I used Nord's DNS servers the longest. They're slow. Then I tried Quad9. Faster than Nord. Then I tried Cloudflare. Very fast. I just moved to NextDNS. We shall see how it performs.
On an unrelated note about Monero. If this is ever cracked with quantum computers (or anything) could this de-anonymize past transactions? since the blockchain itself is public? So maybe your transaction is anonymous today, but if in 10 years it gets cracked, could it ever be traced back to us?
Looking for feedback. I know this isn't a mobile video, but it is regarding VPN/DNS For mobile: adguard DNS DuckDuckGo VPN Randomized Mac ON Brave set as primary browser In settings and developer settings. All apps shut off from the ability able to talk to each other. FYI, no issues and have run the apps without them talking to each other for quite a long time now. * on S10. Security wise, is this approach good? What are any vulnerabilities that could be oversight? Now Experiment with shutting off all background data usage capability for every app possible. And haven't run into many issues so far. 😂 But that's new yet. Yet again please point out any vulnerabilities thx. Also, If any responses of curiosity will give an update, np. & 😊 Thx for another good video.
Added safety, you can set Quad9 DNS at the router so every PC / mobile / browser connected to your home Wi-Fi will use Quad9 rather than default to the households ISP provider. This way, it's not browser configuration dependent unless the browser is configured to not use the defaults thus overriding the router.
NextVDNS looks kinda neat. But honestly, the last thing I need right now is ANOTHER party to PAY for private internet. Between VPN, private e-mail, and your ISP, and maybe even things like Password Managers, Icogni, etc. internet cost really starts to add up for the privacy focused consumer. So I'm still going to stick with the free DNS options for now. Would love to see a more thorough comparison of modern free DNS providers. Most of the comparisons I find are pretty out of date.
AdGuard is great for self hosting, it’s also very simple and has features that similar options dont. It’s simpler than pihole in my humble opinion. For everything else your best bet is to secure DNS by making sure it’s set to a proper upstream one such as Mullvad or Quad9. Unfortunately you may have to set this on a per device and per app basis. Each device tends to have different support for encrypted DNS. Apps themselves can also vary. This is what adguard or pihole are great at. You point all DNS to the adguard/pihole, and then from there you have it do the upstream requests in encrypted DNS. The main thing that encrypting DNS does in terms of privacy is make sure that your ISP doesn’t hijack the DNS query on the way out (which apparently happens). A VPN also prevents this because the DNS request is sent through an encrypted tunnel as it goes through the ISP connection. So realistically the minimum setup of good VPN + something like Quad9 DNS is going to do most of your network privacy without getting too into the weeds. Then you have to look at your browser, device, operating system, apps, and other sources of telemetry and metadata fingerprinting. Many of these issues are fixed by using Linux + open source. Anyway this got long, but personally with all that considered I don’t see much need to pay for DNS services. The way i would personally pay for DNS services is by spinning up a cloud VPS with it’s own domain to use as a VPN and reverse proxy. This is pretty common and can be pretty cheap.
Really late, so don't know if it matters but I use nextDNS for free on my Macbook and my main pc and I for example currently on sep 19 have 68k out 300k queries, so maybe it would also be enough for you to use for free.
Great video going into the details of networking privacy! My current setup (IVPN + NextDNS + Ublock Origin) as well as using generally more privacy friendly services has led to seeing basically no ads ever, less spam, and has generally improved the experience with every new service I use/switch to. Hope you guys keep up the good work.
Most vpn service providers have trackers on board (third party trackers). Even if no personally identifieable information is included, you can be identified easily using a few features). Mostly, people use a VPN and think they're good in terms of privacy. Yeah, well... turns out, no
@enigma220 He covers the topic in the video, VPN dns vs custom DNS. While custom DNS is more idenfiable, the benefits outweigh the cons, and to be honest its such a minor "anti-fingerprinting" measure.
