Since pretty much all the reviews here are glowing I'll offer up an alternative.
If you want what they are selling, then it does work quite well.. but there are drawbacks.. one primarily.. that made me end up not using it for my whole network and only on my ipad when I don't want ads in a game.
As mentioned in other comments, you can whitelist domains, but unlike the whitelist in ublock or something in your browser, this means you need to know the exact ad server domain/domains. For example if I want ads on for certain websites to help support or troubleshoot my own site then I'm unable to do that or if the wife needs to see an ad in her game to get gems, you have to dig through the logs to find out what ad server its calling.. or set up another profile to not block any ads.
In short, you're not whitelisting the domain you're visiting, you need to whitelist every domain that website might call too. Perhaps most people are okay with then and if so then ignore :)
Another thing I didn't like, which I mean makes sense, but in order to label a device you need to run their client. I had set up nextdns on my router which worked great, but if I wanted different devices to have different rulesets they each needed to run the nextdns client. So good luck knowing which smart device is calling what because you're not going to be installing the client on your Alexa. One other downside of this which honestly I probably could have fixed was their client broke WSL network connections so on my primary device I ended up operating in logged out mode.
That said, I might end up giving it another shot at some point but running on a very limited set of rules rather then the pretty comprehensive rulesets I had enabled. I did like how it blocked the device telemetry calls.. perhaps that is all I need to block and then handle everything else client side.
> Another thing I didn't like, which I mean makes sense, but in order to label a device you need to run their client.
I hope I understood you correctly. A feature recently introduced (Or perhaps I just recently noticed) is the ability to label devices without using their clients, you can do this by prefixing your unique DNS endpoint with the label and terminating it with a hyphen.
Currently using OpenDNS Family Shield and giving NextDNS a try.
Re labeling devices: I set up descriptive hostnames and static LAN IPs on my router for all my devices (including smart ones). The NextDNS interface reports traffic using those hostnames without me having to run clients on any of my devices.
I'm curious how the ad blocking will work. I was running adblock on my router but had to disable it because a few legitimate sites were being blocked (i.e. school sites my kids needed access to). I'm hoping NextDNS provides easier to use controls and UI that would let me keep ad blocking enabled.
Did you install the clients or do anything in the setup to get that? I can see client hostnames where the client software is installed, but just my external IP for all others. It doesn't seem possible with just IPv4/Router config. Are you using IPv6 or DoH?
If you are wondering (as I did) how they can know what is your DNS resolver, they simply makes the webpage load some JS from a random host, like "https://853af2kklyt-dda385.test.nextdns.io/". Of course, as this host cannot be cached anywhere, their DNS are hit by your DNS resolver, thus they can know the IP of your DNS resolver. In my case as I have a DNS server at home, it displayed the name of the AS of my provider.
NextDNS is nice and easy to use for us, a family -- non-technical spouse, two kids with access to devices for schools, 'games & stuff'. I ran Pi-Hole on a Raspberry Pi 3 for about a year and it is one of the best ever there. I wanted something simple and something I can just clicky-click.
Been testing NextDNS for quite a while and I like it. Will continue as long as it serves what I'm looking for.
On a different note, unlike most of us, my wife and kids are worried that they can no longer see those 'interesting and useful' ads. They go on to those ads, spend long minutes browsing from one to the other, propelled by ads. My kids discovers 'these amazing games' via the ads. It is a different world out there.
That's why I switched to Adguard Home: https://adguard.com/en/adguard-home/overview.html
You can make custom configurations per device, OS or a different label you give them. So you can have your wife see their ads while still blocking your smart TV from calling home.
NextDNS is advertised as Cloudflare + Pi-Hole. And I think this is correct.
Something wrong with the Pi-Hole, I have to sit down (likely at home), and do it -- even to add/edit something. NextDNS is much simpler, I can set up from anywhere and I can even ask my wife to fix herself stuffs.
Must be just personal but these days, I'm not too keen on doing everything myself the way I want. I'm learning to say NO to a lot of things.
What boots up almost instantly? It's supported on quite a few OSes [0], not to mention the underlying hardware. I found AdGuard's (Home) UI to be a bit more polished but it feels like it has feature parity with PiHole 5 otherwise. I tried both but stuck with PiHole since the community around it seemed more developed.
