VPN vs DNS - Which Keeps You The Safest?
Вставка
- Опубліковано 15 тра 2024
- Ultimate guide covering the pros/cons of DNS and VPN providers (and sometimes both!) and different possible configurations you can explore to maximize your privacy and security online. Also showcasing custom DNS configurations in relationship with a VPN!
Techlore Resources: techlore.tech/resources
Techlore Forum: discuss.techlore.tech
More on DNS (Technical): aws.amazon.com/route53/what-i...
🔐 Our Website: techlore.tech
🕵 Go Incognito Course - to learn about privacy: techlore.tech/goincognito
🏫 Techlore Coaching - to get direct support: techlore.tech/coaching
💻 Techlore Forum - to connect with other advocates: discuss.techlore.tech
🦣 Mastodon - to stay updated: social.lol/@techlore
We cannot provide our content without our Patrons, huge thanks to:
BRIGHTSIDE, Clark, Ente, Larry, Afonso, Boori, Brad, Casper, Cookie, Floyd, JohnnyO, kevin, love your content, NotSure, Poaclu, x
🧡 Join them on Patreon: / techlore
💚 To see our production gear, privacy tools we use, and other affiliates: techlore.tech/affiliates
💖 All Techlore Support Methods: techlore.tech/support
00:00 VPN or DNS?!
00:10 What Are DNS Providers?
02:14 What are VPN Providers?
03:38 VPN vs DNS
04:30 Your VPN's DNS and What You Should Use
08:26 So what should you do?
#VPN #DNS #privacy - Наука та технологія
I'd love to see the different configurations you all have chosen to use! Leave them below
I use Next DNS I pay AUD$3/month it's awesome I've set it at router level and on my mobile phone the Samsung Galaxy Note10+...also we need a VPN that's outside of the 14 eyes surveillance network..search engine I use is qwant. I use torrent sites too
The last I checked, NextDNS routes the DNS logs you see of your account, on their website, through Google servers in plain text...
I used Nord's DNS servers the longest. They're slow. Then I tried Quad9. Faster than Nord. Then I tried Cloudflare. Very fast. I just moved to NextDNS. We shall see how it performs.
I use dnscryptproxy on my OPNsense router. It allows to filter via downloadable black lists, and I also use a filtering DNS provider. So, I should be fairly protected. The included Unbound DNS service can also filter, and it's even possible to add a custom list to that. I have mine handoff the lookups to dnscryptproxy after it resolves any intranet DNS queries. Also, don't forget to setup the cron job to automatically update the DNS black lists and restart the service. Oh yeah... And, it's all no cost, and no subscription. Mine also intercepts all outgoing DNS port 53 traffic.
On an unrelated note, I wanted to ask a question about Monero.
If Monero is ever cracked with quantum computers (or anything) could this de-anonymize past transactions? since the blockchain itself is public?... So maybe your transaction is anonymous today, but if in 10 years it gets cracked, could it ever be traced back to us?
Me: **Turns off phone and goes outside for a walk** 🍷🗿
I have a second phone I take for walks
@@SWUploads971a smartwatch would make sense and theres privacy friendly smartwatch'es. mental outlaw made a video on it a while ago
and yet, you are here commenting on UA-cam hahahahahaha
@@kevindetolli And apparently, you are not.
@@youchwb6005 I am!
Enabling Quad9 DNS over HTTPS is the first thing I do when setting up any new PC / browser
NextVDNS looks kinda neat. But honestly, the last thing I need right now is ANOTHER party to PAY for private internet. Between VPN, private e-mail, and your ISP, and maybe even things like Password Managers, Icogni, etc. internet cost really starts to add up for the privacy focused consumer. So I'm still going to stick with the free DNS options for now. Would love to see a more thorough comparison of modern free DNS providers. Most of the comparisons I find are pretty out of date.
AdGuard is great for self hosting, it’s also very simple and has features that similar options dont. It’s simpler than pihole in my humble opinion.
For everything else your best bet is to secure DNS by making sure it’s set to a proper upstream one such as Mullvad or Quad9. Unfortunately you may have to set this on a per device and per app basis.
Each device tends to have different support for encrypted DNS. Apps themselves can also vary.
This is what adguard or pihole are great at. You point all DNS to the adguard/pihole, and then from there you have it do the upstream requests in encrypted DNS.
