HACKER Q&A
📣 giuliomagnifico

Is NextDNS Privacy Safe?


I'm using NextDNS on all my mobile devices, because at home I have a Pi-Hole + Unbound, but outside I don't want to be connected always at my home WireGuard VPN (due to the speed and latency), and I don't like the browser "adds on", so I'm blocking annoying ads etc.. using NextDNS profiles installed on my iPhone/iPad and I love it. It's like a Pi-Hole for cellular connection. But all my DNS queries are going to NextDNS. They say that "we do not (and will never) sell, license, sublicense or share any of the data submitted directly or indirectly by our users with any person or entity" etc... and I chosen the EU country for queries storage, so I'm quite relaxed about the privacy, but just to be sure, are you also using this service and trust it? Thanks

  👤 LinuxBender Accepted Answer ✓
Is NextDNS Privacy Safe?

They say that "we do not (and will never) sell

As with any service I suppose it depends on how much one trusts them without having a mutually agreed to, signed and notarized contract that has severe penalties for breach. I do not know much about NextDNS so my question would be, how does anyone know for sure how long they retain query logs if at all and are any of their employees here on HN that could answer this?

If one could not answer this then perhaps a mitigating control may be to terminate DNS via DoH/DoT to a self hosted VM somewhere then use something like Unbound DNS to forward via DoT/DoH upstream to NextDNS so that they only have a random VM IP in their logs. One could also pre-cache the most common domains and many random domains hourly in a cron job to hide ones behavior. This method may allow for quickly switching to another provider in a centralized location without having to reconfigure all the individual devices.