mirror of
https://github.com/yokoffing/NextDNS-Config.git
synced 2025-11-17 07:33:39 -05:00
fix links (#61)
This commit is contained in:
Guru
48
README.md
48
README.md
@@ -8,8 +8,8 @@
|
|||||||
|
|
||||||
***
|
***
|
||||||
# Guidelines :bookmark:
|
# Guidelines :bookmark:
|
||||||
1) Prevent overblocking by utilizing the [law of diminishing returns](https://pmctraining.com/site/wp-content/uploads/2018/04/Law-of-Diminishing-Returns-CHART.png) (e.g., using [sane](https://privacyguides.org/basics/threat-modeling), quality [blocklists](https://github.com/yokoffing/NextDNS-Config#blocklists-1); allowing most [TLDs](https://github.com/yokoffing/NextDNS-Config#block-top-level-domains-tlds-1-2-3-4-5-); etc.).
|
1) Prevent overblocking by utilizing the [law of diminishing returns](https://web.archive.org/web/20231108092752if_/https://pmctraining.com/site/wp-content/uploads/2018/04/Law-of-Diminishing-Returns-CHART.png) (e.g., using [sane](https://www.privacyguides.org/en/basics/threat-modeling/), quality [blocklists](https://github.com/yokoffing/NextDNS-Config#blocklists-1); allowing most [TLDs](https://github.com/yokoffing/NextDNS-Config#block-top-level-domains-tlds-1-2-3-4-5-); etc.).
|
||||||
2) Pass the [girlfriend test](https://urbandictionary.com/define.php?term=Grandma%20Test) with few exceptions. These deviations are documented throughout the guide.
|
2) Pass the [girlfriend test](https://www.urbandictionary.com/define.php?term=Grandma%20Test) with few exceptions. These deviations are documented throughout the guide.
|
||||||
|
|
||||||
***
|
***
|
||||||
|
|
||||||
@@ -25,7 +25,7 @@ Security settings protect your data from harm, theft, and unauthorized use.<sup>
|
|||||||
|
|
||||||
## Threat Intelligence Feeds <sup><sup>[1](https://github.com/nextdns/metadata/blob/6f9b6cd0670e7e31ad2ca716742088c2fc0616c2/security/threat-intelligence-feeds.json)</sup></sup>
|
## Threat Intelligence Feeds <sup><sup>[1](https://github.com/nextdns/metadata/blob/6f9b6cd0670e7e31ad2ca716742088c2fc0616c2/security/threat-intelligence-feeds.json)</sup></sup>
|
||||||
 Use Threat Intelligence Feeds
|
 Use Threat Intelligence Feeds
|
||||||
## AI-Driven Threat Detection <sup><sup>[1](https://unofficialbird.com/NextDNS/status/1440291577713233925?lang=en)</sup></sup>
|
## AI-Driven Threat Detection <sup><sup>[1](https://x.com/NextDNS/status/1440291577713233925)</sup></sup>
|
||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> NextDNS labels this feature as [beta](https://www.vocabulary.com/dictionary/beta), although most users report it works well.
|
> NextDNS labels this feature as [beta](https://www.vocabulary.com/dictionary/beta), although most users report it works well.
