A look at Windscribe VPN'S R.O.B.E.R.T domain blocking tool
Windscribe is a VPN provider that is known for its good free offering and commercial plans, and even an option to build a custom plan.
Free accounts are limited in terms of server locations, bandwidth, and available protocols. Free accounts get 10 Gigabytes of traffic when they add an email address and verify it; this could be increased to 50 Gigabytes previously, but the coupon does not work anymore. It is still possible to double the limit to 20 Gigabytes though.
The domain blocking tool R.O.B.E.R.T. is included in free and Pro accounts but the free version is limited to malware blocking and three custom rules.
Windscribe launched an updated version of the tool recently that introduces categories that you may block, options to toggle lists individually, and custom access rules.
A look at R.O.B.E.R.T.
R.O.B.E.R.T. is a DNS-level blocker to block certain types of connections and custom connections right away.
The main advantage that DNS-level blockers offer is that the blocking happens before the content is analyzed, downloaded, rendered, or executed by the browser or applications.
Select R.O.B.E.R.T. on the Windscribe website after signing in to configure the feature. Pro customers may disable it entirely by switching all enabled blockers to "allowing" in the interface.
- Blocking -- Windscribe blocks connections that match hostnames or IP addresses that is on the list, e.g. Malware list.
- Allowing -- No blocking takes place.
The blocker blocks malware automatically for all accounts, and may block "ads + trackers", social, porn, gambling, fake news, other VPNs, and Cryptominers for Pro account customers.
The blocking is automated just like it is when you block connections using a hosts file or other DNS-based blocking options. There is no option, however, to check the list of blocked domains; could be a problem if you run into false positive issues.
Custom Rules work similarly. You may set up rules for individual domains to allow or block them. Blocking blocks connections to the domain, whitelisting bypasses R.O.B.E.R.T.'s default filters to allow connections to the domain.
Free users are limited to three custom rules, the limit is increased to 1000 for Pro users.
Changes that you make to the configuration take effect immediately (provided that you are connected to a Windscribe server).
DNS-based blocking is a useful feature as it works on the entire device and not just in individual applications. The blocking works as expected; connections are blocked to domains on default or custom lists.
Windscribe improved R.O.B.E.R.T. recently but there is still room for improvement.
I'd like to see options to access a log of blocked connections and domains that are on block lists, and options to manage these lists individually. Doing so would move the functionality closer to content blocker extensions like uBlock Origin that users install in browsers.
Free users have to use it, Pro users can use it. An option for free users to turn this off would be welcome as well.
Now You: Does your VPN offer filtering and blocking options? Do you (would you) use them?
It is a nice feauter and you save time to manually updade the main list, but the lack of blocked domains log and custom rules limit could be a problem.
I’m still kind of new at this, but I use AcrylistDNSProxy with lists unified previously with Hostman; one of them is StevenBlack hosts. To check if some domain has to be allowed there is ADPMonitor.
A free VNP user could use ProtonVNP coupled with this setting.
This is possible, but it would require DNS logging on per-user basis. Which kinda defeats the purpose of Windscribe.
That being said, we’re gonna eventually build ROBERT right into our apps (as an optional feature). When he runs locally, we will be able to expose all kinds stats.
Also, don’t forget, hosts file does not support wildcard domains. ROBERT does.
I can’t answer you because it is all outside my expertise and I don’t need\use a VNP service (despite I have ProtonVNP free installed) so I haven’t read up on it that much.
I can only say that Acrylic DNS Proxy hosts provides support for wildcards and regular expressions (it has also a RegTester tool):
Fair enough. If you wish to operate it yourself and be in control, by all means do it. Most people however lack the technical expertise or desire to do so, so they can toggle a few switches on our website and forget about it.
I don’t use a VPN but I occasionally tested Firefox specific VPN extensions.
– Hoxx VPN Proxy Firefox extension is fast but extremely privacy invasive, moreover does not offer filtering/blocking options;
– Windsribe Firefox extension does offer filtering options but latest version still does not resolve a logoff issue : I am systematically logged in at every Firefox start even if I logged off on previous Firefox session : not acceptable.
