Google claims “Google will never use the VPN connection to track, log, or sell your browsing activity”. I’ll believe it when I see it.
Apple should have developed one! Why haven’t they?
I suspect they would argue that there are already many perfectly good VPN products already available, so there’s no need for Apple to enter the market space.
This is the same reasoning Apple used when they stopped making printers, routers and non-professional displays.
Will Google One launch on April One?
From just the quote above, you can parse loopholes; surely they will be using the data for nothing less than ML.
I’m a big fan of 126.96.36.199 from Cloudflare; lightning fast, secure, free and trustworthy. I install it as a static option on every router that allows it (Xfinity, e.g., will NOT allow you to change), and every web-capable device I can (this overrides Xfinity). The iOS version is a breeze to install and protects you from your mobile provider and guest WiFi.
If you set it up manually on your own router/Time Capsule/Apple Airport/Mac, be certain to install iPV6 as well as iPV4.
@frederico, thanks for that tip. I had been running for years with 188.8.131.52 and 184.108.40.206 from Google. I read good things about Cloudflare. I’ve now switched my AP Extreme at home. Anytime I find a service roughly as good as Google (or better), I switch away from them.
Another option, for the more technically inclined, is to run your own DNS server. In my case, I’m running ISC BIND on a Raspberry Pi. I originally set it up in order to serve names for the devices on my local LAN, but it also means I don’t have to rely on anybody else’s DNS (Comcast, Google, whatever).
If you don’t configure BIND’s forwarders option (used to redirect non-local requests at a single trustworthy server), BIND will resolve all external names by sending requests to the root servers and various intermediate name servers.
Of course, this only affects devices on your LAN (I have my LAN’s DHCP server direct all devices at my DNS server). When traveling, something else is needed and for that, a trustworthy DNS provider (like Cloudflare or Google) may be preferable to each access network’s DNS (which may or may not be any good).
Can’t you set your DNS server as a proxy and pass your mobile traffic through it? That’s how we set up all our businesses; but we also had fat bandwidth.
Again, I can’t more highly recommend 220.127.116.11.app for iOS devices; free, easy and fast; just set it and forget it.
I could do that, in theory. But I would need to make that Raspberry Pi accessible to the entire Internet. That’s a security risk I’m not prepared to take. (Did I forget to mention that this is my home LAN, not my employer’s network?)
There are things you can do with a corporate network and an IT department that I would never consider doing for my personal home network. This includes running any service that would require granting the Internet access to a device on my LAN.
Not at all clear from the App Store description what 18.104.22.168 is. VPN? Proxy? DNS server? Can you elaborate? Thanks.
If you run a RaspberyPi with Pi-Hole and PIVPN or OpenVPN you can allow secure remote access over a VPN from iOS or MacOS etc. Total install time including downloading should be ~10 minutes on an RPi4, plus allowing access on UDP port 1194 for the VPN on your local router/CPE.
Pi-hole® - Network-wide Ad Blocking
PIVPN: Simplest way to setup a VPN
Combined doc for Pi-Hole and OpenVPN are available at: Overview - Pi-hole documentation
Once you get PiHole doing all your ad blocking it is painful to be without it.
Ah. I missed the personal bit. Sorry.
You may want to look into a cloud based, UpNp to NAT solution, such as provided free with QNAP and Synology; there has to be an open source solution. I have zero concerns letting family and professional NAS talk to each other and allow remote access, as long as very strong password security is enforced. With keychains, it’s easy.
Or just put cloudflare’s Warp on your devices and don’t think about it. (;
It is both a VPN and DNS solution.
Thanks, @frederico. Good stuff.
How would a less technically inclined home user specify 22.214.171.124 as a DNS address on an AirPort Express that is configured using DHCP, presumably by the ISP? (The field is grey like I cannot edit it, but I can put an insertion point in it, so it appears that I could overwrite the default.) And would putting the WARP client on the Mac make the first question unnecessary?
@Will_M, I just entered 126.96.36.199 and 188.8.131.52 (their secondary) and my AP Extreme showed both upon reboot.
[EDIT: Better clarity and image; 2020-11-04T07:00:00Z]
Yes, you can overwrite the gray text; those merely indicate the broadcasted defaults provided by your local or ISP gateway, which are currently in use.
Even if you are not concerned about security, Cloudflare just flat-out makes your browser queries when entering a domain name much faster.
Copy the following DNS IP Addresses, one line at a time; then hit the ‘+’ button (see image below); Paste the number in the highlighted field; pressing ‘Enter’ after each entry:
The first two very long numbers are IPv6, the last two traditional IPv4; modern devices will attempt to use IPv6 first (it’s faster in many cases and “more” secure), then fall back if needed; older devices may not be capable of using IPv6 and will fall back to IPv4.