You run it yourself on your own hardware - a PC, Raspberry Pi, Linux server, Docker container - you choose.
It is open source; logging remains with yourself.
It only works inside your own network unless you VPN into your home network when you are remote.
I've noticed the same thing! Wife and kids actually do tap on (some) ads and discover new games, merchandise, etc. that way. They are also easily tricked into reading or watching stuff by this or that 'influencer', which is mostly just advertising under disguise. Maybe tricked is too strong of a word here, because they seem to enjoy it ... it just seems to be part of the way they interact with online world.
As long as people are aware that their habits are being tracked and such it's a choice everyone can make for themselves.
(especially kids) not being aware of 1) clicks/behavior being tracked and 2) perhaps being manipulated by exploiting this knowledge about their behavior sounds bad to me...
Really happy to hear this. I have loved next dns since its start, not only for their product, but also due to the fact is is a clean sustainable business. No need for ads, a generous free tier, and a cheap full featured paid tiered. This is the way I would like to see most SaaS's go
That's awesome and I've tried nextdns and loved it. But - and this is just me - I just don't trust anyone to delete my logs or not log in the first place.
That's why I'll probably not move off of my pihole
They can associate the DNS calls with any VPN, too, can't they? If you use one of the 'big' commercial VPNs, I'd seriously doubt any of them are not logging at this point. They'd have already been warned due to 10's of thousands copyright violations originating from their networks, not to mention a lot of not-so-technical users, believing that they're actually anonymous, doing criminal things without realizing that the VPN logs it all.
Running your own Wireguard or OpenVPN on a cloud VPS is no solution, either. It's guaranteed that Amazon, Azure, etc. keep logs of all traffic, and will turn over the associated account without hesitation.
Is anyone aware of a VPN out there that supports PiHole-like list filtering, so you could get the best of both worlds?
Right now it feels like I have to choose:
- Use my PiHole to block all sorts of content on filtering lists that are useful in cases like blocking unwanted tracking in mobile apps, but my ISP knows everything I access
- Use a VPN, where my ISP doesn't know what I'm doing, but every web service I use can use whatever tracking it wants (except where uBlock is used and such, but you don't get that luxury with, say, Samsung Smart TVs which are notorious for phoning home)
My home network is running a VPN I can access from my phone & computers while away. The home network includes a PiHole that is running DNSCrypt (DNS over HTTPS) with Cloudflare's DNS service.
Edit: so ultimately, you'd be trusting whoever's on DNSCrypt's resolvers list. Better than trusting Comcast, in my situation.
You can do this by picking a VPN provider that supports WireGuard. In WireGuard config file, you can change the dns address to pihole. I did this so that I can use VPN + nextdns together in iOS because I can't change DNS in iOS.
The ISPs are going to log everything for sure. However I’d probably trust their incapability of putting data into <s>good/evil</s> use, comparing to professionals like google.
Despite the "selling your data" memes, Google/Facebook don't do that. They treat your data as a proprietary asset and sell services based on captive use of it. Companies like Comcast recognize their shortcomings and actually will just sell it.
I'm in the same boat with a pihole as my primary blocker, but I use NextDNS as an upstream resolver since they, of all the options, seem most likely to not log (presuming I configure it apprpriately)
"""
To be fair, there are also some advantages of using Pi-hole® over NextDNS:
1) You know who runs it. We can’t ask you to trust us more than yourself. We can provide all the guarantees you want, show who we are and make promises, it is understandably easier to trust a solution you manage yourself. Keep in mind though, that all your unblocked DNS queries are still visible by your upstream DNS. So there is still someone you need to trust with your data.
2) It’s free with no limits. NextDNS is cheap, very cheap, but it’s still a paid service if you use it over a certain limit. Pi-hole® is free to use. You still have to pay about $35 for a Raspberry Pi + an SD card, which is equivalent to several years of NextDNS subscription. You should also consider donating to the Pi-hole® project if you use their solution. After a few years though, yes, Pi-hole® should become less expensive than NextDNS.
