Security on public wifi
Does Nextdns protect me when I connect to insecure public wifi? Or do I need a VPN?
I'd say most of the time NextDNS should be enough, with the right options on in the security settings (should be on by default) it should block you from resolving internal domains and the fake websites that the VPN companies constantly use for advertising. So as long as you aren't connected to a internal website that could be used as the attack vector, it should be fine and with HTTPS you already get a layer of encryption.
Most of the VPN advertising is honestly to scare the user into purchasing the solution to feel safer.
If you have a place / connection that has a heavier firewall that's blocking websites heavily. A VPN can help, there are other parts like changing your IP that could be useful, but honestly, if you're thinking of pure security in a none invasive nation it's nothing that cortical and you shouldn't need it.
But if you're in a nation where you don't feel safe with your data and it could be monitored it could help to use a VPN, but you'd also have to trust them with doing nothing bad, so you would need a Transparent company.
Ive seen Surfshark lie right before their acquisition about the merger with Nord and there was another lie at the same time period so I wouldn't trust them in the slightest, wanted to put this in since these two are popular and I honestly would say avoid them at least.
Overall, 90% of the time you won't need a VPN, there are uses but you don't need it as it's not that critical. Internet itself is safe enough and with NextDNS it should block their biggest claim about unsafe networks.
Chrome let's you know if the encryption is disabled, so don't visit a none encrypted site, don't do anything critical to stay in the safe side and if you still want maximum security, use mobile data in terms of banks and other critical websites.
Without knowing what Operating System you are using out and about I am hard pressed to know the answer.
I can give you an idea. You can get VyprVPN for Android and Microsoft (this option is omitted for iOS.)
In the settings for Android and Windows and MacOS in VyprVPN you can enter your NextDNS address number and then turn on a VPN for a little anonymity. VPN’s that use their own DNS will not work, not that they are all bad DNS resolvers in “some” VPN services. It’s about 11 bucks a month. Some VPN’s, especially the free ones use free DNS resolvers like cloudflare and other ones like that.
IMO the simple answer:
If you need to pretend you’re in a different country / hide your real IP, or need to connect to public Wi-Fis with no password, use a VPN (as long as you trust them with your logs)
If you don’t need any of the above two requirements, you are perfectly fine with NextDNS (as long as you trust them with your logs)
With VPNs after my own extensive research I would only trust Mullvad, ProtonVPN, IVPN. Do a search for Techlore to find out more.
Mind you, combining both scenarios above is sometimes possible, but super messy.
Hi Sohan, I use warp+ from a company called cloudflare on my mobiles, I will prolly use it on my Mikrotik+RouterOS_7 router because it has support for wireguard protocol. It uses an encryption tunnel called wireguard and on concept it is really secure as it uses private/public key encryption of your data, not destination ips and other infos used to deliver tcp segments and udp datagrams. It is fairly secure on concept and so far on practice.
VPNs do increase security and privacy, BUT you need a good firewall to make it work completely/fully and without errors that can make firewalls work AGAINST your security and privacy.
this isn't true. Read https://madaidans-insecurities.github.io/vpns.html
Software Firewalls also doesn't work.
To answer this question, go trough some firefox (or any other browser) hardening tutorial, there are some options in browsers that should be turned off, and on. Like disabling FAKE TLS handshakes, use only latest TLS versions, disable security.tls.version.enable-deprecated ( it gets turned on every time you hit a TLS 1.1/1.2 site), and other options that in a snap disable some or all your security. So a good firewall and a good vpn, will not make those vulnerabilities available to your ISP, or people in the same LAN as you on a ISP or private lan. Just hit about:config (on firefox and type 'tls', for example) and see the amount of options that get changed "behind your back".