phantom_eight

joined 1 year ago
[โ€“] phantom_eight@alien.top 0 points 11 months ago

I think pi holes only go so far. Unless you also block outbound DNS and have IPS/IDS setup to catch and block it on other ports and via encapsulation inside https... it's just another loosing battle.

If I was a TV manufacturer I'd give absolute fuck all about the DNS address assigned to the TV by your router.... or ANY DNS server that has a RFC1918 address. I'd be writing code that would try to hit DNS on the internet that I can use, possibly on a different port than 53 or via HTTPS tunnel.. I'd also have a few DNS entries hardcoded to IP's owned by the TV manufacturer or a subsidiary or even something in Azure/AWS....aside from trying the obvious 1.1.1.1 and 8.8.8.8 and ensuring the records I need are on those servers..

If you want to create a deny all rule and then spend weeks surfing firewall logs, creating allow rules randomly and via trial and error because half the shit doesn't work on the TV and you didn't write the code so you basically are guesing and googling what it needs to talk to.... have at it. Or. Never connect the TV to the internet. Ever.

[โ€“] phantom_eight@alien.top 0 points 11 months ago

Never connect a TV to the internet, ever. Amazon already not so secretly controls and monitors my life, so I just keep it in the fam and use a Firestick 4K Max.

All that connecting a TV to the internet will do is bring you continued disappointment, with rare upsides such as an elusive good firmware update, as most rarely improve something on the TV without fucking something else up or including a huge downside.

Why do you think they've gotten so cheap lately? They are sold at a loss because they rape your data and feed you ads.... again just like everything else.

Most people who do what you want to do have a more complicated setup with a separate SSID for IOT stuff on it's own isolated VLAN with firewall rules to specific things on the main network such as a Plex/Emby server, ect, if needed.