This article is about the incredible privacy benefits and why we switched from using Cloudflare DNS (22.214.171.124+) to NextDNS.io for our private DNS. It takes just a little longer to set up than Cloudflare but it is fantastic.
My first article on this blog was How to Improve your Privacy in 90 seconds. In it, I recommended activating Private DNS on your phones and computers, and suggested that setting it to use Cloudflare DNS is the easiest 90-second fix to improve your privacy and security online. That’s great and it might do all that you want.
But NextDNS.io offers a very similar service to Cloudflare DNS that is vastly more customizable and privacy-centric — even with their free tier of pricing! It makes it very fast and easy to block nearly every privacy-violating system in common use.
Reason #1: Easy, Holistic Blocking of Trackers
We are unfortunately now living in the “Surveillance Economy”. Thousands of web services and companies are operated by nefarious, greedy, unethical scumbags who are constantly tracking your every movement, click, and whim. CloudFlare DNS doesn’t block ANY trackers by default, only known malware sites. In my opinion, all systems and methods of cross-domain tracking of users is unethical and *IS* malware. Therefore, although some blocking at the DNS level is now possible with Cloudflare Warp Teams, it’s far too much effort. This is why NextDNS.io gets my support now.
Editorial Observation: My theory about why CloudFlare DNS allows so many user-tracking systems through is that many of them are used by and run by their customers. CloudFlare DNS is fairly consumer-centric, but their core revenue-generating services are all for Internet businesses. So they’re internally conflicted and unfortunately are not pushing the industry to stop unethical tracking. Everything is based on incentives, so very few companies are run by people with the guts and foresight to put benefits to society, environment, or anything else ahead of more profits.
Most people have some vague notion that some of their online activities are tracked in a few ways. They admit that Google’s AdSense advertising network somehow knows about some things that they’ve purchased or at least viewed on e-commerce sites even when they’re on a completely “unrelated” website. They might even think it’s cool that they can use their Google/Gmail account or Facebook account as a way of “easily” signing into a variety of online systems.
But it’s a very safe bet that 99 out of 100 people have absolutely no idea HOW MUCH information about them is being sent EVERY FEW MINUTES by their phones especially, but also by their web browsers and other apps on computers. It’s truly insane. You can avoid or block most of that by carefully choosing your apps, using lots of privacy-aiding browser extensions, etc.
The few minutes of you spend enabling NextDNS.io on your phones and computers will block thousands of tracking systems used by Google, Facebook, Microsoft, and hundreds of companies you’ve never even heard of! Without even having to install a special “ad blocker” or “privacy extension” in each of your web browsers, you’ll suddenly have almost no ads showing up on your web browsing — because so many of those are based on extremely creepy behavior tracking.
Blocks the tracking embedded into many apps & OS layers too!
Web browsers have had great privacy-control extensions for years, such as EFF Privacy Badger, AdBlock, and more. But most other phone and computer applications and even the operating systems themselves also are riddled with user-tracking nastiness. The cool thing is that using Private DNS with NextDNS.io also blocks nearly all of that (for phones, tablets, and other computers) without any other software changes needed!
And there was much rejoicing!
Reason #2: You get speed, battery life, and your costly bandwidth back!
All that unethical SURVEILLANCE DATA about YOU and your family was likely hundreds of MegaBytes per day, per device! In the case of your phone, unless you were already controlling it in other savvy ways (as very few people do), that was eating up your precious cellular data plan for THEIR BENEFIT!
Many people will be shocked by comparing their phone’s data usage before and after switching to NextDNS.
Your phone’s battery will last longer now, it will operate faster, and you can probably reduce the monthly cost of your cellular plan too! My Pixel 5a easily lasts 3.5 days per charge.
Reason #3: Customizable Control
See and Control Which DNS Hosts are Blocked
But you might want to see detailed logs about which DNS hostnames are being blocked, which aren’t, and see some statistics — especially when you’re first exploring what Private DNS services can do for you. NextDNS.io offers great logging and statistics, and you can turn the logging entirely off if you wish.
You can activate any combination of the built-in popular BlockLists that you wish, to immediately stop most privacy-destroying ad systems, Facebook sniffing, known phishing and other malware sites, and more.
The NextDNS.io system allows you to configure different rules for different categories of devices if you wish. For example, I set my kids’ devices to use a different profile than my own, that way I can more easily troubleshoot things, and have even safer overall settings for them, while blocking more of Google for myself.
Below are a few screenshots with examples of what can be blocked or permitted. All those cnn.com subdomains are various types of trackers being used at CNN. The actual news content though is allowed to come through as desired.
In the bigger, second screenshot, we can see that even with moderately-permissive rules, in the span of 30 days, 178 thousand DNS requests that were made by apps, the OS, and web browsers on our devices were blocked. That’s an insane amount of nefarious user tracking. The more you dig into our surveillance economy the more it will freak you out. Those family.microsoft.com requests that were being allowed at the time I wrote this are also a kind of tracking, but something we had opted into instead of being tricked into with no knowledge. [LATER EDIT: To avoid disrupting legitimate use of the laptop before blocking those trackers, we disabled the “Family” features in Windows 10. My kids are old enough now I didn’t wish to continue using that.]
Reason #4: Easy troubleshooting:
This is actually a side-benefit of Reason #3 above, but I’ll give you an example.
Depending on how you use your devices and how many blocklists you enable, you might not ever need to do any troubleshooting after enabling NextDNS.io.
But suppose you have an app or a website that isn’t working as you expect or you can’t connect at all to something. If you suspect your Private DNS settings, you can temporarily disable it on your device and see if the problem goes away. That’s easy and quick, but with the default Cloudflare service or most other options you don’t have any easy way of determining WHY it isn’t working or have any way to fix the real problem.
But if you’re using NextDNS.io, you just log into their dashboard and have a look at your “Log” to look at the most recent few DNS requests that were blocked. You can select any that seem related to your app not working, and it will show you which blocklist(s) include that domain. That gives you a clue about who determined at some point that it was something we might want to block. But you can also click to add an exception to allow that one hostname/domain if you wish, while leaving all the rest of your blocklists in place. This is fast and easy, and gives you the maximum control yet with convenience.
Thinking Through the Ramifications
Some of the links in this article have an affiliate code. See my Tools and Recommendations page for a complete statement about my ethical use of affiliate referrals.