As posted in my guide:yes, found that one, but could not find the post with oisd.nl
I don't see an option in NextDNS to add oisd.nl
Lenny's 2021 intention: keep this setup for a year :-)
- Thread starter Lenny_Fox
- Start date
- Last updated
- Jul 11, 2021
- How it's used?
- For home and private use
- Operating system
- Windows 10
- On-device encryption
- Log-in security
-
- Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
- Security updates
- Allow security updates and latest features
- User Access Control
- Notify me only when programs try to make changes to my computer (do not dim my desktop)
- Smart App Control
- Network firewall
- Real-time security
-
- Software Restriction Policies similar to Hard Configurator recommended settings
- Microsoft Defender hardened through GPO similar to ConfigureDefender on MAX
- Firewall security
- Microsoft Defender Firewall
- About custom security
-
- NextDNS (Firefox)/Quad9 (Edge)
- Trend Micro Home Protect in TP-Link AC4000 router
- GPO hardening (disabling remote stuff and not used features)
- UAC deny elevation of unsigned programs
- ACL deny execute for Download Folder and Startup folders
- Enabled Smartscreen for Explorer (added run-by-smartscreen)
- Removed System and Admin ACL from quick backup documents folder on old HD (ransomware often goes for max rights)
- Tweaked exploit protection settings of Microsoft Defender
- Periodic malware scanners
-
Microsoft Malicious Software Removal Tool only combined with periodic Microsoft Defender scan enabled
- Malware sample testing
- I do not participate in malware testing
- Browser(s) and extensions
-
Edge with hardened profile running inprivate:
- Bruce blank tab (also works incognito)
- AdGuard with only my filters to deal with annoyances and Kees1958
Firefox with hardened user.js running incognito
- Etag Stoppa
- NoScript
... running in Sandboxie
- Secure DNS
-
Next DNS - Firefox
Quad9 - Edge
- Desktop VPN
-
Bullet VPN
- Password manager
-
None
- Maintenance tools
-
Process Explorer & Autoruns64
- File and Photo backup
-
Syncback Free
- System recovery
-
Restore points and Windows Image Backup for software.
Windows Data Backup for Documents only
Syncback for USB and Quick documents backup to old HD
Neushield daily mirrors for Quick documents backup folder
- Risk factors
-
- Working from home
- Browsing to popular websites
- Opening email attachments
- Buying from online stores, entering banks card details
- Streaming audio/video content from shady sites
- Computer specs
-
Self build from parts of old PC's from relatives
- Asus motherboard
- Intel i7 950 with 8 GB RAM
- NVidia GT730 fan-less video card
- Samsung 860 SSD (250 GB for OS)
- OCZ Vortex SSD (120 GB for Documents)
- Seagate 2 TB HDD for media files
- Western Digital 1 TB HDD for image backup and windows image & data backup
USB 2TB drive connected to Router to serv as NAS (router also has TrendMicro Home protect).
USB drive is swapped with off-line second off-line backup USB every month
- Notable changes
-
12-2-21
Added Neushield Data Sentinel Free and changed uMatrix for uBlock on Edge WDAG sandbox
16-3-21
Same extensions in Edge and WDAG sandbox: blank tab, uBlockOrigin and PopUpOff
23-3-21
Replaced uB0 with Adguard again
1-4-21
Only using Edge anti-tracking and NextDNS as adblocking for Edge (in normal = hardened mode)
2-4-21
Back to Adguard with Quad9 DNS and removed PopUpOff and NextDNS
22-4-21
Back to Next DNS and replaced Adguard with AddBlockPlus, disabled Edge Application Guard (I did not use it anymore).
