GrapheneOS's Recommendation on DNS Servers?
- Edited
The way I look at it is a solid VPN like Mullvad or Proton using their DNS will do the trick. I'm sure Mullvad does it, but I know Proton VPN DNS servers seek to block adware and malware. You also should use a privacy browser (with privacy search engine) to block ads/tracking/fingerprinting and I made Proton Mail my go to as it blocks ads/tracking in emails. Trackers are placed in "legit" (not otherwise malicious) email links and in the pixels of a company logo in an email that activate when the email is opened. Proton Mail shows how many have been blocked. You will never stop it, but can mitigate.
As for VPNs not being anonymous, if your VPN truly does not log what you search as well as your real IP, and you paid with a crypto and throwaway email, they can make you pretty anonymous. Both VPNs and Tor can be hit by correlation attacks on exit nodes, but that is generally nation state level (can also always have a bad apple working for a VPN or running a Tor exit node), but you need to really be on guv radar to be targeted for correlation.
GrapheneOS So wait, hold on… when you say use the networks DNS, is the network the vpn?
Aka I should use mullvad’s dns if I’m on mullvad vpn?
What is the recommended way to block ads? Or is “filtering traffic” different from blocking ads?
Because blocking ads is practically a requirement to effectively browse the internet nowadays, and I’ve had experiences with websites running ads that hijack the site somehow and cause redirects without me clicking on any ads. Which is pretty spooky, if you ask me, because even if I only go to trustworthy websites, I have kinda no way to know what ad networks they use to pay their bills, and even if I did, I also have no way of knowing what ads that network will run - aka there’s kinda no way to know whether or not a website is trustworthy - so if I can’t trust any website, I /have/ to put up defenses. So… blocking ads, right?
GlytchMeister So wait, hold on… when you say use the networks DNS, is the network the vpn?
Aka I should use mullvad’s dns if I’m on mullvad vpn?
Obviously I can't speak for the project account, but I believe that's what they're saying.
GlytchMeister What is the recommended way to block ads? Or is “filtering traffic” different from blocking ads?
I don't know if there's a "recommended" way of blocking ads, but you can set up ad blocking in their app in Settings > VPN settings > DNS content blockers
. This way you're using the "network DNS," so there should be no DNS leaks.
The problem is that their tracker lists are very basic. Better than nothing, but still basic. NextDNS and Adguard Private DNS allow way more advanced filtering lists.
For me personally it is much more important to block as many trackers as possible vs the chance that some websites might fingerprint based on DNS. Fingerprinting is a lost battle in most cases as there are so many parameters that can make a device unique, not just DNS or IP.