Privacy is a right that we willingly surrender for the sake of convenience.
I work in the cyber security field and I am often amazed by the level of privacy intrusions we tolerate on daily basis.
The simple fact is: almost everything you do online is tracked by some company or another. It takes a bit of work to keep your privacy intact when you use your phone or computer.
The biggest privacy offender of them all is Google:
- 9 out of 10 top online trackers belong to Google.
- Google can track your online activities even on Apple devices and even if you never sign into a Google account.
- Google aggregates all data it learns about you. That data is given to other entities as outlined in Google's policy.
- With many sites using embedded Google trackers (such as Google Analytics), you will often not realize Google is tracking you.
Yes, it is possible to block Google out of your online life. At least start by blocking Google on your mobile devices!
Everytime your device tries to connect to any Google service, DeCloudUs DNS will tell your device to connect to 0.0.0.0.
DeCloudUs DNS will block annoying ad banners, pop-ups, and video ads once and for all.
Your DNS queries are ALWAYS encrypted. A multitude of online trackers are blocked that monitor your activities.
With all the ads and trackers blocked, your devices will only focus on displaying the content you want to view.
DeCloudUs DNS blocks known malicious domains that serve malware to give you more piece of mind.
The project is built on Open Source and is free to use. Servers hosted in Germany. We keep no logs.
Blocked Google Sites
Blocked Ad Sites
Blocked Malware Sites
Percent Total Uptime
(Production last 30 days)
Help Keep It Running
I gladly donate money and time to set up, operate, and maintain the DNS server infrastructure.
However, hosting cost is expensive; more people using the servers means ever increasing hosting cost to expand server infrastructure, to ensure optimal server capacity.
If you like what the project has to offer and you find it useful in enhancing your digital privacy, please consider becoming a project backer by making a monthly donation by checking the "Make this donation monthly" box with PayPal.
- Hosted in Germany
- Supports DNSCrypt, DoT, and DoH
- All DeCloudUs DNS Features
- Used for Testing New Block Rules and Upgrades
- May be Unstable and Prone to Downtime
- Small Server Doesn't Scale With Higher Demand
- Maybe Throttled and Slow With Large Number of Queries
- Ideal for Testing and Trying Out the Service
also listed on DNSCrypt official public list
IPv4 Stamp: sdns://AQMAAAAAAAAAEjE3Ni45LjE5OS4xNTg6ODQ0MyD73Ye9XeCsS7TdFu9fRP7s5k-0aL91yygulGVmeOAKLh4yLmRuc2NyeXB0LWNlcnQuRGVDbG91ZFVzLXRlc3Q
IPv6 Stamp: sdns://AQMAAAAAAAAAG1syYTAxOjRmODoxNTE6MTFiMDo6M106ODQ0MyD73Ye9XeCsS7TdFu9fRP7s5k-0aL91yygulGVmeOAKLh4yLmRuc2NyeXB0LWNlcnQuRGVDbG91ZFVzLXRlc3Q
- Hosted in Germany
- Supports DNSCrypt, DoT, and DoH
- All DecloudUs DNS Features
- Prime Production Servers
- Stable with 100% Availability Target
- Large Servers With More Added as Demand Increases
- No Throttling. Fast DNS Responses
- Ideal for All of Your DNS Needs
Donate To Recieve Server Details
After successfully completing PayPal donation, you will be redirected to a thank you page with instructions on how to access Production servers. Please save that page and the info in it for future access and reference. Please Contact Me if you do not recieve server access after PayPal donation or after you make a Bitcoin donation.
Android 9 and above supports DNS over TLS (DoT) out of the box. Here is how to enable that feature:
- If your Settings allow for search, type the following
- If your Settings do not allow search, click on
Connections. Then click
More connection settings.
- Click on
Private DNSand a popup menu will open with options.
Private DNS provider hostnameoption.
- On the line below that option, type in the DoT address for DeCloudUs DNS.
For Android 8 and below there is no native support for secure DNS. You will need to download an app and configure it to use secure DeCloudUs DNS. Here are some recommendations:
- - Find an app that allows you to use DoT, DoH, or DNSCrypt.
