relic4322

Checking it out, thanks for the recommendation.

Looks fantastic, great work!

I will also say that what I have listed is for my known digital foot print. If you catch my drift.

You are right. It's the choice I've made. I'm decided that I would rather have the lock down because I no longer think that being anonymous means anything. It's my opinion that due to the rise and ease of apply AI/ML and computational access we are all data points. So it's no longer a matter of blending in.

TLDR, I weighed the two and chose this

They aren't open. But yes. It would be if they were. The are open within my VPN. :)

Can you explain that?

sure thing, here you are

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      # DNS Ports
      - "53:53/tcp"
      - "53:53/udp"
      # Default HTTP Port
      - "8082:80/tcp"
      # Default HTTPs Port. FTL will generate a self-signed certificate
      - "8443:443/tcp"
      # Uncomment the below if using Pi-hole as your DHCP Server
      #- "67:67/udp"
      # Uncomment the line below if you are using Pi-hole as your NTP server
      #- "123:123/udp"
    environment:
      # Set the appropriate timezone for your location from
      # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones, e.g:
      TZ: 'America/New_York'
      # Set a password to access the web interface. Not setting one will result in a random password being assigned
      FTLCONF_webserver_api_password: 'false cat call cup'
      # If using Docker's default `bridge` network setting the dns listening mode should be set to 'all'
      FTLCONF_dns_listeningMode: 'all'
      FTLCONF_dns_upstreams: '127.0.0.1#5335' # Unbound
    # Volumes store your data between container upgrades
    volumes:
      # For persisting Pi-hole's databases and common configuration file
      - './etc-pihole:/etc/pihole'
      # Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true'
      #- './etc-dnsmasq.d:/etc/dnsmasq.d'
    cap_add:
      # See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
      # Required if you are using Pi-hole as your DHCP server, else not needed
      - NET_ADMIN
      # Required if you are using Pi-hole as your NTP client to be able to set the host's system time
      - SYS_TIME
      # Optional, if Pi-hole should get some more processing time
      - SYS_NICE
    restart: unless-stopped
  unbound:
    container_name: unbound
    image: mvance/unbound:latest # Change to use 'mvance/unbound-rpi:latest' on raspberry pi
    # use pihole network stack
    network_mode: service:pihole
    volumes:
      # main config
      - ./unbound-config/unbound.conf:/opt/unbound/etc/unbound/unbound.conf:ro
      # custom config (unbound.conf.d/your-config.conf). unbound.conf includes these via wilcard include
      - ./unbound-config/unbound.conf.d:/opt/unbound/etc/unbound/unbound.conf.d:ro
      # log file
      - /srv/docker/pihole-unbound/unbound/etc-unbound/unbound.log:/opt/unbound/etc/unbound/unbound.log
    restart: unless-stopped

I am relatively new to docker as well tbh. I did a lot with virtualization and a lot with linux and never bothered, but I totally get the use case now ha. just an FYI, if you use docker on Windows it runs slower as it has to leverage the Windows subsystem Linux (WSL) and a slightly different docker engine (forget which one). So linux is your best bet. If you do want to use a full VM I found Qemu to be the best option for least resource usage.

Yes, you can give fake info. I would say thats kinda the next step. Harden your browser and associated tech stack so you are secure. Then provide fake data that is generic enough so that it blends in. firefox or chrome standard agent, windows 11, etc.

for example https://deviceatlas.com/blog/list-of-user-agent-strings

The problem with hardening your system is that you become more identifieable unless you provide fake data. For example, here are my test results from coveryourtracks.eff.org

Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 2054.58 browsers have the same fingerprint as yours.

plugins are definitely detectable. just came across this, worth checking out your browser security.

https://coveryourtracks.eff.org/

everything you do to customize your browser makes your browser fingerprint unique. but you have a mostly unique fingerprint due to things you arent considering as well. system related stuff that your browser tells about you.

you have some options. 1) there are addons that limit privacy issues, 2) use a local web proxy, im using squid proxy for example just have it running on an old laptop. Optionally, I would also say, from a privacy standpoint look into DNS blackholing pihole, unbound, etc, and there are plenty of other things.

my favorite addons are ublock, privacy badger, i run noScript which is probably more painful than most are willing to put up with but I have heard that jShelter is a good compromise.

happy to share my docker-compose with pihole and unbound. im not the original author its a compilation of a few peoples. no issues. normal DNS inside the house DoT outside.