"""
They can't, but it might make sense to do so anyway.
I always explain this when it comes to running your own private CA as well. In principle you might do a better job than anybody else, and certainly if you fall down you'd know exactly who to blame. But you also might do a pretty shoddy job and cut corners you know you shouldn't, and knowing whose fault it is will be cold comfort if things do go wrong.
People who do this for a living can never be as trustworthy as you could be, but they might very well be more trustworthy than you are in practice and it's worth a moment's honest introspection to consider that.
"But missing the point. If I am worried about privacy from cloud players, why to trust another cloud player?"
The workflow I am (not quite finished) setting up is as follows - I run a caching, recursive nameserver (unbound) in my own colo space. That DNS server, not me or my devices, is the nextDNS client.
Then I set all of my own networks and devices to use my (unbound) DNS server.
My goal is to receive all of the benefits of a paid nextdns account, but on the nextdns side, all they see is a single, fixed IP, in a fixed location, owned by a corporate entity, doing a bunch of DNS queries.
In fact, I am a bit worried about this exact setup because although I am using this for my own, personal use, consistent with their expectations, I could just as easily be a full-blown ISP passing through my nameservice to nextDNS ... how do they deal with that ?
Totally guessing here. If they saw one IP making ISP-rate queries they could contact you and negotiate a different price. Even with caching you are very likely going to see much higher query rates occasionally when a whole network of people are using it.
You personally make a many DNS queries as a full-blown ISP? The fact that your server does it's own caching may keep your query rate lower than others.
I'm sure they can refuse service to customers in certain cases.
No, I wouldn't make anywhere near that number of DNS requests, but the setup would be the same - a caching, forwarding nameserver doing a MITM between my networks and nextDNS.
So I assume they allow (or, rather, can't really disallow) such a setup but I wonder what ramifications it has when someone decides to front their entire customer base behind their nextDNS acount ...
You aren’t missing anything, your setup would be more private.
There is a valid niche between no privacy and completely self hosted dns-over https, that a service like nextdns solves well. Just as Apple solves a by default more secure yet still not without flaws phone, or how using a vpn provider is a midpoint between a self hosted vpn and no vpn. I think the privacy trade off here is good for many.
Whilst I completely agree with your comment, I have a nit to pick about the self hosted VPN part. What commercial VPN providers sell is plausible deniability through multiple users having access to the same set of endpoints. A self hosted VPN does not provide that. If I have a server somewhere and route my traffic through it, that server doing something can easily be tied to me doing something. Hence why you probably shouldn’t self host a VPN. Now, if you’re only afraid of your ISP or neighbours snooping, then a self hosted VPN makes sense. If you’re afraid of advertisers or the MPAA, then a commercial VPN makes sense.
Am I alone in the feeling that a lot of privacy related solutions are just paying for a promise? For example, a VPN can record all my requests, they just promise not to and I can’t verify it.
You are not, at some point you'll just have to trust someone. Just like that the app you submitted to the App Store is the same one you are downloading and hasn't been tampered with.
As always it's a matter of tradeoffs, if you just don't want to get tracked by ads it's probably a good solution. If you are afraid of some nation state trying to track you down, then probably not.
How do you block unwanted DNS requests outside of the Pi-Hole’s radius (e.g. Home Network)? If I’m on mobile, NextDNS let’s you disable on user specified WiFi networks and then re-enables when you leave range.
NextDNS can also be used as a fallback if your Pi goes down for whatever reason too. Might as well have options in this space.
70% of HN readers probably don't have the technical knowledge (or hardware on hand) to set up pi-hole without investing 10+ hours.
For those of us with a raspberry pi or intel nuc on hand, sure, it only takes 30 minutes.
This service is for people who want to kill ads at the DNS level without dealing with the hardware / setup of pihole.
Also, not many people are going to bother setting up a VPN to access their pihole DNS when traveling or on cellular, which makes NextDNS attractive.
The other argument is "just use ublock matrix". The counter-argument is it doesn't block native app ads / tracking. (One of the #1 blocked domains on my pihole is from Dashlane's MacOS app, constantly wanting to phone home)
> 70% of HN readers probably don't have the technical knowledge (or hardware on hand) to set up pi-hole without investing 10+ hours.