23-4-21
Kaspersky Cloud Free stopped working for unknown reason, reverted back to Microsoft Defender
26-4-21
Replaced Adguard DNS filter with Next DNS ad & tracking blocklist
27-4-21
Added Adguard DNS filter again as only DNS level blocklist
29-4-21
Replaced AdblockPlus with SmartAdblock (which is also a popup blocker)
4-5-21
Next DNS ad filter blocked a coupon code, so back to no ad-fiters in DNS. Added Kees1958 most commen EU-US, and set Edge anti-tracking to default again
11-7-21
Added Firefox with priivacy hardened user.js an sandboxie
- What I'm looking for?
-
Looking for maximum feedback.
- Oct 1, 2019
- 1,120
@SecurityNightmares
Half a million block rules is a bit over the top, my Chinese and Russian is limited to cheers and hello, so I will pass on this one. Thanks for helping me out
/L
Half a million block rules is a bit over the top, my Chinese and Russian is limited to cheers and hello, so I will pass on this one. Thanks for helping me out
/L
you don't get any disadvantage with big lists in NextDNS.
I use and recommend OISD because of little false positives.
- Apr 1, 2019
- 2,868
I’ve also been using this list and haven’t had to whitelist anything and it blocks almost everything.
- Oct 1, 2019
- 1,120
@blackice and @SecurityNightmares
I tried the oisd blocklist with NextDNS ad&trackibg protection. This is what uB0 reports
Now without NextDNS fllters and only Kees1958 most prevalent EU-US (+/- 3550).
I will stick to my "less is more" NextDNS only blocks 11 (29-18) with nearly 600K rules, while Kees1958 with 3.5 K rules blocks 20 (29-9)
I tried the oisd blocklist with NextDNS ad&trackibg protection. This is what uB0 reports
Now without NextDNS fllters and only Kees1958 most prevalent EU-US (+/- 3550).
I will stick to my "less is more"
NextDNS only blocks 11 (29-18) with nearly 600K rules, while Kees1958 with 3.5 K rules blocks 20 (29-9)
Last edited by a moderator:
- Jul 5, 2019
- 607
According to the NextDNS log, OISD blocks on CNN International - Breaking News, US News, World News and Video (only) these items:@blackice and @SecurityNightmares
I tried the oisd blocklist with NextDNS ad&trackibg protection. This is what uB0 reports
View attachment 255373
Now without NextDNS fllters and only Kees1958 most prevalent EU-US (+/- 3550).
View attachment 255374
I will stick to my "less is more"
- Oct 1, 2019
- 1,120
Your comparison doesn't work.@blackice and @SecurityNightmares
I tried the oisd blocklist with NextDNS ad&trackibg protection. This is what uB0 reports
View attachment 255373
Now without NextDNS fllters and only Kees1958 most prevalent EU-US (+/- 3550).
View attachment 255374
I will stick to my "less is more"
NextDNS is only DNS based while Kees' list is for browser adblock extension which can block website elements and third-party only on-site X but not site Y.
- Oct 1, 2019
- 1,120
Now I am lost, I use the ABP format which has @third-party, so tracker.com should be blocked on site X and site Y?
(that is why I added Adguard Cname blocklist and first-party servers to blok (cloaked) first party adservers)
First: what want you archive?
The third-party rules block the respective domain only on the respective page, instead of everywhere - to avoid false positives. however, the effort of such maintenance is usually too great / too error prone.
AdGuard use bigger CNAME list because they don't handle that in same effective way NextDNS does.
- Oct 1, 2019
- 1,120
Mhh I am very happy with the performance of Kees1958 most common list.
On for instance CNN and a Dutch news websites NU.nl and RTL nieuws, this small list performs as well as uBO default.
So I let my real world results prefer over theoretical benfits (as blocking ads and trackers on Russian, Hungariian, Letvian, Chinese websites and all other languages I don't speak )
On for instance CNN and a Dutch news websites NU.nl and RTL nieuws, this small list performs as well as uBO default.
So I let my real world results prefer over theoretical benfits (as blocking ads and trackers on Russian, Hungariian, Letvian, Chinese websites and all other languages I don't speak
)
- Oct 1, 2019
- 1,120
Update: I found a way to measure the effectiveness of blocklist. I experimented today with it and it seems to work.
