Do I need a VPN for privacy if I’m using Nextdns?
A VPN and DNS are two different things. Using a 3rd party DNS service, like NextDNS, will not hide your traffic from your ISP. And it won’t hide your real IP from the sites you visit. If you don’t care about that, then you don’t need a VPN.
The answer is, maybe.
First, if you’re using NextDNS by just inputting the IP addresses of the NextDNS servers as your default DNS servers in your router, then most likely your ISP can, and will, snoop on every DNS request you make. For the most parts the data teams at these companies aren’t sophisticated enough to make use of this data, so they sell it to other people who then use it to create a broader profile of you. Usually for marketing.
If you’re running NextDNS using the NextDNS clients or perhaps are running a DNS server locally that forwards requests to NextDNS using TLS or DNS-over-HTTPS, the answer is still maybe, but it’s a bit more complicated for the ISP and fewer do it. In short, when you connect to a remote server over HTTPS, the first little bit when you say what server you want to talk to won’t be encrypted. After that encryption will kick in. Once ESNI is more widely spread this will go away - so your ISP will only know the host IP address of the machine you’re talking to.
If you’re thinking you need to hide all of your behavior from your ISP or nation state, then yes, a VPN is necessary - but get a better one, like Mullvad. If you believe that your ISP isn’t sophisticated enough to do full scale SNI sniffing (and this is most in the United States), then Next DNS provides a small increase in privacy by hiding your DNS lookups from your ISP and also blocking some ads if properly configured.
Ok let me see if I understood, I’m not protected if I’m using Nextdns only at a coffee shop. Right? The problem is that I really like how customizable is Nextdns but it doesn’t work if I activate private relay.
If you are using a VPN, in most cases this means you will stop using NextDNS, because VPNs override the DNS. There are however apps that can make VPNs work together with custom DoH DNS, like Passepartout, or with IPv6 DNS, like Viscosity.
If you want privacy, Tor or Apple’s iCloud Private Relay with Safari would both be better options than any VPN, even if you paid with crypto.
Until ESNI / ECH is fully rolled out, your ISP (or that coffee shop whose wi-fi you’re using, or indeed your VPN service) can still see the hostname of any site you connect to. This is exactly the data those ISPs sell to advertisers today.
You don’t need a VPN, all the websites use encryption by default, it’s https. You can use them if you’d like for added privacy but otherwise, you’d be paying and unless you have a genuine use for it I wouldn’t recommend it.
You can use a vpn like Proton or Windscribe that gives you the same functionality as NextDNS whilst hiding your ip address.
But the short answer is yes, depending on what your use case is.
If it is a local VPN for filter web locally then yes. Otherwise, I think no.
Private Relay (iOS) and NextDNS do two very similar things: they hide your lookups from the DNS provider. But this is where similarity stops.
Apple’s Private Relay goes one step further, also hiding your access to a receiver site and traffic from the provider as it’s all HTTPS and QUIC with encryption on the client side. So if that’s one concern, imho no more VPN needed with private relay!
The filtering aspect from NextDNS should also work if private relay is activated. It works for me, simple to test.
So if you combine iOS private relay + NextDNS you get the best from both worlds.
NextDNS can also work in any other network. I basically have it on everywhere, even in my home network to filter ads. The beauty here is: if you want more ads eg in search results, you can quickly temporary disable it, without having to fiddle with a generic router setting (eg when using OpenDNS or PiHole).
That article is old and lots of info is just not true. Some VPN providers (such as ExpressVPN and PIA) didn’t provide logs to law enforcement simply because there weren’t any.