Privacy Cookbook - Chapter 2.5 - Domain Name System (DNS) - Decloudus DNS

a day ago by Privacy Advocate • 4 min read

I've made my point multiple times on decentralize.today that when it comes to privacy, I prefer a DNS with ad-blocking over a VPN. Perhaps you can combine both of them? We do have, on the other hand, the combination of a Firewall/DNS setup like RethinkDNS, NextDNS and AdGuard, but many people just don't know what blocklists to add, or do not want the extra software on their phones.

Google is the biggest issue for Android Phones. Yes, you can have GrapheneOS or CalyxOS, and get rid of most Google services and trackers, but even then you will never be able to escape Google for good. With NextDNS you have a blocklist of all Google domains, which contains around 5000 google owned domains. However, Google owns more than 10k known domains...and all of them have some Google trackers.

Depending on your needs, DeCloudUs has an advantage over NextDNS on the amount of Google servers. NextDNS, on the other hand, gives you more options and blocklists. That said, DeCloudDNS has over 1.2 million domains blocked, a pretty impressive amount of shitware!

One solution that works as simply as opening Settings — Network & Internet — Advanced — Private DNS can block more than 10k Google owned domains plus a lot of other cloud-based spyware.

So let introduce DeCloudUs, which operates out of Germany. The developer is a long known and trusted friend on Mastodon, and I can now say I have finally given DeCloudUs a try.

DeCloudUs is a secure, private, no-logs DNS resolver built on open source.

The service comes in 4 different setups

Zulu DNS

Keep Essential Google Services Running

Zulu DNS servers were built based on popular demand for "deGoogle/unGoogle light". Unlike Alpha DNS servers (that will completely block Google), Zulu DNS servers blocks most Google domains and tracking, but will allow some popular Google services to work, such as YouTube, Gmail, Google Search, Google CAPTCHAs, and Android App Notifications.

Basically, Zulu servers will allow some essential Google services to function that some people want to keep using; these services would track you and impact your privacy ONLY if you choose to use them; for example, Google search (www.google.com) cannot track your searches unless you specifically and knowingly use Google search and the same goes for YouTube, Gmail, etc.

With that said, Zulu DNS servers will still block most other Google services that run behind the scenes on many apps and sites that track you without your knowledge or consent (like Google fonts, tag manager, etc). In addition, the DNS servers will also block ads, online trackers, and known malware sites.

Alpha

The "Original" DeCloudUs DNS

Alpha DNS servers are the "original" DeCloudUs DNS Premium servers where Google services and tracking are completely blocked (to fully deGoogle/unGoogle your device or your entire life, if you wish). In addition, the servers will also block ads, online trackers, and known malware sites. If you are committed to your online privacy, this is a great way to protect your privacy whether you configure it on your browser, your device, or even your entire network, you can rest assured DeCloudUs Alpha DNS is blocking sites and services that can compromise your privacy without your knowledge.

Premium Echo

Advanced Blocking For Ads, Trackers, and Malware

Echo DNS servers give you a simple yet powerful way to enhance your online privacy and security. Echo servers block ads (including Google Ads), trackers (including all Google trackers), and known malware sites while leaving non-ad and non-tracker Google services and sites running. Echo DNS servers are best suited for devices or an entire home network where Google services are in wide use, but you still wish to enhance your privacy and online safety.

Premium+ Custom DNS!

Fully Control What Sites and Services to Block or Allow

As a Premium Plus subscriber, you get access to a fully-customizable DNS server. You have full control over what sites and services to block or allow with just a few clicks. Think of this as having your own, personal, private, ultra-secure DNS server in the cloud, except with no hassle.

As a baseline, the custom DNS server blocks all ads, trackers, and malware sites. By the click of a button, you can block all Google services, adult sites, social media sites, streaming Services, etc. In addition, you also control your own custom blocklist where you can add any additional domains or subdomains you wish to block.

To make things even more customizable, you also control your own whitelist where you can specify domains or subdomains you wish to allow. For example, if you opt to block all Google services, you can use the whitelist to allow specific Google domains for services you wish to keep using, giving you the ability to fully personalize everything that's blocked or allowed.

Premium and Premium+ are paid services. Echo will set you back $0.99 per month, and Premium+ will cost $1.66 per month. You can choose to pay with cryptocurrency to keep everything totally anonymous.

On the premium+ server, you can manually select also what services you'd like to block and what you'd like to use. Amazon, Facebook, TikTok, and the likes are options to block and as always what you don't use — block it!

The services work as advertised. It routs the DNS requests over their open-source server via Quad9 and Cloudflare. I am not a fan of Cloudflare, but DeCoudUs explains how this works pretty nicely.

DeCloudUs DNS resolvers use Quad9 and Cloudflare as upstream servers (after applying all the filtering rules). Each non-filtered query made to DeCloudUs DNS is forwarded to a different Quad9 or Cloudflare upstream server. Quad9 and Cloudflare ONLY see DeCloudUs as the "client" making the query. So, you make the DNS request to DeCloudUs DNS servers; then DeCloudUs resolvers will either filter/block it or DeCloudUs will go out to a number of public resolvers to get the DNS responses on your behalf and then hand these responses back to you. There is no way Quad9 or Cloudflare will ever know who actually made that request or you IP address.

Overall, this is an easy solution for Android phones, and people who just go into privacy. With a simple goal — DeGoogle and be protected from malware and other trackers. It is straightforward, and all software is open-source.