🎯 Key Takeaways for quick navigation: 00:00 *🌐 DNS providers act like a phone book for the internet, translating domain names into IP addresses.* 00:57 *🛡️ DNS providers can offer security features like anti-phishing protection, but by default, they primarily focus on delivering internet services without harvesting user data.* 02:22 *🔒 VPNs encrypt traffic locally, enhancing security, especially on public Wi-Fi networks, and mask IP addresses to improve privacy.* 05:37 *🔄 VPNs often come with their own DNS, but users can opt for custom DNS providers like Next DNS for enhanced privacy and security features.* 08:52 *🚀 Consider switching to more privacy-respecting DNS providers and evaluate the need for a VPN based on your security and privacy requirements.*
Trend Micro has " Pay Guard". It opens in a new isolated window like Sandboxie. Then after your session, delete all the history and cache in that window. Been using for other transaction sites like E bay, etc and never had problems. Other AVs have the same feature.
How would a website be able to tell what DNS provider you used to reach them? Maybe response time to be transferred to a subdomain could be a clue, but I don’t think there is a definitive way.
I have pihole and unbound (local dns) on my nas and use that for local traffic. I'm gonna try to get those accessible from the internet at some point but I haven't looked into it yet.
So I have both Mullvad and Proton VPN's. I use the default DNS servers in Safari, but, Firefox and Vavaldi I have set to Cloudflare. Brave too. BUT, with all that said, my Router is set to Cloudflare. How does that play in?
Can’t you just use unbound dns and run dns over von then run your devices through a vpn? That way your query is encrypted and then the actual data is encrypted? That is how I run it on my external firewall and no issues thus far.
bro i need help and i am enterly new to this securty and privacy things i change my dns seting in firefox to quad9 but dns leak show my isp name , when i change to difult cloud flare there is no issue what may causes this issues sory for bad english 🙂
Looking for feedback. I know this isn't a mobile video, but it is regarding VPN/DNS For mobile: adguard DNS DuckDuckGo VPN Randomized Mac ON Brave set as primary browser In settings and developer settings. All apps shut off from the ability able to talk to each other. FYI, no issues and have run the apps without them talking to each other for quite a long time now. * on S10. Security wise, is this approach good? What are any vulnerabilities that could be oversight? Now Experiment with shutting off all background data usage capability for every app possible. And haven't run into many issues so far. 😂 But that's new yet. Yet again please point out any vulnerabilities thx. Also, If any responses of curiosity will give an update, np. & 😊 Thx for another good video.
📝 Summary of Key Points: 📌 DNS providers act as a phone book for the internet, translating domain names into IP addresses. They offer some security features like anti-phishing protection but are primarily focused on providing internet access without compromising privacy. 🧐 VPNs encrypt traffic locally on your device, enhancing security and privacy by masking your IP address. They are used as privacy and security tools, especially on public Wi-Fi networks, to prevent data harvesting by ISPs. 💡 Additional Insights and Observations: 💬 Quotable Moments: DNS providers are like a search engine for the internet, while VPNs are used as privacy and security tools in the digital rights community. 📊 Data and Statistics: VPNs encrypt traffic locally, preventing Wi-Fi networks from accessing data, which is crucial for security. 🌐 References and Sources: The video mentions specific VPN providers like Mulvad, IVPN, ProtonVPN, and Windscribe, highlighting their role in securing web traffic. 📣 Concluding Remarks: The video delves into the differences between DNS providers and VPNs, emphasizing their roles in privacy and security. While DNS providers focus on providing internet access and some security features, VPNs encrypt traffic to enhance privacy and security. Choosing the right DNS provider and VPN can significantly impact your online safety. Generated using TalkBud
7:16 You are wrong on this. There's no advantages to a custom DNS over a VPN regarding privacy. What your custom DNS is doing is blocking stuff, you should be doing that via adblock When you change to a custom DNS over a VPN you are becoming *uniquely identifiable,* which defeats the point of using a VPN
How do you suppose you block ads and trackers outside a web browser environment? An app with trackers? An OS submitting invasive telemetry? I would take a look at what can be blocked by a DNS provider and how the scope is a bit different. Adblock + DNS together are a very ideal workflow for people who want the best of both worlds. I directly address the ‘identifiable’ argument you make in the video and how it *is* a con to the workflow.
@@techloreAdding to this, the blocklists are very different, with network wide ones having a much more broad scope. An example of this would be blocking youtube and google ads, but not google telemetry/google play services tracking.