I have enabled domain logging in Next DNS keeping the logs for a month. I Imported the report to Excel spreadsheet. Strip out all unnecessary stuff with find+replace manually. Sort the domains and add a counter for how many times this domains is present (comparing it with the next row, when same add one to counter). In an extra column I will check whether the occurrence number of the next row is higher, when true the reference number will be updated (will ne done in a loop until next value is not greater any more). Next step is to remove double values.
This list of domains is matched with the stripped domains of a blocklist. By adding them to log-list I can find the double values. This gives me insight on how efective a blocklist was for me. This analysis made me drop the AdGuard first-party tracking lists for ad-servers and trackers. Incredible how such a small blocklist as Kees198 is so effective (in combination with Next DNS blocking cname trackers).
I noticed that the Kees1958 blocklist is updated a lot last weeks, many domains dropped, but there were also domains added (@SecurityNightmares is this due to the cleanup you mentioned earlier due to using a faulted source)?
I know I have enough HTML, CSS, Javascript knowledge to write rules for my own (I always search for rules on domain name in easylist and adguard list before writing own rules) 95% of my own rules are copied from Easylist and/or Adguard. Just click on the eye icon in UB0 and search for the domain you are having problems with.
I have enabled domain logging in Next DNS keeping the logs for a month. I Imported the report to Excel spreadsheet. Strip out all unnecessary stuff with find+replace manually. Sort the domains and add a counter for how many times this domains is present (comparing it with the next row, when same add one to counter). In an extra column I will check whether the occurrence number of the next row is higher, when true the reference number will be updated (will ne done in a loop until next value is not greater any more). Next step is to remove double values.
This list of domains is matched with the stripped domains of a blocklist. By adding them to log-list I can find the double values. This gives me insight on how efective a blocklist was for me. This analysis made me drop the AdGuard first-party tracking lists for ad-servers and trackers. Incredible how such a small blocklist as Kees198 is so effective (in combination with Next DNS blocking cname trackers).
I noticed that the Kees1958 blocklist is updated a lot last weeks, many domains dropped, but there were also domains added (@SecurityNightmares is this due to the cleanup you mentioned earlier due to using a faulted source)?
I know I have enough HTML, CSS, Javascript knowledge to write rules for my own (I always search for rules on domain name in easylist and adguard list before writing own rules) 95% of my own rules are copied from Easylist and/or Adguard. Just click on the eye icon in UB0 and search for the domain you are having problems with.
Last edited:
Right.
I don't know if Kees' is already done with cleaning through.
- Oct 1, 2019
- 1,120
- Oct 1, 2019
- 1,120
Back to AdGuard again (droped uBo). The rule wizzard now has a new option "block by link". For someone running Kees1958 blocklist only, I like this extra feature to create user rules with "Block ads on this website"
- Oct 1, 2019
- 1,120
Okay streamlined my setup again.
The combination Kaspersky Cloud Free and Neushield Data Sentinel Free is a keeper. They both got a thumbs up from @cruelsister (Kaspersky's system watcher and Neushield Data Sentinel) and work so differently that any incompatibility is very unlikely. Impact of Neushield on system performance is not noticeable.
I use SyncBack Free for ad hoc backups of my Documents and Mail (documents, mail and media files are backed up to offline USB disk periodically). Neushield only protects my quick backup drive (and old spare harddisk). Neushield's mirror shielding works well with file-change based backups like Syncback. @Gandalf_The_Grey reported Neushield does not play with concatenated-incremental-backup type applications because it probably considers the backup-archive as a gigantic file which has to be mirrored.