System-wide, I am not inclined to use a VPN, I don’t like the idea of an intermediary between my requests and landing on a page even if any DNS resolver is concerned (which is why I choose it with precaution, i.e. NO Google DNS but Quad9 and a few others are worthy). Mainly I wish to be able to filter domains and IPs myself and not delegate that to a VPN or even a DNS).
System-wide therefor I use the HOST file protocol via an application called ‘Acrylic DNS Proxy’.
For DNS blocking I continue to use the old now (2014) ‘PeerBlock 1.2 for Windows Vista / 7 / 8, 64-bit’ (https://code.google.com/archive/p/peerblock/) with filters available at I-Blocklist (https://www.iblocklist.com/) plus my own (many IP ranges for a given domain available at DNSlytics (https://dnslytics.com/).
DNS blocking is of course not redundant with HOSTS filtering, and I regularly notice that PeerBlock has blocked access to an IP corresponding to an address which was included in my HOSTS file but not blocked by it, simply because some sites call third-party sites not with the explicit address (handled by HOSTS) but directly with the IP (that’s where PeerBlock makes the difference).
Hence, DNS filtering is most valuable but of course requires updated filters because if a url seldom changes its IP on the other hand may vary more often (PeerBlock updates its filters once a day).
DNS filtering is required IMO on any system eager to compete with privacy invasion. This is also why I aim to decide myself and not delegate the feature to a VPN. But, should I ever use a VPN that I’d of course appreciate to have it include DNS filtering given once a VPN is on my stage I have absolutely NO system-wide mastering of blocking features.
Tom strikes again with “advanced” knowledge.
Thanks but not sure “advanced” applies. Not being a techie I rely essentially on good sense and synthesizing with a non-techie’s vocabulary what I learn and experience here and there. The advantage of not being a pro is that when you explain the little you know you do it with simple words that other non-techies can understand. I’m not throwing the stone to pros because i know that more you know more difficult it is to explain the increasing complexity to those who ignore the basics : those who are proficient and yet able to explain the perimeter of a rectangle make the good teachers.
Advanced it is. Many people I meet and work with are barely able to understand or handle a VPN (and,in some cases a browser extension, too). Tom the hawk kicks it up a notch and humble brags. No problems though – he always seems to have interesting contribution.
Quad9 supports DNSCrypt, but I dont’ see it in SimpleDNSCrypt, so I set Cloudflare or automatic mode.
I’m lookin’ at an alternative for quickly update the host in Acrylic folder. Taking hBlock as reference, a similar tool where I can add custom lists and set as target a .txt file in a choosed folder.
@Shiva, I had started with SimpleDNSCrypt before switching to DNSCrypt-Proxy (https://github.com/jedisct1/dnscrypt-proxy) which the former is built-on, as a front-end so to say. DNSCrypt-Proxy is more flexible IMO, and easy to use even if it requires the little extra effort SimpleDNSCrypt handles otherwise : more flexibility means more user commitment, always.
I don’t use DNSCrypt at this time, maybe I should but ‘Acrylic DNS Proxy’ (it’s not really a proxy unless 127.0.0.1 be considered as a proxy) offers IMO a greater ease of domain blocking, which I heavily rely on need to say.
As I wrote earlier I use both based on this answer:
As a beginner user I’d like to avoid ‘the little extra effort’ unless it’s necessary. It’s not lazyness, I need to know exactly what I’m doing or it’s better rely on a third party tool (in this case SimpleDNSCrypt).
For now I’ve only to find a way to simplify the update of the added external host (from multiple sources) in Acrylic folder also considering domains names in ascending order like suggested in Acrylic host file. How do you update your list?
@Shiva, how do I update my blocking lists?
From the Acrylic DNS proxy UI > File > Open Acrylic Hosts,
I’ve set :
# INCLUDE EXTERNAL HOSTS FILES
@ d:\My Data\BLOCKERS\Acrylic\AcrylicHostsGroup.txt
– AcrylicHostsGroup.txt are my own filers;
– HOSTS.ehm requires explanation :
I use an app called HostsMan which allows to concatenate and update HOSTS files from different sources.
