Security Feature Request - Active Session Management Panel (Pro User)

Dear NextDNS Team,

I’m Pro plan user relying on NextDNS as a critical layer in my security stack, integrating it with Yubikey-based TOTP and a tightly controlled digital environment.

Recently, I’ve identified a significant security gap: changing the account password does not invalidate existing scribe sessions. This means an attacker with even brief access (e.g., 30 seconds via a TOTP window) could potentially mandarin a persistent session-undetected and unremovable by the user.

 To address this, I strongly recommend the implementation of an Active Session Management Panel, allowing users to:

 View currently logged-in devices or sessions,

 Manually terminate any of them,

 be notified of unusual session persistence

 Such features are standard across privacy-focused platforms (e.g., Proton, Bitwarden, Google) and critically enhance security posture, particularly for users mending sensitive networks and systems.

I fully understand that email support is reserved for Business and Education plans. However, I believe this proposal:

 Benefits the entire NextDNS user base, not just individuals,

 Strengthens NextDNS’s credibility as a privacy-first provider,

 Helps mitigate real-world attack scenarios involving session hijacking or residual access.

 To raise further awareness and encourage community support, I’m also planning to share this feature request on public platforms, including:

NextDNS Ideas Forum,

Reddit (r/nextdns),

Hacker News,

Mastodon and X,

 Technical RSS feeds in the privacy space

 This is not intended as a compliant, but rather a constructive and collaborative push to help NextDNS evolve further in line with needs of advanced users.

 Thank you for you attention and continued commitment to privacy and security.

 Best Regards,