresses” make it pain given how the Mac Addresses regularly rotate.

Yeah, PiHole is great if you live by yourself otherwise the entire household will have it out for you.

Learned that lesson the hard way.