@@techlore On your first argument, ad blockers don't do the DNS requests, when a DNS request is made for a domain on their list, the ad blocker intercepts the request and returns a null response As for the latter, it's irrelevant if you "addressed it in the video", you are advising people to do something they absolutely shouldn't. You are giving bad advise that doesn't give neither safety or privacy
@@kueacybtguicyregfibubkueacybax 6:16 As it's in the video, use a VPN provider that provides adblocking via their DNS. But never, NEVER use a VPN with an external custom DNS, specially not NextDNS or similar where your DNS requests go with UNIQUE IDENTIFIERS of your account and your identity
I'd love to see the different configurations you all have chosen to use! Leave them below
The last I checked, NextDNS routes the DNS logs you see of your account, on their website, through Google servers in plain text...
I used Nord's DNS servers the longest. They're slow. Then I tried Quad9. Faster than Nord. Then I tried Cloudflare. Very fast. I just moved to NextDNS. We shall see how it performs.
On an unrelated note about Monero.
If this is ever cracked with quantum computers (or anything) could this de-anonymize past transactions? since the blockchain itself is public?
So maybe your transaction is anonymous today, but if in 10 years it gets cracked, could it ever be traced back to us?
Looking for feedback. I know this isn't a mobile video, but it is regarding VPN/DNS
For mobile:
adguard DNS
DuckDuckGo VPN
Randomized Mac ON
Brave set as primary browser
In settings and developer settings. All apps shut off from the ability able to talk to each other.
FYI, no issues and have run the apps without them talking to each other for quite a long time now. *
on S10. Security wise, is this approach good? What are any vulnerabilities that could be oversight?
Now
Experiment with shutting off all background data usage capability for every app possible. And haven't run into many issues so far. 😂
But that's new yet.
Yet again please point out any vulnerabilities thx.
Also,
If any responses of curiosity will give an update, np.
& 😊 Thx for another good video.
Oh, Android 12
Me: **Turns off phone and goes outside for a walk** 🍷🗿
I have a second phone I take for walks
@@PortlandMana smartwatch would make sense and theres privacy friendly smartwatch'es. mental outlaw made a video on it a while ago
and yet, you are here commenting on UA-cam hahahahahaha
@@kevindetolli And apparently, you are not.
@@youchwb6005 I am!
Enabling Quad9 DNS over HTTPS is the first thing I do when setting up any new PC / browser
Added safety, you can set Quad9 DNS at the router so every PC / mobile / browser connected to your home Wi-Fi will use Quad9 rather than default to the households ISP provider. This way, it's not browser configuration dependent unless the browser is configured to not use the defaults thus overriding the router.
NextVDNS looks kinda neat. But honestly, the last thing I need right now is ANOTHER party to PAY for private internet. Between VPN, private e-mail, and your ISP, and maybe even things like Password Managers, Icogni, etc. internet cost really starts to add up for the privacy focused consumer. So I'm still going to stick with the free DNS options for now. Would love to see a more thorough comparison of modern free DNS providers. Most of the comparisons I find are pretty out of date.
AdGuard is great for self hosting, it’s also very simple and has features that similar options dont. It’s simpler than pihole in my humble opinion.
For everything else your best bet is to secure DNS by making sure it’s set to a proper upstream one such as Mullvad or Quad9. Unfortunately you may have to set this on a per device and per app basis.
Each device tends to have different support for encrypted DNS. Apps themselves can also vary.
This is what adguard or pihole are great at. You point all DNS to the adguard/pihole, and then from there you have it do the upstream requests in encrypted DNS.
The main thing that encrypting DNS does in terms of privacy is make sure that your ISP doesn’t hijack the DNS query on the way out (which apparently happens). A VPN also prevents this because the DNS request is sent through an encrypted tunnel as it goes through the ISP connection.
So realistically the minimum setup of good VPN + something like Quad9 DNS is going to do most of your network privacy without getting too into the weeds.
Then you have to look at your browser, device, operating system, apps, and other sources of telemetry and metadata fingerprinting. Many of these issues are fixed by using Linux + open source.
