We have added a feature to our iOS app, that removes another; DNS with ad and/or tracker blocking. Just a swipe away. But first, let’s dig deeper into how we’ve set up this feature.
Mullvad ads and tracker blocking is now available in the iOS app. Go to Settings → Preferences and then turn it on/off
Other platforms? Soon.
What is Mullvad DNS blocking?
In order to understand how Mullvad implements blocking of unwanted content via DNS we have to define what DNS means.
At the most basic level, DNS (Domain Name System) is a directory of names that translates into numbers, much like a phone book would have been used back in the day to translate names into telephone numbers. It provides a way for a computer to find out which IP address to connect to when trying to reach a service on the Internet.
In order for your device to connect to the web server hosting the website for mullvad.net, it must first resolve the hostname (mullvad.net) to the IP address (188.8.131.52). Your device does this by querying a DNS resolver for the hostname mullvad.net. In return the DNS resolver tries to resolve the hostname into an IP address, which is then handed back to your device.
With that high level description of DNS we can now move on to explain how Mullvad leverages DNS in order to block known domains that provide ads or tracking services. Each Mullvad VPN server (the VPN server your Mullvad app connects to) runs its own DNS resolver in order to provide DNS resolving to the connected VPN clients. We do this because it allows us to hide all our users' queries behind a single IP (the servers) so that no individual's DNS queries can be tracked by other DNS servers on the internet.
By using well known lists of domains that are specifically designed to block ads and tracker services we are able to block resolving for these domains, which causes the unwanted content to not be downloaded and stops the content from being displayed on your device.
You’re welcome to contribute to the block lists upstream
At the moment we primarily use EasyList to block ads and trackers but we will continuously develop our DNS blocking feature over time. If you want to contribute and make changes to EasyList now we suggest you get involved here and you can view the repository we use to update our block lists for both our DoH/DoT and VPN servers here.
Browser ad-block plugins - same but different
Both ad-blocking browser plugins and Mullvad DNS Blocking set out to achieve the same goal - block unwanted content from being loaded on your device. The way these blocking methods work and the results that they deliver are different from each other, and there are pros and cons associated with each method.
Let’s look at the pros and cons when comparing DNS blocking with browser ad-blocking plugins.
+ Blocks unwanted content on the entire system
DNS blocking can block unwanted content on the entire system rather than just in the browser. This means that unwanted content can be blocked in places where traditional ad-blocking cannot, such as inside apps and games.
+ No additional plugins
DNS blocking does not require any additional plugins in your browser.
+ Works on systems where traditional ad-blocking isn’t available
Such as smart TVs etc. If you can run the Mullvad App - you can block unwanted content!
- Not as effective in the browser
DNS blocking cannot be as effective as ad-blocking plugins in the browser. This is because some unwanted content is hosted on the same domain which the user connects to. If we were to block this domain the user would not be able to connect to the service at all.
- Not as smart as browser plugins
Modern ad-block plugins can adapt to dynamic content by identifying ads based on keywords and selectively block only small parts of websites where the unwanted content resides. DNS blocking is much more blunt - if the domain hosting the unwanted content isn’t in the list we’re using; it does not get blocked.
DNS blocking & Adblock plugins - Happy Together / Why/when to use DNS ad-blocking
So should you replace your browser ad-block plugin with DNS blocking?
Probably not, unless you want to. DNS blocking can never be as effective as a traditional ad-blocker. It is an excellent idea to keep that awesome ad-blocking plugin in the browser and then let DNS ad-blocking take care of blocking ads and trackers in apps, games and on devices where traditional ad-blocking isn't available.
Q: Website xyz is not working when I use your DNS blocking. Can Mullvad remove xyz from the list of blocked domains?
A: Sorry, no. As of right now we make use of block lists provided by EasyList. Any changes or contributions need to be performed via the maintainers of those lists. We may expand or erase lists and domains in the future. You can contribute to EasyList here.
Q: Does this replace my browser adblock plugin?
A: No, but our service compliments your browser plugin. See the section about DNS blocking & Adblock plugins above.
Q: Mullvad DNS blocking does not block all ads on website xyz. Can Mullvad add these to the blocklist for me?
A: We would love to hear your feedback for our DNS blocking feature, create an issue in the GitHub repository. We will improve this feature over time but we may not be able to respond to individual requests for block lists, however we will consider all of them.
For the universal right to privacy,