That seems pretty dismissive of our audience. I cant think of many things easier to set up than pi-hole, unless even using SSH is too difficult to understand.
1) Buy a rasp-pi (or pretty much any other device support a reasonably standard Linux distribution)
2) Copy one of many Linux distributions to an SD card with something like etcher: a couple clicks. Or buy one of the many pre-made kits with Linux already on the card.
3) Run a single line linux command via SSH and follow prompts.
4) change DNS settings in router to use the pi-hole.
Although I agree, it's not terribly complex to follow the steps. Lack of time to fiddle with self-managing a device seems like it could be a bigger limiter.
Sure, but presumably the type of people who are willing to run their own DNS resolver are capable of changing a setting on their router. There's substantially more effort in de-breaking sites broken by pi-hole or other ad-blocking software than there is in maintaining the blocking device.
70% of many audiences, even of tech news sites? Sure. But of Hacker News' audience? I would expect many here could follow the basic setup tutorial relatively easily.
I'm more worried for my local ISP selling my browsing history, or exposing it due to incompetence, because something like that already happened and nowadays I'm worried they send that data to local authorities too.
The "cloud players" you're worried of are big targets and the law protects me, since we have the GDPR and the EU is trigger happy in giving fines to big companies. Also my data is not that useful right now to a US company.
Also the ad blockers for iOS Safari don't work well and I use iOS Firefox anyway, which can't use Safari's content blockers. So I'll take any help in blocking ads I can get.
This will also be valuable for doing some content filtering for my son, without installing anti-virus crap on his devices.
Does GDPR and other EU laws not protect you from your ISP also? I'm not sure how your home ISP is less trustworthy than your VPNs ISP if they're both in the EU (and if you arent, GDPR doesnt apply to you).
NextDNS appears to implement DNS over HTTPs (DoH) and Firefox ships with it as an option, next to Cloudflare.
UPDATE — Took it for a test drive:
* Logs are concerning, but look good for optimizing the traffic and notice odd communications; I already noticed telemetry sent by my browser that I switched off
* Ad blocking seems to work, not as good as desktop uBlock Origin, but I'll take anything for my iPhone
* Latency is around 30 - 100 msec, which seems a bit high? (server I connect to seems to be 400 km away)
> I already noticed telemetry sent by my browser that I switched off
Mozilla is running some Firefox experiments with different DoH providers. Eventually Firefox may automatically select whichever DoH provider is the fastest for each user. This would improve performance for users and reduce the privacy concerns about DoH consolidation with one provider (the current Firefox default Cloudflare).
One cool thing about NextDNS is that they also support the Handshake DNS protocol. It’s an alternative root DNS that supports new TLDs while maintaining compatibility with existing ICANN TLDs https://handshake.org
I got pretty excited when I saw that and tried to find some use cases for it as soon as I enabled NextDNS. But I couldn't find any use case where it would make domain management easier. In fact it seemed overly complicated with it being auction based and having to use a cryptocurrency.
Right now most of the sites are personal projects and toy sites. You can check out some of them here https://github.com/NamebaseHQ/Awesome-Handshake. For my personal use, I set up tieshun.txt to point to my personal todo.txt file, and I use watchman to rsync my local todo.txt to tieshun.txt so I can access it from all my devices. I could also set up todo.tieshunroquerre.com for this but I find that tieshun.txt is much more convenient to use.
I bought tieshun.txt on https://gateway.io (in beta). The owner of .txt set up their own registry and they're selling .txt domains. That's another aspect of Handshake that I'm excited about. To get an ICANN TLD you need to be a big corporation that can pay for the $200k application fee (and you're not even guaranteed to get the name), whereas anyone can create a registry on their own TLD with Handshake.
The cryptocurrency aspect is unintuitive (if possible it would've been ideal to not require it), but it's actually needed in order to have a more secure root of trust alternative to CAs. This article expands on this point: https://www.namebase.io/blog/meet-handshake-decentralizing-d...