- - A mobile app worth mentioning is InviZible Pro that allows you to use DNSCrypt.
- - Follow DNSCrypt instructions outlined in the DNSCrypt tab.
iOS devices do not have native support for secure DNS protocols yet. To use secure DNS, you will need to download an app that extends these protocols. One recommended app is DNSCloak that offers DNSCrypt integration.
- Download DNSCloak from iOS app store.
- Add DeCloudUs DNS resolvers to app configuration.
- One option is to use
[static]configuration option. See screenshots in this section for example and also the DNSCrypt tab for more details.
- The preferred option is add DeCloudUs DNS resolver list that will get automatically updated as more servers are added. See screenshots in this section for example and also DNSCrypt tab for more details.
- After the servers are added, click on
Use this serverto activate it.
- Feel free to click around and explore app further.
When using your Mac or PC (windows or linux), all the ads, trackers, malware, Google services, etc.. you encounter will be from your browser. The fastest and most efficient way in this case is to configure your browser to use secure DNS. Firefox is privacy friendly and it has native support for DNS over HTTPS (DoH). This works on any Mac or PC with Firefox:
- Open Firefox
Preferencesto access Firefox settings.
- In the settings search bar, type
Settingsthat comes up in the search results.
- Scroll down in the settings menu to the DNS over HTTPS section. Check the box next to
Enable DNS over HTTPSto enable it.
- In the
Custominput field, put the DeCloudUs DoH server info provided. Click OK to apply settings.
Note: sometimes Firefox may still show major Google user sites such as www.google.com and www.youtube.com; however, other Google domains ads, malware, etc.. will be effectively blocked.
In order to ensure Firefox will not fallback to default network DNS because some sites are blocked, you have to change Firefox configuration setting to no fallback:
about:config in the Firefox address bar.
2. Click to confirm that you will be careful if the warning page is displayed.
3. Search for
network.trr.mode and double-click on the name.
4. Set the value to 3 to make DNS Over HTTPS the browser's default DNS resolver with no fallback.
DNSCrypt protocol provides private, secure, and even anonymous DNS that is second to none.
DNSCrypt protocol is fairly simple to understand and implement. It can be used for one device or your entire home network.
For a details on how to use DNSCrypt, please check the official installation documentation: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation
In the instructions below, I will share configuration examples for DeCloudUs DNS.
- - To configure DNSCrypt proxy to use DeCloudUs DNS servers, you will need to ensure you set the configuration file
dnscrypt-proxy.tomlto use DeCloudUs servers.
- - One way to use DeCloudUs servers is to leverage
[static]resolver settings in
dnscrypt-proxy.tomlfile. This is the fastest way to get started.
- - You should copy and paste the stamp value from the details provided to you to ensure the stamp value exactly matches exactly to avoid errors..
- - Finally, you will need to ensure that your DNSCrypt proxy will use DeCloudUs DNS server. This can be done by specifying server name as follows (same name used in [static] configuration):
stamp = 'sdns://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
server_names = ['DeCloudUs-Prod']
- - A better strategy is to add DecloudUs DNS private resolver list to your DNSCrypt proxy configuration. DNSCrypt will periodically fetch the latest DeCloudUs DNS server list and stamps. As more servers are added, they will automatically become available for you to use without you reaching out to me for updated server connection details.