|
||||||
|
|
||||||
@@ -45,7 +45,7 @@ Security settings protect your data from harm, theft, and unauthorized use.<sup>
|
|||||||
|
|
||||||
## DNS Rebinding Protection <sup><sup>[1](https://help.nextdns.io/t/35hmval/what-is-dns-rebinding-protection) [2](https://www.reddit.com/r/nextdns/comments/t0ne8r/does_dns_rebinding_protection_block_remote_access/?context=3)</sup></sup>
|
## DNS Rebinding Protection <sup><sup>[1](https://help.nextdns.io/t/35hmval/what-is-dns-rebinding-protection) [2](https://www.reddit.com/r/nextdns/comments/t0ne8r/does_dns_rebinding_protection_block_remote_access/?context=3)</sup></sup>
|
||||||
 Enable DNS Rebinding Protection
|
 Enable DNS Rebinding Protection
|
||||||
## IDN Homograph Attacks Protection <sup><sup>[1](https://blog.riotsecurityteam.com/idn-homograph-attacksprevention) [2](https://akamai.com/blog/security/watch-your-step-the-prevalence-of-idn-homograph-attacks)</sup></sup>
|
## IDN Homograph Attacks Protection <sup><sup>[1](https://web.archive.org/web/20230325073817/https://blog.riotsecurityteam.com/idn-homograph-attacksprevention) [2](https://akamai.com/blog/security/watch-your-step-the-prevalence-of-idn-homograph-attacks)</sup></sup>
|
||||||
 Enable Homograph Attacks Protection
|
 Enable Homograph Attacks Protection
|
||||||
## Typosquatting Protection <sup><sup>[1](https://github.com/nextdns/metadata/blob/6f9b6cd0670e7e31ad2ca716742088c2fc0616c2/security/typosquatting/protected-domains)</sup></sup>
|
## Typosquatting Protection <sup><sup>[1](https://github.com/nextdns/metadata/blob/6f9b6cd0670e7e31ad2ca716742088c2fc0616c2/security/typosquatting/protected-domains)</sup></sup>
|
||||||
 Enable Typosquatting Protection
|
 Enable Typosquatting Protection
|
||||||
@@ -57,7 +57,7 @@ Security settings protect your data from harm, theft, and unauthorized use.<sup>
|
|||||||
|
|
||||||
 Block Newly Registered Domains (NRDs)
|
 Block Newly Registered Domains (NRDs)
|
||||||
|
|
||||||
## Block Dynamic DNS Hostnames <sup><sup>[1](https://github.com/nextdns/ddns-domains/blob/main/suffixes) [2](https://twitter.com/NextDNS/status/1541740963760144386) </sup></sup>
|
## Block Dynamic DNS Hostnames <sup><sup>[1](https://github.com/nextdns/ddns-domains/blob/main/suffixes) [2](https://x.com/NextDNS/status/1541740963760144386) </sup></sup>
|
||||||
> [!TIP]
|
> [!TIP]
|
||||||
> Dynamic DNS (DDNS) services can still access their own website and update API when you use this setting.
|
> Dynamic DNS (DDNS) services can still access their own website and update API when you use this setting.
|
||||||
|
|
||||||
@@ -65,11 +65,11 @@ Security settings protect your data from harm, theft, and unauthorized use.<sup>
|
|||||||
|
|
||||||
## Block Parked Domains <sup><sup>[1](https://github.com/nextdns/metadata/blob/6f9b6cd0670e7e31ad2ca716742088c2fc0616c2/security/parked-domains-cname)</sup></sup>
|
## Block Parked Domains <sup><sup>[1](https://github.com/nextdns/metadata/blob/6f9b6cd0670e7e31ad2ca716742088c2fc0616c2/security/parked-domains-cname)</sup></sup>
|
||||||
 Block Parked Domains
|
 Block Parked Domains
|
||||||
## Block Top-Level Domains (TLDs) <sup><sup>[1](https://webtribunal.net/blog/tld-statistics/) [2](https://www.spamhaus.org/statistics/tlds/) [3](https://bleepingcomputer.com/news/security/verified-twitter-accounts-hacked-to-send-fake-suspension-notices/) [4](https://github.com/DandelionSprout/adfilt/blob/master/Dandelion%20Sprout's%20Anti-Malware%20List.txt) [5](https://github.com/DandelionSprout/adfilt/issues/659#issuecomment-1284845803) </sup></sup>
|
## Block Top-Level Domains (TLDs) <sup><sup>[1](https://webtribunal.net/blog/tld-statistics/) [2](https://www.spamhaus.org/reputation-statistics/cctlds/domains/) [3](https://bleepingcomputer.com/news/security/verified-twitter-accounts-hacked-to-send-fake-suspension-notices/) [4](https://github.com/DandelionSprout/adfilt/blob/master/Dandelion%20Sprout's%20Anti-Malware%20List.txt) [5](https://github.com/DandelionSprout/adfilt/issues/659#issuecomment-1284845803) </sup></sup>
|
||||||
*Updated: 18 March 2024* <p>
|
*Updated: 18 March 2024* <p>
|
||||||
|
|
||||||
> [!IMPORTANT]
|
> [!IMPORTANT]
|
||||||
> Blocking [TLDs](https://geeksforgeeks.org/components-of-a-url) risks blocking legitimate sites along with malicious ones, since this feature stops both site navigations and subrequests. However, the entries below should allow for everyday browsing while offering protection against commonly abused TLDs.
|
> Blocking [TLDs](https://www.geeksforgeeks.org/components-of-a-url) risks blocking legitimate sites along with malicious ones, since this feature stops both site navigations and subrequests. However, the entries below should allow for everyday browsing while offering protection against commonly abused TLDs.
|
||||||
|
|
||||||
<details><summary>Click me to view TLDs</summary>
|
<details><summary>Click me to view TLDs</summary>
|
||||||
|
|
||||||
@@ -113,11 +113,11 @@ You can find additional entries on [Most Abused TLDs](https://github.com/hagezi/
|
|||||||
# Privacy :lock:
|
# Privacy :lock:
|
||||||
Privacy features limit the amount of data companies can collect about you.
|
Privacy features limit the amount of data companies can collect about you.
|
||||||
|
|
||||||
Because privacy is a [spectrum](https://blog.thenewoil.org/the-privacy-myth-binary-vs-spectrum), what you need varies on your [threat model](https://thenewoil.org/en/guides/prologue/threatmodel), interest, and skillset.<sup>^[*why should I care? I have nothing to hide*](https://medium.com/@FabioAEsteves/i-have-nothing-to-hide-why-should-i-care-about-my-privacy-f488281b8f1d)</sup>
|
Because privacy is a [spectrum](https://blog.thenewoil.org/the-privacy-myth-binary-vs-spectrum), what you need varies on your [threat model](https://thenewoil.org/en/guides/prologue/threat-model/), interest, and skillset.<sup>^[*why should I care? I have nothing to hide*](https://medium.com/@FabioAEsteves/i-have-nothing-to-hide-why-should-i-care-about-my-privacy-f488281b8f1d)</sup>
|
||||||
|
|
||||||
## Blocklists <sup><sup>[1](https://github.com/nextdns/blocklists/tree/main/blocklists)</sup></sup>
|
## Blocklists <sup><sup>[1](https://github.com/nextdns/blocklists/tree/main/blocklists)</sup></sup>
|
||||||
|
|
||||||
Blocklists filter out ads, [trackers](https://freecodecamp.org/news/what-you-should-know-about-web-tracking-and-how-it-affects-your-online-privacy-42935355525/), and malicious sites. Hundreds of volunteers contribute to these lists in the [open-source](https://opensource.com/resources/what-open-source) community, and they are the undercover heroes who make blocking ads at scale possible.
|
Blocklists filter out ads, [trackers](https://www.freecodecamp.org/news/what-you-should-know-about-web-tracking-and-how-it-affects-your-online-privacy-42935355525/), and malicious sites. Hundreds of volunteers contribute to these lists in the [open-source](https://opensource.com/resources/what-open-source) community, and they are the undercover heroes who make blocking ads at scale possible.
|
||||||
|
|
||||||
We recommend you **remove** the [NextDNS Ads & Trackers Blocklist](https://github.com/nextdns/blocklists/blob/main/blocklists/nextdns-recommended.json) and **add** the [minimum](https://www.reddit.com/r/nextdns/comments/1048xeg/do_you_use_nextdns_blocklist_as_the_primary/j33wnz2/?context=3) number of useful lists.
|
We recommend you **remove** the [NextDNS Ads & Trackers Blocklist](https://github.com/nextdns/blocklists/blob/main/blocklists/nextdns-recommended.json) and **add** the [minimum](https://www.reddit.com/r/nextdns/comments/1048xeg/do_you_use_nextdns_blocklist_as_the_primary/j33wnz2/?context=3) number of useful lists.
|
||||||
|
|
||||||
@@ -143,7 +143,7 @@ You can also check out Hagezi's own [recommendations](https://github.com/hagezi/
|
|||||||
|
|
||||||
You may also wonder why other lists are not utilized. This is because many list maintainers:
|
You may also wonder why other lists are not utilized. This is because many list maintainers:
|
||||||
* do not remove [false positives](https://csrc.nist.gov/glossary/term/false_positive) and/or are no longer active <sup>[1](https://github.com/lightswitch05/hosts/issues/356) [2](https://github.com/EnergizedProtection/block/issues/916)</sup>
|
* do not remove [false positives](https://csrc.nist.gov/glossary/term/false_positive) and/or are no longer active <sup>[1](https://github.com/lightswitch05/hosts/issues/356) [2](https://github.com/EnergizedProtection/block/issues/916)</sup>
|
||||||
* already [aggregate](https://www.reddit.com/r/nextdns/comments/ys3s1s/confused_about_blocklists/ivxdcd2/?context=3) common blocklists into their own list (Easylist/Fanboy, AdGuard, Steven Black, etc.) <sup>[1](https://github.com/badmojr/1Hosts/blob/master/-data/lists/assets.txt) [2](https://oisd.nl/includedlists/big/0) [3](https://github.com/jerryn70/GoodbyeAds/blob/master/Docs/Sources.md) [4](https://github.com/hagezi/dns-blocklists/blob/main/usedsources.md#proplus) </sup>
|
* already [aggregate](https://www.reddit.com/r/nextdns/comments/ys3s1s/confused_about_blocklists/ivxdcd2/?context=3) common blocklists into their own list (Easylist/Fanboy, AdGuard, Steven Black, etc.) <sup>[1](https://github.com/badmojr/1Hosts/blob/master/-data/lists/assets.txt) [2](https://oisd.nl/includedlists/big/0) [3](https://github.com/jerryn70/GoodbyeAds/blob/master/Docs/Sources.md) [4](https://github.com/hagezi/dns-blocklists/blob/main/sources.md#sources) </sup>
|
||||||
* offer no meaningful additional coverage when compared with the chart combinations above
|
* offer no meaningful additional coverage when compared with the chart combinations above
|
||||||
|
|
||||||
## Native Tracking Protection <sup><sup>[1](https://github.com/nextdns/native-tracking-domains/tree/main/domains)</sup></sup>
|
## Native Tracking Protection <sup><sup>[1](https://github.com/nextdns/native-tracking-domains/tree/main/domains)</sup></sup>
|
||||||
@@ -166,7 +166,7 @@ Add all the device brands you use.
|
|||||||
## Block Disguised Third-Party Trackers <sup><sup>[1](https://github.com/nextdns/cname-cloaking-blocklist/blob/master/domains) [2](https://www.reddit.com/r/nextdns/comments/10nenu3/disguised_trackers_are_blocked_regardless_of) [3](https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a) [4](https://arxiv.org/pdf/2102.09301.pdf) [5](https://tma.ifip.org/2020/wp-content/uploads/sites/9/2020/06/tma2020-camera-paper66.pdf) </sup></sup>
|
## Block Disguised Third-Party Trackers <sup><sup>[1](https://github.com/nextdns/cname-cloaking-blocklist/blob/master/domains) [2](https://www.reddit.com/r/nextdns/comments/10nenu3/disguised_trackers_are_blocked_regardless_of) [3](https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a) [4](https://arxiv.org/pdf/2102.09301.pdf) [5](https://tma.ifip.org/2020/wp-content/uploads/sites/9/2020/06/tma2020-camera-paper66.pdf) </sup></sup>
|
||||||
 Block Disguised Third-Party Trackers
|
 Block Disguised Third-Party Trackers
|
||||||
|
|
||||||
## Allow Affiliate & Tracking Links <sup><sup>[1](https://github.com/nextdns/click-tracking-domains) [2](https://unofficialbird.com/NextDNS/status/1539229377560461312) </sup></sup>
|
## Allow Affiliate & Tracking Links <sup><sup>[1](https://github.com/nextdns/click-tracking-domains) [2](https://x.com/NextDNS/status/1539229377560461312) </sup></sup>
|
||||||
> [!TIP]
|
> [!TIP]
|
||||||
> Your IP address will automatically be hidden (via [TCP](https://educba.com/what-is-tcp-ip) [proxying](https://en.wikipedia.org/wiki/Proxy_server#/media/File:Proxy_concept_en.svg)) to preserve your privacy.<p>
|
> Your IP address will automatically be hidden (via [TCP](https://educba.com/what-is-tcp-ip) [proxying](https://en.wikipedia.org/wiki/Proxy_server#/media/File:Proxy_concept_en.svg)) to preserve your privacy.<p>
|
||||||
|
|
||||||
@@ -195,7 +195,7 @@ Denylist entries are always blocked. The entries below may further harden some p
|
|||||||
<details>
|
<details>
|
||||||
|
|
||||||
### Apple tracking domains <sup><sup>[1](https://unofficialbird.com/mysk_co/status/1588308341780262912) [2](https://github.com/nextdns/metadata/pull/1132) [3](https://github.com/badmojr/1Hosts/issues/536) [4](https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558)</sup></sup>
|
### Apple tracking domains <sup><sup>[1](https://unofficialbird.com/mysk_co/status/1588308341780262912) [2](https://github.com/nextdns/metadata/pull/1132) [3](https://github.com/badmojr/1Hosts/issues/536) [4](https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558)</sup></sup>
|
||||||
Not currently in NextDNS's [Native Tracking Protection](https://github.com/yokoffing/NextDNS-Config#native-tracking-protection-1) [list](https://github.com/nextdns/metadata/blob/6f9b6cd0670e7e31ad2ca716742088c2fc0616c2/privacy/native/apple): <sup>[1](https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/native.apple.txt)</sup>
|
Not currently in NextDNS's [Native Tracking Protection](https://github.com/yokoffing/NextDNS-Config#native-tracking-protection-1) [list](https://github.com/nextdns/native-tracking-domains/blob/main/domains/apple): <sup>[1](https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/native.apple.txt)</sup>
|
||||||
|
|
||||||
xp.apple.com (unblock for device updates!)
|
xp.apple.com (unblock for device updates!)
|
||||||
acfeedbackws.icloud.com
|
acfeedbackws.icloud.com
|
||||||
@@ -239,7 +239,7 @@ Just in case a filterlist goes [haywire](https://help.nextdns.io/t/m1hs207/energ
|
|||||||
i.instagram.com
|
i.instagram.com
|
||||||
b-graph.facebook.com
|
b-graph.facebook.com
|
||||||
|
|
||||||
If you're still having issues, try [these](https://raw.githubusercontent.com/hagezi/dns-data-collection/main/share/facebook.txt):
|
If you're still having issues, try [these](https://raw.githubusercontent.com/hagezi/dns-blocklists/main/share/facebook.txt):
|
||||||
|
|
||||||
connect.facebook.com
|
connect.facebook.com
|
||||||
connect.facebook.net
|
connect.facebook.net
|
||||||
@@ -247,7 +247,7 @@ If you're still having issues, try [these](https://raw.githubusercontent.com/hag
|
|||||||
z-m-graph.facebook.com
|
z-m-graph.facebook.com
|
||||||
graph-fallback.instagram.com
|
graph-fallback.instagram.com
|
||||||
|
|
||||||
### Apple device updates <sup><sup>[1](https://github.com/badmojr/1Hosts/issues/536) [2](https://github.com/badmojr/1Hosts/issues/562) [3](https://github.com/nextdns/metadata/pull/1132#issuecomment-1331733770) [4](https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558)
|
### Apple device updates <sup><sup>[1](https://github.com/badmojr/1Hosts/issues/536) [2](https://github.com/badmojr/1Hosts/issues/562) [3](https://github.com/nextdns/metadata/pull/1132#issuecomment-1331733770)
|
||||||
|
|
||||||
A [known tracking domain](https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558), but it's needed for device updates
|
A [known tracking domain](https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558), but it's needed for device updates
|
||||||
|
|
||||||
@@ -268,7 +268,7 @@ This [request](https://oisd.nl/excludes.php?w=settings-win.data.microsoft.com) i
|
|||||||
|
|
||||||
settings-win.data.microsoft.com
|
settings-win.data.microsoft.com
|
||||||
|
|
||||||
### Xiaomi device updates <sup><sup>[1](https://blocklist-tools.developerdan.com/entries/search?q=update.intl.miui.com)</sup></sup>
|
### Xiaomi device updates
|
||||||
|
|
||||||
update.intl.miui.com
|
update.intl.miui.com
|
||||||
|
|
||||||
@@ -296,7 +296,7 @@ This [request](https://oisd.nl/excludes.php?w=settings-win.data.microsoft.com) i
|
|||||||
us04logfiles.zoom.us
|
us04logfiles.zoom.us
|
||||||
us04zpns.zoom.us
|
us04zpns.zoom.us
|
||||||
|
|
||||||
### YouTube history <sup><sup>[1](https://blocklist-tools.developerdan.com/entries/search?q=s.youtube.com)</sup></sup>
|
### YouTube history
|
||||||
|
|
||||||
s.youtube.com
|
s.youtube.com
|
||||||
|
|
||||||
@@ -378,13 +378,13 @@ Users have [reported](https://www.reddit.com/r/nextdns/comments/v84ag6/paramount
|
|||||||
## Cache Boost <sup><sup>[1](https://www.reddit.com/r/nextdns/comments/girmcf/new_setting_cache_boost/)</sup></sup>
|
## Cache Boost <sup><sup>[1](https://www.reddit.com/r/nextdns/comments/girmcf/new_setting_cache_boost/)</sup></sup>
|
||||||
 Enable Cache Boost
|
 Enable Cache Boost
|
||||||
|
|
||||||
## CNAME Flattening <sup><sup>[1](https://medium.com/nextdns/nextdns-added-cname-uncloaking-support-becomes-the-first-cross-platform-solution-to-the-problem-e3f437f84342) [2](https://developers.cloudflare.com/dns/additional-options/cname-flattening) [3](https://advancedweb.hu/what-is-cname-flattening-and-how-it-helps-redirecting-the-apex-domain) </sup></sup>
|
## CNAME Flattening <sup><sup>[1](https://medium.com/nextdns/nextdns-added-cname-uncloaking-support-becomes-the-first-cross-platform-solution-to-the-problem-e3f437f84342) [2](https://developers.cloudflare.com/dns/cname-flattening/) [3](https://advancedweb.hu/what-is-cname-flattening-and-how-it-helps-redirecting-the-apex-domain) </sup></sup>
|
||||||
> [!WARNING]
|
> [!WARNING]
|
||||||
> Enabling this feature may break compatibility with [Yahoo! Mail](https://github.com/hagezi/dns-blocklists/issues/269#issuecomment-1409644343) and cause issues with certain blocklists.
|
> Enabling this feature may break compatibility with [Yahoo! Mail](https://github.com/hagezi/dns-blocklists/issues/269#issuecomment-1409644343) and cause issues with certain blocklists.
|
||||||
|
|
||||||
 Enable CNAME Flattening
|
 Enable CNAME Flattening
|
||||||
|
|
||||||
## Web3 <sup><sup> [1](https://unofficialbird.com/NextDNS/status/1491034351391305731) [2](https://gabygoldberg.notion.site/f7050e62461143d49345e7b46eb5576b)</sup></sup>
|
## Web3 <sup><sup> [1](https://x.com/NextDNS/status/1491034351391305731) [2](https://gabygoldberg.notion.site/f7050e62461143d49345e7b46eb5576b)</sup></sup>
|
||||||
 Enable Web3 → (optional)
|
 Enable Web3 → (optional)
|
||||||
|
|
||||||
***
|
***
|
||||||
@@ -399,7 +399,7 @@ Not all ads can be blocked at the DNS level.<sup>[1](https://www.reddit.com/r/ne
|
|||||||
This is because not all ads come from third-party domains; some ads come directly from the site you're visiting, like [YouTube](https://discourse.pi-hole.net/t/how-do-i-block-ads-on-youtube/253/2). DNS blockers stop the resolution of a domain, and content blockers filter page content. Click [here](https://github.com/yokoffing/NextDNS-Config/tree/main#i-need-a-browser-with-ad-blocking-which-one-should-i-choose) to easily install a lightweight ad blocker.
|
This is because not all ads come from third-party domains; some ads come directly from the site you're visiting, like [YouTube](https://discourse.pi-hole.net/t/how-do-i-block-ads-on-youtube/253/2). DNS blockers stop the resolution of a domain, and content blockers filter page content. Click [here](https://github.com/yokoffing/NextDNS-Config/tree/main#i-need-a-browser-with-ad-blocking-which-one-should-i-choose) to easily install a lightweight ad blocker.
|
||||||
|
|
||||||
## I need a browser with ad blocking. Which one should I choose?
|
## I need a browser with ad blocking. Which one should I choose?
|
||||||
Choosing a browser is about as intimate as [choosing a starter Pokémon](https://youtu.be/F_8htiBjTCY), so here's a few caveats:
|
Choosing a browser is about as intimate as [choosing a starter Pokémon](https://www.youtube.com/watch?v=F_8htiBjTCY), so here's a few caveats:
|
||||||
* The best browser on paper may not work well in real world usage.
|
* The best browser on paper may not work well in real world usage.
|
||||||
* Browsers are tools! Use a variety of browsers depending on what you need to do.
|
* Browsers are tools! Use a variety of browsers depending on what you need to do.
|
||||||
* You should use various browsers (or browser profiles) for different areas of life (e.g., work, school, personal).
|
* You should use various browsers (or browser profiles) for different areas of life (e.g., work, school, personal).
|
||||||
@@ -408,7 +408,7 @@ We based the recommendations below on a combination of effectiveness, resource e
|
|||||||
|
|
||||||
| OS | Browser | Content Blocker |
|
| OS | Browser | Content Blocker |
|
||||||
|---|---|---|
|
|---|---|---|
|
||||||
| iOS | [Safari](https://www.privacyguides.org/en/mobile-browsers/#safari) | [AdGuard](https://www.privacyguides.org/en/mobile-browsers/#adguard) |
|
| iOS | [Safari](https://www.privacyguides.org/en/mobile-browsers/#safari) | [AdGuard](https://www.privacyguides.org/en/browser-extensions/?h=adguard#adguard) |
|
||||||
| Android | [Brave](https://www.privacyguides.org/en/mobile-browsers/#brave) | Built-in blocker |
|
| Android | [Brave](https://www.privacyguides.org/en/mobile-browsers/#brave) | Built-in blocker |
|
||||||
| Windows <br> macOS <br> Linux | [Firefox](https://www.mozilla.org/en-US/firefox/new/) (with [Betterfox](https://github.com/yokoffing/Betterfox#betterfox)) <p><p> [Brave](https://www.privacyguides.org/en/desktop-browsers/#brave) | [uBlock Origin](https://addons.mozilla.org/blog/ublock-origin-everything-you-need-to-know-about-the-ad-blocker/) <p><p> Built-in blocker or [uBlock Origin](https://addons.mozilla.org/blog/ublock-origin-everything-you-need-to-know-about-the-ad-blocker/) | |
|
| Windows <br> macOS <br> Linux | [Firefox](https://www.mozilla.org/en-US/firefox/new/) (with [Betterfox](https://github.com/yokoffing/Betterfox#betterfox)) <p><p> [Brave](https://www.privacyguides.org/en/desktop-browsers/#brave) | [uBlock Origin](https://addons.mozilla.org/blog/ublock-origin-everything-you-need-to-know-about-the-ad-blocker/) <p><p> Built-in blocker or [uBlock Origin](https://addons.mozilla.org/blog/ublock-origin-everything-you-need-to-know-about-the-ad-blocker/) | |
|
||||||
|
|
||||||
@@ -428,7 +428,7 @@ Unless you use a separate profile for the browser, it is [not neccessary](https:
|
|||||||
The device will use the profile set by the [NextDNS](https://nextdns.io/?from=xujj63g5) app or the installed [root CA](https://help.nextdns.io/t/g9hmv0a/how-to-install-and-trust-nextdns-root-ca). However, if the device has not been configured to use a separate profile, then it will use the wifi/router configuration.<sup>[1](https://www.reddit.com/r/nextdns/comments/yf4hnv/question_about_home_router_and_app_running_in/)</sup>
|
The device will use the profile set by the [NextDNS](https://nextdns.io/?from=xujj63g5) app or the installed [root CA](https://help.nextdns.io/t/g9hmv0a/how-to-install-and-trust-nextdns-root-ca). However, if the device has not been configured to use a separate profile, then it will use the wifi/router configuration.<sup>[1](https://www.reddit.com/r/nextdns/comments/yf4hnv/question_about_home_router_and_app_running_in/)</sup>
|
||||||
|
|
||||||
## What is the difference between security, privacy, and anonymity?
|
## What is the difference between security, privacy, and anonymity?
|
||||||
See [article](https://thenewoil.org/en/guides/prologue/secprivanon/) | [video](https://youtu.be/Wpkh-hfULgE)
|
See [article](https://thenewoil.org/en/guides/prologue/secprivanon/) | [video](https://www.youtube.com/watch?v=Wpkh-hfULgE)
|
||||||
|
|
||||||
## Does NextDNS hide activity from my Internet Service Provider (ISP)?
|
## Does NextDNS hide activity from my Internet Service Provider (ISP)?
|
||||||
DNS protocols like DoH/DoT/DoQ are designed to increase privacy and security by encrypting DNS queries. They prevent your ISP from seeing your web searches and browsing history, which significantly contributes to protecting your privacy.
|
DNS protocols like DoH/DoT/DoQ are designed to increase privacy and security by encrypting DNS queries. They prevent your ISP from seeing your web searches and browsing history, which significantly contributes to protecting your privacy.
|
||||||
@@ -446,7 +446,7 @@ That being said, IVPN [argues](https://www.ivpn.net/blog/why-you-dont-need-a-vpn
|
|||||||
3. Circumventing censorship or geographical blocks on websites and content, allowing you to retrieve otherwise inaccessible information and media.
|
3. Circumventing censorship or geographical blocks on websites and content, allowing you to retrieve otherwise inaccessible information and media.
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
You don't need a VPN unless your [threat model](https://thenewoil.org/en/guides/prologue/threatmodel/) demands it. Here are VPN suggestions from [Techlore](https://www.techlore.tech/vpn.html) and [Tom Spark Reviews](https://www.vpntierlist.com/vpn-tier-list-2024) if it does.
|
You don't need a VPN unless your [threat model](https://thenewoil.org/en/guides/prologue/threat-model/) demands it. Here are VPN suggestions from [Techlore](https://www.techlore.tech/vpn.html) and [Tom Spark Reviews](https://www.vpntierlist.com/vpn-tier-list-2024) if it does.
|
||||||
|
|
||||||
***
|
***
|
||||||
# Mentions :books:
|
# Mentions :books:
|
||||||
@@ -455,7 +455,7 @@ You don't need a VPN unless your [threat model](https://thenewoil.org/en/guides/
|
|||||||
* See [here](https://socialgrep.com/search?query=yokoffing%2Cnextdns)
|
* See [here](https://socialgrep.com/search?query=yokoffing%2Cnextdns)
|
||||||
|
|
||||||
### YouTube
|
### YouTube
|
||||||
* [The ULTIMATE Guide to Mastering NextDNS!](https://youtu.be/WUG57ynLb8I?t=2230) | [clarifications](https://github.com/techlore/channel-content/issues/43) (July 2023)
|
* [The ULTIMATE Guide to Mastering NextDNS!](https://www.youtube.com/watch?v=WUG57ynLb8I&t=2230s) | [clarifications](https://github.com/techlore/channel-content/issues/43) (July 2023)
|
||||||
|
|
||||||
### Articles
|
### Articles
|
||||||
* [Knot Resolver — with ad blocking](https://blog.cavelab.dev/2022/12/knot-resolver-ad-blocking/) (Dec 2022)
|
* [Knot Resolver — with ad blocking](https://blog.cavelab.dev/2022/12/knot-resolver-ad-blocking/) (Dec 2022)
|
||||||
@@ -464,7 +464,7 @@ You don't need a VPN unless your [threat model](https://thenewoil.org/en/guides/
|
|||||||
### Guides
|
### Guides
|
||||||
* [A comprehensive guide to setting up NextDNS](https://itsjake.me/blog/a-comprehensive-guide-to-setting-up-nextdns/) (Sept 2023)
|
* [A comprehensive guide to setting up NextDNS](https://itsjake.me/blog/a-comprehensive-guide-to-setting-up-nextdns/) (Sept 2023)
|
||||||
* [FMHY: DNS Adblocking](https://github.com/nbats/FMHYedit/blob/main/AdblockVPNGuide.md#-dns-adblocking) → NextDNS → Guide
|
* [FMHY: DNS Adblocking](https://github.com/nbats/FMHYedit/blob/main/AdblockVPNGuide.md#-dns-adblocking) → NextDNS → Guide
|
||||||
* [hagezi/dns-blocklists](https://github.com/hagezi/dns-blocklists#nextdns---limited-freepaid-) → Online DNS services
|
* [hagezi/dns-blocklists](https://github.com/hagezi/dns-blocklists#department_store-nextdns---limited-freepaid-) → Online DNS Services
|
||||||
|
|
||||||
### Contributions
|
### Contributions
|
||||||
* [Hagezi](https://github.com/hagezi/dns-blocklists/issues?q=author%3Ayokoffing) | [mentions](https://github.com/hagezi/dns-blocklists/issues?q=mentions%3Ayokoffing)
|
* [Hagezi](https://github.com/hagezi/dns-blocklists/issues?q=author%3Ayokoffing) | [mentions](https://github.com/hagezi/dns-blocklists/issues?q=mentions%3Ayokoffing)
|
||||||
|
|||||||
Reference in New Issue
Block a user