1. Install the DNSCloak App on your iPhone / iPad

2. Select adfree.usableprivacy.net as your default DoH server

On Thursday, the 27th of June 2024, an operational error lead to an automated wipe of the entire UP DNS production infrastructure. The complete redeployment of the UP DNS infrastructure completed after two days. In the course of this operational outage, the entire infrastructure was improved.

DNS Stamp

We run a public privacy-protecting DNS server with advertising, tracker, and malware filtering. The Usable Privacy DNS (updns) service is accessible via the encrypted DoH and DoT protocols. We use the unified hosts from StevenBlack to filter unwanted domains.

How to use the Usable Privacy DNS Services

Privacy Policy

1. We do not log client IPs, requested domains or any other personally-identifiable information.

2. We aggregate information on filtered domains and geolocation for user protection.

Open Source

The updns software stack is available under the BSD 2-Clause License on GitHub.

github.com/usableprivacy

Basic Setup with Google's Jigsaw Intra App

1. Install the Jigsaw Intra App on your Android device

2. Change the Intra DoH Server to https://adfree.usableprivacy.net/query

3. Verify Intra is working with the updns DoH service

Recommended Additional Intra Settings

Verify advertising and tracker domains are filtered

The updns service responds with 0.0.0.0 for filtered domains.

In the following screenshot you see that Snapchat App Analytics is blocked by the updns DoH server.

Recommended whitelist settings for Intra on Android

Our adfree DoH server works best against tracking by mobile apps. DNS-based blocking is very coarse-grained. We therefore recommend you use browsers with blocking extensions and use our DNS service primarily to counter mobile app tracking. You can exclude e.g. your mobile browser from Intra:

On the 21th of September of 2020, our adfree DoH service faced an immediate spike in requests with a peak of 800K requests per hour (26 times our average request load at this time). The amount of requests led to service interruptions of several hours and our public adfree services became unresponsive during the attack. An adhoc analysis and mitigation showed that our DoH service where potentially hit by a DDoS attack from Turkmenistan.

Request rates per unique IPv4 address

The mean request rate for a representative set of 3,9 million DoH requests we analyzed, showed that clients had a mean rate of 2.6 DoH requests per second. We observed request rates up to 571 requests per second from the attackers network range.

Analyzed 3911891.0 requests.

requests_per_sec  mean      2.6
                  std       4.9
                  min       0.0
                  25%       1.0
                  50%       2.0
                  75%       2.0
                  max     571.0

Requests rate per class-c network / country

For a split second one might have thought that the Usable Privacy DNS services all of a sudden became popular in Turkmenistan (maybe the "slashdot" effect, who knows ...). It however became clear that the source of the steep surge in requests originated from handful of class-c network ranges. e.g. one particular class-c network from Turkmenistan was responsible for almost 1,200 requests per second. Requests per class-c network for all other countries than Turkmenistan were below 255 requests per second.