NullPrivate User Guide | NullPrivate Ad-Blocking & Anti-Addiction

• 1: User Guide
• 1.1: User Guide
• 1.2: How to Configure
• 1.2.1: Android
• 1.2.2: iPhone
• 1.2.3: Windows
• 1.2.4: macOS
• 1.2.5: Browser
• 1.3: Public Services
• 1.3.1: Android
• 1.3.2: iPhone
• 1.3.3: macOS
• 1.4: Advanced Features
• 1.4.1: Blocked Application List
• 1.4.2: ECS Boosts CDN Access Speed
• 1.4.3: DDNS Dynamic Resolution
• 1.4.4: DNS Split-Horizon Configuration Guide
• 1.4.5: Using Custom Device Names
• 1.4.6: Faster Request Response
• 1.4.7: Set Up Trusted Upstream Providers
• 1.5: Privacy Policy
• 1.6: Terms of Service
• 2: Feature Description
• 2.1: Web Ad Blocking
• 2.2: Mobile Ad Blocking
• 2.3: Privacy Protection
• 2.4: Malware Blocking
• 2.5: Adult Content Blocking
• 2.6: Social Network Blocking
• 2.7: Phishing Site Blocking
• 2.8: Tracking Protection
• 2.9: Malicious Traffic Interception
• 2.10: Access Request Logs
• 2.11: Statistics
• 2.12: Supported Platforms
• 2.13: Configuration Guide
• 2.14: Open Source Information
• 2.15: Custom Rules
• 2.16: Custom Resolution
• 2.17: Custom Block Lists
• 2.18: Quick Response
• 2.19: Set Internet Time Limits
• 3: Cyber Subtlety
• 3.1: How to Prevent Personal Information Leaks and "Doxxing" Risks
• 3.2: Guide to Protecting Personal Online Privacy
• 3.3: Adolescent Online Safety Protection Guide
• 3.4: Protecting Seniors from Online Scams
• 3.5: How to Deal with Enterprise Network Monitoring
• 4: Basic Tutorial
• 4.1: What is DNS
• 4.2: NullPrivate Fundamentals
• 4.3: Home Setup
• 5: FAQs
• 5.1: How to Purchase and Use
• 5.2: Restore DNS Settings on iOS
• 5.3: How to Handle False Positives
• 5.4: After-Sales Service Guide
• 5.5: Mini Program Cannot Be Accessed
• 5.6: Slow Access to Some Websites

1 - User Guide

Main Services Provided for a Fee

Basic Features

1. Access Logs
2. Blocking Logs
3. Statistics
4. Custom Upstream
5. Custom Filtering Rules
6. Custom Resolution
7. Whitelist Mode

Advanced Features

1. HTTP3 Support
2. DDNS Support
3. ECS Support
4. Resolution by Traffic Rules
5. Block Specific Applications
6. Schedule

Access Logs

View internet access logs. The private service provides a 24-hour network access log query.

Blocking Logs

View blocking logs to understand which ads are blocked and which websites are blocked.

Statistics

The private service provides 24-hour network access statistics to understand user internet habits.

Statistics will show which websites are visited the most and which websites are blocked the most.

Custom Rules

Create custom rules within the private service to block ads from commonly used applications or allow websites that are not considered ads by the user.

Users may need to view access logs to observe website query records when launching specific applications, in order to add custom rules.

Whitelist Mode

If you need to avoid blocking certain types of websites, you can set whitelist mode, allowing access only to specific websites.

The whitelist has a higher priority than the blacklist; if a website is on the whitelist, it will not be blocked. Users can add commonly used websites to the whitelist to avoid accidental blocking.

Authoritative Resolution

Supports adding authoritative resolution for devices within a company or home, resolving specified names to the IP addresses of home devices, eliminating the need to remember IP addresses.

Users do not need to purchase a domain name or register; they only need to add authoritative resolution rules within the private service.

1.1 - User Guide

Paid Core Services

Basic Features

1. Access logs
2. Blocking logs
3. Statistics
4. Custom upstream
5. Custom filtering rules
6. Custom resolution
7. Allowlist mode

Advanced Features

1. HTTP3 support
2. DDNS support
3. ECS support
4. Split-horizon resolution by ruleset
5. App blocking
6. Time-based rules

Access Logs

View your browsing history; the private service provides 24-hour network access logs.

Blocking Logs

Check which ads and websites have been blocked.

Statistics

The private service provides 24-hour network access statistics so you can understand your browsing habits.

Statistics show which sites are visited most and which are blocked most.

Custom Rules

Create custom rules within the private service to block ads from apps you frequently use or to allow sites you don’t consider ads.

You may need to review the access logs, observe the DNS queries when launching specific apps, and then add corresponding custom rules.

Allowlist Mode

To prevent certain types of sites from being blocked, enable allowlist mode so only specified sites can be accessed.

The allowlist takes precedence over the blocklist; any site on the allowlist will not be blocked. You can add commonly used sites to the allowlist to avoid accidental blocking.

Authoritative Resolution

Support authoritative resolution for enterprise or home devices, mapping specified hostnames to your local IP addresses—no need to memorize IPs.

No domain purchase or filing is required; simply add authoritative resolution rules in the private service.

1.2 - How to Configure

After the paid service expires,

• The service will be disabled immediately, and attempting to access the admin dashboard will redirect you to the service status page.
• Personal settings will be retained for 7 days; if you do not renew within 7 days, all service data will be permanently deleted.
• Once the service is completely removed, your custom domain will no longer be able to access the service. Remember to update your encrypted DNS settings, otherwise you will be unable to access the Internet.

Need help?

Contact on WeChat private6688
or Send email service1@nullprivate.com
Please describe your issue in detail, and we will respond as soon as possible.

1.2.1 - Android

Configuration Steps

Device-specific setup instructions:

Xiaomi / Redmi

1. Open Settings
2. Select Connection & Sharing
3. Tap Private DNS
4. Choose Private DNS provider hostname
5. Enter: {xxxxxxxxxxxxxxxx}.adguardprivate.com

Samsung

1. Open Settings
2. Select Connections
3. Tap More connection settings
4. Select Private DNS
5. Enter: {xxxxxxxxxxxxxxxx}.adguardprivate.com

Note: Replace {xxxxxxxxxxxxxxxx} with your dedicated DNS server address.

Verify Configuration

After configuration:

1. The system will automatically validate the DNS connection.
2. “Connected” indicates success.

Troubleshooting

If configuration fails, check:

1. Whether the DNS server address is correct.
2. Whether the network connection is normal.
3. Whether the account is active.

1.2.2 - iPhone

iOS 14 and above natively support encrypted DNS via DNS over HTTPS (DoH) and DNS over TLS (DoT). You can enable it as follows:

1. Open the built-in Safari browser, go to the NullPrivate backend, Setup Guide → DNS Privacy
2. Download Profile
3. Open Settings on your phone
4. Tap General
5. Tap VPN & Device Management
6. Select your dedicated profile and install it

Configuration Demo

1.2.3 - Windows

Windows 11

Starting with Windows 11 21H2, native DNS over HTTPS (DoH) is supported. You can enable it as follows:

1. Open Settings
2. Open Network & Internet
3. Open Ethernet
4. Locate DNS server assignment, click Edit
   1. Choose Manual
   2. In Preferred DNS server, enter 120.26.96.167 for IPv4 and 2408:4005:3de:8500:4da1:169e:dc47:1707 for IPv6
   3. DNS over HTTPS (DoH): On (manual template)
   4. In DoH template, enter https://xxxxxxxxxxxxxxxx.adguardprivate.com/dns-query; {xxxxxxxxxxxxxxxx} is your encrypted DNS service username.
   5. Do not check Fallback to plaintext
   6. For the alternate DNS server you can optionally enter 223.5.5.5 (Alibaba Cloud public DNS service), set DNS over HTTPS to Off, and check Fallback to plaintext.

Windows 10 and Earlier

Windows 10 and earlier versions do not support native encrypted DNS, but if you are using a newer browser such as Chrome/Edge or any Chromium-based browser (360, QQ, and other Chinese browsers), you can configure DoH encrypted DNS within the browser. Here are the steps for Chrome:

1. Open Chrome Settings
2. Open Privacy, search, and services
3. Scroll to Security
4. Enable Use secure DNS to specify how to look up the network address for websites
5. In Choose service provider, enter https://xxxxxxxxxxxxxxxx.adguardprivate.com/dns-query; {xxxxxxxxxxxxxxxx} is your encrypted DNS service username.