Hostsman then creates a unique HOSTS file located as usual on Windows at
Because I use Acrylic and not directly the HOSTS file, from Hostsman I disable the HOSTS file.
When Hostsman disables the HOSTS file it copies it to a file named HOSTS.ehm in the same folder as the HOSTS file :
I then tell Acrylic to use that HOSTS.ehm as an external HOSTS :
This way I have the advantages of HostsMan without HOSTS enabled but available for Acrylic via HOSTS.ehm
I hope I’ve explained clearly the way I proceed :=)
host.ehm as external hosts in Acrylic? You’re a shrewd old fox… :-)
I also use HostMan (see the first post above) but I keep my personal host file enabled from backup.
However this approach has two limits:
– you cannot use automatic mode if a list has only the Github mirror
– you cannot use HostMan with lists like EasyList
hblock seems a very good script and I can’t find a valid alternative on Windows.
@Shiva, concerning the limits of HostsMan you wrote,
“â€“ you cannot use automatic mode if a list has only the Github mirror
â€“ you cannot use HostMan with lists like EasyList”
*** you cannot use automatic mode if a list has only the Github mirror ***
– be it in automatic or manual mode, Hostsman indeed will not be able to install/update a hosts file sourced on a GitHub page. But there is a workaround (“- Houston, we have a problem, – Apollo, no you don’t!) :
The idea is to use whatever app to download the GitHub hosted HOSTS file and then to provide a new source to Hostsman which is the very downloaded page. Making all this automatic is easy.
Personally I use a NirSoft application called SeqDownload, provide this app the url(s) of the GitHub hosted HOST file(s) I wish to add to Hostsman, i.e.
Now all I have to do in the morning is,
1- Open SeqDownload and download latest HOSTS from GitHub
2- Open Hostsman which will include these files located on my system.
Takes 1 minute every morning between toast and marmelade :=)
*** you cannot use HostMan with lists like EasyList ***
Well, EasyList is not a HOSTS file anyway but rather meant to be used with (because built for) browser tools such as uBO or Adblocker.
Now what do you say about that? The old fox ain’t senile yet!
Not bad using SeqDownload, I wonder if I can do it with JDownloader (maybe Event Scripter) to download lists, start command prompt to merge txt files and sort ascending the output file (and then use quickly HostMan to remove duplicates and comments).
But host.ehm as external hosts is one of the best creative problem-solving from the point of view of a non ‘pro’ user. Shrewd old fox was a compliment. :-)
*you cannot use automatic mode if a list has only the Github mirror*
I was talking about the automatic update in HostMan and the related trick with host.ehm.
* You cannot use HostMan with lists like EasyList *
Yes, it is not a hosts file and you can use uBlock. Acrylist is already installed and it is very efficient. So, could be good move everything to it if possible, in a similar way of DNSCryptProxy blacklist. Rarely I also use IE.
Well, about hBlock there is this page of nightly builds https://hblock.molinero.dev/ and take a look at StevenBlack phyton script for updating hosts file (including updateHostsWindows.bat in the folder). I have no time now but maybe it can be used with other lists an set to save the result in a personal folder for Acrylic.
PS: my mistake, ‘no filter’ option was checked in SimpleDNSCrypt. Quad9 is listed as resolver.
“Not bad using SeqDownload, I wonder if I can do it with JDownloader (maybe Event Scripter) to download lists, start command prompt to merge txt files and sort ascending the output file (and then use quickly HostMan to remove duplicates and comments).”
> “start command prompt to merge txt files”
Why merge them? Just add them individually to HostsMan, no? I have two hosts file I download from GitHub pages with SeqDownload and I’ve added both to Hostsman, why merge them first, HostsMan will take care of that (as well as redundancies).
I bounced on “shrewd old fox” because I found it funny (fox-firefox), not because I would have perceived it as odd! :=)
– The hblock script is not intended for Windows, as you point it out.
– I’ll be thinking about tying Acrylic to DNSCrypt (DNSCrypt-Proxy in my case) but I admit having both sort of bothers me. I have it in mind, will be digging the idea.
“Just add them individually to HostsMan, no?”