I trialed nextDNS based on other people talking about it here, and have really liked it - it’s really awesome to have an always on, dns-over-https solution for every device. I think it’s really worth the 20$ per year, just for the slick ui and not having to manage a pihole somewhere.
I was not aware of this service before, but I’m very interested! The price seems very reasonable, and as you say, not managing a pi-hole device is very appealing. I have tried multiple times to setup pi-hole on a dev board on my home network, and could never get it to work properly so I gave up.
As a counter-example, I was amazed at how simple it was to set up Pi-Hole. I thought they had the setup workflow built pretty well. Took me ~10 minutes including flashing a SD card with Raspbian.
That’s fair. I do like the project, and everything is well documented and easy to follow.
I should have prefaced my statement with the fact that I was trying to install it on something other than a raspberry pi. I have only tried on my Rock Pro 64 board. But to be fair, they are pretty mature, well supported boards at this point.
I understand that it is designed to run on Pi boards first so the issue is likely my specific hardware. But Pi-hole is supposed to be compatible with Ubuntu 18.04 so I would have expected it to work regardless?
I’m not a networking expert though, if anyone has experience with pi-hole on Rock pro’s or other Pine boards I’d love to know!
Maybe I’ll just go ahead and invest in one of the new Pi boards with 4Gb memory :) That was the main reasons I got the Rock Pro 64 to begin with.
Certainly should work just fine - I've installed pi-hole a few times, and its never been on an actual RasPi. Not sure what Linux distro you're running on the Rock Pro, but I can't recommend Armbian enough for these sort of boards: https://www.armbian.com/rockpro64/
Install, and run armbian-config to get get an easy Pi-hole installer (among many other functions).
Thanks, I think I will try again with Arabian. It’s been a while since I tried, I think Armbian was not available at that time. Something must have been wrong with the other Ubuntu/ Debian builds I tried.
What's the difference between using the macOS app or just setting the DNS on a router level? Just the attribution to a specific device in the dashboard? I couldn't figure that out by reading the (actually very well written) FAQ.
I literally (not figuratively) setup NextDNS yesterday and so far it's been great. The documentation is awesome, and love the features available. The only mild feedback I have is that the "Setup Guide" doesn't provide enough context about what's going on, and the implications of setting up on my PC vs mobile device vs router. It says:
"Follow the instructions below to set up NextDNS on your device, browser or router."
A couple more sentences there would be super helpful..
The Windows setup doesn't like Windows 10 on ARM, it couldn't install the TAL driver. Very edge case I guess, I'm going to install on x86 when I get home :)
Saw this when it first came out, never tried it until now.
Used it for around an hour and I've already made 2,000 requests and 15% of those were blocked. Can definitely see myself going over 300,000 requests (free monthly allowance) but it's looking great so far so would be happy to support it.
Currently use AdGuard on my phone, looks like this does almost everything AdGuard does (stats, logs, blocklists) with the added benefit of the processing being done elsewhere.
Signed up for a year as soon as I got the email announcement. Love NextDNS and excited to see where they go — particularly would love some sort of time-based scheduling or API for rule automations.
1. We do not (and will never) sell, license, sub-license or share any of the data submitted directly or indirectly by our users with any person or entity."
This does not cover metadata.
For example, NextDNS analyzes the data submitted directly or indirectly by the user and makes a note, "This user [something private]"
If NextDNS sells, licenses, sublicenses or shares that metadata they are not violating this Privacy Policy.
If NextDNS acquires data from a third party (e.g., data brokers) that identifies NextDNS users, then that is not "data submitted directly or indirectly by our users" and they are not violating this Privacy Policy if, e.g., they pair that data with NextDNS metadata and store, sell, license/sublicense or share it.
This Privacy Policy also does not cover the event of NextDNS itself or a successor selling ads or ad services. If that ever happens, it would not violate this Privacy Policy.
So NextDNS is free to sell metadata. What is the extent of this metadata - is it like ‘this user spends 10 hours a day actively using the internet’, or ‘this user consumes a lot of streaming video content’, or this user ‘watches netflix every friday evening’, or ‘this user uses duckduckgo instead of google’? Can these examples be considered metadata?
They do not need to sell metadata. They can sell services. Neither Google nor Facebook need to sell data. They sell services.
