Protecting your home network for P1,000 a year
The internet used to be a safe place for geeks and nerds, until it became mainstream. Today, the internet is full of malicious actors using every trick in the book to ensure that it gets your data to sell, use against you (blackmail, ransom ware, doxxing), impersonate you (identity theft), or if they get your bank details, steal your money. In addition, the internet is also full of companies that take advantage of you by offering you “free” services, but in reality, collecting your data to manipulate your behaviour. How does one protect one’s self from these actors?
The first step is to ensure that you don’t feed these actors (malicious actors or companies) with your data. There are several ways to do this, like (1) subscribing to a VPN service (trustworthy VPN services are paid services, with some providing free access but for limited amount of traffic only), (2) using free browser plug-ins or extensions (but these are limited to the web browsers, those third-party applications are also prone to collecting your data and sharing it with these actors), or (3) deploying your own Pi-Hole.net instance on a Raspberry Pi to protect all devices that connect to your network (but this requires that you have money, although it is cheap at around P1,500 for a Raspberry Pi Zero kit, and time to configure and maintain it). Luckily, there is another solution that proves to be easier and more affordable, costing you around P1,000/year give or take — and I highly recommend everyone to check it out.
Cloud-based Solution
At less than P3.00/day, all your devices connecting to the network can be protected against these known actors. Currently, I know of two (2) services that function exactly like the Pi-Hole.net, but only on the cloud and that you won’t need to manage (keeping it all patched up and with the latest upgrades). These services are ControlD.com and NextDNS.io. I wrote about these before, but I couldn’t stress the importance of protecting your data and keeping it away from malicious actors and privacy-invasive, data-hungry companies.
The Setup
To set it up, all you need is to create an account on ControlD.com or NextDNS.io. After signing up, you will be given your own DNS IP addresses (IPv4 and IPv6, if your provider supports it, which no Philippine telco does, at least for consumer subscribers), as well as URLs for DNS-over-HTTPS and DNS-over-TLS. Use these IP addresses and configure your WiFi router’s DHCP server to use these IP addresses. Reboot your WiFi router so all your devices will reconnect and get the new DNS IP addresses. That is all there is to it.
Now that you have your home network prepared, go to the dashboard and turn on the filtering of known ads & trackers, clickbait sites, malware distribution sites, and more. You can even add your own URLs, e.g., weconnect.globe.com.ph, to filter.
Both provide limited time free trial, which I recommend that you take advantage of so you’d get a feel of which one is best for you.
The Take Away
With ControlD.com or NextDNS.io, every time your device accesses the internet, either through your web browser or a third-party application, all traffic that goes to sites you have filtered will be blocked, thereby not leaking any of your data.
In addition, neither of these services log any of your DNS queries, unless you turn on logging for debugging purposes. I use both ControlD.com and NextDNS.io, along with Pi-Hole.net instance in my home network. It might be overkill, yes, but each one has its own strengths, which I take advantage of.
If you have configured your home network to use either of these services, I would appreciate it if you can let me know at https://twitter.com/rom or https://social.up.edu.ph/@r. Thanks.