For other browsers, please refer to their respective settings; generally, the option can be found under Settings → Privacy → Security.

1.2.4 - macOS

macOS Big Sur and later natively support DNS over HTTPS (DoH) and DNS over TLS (DoT) encrypted DNS. You can enable it as follows:

1. Open the built-in Safari browser and navigate to the NullPrivate service dashboard, Setup Guide → DNS Privacy.
2. Download the profile.
3. Open System Settings.
4. Go to Privacy & Security.
5. Select Profiles.
6. Choose your dedicated profile and install it.

1.2.5 - Browser

Browser versions based on Chromium 79+ support DoH. Below are the setup steps for Chromium-based browsers (Chrome/Edge/360/QQ, etc.):

1. Open Chrome’s Settings
2. Go to Privacy, search, and services
3. Scroll down to Security
4. Enable Use secure DNS to specify how to look up the network address for websites
5. In Choose service provider, enter https://xxxxxxxxxxxxxxxx.adguardprivate.com/dns-query, where {xxxxxxxxxxxxxxxx} is your username for the dedicated encrypted DNS service.

1.3 - Public Services

We provide free public services and have curated a set of widely-used domain lists.

Public Service Rules

The public service employs balanced ad-blocking rules; false positives or misses may occur. The rule lists are:

• AdGuard DNS filter
• AdGuard DNS Popup Hosts filter
• CHN: AdRules DNS List
• CHN: anti-AD
• AWAvenue Ads Rule
• WindowsSpyBlocker
• anti-AD
• easylist
• OISD Blocklist Small

Some users configure extra protection for elderly family members, so we also include security-blocking rules:

• HaGeZi’s Threat Intelligence Feeds
• HaGeZi’s Badware Hoster Blocklist

Additionally, the public service includes the following rules to block stubborn ads on certain phones that cannot be removed by conventional means:

# huawei search && browser
hisearch-drcn.dt.dbankcloud.com
uc-drcn.hispace.dbankcloud.cn
connect-drcn.hispace.hicloud.com
adx-drcn.op.dbankcloud.cn
hisearch-static-drcn.dbankcdn.com
||configserver.hicloud.com
||configserver.platform.hicloud.com
||configdownload.dbankcdn.cn
||browsercfg-drcn.cloud.dbankcloud.cn

Usage Notes

Because the public service is intended for the general population, it cannot accommodate personalized needs. Some users complain that ad-blocking is insufficient, while others report that false positives prevent game logins. We apologize that the public service cannot satisfy everyone; content that some view as ads may be useful information to others. In such cases, we tend to prioritize users who consider it useful.

When a false positive prevents WeChat or Alipay mini-programs from loading, simply disable the phone’s encrypted DNS setting temporarily to access the required service. However, based on our operational experience, many users do not know what to do when a service fails to work properly, so we must consider non-technical users’ experience.

Users familiar with DNS who encounter false positives or insufficient blocking should consider purchasing a private service.

Private services offer access logs, blocking logs, statistics, custom rules, authoritative resolution, and more to meet individual needs.

For other common requests,

Need help?

Contact on WeChat private6688
or Send email service1@nullprivate.com
Please describe your issue in detail, and we will respond as soon as possible.

Setup Instructions by Platform

Android

Android has natively supported DNS over TLS (DoT) since Android 9; phones released after 2019 are compatible. Enable it as follows:

1. Open Settings
2. Go to More connections
3. Open Private DNS
4. Choose Private DNS provider hostname and enter: public.adguardprivate.com

Self-hosted DNS can be implemented in many ways (e.g., AdGuard, dnsmasq, clash), but only native DoT has zero impact on phone performance. It requires no third-party apps, no permissions, no resources, and does not affect battery life. Therefore, native DoT encrypted DNS is recommended.

iPhone

iOS 14 and later natively support DNS over HTTPS (DoH) and DNS over TLS (DoT). Enable it as follows:

1. Open Safari, download the profile: dot.mobileconfig
2. Open Settings
3. Go to General
4. Open VPN & Device Management
5. Select Install Profile

macOS

macOS Big Sur and later natively support DNS over HTTPS (DoH) and DNS over TLS (DoT). Enable it as follows:

1. Open Safari, download the profile: dot.mobileconfig
2. Open System Preferences
3. Go to Network
4. Select VPN & Device Management
5. Choose Install Profile

1.3.1 - Android

Feature Overview

Android 9 and above natively supports DNS over TLS (DoT) encryption, protecting DNS queries from eavesdropping and tampering.

Setup Instructions

The exact menu path differs by brand; below are the steps for the most common manufacturers:

Xiaomi / Redmi

1. Open Settings
2. Select Connection & Sharing
3. Tap Private DNS
4. Choose Private DNS provider hostname
5. Enter: public.adguardprivate.com

Samsung

1. Open Settings
2. Select Connections
3. Tap More connection settings
4. Choose Private DNS
5. Select Private DNS provider hostname
6. Enter: public.adguardprivate.com

OPPO / OnePlus

1. Open Settings
2. Select Wi-Fi & Network
3. Tap Private DNS
4. Choose Private DNS provider hostname
5. Enter: public.adguardprivate.com

Other Brands

Look for the setting via:

• Search for “DNS” or “Private DNS” in Settings
• Check Network settings or Advanced network options

FAQ

How do I verify the configuration?

1. After saving, the system automatically validates the DNS server
2. If you see “Connected” or a checkmark, the setup succeeded

Troubleshooting setup failures

1. Ensure the hostname is entered exactly as shown
2. Verify your network connection is active
3. Confirm your Android version supports DoT (requires Android 9 or higher)

Setup Demo

1.3.2 - iPhone

Feature Overview

Starting with iOS 14, the iPhone natively supports encrypted DNS features, including:

• DNS over HTTPS (DoH) – encrypts DNS queries via the HTTPS protocol
• DNS over TLS (DoT) – encrypts DNS queries via the TLS protocol

These features effectively protect your network privacy and prevent DNS hijacking.

Configuration Steps

1. Download the Profile

Use Safari to download the profile: dot.mobileconfig

2. Install the Profile

1. Open the Settings app
2. Go to General > VPN & Device Management
3. Select and install the public.adguardprivate.com DoT profile

Special Notes

If you have iCloud Private Relay enabled, you need to:

• Manually turn it off in Settings, or
• Download and install this profile: disable-icloud-private-relay.mobileconfig

⚠️ Security Warning
Be extremely cautious when installing profiles. The profiles provided here are intended solely for legitimate privacy protection and ad-filtering services.
Do not install profiles from unknown sources, as they may compromise your device’s security.

Configuration Demo Video

1.3.3 - macOS

macOS Big Sur and later natively support DNS over HTTPS (DoH) and DNS over TLS (DoT). You can enable encrypted DNS as follows:

1. Open the built-in Safari browser and download the configuration file: dot.mobileconfig
2. Open System Settings
3. Go to Privacy & Security
4. Select Profiles
5. Under “Downloaded,” choose public.adguardprivate.com DoT to install

Please note that this is an unconventional way to modify system settings. We generally advise iPhone users not to install configuration files from unknown sources unless you are certain of their origin. This site provides legitimate personal-privacy protection and ad-blocking services and will never perform any actions that are harmful or objectionable to users. This disclaimer is intended to remind you that, even if you trust me, you should not readily trust configuration files provided by other websites. I will cover the potential risks of modifying system DNS settings in this manner in another article.

