Q&A Windscribe ControlID - has anyone used it, if so what do you think of it?

Stopspying

Level 14
Verified
Jan 21, 2018
624
Windscribe have recently launched ControlD - Control Your Internet

"Choose from 15 categories of filters that block ads, malware, adult content, IoT beacons, gambling sites and much more. Our bespoke block lists are extremely effective, but will not hinder your browsing experience due to false positives."

I have a Windscribe account, but it is not the VPN that I use the most. I also have AdGuard and much of what Windscribe is offering here is managed on my machines by that. However I am curious to hear what anyone who has used ControlID thinks of it so far. Do any of you have any views on it yet?

I am particularly interested in how well the feature that bypasses Geo-Blocking works - "Sites block access to content for people in the "wrong" country. ControlD operates a network of proxy servers in over 100 locations that can help you appear to be in the "correct" country and enjoy local content."
ControlID settings.png
 
Last edited by a moderator:

silversurfer

Level 74
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,314
"ControlD is a new DNS service by the makers of Windscribe VPN"
ControlD Paid plans

Paid plans introduce new customization options to the service. Customers may select between 14 categories to block, use proxy servers in 60 countries to tunnel some browsing activity (and access geo-restricted content), and maintain a remote hosts file for IP spoofing.

Some features, like the ability to create custom block profiles, are known from other advanced DNS services. The ability to use proxy servers for SMART DNS functionality is an interesting addition, especially since it can be used for specific sites, e.g. Netflix, HBO or BBC.

The scheduling option works like a temporary blocker, e.g. to block social media access while working or studying.

The two paid plans, Some Control and Full Control, are available for $20 and $40 per year. The only distinguishing factor is that the full control plan includes proxy server access while the some control plan does not.
Legacy DNS​
DNS-over-HTTPS​
DNS-over-TLS​
Unfiltered​
76.76.2.0​
p0.freedns.controld.com​
Block Malware​
76.76.2.1​
p1.freedns.controld.com​
Block Malware, Ads​
76.76.2.2​
p2.freedns.controld.com​
Block Malware, Ads and Social​
76.76.2.3​
p3.freedns.controld.com​
 

windscribe

From Windscribe
Verified
Developer
Dec 28, 2016
91
Its pretty much Windscribe R.O.B.E.R.T in a new dress , If you use Windscribe and uBlock Origin u dont realy need to pay for this at all ....
That is not true. There are no services like ControlD out there right now. Here is something you can do with ControlD that you can't do with Windscribe (or NextDNS, Pi-Hole, Adguard, or any "Smart" DNS service).

Unlock all geo-restricted services in all countries, simultaneously:
Create custom rules for individual domains and redirect them through all Windscribe locations, all at the same time:


Or enable Global Proxy and proxy all HTTP traffic with nothing but DNS, no apps required.

There are 2 plans: DNS only - costs the same as NextDNS and has similar features (multi-device support is coming next). Proxy plan, it costs double, but you can do all kinds of magic with it. There is a 1 month trial, give it a shot. I think you will be pleasantly surprised.

There are also free community resolvers, that will enforce Windscribe's blocklists, all without an account, free forever. This is DNS only, no proxy access.
 
Last edited:

Cortex

Level 26
Verified
Aug 4, 2016
1,500
Last edited:

Nightwalker

Level 22
Verified
Trusted
Content Creator
May 26, 2014
1,157
That is not true. There are no services like ControlD out there right now. Here is something you can do with ControlD that you can't do with Windscribe (or NextDNS, Pi-Hole, Adguard, or any "Smart" DNS service).

Unlock all geo-restricted services in all countries, simultaneously:
Create custom rules for individual domains and redirect them through all Windscribe locations, all at the same time:


Or enable Global Proxy and proxy all HTTP traffic with nothing but DNS, no apps required.

There are 2 plans: DNS only - costs the same as NextDNS and has similar features (multi-device support is coming next). Proxy plan, it costs double, but you can do all kinds of magic with it. There is a 1 month trial, give it a shot. I think you will be pleasantly surprised.

There are also free community resolvers, that will enforce Windscribe's blocklists, all without an account, free forever. This is DNS only, no proxy access.

Fantastic, I am testing it and so far I am impressed, minus Crunchyroll, the geo-restricted bypasser just worked fine and the resolution speed is on par or even faster than Cloudflare/Google DNS.

Is there any discount for long time brazilian Windscribe users? :p
 

windscribe

From Windscribe
Verified
Developer
Dec 28, 2016
91
is there any info as to where your threat intelligence is coming from?
We compile a list from several online sources, you probably heard about some of them. In talk with Spamhaus to add the DBL lis.


I’d like to know this as well.

Also, is there an ability to have multiple profiles like on NextDNS?
This is the next major thing on our todo list once we finish the current milestone of work: Multiple device support · ControlD Feedback


I see in the blurb you don't recommend using a VPN with ControlID? Does this mean you don't feel a VPN including your own is useful anymore? + No PayPal?
No, it will cause unexpected behavior depending on the device and DNS protocol you're using. FAQ

If you really want to, and you know what you're doing, you can use it with a VPN.

Fantastic, I am testing it and so far I am impressed, minus Crunchyroll, the geo-restricted bypasser just worked fine and the resolution speed is on par or even faster than Cloudflare/Google DNS.

Is there any discount for long time brazilian Windscribe users? :p

Crunchyroll issue has been fixed.
 