Those companies are not obligated to disclose what metadata they might have. Neither is NextDNS.
If the Privacy Policy stated that NextDNS will not create, collect or acquire metadata about its users, then we would have less reason to be concerned.
However the NextDNS Privacy Policy is all of nine sentences. It is not very restrictive.
Or... You can put your own DNS server on a device in your home and use that.
Personally I am not fond of dnsmasq or the patched version Pi-Hole uses.
100% of "monthly requests" are blocked. There are no third-party managed blacklists, only personally created whitelists. Individual DNS queries rarely leave the network. DNS data is gathered in bulk and stored.
If I'm following, you have a DNS server running that only permits requests to whitelisted domains?
When you browse hn, do you need to whitelist each domain to be able to load content? How many domains do you have whitelisted and how many new ones do you whitelist each month?
Just a perspective - 300k DNS queries is not very much. 1 full day of home use + work (most DNS goes over VPN for that) and I am at 130k queries. So you'll get a nice little trial, but don't expect it to last very long, imo
I'm genuinely surprised you've made 130k dns queries in one day.
I've been using NextDNS now for half a year or so and I have 1,021,075 queries in the last 90 days, or roughly ~11k a day. I have ~69k in the past 7 days.
I have this set up on all my devices.
Are you running a home server or something that could explain so many requests?
This. I guess if your router can install their software, and it maintains a local DNS cache, then it'll go further. But without that, it's repeatedly hitting their servers for the same entry, racking up queries.
> ...and it maintains a local DNS cache, then it'll go further. But without that...
Nextdns has a cache boost option now which sets TTLs to a minimum of 5mins. If the client is complaint (respects the TTLs), then that should help further.
It is, been using it since multiple months. I have no more ads on my iphone now, for free. The dns request pass throught Switzerland and i feel i have 007 level privacy. sweet !!
DNS level blockers arent really for privacy - your ISP can still see all of the connections your device is making. It can however greatly reduce connections to known tracking domains.
Love this service. Gladly paying a subscription now. It’s like a pihole without having to worry about keeping it running, updated etc. So ideal for not-super-techy people like me.
One feature request if the team is reading along a pause button to disable blocking for 1/5/15/60 minutes.
I really wanted to like and use NextDNS but my latency was ~200ms vs maybe 10-40ms for my ISP resolver. I'm fine with paying a bit of a latency price for the extra features and privacy, but not that much. And I'm located in Toronto, not somewhere remote.
Looks like a case of bad anycast routing, as we have a PoP in Toronto! It happens and is usually easily fixable, can you talk to us via the chat on our website (or at support@nextdns.io)?
I figured I'd activate it again and test it first... and of course it's way better now! Consistently getting around 40ms now so I'll keep it enabled and try again :)
What I don't get about DNS, is why doesnt every device just run its own recursive caching resolver. Why ask ISPs and hotspot providers to resolve your requests?
What would be the downside outisde of corporate networks?
A cache shared by a couple thousand people would have lots of stuff already cached. Running your own would be add latency as you'd need to fully resolve more domains.
Only on initial use. Most DNS records have a cache time of 24 hours, so if you're using the internet every day, you're unlikely to notice.
Some latency when visiting a new site seems like a small price to pay for side-stepping all the shenanigans that ISPs have been doing to DNS, without having to defer trust to yet another cloud provider.
Where is the pricing information? I couldn't find it on the homepage or in the help page (even searching there doesn't help). Even the article on 300K free queries a month [1] doesn't have anything related to pricing.
Where is the announcement that it's out of beta? I don't see that in the homepage either. What am I missing?
The people routing your DNS traffic can inspect it and even tamper it (e.g.: your ISP) even if you pick DNS servers other than the ones provided by your ISP. Your privacy is not guaranteed.
DNS over HTTPS/DNS over TLS is encrypted and may offer better privacy, if you trust them, that is.
I'm a fan of their service, and because most browsers support DNS-over-HTTPS natively I can put the configuration right into my browser settings and have the same level of DNS filtering even when I'm outside of my home network without VPN.
