I use Next DNS I pay AUD$3/month it's awesome I've set it at router level and on my mobile phone the Samsung Galaxy Note10+...also we need a VPN that's outside of the 14 eyes surveillance network..search engine I use is qwant. I use torrent sites too

The last I checked, NextDNS routes the DNS logs you see of your account, on their website, through Google servers in plain text...

I used Nord's DNS servers the longest. They're slow. Then I tried Quad9. Faster than Nord. Then I tried Cloudflare. Very fast. I just moved to NextDNS. We shall see how it performs.

I use dnscryptproxy on my OPNsense router. It allows to filter via downloadable black lists, and I also use a filtering DNS provider. So, I should be fairly protected. The included Unbound DNS service can also filter, and it's even possible to add a custom list to that. I have mine handoff the lookups to dnscryptproxy after it resolves any intranet DNS queries. Also, don't forget to setup the cron job to automatically update the DNS black lists and restart the service. Oh yeah... And, it's all no cost, and no subscription. Mine also intercepts all outgoing DNS port 53 traffic.

On an unrelated note, I wanted to ask a question about Monero. If Monero is ever cracked with quantum computers (or anything) could this de-anonymize past transactions? since the blockchain itself is public?... So maybe your transaction is anonymous today, but if in 10 years it gets cracked, could it ever be traced back to us?

I have a second phone I take for walks

​@@SWUploads971a smartwatch would make sense and theres privacy friendly smartwatch'es. mental outlaw made a video on it a while ago

and yet, you are here commenting on KZbin hahahahahaha

@@kevindetolli And apparently, you are not.

@@youchwb6005 I am!

AdGuard is great for self hosting, it’s also very simple and has features that similar options dont. It’s simpler than pihole in my humble opinion. For everything else your best bet is to secure DNS by making sure it’s set to a proper upstream one such as Mullvad or Quad9. Unfortunately you may have to set this on a per device and per app basis. Each device tends to have different support for encrypted DNS. Apps themselves can also vary. This is what adguard or pihole are great at. You point all DNS to the adguard/pihole, and then from there you have it do the upstream requests in encrypted DNS. The main thing that encrypting DNS does in terms of privacy is make sure that your ISP doesn’t hijack the DNS query on the way out (which apparently happens). A VPN also prevents this because the DNS request is sent through an encrypted tunnel as it goes through the ISP connection. So realistically the minimum setup of good VPN + something like Quad9 DNS is going to do most of your network privacy without getting too into the weeds. Then you have to look at your browser, device, operating system, apps, and other sources of telemetry and metadata fingerprinting. Many of these issues are fixed by using Linux + open source. Anyway this got long, but personally with all that considered I don’t see much need to pay for DNS services. The way i would personally pay for DNS services is by spinning up a cloud VPS with it’s own domain to use as a VPN and reverse proxy. This is pretty common and can be pretty cheap.

Any pointers on where we can learn more?... I'm using pihole and Quad9 but lost on the portion related to port 53 and getting DOH working. Ty

I use NextDNS on the router and Adguard extension on my Brave Browser.

@@RAM_845 Isn't Brave is a Google browser?

@@youchwb6005 a modified one

@@youchwb6005It is based on Chromium. But everything Google related has been ripped out. It is 100% safe to use.

i expect you to also use revanced or any other private KZbin app edit: but you might not use your phone as an entertainment device

I've always heard that using a DNS provider with a VPN is not a good idea. Instead you should only use the VPNs DNS.... I don't know

Most vpn service providers have trackers on board (third party trackers). Even if no personally identifieable information is included, you can be identified easily using a few features). Mostly, people use a VPN and think they're good in terms of privacy. Yeah, well... turns out, no

@@enigma220 He covers the topic in the video, VPN dns vs custom DNS. While custom DNS is more idenfiable, the benefits outweigh the cons, and to be honest its such a minor "anti-fingerprinting" measure.

why don't you just use your own VPN?

Trend Micro has " Pay Guard". It opens in a new isolated window like Sandboxie. Then after your session, delete all the history and cache in that window. Been using for other transaction sites like E bay, etc and never had problems. Other AVs have the same feature.

That's definitely a valid option too, you can opt for different configs on different devices w/ different priorities :)

Such as?

How do you suppose you block ads and trackers outside a web browser environment? An app with trackers? An OS submitting invasive telemetry? I would take a look at what can be blocked by a DNS provider and how the scope is a bit different. Adblock + DNS together are a very ideal workflow for people who want the best of both worlds. I directly address the ‘identifiable’ argument you make in the video and how it *is* a con to the workflow.

​@@techloreAdding to this, the blocklists are very different, with network wide ones having a much more broad scope. An example of this would be blocking youtube and google ads, but not google telemetry/google play services tracking.

@@techlore On your first argument, ad blockers don't do the DNS requests, when a DNS request is made for a domain on their list, the ad blocker intercepts the request and returns a null response As for the latter, it's irrelevant if you "addressed it in the video", you are advising people to do something they absolutely shouldn't. You are giving bad advise that doesn't give neither safety or privacy

@@kueacybtguicyregfibubkueacybax 6:16 As it's in the video, use a VPN provider that provides adblocking via their DNS. But never, NEVER use a VPN with an external custom DNS, specially not NextDNS or similar where your DNS requests go with UNIQUE IDENTIFIERS of your account and your identity