0

Security on public wifi

Does Nextdns protect me when I connect to insecure public wifi? Or do I need a VPN?

63 replies

null
    • Carlos
    • 2 yrs ago
    • Reported - view

    Hi Sohan, I use warp+ from a company called cloudflare on my mobiles, I will prolly use it on my Mikrotik+RouterOS_7 router because it has support for wireguard protocol. It uses an encryption tunnel called wireguard and on concept it is really secure as it uses private/public key encryption of your data, not destination ips and other infos used to deliver tcp segments and udp datagrams. It is fairly secure on concept and so far on practice.

      • Sohan_Ray
      • 2 yrs ago
      • Reported - view

      Carlos Can you explain why VPNs do increase security and privacy over an encrypted DNS firewall? Also, do read my previous comments in this post before that...

      • Carlos
      • 2 yrs ago
      • Reported - view

      Sohan Ray Actually you can use nextdns with warp, but use warp+ not the free version.  Warp (free version) is slow.

      • Carlos
      • 2 yrs ago
      • Reported - view

      Sohan Ray Let me get this right, no traffic other then DNS traffic goes trough a Encrypted DNS firewall, but encrypted DNS traffic CAN go trough an encrypted VPN. That is the case with warp+ .

      • Sohan_Ray
      • 2 yrs ago
      • Reported - view

      Carlos I have tried the warp+ and that too is slow for me. As slow as I said earlier.

      • Sohan_Ray
      • 2 yrs ago
      • Reported - view

      Carlos A VPN just encrypts from point A-the client to point B- the VPN server . Rest(from the VPN server to whatever destination you're connecting to, for example facebook.com) flows as normal traffic. So if anyone enters any sensitive info on this un encrypted connection(say a HTTP site) , with or without a VPN , no one is safe. And if you don't enter any sensitive info in this site, you're safe , with or without a VPN.

      So basically a VPN doesn't encrypt the un encrypted HTTP connection magically because it isn't possible at all. All it does is , it anonymizes you by creating an encrypted tunnel from point A to point B as mentioned earlier and thus hiding your IP address(from anyone on the network or your ISP) which could be used to personally identify you in many cases and track your online activities.

    • Pro subscriber ✓
    • DynamicNotSlow
    • 2 yrs ago
    • Reported - view
      • Carlos
      • 2 yrs ago
      • Reported - view

      DynamicNotSlow Well, each thing you do to change something, if changed, it does change something. It may not solve everything, may not be final, but it certainly changes things. Firewalls WORK if you do it right, on Linux there are some options you can turn-off and on that really make a difference.

      • Pro subscriber ✓
      • DynamicNotSlow
      • 2 yrs ago
      • Reported - view

      Carlos no they can easily be bypassed. You should read my link. 

      • Carlos
      • 2 yrs ago
      • Reported - view

      DynamicNotSlow I have read your link. and they cannot be EASILY bypassed, there has to be an effort to do so AND it may not provide expected result AND I am not passing wrong information. The information I give is correct.

    • Carlos
    • 2 yrs ago
    • Reported - view

    To answer this question, go trough some firefox (or any other browser) hardening tutorial, there are some options in browsers that should be turned off, and on. Like disabling FAKE TLS handshakes, use only latest TLS versions, disable security.tls.version.enable-deprecated ( it gets turned on every time you hit a TLS 1.1/1.2 site), and other options that in a snap disable some or all your security. So a good firewall and a good vpn, will not make those vulnerabilities available to your ISP, or people in the same LAN as you on a ISP or private lan. Just hit about:config (on firefox and type 'tls', for example) and see the amount of options that get changed "behind your back".

      • Pro subscriber ✓
      • DynamicNotSlow
      • 2 yrs ago
      • Reported - view

      Carlos stop posting misinformation and nonsense. Users will end in broken setups with your „tips“. 

      firefox isn’t recommend anyway 

      • Carlos
      • 2 yrs ago
      • Reported - view

      DynamicNotSlow What I am saying here is correct, all those things will only work if you have a strong firewall, a well configured system, that removes legacy options that turn your system and/or your tcp stack vulnerable to all sorts of attacks, and most linux boxes come with those options turned on (bad options on, good options off), and it is your job  to turn it on/off and be sure about your system, as much as you can. Also a last word on VPN providers from other countries, is that, they WILL hack your computer/voip box/smartphone as I got all of those attacks on a pcap.  They are not bound to the laws of your country. BE extremely careful with wich VPN you choose, choose VPNs in your country or a country that has "good" local/international internet laws.

      • Sohan_Ray
      • 2 yrs ago
      • Reported - view

      Carlos That is if someone chooses to use a VPN at all. They only add some privacy benefits and bypassing geo blocks feature, and that's all.

Content aside

  • 2 yrs agoLast active
  • 63Replies
  • 1307Views
  • 5 Following