Google Chrome (and some Chromium forks) will also be supporting custom DNS-over-HTTPS providers very soon (it's already being rolled out to some users).
If we all use enough of things like NextDNS then all ads will go away. Oh wait, suddenly all websites except those with a paywall will exist. No more news reports of any kind. No more free services. Nothing but a few sites that sell T-shirts to struggle to survive. I don't like the present web either, but somehow people have to make money. Unless we build in an infrastructure that easily allows me to pay you to run a business online, I fail to see how in the long run this total blockage of ads is a benefit for all.
Of course we live in HackerNewsLand, where the rest of technologically illiterate humanity pays by watching ads so that we don't have to.
Somehow we have to use technology to find a way to balance the needs of those who are online serving us content/information/etc with a less irritating and horrific way to pay for it. Without a solution for that, the future is going to be a lot less diverse and a lot more frustrating, although in a different way.
I don't thing most people are against ads.
What's the issue with a simple .png add in a banner or at the side as long as it's not screaming at you? or the occasional sponsored content.
There are 2 big issues that people hate about ads:
- Obnoxious ads that take away from you browsing experience
- Tracking, spying, privacy, monopolies from ad tech and all that stuff.
And those even combine, as all the tracking makes sites slower.
Hacker news works on the sponsored content way. (but it's just one sponoer which it's also its owner) The site is kept low cost as possible, and YC uses it to promote its startups
One YC posts on the front page, don't really bother us too much, as long as they don't become obnoxious.
If this happens we might get healthier Internet where every service is either a) actually free b) croudfunded on services like SubscribeStar c) has paid tiers d) uses first party ads from sponsors. There are plenty of services monetised like this already.
Third party ad networks are an anomaly and it's time for them to go.
I've been using NextDNS and really enjoy it. I've found it a lot easier to manage than pihole. Only issue I have is that it doesn't seem to work with the Economist.
On my desktop systems I can configure it in the network options and never think about it again. On Android I always close it if I don't think about it when closing all apps, then I forget to restart it.
They do have custom DNS provider setting, but it's a bit hidden (also it's different among various MIUI versions). So to find it better try old QuickShortcuts: https://play.google.com/store/apps/details?id=com.sika524.an... and see the Settings->Network Dashboard (or something similar).
I don’t want “in depth analytics” from anything really especially a DNS provider. How about a truly non-logging, ad-blocking, DNS provider that does DNSSec?
They actually have the ability to turn off all logging and analysis, pretty easy and front-and-center, not buried deep in a hidden settings page like some companies. Or you can limit it to a timeframe that makes sense for you. I have mine set to delete everything after one hour. That way if I ever have issues I can pretty easily debug the problem by going to my account details within the hour.
Care to expand on what you are talking about? I've been very curious for a few years about CurveDNS and less so dnssec, but I admit I haven't read the ietfs yet.
If you want what they are selling, then it does work quite well.. but there are drawbacks.. one primarily.. that made me end up not using it for my whole network and only on my ipad when I don't want ads in a game.
As mentioned in other comments, you can whitelist domains, but unlike the whitelist in ublock or something in your browser, this means you need to know the exact ad server domain/domains. For example if I want ads on for certain websites to help support or troubleshoot my own site then I'm unable to do that or if the wife needs to see an ad in her game to get gems, you have to dig through the logs to find out what ad server its calling.. or set up another profile to not block any ads.
In short, you're not whitelisting the domain you're visiting, you need to whitelist every domain that website might call too. Perhaps most people are okay with then and if so then ignore :)
Another thing I didn't like, which I mean makes sense, but in order to label a device you need to run their client. I had set up nextdns on my router which worked great, but if I wanted different devices to have different rulesets they each needed to run the nextdns client. So good luck knowing which smart device is calling what because you're not going to be installing the client on your Alexa. One other downside of this which honestly I probably could have fixed was their client broke WSL network connections so on my primary device I ended up operating in logged out mode.
That said, I might end up giving it another shot at some point but running on a very limited set of rules rather then the pretty comprehensive rulesets I had enabled. I did like how it blocked the device telemetry calls.. perhaps that is all I need to block and then handle everything else client side.
Hope this helps someone!