Under what circumstances would you recommend to change or not to change the preset DoH servers in the MB? You emphasize the use of MB with any VPN provider, but you also suggest that if a VPN is used, no other DNS servers should be used, even if encrypted.
Using MB with a VPN creates a contradictory situation as at the same time the preset encrypted DoH servers in the browser are active.
What should users do in this scenario?
You should use the browser with its default settings.
i am also confused as to why a custom dns was set by default in MB , be it a DoH one.
I believe while you are using a VPN with MB its best to just use the dns server provided by that vpn server by default. (whether or not DoH)
If a custom dns server is set , it may chose different dns server for different users based on their location.
This may have an adverse effect on the crowd blending approach for MB and would instead make them standout from others based on the dns server selected.
If anybody has any explanation as to the decision to keep this default in MB , i would like to know.
I mean, it’s common sense that you shouldn’t be changing this. Unless this is a mistake and they messed up, then you need to report this to them.
I actually made a topic about this here: Using encrypted DNS with a VPN
For the record , mullvads DoH servers are not the same DNS servers used by its VPN servers by default.
Keeping any fingerprinting concerns aside , when you are trusting a VPN provider , there is little reason to use DoH as you trusting the VPN company to not involve in something shady like dns spoofing .(which what DoH is essentially made for)
That being said using DoH of the same VPN provider won’t provide you any benefits over using plaintext dns of the same VPN provider as you’ll be trusting the same entity for not manipulating your DNS requests be it DoH or plaintext.
This differentiates us from the dozens of users who use the VPN provider’s DNS server.
I think an explanatory statement should be added to the recommendation page about which is the most reasonable way to use MB.
The important thing is to stay the same as the other Mullvad Browser users, it’s less about the other users on your VPN.
When we say…
Therefore, it is imperative that you do not modify the browser at all outside adjusting the default security levels. Other modifications would make your fingerprint unique, defeating the purpose of using this browser. If you want to configure your browser more heavily and fingerprinting is not a concern for you, we recommend Firefox instead.
…we mean it! 
But I can definitely update the site to include a mention about Mullvad Browser’s default DNS configuration as well, so people aren’t confused when they see this. 
Mullvads extenstion on MB itself prompts to disable DoH when on mullvad VPN .
Maybe you can clarify with them to clear the confusion 
Mullvad’s extension on the browser still prompts to disable DoH in Mullvad Browser. Not sure whether it’s better to do so or not
This is mainly for two reasons:
As a Mullvad VPN user, there’s no advantage to use DoH when connected. DoH is there by default because we can’t assume Mullvad Browser users are using a VPN and DNS requests are encrypted.
In terms of privacy, in most case it shouldn’t matter much, because in both cases requests are encrypted.
So what should be done if both VPNs and Mullvad DNS IPs are blocked? Your help/guide webpage is very useful, it seems to explain a lot of scenarios. I think it could also explain how Mullvad Browser should be used for these scenarios, with reasons:
In the Mullvad Browser Extension guide and Encrypted DNS guide, there’s an explanation on when to use DoH.
We can’t know if the user is using another VPN, so the extension can’t make a recommendation about it.
We’re not recommending other DoH servers, because we can’t vouch for them, but users are always free to enter their own DoH server in the Firefox settings.
I don’t think it should be about the people who develop and maintain your browser being able to vouch for anything, or being able to know in real time that people using your browser are using a VPN. Do you vouch for the architecture of the CPUs in your servers, or the microcode, or the BIOS firmware of the motherboards? Or do you vouch for Google if you are still a customer of their email solution? Do you vouch for Firefox which is upstream of your browser? Anyway I don’t want to argue with you or anybody else.
You released a free software that anyone can use. Your main goal is that everyone using that software will look similar when surfing the web. But in which situations can people change which settings in this browser? And it doesn’t differentiate their fingerprints. Which settings should never be changed because those settings make their fingerprints different from everyone else’s. The preset Mullvad DoH server is part of these two main problems.
Anyway the issue seems to have already been resolved here, have a nice day!
This is indeed something that is marked for improvements in the future. It’s just a question of time and resources.
Mullvad Browser aims to provide good defaults for users caring about privacy and fighting against mass surveillance. There’s a balance to find, and we’ll keep improving it based on feedback like yours.
Is it also recommended to change media.peerconnection.enabled to false or does it also affect fingerprinting?
The comment marked as the solution in this post should have answered your question already. Don’t fiddle in about:config
I still don’t get it.
Should I leave the default settings if connected to Windscribe ? Goal : tracker-blocking, fingerprinting resistance.
Sorry if it’s dumb but that’s not very clear for me ! Best regards