The complete contents of the configuration file are shown below. You can copy the text and paste it into your iPhone’s settings, or simply click the link above to download the file.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
	<dict>
		<key>PayloadContent</key>
		<array>
			<dict>
				<key>DNSSettings</key>
				<dict>
					<key>DNSProtocol</key>
					<string>TLS</string>
					<key>ServerName</key>
					<string>public.adguardprivate.com</string>
				</dict>
				<key>PayloadDescription</key>
				<string>Configures device to use NullPrivate</string>
				<key>PayloadDisplayName</key>
				<string>public.adguardprivate.com DoT</string>
				<key>PayloadIdentifier</key>
				<string>com.apple.dnsSettings.managed.11b4d48d-8e9b-4e15-b7c1-45cb1c564c99</string>
				<key>PayloadType</key>
				<string>com.apple.dnsSettings.managed</string>
				<key>PayloadUUID</key>
				<string>e9819f0c-250e-49b7-ad89-c0db078c72f0</string>
				<key>PayloadVersion</key>
				<integer>1</integer>
			</dict>
		</array>
		<key>PayloadDescription</key>
		<string>Adds NullPrivate to macOS Big Sur and iOS 14 or newer systems</string>
		<key>PayloadDisplayName</key>
		<string>public.adguardprivate.com DoT</string>
		<key>PayloadIdentifier</key>
		<string>e0b7d7db-e0d1-4bce-bcf4-8ada45d2f5a3</string>
		<key>PayloadRemovalDisallowed</key>
		<false/>
		<key>PayloadType</key>
		<string>Configuration</string>
		<key>PayloadUUID</key>
		<string>0404cb98-3621-4f97-9530-b18288633d40</string>
		<key>PayloadVersion</key>
		<integer>1</integer>
	</dict>
</plist>

1.4 - Advanced Features

Here we will introduce some advanced usage tips for private services.

1.4.1 - Blocked Application List

It is important not to confuse this with blacklists, which are usually used to block ads, privacy trackers, malware, etc. The Blocked Application List is for completely preventing the use of specified applications.

It is typically combined with a schedule to build personal habits and avoid addiction. Commonly used for minors’ habit formation—for example, prohibiting social media and games during study hours. It can also be used for adult self-discipline, such as banning social media and games during work hours.

This service provides pre-configured rules based on popular apps in each country. Because popular culture changes and companies evolve, these lists may become outdated, but we are committed to ongoing maintenance.

If you find that an app in the list is not fully blocked, or if you need to add a recently popular app, please contact us and we will handle it promptly.

Need help?

Contact on WeChat private6688
or Send email service1@nullprivate.com
Please describe your issue in detail, and we will respond as soon as possible.

1.4.2 - ECS Boosts CDN Access Speed

NullPrivate supports ECS, delivering more precise resolution and optimizing your network experience.

What is ECS (Extended Client Subnet)?

ECS (Extended Client Subnet) is a DNS protocol extension that allows a DNS resolver (such as your NullPrivate server) to pass part of the client’s IP address information to the authoritative DNS server. This enables the authoritative server to provide more accurate DNS responses based on the client’s network location.

How ECS Works

1. Traditional DNS Query: Without ECS, the DNS resolver only sends its own IP address to the authoritative DNS server. This forces the authoritative server to make resolution decisions based on the resolver’s location (usually a data center), which can yield sub-optimal results.

2. ECS-enabled DNS Query: When ECS is enabled, the DNS resolver includes a portion of the client’s IP address (the subnet) in the DNS query. For example, if the client’s IP is 203.0.113.45, the resolver might send 203.0.113.0/24 as ECS information.

3. Authoritative Server Response: Upon receiving a query containing ECS information, the authoritative DNS server can use it to select the IP address best suited to the client—typically the server geographically closest to the client.

Benefits of ECS

• Faster Response Times: By directing clients to the nearest server, ECS reduces latency and improves application responsiveness.
• Enhanced User Experience: Faster response times create a smoother, more enjoyable online experience.
• More Effective CDN Usage: Content Delivery Networks (CDNs) can leverage ECS to direct users to the optimal content server, boosting efficiency and lowering costs.
• Bypass Local Resolver Limitations: Some local ISP DNS servers may have issues such as resolution errors or domain hijacking. ECS can bypass these limitations to obtain more accurate resolution results.

Why Use ECS with NullPrivate?

As a private DNS server, NullPrivate can be configured to use upstream DNS servers for domain resolution. With ECS enabled, NullPrivate can pass your client subnet information to those upstream servers, yielding more accurate resolution results.

1.4.3 - DDNS Dynamic Resolution

What is DDNS?

DDNS (Dynamic DNS) lets you bind a fixed domain name to a dynamic IP address, ideal for home broadband users who need to access internal devices such as NAS units, smart-home controllers, etc.

Features

• Easy to use: Automatic updates with a single script
• Zero extra cost: No need to purchase a domain
• High reliability: Powered by NullPrivate’s DNS infrastructure
• Fast propagation: DNS records take effect instantly after update, no waiting for propagation

Getting Started

You can find the DDNS script download link under Filters -> DNS rewrites.

FAQ

How do I verify it’s working?

Run ping your-domain.name to confirm the domain resolves to your current IP address.

Alternatively, log in to the service dashboard and check Filters -> DNS rewrites.

How do I schedule automatic updates?

Windows Task Scheduler

1. Open Task Scheduler
2. Create a basic task
3. Set the trigger frequency (recommended 15–30 minutes)
4. Choose PowerShell as the program and enter the full script command in the arguments

Linux Cron Job

Add the following to crontab (runs every 15 minutes):

*/15 * * * * /path/to/update_dns.sh https://xxxxxxxx.adguardprivate.com admin:password123 nas.home

Notes

• Keep your username and password secure to avoid leaks
• It’s recommended to add the update script to your system scheduler for automatic execution
• If resolution doesn’t update promptly, check network connectivity and verify credentials

1.4.4 - DNS Split-Horizon Configuration Guide

DNS Split-Horizon Overview

DNS split-horizon routes resolution requests for different domains to distinct DNS servers, greatly improving network access. A well-designed setup can:

• Accelerate domain resolution
• Increase website stability
• Optimize cross-border access
• Avoid DNS pollution

NullPrivate Split-Horizon Configuration

Basic Example

# Domestic DNS servers
223.5.5.5                                    # Alibaba DNS
2400:3200::1                                 # Alibaba DNS IPv6
public0.adguardprivate.svc.cluster.local    # Private DNS, mainland upstream

# Overseas DNS servers
tls://1.0.0.1                               # Cloudflare DNS
tls://[2606:4700:4700::1001]               # Cloudflare DNS IPv6
public2.adguardprivate.svc.cluster.local    # Private DNS, other upstream

# Split-horizon rules
[/google.com/bing.com/github.com/stackoverflow.com/]tls://1.0.0.1 public2.adguardprivate.svc.cluster.local
[/cn/xhscdn.com/tencentclb.com/tencent-cloud.net/aliyun.com/alicdn.com/]223.5.5.5 2400:3200::1 public0.adguardprivate.svc.cluster.local

Domestic Carrier DNS Servers

China Telecom DNS Servers

China Unicom DNS Servers

China Mobile DNS IPs

Public DNS IPs

Configuration Tips

1. Prefer geographically close DNS servers
2. Configure both IPv4 and IPv6 DNS
3. Set up backup DNS for critical domains
4. Update split-horizon rules regularly
5. Monitor DNS response times

Precautions

• Record original DNS settings before changes
• Avoid untrusted DNS servers
• Periodically verify DNS resolution
• Keep rule lists concise and effective

Proper DNS split-horizon configuration can significantly improve network access. Choose DNS servers and rules according to your actual needs.

References

• Provincial DNS Server List
• Public DNS Lookup

1.4.5 - Using Custom Device Names

If you use the service’s listening address directly, such as:

• tls://xxxxxxxx.adguardprivate.com
• https://xxxxxxxx.adguardprivate.com/dns-query

the IP shown in the dashboard under Client Rankings will be the cluster IP of the load balancer, which is meaningless to you and prevents differentiating individual devices.

You can identify different devices by extending the hostname or adding a URL path.

• DoT uses the extended-hostname method, e.g. tls://device1.xxxxxxxx.adguardprivate.com
• DoH uses the additional-path method, e.g. https://xxxxxxxx.adguardprivate.com/dns-query/device2

Notes:

• On Android, you do not need the protocol prefix tls://; simply enter device1.xxxxxxxx.adguardprivate.com
• On Apple devices, follow the setup guide: enter the client ID, download the configuration profile, and you’re done—no manual entry required.

All devices on a personal service share the service’s query limit of 30 requests per second.

1.4.6 - Faster Request Response

Paid users utilize the NullPrivate private service; the DNS request path is as follows:

Based on this path, we can analyze the fastest response strategy.

