Advice Request Windscribe ControlID - has anyone used it, if so what do you think of it?

Please provide comments and solutions that are helpful to the author of this topic.

Stopspying

Level 19
Thread author
Verified
Top Poster
Well-known
Jan 21, 2018
814
Windscribe have recently launched ControlD - Control Your Internet

"Choose from 15 categories of filters that block ads, malware, adult content, IoT beacons, gambling sites and much more. Our bespoke block lists are extremely effective, but will not hinder your browsing experience due to false positives."

I have a Windscribe account, but it is not the VPN that I use the most. I also have AdGuard and much of what Windscribe is offering here is managed on my machines by that. However I am curious to hear what anyone who has used ControlID thinks of it so far. Do any of you have any views on it yet?

I am particularly interested in how well the feature that bypasses Geo-Blocking works - "Sites block access to content for people in the "wrong" country. ControlD operates a network of proxy servers in over 100 locations that can help you appear to be in the "correct" country and enjoy local content."
ControlID settings.png
 
Last edited by a moderator:

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
"ControlD is a new DNS service by the makers of Windscribe VPN"
ControlD Paid plans

Paid plans introduce new customization options to the service. Customers may select between 14 categories to block, use proxy servers in 60 countries to tunnel some browsing activity (and access geo-restricted content), and maintain a remote hosts file for IP spoofing.

Some features, like the ability to create custom block profiles, are known from other advanced DNS services. The ability to use proxy servers for SMART DNS functionality is an interesting addition, especially since it can be used for specific sites, e.g. Netflix, HBO or BBC.

The scheduling option works like a temporary blocker, e.g. to block social media access while working or studying.

The two paid plans, Some Control and Full Control, are available for $20 and $40 per year. The only distinguishing factor is that the full control plan includes proxy server access while the some control plan does not.
Legacy DNS​
DNS-over-HTTPS​
DNS-over-TLS​
Unfiltered​
76.76.2.0​
p0.freedns.controld.com​
Block Malware​
76.76.2.1​
p1.freedns.controld.com​
Block Malware, Ads​
76.76.2.2​
p2.freedns.controld.com​
Block Malware, Ads and Social​
76.76.2.3​
p3.freedns.controld.com​
 

windscribe

From Windscribe
Verified
Developer
Well-known
Dec 28, 2016
121
Its pretty much Windscribe R.O.B.E.R.T in a new dress , If you use Windscribe and uBlock Origin u dont realy need to pay for this at all ....
That is not true. There are no services like ControlD out there right now. Here is something you can do with ControlD that you can't do with Windscribe (or NextDNS, Pi-Hole, Adguard, or any "Smart" DNS service).

Unlock all geo-restricted services in all countries, simultaneously:

Create custom rules for individual domains and redirect them through all Windscribe locations, all at the same time:



Or enable Global Proxy and proxy all HTTP traffic with nothing but DNS, no apps required.

There are 2 plans: DNS only - costs the same as NextDNS and has similar features (multi-device support is coming next). Proxy plan, it costs double, but you can do all kinds of magic with it. There is a 1 month trial, give it a shot. I think you will be pleasantly surprised.

There are also free community resolvers, that will enforce Windscribe's blocklists, all without an account, free forever. This is DNS only, no proxy access.
 
Last edited:

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
Last edited:

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
That is not true. There are no services like ControlD out there right now. Here is something you can do with ControlD that you can't do with Windscribe (or NextDNS, Pi-Hole, Adguard, or any "Smart" DNS service).

Unlock all geo-restricted services in all countries, simultaneously:

Create custom rules for individual domains and redirect them through all Windscribe locations, all at the same time:



Or enable Global Proxy and proxy all HTTP traffic with nothing but DNS, no apps required.

There are 2 plans: DNS only - costs the same as NextDNS and has similar features (multi-device support is coming next). Proxy plan, it costs double, but you can do all kinds of magic with it. There is a 1 month trial, give it a shot. I think you will be pleasantly surprised.

There are also free community resolvers, that will enforce Windscribe's blocklists, all without an account, free forever. This is DNS only, no proxy access.


Fantastic, I am testing it and so far I am impressed, minus Crunchyroll, the geo-restricted bypasser just worked fine and the resolution speed is on par or even faster than Cloudflare/Google DNS.

Is there any discount for long time brazilian Windscribe users? :p
 

windscribe

From Windscribe
Verified
Developer
Well-known
Dec 28, 2016
121
is there any info as to where your threat intelligence is coming from?
We compile a list from several online sources, you probably heard about some of them. In talk with Spamhaus to add the DBL lis.


I’d like to know this as well.

Also, is there an ability to have multiple profiles like on NextDNS?
This is the next major thing on our todo list once we finish the current milestone of work: Multiple device support · ControlD Feedback


I see in the blurb you don't recommend using a VPN with ControlID? Does this mean you don't feel a VPN including your own is useful anymore? + No PayPal?
No, it will cause unexpected behavior depending on the device and DNS protocol you're using. FAQ

If you really want to, and you know what you're doing, you can use it with a VPN.

Fantastic, I am testing it and so far I am impressed, minus Crunchyroll, the geo-restricted bypasser just worked fine and the resolution speed is on par or even faster than Cloudflare/Google DNS.

Is there any discount for long time brazilian Windscribe users? :p

Crunchyroll issue has been fixed.
 