I used two Edge profiles. A default profile and a hardened profile. Nowadays I only use the hardened profile (with most site permissions on block). Even with anti-tracking on strict online buying, boooking and banking works well. I use only two extensions Blank Tab and PopUpOff. Blank Tab is only enabled on New Tab and PopUpOff is only enabled on web sites for which I need the pop-up blocker (e.g. Google search, maps and Youtube) or the anti-paid feature (Volkskrant). Because both New Tab and PopUpOff are disabled for websites I use for buying & banking I dropped the default profile (without extensions).
I followed the advise of @SecurityNightmares (and @Jan Willy and @blackice ) to enable the oisd.nl blocklist in NextDNS. I added some websites to NextDNS blocklist (e.g. Ster.nl) to compensate for Edge anti-tracking limited configurability. I use the hardened Edge profile with NextDNS and the Edge Application Guard with BulletVPN. This is the reason I still use AdGuardd extension with Edge build in on default and Smartscreen disabled (I have AdGuard malware protection eneabled). AdGuard's malware protection (even the extension version) uses a privacy respecting URL check (unlike Smartscreen which sends the URL).
Reason for moving from uBO to Adguard (again) is that I am not using an adblocking extensions anymore for daily browsing (Edge anti-tracking plus NextDNS do the job). Thanks to @RomanistHere excellent PopUpOff extension, I don't need an adblocking extension to deal with Google annoyances. I use BulletVPN with Edge Application Guard, so I prefer AdGuard's stealth mode and phishing protection for better privacy over BlockOrigin (and smartscreen).
With Edge Application Guard I use AdGuard and PopUpOff. The blocklists I use in Adguard are Kees1958 most prevalent EU-US (link), Easylist adservers (link), AdGuard disguised trackers (link) & first-party ads (link) & first-party trackers (link). I don't need annoyances and popup filters because I also use PopUpOff in moderate mode-strict.
May be I will be keeping this combo (Kaspersky Cloud Free and Neushield Data Sentinel) in 2022 also, first lets see whether I can resists changing extensions for a month
The combination Kaspersky Cloud Free and Neushield Data Sentinel Free is a keeper. They both got a thumbs up from @cruelsister (Kaspersky's system watcher and Neushield Data Sentinel) and work so differently that any incompatibility is very unlikely. Impact of Neushield on system performance is not noticeable.
I use SyncBack Free for ad hoc backups of my Documents and Mail (documents, mail and media files are backed up to offline USB disk periodically). Neushield only protects my quick backup drive (and old spare harddisk). Neushield's mirror shielding works well with file-change based backups like Syncback. @Gandalf_The_Grey reported Neushield does not play with concatenated-incremental-backup type applications because it probably considers the backup-archive as a gigantic file which has to be mirrored.
I used two Edge profiles. A default profile and a hardened profile. Nowadays I only use the hardened profile (with most site permissions on block). Even with anti-tracking on strict online buying, boooking and banking works well. I use only two extensions Blank Tab and PopUpOff. Blank Tab is only enabled on New Tab and PopUpOff is only enabled on web sites for which I need the pop-up blocker (e.g. Google search, maps and Youtube) or the anti-paid feature (Volkskrant). Because both New Tab and PopUpOff are disabled for websites I use for buying & banking I dropped the default profile (without extensions).
I followed the advise of @SecurityNightmares (and @Jan Willy and @blackice ) to enable the oisd.nl blocklist in NextDNS. I added some websites to NextDNS blocklist (e.g. Ster.nl) to compensate for Edge anti-tracking limited configurability. I use the hardened Edge profile with NextDNS and the Edge Application Guard with BulletVPN. This is the reason I still use AdGuardd extension with Edge build in on default and Smartscreen disabled (I have AdGuard malware protection eneabled). AdGuard's malware protection (even the extension version) uses a privacy respecting URL check (unlike Smartscreen which sends the URL).
Reason for moving from uBO to Adguard (again) is that I am not using an adblocking extensions anymore for daily browsing (Edge anti-tracking plus NextDNS do the job). Thanks to @RomanistHere excellent PopUpOff extension, I don't need an adblocking extension to deal with Google annoyances. I use BulletVPN with Edge Application Guard, so I prefer AdGuard's stealth mode and phishing protection for better privacy over BlockOrigin (and smartscreen).