Local Cache Hit

The fastest response is a local cache hit. Because the local cache operates at the memory level, it is extremely fast—only a few microseconds.

This is controlled by the TTL (time to live) value in the DNS response, typically ranging from minutes to hours, indicating that the query result remains valid during this period and does not need to be queried again.

You can set the minimum TTL value in Control Panel -> Settings -> DNS Settings -> DNS Cache Configuration -> Override Minimum TTL. Increasing this value extends cache duration, allowing the system to use the local cache more frequently. A common TTL value is 600 seconds.

However, since this site also provides filtering capabilities, if a service you need is mistakenly blocked by ad rules, you won’t be able to access it immediately even after temporarily disabling encrypted DNS, because the local cache result has been modified by the filtering rules. Therefore, setting it to 60 seconds is a safer value, ensuring that in rare cases users won’t have to wait too long after disabling encrypted DNS due to false blocks.

NullPrivate DNS Server

Currently, the site uses Alibaba Cloud servers located in Hangzhou, which can meet the low-latency needs of most users in the eastern region. As the business grows, more servers will be added nationwide in the future.

Server Cache Hit

By default, each user is allocated 4 MB of DNS cache. Based on experience, this is sufficient for a household. Allowing users to freely modify this setting may result in forced service termination, so the modification entry for this setting has been disabled.

Upstream DNS Server

Since Alibaba Cloud services are used, upstream DNS services also use Alibaba Cloud DNS, which is very fast, typically returning results within a few milliseconds.

Users have three ways to request upstream DNS servers:

1. Load Balancing: Load balancing is enabled by default, automatically selecting the fastest server to return results.
2. Parallel Requests: The site does not restrict the use of parallel requests.
3. Fastest IP Address: Currently a meaningless setting; the modification entry for this setting has been disabled.

Here’s why the “fastest IP address” is meaningless: the fastest IP must be chosen by the actual device accessing the service. When NullPrivate runs in Hangzhou but the user is in Beijing, NullPrivate considers Hangzhou’s IP address the fastest, but in reality, the user accessing a Beijing service is fastest; choosing Hangzhou’s IP address actually increases latency. Therefore, the modification entry for this setting has been disabled. This setting might be useful in a user’s home network but is meaningless in a public service.

Many factors affect network experience, such as server-side bandwidth, network congestion, server load, and network quality. Choosing the fastest IP address does not guarantee the fastest response speed; latency is only one factor, not the sole factor. To prevent users from misconfiguring and degrading service quality, the modification entry for this setting has been disabled.

Rule Filtering

The most commonly used mode is the blacklist list, where users can choose from preset blacklist lists. Blacklist hits use a hash algorithm; regardless of the number of rules, hit time is O(1), so users need not worry about excessive rule volume causing long hit times.

However, rules are calculated and stored in memory. Each user’s service memory usage is limited to 300 MB, which meets the needs of most users. If a user’s rule volume is too large, it may cause insufficient memory, leading to repeated service restarts and service interruption.

Currently, the site has disabled third-party rules to prevent users from introducing excessive rules. Once better restriction methods are available, third-party rules will be reopened.

Summary

To achieve faster request response, users can:

1. Appropriately increase the minimum TTL value to improve local cache hit rate.
2. Set an appropriate DNS cache size (preset value).
3. Choose the geographically closest city to create a service (pending business expansion).
4. If no overseas access is needed, use load balancing; if overseas access is needed, use parallel requests.
5. Use blacklist rules suitable for yourself, avoiding introducing excessive rules.

1.4.7 - Set Up Trusted Upstream Providers

When a paid service is created, it defaults to domestic upstream servers that are relatively fast, including Alibaba’s IPv4 and IPv6 as well as DoT services.

Some providers may have resolution errors, resolving certain overseas domains to incorrect IP addresses and causing access failures. A common symptom is the browser reporting a certificate error.

To avoid such resolution errors, you can switch upstream providers and use Cloudflare’s services. When using these services, make sure to adopt DoH or DoT protocols to prevent hijacking.

At the same time, you should disable domestic upstream servers because they are geographically closer and faster, and AdGuard will prefer them.

Simply prepend a # to the IP of the corresponding upstream server to disable it.

After configuration, click Test upstreams to ensure the upstream servers are available, then click Apply once confirmed.

However, using only overseas servers will degrade the experience of domestic apps, because domestic apps usually direct overseas resolutions to specific external servers, which are slower when accessed from within China.

If you only need to avoid resolution errors for commonly used services, you can manually specify a particular resolution address for domains that are incorrectly resolved; unspecified domains will continue to use the default domestic upstream servers.

In the AdGuard dashboard, go to Settings → DNS settings → Upstream DNS servers, add incorrectly resolved domains in the format [/example1.com/example2.com/]tls://1.0.0.1 under Custom DNS servers, then click Save configuration.

public2.adguardprivate.svc.cluster.local is our internally provided resolver without resolution errors, whose upstream is Cloudflare. Compared to users specifying an overseas upstream themselves, it offers faster resolution speeds at the cost of a small delay when domain records are updated. If you have no specialized requirements, you can use this resolver we provide.

If you prefer to use external resolvers such as Cloudflare or Google, you need to specify IP addresses using DoT/DoH. You can refer to the following:

#tls://1.1.1.1
tls://1.0.0.1
tls://[2606:4700:4700::1111]
tls://[2606:4700:4700::1001]
tls://[2606:4700:4700::64]
tls://[2606:4700:4700::6400]
https://1.1.1.1/dns-query
https://1.0.0.1/dns-query
https://[2606:4700:4700::1111]/dns-query
https://[2606:4700:4700::1001]/dns-query
#tls://8.8.8.8
#tls://8.8.4.4
tls://[2001:4860:4860::8888]
tls://[2001:4860:4860::8844]
tls://[2001:4860:4860::64]
tls://[2001:4860:4860::6464]
#https://8.8.8.8/dns-query
#https://8.8.4.4/dns-query
#https://[2001:4860:4860::8888]/dns-query
https://[2001:4860:4860::8844]/dns-query

Addresses commented with # are currently blocked by the firewall and unavailable.

This site fully supports IPv6, which is one of our advantages. You can use IPv6 upstream addresses for more stable resolution speeds.

1.5 - Privacy Policy

• NullPrivate does not collect any information from users.
• NullPrivate will not share any information about users with third parties.
• NullPrivate provides services using randomly generated usernames and passwords; only the payment order number is linked to the username, and the payment order number does not involve personal information.
• When initiating inquiries via WeChat or email, NullPrivate will learn contact details such as WeChat ID or email address.
• Contact details are used solely for service inquiries; NullPrivate will not proactively send any promotional information to the obtained contact details.
• NullPrivate uses tools like Google Analytics for official website traffic statistics, but does not collect any personal information.
• When diagnosing user issues, NullPrivate will review the runtime logs of the user service, but does not collect any personal information.

1.6 - Terms of Service

I. Service Content

1. NullPrivate provides DNS-based ad blocking and privacy-protection SaaS services.
2. Services are divided into Trial (time-limited / quota-limited) and Paid versions; see product documentation for functional differences.
3. We reserve the right to adjust service features as technology evolves.

II. Account and Registration

1. No real-name information is required for the Trial version; use random credentials to experience the service.
2. Paid versions must complete order verification via the payment platform.
3. Transferring or sharing account credentials is prohibited.

III. Payment and Refunds

1. The Trial version is a time-limited offer, and prices may change at any time.
2. Paid versions use a prepaid model. No refunds are currently provided.
3. If service interruption exceeds 24 hours due to force majeure, you may apply for service-time compensation.

IV. Privacy Protection

1. We follow the data-processing principles described in the Privacy Policy.
2. Service logs are retained for no more than 30 days and are used only for troubleshooting.
3. All configuration data is transmitted via TLS encryption.

V. User Responsibilities

1. You must not use the service for any illegal activities.
2. Reverse engineering or cracking service protocols is prohibited.
3. Report any security vulnerabilities to us.

VI. Disclaimer

1. We do not guarantee completely uninterrupted or error-free service.
2. We will not be liable for service issues arising from:
   • User equipment or network failure
   • Force majeure (natural disasters, policy changes, etc.)
   • Third-party service (payment platforms, DNS providers, etc.) failure

VII. Amendments

1. Significant changes will be announced on the official website at least 30 days in advance.
2. Continued use of the service constitutes acceptance of the revised terms.

