Yep - this. I absolutely abhor “smart” TVs for just this reason.
But, even lack of internet sometimes isn’t enough. I recently, and inadvertently, left the wireless adapter on my TV enabled, after having to temporarily join it to my wireless for a firmware update (digital TV tuning needed updating for my region). After I was done, I cleared the wireless config, but I didn’t think to go into the other menu where you can entirely disable the wireless adapter.
Little did I know that meant the TV started broadcasting it’s own SSID, for friggin’ Apple Airplay or some other shit. I found this out when my 9yo daughter was suddenly exposed to some adult content for about 10 seconds. Best guess is a nearby neighbour mistook my TV for theirs.
I’ve obviously disabled the wireless adapter again, but this has been a terribly difficult lesson I’ve had to learn.
For anyone concerned, my daughter is OK. My wife had a good chat with her about it. She had considerably more talking down to do with me - I was ready to start knocking on doors, to have my own chat.
xyguy@startrek.website 9 months ago
Connected a Samsung smart TV to my network when we first got it. The thing damn-near crashed my pi-hole asking for so many ad/tracking domains. Factory reset it later that same day. I think my % of requests blocked went from 15% to 68% in just the 3 hours or so the Smart TV was connected.
redcalcium@lemmy.institute 9 months ago
They started to wisen up and hard-coded dns requests to 8.8.8.8 to bypass dns ad blockers now. Heck, some apps like Netflix already do it for years now. If your router can transparently redirect all dns requests to your pi-hole, you should use that feature.
Stupidmanager@lemmy.world 9 months ago
or use the blocking feature of your firewall. Here’s Roku being persistent and ignoring my pihole. Firewalla for the win.
Image
mosiacmango@lemm.ee 9 months ago
Firewalla’s are great. All the features of pfsense and then some, in a fine little hardware form factor.
PopShark@lemmy.world 9 months ago
The countries listed there are really peculiar to me (I know that’s not the part of the image you were referring to).
Like obviously U.S. is up top because presumably you live there but either way lots of internet traffic goes in/out of the country even for those that don’t… but I wonder why Germany and France? Russia and China can be sort of assumed I guess a lot of malware spawns from there. Especially China imho even though Russia is on the hot seat rn and it’s common to think of the country when thinking of hackers they just don’t have China’s huge internet/tech infrastructure to send out as much… manure I guess overall, everywhere. Russia seems to try to target malware whereas China just spews it indiscriminately. Feel free to correct if I’m wrong I’m no security expert.
I use ControlD for DNS filtering and I don’t think I can view analytics like that by country? Wish I could though it seems really interesting now what my blocked connections would look like by country/region.
irotsoma@lemmy.world 9 months ago
Easy enough to do with NAT unless it uses DNS over https. Then you have to block a lot more than just DNS.
Trollception@lemmy.world 9 months ago
I deny all DNS traffic except traffic going to my router IP so my pfBlocker will always work.
nsfw_alt_2023@lemmynsfw.com 9 months ago
There’s always DNS over HTTPS. It’s really hard to nab that shit out if it’s going upstream to the same server that’s hosting the content.
bitwaba@lemmy.world 9 months ago
That’s my next project now that I have my pihole set up. My basic ass router from my ISP does not support that though.
Side question: do you know of any openWRT supported routers in the $100-150 range with external antennas? Everything I’ve taken a look at is either an internal antenna, or like $400.
redcalcium@lemmy.institute 9 months ago
What do you mean with internal/external antenna? Does something like asus rt-ax53u ($85) counts as having external antennas? openwrt.org/toh/asus/rt-ax53u
Hamartiogonic@sopuli.xyz 9 months ago
I recall having similar issues with Chrome. Instead of checking in with the pihole, it just went ahead and bypassed it by using a different DNS.