NextDNS is a recommended DNS resolver by Privacy Guides. However, it requires an account to use. I trust that Privacy Guides doesn’t recommend services that are not privacy-friendly. But, how can a DNS service linked to an account be privacy-friendly? Surely any form of logging on their port is just one step away, as they already link every query to you?
The “account” consists of a username/password and an email address. You’re not forced to give up any personal information.
Logging is always just one step away. If they wanted to, against their promises, they could do so even without an account. You just need an email account to register and nothing else. Even a temporary or alias email address works.
An account is less identifiable than the information any DNS resolver will already have regardless of whether there is an account or not. A DNS service will necessarily know (1) Your IP Address (2) The domains you request. Using a DNS service, nextDNS or otherwise, involves some trust. Don’t let not requiring an account give you a false sense of anonymity, any DNS service can log your queries.
As to why NextDNS uses accounts, it is for the more advanced/custom features it allows. (Optional) Logs, customization etc.
I used NextDNS because I thought it was open source (not that that makes it better of course, but, when there are multiple alternatives to choose from that are all private, I will go with the open source one).
As it turns out, it is not. So, whether the account is private or not, I don’t like the feel of it. I have gone with Mullvad DNS now, since it’s also recommend by PG, requires no account, and collects no logs.
Well at least some of it is, do you know what pieces are not open source?
All of it. What you’re looking at in their are blocklists (and their CLI). The server code is all non-free.
14 posts were split to a new topic: NextDNS (free) security after 300K queries
Hm. Maybe we should rethink our DNS provider recommendations? They were mainly chosen based on various technical security (like DNSSEC, DoH/DoT, etc.) and privacy (like QNAME minimization) measures, and global latency.
Not so much based on blocking functionality or account-level customization. I wonder if we should split our recommendations into good generic providers like Quad9 and good custom providers (basically Pi-hole alternatives) like NextDNS/ControlD, and include more information on the latter type of service.
A post was merged into an existing topic: Split DNS recommendations into secure/non-filtering providers, and filtering/SaaS providers