- - The Test Server details will always be available and updated on this site. When you donate, you will recieve details on how to connect to Production servers. This will include a snippet of configuration that you can add to DNSCrypt proxy configuration to automatically fetch our server list. Here is an example:
- - Finally, you will need to ensure that your DNSCrypt proxy will exclusively use DeCloudUs DNS servers in order to effectively block unwanted traffic. This can be done in two ways:
- - One: you can add the name of the resolver directly in the server name parameter
- - As more resolvers are added, you can add their names to the same field as follows:
- - Another way: you can remove or "comment out" (by adding #) the public resolvers from DNSCrypt proxy configuration file. So the public resolvers under sources section should look like this:
- - You will also have to ensure the following parameters are set EXACTLY as shown here:
- - You will then disable the server names section (remove it or comment out) in order to let DNSCrypt proxy automatically use ALL of DeCloudUs DNS servers:
urls = ['https://dns.example.com/resolvers.md']
minisign_key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
cache_file = 'DeCloudUs-resolvers.md'
refresh_delay = 72
prefix = ''
server_names = ['DeCloudUs-Prod']
server_names = ['DeCloudUs-Prod', 'DeCloudUs-Prod2', 'DeCloudUs-Prod3']
# urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
# cache_file = 'public-resolvers.md'
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
# prefix = ''
require_nofilter = false
lb_strategy = 'p2'
# server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']
Why deGoogle/unGoogle via DNS blocking? Why can't you just root your phone or use custom ROM/Operating System?
Using a custom ROM or mobile operating system that respects your privacy is an ideal solution. Rooting your phone to remove Google services can also work well. However, there are a few reasons for why that would not be possible:
- You have a work phone that you cannot root or load custom ROM on
- Your existing phone is not supported by deGoogled/unGoogled custom ROMs (and you cannot afford to get a new phone).
- You do not have the technical knowledge to root your phone
In such cases and others, deGoogling/unGoogling your phone via DNS block is a good alternative.
Wouldn't NetGuard be more effective in blocking Google than DNS?
Well, here is a suggestion: why not use both! NetGuard will completely block certain apps you choose from ever connecting to the Internet, which can be used to block Google specific apps. I first started doing that, but then I noticed my phone was still talking to Google too much. There are many other apps we have installed that use Google services (for example banking apps that use Google analytics services) in addition to most sites that also use Google services to track my mobile browsing activities. NetGuard will not be able to help there. However, if you block your phone from connecting to Google domains via DNS, that applies to Google apps, browser, banking apps, etc.
Why not allow "regular" DNS queries on port 53?
I only use secure DNS protocols, that's why DeCloudUs DNS supports popular secure DNS protocols: DNSCrypt, DNS over TLS (DoT), and DNS over HTTPS (DoH). As an end user, DNS/53 is really not good for your privacy or security. As a DNS resolver operator, DNS/53 will significantly increase the attack surface on the servers and will make it really difficult to provide value to the community.
Can I really block Google from my life.. and Youtube?!
Yes, you certainly can! But you should think through some alternatives to services you use: search engine, email provider, cloud backup, browser, etc. In fact, there is subreddit dedicated to deGoogling and they took time to curate a list of alternative services you can use to replace Google:
A special mention for youtube replacement. It can be difficult to find content you want on other video platforms, so here is a tip:
Invidio.us is a great Youtube proxy that allows you to watch any Youtube video without logging in, even if the video is somehow restricted. To do this, simply replace [www.youtube.com] with [invidio.us] in the URL you want to view.
So I blocked Google, but what about all the other companies that also track me?
First, there is no company on Earth that collects as much data about you than Google. To make matters worse, often times, you have no choice in the matter because Google services are everywhere and used by the majority of the web. Even if you don't have Gmail or use Google maps, Google still collects data about you. Even if you don't use Android at all, Google still collects data about you.
It is not just about what Google does with your information, but from a security perspective, the aggregation of all that data in one place is very dangerous; just think of what would happen if the data gets into the wrong hands (hackers, governments, ex-wife, etc).
If you consider other companies that track you, you have more choice and options in the matter (although Facebook is another area of concern as I have seen their trackers without anyone actually using Facebook). For example, if you are worried about Samsung phone or smart TV tracking your activities, then don't buy it and find an alternative; if you do that, Samsung won't track you.
Do I have to donate to use the DNS servers?
No, you are more than welcome to use the Test Server without any contribution. I outlined above the differences between the Test Server and the Production Servers. My intention is to operate Production Servers on the community-based principle that those people who contribute to a service should be the ones who benefit the most from it. Otherwise, I won't be able to keep the servers running. The larger the community of supporters grows, the more Productions Servers will also grow to ensure fast and smooth responses.
I want to block Google, but I also want to block other things (like adult sites, social media sites, etc). Can you block them?