[NOTE: See below posts for information about named DNS ‘Search Domains’; most people can safely ignore them]
NOTE: if editing a device/Mac, repeat the above procedure for each active connection type and profile (e.g., Ethernet 1, Ethernet 2, Firewire, Bluetooth, [name of each of your common] WiFi Network(s); you will find these settings under the ‘Advanced’ button for each connection type.
NOTE: if you have WiFi extenders providing independent DNS, or just passing along the default DNS from your ISP (as opposed to being in Bridge Mode, where the extenders simply pass requests to your router or gateway), be sure to install the custom DNS on each base station or WiFi router.
You will also note in the above image that I also have Google’s DNS listed after Cloudflare; this is just in case all four of Cloudflare’s DNS Servers go down (unlikely, but things happen); if they don’t respond quickly, your query will fall back to Google’s DNS and avoid the dreaded Unmoving Progress Bar, that once plagued virtually all ISPs; that is, in part, why Google, and FreeDNS, et al, started offering more reliable lookup servers.
I swear, back in the 90s and 00s, my local ISP (Century Link née Qwest née Mountain Bell) had exactly one Pentium II hosting DNS lookup, and when it crashed, no one got anywhere without a numbered IP address. This worldwide phenomena set off the once-popular self-hosted DNS tables; Mac and PC users alike would run
trace route to discover the static IP address for all their frequented sites, and edit their
hosts file; this way your own machine automatically translated domain names to IP addresses in a blink. No more dreaded Unmoving Progress Bar (cf How To Setup A Local DNS Host File On Mac OS X)
You can still do this today, if you wish, of course; there are freeware GUI editors for doing this automatically; at one time there were (and probably still are) browser plugins that automatically and silently edit the
hosts file on the fly.
For iOS users, here’s the easy to use, free for DNS (subscription for VPN data): 184.108.40.206: Faster Internet on the App Store
I don’t want to lose the use of my current VPN, which I like (and pay for).
Done, almost. I entered the IP addresses and restarted the Airport Express. Sure enough, the new numbers were there. Then I saw the “Domain Name” field and tried to copy and paste “Cloudfare DNS” into it, but it would not accept the paste. (The computer beeped and blinked.) I tried typing “Cloudfare DNS” into the field, and the computer beeped and blinked at the space. I took the space out, copied, and pasted. But then I didn’t update because things weren’t exactly right. What does the “Domain Name” field do?
I almost asked about IPv6 in my earlier post, but I thought baby steps were more appropriate for me. Thanks for including those.
If you’re running your own DNS server (e.g. for the names of hosts on your LAN), then you would enter your LAN’s domain name there.
For instance, if your devices are named
baz.mysite.example.com, then you would enter
mysite.example.com in the domain name field.
If you don’t have your own DNS domain, then leave the field blank unless your ISP requires a particular value.
Unless you have your own domain name, and you host that domain name as a proxy or gateway ahead of your personal machines or routers, you can (usually) safely ignore this field. If you’re paranoid, you can enter:
Specifically, DNS Search Domain [name] is a feature that allows you to look up different machines/devices or sub-domains under a distributed server; e.g.,
apple.com is the parent/default search domain; or
myMac is your machine directly hosted by your server providing access to your network via domain name.
When/if you have either of these scenarios, when you want to find a machine or subdomain on your network, you can just type
MyMac, and whether or not you are currently searching from a machine that is inside or outside your LAN,
MyMac will automatically add the parent domain name as shown above, and try to contact the machine or subdomain under that named address (as opposed to needing to know the fixed IP address; e.g.,
This is easily demonstrated by opening System Preferences –> Sharing –> [select] File Sharing:
Note that macOS (and Windows and Linux) creates its own server and broadcasting service – nearly always
.local – it simply creates this for peer-to-peer services within the local subnet on your LAN.
In the example below, the “proper” Computer Name can contain spaces, but note that spaces aren’t allowed in any URL, but rather than convert a Space character to
+, macOS adds a hyphen (sadly, this predates the WWW, and the Web chose
+, which I find more appealing, but, alas…; I just wish it were consistent, given you can enter both types of URLs in a browser or terminal.
You can even install numerous named domains there, and if
MyMac isn’t found on the first, it will fall back to the second, etc., until it runs out of options, at which point most browsers will kick you out to your default search engine.
You can test this now by typing just a word in your in your browser’s address field. If it just goes to your search engine of choice, you can just ignore this field; if it goes to your ISP and shows you a custom error page, you can change it.
Again, if you’re paranoid, just enter:
… and you can be sure that your ISP isn’t first grabbing your query and then bouncing you to a real search engine.
You can even enter any Qualified Domain Name, like
Apple.com, and if you type
MyMac, it will search for
MyMac.apple.com, which, of course, will bounce and kick you to your search engine.