Security on public wifi
Does Nextdns protect me when I connect to insecure public wifi? Or do I need a VPN?
63 replies
-
I'd say most of the time NextDNS should be enough, with the right options on in the security settings (should be on by default) it should block you from resolving internal domains and the fake websites that the VPN companies constantly use for advertising. So as long as you aren't connected to a internal website that could be used as the attack vector, it should be fine and with HTTPS you already get a layer of encryption.
Most of the VPN advertising is honestly to scare the user into purchasing the solution to feel safer.
If you have a place / connection that has a heavier firewall that's blocking websites heavily. A VPN can help, there are other parts like changing your IP that could be useful, but honestly, if you're thinking of pure security in a none invasive nation it's nothing that cortical and you shouldn't need it.
But if you're in a nation where you don't feel safe with your data and it could be monitored it could help to use a VPN, but you'd also have to trust them with doing nothing bad, so you would need a Transparent company.
Ive seen Surfshark lie right before their acquisition about the merger with Nord and there was another lie at the same time period so I wouldn't trust them in the slightest, wanted to put this in since these two are popular and I honestly would say avoid them at least.
Overall, 90% of the time you won't need a VPN, there are uses but you don't need it as it's not that critical. Internet itself is safe enough and with NextDNS it should block their biggest claim about unsafe networks.
Chrome let's you know if the encryption is disabled, so don't visit a none encrypted site, don't do anything critical to stay in the safe side and if you still want maximum security, use mobile data in terms of banks and other critical websites.
-
Can an insecure public wifi trick me into visiting a forged cloned website when using NextDns by say providing connection to the wrong IP address to the DNS when it requests for the connection in plain text?
-
If you’re looking for something that will protect you against all online threats, NextDNS isn’t that. Neither is a VPN. It sounds like you’re looking for a magic solution that provides 100% security. It doesn’t exist, though you could disconnect entirely from the internet.
-
Calvin Hobbes
Nothing like that. I am just trying to decide between a good VPN and NextDns. -
Sohan Ray if that's the case, I'd say NextDNS over any VPN. NextDNS can work completely in the background that's the reason why I love it. It's unintrusive, you don't have to think about it.
That's one of the things I really believe in security. I don't think any security solution should need monitoring or user interaction. It should always be on but never hinder you from doing your work while doing its job, you shouldn't feel it's presence.
With a VPN you could keep it on all the time, but you'd get constant captchas and worse speed for a 0.01% of a chance of something like I stated happening.
You'd also miss the security feeds, AI, and other layers with the customization and convince.
In my opinion, VPNs are a great bit of technology that has its uses, I just used it to diagnose a problem myself. But, it's uses aren't in security but are in convince of bypassing restrictions.
To clarify incase someone gets it the wrong way they could help with security if the ISP is doing DPI analysis or the country is doing heavy monitoring on its users.
-
Hey Ohk! Thanks...
-
Sohan Ray No problem, I didn't know you were planning to only use one of them, I'd take protection that happens without interaction that's going to protect me from most of the threats compared to something that I would have to think about all the time and turn it off and on constantly depending on what I'm doing.
-
Sohan Ray NextDNS vs VPN. They are two different tools for two different purposes. I think you’ll want to first understand what each provides and what you’re trying to protect. You previously said your wanting to avoid Online threats, like malicious actors, hackers, snoopers etc. Anyone trying to steal sensitive info.
You’re not going prevent all that with one vs the other. I’m not sure using both would do all you’re asking for. Nothing will do everything and you need to understand the tools and the threats you’re realistically going to face. If your endpoint has been compromised, you’re hosed even if you’re using both.
it seems like you’re looking for a simple solution to a complex problems.
-
Calvin Hobbes in the end I was wanting to determine which of the 2 (NextDns and VPN) would be the better option for online security.
-
Sohan Ray as VPNs doesn’t increase your security, the answer is easy ;)
-
DynamicNotSlow unless you’re looking for privacy from snooping (by encrypting all traffic) and hiding your real IP address from sites you visit
-
Calvin Hobbes no. You just moving your trust from ISP to the VPN provider and as you can read on internet, most - if not all VPN provider are bad
-
-
Without knowing what Operating System you are using out and about I am hard pressed to know the answer.
I can give you an idea. You can get VyprVPN for Android and Microsoft (this option is omitted for iOS.)
In the settings for Android and Windows and MacOS in VyprVPN you can enter your NextDNS address number and then turn on a VPN for a little anonymity. VPN’s that use their own DNS will not work, not that they are all bad DNS resolvers in “some” VPN services. It’s about 11 bucks a month. Some VPN’s, especially the free ones use free DNS resolvers like cloudflare and other ones like that.
-
IMO the simple answer:
If you need to pretend you’re in a different country / hide your real IP, or need to connect to public Wi-Fis with no password, use a VPN (as long as you trust them with your logs)
If you don’t need any of the above two requirements, you are perfectly fine with NextDNS (as long as you trust them with your logs)
With VPNs after my own extensive research I would only trust Mullvad, ProtonVPN, IVPN. Do a search for Techlore to find out more.
Mind you, combining both scenarios above is sometimes possible, but super messy.
-
Luke Skywalker said:
Do a search for Techlore to find out morePlease not. He is an toxic troll and shouldn’t get that much attention.
-
Hi Sohan, I use warp+ from a company called cloudflare on my mobiles, I will prolly use it on my Mikrotik+RouterOS_7 router because it has support for wireguard protocol. It uses an encryption tunnel called wireguard and on concept it is really secure as it uses private/public key encryption of your data, not destination ips and other infos used to deliver tcp segments and udp datagrams. It is fairly secure on concept and so far on practice.
Content aside
- 2 yrs agoLast active
- 63Replies
- 1307Views
-
5
Following