HostMan import one file at a time. Why I have to manually import 6 lists if I can automatically merge them and sort ascendind the resulting file.
for %%f in (*.txt) do type “%%f” >> …… \\ sort …… /o ……
With one click (or no click if scheduled): start the downloader, merge\sort and copy the output file where you want; then import only one file with HostMan to remove comments and duplicates. If you set host.ehm as final target overwriting it you problably save import action as well.
It is a pity that HostMan doesn’t support Github mirror (but I see now that I have the same problem with hpHosts links and SeqDownload) or host.ehm trick would’ve been perfect.
Honestly, how much the Acrylic’s performance worsens if you use multiple external Hosts without removing duplicates, comments or sorting ascending domains? In this case SeqDownload is more than enough. I was also thinking about Autohotkey, but import action in HostMan hasn’t a shortcut.
PS: about 127.0.0.0 and 0.0.0.0, do you convert this parameter for Acrylic host?
@Shiva, I use only 0.0.0.0 be it for HostsMan (and consequently for Acrylic), be it for my personal Acrylic filters. One thing I’ve noted here is that if 0.0.0.0 is imperceptibly faster than 127.0.0.0 when handled by HOSTS alone, the difference is flagrant when Acrylic handles the filtering.
> “HostMan import one file at a time. Why I have to manually import 6 lists if I can automatically merge them and sort ascendind the resulting file.”
I understand your approach. What I meant is that HostsMan already downloads several files from the Web (most of the time) so having it download one merged file local file rather than 2 or even 6 in your case doesn’t appear to me obviously beneficial … but we all have our way of proceeding.
> “It is a pity that HostMan doesnâ€™t support Github mirror (but I see now that I have the same problem with hpHosts links and SeqDownload) ”
Do you mean that SeqDownload doesn’t download files from hpHosts? Strange.
Anyway why use Seqdownload to download a HOSTS file located on hpHosts when Hostsman can do it?
I’m missing something. I’m not sure I’ve understood you correctly.
I like protocols as simple as possible :
1- HOSTS files not downloadable by Hostsman are downloaded with SeqDownload
2- Hostsman will include HOSTS downloaded from Web servers together with those downloaded by SeqDownload
3- Hostsman merges all those files and builds one HOSTS file which becomes HOSTS.ehm when Hostsman disables HOSTS
4- Acrylic handles HOSTS.ehm together with my own Acrylic dedicated filters.
That’s already more complex than I’d wish. I mean the process is not really elegant, I always prefer handling dedicated routines, methods as they were meant to be used.
@Shiva, editing my above post dated March 14, 2019 at 11:22 pm
You had written > â€œIt is a pity that HostMan doesnâ€™t support Github mirror (but I see now that I have the same problem with hpHosts links and SeqDownload) â€
I just tried to download https://hosts-file.net/exp.txt with SeqDownload and indeed the download failed. Obviously the culprit is hpHosts, a site with a good reputation but so frequently attacked that it might have become excessively introverted.
Just remember that domain name oriented blocking only works to stop domain name lookups. It has no effect with software that uses IP addresses directly.
@John Fenderson, correct. That’s why I emphasized on using a DNS filter/blocker in my above comment, PeerBlock in my case.
‘PeerBlock’ is not perfect (handles TCP not UDP if I’m not mistaking),
‘Acrylic’ doesn’t handle IP blocking,
DNSCrypt-Proxy does handle IP as well as domain blocking.
That’s the scene I guess. Choices have all advantages and disadvantages I guess.
Just to clarify that PeerBlock blocks UDP.
@Steve, “PeerBlock blocks UDP” : OK, thanks for the information. I wasn’t sure about that.
Using the “Fake News” filter will block most conservative leaning websites. No thanks.
No, it won’t. You can check the block list sources for it at the bottom of the page: https://windscribe.com/features/robert
Windscribe free is worthless. For the past few months, it has been so slow that it is unusable. I have the upgraded 50GB. Even changing server locations doesn’t improve the speed. Hopefully those on the Pro plan have better performance. Could it be R.O.B.E.R.T. is causing the slowdown? Definitely need the option to disable it on the free plan if so. Anyone using Windscribe (free or pro) experiencing very slow speeds?
