Do those options in NextDNS are good enough for average privacy?
For exemple if I choose Windows, do I have the same level of privacy than a Linux? Or if I choose Samsung, do I have the same level of privacy than AOSP?
Thanks!
No. This is just blocking some brand-specific trackers that can be blocked without breaking anything. There will be more tracking which cannot be blocked by DNS.
3 Likes
Short Answer: No
Long Answer: Nooooooooooooooooo
Real Answer: No, aside from unblockables (tracker inside the first party domain), you are actively fighting the system. The system may for example ignore the the DNS and just connect straight to the IP. DNS blocking helps with some tracker, but to get proper privacy you won’t really get it with Samsung/Windows
3 Likes
Using NextDNS or any DNS content blocker will not fix all privacy issues in an operating system or application.
All it is doing is enumerating badness. Blocking known ad/tracking/malware/etc. domains is good and I generally recommend it, however it can’t and will not realistically defeat all forms of tracking and all privacy issues that exist in an environment. There are a million other ways to track you and circumvent protection like what NextDNS or similar options would provide. It isn’t that simple unfortunately.
So no, using NextDNS will certainly not make Windows as private as Linux, or Samsung’s Android as private as AOSP or any alternate Android OSes. Will NextDNS help mitigate the tracking? For sure. But its far from enough by itself, and you really should consider using software that doesn’t invade your privacy in the first place where possible.
4 Likes
U can see all the domains will be blocked from this link : https://github.com/nextdns/native-tracking-domains/tree/main/domains
2 Likes
Not even close, unfortunately.
Anything that purports to block bad things based on a blacklist (like NextDNS or uBlock Origin, or an Anti-Virus scanner or a list of people not allowed on a plane) is at best intended to Mitigate (lessen) a risk, it can’t eliminate it. It can’t be a 100% solution, and in the case of protecting you from your own untrusted operating system, can’t come anywhere near 100% with certainty. (You can search “enumerating badness” for more info)
So no, trying to block bad behavior from an OS you don’t trust (with a rather crude tool (DNS)) is not the same as beginning with a foundation that you do trust (Linux is this example).
That said, If you do use Windows (or any of those other services) you should enable those things (Search “yokoffing nextdns” for a good recommended guide on setting up NextDNS). Just set realistic expectations. The benefit of NextDNS and DNS level blocking is that for very little effort, you can block the majority of ads & trackers across your whole device or network, but even in the best case scenario, it’ll let bad things through some of the time.
You can see the ~20 or so domains blocked b that list here:
# Connected User Experiences and Telemetry
vortex-win.data.microsoft.com
vortex.data.microsoft.com
vortex.data.microsoft.com.akadns.net
vortex-sandbox.data.microsoft.com
# Unclassified
telemetry.microsoft.com
telemetry.urs.microsoft.com
choice.microsoft.com
redir.metaservices.microsoft.com
settings-sandbox.data.microsoft.com
settings-win.data.microsoft.com
telemetry.appex.bing.net
watson.live.com
watson.microsoft.com
feedback.search.microsoft.com
feedback.windows.com
corp.sts.microsoft.com
diagnostics.support.microsoft.com
i1.services.social.microsoft.com
cache.datamart.windows.com
diagnostics.support.microsoft.com
spynet2.microsoft.com
spynetalt.microsoft.com
# Office Telemetry
onecollector.cloudapp.aria.akadns.net
prod.nexusrules.live.com.akadns.net
2 Likes
OK, thanks for all your answers. I will stay on openSUSE and CalyxOS as much as I can.
1 Like