I sure can, but the question is: how many other people will find the same blocking rules valuable? Generally, I started DNS servers that block Google because no one else was running public resolvers that did that (at least not that I have found). So I started my own and I want to offer it to the community. If there is a demand from the community to add more servers that block more things (like adult sites, social media sites, etc), I am happy to do it but that ultimiately depends on the level of financial backing and support from the community.
If you wish to adopt/sponsor a DNS server, please feel free to contact me. Tell me what additional sites you wish to block and we will go from there. After the server is launched, it will be available to the entire community to use with a special thank you note to the sponsor.
I am noticing some ad URLs or Google sites not blocked, what do I do?
Please contact me and I will certainly look into it. Please let me know the following:
- The exact URL that is not being blocked (otherwise it will be a wild goose chase!)
- The server you are using (DoT/DoH URL or DNSCrypt stamp).
Why do I see Quad9 and Cloudflare DNS when I do DNS leak test?
If you see Quad9 and Cloudflare DNS servers, then rest assured that your DNS is configured properly! Here is what happens behind the scenes:
DeCloudUs DNS resolvers use Quad9 and Cloudflare as upstream servers (after applying all the filtering rules). Each non-filtered query made to DeCloudUs DNS is forwarded to a different Quad9 or Cloudflare upstream server. Quad9 and Cloudflare ONLY see DeCloudUs as the "client" making the query. So, you make the DNS request to DeCloudUs DNS servers; then DeCloudUs resolvers will either filter/block it (if it is a Google domain, ad, tracker, malware, etc) or DeCloudUs will go out to a number of public resolvers to get the DNS responses on your behalf and then hand these responses back to you. There is no way Quad9 or Cloudflare will ever know who actually made that request or you IP address.
DeCloudUs DNS servers use Quad9 and Cloudflare as upstream servers as this enhances response time and significantly increases performance and the number of requests DeCloudUs can handle in parallel. And since this in no way impacts user privacy, it is a win-win.
OK, what if I am not ready to fully deGoogle or if I rely on Google services for work or school?
That's understandable. Everyone is different when it comes to the level of dependency on Google services, so different people will have different privacy goals and strategies. But here are a couple of ideas to balance privacy with functionality:
For mobile devices: you can set phone resolver to one that blocks Google, ads, trackers, etc (such as DeCloudUs DNS) as outlined in the How To section. Meanwhile, you can also install a secure browser, such as Bromite and have ONLY this browser use a different DNS resolver (such as Quad9 DoH) via the browser DNS settings. This means your mobile device overall will be deGoogled, but when you know you need to access a Google site or service (or even certain sites that use CAPTCHA), you can specifically use Bromite browser for these.
For PC/mac device: you can use Firefox and set DoH in browser settings to use something like DeCloudUs DNS (again, to block Google, ads, trackers, etc) as outlined in the How To section. You can then also install another browser and only use that other browser when you need to access a Google site or service. This other browser would you use your system regular DNS settings, which will not block Google.
Assuming you deGoogle your entire home network (use DeCloudUs DNS as resolver in your home router or as upstream resolver for your local DNS) as outlined in the How To section: in this case, you can use Firefox/Chromium-based-browser DoH settings to bypass Google blocking (such Quad9 DoH). Then you would only use that browser when you know you need to access sites that use Google services.
That way, you can control what/when/how you use Google services; otherwise, Google is blocked by default.
For Bitcoin Donation: please email me immediately after making the donation to obtain the Production servers details. In your message, please note your sender address and the exact BTC amount.
For General Inquiries: please feel free to email if you have any question or feedback.
For Inquiries to adopt/sponsor a server: please send me information about the additional blocking you wish the server to do and we can go from there.
For Blocking an Ad or Google URL: please email me the details of the server you are using (DoT/DoH URL or DNSCrypt stamp) AND the exact URL that should be blocked.
For Whitelisting Requests: please email me the details of the server you are using (DoT/DoH URL or DNSCrypt stamp) AND the exact URL that should be whitelisted along with a brief reason to explain why.