CyberDevil

Level 2
Apr 4, 2021
83
We compile a list from several online sources, you probably heard about some of them. In talk with Spamhaus to add the DBL lis.
How about Google Safe Browsing and maybe Yandex Safe Browsing? To disable these services in browsers and use only the service from DNS.

Also maybe I don't quite understand, but in the user rules there are only three options: block, redirect, bypass, but there is no allow function? That is, to open the site through a proxy and not to block it. Is it possible to implement this feature? :)
 

blackice

Level 33
Verified
Apr 1, 2019
2,198
@windscribe thanks for the reply. Although multiple device support is great it is an issue for a router than only supports ‘legacy dns’. For NextDNS I can link the IP of my house to the service and use whatever filters for that to manage the whole house filtering. And then manage individual devices that can handle DoH or DoT as necessary. I suppose a work around would be your free DNS with malware filtering and then manage each device that supports encrypted DNS, but it would be nice to be able to filter the router based on the IP. I will also keep bugging the router manufacturer to add DoH/DoT support.
 

n8chavez

Level 2
Feb 26, 2021
73
There are things I like about ControlD better, and there are things I like about NextDNS better. As has been mentioned here, multiple device support and better granularity of the filter lists, as well as analytics and logging, are better with NextDNS. But the custom rules, bypassing of services and whitelisting and global proxy are better with ControlD. I am curious though, why is a VPN not recommended in conjunction with ControlD? If it is to prevent dueling-dns-services, why not just set ControlD up as a custom dns server in your VPN app? Anyway, both these services seems really cool, and warrant further tinkering.
 

Lord Ami

Level 20
Verified
Trusted
Malware Hunter
Sep 14, 2014
969
I am curious though, why is a VPN not recommended in conjunction with ControlD? If it is to prevent dueling-dns-services, why not just set ControlD up as a custom dns server in your VPN app? Anyway, both these services seems really cool, and warrant further tinkering.

Should I use this with a VPN?
It depends, but you probably shouldn't. On most devices and with most VPNs, it's simply not going to do anything, since when you connect to a VPN, you usually end up using the DNS server pushed by your VPN provider. There are exceptions to this, like Private DNS on Android, or if you configure DoH directly in the browser.

If you end up using Global Proxy or the unlocking capabilities of ControlD, using a VPN will slow everything down since you will end up triple proxying all your traffic. If that's something that you want, then by all means do it, but the performance will suffer.
 

windscribe

From Windscribe
Verified
Developer
Dec 28, 2016
91
How about Google Safe Browsing and maybe Yandex Safe Browsing? To disable these services in browsers and use only the service from DNS.

Also maybe I don't quite understand, but in the user rules there are only three options: block, redirect, bypass, but there is no allow function? That is, to open the site through a proxy and not to block it. Is it possible to implement this feature? :)
Redirect rule will do exactly what you want.

@windscribe thanks for the reply. Although multiple device support is great it is an issue for a router than only supports ‘legacy dns’. For NextDNS I can link the IP of my house to the service and use whatever filters for that to manage the whole house filtering. And then manage individual devices that can handle DoH or DoT as necessary. I suppose a work around would be your free DNS with malware filtering and then manage each device that supports encrypted DNS, but it would be nice to be able to filter the router based on the IP. I will also keep bugging the router manufacturer to add DoH/DoT support.
ControlD links your IPs automatically when you interact with the website OR when you use DoH/DoT. It will work in parallel from your home IP using legacy DNS, your phone using DoT on cellular, and your roaming laptop using DoH on a random hotspot. In cases of your IP changing on your home network, and you're forced to use Legacy DNS because there is no support for DoH/DoT, what you can do is configure DoH directly in the browser that you use on this network, or something that generates DNS traffic. If your IP suddenly changes, the DoH/DoT query from your home network will authorize your IP to use Legacy DNS. This eliminates the need for Dynamic DNS setups using 3rd party services.

There are things I like about ControlD better, and there are things I like about NextDNS better. As has been mentioned here, multiple device support and better granularity of the filter lists, as well as analytics and logging, are better with NextDNS. But the custom rules, bypassing of services and whitelisting and global proxy are better with ControlD. I am curious though, why is a VPN not recommended in conjunction with ControlD? If it is to prevent dueling-dns-services, why not just set ControlD up as a custom dns server in your VPN app? Anyway, both these services seems really cool, and warrant further tinkering.
Multi-device support will be added by end of June, we didn't want to hold back the release for this. We're against analytics as that requires query logging for all your activity. This is why the query log you can enable only lasts for 2hrs, and it's not stored in any permanent place. It's streamed directly from the process memory into your browser with no permanent storage. This is a Windscribe product after all....

Ad for granular blocklists, less is more in this case. We do not expose individual community blocklists, because they are riddled with false positives and have no meaning for most people. Nobody knows what they are or what the difference is unless they're super into Pi-Hole, DNS, etc. 99% of people are not.

Our blocklists are based on top of 27 different lists (~1M domains), with our own blocklists added on top, and most importantly false positives removed based on 2 years of community feedback from millions of Windscribe users. Our combined lists are much more effective than random Github lists you're probably using. Those lists are compiled by people as a hobby, we do this for a living and we have a large community that reports issues to us. Our custom whitelist has thousands of domains that are falsely blocked by most community lists.

I recommend just using our list, and see for yourself.
 
Top