Last Updated: 29 November 2024
Effective Date: 1 December 2024

(Contact us at service1@nullprivate.com if you have any questions.)

2 - Feature Description

Product Overview

NullPrivate is a powerful network ad-blocking tool focused on providing comprehensive network privacy protection and content-filtering services. With advanced filtering technology, it helps users achieve a safer, faster, and cleaner web-browsing experience.

Core Features

• Smart Encryption Service

  • Supports DoT/DoH encryption protocols
  • High-performance domain name resolution
  • Intelligent caching mechanism

• Comprehensive Ad Blocking

  • Precise ad identification
  • Pop-up and tracker blocking
  • Custom filtering rules

• Privacy Protection

  • Encrypted queries
  • Logging options
  • Anti-tracking protection

• Advanced Features

  • Real-time statistical analysis
  • Anti-addiction
  • Schedule settings
  • Whitelist & blacklist management
  • Custom rewriting

Please use the left-hand table of contents to view detailed instructions for each feature.

2.1 - Web Ad Blocking

Basic Principles of Ad Blocking

NullPrivate uses DNS filtering technology to monitor and analyze network requests in real time. When an ad-related domain request is detected, the system automatically returns an empty address or a local loopback address, thereby preventing ad content from loading. This approach is both efficient and transparent to the user, without affecting normal browsing.

Intelligent Blacklist System

NullPrivate employs a multi-layer blacklist management mechanism:

• Auto-Update: The system periodically fetches the latest ad domain lists from trusted sources
• Category Management: Domains are classified by type—ads, trackers, malware, etc.
• Performance Optimization: Uses efficient matching algorithms for fast response
• Statistical Analysis: Provides detailed blocking statistics so you can see the protection in action

Flexible Whitelist Control

The whitelist feature offers precise access control:

• Access Protection: Only allows access to trusted sites
• Scenario Customization: Ideal for anti-addiction and enterprise network management
• Simple Configuration: Supports import/export for easy management
• Real-Time Effect: Changes take effect immediately without service restart

Usage Recommendations

1. Start with the basic blacklist and adjust gradually
2. Regularly review blocking statistics to understand system effectiveness
3. Promptly add domains to the whitelist when false positives occur
4. Customize filtering rules for special needs

Technical Details

DNS Filtering Mechanism

• Uses high-performance DNS response caching
• Supports IPv4 and IPv6 dual-stack filtering
• Millisecond-level local response speed

Rule Matching

• Exact domain matching
• Wildcard rule support
• Regular expression matching

Performance Optimization

• Memory-optimized data structures
• Concurrent request handling
• Intelligent caching mechanism

2.2 - Mobile Ad Blocking

Problem Overview

Many Android devices ship with pre-installed adware that:

• Pops up ads at inappropriate moments
• Continuously collects user data in the background
• Consumes system resources, causing performance degradation
• Generates unnecessary network traffic
• Significantly shortens battery life

AdGuard Solution

“NingPing” protects your device by:

• Blocking network requests from adware
• Preventing malicious tracking
• Optimizing device performance
• Extending battery life
• Reducing mobile data usage

2.3 - Privacy Protection

The Relationship Between Privacy and Advertising

Advertisers’ revenue primarily comes from ad conversions. To boost conversion rates, platforms need to:

1. Increase user retention
2. Serve personalized ads

This requires extensive collection of user privacy data. Platforms circumvent legal restrictions through:

• Complex user agreements
• Data exchanges with partners
• Disguised data anonymization

Privacy Protection Priority

Protecting privacy is more important than simply blocking ads:

• AdGuard’s Chinese filter has far more tracking rules (>400k) than ad rules (<100k)
• Some platforms have few ads yet profit more by monetizing privacy data

Behind the Platform’s “Thoughtfulness”

So-called personalized recommendations often don’t truly understand user needs; they’re marketing tactics:

• “You’ll like this” actually means “I want to sell this”
• Seemingly thoughtful services hide continuous data collection

How to Protect Yourself

Learn “cyber shrewdness” — control privacy leaks and avoid being accurately profiled by platforms. AdGuard Personal Service can help you achieve this.

2.4 - Malware Blocking

What is Malware?

Malware is a category of software designed to damage or gain unauthorized access to computer systems. It may:

• Steal personal information and sensitive data
• Disrupt system functions and files
• Encrypt data for ransom
• Recruit devices into botnets

How Malware Spreads

Hackers typically spread malware through the following methods:

• Download links disguised as legitimate software
• Attachments in phishing emails
• Vulnerable websites
• Infected advertisements

How AdGuard Protects You

“NingPing” provides comprehensive malware protection:

• Blocks known malware download links
• Prevents communication between malware and command-and-control servers
• Identifies and stops suspicious data exfiltration
• Regularly updates malware signature databases

It is recommended that you also adopt additional security measures, such as keeping your system and software up to date and exercising caution when downloading and opening attachments.

2.5 - Adult Content Blocking

Feature Overview

“NullPrivate” employs a multi-layer content filtering mechanism that can effectively identify and block:

• Pornographic and adult content sites
• Violent content
• Gambling-related sites
• Other harmful information

How It Works

The system achieves content blocking through:

1. DNS-level blocking: Prevents domain resolution of known harmful sites
2. Intelligent categorization: Classification system based on multiple trusted data sources
3. Real-time updates: Regularly updated blocking rules to ensure protection effectiveness

Configuration Guide

Basic Settings

Add the blocklist Link to the filter blacklist

Advanced Options

• Custom rules: Add specific sites to the blocklist
• Exception management: Set up whitelists to avoid false positives
• Access logs: View blocking records

Application Scenarios

• Family protection: Create a safe browsing environment for minors
• Enterprise management: Ensure employee access to work-appropriate sites
• Public spaces: Suitable for public networks in libraries, schools, etc.

Notes

1. Recommended to use in conjunction with anti-addiction features
2. Regularly check and update filtering rules
3. If false positives occur, promptly add to whitelist
4. If circumvention is detected, submit feedback

2.6 - Social Network Blocking

Risks of Social Network Tracking

Social network platforms collect user data through various means:

• Social plugins and share buttons
• Embedded content and widgets
• Third-party cookies and trackers
• Cross-site user behavior analysis

How AdGuard Protects You

“NingPing” safeguards your privacy by:

• Blocking social media trackers
• Preventing unauthorized data collection
• Filtering social network ads
• Stopping user profiling analysis

Recommended Usage

1. Enable the social network filter
2. Regularly check the blocking log
3. Set up a whitelist as needed
4. Keep filtering rules updated

With these measures, you can continue using the core features of social networks while protecting yourself from unwanted tracking and data collection.

2.7 - Phishing Site Blocking

What is a phishing site?

A phishing site is a fraudulent website that masquerades as a legitimate one in order to obtain sensitive information such as personal details and account passwords. These sites usually imitate:

• Banks and payment platforms
• Social networks
• E-commerce sites
• Government agency websites

Main risks

• Stealing user accounts and passwords
• Pilfering bank card and payment information
• Spreading malware
• Causing personal privacy leaks
• Leading to financial loss

How AdGuard protects you

“NingPing” offers protection through:

1. Real-time URL safety checks
2. Blocking known phishing sites
3. Preventing malicious domain resolution
4. Providing safe-browsing alerts

Safe-usage recommendations

• Enable AdGuard’s phishing protection
• Pay attention to the authenticity of the URL
• Do not click links from unknown sources
• Regularly update the AdGuard rule database

2.8 - Tracking Protection

What is Tracking?

Tracking is the practice of websites and applications collecting user data. Common tracking methods include:

• Cookie tracking
• Tracking pixels
• Browser fingerprinting
• Device identifier collection
• Behavioral analysis scripts

Impact of Tracking

Tracking activities have the following negative effects:

• Violate user privacy by exposing personal behavioral data
• Increase network traffic consumption
• Reduce device battery life
• Slow down webpage loading speeds

How AdGuard Protects You

“NingPing” fully protects your privacy by:

• Intelligently identifying and blocking tracking requests
• Preventing third-party cookies
• Removing tracking parameters
• Blocking common analytics scripts

By using AdGuard, you can enjoy a safer, faster, and more energy-efficient web experience.

