Greatly improve your security using NextDNS

in LeoFinance3 years ago

image.png

NextDNS is more than a tool to block ads. NextDNS is able to be filter out threats and malicious content across your entire network.

I highly recommend checking them out, as it is easy to use and highly effective.

You maybe familiar with Pi-Hole, a service that runs on a Raspberry Pi to block ads on your network rather than just from your browser. NextDNS is similar to this, but does a lot more.

image.png

I have found over 10% of the traffic on my network is filtered with NextDNS. This is largely ads and trackers, but there is also a significant amount of dangerous content in there as well.

image.png

Setting up NextDNS is really simple, and can be installed within 60 seconds.
Once installed you can adjust your own personal configuration page to adjust what settings you want for your network.

image.png

In my case, I have most of the features enabled.

image.png

I also have a few addition lists enabled for addition protection. One of the things I really like about NextDNS is the ability to block OS level telemetry like Apple and Windows. This prevents a lot of phone home and privacy invasion across your network, not just your machine.

You can even install the client on your mobile device for when you are not on your own network.

Many of the popular uBlock Origin / AdBlock lists are available to use with just a single click. Although many of them are not updated frequently, so keep that in mind when you select your lists. I recommend just sticking with NextDNS Ad & Trackers, AdGuard DNS Filter, and OISD as the most reliable and frequently updated lists.

image.png

Another big advantage of NextDNS is encrypted DNS, this prevents your ISP from easily collecting your browsing habbits and injecting ads or snooping. Previously the only way to do this easily was to use CloudFlare's DNS (1.1.1.1) but this did not offer the amount of security that NextDNS does.

Setup is really easy and once you set it up, you have access to a portal that gives you many configuration options for your network. NextDNS provides protection for all your Internet enabled devices. Configuration varies depending on the device you are using, but I recommend looking into the setup options carefully as it is more than just replacing your DNS settings. You want to ensure you use Encrypted DNS which requires additional considerations.

I also recommend you run their client, this will allow for easy configuration, full encrypted DNS support, and the ability to identify traffic on your LAN by device.

If you enable all features, there is a chance you will get false positives (legitimate traffic blocked). This can easily be identified and resolved by looking at the detailed logs filtering by blocked connections and adding specific whitelist entries as needed. If you have used a Pi-Hole device, you likely are already familiar with this. This should be extremely rare depending on how aggressive you do the settings. I have everything enabled with fairly aggressive configration and I rarely ever have to add anything to the whitelist.

image.png

There are a few options you can enable to increase performance as well. I recommend enabling these although the difference is minor.

image.png

Another nice feature is support for Web 3, this is really cool as many browsers don't have full support for IPFS or crypto domains yet (Brave does), so you can get full support of these features without running a browser plugin for each of them. Even more useful when on mobile where there may not even be support for these features.

While some users can fit in the free account, it is likely you will go through the 300,000 free queries per month using it for your entire household. A paid Pro account is only $20/year and well worth it.

image.png

It is one of the best $20 bills you will spend this year.

Oh, and if you haven't been following recent events, Google will be making changes to their browser (and any other browser like Brave that forks off it) that will drastically reduce the effectiveness of AdBlock software by restricting APIs needed to block ads. Once this comes in effect, services like NextDNS will be the only way to effectively block intrustive ads and malicous content.

If you are not doing it already, I highly recommend moving to Brave Browser for additional security and privacy.


All screenshots are from NextDNS website.

Posted Using LeoFinance Beta

Sort:  

It's a great product, but it's a centralized vendor. I'm willing to pay for a subscription for the service of curating whitelists/blacklists, signature data and IP/domain reputation databases. BUT I like to pay anonymously without need for an account and to avoid centralized single points of failure. All security related software (and hardware, too) should be opensource with the ability to fully self-host without depending on a vendor, its services and availability.
Pi-hole for example can be configured to fully run local on a pi, being a fully recursive resolver without any external dependency.

Pi-hole for example can be configured to fully run local on a pi, being a fully recursive resolver without any external dependency.

It can, but it isn't at the same level of NextDNS.

What's the difference in combination pihole + open VPN?`

Pihole blocks everything I want + encryption. With free google cloud account (years ago you got 500$ for sign up to test stuff), I would say it's pretty much the same.

NextDNS does a lot more, it has a unique list no one else has, it also uses machine learning to block threats, it also has other features not possible on a Pi-Hole

OK, I will look into it. Sounds very good and I hate a bit to run pi 24/7 :P

Another question is, they are trustworthy? I mean nobody knows what they do with data, p2p encryption or not.

It would be possible, there was be a lot of shady things in the past ( not with DNS exactly) but with VPN/ encryption services and so on.

I got a Raspberry Pi from my cousin and today I was going to setup Pi-Hole to block ads on my home network. But this looks like a great alternative. I can probably use the Raspberry Pi for something else now. I will try to setup NextDNS and yeah as you said 20$ a year isn't a big deal for such a good protection. I wish they accept the payment through crypto. 😉😀 I would probably go with a free plan for now and see if that is sufficient for me and then choose a bigger plan if it isn't sufficient.

