0

Security on public wifi

Does Nextdns protect me when I connect to insecure public wifi? Or do I need a VPN?

63 replies

null
    • Hey
    • 2 yrs ago
    • Reported - view

    I'd say most of the time NextDNS should be enough, with the right options on in the security settings (should be on by default) it should block you from resolving internal domains and the fake websites that the VPN companies constantly use for advertising. So as long as you aren't connected to a internal website that could be used as the attack vector, it should be fine and with HTTPS you already get a layer of encryption.

    Most of the VPN advertising is honestly to scare the user into purchasing the solution to feel safer.

    If you have a place / connection that has a heavier firewall that's blocking websites heavily. A VPN can help, there are other parts like changing your IP that could be useful, but honestly, if you're thinking of pure security in a none invasive nation it's nothing that cortical and you shouldn't need it.

    But if you're in a nation where you don't feel safe with your data and it could be monitored it could help to use a VPN, but you'd also have to trust them with doing nothing bad, so you would need a Transparent company.

    Ive seen Surfshark lie right before their acquisition about the merger with Nord and there was another lie at the same time period so I wouldn't trust them in the slightest, wanted to put this in since these two are popular and I honestly would say avoid them at least.

    Overall, 90% of the time you won't need a VPN, there are uses but you don't need it as it's not that critical. Internet itself is safe enough and with NextDNS it should block their biggest claim about unsafe networks.

    Chrome let's you know if the encryption is disabled, so don't visit a none encrypted site, don't do anything critical to stay in the safe side and if you still want maximum security, use mobile data in terms of banks and other critical websites.

      • Calvin_Hobbes
      • 2 yrs ago
      • Reported - view

      Sohan Ray  I doubt comprehensive list is available.   I’m going by what I use or have used in the past.   POP3 and IMAP are likely still used by many, but I stopped using those about 15 years ago.   (they’re still used by many email clients, but most people nowadays probably use web based mail).    There’s probably dozens or perhaps 100s of proprietary protocols as well. 

      You could also look at well known tcp and udp port numbers to see what’s expected on well known ports, but any protocol CAN use ANY port with a bit of tinkering.

      https://en.m.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

      If you want to know more about what protocols are being used on YOUR network check out https://www.wireshark.org/

    • Sohan_Ray
    • 2 yrs ago
    • Reported - view

    Can an insecure public wifi trick me into visiting a forged cloned website when using NextDns by say providing connection to the wrong IP address to the DNS when it requests for the connection in plain text?

      • Pro subscriber ✓
      • DynamicNotSlow
      • 2 yrs ago
      • Reported - view

      Sohan Ray not if you use NextDNS and take care about using https only sites.

      As Hey already wrote, NextDNS use DNSSEC.

      • Sohan_Ray
      • 2 yrs ago
      • Reported - view

      DynamicNotSlow ok. But what if the site is HTTP? In that case I can be redirected to a cloned website?

      • Pro subscriber ✓
      • DynamicNotSlow
      • 2 yrs ago
      • Reported - view

      Sohan Ray DNS doesn’t care about used HTTP protocol 

      • Carlos
      • 2 yrs ago
      • Reported - view

      Sohan Ray Yes, if they have access to lower levels of the router in your lan, or a machine inside a lan that is responding for multiple ips on the same interface, he could advertise  with arp that the ip you want to send traffic to, is actually inside your lan and the attacker could send the traffic you send him to the internet trough another ip/port/interface/lan or trough the same port and ip, but in another session. It is possiblle and not so difficult, you can do that yourself inside your lan, with your own devices like I did. This is called MITM, or Man In The Middle, a technique that can be used for good or bad.

    • Calvin_Hobbes
    • 2 yrs ago
    • Reported - view

    If you’re looking for something that will protect you against all online threats, NextDNS isn’t that.   Neither is a VPN.   It sounds like you’re looking for a magic solution that provides 100% security.   It doesn’t exist, though you could disconnect entirely from the internet.  

      • Sohan_Ray
      • 2 yrs ago
      • Reported - view

      Calvin Hobbes 😂Nothing like that. I am just trying to decide between a good VPN and NextDns. 

      • Hey
      • 2 yrs ago
      • Reported - view

      Sohan Ray if that's the case, I'd say NextDNS over any VPN. NextDNS can work completely in the background that's the reason why I love it. It's unintrusive, you don't have to think about it.

      That's one of the things I really believe in security. I don't think any security solution should need monitoring or user interaction. It should always be on but never hinder you from doing your work while doing its job, you shouldn't feel it's presence.

      With a VPN you could keep it on all the time, but you'd get constant captchas and worse speed for a 0.01% of a chance of something like I stated happening.

      You'd also miss the security feeds, AI, and other layers with the customization and convince.

      In my opinion, VPNs are a great bit of technology that has its uses, I just used it to diagnose a problem myself. But, it's uses aren't in security but are in convince of bypassing restrictions.

      To clarify incase someone gets it the wrong way they could help with security if the ISP is doing DPI analysis or the country is doing heavy monitoring on its users.

      • Sohan_Ray
      • 2 yrs ago
      • Reported - view

      Hey Ohk! Thanks...🙂

      • Hey
      • 2 yrs ago
      • Reported - view

      Sohan Ray No problem, I didn't know you were planning to only use one of them, I'd take protection that happens without interaction that's going to protect me from most of the threats compared to something that I would have to think about all the time and turn it off and on constantly depending on what I'm doing.

      • Calvin_Hobbes
      • 2 yrs ago
      • Reported - view

      Sohan Ray  NextDNS vs VPN.  They are two different tools for two different purposes.    I think you’ll want to first understand what each provides and what you’re trying to protect.  You previously said your wanting to avoid  Online threats, like malicious actors, hackers, snoopers etc. Anyone trying to steal sensitive info.

      You’re not going prevent all that with one vs the other.   I’m not sure using both would do all you’re asking for.   Nothing will do everything and you need to understand the tools and the threats you’re realistically going to face.   If your endpoint has been compromised, you’re hosed even if you’re using both.

      it seems like you’re looking for a simple solution to a complex problems.   

      • Sohan_Ray
      • 2 yrs ago
      • Reported - view

      Calvin Hobbes in the end I was wanting to determine which of the 2 (NextDns and VPN) would be the better option for online security. 

      • Pro subscriber ✓
      • DynamicNotSlow
      • 2 yrs ago
      • Reported - view

      Sohan Ray as VPNs doesn’t increase your security, the answer is easy ;)

      • Calvin_Hobbes
      • 2 yrs ago
      • Reported - view

      DynamicNotSlow unless you’re looking for privacy from snooping (by encrypting all traffic) and hiding your real  IP address from sites you visit

      • Pro subscriber ✓
      • DynamicNotSlow
      • 2 yrs ago
      • Reported - view

      Calvin Hobbes no. You just moving your trust from ISP to the VPN provider and as you can read on internet, most - if not all VPN provider are bad

    • JasonMatthew_Pridgen
    • 2 yrs ago
    • Reported - view

    Without knowing what Operating System you are using out and about I am hard pressed to know the answer.

    I can give you an idea. You can get VyprVPN for Android and Microsoft (this option is omitted for iOS.)

    In the settings for Android and Windows and MacOS in VyprVPN you can enter your NextDNS address number and then turn on a VPN for a little anonymity. VPN’s that use their own DNS will not work, not that they are all bad DNS resolvers in “some” VPN services. It’s about 11 bucks a month. Some VPN’s, especially the free ones use free DNS resolvers like cloudflare and other ones like that. 
     

    • Luke_Skywalker
    • 2 yrs ago
    • Reported - view

    IMO the simple answer:

     

    If you need to pretend you’re in a different country / hide your real IP, or need to connect to public Wi-Fis with no password, use a VPN (as long as you trust them with your logs)

    If you don’t need any of the above two requirements, you are perfectly fine with NextDNS (as long as you trust them with your logs)

     

    With VPNs after my own extensive research I would only trust Mullvad, ProtonVPN, IVPN. Do a search for Techlore to find out more.

    Mind you, combining both scenarios above is sometimes possible, but super messy.

    • Pro subscriber ✓
    • DynamicNotSlow
    • 2 yrs ago
    • Reported - view
    Luke Skywalker said:
    Do a search for Techlore to find out more

     Please not.  He is an toxic troll and shouldn’t get that much attention. 

      • Sohan_Ray
      • 2 yrs ago
      • Reported - view

      DynamicNotSlow well whatever the scenario....DNS firewall is enough....VPN is just for some specific privacy...that's all..

      DNS firewall won't let any 3rd party , ISP on the network direct you to any unintended IP addresses. so its enough. and VPN doesn't magically encrypt a non encrypted connection. it just encrypts from the client to the VPN server . Rest flows as normal traffic. So if anyone enters any sensitive info on this un encrypted connection , with or without a VPN , no one is safe. And if you don't , you're safe , with or without a VPN.

      • Luke_Skywalker
      • 2 yrs ago
      • Reported - view

      DynamicNotSlow I find his videos very informative for entry level to average users.

      If you have any resources that are better pls do share.

      • Pro subscriber ✓
      • DynamicNotSlow
      • 2 yrs ago
      • Reported - view

      Luke Skywalker that’s the problem. His information are misinformation. 
       

      which topic did you read about?

    • Carlos
    • 2 yrs ago
    • Reported - view

    Hi Sohan, I use warp+ from a company called cloudflare on my mobiles, I will prolly use it on my Mikrotik+RouterOS_7 router because it has support for wireguard protocol. It uses an encryption tunnel called wireguard and on concept it is really secure as it uses private/public key encryption of your data, not destination ips and other infos used to deliver tcp segments and udp datagrams. It is fairly secure on concept and so far on practice.

      • Carlos
      • 2 yrs ago
      • Reported - view

      Just as a complement, VPNs do increase security and privacy, BUT you need a good firewall to make it work completely/fully and without errors that can make firewalls work AGAINST your security and privacy. Most smartphones DON'T have any or just too basic, firewalls .

      • Sohan_Ray
      • 2 yrs ago
      • Reported - view

      Carlos Warp by cloudflare is pretty common. Since cloudflare is coomon. So I have already tried it in past, and the speeds are very bad for me. From a 150Mbps speed it goes down to 20 Mbps with warp. So, it isn't usable for me. Also, with warp you have to use cloudflare dns , which doesn't have any blocking capabilities or you can use the Gateway DNS but that too doesn't quite fair well in blocking,and also it doesn't block ads and trackers which is something I cannot live without,since I am used to it since 2015 I think :/

Content aside

  • 2 yrs agoLast active
  • 63Replies
  • 1087Views
  • 5 Following