The main thing that encrypting DNS does in terms of privacy is make sure that your ISP doesn’t hijack the DNS query on the way out (which apparently happens). A VPN also prevents this because the DNS request is sent through an encrypted tunnel as it goes through the ISP connection.
So realistically the minimum setup of good VPN + something like Quad9 DNS is going to do most of your network privacy without getting too into the weeds.
Then you have to look at your browser, device, operating system, apps, and other sources of telemetry and metadata fingerprinting. Many of these issues are fixed by using Linux + open source.
Anyway this got long, but personally with all that considered I don’t see much need to pay for DNS services. The way i would personally pay for DNS services is by spinning up a cloud VPS with it’s own domain to use as a VPN and reverse proxy. This is pretty common and can be pretty cheap.
Great video! Would love to see a comparison/review of Control D vs. NextDNS, especially since Control D without its proxy features is the same price.
Sadly no word about encrypted DNS. I thought your IPS can't see what you're doing if you're using DNS-over-HTTTPS (except raw IPs).
appreciate you uploading these videos so i can easily point to it for my friends that arent informed on this stuff yet
Using pihole and masquerading outgoing port 53 back to pihole. Actual outgoing dns requests use DoH to quad9. This works well.
Any pointers on where we can learn more?... I'm using pihole and Quad9 but lost on the portion related to port 53 and getting DOH working.
Ty
I use PIA's MACE on my local machine + Adguard DNS on the router. Good stuff.
I use NextDNS on the router and Adguard extension on my Brave Browser.
@@RAM_845 Isn't Brave is a Google browser?
@@youchwb6005 a modified one
@@youchwb6005It is based on Chromium. But everything Google related has been ripped out. It is 100% safe to use.
Great video going into the details of networking privacy!
My current setup (IVPN + NextDNS + Ublock Origin) as well as using generally more privacy friendly services has led to seeing basically no ads ever, less spam, and has generally improved the experience with every new service I use/switch to.
Hope you guys keep up the good work.
i expect you to also use revanced or any other private UA-cam app
edit: but you might not use your phone as an entertainment device
I've always heard that using a DNS provider with a VPN is not a good idea. Instead you should only use the VPNs DNS.... I don't know
Most vpn service providers have trackers on board (third party trackers). Even if no personally identifieable information is included, you can be identified easily using a few features). Mostly, people use a VPN and think they're good in terms of privacy. Yeah, well... turns out, no
@@enigma220 He covers the topic in the video, VPN dns vs custom DNS. While custom DNS is more idenfiable, the benefits outweigh the cons, and to be honest its such a minor "anti-fingerprinting" measure.
why don't you just use your own VPN?
Awesome! Thank you for Sharing!
the cutest privacy and security host out there!
Recently just bought a new iPad and new gaming laptop and one of the first things I did on both devices was change the dns settings to ControlD.
I have pihole and unbound (local dns) on my nas and use that for local traffic. I'm gonna try to get those accessible from the internet at some point but I haven't looked into it yet.
Great video, thanks. Do you have any thoughts on ShadowSocks DNS? 👍
Have you tried controld? I think it is now better then nextdns by a little
Could pihole be setup to mimic nextDNS?
So I have both Mullvad and Proton VPN's. I use the default DNS servers in Safari, but, Firefox and Vavaldi I have set to Cloudflare. Brave too. BUT, with all that said, my Router is set to Cloudflare. How does that play in?
Adguard dns is dope😂 it's an adblock killah
@Techlore Can you do a video on how domain vs website work and a separate video on how to remove domains from Whois websites ?
Wonderful video
which is bette for twiiter opposition in Egypt tor vs mullvad ?mac android?
love your jacket and content
Can you please make a video about securing your pc for online banking?
Trend Micro has " Pay Guard". It opens in a new isolated window like Sandboxie. Then after your session, delete all the history and cache in that window. Been using for other transaction sites like E bay, etc and never had problems. Other AVs have the same feature.
How would a website be able to tell what DNS provider you used to reach them? Maybe response time to be transferred to a subdomain could be a clue, but I don’t think there is a definitive way.
On the fingerprint side: Michael Bazell pointed out in one of his podcasts, that he uses NextDNS, but a different account for every instance, so one for the base Linux system, another one for the browser, then the phone, etc, etc. Not sure if it makes sense though
That's definitely a valid option too, you can opt for different configs on different devices w/ different priorities :)
Quad9 all day
What about Lokinet?
