Part 2: My Router Knows What You’re Watching—And It’s Judging You

Yes, I Use Safaricom—And Yes, I Still Built My Own Router

Let’s get one thing clear before we deep-dive into the sauce: I’m on Safaricom Home Fibre.

It’s not the worst—when it works.

But the problem isn’t always the ISP. It’s what they give you to manage it:

A generic ZTE router that crashes if you sneeze near it.

A web interface that looks like it was built in 2009 by a hungover intern.

No logs, no insights, no control. Just “green light = good.”

So even with “fast” fiber, I was flying blind.

That’s when I said:

“If they won’t give me control—I’ll build it myself.”

And that’s where this part of the story begins.

Your Router Can Be So Much More (If You Let It)

My DIY router had already replaced Safaricom’s unit like a boss (read Part 1).

But I wanted to go further.

I didn’t just want speed. I wanted intelligence. I wanted domination over every single byte that passed through my house.

So I started adding modules. Tools. Powers.

And what followed turned my router from a humble connection box…

…into a cybersecurity fortress with just enough chaos to scare away freeloaders and confuse anyone sniffing around.

Pi-hole – Because Ads on Safaricom Data Are a Crime

You know those autoplay YouTube ads that drain your bundles?

Or those popups on mobile apps that seem to know your life story?

With Pi-hole, I made them disappear—across every device on the network.

No browser extensions needed. No fiddling.

Just DNS-level ad blocking baked into the router itself.

And the stats? Glorious.

It blocked over 17,000 ad queries in the first 48 hours.

That’s the equivalent of 10 full TikToks’ worth of wasted time per day.

Network Spying, but Make It Ethical

I installed Ntopng for real-time visibility.

Suddenly, I could see:

Who was using the most bandwidth.

 

Which sites were being accessed.

 

What apps were behaving like spies.

I even spotted an old smart TV constantly pinging Chinese servers—even when “off.”

Spoiler alert: it’s really off now.

Traffic Prioritization – I Am the Bandwidth King

 

I got tired of Safaricom’s standard setup treating every connection equally.

Netflix and Zoom deserve more love than TikTok and background Play Store updates.

So I deployed QoS rules and traffic shaping:

 

Zoom? Priority 1.

 

Instagram Reels? Priority “wait in line.”

 

My brother’s illegal torrenting? Blocked entirely, with a funny redirect to a Rickroll page.

I Built a Firewall That Knows Who You Are

 

With pfSense at the core, I built rules like:

If device = visitor & app = social media → limit speed to 1Mbps

 

If new unknown MAC address connects → send me a Telegram alert

 

If too many failed login attempts on the admin panel → auto-ban IP forever

Even Safaricom doesn’t protect you this hard.

Automation and Power Scripts

 

I didn’t stop there.

I wired in scripts to auto-reboot the modem at 3 AM if internet speed dips below 20Mbps.

I log all ping stats hourly.

And once a week, my router runs a mini audit and emails me a full breakdown.

Because sometimes, you need to know if your speed problems are you—or them.

Conclusion: You Don’t Have to Be Stuck With the Default

 

You can be on Safaricom and still take control of your network.

You can go beyond their router. Beyond their interface.

You can build your own internet experience.

All it takes is a Raspberry Pi, some open-source software, and a healthy level of obsession.

Part 3 on the way.