Security Feature Request - Active Session Management Panel (Pro User)
Dear NextDNS Team,
I’m Pro plan user relying on NextDNS as a critical layer in my security stack, integrating it with Yubikey-based TOTP and a tightly controlled digital environment.
Recently, I’ve identified a significant security gap: changing the account password does not invalidate existing scribe sessions. This means an attacker with even brief access (e.g., 30 seconds via a TOTP window) could potentially mandarin a persistent session-undetected and unremovable by the user.
To address this, I strongly recommend the implementation of an Active Session Management Panel, allowing users to:
View currently logged-in devices or sessions,
Manually terminate any of them,
be notified of unusual session persistence
Such features are standard across privacy-focused platforms (e.g., Proton, Bitwarden, Google) and critically enhance security posture, particularly for users mending sensitive networks and systems.
I fully understand that email support is reserved for Business and Education plans. However, I believe this proposal:
Benefits the entire NextDNS user base, not just individuals,
Strengthens NextDNS’s credibility as a privacy-first provider,
Helps mitigate real-world attack scenarios involving session hijacking or residual access.
To raise further awareness and encourage community support, I’m also planning to share this feature request on public platforms, including:
NextDNS Ideas Forum,
Reddit (r/nextdns),
Hacker News,
Mastodon and X,
Technical RSS feeds in the privacy space
This is not intended as a compliant, but rather a constructive and collaborative push to help NextDNS evolve further in line with needs of advanced users.
Thank you for you attention and continued commitment to privacy and security.
Best Regards,
Reply
Content aside
- yesterdayLast active
- 9Views
-
1
Following