I found this comment here on this forum as well as this other forum, I am especially concerned about the comment on the other forum, if that (every website seeing that you are using iCloud private relay AND NextDNS together), wouldn’t this be really bad for privacy and make you stick out a lot? (because most people aren’t using both) Maybe someone could try this and see if it’s true? Should I just skip NextDNS on my iOS device because of this? I usually use it on all my devices with the hagezi block list
Have been doing a lot of research and finding conflicting answers. here’s a reddit comment saying that it doesn’t do a DNS leak.
I should probably specify that i’m talking about NextDNS installed with the DNS profile on iOS, not the app.
Also, if it does DNS leak, would for example Google be tracking this for profiling/ads? or would it only be a threat if your threat model is hiding against people trying to find you? (mine is not, just against trackers.)
As for whether this is a threat, it depends on your threat model. Hard to say whether it’s likely this is actively used for fingerprinting, but this is always a possibility
I just checked both and neither one detected a DNS leak. The servers all showed iCloud Private Relay IPs.
I’m using Private Relay with NextDNS on iOS.
I think a lot of confusion stems from the fact that the facts about this issue have changed over time. Initially Apple did not officially support third party DNS with PR and this caused a lot of issues for NextDNS. However, both Apple and NextDNS worked together to resolve the issues.
Now both services work well together. Providing privacy from sites visited and ISPs.
With that said I don’t ever expect privacy from NextDNS when using their service. They know who I am and could be compelled to log my traffic regardless of settings on my account. This is why when I want to do something where that may be a concern I switch over to a conventional VPN and use their native DNS.
An important additional consideration, and might lead to some more confusion, is to remember that PR only proxies Safari traffic. If you look at all traffic coming from my phone (without a dedicated VPN active) you will see traffic between the phone and NextDNS servers. The content (DNS queries) will be encrypted but you could still see the IP addresses contact by apps like Proton Mail.
Thank you so much!! Will keep that in mind too. Then there aren’t any downsides (as in not standing out vs others)? Would blocking more with a bigger blocklist than others maybe make you stand out?
I use the standard block lists and haven’t had any issues with ads leaking through. With that said I’m not aware of a real world tracking technique based on blocklists. I understand how one could be done but the utility would be very limited.
really helped me out here