2.9 - Malicious Traffic Interception

Malicious Traffic Interception

Problem Background

In daily internet usage, you may encounter the following security risks:

• ISP DNS hijacking that redirects you to fake websites
• Public WiFi hotspots injecting advertising content
• Man-in-the-middle attacks tampering with web content
• Unencrypted traffic being monitored and hijacked

Solution

Through the following technical means, we can effectively protect against these threats:

1. Enable encrypted DNS queries
2. Use HTTPS encrypted connections
3. Establish private secure channels
4. Real-time monitoring of abnormal traffic

These protection measures can ensure your network access is safe and reliable, preventing various malicious hijacking and content tampering.

2.10 - Access Request Logs

Complete Access Request Logs

The access request logs provide the following details:

• Time: The exact moment the request occurred
• Client: The IP address of the device that initiated the request
• Target: The domain name or IP address being accessed
• Response Status: The outcome of the request
• Filtering Rules: Any filtering rules that were triggered (if applicable)

You can use the search box to filter logs by domain, IP, or rule name. Logs are retained for 3 days by default.

Top Requested Domains

Domain access statistics display:

• The most frequently accessed domains
• The number of requests for each domain
• Upstream and downstream traffic generated
• Most recent access time

Sorting by request count or traffic volume helps you identify high-traffic sites.

Top Blocked Domains

Blocking statistics show:

• A list of blocked domains
• Block count statistics
• Filtering rules that were triggered
• Most recent block time

Directly within the list you can:

• Add mistakenly blocked domains to the allowlist
• View the specific rule that caused the block
• Export statistics for further analysis

2.11 - Statistics

DNS Query Statistics

AdGuard Private Services provide detailed DNS query statistics and analytics to help you better understand network usage.

Top Requested Domains

Statistics include:

• Domain access frequency
• Request count per domain
• Trend view by time period
• Search and filtering support

Blocked Requests Analysis

Displays in detail:

• List of blocked domains
• Matching rule details
• Block reason explanations
• Block time records

Data Applications

Statistics help you:

• Identify potential security threats
• Optimize ad-blocking rules
• Analyze network usage habits
• Adjust network access policies

2.12 - Supported Platforms

Supported Protocols

“NingPing” supports the following encrypted DNS protocols:

• DoT (DNS over TLS) - DNS queries encrypted via TLS
• DoH (DNS over HTTPS) - DNS queries encrypted via HTTPS

Supported Platforms

Windows 11

• Supports system-level DoH configuration
• Configure via Settings -> Network & Internet -> DNS server

macOS (Big Sur and above)

• Supports system-level DoH/DoT configuration
• Can be configured via System Preferences -> Network

iOS (14.0 and above)

• Supports system-level DoH/DoT configuration
• Can be configured in Settings -> General -> VPN & Device Management

Android (9.0 and above)

• Supports system-level Private DNS (DoT)
• Configure in Settings -> Network & Internet -> Private DNS

Browser Support

• Chrome/Edge/Brave: Supports DoH
• Firefox: Supports DoH/DoT
• Safari: Follows system DNS settings

For detailed configuration instructions, please refer to the specific configuration guides for each platform.

2.13 - Configuration Guide

Quick Start

“NingPing” adopts a “plug-and-play” design philosophy:

• Pre-configured optimized settings
• Intelligent rule management
• Automatic update maintenance

Configuration Methods

Encrypted Connection Options

Two secure encryption methods are provided:

1. TLS Encryption

   • Higher performance
   • Suitable for mobile devices
   • Supports DNS-over-TLS

2. HTTPS Encryption

   • Broader compatibility
   • Suitable for browsers
   • Supports DNS-over-HTTPS

Device Configuration Guide

Browser Configuration

• URL: https://xxxxxxxxxxxxxxxx.adguardprivate.com/dns-query
• Supports all major browsers
• No additional plugins required

Android Devices

• Server: xxxxxxxxxxxxxxxx.adguardprivate.com
• Supports system-level settings
• Compatible with third-party DNS apps

iOS Devices

• Provides dedicated configuration profile
• Supports system-level settings
• Automatically configures required parameters

Advanced Settings

Custom Rules

• Supports importing custom filtering rules
• Configurable rule priorities
• Supports regular expressions

Performance Optimization

• DNS cache settings
• Response timeout configuration

2.14 - Open Source Information

This project is inherited from an open-source project and follows the same open-source license GPL-3.0.

• Source repository: https://github.com/AdGuardTeam/AdGuardHome
• Fork repository: https://github.com/NullPrivate/NullPrivate

2.15 - Custom Rules

NullPrivate supports multiple custom rule formats, allowing flexible configuration to meet your needs. Below are the commonly used rule formats and examples:

Advanced Usage

• You can combine multiple rule types
• Rule priority: Allowlist > Blocklist > DNS Redirect
• Supports importing third-party rule lists

For detailed information, please refer to the AdGuard Home Hosts Blocklists documentation.

2.16 - Custom Resolution

Feature Overview

Custom resolution allows you to:

• Assign custom domain names to LAN devices
• Enable private DNS resolution
• Access intranet services securely and conveniently

Use Cases

Network Device Access

• NAS device: nas.home → 192.168.1.100
• Router: router.home → 192.168.1.1
• Printer: printer.home → 192.168.1.200

Development & Testing Environments

• Local service: api.local → 127.0.0.1
• Test environment: test.local → 192.168.1.50
• Container: redis.local → 172.17.0.2

Configuration Guide

Basic Syntax

domain record-type target-address
home A 192.168.1.2
*.home A 192.168.1.2

Supported Record Types

• A record: IPv4 address resolution
• AAAA record: IPv6 address resolution
• CNAME record: domain alias

Security Features

• Only takes effect on configured devices
• Does not expose intranet IP addresses
• Supports wildcard domain configuration
• Takes effect immediately; no restart required

Usage Recommendations

1. Choose intuitive domain names
2. Prefer suffixes like .home
3. Track changes to intranet IPs
4. Periodically review resolution settings

2.17 - Custom Block Lists

Overview

Custom block lists provide:

• Precise domain-level blocking control
• Flexible rule import/export
• Real-time update mechanism
• Convenient list management interface

Supported List Formats

Standard Format

||example.com^
||ads.example.com^

Mainstream Subscription Sources

• AdGuard format
• HOSTS format
• Domain format

Built-in Lists

We provide the following optimized lists:

• Manufacturer Ad Blocking: Targets system ads from various phone brands
• General Ad Blocking: Covers common ad networks
• Privacy Protection: Blocks trackers and data collectors

Usage Recommendations

1. List Selection

   • Add lists from trusted sources
   • Avoid duplicate rules
   • Regularly update rule sources

2. Performance Optimization

   • Limit the number of lists
   • Remove invalid rules
   • Monitor blocking effectiveness

3. Troubleshooting

   • Keep blocking logs
   • Validate rule syntax
   • Handle false positives promptly

2.18 - Quick Response

Quick Response

“NingPing” employs a high-performance server cluster to deliver an ultra-fast web browsing experience. Outstanding performance is achieved through the following approaches:

Optimized Network Architecture

• Dedicated server deployment
• Optimized network routing
• Fewer intermediary nodes
• Low-latency connections

Technical Advantages

• High-performance caching system
• Intelligent DNS resolution
• Load balancing
• Rapid failover

Performance Improvements

• Significantly reduced access latency
• Faster page load times
• Optimized DNS lookup duration
• Enhanced overall browsing experience

2.19 - Set Internet Time Limits

Feature Overview

AdGuard Private Service offers flexible internet time-limit controls to help parents manage their children’s online time. You can set independent rules for different devices, ensuring healthy network usage for the whole family.

How to Configure

1. Log in to the AdGuard Private Service management interface
2. Navigate to Filters → Blocked Services
3. Click the “Internet Time Limits” option
4. Set the allowed or blocked time periods

Usage Tips

• Set internet times that align with school-age children’s schedules
• Apply different policies for weekdays and weekends
• Recommend setting a unified bedtime restriction period

Notes

• Changes take effect immediately
• Time periods can be adjusted at any time
• Temporary restriction lifts are supported

3 - Cyber Subtlety

3.1 - How to Prevent Personal Information Leaks and "Doxxing" Risks

Beware of Risks from Piecing Together Scattered Information

In the Internet age, personal information exists in fragmented form across various platforms and services. Many people believe that leaking small pieces of information is harmless. However, the online environment is not absolutely secure, and malicious actors can collect and combine these scattered bits to reconstruct a complete personal profile. Even a simple search engine can be used for data gathering.