With Edge Application Guard I use AdGuard and PopUpOff. The blocklists I use in Adguard are Kees1958 most prevalent EU-US (link), Easylist adservers (link), AdGuard disguised trackers (link) & first-party ads (link) & first-party trackers (link). I don't need annoyances and popup filters because I also use PopUpOff in moderate mode-strict.
May be I will be keeping this combo (Kaspersky Cloud Free and Neushield Data Sentinel) in 2022 also, first lets see whether I can resists changing extensions for a month
Last edited:
- Oct 1, 2019
- 1,120
Okay streamlined my setup again.
I used two Edge profiles. A default profile and a hardened profile. Nowadays I only use the hardened profile (with most site permissions on block). Even with anti-tracking on strict online buying, boooking and banking works well. I use only two extensions Blank Tab and PopUpOff. Blank Tab is only enabled on New Tab and PopUpOff is only enabled on web sites for which I need the pop-up blocker (e.g. Google search, maps and Youtube) or the anti-paid feature (Volkskrant). Because both New Tab and PopUpOff are disabled for websites I use for buying & banking I dropped the default profile (without extensions).
I followed the advise of @SecurityNightmares (and @Jan Willy and @blackice ) to enable the oisd.nl blocklist in NextDNS. I added some websites to NextDNS blocklist (e.g. Ster.nl) to compensate for Edge anti-tracking limited configurability. I use the hardened Edge profile with NextDNS and the Edge Application Guard with BulletVPN. This is the reason I still use AdGuardd extension with Edge build in on default and Smartscreen disabled (I have AdGuard malware protection eneabled). AdGuard's malware protection (even the extension version) uses a privacy respecting URL check (unlike Smartscreen which sends the URL).
Reason for moving from uBO to Adguard (again) is that I am not using an adblocking extensions anymore for daily browsing (Edge anti-tracking plus NextDNS do the job). Thanks to @RomanistHere excellent PopUpOff extension, I don't need an adblocking extension to deal with Google annoyances. I use BulletVPN with Edge Application Guard, so I prefer AdGuard's stealth mode and phishing protection for better privacy over BlockOrigin (and smartscreen).
With Edge Application Guard I use AdGuard and PopUpOff. The blocklists I use in Adguard are Kees1958 most prevalent EU-US (link), Easylist adservers (link), AdGuard disguised trackers (link) & first-party ads (link) & first-party trackers (link). I don't need annoyances and popup filters because I also use PopUpOff in moderate mode-strict.
May be I will be keeping this combo (Kaspersky Cloud Free and Neushield Data Sentinel) in 2022 also, first lets see whether I can resists changing extensions for a month
just when i thought I had figured it all out Google updated its annoyances policy with a new consent prompt (which PopUpOff misses) and NextDNS lagged terribly this evening, so back to Adguard and Quad9 DNS BlankTab (removed PopUpOff and replaced NextDNS). Edge hardened and Edge Application Guard now have same extensions and settings (except for smartscreen)
Note: I have kept Kaspersky Cloud Free and Neushield Data Sentinel Free, so back bone of my security setup remains the same and has been stable since december 2020 (only extensions and DNS changed),
Last edited:
- Oct 1, 2019
- 1,120
@SecurityNightmares thanks for the info, but I am not changing back again.
- Apr 1, 2019
- 2,868
Understandable, I really liked Cloudflare until my work VPN would sometimes just not resolve the IP out of the blue. A big problem when working from home. I mostly like the ability to check logs for my household’s queries and the service seems reliable for me. The filtering is a bonus, especially on mobile. I’m not worried about privacy anymore, sick of the cat and mouse game. They will always find ways to track, and I’m not worried about being advertised to (outside of malvertising). I view the internet as a public place, and do my best to blend in.
Similar threads