The perfect nation-wide censorship experiment. Who in their right mind would delegate such a vast arry pf decision to a third party ?
Fake news, really ?
But the very problem is Windscribe itself. A good VPN is a must for me and I use it in at least 85% of my online time. I’ve researched a lot about VPNs and used some of the best free ones. I’ve installed and used the latest versions of Windscribe and I can say it’s just awful (I gave up on it 2-3 months ago after testing 3-4 latest versions). As soon as I launch it in my Windows 7 system (with latest updates), my fans start to work harder to cool the CPU which is under stress by Windscribe to work harder. I have no problem with all other VPNs on the same system.
Unfortunately, Windscribe is even worse than Firefox in managing system resources :(
Now I use the best VPN available which is no one but ProtonVPN.
ProtonVPN is the most secure, private, flexible and no logs VPN with very good speed and great free mode. It even supports P2P connections.
God bless developers of ProtonVPN (the people who also have created ProtonMail) ;)
It would be nice to have one’s cake and eat it, but ProtonVPN free doesn’t support P2P; the server disconnect itself automatically.
What I don’t well understand is the price of ProtonMail\VNP Visionary plan. Is it possible have both plans choosing Basic\Plus or Plus\Plus offers, right?
Now Proton is also developing ProtonDrive, I’m away from cloud, but it is always a good news.
Windscribe dev here.
Sounds like this is related to the TCP socket termination feature which we have in our Windows apps. Some applications like Plex, Acronis True Image, qBittorrent and a few others do not handle external TCP socket termination, and end up using 100% CPU. This is a bug in those applications, not Windscribe. We submitted bug reports to the developers.
We’re the only VPN to have this feature, which is why you probably didn’t experience it before. You can disable this feature in Preferences.
As for the Firefox issue, not exactly sure what you mean. We have a pretty good rating in the Addon store. Sounds like it could be a local issue on your end, due to 3rd party AV software or firewalls. Can’t say more without knowing more details.
I have windscribe and use it as a standalone VPN. It works fairly well and they seem trustworthy. They’ve been junking up windscribe with stuff like this recently. There’s a browser based windscribe which is silly, there are far too many ways to sneak into that kind vs. a standalone. Even so, there’s an element of trust with any VPN, at the very minimum a no log, no retention policy, and honoring them.
For stuff like ROBERT offers, it’s far easier to use a custom hosts file and ad blocker or something similar. A good VPN + Tor is how to get a high degree of privacy, lots of browser add ons/extensions will eventually create a mess.
Last year, VPN’s were hot news; I’d bet not many users got on that bandwagon since you kind of have to understand what a VPN is and that can’t be done in the time between notification pop ups.
This year, with all the news about facebook, google, et al data mining and leaking user info, it’s privacy. If solutions are easy to use, maybe they’ll take off but I doubt it since I’d expect most users will turn on everything and have lots of issues they can’t easily diagnose.
Browser extensions are not meant to replace VPN apps. They’re meant to be companions and used in parallel, as the Windscribe website suggests.
A hosts file does not support wildcard domains, ROBERT does.
Want to have the same block list across all your devices (computers and mobile)? No way to do that without ROBERT.
I used Windscribe for a monthâ€¦ fortunately! The servers I paid for were damn slow. But not so slow as the technical support. They took 3~4 working days to answer and their replies are far away from being useful! Damn, I’m paying for it!
I do not recommend this service. Try ProtonVPN or TunnelBear instead.
Email me at [email protected] with your issue and I’ll help you out.
Strange. Iâ€™ve never had any speed problem with Windscribe Pro. Works flawlessly in all aspects here on Win 7 Pro and on iPad mini.
I am a big fan of the Pro services and recently tried “Secure.link” which is a separate service operated by Windscribe. It works in a similar fashion to a URL shortening service, where you create a unique URL that points to any webpage of your choice. Windscribe then scans destination pages for ad beacons and 3rd party trackers that may compromise the privacy of the person who accesses the page. Windscribe provides a “Privacy Score”, which grades (from A to F) the destination page in terms of how invasive it is with tracking practices.