Adguard DNS Server review next!
Can’t you just use unbound dns and run dns over von then run your devices through a vpn? That way your query is encrypted and then the actual data is encrypted? That is how I run it on my external firewall and no issues thus far.
I use portmaster with spn
My first and only thought: *why not just use both!?*
I actually use proton vpn that is good to know.
and how having a Pihole in the network goes in all this ?
Because pfSense, the VPNs are always on 24/7 and with 1 hour IP rotation. :p
ControlD has the most powerful and revolutionary features than any other DNS provider in the history of DNS. It can do WAY more than NextDNS.
Such as?
🎯 Key Takeaways for quick navigation:
00:00 *🌐 DNS providers act like a phone book for the internet, translating domain names into IP addresses.*
00:57 *🛡️ DNS providers can offer security features like anti-phishing protection, but by default, they primarily focus on delivering internet services without harvesting user data.*
02:22 *🔒 VPNs encrypt traffic locally, enhancing security, especially on public Wi-Fi networks, and mask IP addresses to improve privacy.*
05:37 *🔄 VPNs often come with their own DNS, but users can opt for custom DNS providers like Next DNS for enhanced privacy and security features.*
08:52 *🚀 Consider switching to more privacy-respecting DNS providers and evaluate the need for a VPN based on your security and privacy requirements.*
VPNs vs DNS
Chalk vs Cheese
I say use both.
I still don’t understand how a dns keep you safe
Can you do a full hair tutorial on a separate video? I really like your hair style
The irony is that guys who know how to set up IT security are the guys that don't need it, and vice versa
Bro forgor proxies from this category
Noice
📝 Summary of Key Points:
📌 DNS providers act as a phone book for the internet, translating domain names into IP addresses. They offer some security features like anti-phishing protection but are primarily focused on providing internet access without compromising privacy.
🧐 VPNs encrypt traffic locally on your device, enhancing security and privacy by masking your IP address. They are used as privacy and security tools, especially on public Wi-Fi networks, to prevent data harvesting by ISPs.
💡 Additional Insights and Observations:
💬 Quotable Moments: DNS providers are like a search engine for the internet, while VPNs are used as privacy and security tools in the digital rights community.
📊 Data and Statistics: VPNs encrypt traffic locally, preventing Wi-Fi networks from accessing data, which is crucial for security.
🌐 References and Sources: The video mentions specific VPN providers like Mulvad, IVPN, ProtonVPN, and Windscribe, highlighting their role in securing web traffic.
📣 Concluding Remarks:
The video delves into the differences between DNS providers and VPNs, emphasizing their roles in privacy and security. While DNS providers focus on providing internet access and some security features, VPNs encrypt traffic to enhance privacy and security. Choosing the right DNS provider and VPN can significantly impact your online safety.
Generated using TalkBud
i have dns
f i r s t
7:16 You are wrong on this. There's no advantages to a custom DNS over a VPN regarding privacy. What your custom DNS is doing is blocking stuff, you should be doing that via adblock
When you change to a custom DNS over a VPN you are becoming *uniquely identifiable,* which defeats the point of using a VPN
How do you suppose you block ads and trackers outside a web browser environment? An app with trackers? An OS submitting invasive telemetry? I would take a look at what can be blocked by a DNS provider and how the scope is a bit different. Adblock + DNS together are a very ideal workflow for people who want the best of both worlds.
I directly address the ‘identifiable’ argument you make in the video and how it *is* a con to the workflow.
@@techloreAdding to this, the blocklists are very different, with network wide ones having a much more broad scope. An example of this would be blocking youtube and google ads, but not google telemetry/google play services tracking.
@@techlore On your first argument, ad blockers don't do the DNS requests, when a DNS request is made for a domain on their list, the ad blocker intercepts the request and returns a null response
As for the latter, it's irrelevant if you "addressed it in the video", you are advising people to do something they absolutely shouldn't. You are giving bad advise that doesn't give neither safety or privacy
@@kueacybtguicyregfibubkueacybax 6:16 As it's in the video, use a VPN provider that provides adblocking via their DNS. But never, NEVER use a VPN with an external custom DNS, specially not NextDNS or similar where your DNS requests go with UNIQUE IDENTIFIERS of your account and your identity
Your videos lost all meaning for me, after you insulted me, and apparently you're directly hacked into my phone and you're emailing me about it to rub it in. I understand why they call you tech bore now.