Anyway this got long, but personally with all that considered I don’t see much need to pay for DNS services. The way i would personally pay for DNS services is by spinning up a cloud VPS with it’s own domain to use as a VPN and reverse proxy. This is pretty common and can be pretty cheap.
Really late, so don't know if it matters but I use nextDNS for free on my Macbook and my main pc and I for example currently on sep 19 have 68k out 300k queries, so maybe it would also be enough for you to use for free.
Great video going into the details of networking privacy!
My current setup (IVPN + NextDNS + Ublock Origin) as well as using generally more privacy friendly services has led to seeing basically no ads ever, less spam, and has generally improved the experience with every new service I use/switch to.
Hope you guys keep up the good work.
i expect you to also use revanced or any other private UA-cam app
edit: but you might not use your phone as an entertainment device
Most vpn service providers have trackers on board (third party trackers). Even if no personally identifieable information is included, you can be identified easily using a few features). Mostly, people use a VPN and think they're good in terms of privacy. Yeah, well... turns out, no
@enigma220 He covers the topic in the video, VPN dns vs custom DNS. While custom DNS is more idenfiable, the benefits outweigh the cons, and to be honest its such a minor "anti-fingerprinting" measure.
why don't you just use your own VPN?
Using pihole and masquerading outgoing port 53 back to pihole. Actual outgoing dns requests use DoH to quad9. This works well.
Any pointers on where we can learn more?... I'm using pihole and Quad9 but lost on the portion related to port 53 and getting DOH working.
Ty
I use PIA's MACE on my local machine + Adguard DNS on the router. Good stuff.
@RAM_845 Isn't Brave is a Google browser?
@@youchwb6005It is based on Chromium. But everything Google related has been ripped out. It is 100% safe to use.
@@youchwb6005brave is based on chromium, it js works like chrome but better
the cutest privacy and security host out there!
Great video! Would love to see a comparison/review of Control D vs. NextDNS, especially since Control D without its proxy features is the same price.
appreciate you uploading these videos so i can easily point to it for my friends that arent informed on this stuff yet
Recently just bought a new iPad and new gaming laptop and one of the first things I did on both devices was change the dns settings to ControlD.
🎯 Key Takeaways for quick navigation:
00:00 *🌐 DNS providers act like a phone book for the internet, translating domain names into IP addresses.*
00:57 *🛡️ DNS providers can offer security features like anti-phishing protection, but by default, they primarily focus on delivering internet services without harvesting user data.*
02:22 *🔒 VPNs encrypt traffic locally, enhancing security, especially on public Wi-Fi networks, and mask IP addresses to improve privacy.*
05:37 *🔄 VPNs often come with their own DNS, but users can opt for custom DNS providers like Next DNS for enhanced privacy and security features.*
08:52 *🚀 Consider switching to more privacy-respecting DNS providers and evaluate the need for a VPN based on your security and privacy requirements.*
My first and only thought: *why not just use both!?*
Can you please make a video about securing your pc for online banking?
Trend Micro has " Pay Guard". It opens in a new isolated window like Sandboxie. Then after your session, delete all the history and cache in that window. Been using for other transaction sites like E bay, etc and never had problems. Other AVs have the same feature.
Have you tried controld? I think it is now better then nextdns by a little
Awesome! Thank you for Sharing!
Adguard dns is dope😂 it's an adblock killah
Quad9 all day
What about Lokinet?
@Techlore Can you do a video on how domain vs website work and a separate video on how to remove domains from Whois websites ?
How would a website be able to tell what DNS provider you used to reach them? Maybe response time to be transferred to a subdomain could be a clue, but I don’t think there is a definitive way.
I have pihole and unbound (local dns) on my nas and use that for local traffic. I'm gonna try to get those accessible from the internet at some point but I haven't looked into it yet.
love your jacket and content
Great video, thanks. Do you have any thoughts on ShadowSocks DNS? 👍
So I have both Mullvad and Proton VPN's. I use the default DNS servers in Safari, but, Firefox and Vavaldi I have set to Cloudflare. Brave too. BUT, with all that said, my Router is set to Cloudflare. How does that play in?