Have any users of this Blog used this service? I see that my web control page includes ROBERT blocker with 1000 rules in Whielist/Blocklist domain entry format, but I have the feature enabled with the generic settings.
I notice that Windscribe VPN speed is generally 50% of the non-VPN bandwidth speed (Rogers Cable DOCSIS3 ~48Mbit/s, around 6Mbyte/sec but 2-3Mbyte/sec when VPN is engaged) .
MeH here again.
Yegor (Windscribe dev) blamed some applications like Plex, Acronis True Image, qBittorrent etc. that I don’t even have on my system and as I noted the problem begins as soon as Windscribe is launched without any other application being launched to use Windscribe.
(And about Firefox- I meant Windscribe is really bad at managing CPU usage just like Firefox which is really bad at managing RAM and that’s the reason I gave up on FF about 15 months ago and the sad fact is that it even got worse in the latest version (65.0) as I tested it compared to a year ago -_- )
But unfortunately I should say Windscribe is even worse than what I thought.
Today I wanted to modify my hosts file and I noticed something strange. Instead of less than 4KB, it had a size of more than 4MB!!! and that’s huge for a simple text file. I opened it in Notepad++ and it had more than 2 million blank lines!!! without any text but the lines below at the very end of the file:
18.104.22.168 de-005.staticnetcontent.com #added by Windscribe, do not modify.
It’s obvious that damn Windscribe had modified my hosts file by deleting the default text and adding those domains plus 2097152 blank lines!!! o.0 @[email protected]
(And no, it’s not done by malware or hosts file hijackers since my system is kept quite secure.)
I rest my hosts file of course but I just want to say shame on you, Windscribe and I will avoid you like a plague from now on (ï¿£ï¸¿ï¿£)
According to an Australian review of Windscribe they give you the option to allow them to mine cryptocurrency using your CPU in exchange for some extra free data: https://privacyaustralia.net/windscribe-review/
Maybe that’s what was happening to you which caused the overheating problems.
Oddly enough I had exactly the same problem using Mullvad’s x64 client which they introduced late last year. Using the 32-bit client worked without a problem, but not the new one. After spending a considerable amount of time troubleshooting during which I provided them with CPU-Z analysis which demonstrated how hot the system would get when using their 64-bit client compared to the other flavor I eventually gave up on it since they advised me they were unable to replicate the problem in the lab. But seeing the option on the review site I mentioned concerning cryptocurrency mining I wonder now if they were doing the same thing.
Nowadays I use AzireVPN (Swedish) and also a freebie called Tunsafe which uses Wireguard servers as opposed to OpenVPN. Neither of them cause any overheating issues on my Windows 8.1 system.
Info on Tunsafe in case you’re interested: https://tunsafe.com/ The default DNS is Google, but you can change that via the config file.
The review fails to mention that this is a BROWSER BASED miner, which only works when you go to this page: https://windscribe.com/miner
It has been discontinued since then.
No offence, but I really cannot imagine users willingly donating their computers resources to their VPN to mine cryptocurrency. Sounds like you don’t have much money in the bank if you have to resort to such tactics to fund your operation.
@TelV Maybe you can’t imagine it, but there were tens of thousands of people doing it, and getting “free” upgrades as a result. Not everyone can afford to spend $9/month on a VPN, especially if you live in a country where the average wage is $300/month, and coincidentally, these are the people who need VPNs the most due to the oppressive regimes in those countries.
Nobody is forcing you to do it. If you don’t want to, don’t. It was an option for those who couldn’t pay.
$9 a month! That sounds positively greedy. How do you justify those amounts? My current VPN only costs â‚¬3,25 month and supports Wireguard in addition to OpenDNS. For that amount I get unlimited bandwidth, Blind Operator mode and no logs and no ISP restrictions. They also have a SOCKS5 proxy available.
As to your own outfit Canada is part of the Five Eyes alliance which makes it a no-no for me at least.
I don’t know about your â‚¬3,25/month VPN, but we have servers in 110 data-centers, and a staff of 20. These things cost money, and considering we have to maintain ~11M customers, and have some unique offerings, it’s fully justified to not be the cheapest option. You get what you pay for (usually).