CyberDevil

Level 6
Verified
Well-known
Apr 4, 2021
252
We compile a list from several online sources, you probably heard about some of them. In talk with Spamhaus to add the DBL lis.
How about Google Safe Browsing and maybe Yandex Safe Browsing? To disable these services in browsers and use only the service from DNS.

Also maybe I don't quite understand, but in the user rules there are only three options: block, redirect, bypass, but there is no allow function? That is, to open the site through a proxy and not to block it. Is it possible to implement this feature? :)
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
@windscribe thanks for the reply. Although multiple device support is great it is an issue for a router than only supports ‘legacy dns’. For NextDNS I can link the IP of my house to the service and use whatever filters for that to manage the whole house filtering. And then manage individual devices that can handle DoH or DoT as necessary. I suppose a work around would be your free DNS with malware filtering and then manage each device that supports encrypted DNS, but it would be nice to be able to filter the router based on the IP. I will also keep bugging the router manufacturer to add DoH/DoT support.
 

n8chavez

Level 16
Well-known
Feb 26, 2021
785
There are things I like about ControlD better, and there are things I like about NextDNS better. As has been mentioned here, multiple device support and better granularity of the filter lists, as well as analytics and logging, are better with NextDNS. But the custom rules, bypassing of services and whitelisting and global proxy are better with ControlD. I am curious though, why is a VPN not recommended in conjunction with ControlD? If it is to prevent dueling-dns-services, why not just set ControlD up as a custom dns server in your VPN app? Anyway, both these services seems really cool, and warrant further tinkering.
 

Lord Ami

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 14, 2014
1,026
I am curious though, why is a VPN not recommended in conjunction with ControlD? If it is to prevent dueling-dns-services, why not just set ControlD up as a custom dns server in your VPN app? Anyway, both these services seems really cool, and warrant further tinkering.

Should I use this with a VPN?
It depends, but you probably shouldn't. On most devices and with most VPNs, it's simply not going to do anything, since when you connect to a VPN, you usually end up using the DNS server pushed by your VPN provider. There are exceptions to this, like Private DNS on Android, or if you configure DoH directly in the browser.

If you end up using Global Proxy or the unlocking capabilities of ControlD, using a VPN will slow everything down since you will end up triple proxying all your traffic. If that's something that you want, then by all means do it, but the performance will suffer.
 

windscribe

From Windscribe
Verified
Developer
Well-known
Dec 28, 2016
121
How about Google Safe Browsing and maybe Yandex Safe Browsing? To disable these services in browsers and use only the service from DNS.

Also maybe I don't quite understand, but in the user rules there are only three options: block, redirect, bypass, but there is no allow function? That is, to open the site through a proxy and not to block it. Is it possible to implement this feature? :)
Redirect rule will do exactly what you want.

@windscribe thanks for the reply. Although multiple device support is great it is an issue for a router than only supports ‘legacy dns’. For NextDNS I can link the IP of my house to the service and use whatever filters for that to manage the whole house filtering. And then manage individual devices that can handle DoH or DoT as necessary. I suppose a work around would be your free DNS with malware filtering and then manage each device that supports encrypted DNS, but it would be nice to be able to filter the router based on the IP. I will also keep bugging the router manufacturer to add DoH/DoT support.
ControlD links your IPs automatically when you interact with the website OR when you use DoH/DoT. It will work in parallel from your home IP using legacy DNS, your phone using DoT on cellular, and your roaming laptop using DoH on a random hotspot. In cases of your IP changing on your home network, and you're forced to use Legacy DNS because there is no support for DoH/DoT, what you can do is configure DoH directly in the browser that you use on this network, or something that generates DNS traffic. If your IP suddenly changes, the DoH/DoT query from your home network will authorize your IP to use Legacy DNS. This eliminates the need for Dynamic DNS setups using 3rd party services.

There are things I like about ControlD better, and there are things I like about NextDNS better. As has been mentioned here, multiple device support and better granularity of the filter lists, as well as analytics and logging, are better with NextDNS. But the custom rules, bypassing of services and whitelisting and global proxy are better with ControlD. I am curious though, why is a VPN not recommended in conjunction with ControlD? If it is to prevent dueling-dns-services, why not just set ControlD up as a custom dns server in your VPN app? Anyway, both these services seems really cool, and warrant further tinkering.
Multi-device support will be added by end of June, we didn't want to hold back the release for this. We're against analytics as that requires query logging for all your activity. This is why the query log you can enable only lasts for 2hrs, and it's not stored in any permanent place. It's streamed directly from the process memory into your browser with no permanent storage. This is a Windscribe product after all....

Ad for granular blocklists, less is more in this case. We do not expose individual community blocklists, because they are riddled with false positives and have no meaning for most people. Nobody knows what they are or what the difference is unless they're super into Pi-Hole, DNS, etc. 99% of people are not.

Our blocklists are based on top of 27 different lists (~1M domains), with our own blocklists added on top, and most importantly false positives removed based on 2 years of community feedback from millions of Windscribe users. Our combined lists are much more effective than random Github lists you're probably using. Those lists are compiled by people as a hobby, we do this for a living and we have a large community that reports issues to us. Our custom whitelist has thousands of domains that are falsely blocked by most community lists.

I recommend just using our list, and see for yourself.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top