Edit: Just found out that they accept cryptocurrencies too.

All prices are in INR. We accept cards, PayPal and cryptocurrencies.

ok I will check it out cause security is a very big issue these days and will be more if gov wants to know if we are involved with crypto

Seems like a valid product endorsement.
And the article is very nicely done.
I trust that you're not in any way, shape, or form paid by the provider, but simply reccommending the product based on personal experience.
Always nice to know where people stand.
/miko

NextDNS is more than a tool to block ads. NextDNS is able to be filter out threats and malicious content across your entire network.

Thank you for this update I really need to set this up I normally get pissed off when ever I see ads on my screen especially when I'm doing something important or seeing ads that is not helpful to me, I really love how search engines are getting updated on the web3.0 phase is a nice development to blockchain.

I gave up on Brave browser shortly after trying it out (a couple years ago) because it was EXACTLY the same as my Chrome browser, except that it paid a crypto I couldn't legally trade in NY.

At the end of this post you acknowledge that Brave is forked from Chrome and will be susceptible to the same API restrictions, but then you still recommend Brave browser in the next paragraph. Could you clarify this at all?

I gave up on Brave browser shortly after trying it out (a couple years ago) because it was EXACTLY the same as my Chrome browser, except that it paid a crypto I couldn't legally trade in NY.

It isn't exactly the same as Chrome, it uses Chromium open source project, but it doesn't send privacy data to Google, it's faster, and far more secure. It also has a crypto focus.

At the end of this post you acknowledge that Brave is forked from Chrome and will be susceptible to the same API restrictions, but then you still recommend Brave browser in the next paragraph. Could you clarify this at all?

I'm confident they will work something out, Brave is heavily focused on security and privacy.

I haven't really had security problems to test those features, but as far as privacy, it was pretty clear that they were in fact sharing my browsing history. My Chrome browser and Facebook both started giving me ads that were clearly based on my use of the Brave browser, and I never logged into either Google or Facebook (or any other site for that matter) with it.

People who seem to know more about these things than me keep singing its praises, though, so it's probably time I gave it another look. This was at least two years ago.

I haven't really had security problems to test those features, but as far as privacy, it was pretty clear that they were in fact sharing my browsing history. My Chrome browser and Facebook both started giving me ads that were clearly based on my use of the Brave browser, and I never logged into either Google or Facebook (or any other site for that matter) with it.

There is no way Brave was sending data to Google (Chrome). It was likely the result of using Facebook or some other app that did on both. Brave is very anti Google and it's whole mission is counter to what they do.

you have some cookies on your computer. It could be the case google reads that and give you the ads.

I mean that's most likely because every website can read those cookies. And google and friends have maybe a better way to track :P

Yes, cookies that were stored by the Brave browser, apparently in a place where other browsers knew to find and access them.

However it worked, it was definitely not as private as my Firefox browser.

special after the restart. But don't forget, Windows stores cookies too from browsing.

That's one reason why I haven't used Windoze for over 10 years.

I also recommend you run their client, this will allow for easy configuration, full encrypted DNS support, and the ability to identify traffic on your LAN by device.

The only difficult thing is dealing with configuration, but since there is option to run the client server it will be easy to configure.

Thanks for the update

Thanks for this review and recommendation. I've been looking for something reliable and this coming from you saves me time and money as well :) One can never be too careful, especially these days.

Posted Using LeoFinance Beta

Use Pi-Hole for a long time.

I also like uBlock Origin.

Next DNS looks like a very good alternative. I mean using the pi for something else for 20$/year + no maintain work looks not that bad :P

services like NextDNS will be the only way to effectively block intrustive ads and malicous content

The only way? The only way if we do not do something else I would say.

If you are not doing it already, I highly recommend moving to Brave Browser for additional security and privacy.

I really appreciate this update which I believe will be very helpful in security for secured privacy and thanks for sharing it's awesome.

I kind of liked Brave Browser, Brave Browser is fast. But yeah thanks for presenting NextDNS as well. Good to see these new tools work on ad block.

After your previous posts above I brave, I switched to it. I am a happy customer now. It seems like a browser made for crypto peeps.

NextDNS seems to be cool as well. Screw the ads!

Posted Using LeoFinance Beta

Google shouldn't be doing this.... There is really no privacy using Google. Thanks for sharing NextDNS.

!PIZZA

PIZZA!

PIZZA Holders sent $PIZZA tips in this post's comments:
@samostically(1/5) tipped @themarkymark (x1)

You can now send $PIZZA tips in Discord via tip.cc!

¡Feliz dia de San valentin! @themarkymark 😀

Let's toast to good friendships, those who believe in us and who give us productive moments.... Thank you Marky 🤗💙

untitled.gif

MALOMI TV 💟

I kind of liked Brave Browser, Brave Browser is fast. But yeah thanks for presenting NextDNS as well. Good to see these new tools work on ad block.