Wonderful video
Can’t you just use unbound dns and run dns over von then run your devices through a vpn? That way your query is encrypted and then the actual data is encrypted? That is how I run it on my external firewall and no issues thus far.
bro i need help and i am enterly new to this securty and privacy things i change my dns seting in firefox to quad9 but dns leak show my isp name , when i change to difult cloud flare
there is no issue what may causes this issues sory for bad english 🙂
so can i use google dns or not
Could pihole be setup to mimic nextDNS?
and how having a Pihole in the network goes in all this ?
I actually use proton vpn that is good to know.
I say use both.
Because pfSense, the VPNs are always on 24/7 and with 1 hour IP rotation. :p
I use portmaster with spn
Adguard DNS Server review next!
Looking for feedback. I know this isn't a mobile video, but it is regarding VPN/DNS
For mobile:
adguard DNS
DuckDuckGo VPN
Randomized Mac ON
Brave set as primary browser
In settings and developer settings. All apps shut off from the ability able to talk to each other.
FYI, no issues and have run the apps without them talking to each other for quite a long time now. *
on S10. Security wise, is this approach good? What are any vulnerabilities that could be oversight?
Now
Experiment with shutting off all background data usage capability for every app possible. And haven't run into many issues so far. 😂
But that's new yet.
Yet again please point out any vulnerabilities thx.
Also,
If any responses of curiosity will give an update, np.
& 😊 Thx for another good video.
Oh, Android 12
I still don’t understand how a dns keep you safe
VPNs vs DNS
Chalk vs Cheese
Can you do a full hair tutorial on a separate video? I really like your hair style
Bro forgor proxies from this category
that is an absurd dichotomy
📝 Summary of Key Points:
📌 DNS providers act as a phone book for the internet, translating domain names into IP addresses. They offer some security features like anti-phishing protection but are primarily focused on providing internet access without compromising privacy.
🧐 VPNs encrypt traffic locally on your device, enhancing security and privacy by masking your IP address. They are used as privacy and security tools, especially on public Wi-Fi networks, to prevent data harvesting by ISPs.
💡 Additional Insights and Observations:
💬 Quotable Moments: DNS providers are like a search engine for the internet, while VPNs are used as privacy and security tools in the digital rights community.
📊 Data and Statistics: VPNs encrypt traffic locally, preventing Wi-Fi networks from accessing data, which is crucial for security.
🌐 References and Sources: The video mentions specific VPN providers like Mulvad, IVPN, ProtonVPN, and Windscribe, highlighting their role in securing web traffic.
📣 Concluding Remarks:
The video delves into the differences between DNS providers and VPNs, emphasizing their roles in privacy and security. While DNS providers focus on providing internet access and some security features, VPNs encrypt traffic to enhance privacy and security. Choosing the right DNS provider and VPN can significantly impact your online safety.
Generated using TalkBud
7:16 You are wrong on this. There's no advantages to a custom DNS over a VPN regarding privacy. What your custom DNS is doing is blocking stuff, you should be doing that via adblock
When you change to a custom DNS over a VPN you are becoming *uniquely identifiable,* which defeats the point of using a VPN
How do you suppose you block ads and trackers outside a web browser environment? An app with trackers? An OS submitting invasive telemetry? I would take a look at what can be blocked by a DNS provider and how the scope is a bit different. Adblock + DNS together are a very ideal workflow for people who want the best of both worlds.
I directly address the ‘identifiable’ argument you make in the video and how it *is* a con to the workflow.
@@techloreAdding to this, the blocklists are very different, with network wide ones having a much more broad scope. An example of this would be blocking youtube and google ads, but not google telemetry/google play services tracking.
@@techlore On your first argument, ad blockers don't do the DNS requests, when a DNS request is made for a domain on their list, the ad blocker intercepts the request and returns a null response
As for the latter, it's irrelevant if you "addressed it in the video", you are advising people to do something they absolutely shouldn't. You are giving bad advise that doesn't give neither safety or privacy
@@kueacybtguicyregfibubkueacybax 6:16 As it's in the video, use a VPN provider that provides adblocking via their DNS. But never, NEVER use a VPN with an external custom DNS, specially not NextDNS or similar where your DNS requests go with UNIQUE IDENTIFIERS of your account and your identity
i have dns
Noice
f i r s t