That being said, you took the absolute highest possible price from our site. We also offer “Build-a-Plan” (nobody else has this). Pick locations you want, for $1/month each. Since most people don’t need access to 50+ locations, they can just buy 2, and pay as little as $2/month.
All the “features” you mentioned, we have, except for Wireguard, as that’s not stable software, there is a warning on the developer’s website saying not to use it in prod, and OpenDNS, as I’m not sure what you mean by this. We resolve all DNS queries on the VPN node itself, straight from authoritative servers (no middle men), instead of using a Cisco owned company.
Funny you mentioned that Canada is a bad place for a VPN (“5 eyes”), yet you’re totally cool with sending all your DNS queries to OpenDNS and their US parent, Cisco Systems. But fear not, none of this matters. I’ve written a blog article a while ago that will explain it perfectly:
I took the highest possible price on your site you say? I did no such thing. All I did was quote the figure in your previous post namely this one: “Yegor said on March 14, 2019 at 2:59 pm”….”Not everyone can afford to spend $9/month on a VPN….”
As regards OpenDNS, I don’t use it. Tunsafe which uses Wireguard is configured to use Google’s DNS at 22.214.171.124 by default, but that can be changed in the config file which what I’ve done. So all my DNS queries go via Cloudflare.
If I’m logged into my own VPN (Azire) I use their own encrypted DNS servers which are based in Sweden. As I understand it, they’re proposing to open a new location in the Netherlands shortly so I’ll probably stop using Tunsafe altogether when that happens.
Windscribe app is extremely light weight, it will NOT cause a spike in CPU usage, UNLESS there is a 3rd party processes that interferes with it, such as overzealous anti-virus. However, that’s extreemly rare. Most likely case is what I suggested. Did you open the task manager and see what exactly is wasting your CPU?
Firefox issue. Not sure what this has to do with our extension. You can debug the extension and see the CPU/memory usage. about:debugging#addons. You will notice that it’s not using ANY CPU at all and memory usage will be <40MB.
Your hosts file: You clearly have something else running on your computer. The only time we ever touch your hosts file is to add an entry for the server you're connecting to via IKEv2, this entry has a comment – "#added by Windscribe, do not modify.".
All other entries in your hosts file were already there, we simply append that single entry to the bottom. This is done to prevent DNS poisoning, so the OS doesn't have to lookup the domain via a potentially toxic DNS resolver (such as the case in China and most of the Middle East).
Does any one know if the windscribe in-browser vpn use any kind of tunneling? Or, is it merely a common tls link to a proxy as with opera builtin vpn?
The free version browser extension works just fine here in both chromium linux and vivaldi win10, and has a good set of options and features. The data allowance is generous as well.
Browser extensions use secure proxies, which establish a TLS tunnel to the destination. It’s not a “VPN”, but for quick IP switching, it does the job. You can also combine it with the desktop app to do a “double hop” (Connect to 1 location in the desktop app, and another in the extension).
@Yegor – love that you are responding here as a dev for the product. Thx
I use it on two different machines now and it is the best I’ve tried so far.
Next week will be my 2nd year with Windscribe Pro. I use it on 2 horribly under CPUd, ancient laptops and a newly built ryzen 5 Windows 10pro box, as well as an android…
I really like the ROBERT feature, it’s something that I’ve always wanted to put the time into and do myself, but never could get around to it – I use the default settings on it. I like that it is voluntary and can be turned off/on, can be easily customized, and applies to all connected devices.
I’ve never had an issue running windscribe on any machine, maybe the occasional drop, I think they did have one outage in all that time that affected me, but was quickly resolved and communicated on their excellent Subreddit.
On one of the aforementioned laptops I do occasionally experience the TCP socket termination issue addressed by Yegor earlier. The application does warn with a dialog box about high CPU use from the affected app explains the issue and asks if you want to disable and proceed, but has never cause me any issue even though I don’t disable it. The issue is also mentioned on their website…
I’m not a terrorist, illicit drug dealer, or planning to off anyone, but I don’t want invasive companies/marketers accumulating and selling all my porn watching info so windscribe works for me and I appreciate the effort put into the product to make my life easier. lol