Take a certain social platform as an example: while users share snippets of their lives, they may inadvertently expose personal details. Some users like to publicly discuss the meaning and usage scenarios of their passwords, which undoubtedly increases the risk of those passwords being cracked.

Social-engineering principles tell us that meaningful strings often appear repeatedly in multiple places. A unique username or an easy-to-remember password is likely reused across different platforms, making it a common vector for information leaks.

Reduce Account Linkage to Protect Your Identity

For ordinary netizens who have no need to build a personal brand, it is recommended to use randomly generated usernames and passwords to minimize the correlation between accounts on different platforms.

Note that merely using different credentials is not enough to eliminate account linkage. If identical or similar content is posted under accounts on different platforms, they can still be identified as belonging to the same person.

Common Types of Sensitive Information

Below are some common types of sensitive information that require extra care:

• Passwords
• Usernames
• Avatars
• Birthdays
• Addresses
• Phone numbers
• Email addresses
• QQ numbers
• WeChat IDs
• Personal websites
• Geolocation data
• Photos

Malicious actors often integrate leaked personal information from various sources using “social-engineering databases.” For instance, if two separate platform leaks contain the same phone number, it is highly probable that both records belong to the same individual.

Even if usernames and photo styles differ across platforms, they can still be linked via these databases to compile a comprehensive personal dossier.

This is not fear-mongering; it is a common application of social-engineering databases. The barrier to using such databases for information gathering and doxxing is low—even minors can master them easily.

Raise Cybersecurity Awareness to Safeguard Your Privacy

While the Internet brings people closer, it can also widen the gap between them. Social platforms provide spaces for communication, yet they can also make users feel more isolated.

In the online world, we long to express ourselves and find resonance, but we must also stay vigilant and protect our privacy.

There is no need to reveal every detail of your life to strangers online. Speak cautiously, act prudently, enjoy solitude, and improve yourself—only then can you navigate the digital realm with ease.

Recommendations:

• Regularly review and update your passwords to ensure they are strong.
• Avoid reusing the same username and password across different platforms.
• Be careful when sharing photos or posts that contain personal information.
• Use tools like NullPrivate to protect your DNS queries and prevent DNS leaks.
• Stay informed about the latest cybersecurity trends to understand emerging threats and countermeasures.

3.2 - Guide to Protecting Personal Online Privacy

Why Protect Online Privacy?

In the digital age, every online action we take can leave traces:

• Browsing history is tracked
• Personal preferences are analyzed
• Location data is collected
• Social relationships are mapped

Basic Protective Measures

1. Browser Configuration

• Use private/incognito mode
• Disable third-party cookies
• Enable “Do Not Track”
• Regularly clear browsing data

2. Search Engine Choices

• Use anonymous search engines (e.g., DuckDuckGo)
• Avoid searching sensitive content while logged in
• Cross-verify with multiple search engines

3. DNS Encryption Protection

• Enable DNS-over-HTTPS
• Use private DNS services
• Avoid default DNS servers

Advanced Protection Strategies

1. Network Access Protection

• Use trusted services
• Enable HTTPS-Only mode
• Avoid public Wi-Fi

2. Ad-Tracking Protection

• Install ad blockers
• Use content filters
• Turn off personalized ad options

3. Social Media Privacy

• Review privacy settings
• Limit sharing of personal information
• Disable location services
• Be cautious with third-party logins

Daily Usage Recommendations

Reduce Your Digital Footprint

• Use temporary email services
• Avoid registering with real names
• Use different passwords on different platforms
• Regularly check authorized applications

Prevent Privacy Leaks

• Use a password manager
• Enable two-factor authentication
• Encrypt important files
• Be careful when installing new apps

Points to Note

• Use privacy-protection tools appropriately
• Comply with local laws and regulations
• Keep software updated promptly
• Cultivate privacy-protection awareness

Complete anonymity is hard to achieve, but the measures above can significantly raise your level of personal privacy protection. Choose the protections that suit you and strike a balance between convenience and security.

3.3 - Adolescent Online Safety Protection Guide

Challenges in the Online Environment for Today’s Adolescents

In the digital age, adolescents face unprecedented online challenges:

• Vast amounts of information of varying quality
• Limited ability to identify online risks
• Susceptible to harmful content
• Lack of self-management awareness

Intelligent Protection Solutions

1. Application Access Management

Features:

• Precisely control accessible applications
• Prevent installation of inappropriate software
• Protect personal information security

2. Time Management System

Functions:

• Set reasonable usage time periods
• Prevent internet addiction
• Foster healthy sleep habits

3. Behavior Monitoring and Guidance

Access Log Analysis

Uses:

• Understand online behavior patterns
• Identify potential risks in a timely manner
• Provide targeted guidance and communication

Intelligent Blocking Settings

Customizable:

• Content rating filtering
• Personalized protection rules
• Dynamic policy adjustment

Parental Guidance Recommendations

Beyond protective measures, good family education is more important:

• Have open conversations with children about internet use
• Cultivate independent thinking and judgment abilities
• Establish a mutual trust communication mechanism
• Gradually relax controls step by step

Technical means are auxiliary tools, while education and guidance are fundamental. Use control tools reasonably while focusing on cultivating adolescents’ online literacy and self-management abilities.

3.4 - Protecting Seniors from Online Scams

Online Risks Faced by Seniors

In today’s society, seniors are confronting increasingly severe cybersecurity threats. The following characteristics make them a high-risk group for online fraud:

• Limited proficiency in smartphone operation
• Lack of awareness and knowledge about online scams
• Limited exposure to cybersecurity information
• Tendency to trust unverified software download links

Technical Protection Solutions

AdGuard Security Protection

AdGuard offers professional malware-blocking capabilities:

This solution provides the following advantages:

• Runs in the cloud, no additional app installation required
• Zero system resource usage
• Simple configuration and difficult to misconfigure
• Continuous automatic protection

Real-World Results

After a year of implementation, we observed significant improvements:

• Substantial reduction in “phone cleanup” requests
• Enhanced daily user experience
• Decreased smartphone-related frustrations

Comprehensive Protection Strategy

While technical measures are important, all-around protection also requires:

• Regular companionship and communication to understand usage difficulties
• Patiently explaining basic cybersecurity knowledge
• Staying vigilant and identifying potential threats promptly

Technology is a tool, but care is the foundation. Regular companionship and patient guidance are the best ways to protect seniors from online risks.

3.5 - How to Deal with Enterprise Network Monitoring

Evolution of Enterprise Network Monitoring

Modern enterprises have transitioned from traditional physical monitoring (such as cameras and on-site patrols) to more sophisticated digital surveillance systems. This shift makes monitoring more covert and cost-effective.

Common Network Monitoring Methods

A core method of enterprise network monitoring is tracking via DNS servers. The specific implementations include:

1. Deploying dedicated DNS servers within the corporate network
2. Enforcing corporate DNS through DHCP services
3. Establishing a mapping between IP addresses and workstation locations

Technical Principles of Monitoring

Even with widespread HTTPS adoption, DNS queries are still transmitted in plaintext. This means:

• All domain-resolution requests are logged
• While the specific content accessed cannot be seen, the visited domain names are known
• Combined with timestamps, this allows analysis of employees’ browsing behavior patterns

Personal Privacy-Protection Solutions

To reasonably protect personal privacy, consider the following options:

• Use your personal mobile network
• Configure a private DNS service
• Employ a secure VPN service

Please note: When implementing any privacy-protection measures, comply with relevant laws, regulations, and corporate policies.

4 - Basic Tutorial

📚 Reading Guide

To make networking knowledge easier to grasp, this tutorial uses plenty of everyday metaphors and analogies. Our goal is for everyone to master networking basics effortlessly, regardless of technical background. While these metaphors may not be perfectly rigorous, they will help you quickly build a foundational understanding of networking concepts.

Introduction to Networking Basics

In this tutorial, we’ll explain networking fundamentals through vivid metaphors and analogies. Our goal is for everyone to master these concepts effortlessly, regardless of technical background. While these metaphors may not be perfectly rigorous, they will help you quickly build a foundational understanding of networking concepts.

