From 95001baa5e24377e19e78bca139fb2fa8e870a91 Mon Sep 17 00:00:00 2001 From: yokoffing <11689349+yokoffing@users.noreply.github.com> Date: Mon, 25 Jul 2022 16:01:26 -0400 Subject: [PATCH] Make superscript links uniformed --- README.md | 51 ++++++++++++++++++++++++++------------------------- 1 file changed, 26 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index abb9c0f..9789897 100644 --- a/README.md +++ b/README.md @@ -6,32 +6,31 @@ *** # Security -### Threat Intelligence Feeds [1](https://github.com/nextdns/metadata/blob/master/security/threat-intelligence-feeds.json) +### Threat Intelligence Feeds [1](https://github.com/nextdns/metadata/blob/master/security/threat-intelligence-feeds.json) ![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Use Threat Intelligence Feeds ### AI-Driven Threat Detection ![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Enable AI-Driven Threat Detection -### Google Safe Browsing +### Google Safe Browsing [1](https://safebrowsing.google.com/safebrowsing/report_general/) [2](https://user-images.githubusercontent.com/11689349/107696360-d8dde800-6c7f-11eb-9882-cccc8d2065c5.jpg) [3](https://the8-bit.com/apple-proxies-google-safe-browsing-privacy/) [4](https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)#services-we-proxy-through-brave-servers) ![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Enable Google Safe Browsing -### Cryptojacking Protection [1](https://github.com/nextdns/metadata/blob/master/security/cryptojacking.json) +### Cryptojacking Protection [1](https://github.com/nextdns/metadata/blob/master/security/cryptojacking.json) ![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Enable Cryptojacking Protection -### DNS Rebinding Protection +### DNS Rebinding Protection [1](https://help.nextdns.io/t/35hmval/what-is-dns-rebinding-protection) ![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Enable DNS Rebinding Protection → :radioactive: *Enabling may cause breakage (unlikely)* ### IDN Homograph Attacks Protection ![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Enable Homograph Attacks Protection -### Typosquatting Protection [1](https://github.com/nextdns/metadata/blob/master/security/typosquatting/protected-domains) +### Typosquatting Protection [1](https://github.com/nextdns/metadata/blob/master/security/typosquatting/protected-domains) ![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Enable Typosquatting Protection ### Domain Generation Algorithms (DGAs) Protection ![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Enable DGA Protection -### Block Newly Registered Domains (NRDs) [1](https://www.malwarebytes.com/glossary/phishing) [2](https://old.reddit.com/r/uBlockOrigin/comments/w64sqt/comment/ihboutk/?context=3) [3](https://www.boldgrid.com/instagram-influencer-accounts-are-being-hacked-phishing-attacks/) +### Block Newly Registered Domains (NRDs) [1](https://www.malwarebytes.com/glossary/phishing) [2](https://old.reddit.com/r/uBlockOrigin/comments/w64sqt/comment/ihboutk/?context=3) [3](https://www.boldgrid.com/instagram-influencer-accounts-are-being-hacked-phishing-attacks/) ![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Block Newly Registered Domains (NRDs) → :radioactive: *Enabling may cause breakage*

Blocking NRDs will cause false positives [occasionally](https://old.reddit.com/r/InternetIsBeautiful/comments/w2wdro/comment/iguvg8y/?context=3); however, if you are comfortable allowlisting, it is **strongly encouraged** that you enable this. Add NRDs to your allowlist selectively; and if you do, **NEVER** give sensitive information to a NRD. - ### Block Dynamic DNS Hostnames [1](https://github.com/nextdns/metadata/blob/master/security/ddns/suffixes) [2](https://twitter.com/NextDNS/status/1541740963760144386?cxt=HHwWhIC8iZ7PruUqAAAA) [3](https://www.phishing.org/what-is-phishing) ![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Enable Block Dynamic DNS Hostnames -### Block Parked Domains [1](https://github.com/nextdns/metadata/blob/master/security/parked-domains-cname) +### Block Parked Domains [1](https://github.com/nextdns/metadata/blob/master/security/parked-domains-cname) ![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Block Parked Domains -### Block Top-Level Domains (TLDs) [1](https://www.gomyitguy.com/blog-news-updates/malicious-domain-extensions) [2](https://www.spamhaus.org/statistics/tlds/) [3](https://thrivemyway.com/info-websites/) [4](https://www.bleepingcomputer.com/news/security/verified-twitter-accounts-hacked-to-send-fake-suspension-notices/) +### Block Top-Level Domains (TLDs) [1](https://www.gomyitguy.com/blog-news-updates/malicious-domain-extensions) [2](https://www.spamhaus.org/statistics/tlds/) [3](https://thrivemyway.com/info-websites/) [4](https://www.bleepingcomputer.com/news/security/verified-twitter-accounts-hacked-to-send-fake-suspension-notices/) :radioactive: *Enabling may cause breakage* ``` @@ -57,14 +56,16 @@ *** # Privacy -### Blocklists [1](https://github.com/nextdns/metadata/tree/master/privacy/blocklists) +### Blocklists [1](https://github.com/nextdns/metadata/tree/master/privacy/blocklists) + +Use **1Hosts (Lite)** instead of **1Hosts (Pro)** if you do not [report](https://github.com/badmojr/1Hosts/issues) false positives and add to the allowlist. + NextDNS Ads & Trackers Blocklist oisd - 1Hosts (Lite) + 1Hosts (Pro) + -Use **1Hosts (Pro)** instead of **(Lite)** if you don't mind allowlisting occasionally and [reporting](https://github.com/badmojr/1Hosts/issues) false positives. - -### Native Tracking Protection [1](https://github.com/nextdns/metadata/tree/master/privacy/native) +### Native Tracking Protection [1](https://github.com/nextdns/metadata/tree/master/privacy/native) :radioactive: *Enabling may cause breakage (unlikely)* Add these brands according to what devices you use. There's no advantage in adding brands you don't own; however, there’s no disadvantage in adding unused brands either. @@ -78,7 +79,7 @@ Add these brands according to what devices you use. There's no advantage in addi Roku Sonos -### Block Disguised Third-Party Trackers [1](https://github.com/nextdns/cname-cloaking-blocklist/blob/master/domains) [2](https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a) +### Block Disguised Third-Party Trackers [1](https://github.com/nextdns/cname-cloaking-blocklist/blob/master/domains) [2](https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a) [3](https://arxiv.org/pdf/2102.09301.pdf) [4](https://tma.ifip.org/2020/wp-content/uploads/sites/9/2020/06/tma2020-camera-paper66.pdf) ![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Block Disguised Third-Party Trackers ### Allow Affiliate & Tracking Links [1](https://github.com/nextdns/metadata/blob/master/privacy/affiliate-tracking-domains) [2](https://twitter.com/NextDNS/status/1539229377560461312) @@ -89,7 +90,7 @@ Add these brands according to what devices you use. There's no advantage in addi # Parental Control ### YouTube Restricted Mode ![Disabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/disabled.svg) Enforce YouTube Restricted Mode → :radioactive: *Enabling may cause breakage* -### Block Bypass Methods [1](https://github.com/nextdns/metadata/tree/master/parentalcontrol) +### Block Bypass Methods [1](https://github.com/nextdns/metadata/tree/master/parentalcontrol) ![Disabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/disabled.svg) Block Bypass Methods → :radioactive: *Enabling may cause breakage* *** @@ -105,32 +106,32 @@ Add these brands according to what devices you use. There's no advantage in addi graph.facebook.com -### Apple device updates [1](https://github.com/badmojr/1Hosts/issues/536) | Apple Music [2](https://old.reddit.com/r/nextdns/comments/vz9kla/at_last_nextdns_added_the_1host_xtra/ig8zsnn/) +### Apple device updates [1](https://github.com/badmojr/1Hosts/issues/536) / Apple Music [2](https://old.reddit.com/r/nextdns/comments/vz9kla/at_last_nextdns_added_the_1host_xtra/ig8zsnn/) xp.apple.com -### Apple iMessage GIFs [1](https://github.com/badmojr/1Hosts/issues/560) | Spotlight Search [2](https://github.com/badmojr/1Hosts/issues/562) +### Apple iMessage GIFs [1](https://github.com/badmojr/1Hosts/issues/560) / Spotlight Search [2](https://github.com/badmojr/1Hosts/issues/562) smoot.apple.com -### Zoom [1](https://oisd.nl/excludes.php?w=log.zoom.us) [2](https://oisd.nl/excludes.php?w=us04logfiles.zoom.us) +### Zoom [1](https://oisd.nl/excludes.php?w=log.zoom.us) [2](https://oisd.nl/excludes.php?w=us04logfiles.zoom.us) Zoom untrusted certificate error messages when [Block Page](https://github.com/yokoffing/NextDNS-Config#block-page) is enabled. logfiles.zoom.us us04logfiles.zoom.us us04zpns.zoom.us -### CBS News [livestream](https://www.cbsnews.com/live/#x) [1](https://github.com/nextdns/metadata/issues/1030) +### [CBS](https://www.cbsnews.com/live/#x) News livestream [1](https://github.com/nextdns/metadata/issues/1030) production-cmp.isgprivacy.cbsi.com -### Microsoft Office 365 [1](https://github.com/badmojr/1Hosts/issues/565) [2](https://oisd.nl/excludes.php?w=mobile.pipe.aria.microsoft.com) +### Microsoft Office 365 [1](https://github.com/badmojr/1Hosts/issues/565) [2](https://oisd.nl/excludes.php?w=mobile.pipe.aria.microsoft.com) Disclaimer: You may only want to allowlist these requests if you're using the file collaboration features. self.events.data.microsoft.com mobile.pipe.aria.microsoft.com -### Xbox Live achievements [1](https://github.com/lightswitch05/hosts/issues/161#issuecomment-614973289) [2](https://discourse.pi-hole.net/t/commonly-whitelisted-domains/212#xbox-live-18) | Microsoft "Your Phone" [3](https://github.com/lightswitch05/hosts/issues/161#issuecomment-838590100) +### Xbox Live achievements [1](https://github.com/lightswitch05/hosts/issues/161#issuecomment-614973289) [2](https://discourse.pi-hole.net/t/commonly-whitelisted-domains/212#xbox-live-18) / Microsoft "Your Phone" [3](https://github.com/lightswitch05/hosts/issues/161#issuecomment-838590100) Disclaimer: I don't use these, so I can't confirm these entries. v10.events.data.microsoft.com @@ -140,12 +141,12 @@ Disclaimer: I don't use these, so I can't confirm these entries. # Settings ### Block Page -![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Enable Block Page → :radioactive: *Enabling may cause breakage if the NextDNS Root CA is not on your devices* -### Anonymized EDNS Client Subnet +![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Enable Block Page → :radioactive: *Enabling may cause breakage if the [NextDNS Root CA](https://help.nextdns.io/t/g9hmv0a/how-to-install-and-trust-nextdns-root-ca) is not on your devices* +### Anonymized EDNS Client Subnet [1](https://help.nextdns.io/t/m1hmv04/what-is-edns-client-subnet-ecs) ![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Enable Anonymized EDNS Client Subnet ### Cache Boost ![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Enable Cache Boost -### CNAME Flattening +### CNAME Flattening [1](https://medium.com/nextdns/nextdns-added-cname-uncloaking-support-becomes-the-first-cross-platform-solution-to-the-problem-e3f437f84342) [2](https://developers.cloudflare.com/dns/additional-options/cname-flattening) [3](https://advancedweb.hu/what-is-cname-flattening-and-how-it-helps-redirecting-the-apex-domain/) ![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Enable CNAME Flattening ### Web3 [1](https://twitter.com/NextDNS/status/1491034351391305731) ![Disabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/disabled.svg) Enable Web3