Proton VPN + custom DNS better?

Hi all,
I haven’t been long on the privacy journey, so forgive me if this was answered and I just didn’t understand.

Right now I use NextDNS at router level, I use it for the parental features and enjoy the level of ad blocking/malicious site blocking it provides, and when I’m out I use ProtonVPN for when I connect to public WiFi, for general privacy.

Is there any real benefit to using ProtonVPN + NextDNS now that proton added the custom DNS feature on mobile? I have read on Protons blog that using a third party DNS resolver with ProtonVPN is less secure so unsure the benefits to this feature, or maybe I’m not understanding something. Any help/tips would be appreciated!

1 Like

Hi - I also learn a lot here when people discuss the topics and I believe to not be time enough on this journey to chime in confidently.

Do you by any chance has the Proton blog source that you are referring here?

offtopic

Are you a Satoshi Kon - Paranoia Agent fan? That is nice. :slight_smile:

The risk of using a third-party DNS provider is that the websites you visit are able to detect what DNS servers you are using, if they want to.

This means that someone could see that you’re “a Proton VPN user who uses NextDNS,” which is a much smaller group of people compared to “ProtonVPN users who use Proton’s DNS,” and therefore you stand out more and could potentially be tracked more easily.

On the other hand, a DNS provider like NextDNS can provide very meaningful privacy benefits, like the tracker/ad blocking and malware blocking features you mentioned.

Do the benefits that NextDNS provides you with outweigh the risk of potentially being easier to track? Only you can decide, really, but at least now you should understand the potential threat involved.

I do know many people who combine NextDNS with Mullvad, Proton, IVPN, etc., and I also know many who would not do that.

9 Likes

One way I found around the fingerprinting and (imo) more important problem of added party to trust with your internet traffic (Proton + NextDNS) is using a VPN provider that has a cloud DNS service. I’m using AdGuard, and according to my tests, websites can’t detect that you’re using a custom DNS. Wibdscribe+ControlD might also work, but I didn’t check.

Here’s what I was referencing:
Proton Blog Custom DNS

Using custom DNS isn’t unsafe in itself, but we can’t guarantee that it will be as secure as Proton VPN’s DNS service.
Our DNS service resolves queries through our encrypted VPN tunnel, adhering to our strict no-logs policy. Custom DNS queries don’t pass through the VPN tunnel, and their overall safety depends entirely on the resolver you choose.

Oh that makes sense! Thank you for the help. Definitely something to consider moving forward.

off topic

Yes I am! I’m a fan of Satoshi Kon’s works he was a great director.

1 Like

Wait I did not know that. I thought while using the VPN, the DNS of the VPN would be used by default.

Let’s say I have NextDNS or Cloudflare DNS configured on my router for other users in my household (to protect them because they won’t use a VPN on their own), but I always personally use a VPN (different servers), will I stand out as a user of say Cloudflare DNS + Proton VPN for instance?

You can test your DNS with dnsleaktest.com or DNS Leak Test - BrowserLeaks

2 Likes