Unlike precise technical terms, this section uses plain language so non-technical readers can understand the basics of networking.

We’ll employ many fitting—or sometimes unfitting—metaphors and analogies, aiming to let readers grasp networking concepts quickly.

4.1 - What is DNS

In essence, DNS service is like a Xinhua Dictionary; by consulting the dictionary, we can find the IP address corresponding to a domain name.

DNS Introduction

DNS (Domain Name System) is one of the fundamental infrastructures of the Internet. Like a Xinhua Dictionary, it is responsible for translating human-readable domain names into IP addresses that computers can understand.

How DNS Works

When you enter a URL in your browser:

1. The browser first checks the local cache.
2. If not found, it initiates a query to a DNS server.
3. The DNS server returns the corresponding IP address.
4. The browser uses that IP address to access the target website.

Key Concepts

• Domain Name: A human-readable address for a website, e.g., www.nullprivate.com
• URL (Uniform Resource Locator): The complete web address, including protocol, domain name, and path, e.g., https://www.nullprivate.com
• IP Address: A numerical identifier for network devices, e.g., 1.1.1.1
• DNS Server: A computer that provides domain name resolution services
• Web Hosting: Storing website files on a server so they can be accessed over the Internet

4.2 - NullPrivate Fundamentals

How It Works

NullPrivate safeguards your network security and privacy by intercepting requests at the DNS layer. It acts like an intelligent gatekeeper, screening every domain request:

• ✅ Safe sites: allowed through
• ❌ Ad domains: blocked
• ❌ Trackers: blocked
• ❌ Malicious sites: blocked

Interception Flow Diagram

Key Features

1. DNS-Level Blocking: Intercepts before the request is even made, more efficient
2. No Browser Plugins Needed: Network-layer protection works for every device
3. Minimal Resource Usage: Only handles DNS queries, negligible impact on device performance
4. Covers All Devices: One-time configuration protects every connected device

4.3 - Home Setup

Setting Up NullPrivate at Home

NullPrivate is an enhanced fork of AdGuard Home, purpose-built for superior network-level ad blocking and privacy protection. This tutorial walks you through installing and configuring NullPrivate on your home network.

Project Overview

NullPrivate is an open-source fork of AdGuard Home that offers both SaaS hosting and a rich set of extra features, all aimed at delivering a better DNS resolution and network-filtering experience.

Key Features

Original Features

• Network-wide ad blocking: Block ads and trackers across the entire network
• Custom filtering rules: Add personalized blocklists and allowlists
• Encrypted DNS support: DNS-over-HTTPS, DNS-over-TLS, and DNSCrypt
• Built-in DHCP server: Ready-to-use DHCP functionality
• Per-client settings: Tailor settings for each individual device
• Parental controls: Block adult content and enforce Safe Search
• Cross-platform: Runs on Linux, macOS, Windows, and more
• Privacy-first: No usage analytics or telemetry

NullPrivate Add-ons

• DNS routing rule lists: Route DNS queries using rule lists in a config file
• App-level blocking rules: Target specific application sources
• Dynamic DNS (DDNS): Automatic hostname resolution updates
• Advanced rate limiting: Efficient traffic management and control
• Enhanced deployment: Load balancing, automatic certificate renewal, optimized connectivity

Installation Methods

Method 1: Download the Binary

1. Visit the Releases page and grab the binary for your OS.
2. Create a working directory:

   mkdir -p ./data
   

3. Launch NullPrivate:

   ./NullPrivate -c ./AdGuardHome.yaml -w ./data --web-addr 0.0.0.0:34020 --local-frontend --no-check-update --verbose
   

Method 2: Use Docker

Docker is the easiest and most portable way to deploy:

docker run --rm --name NullPrivate \
  -p 34020:80 \
  -v ./data/container/work:/opt/adguardhome/work \
  -v ./data/container/conf:/opt/adguardhome/conf \
  nullprivate/nullprivate:latest

Supported Platforms

• ✅ Windows
• ✅ macOS
• ✅ Linux
• ✅ Docker
• ✅ Other Unix-like systems

Configuration Guide

Initial Setup

After launch, open the web UI to finish configuration:

• Default admin URL: http://localhost:34020
• Create an admin account on first run
• Optionally import an existing AdGuard Home config

Configuration Files

The main file is AdGuardHome.yaml, which contains:

• DNS server settings
• Filtering rules
• Client definitions
• Security options

Command-Line Flags

Usage Tips

1. Network setup: Point your router’s DNS to the NullPrivate IP
2. Rule updates: Refresh blocklists periodically for best coverage
3. Performance monitoring: Check DNS query stats in the web UI
4. Security hardening: Enable HTTPS and use a strong password
5. Backups: Regularly back up the config file and data directory

Troubleshooting

Common Issues

• Port conflict: Make sure port 34020 is free
• Permission errors: Ensure correct file permissions on Linux
• Startup failure: Verify the config path and working directory exist

Getting Help

• Read the official docs
• Open an issue on GitHub Issues

Wrap-up

You should now have a working NullPrivate instance at home, giving you a cleaner, more private internet experience. NullPrivate’s rich feature set and flexible configuration options make it easy to tailor the service to your exact needs.

5 - FAQs

Thank you for choosing NullPrivate! We are always committed to providing you with the best service:

• Feel free to share your experience and suggestions with us at any time
• We put privacy protection first
• No registration required; we do not collect phone numbers or email addresses
• No marketing interruptions of any kind

Need help?

Contact on WeChat private6688
or Send email service1@nullprivate.com
Please describe your issue in detail, and we will respond as soon as possible.

5.1 - How to Purchase and Use

Purchase and Use

5.2 - Restore DNS Settings on iOS

If you experience false-blocking issues on your iOS device, you can restore the original DNS settings in two ways.

Option 1: Temporarily Disable DNS Encryption

Use this method for a quick test to see if the problem is caused by DNS settings:

1. Open the Settings app
2. Go to General > VPN & Device Management
3. In the Restrictions & Proxy section, locate the DNS option
4. Select Automatic to temporarily revert to the system defaults

Option 2: Completely Remove the Profile

To fully remove the DNS encryption configuration:

1. Open the Settings app
2. Go to General > VPN & Device Management
3. Under Configuration Profiles, find public.adguardprivate.com DoT
4. Tap Remove Profile and confirm

If you decide to stop using NullPrivate permanently, it must be because our service has given you a poor experience; we sincerely apologize for the inconvenience.
The public service uses popular blocklists. Due to limited manpower, we cannot know every app’s missed or false blocks.
If you want to customize rules for your personal needs, consider purchasing a private service. It offers dedicated servers at an extremely competitive price to meet all kinds of requirements.

Configuration Demo

5.3 - How to Handle False Positives

Some services are considered normal and necessary by one group of users, yet viewed as personal-data collection or advertising by another. For example, a few mini-programs inside WeChat and Alipay that mix services with ads may not work properly, and payment redirects—such as those in parking lots or vending machines—may also fail.

If your blocking rules are too strict, these services can be blocked and stop functioning.

Temporarily Disable Protection

If you need an urgent, temporary fix, you can disable protection for a short time. The change usually takes effect within 10 seconds.

Add the Service to the Allowlist

For services you use regularly, add them to the allowlist to prevent future blocks. The change usually takes effect within 10 seconds.

Temporarily Deactivate Settings

Public-service users can resolve the issue by temporarily deactivating the service. The change usually takes effect within 60 seconds.

5.4 - After-Sales Service Guide

Service Features

We adopt a no-registration design to protect user privacy:

• No account registration required
• No personal information collected
• Service credentials provided immediately after payment
• Fully anonymous service experience

Service Content

1. Technical Support

   • Installation and configuration guidance
   • Troubleshooting assistance
   • Feature usage consultation

2. Service Assurance

   • 7×24-hour fault response
   • Service availability guarantee
   • Rule update maintenance

Contact Methods

WeChat Support

• WeChat ID: private6688
• Service hours: Weekdays 9:00–18:00
• Response time: Usually within 2 hours

Email Support

• Email: service1@nullprivate.com
• Subject line: Please include “AdGuard Service”
• Response time: Within 1 business day

Service Credentials

After purchase you will receive:

• Admin dashboard access link
• