If you don't use an adblocker, you should start. Unlike television advertising, Internet ad networks are designed to track you across the web. One big way you can defend yourself against this is to install a good adblocker, like uBlock Origin (but not that uBlock shit. uBlock Origin ).
That's a good first step, but we can upgrade the blocking experience. If you want to really only get the essential traffic needed to get around on websites, learn to use "medium mode" ("Advanced Filtering"). This way you can block 3rd party JavaScript (code which executes in your web browser) and frames from being loaded. This filters out an amazing amount of junk, BUT it does require you to learn how to use the blocking feature better. It is not a "set-and-forget" option.
If you go into uBlock Origin's settings, check "I am an advanced user" to get access to these additional options, which you can read about here: https://github.com/gorhill/uBlock/wiki/Dynamic-filtering:-quick-guide
Screenshots for reference are in the link I posted, so the general guidance is like this: You want to globally block 3rd party JS and 3rd party frames. Press the "Lock" icon to save this preference. When you go to websites you will likely find things are broken, to varying levels of acceptance. If the website is broken and you cannot use it, you will want to find the domains which likely help serve the content you're trying to access (common domains include CloudFlare, Fastly, and CDNs generally). You can set the rule to neutral to follow normal uBlock rules (i.e. if it's loading something on the ad-list it will block it, otherwise allow it). If you're very lazy you can set the rules to neutral for all 3rd party JS/frames on the current site you're browsing. Remember, if you find the settings you want to keep press the lock.
That's it. Stay safe from surveillance capitalism!
Or if you make <300k queries a month and don't want to set up hardware yourself, use NextDNS. Paid plans are very cheap too and worth it imo. Easier to set up and use even when you're on the move.
Only if you want to trust a a third party with your browsing data.
You're already trusting your ISP with DNS queries. If your ISP doesn't provide their own DNS then they're likely sending your data to Google or Cloudflare, in which case NextDNS is significantly better. Sure, this is an extra party but it depends on your threat model I guess.
IMO the less parties involved the better. I use DoH so the only parties are me and Cloudflare.
How is
consistent with
if you're using Cloudflare?
In a DoH situation the only two parties involved aren't you and your DoH provider. Your ISP still knows the IPs of the sites you eventually visit after your DNS provider returns them. Reverse DNS lookups are fairly trivial for anyone inclined to set them up. So, again, depends on your threat model.
NextDNS offers DoH and DoT too, and is at par with or better than Cloudflare insomuch that they offer host-based blocking as well, let you choose whether you want logging enabled, and also let you choose whether you want to tunnel your queries through servers in jurisdictions that respect privacy. I'll admit that I also have reservations against Cloudflare because of their boner for centralizing the net and general hostility towards Tor users etc etc. but even objectively, aside from the fact that Cloudflare have ridiculous levels of infrastructure available to them, they offer no other net benefit over any other DoH provider, and might actively be counterproductive to the internet at large. It's not like any of the largeish DNS providers have a lot of downtime either that you would need the infrastructure advantage.
I was assuming that NextDNS was doing something like PiHole where it just forwards any DNS request it doesn't block to Cloudflare or something. If they are an alternative to Cloudflare then it might be a good idea. Guess I gotta find out if I can trust them more than Cloudflare.
Ah, fair. Yeah they're a DNS provider themselves, and just happen to have the sinkhole functionality that PiHole provides.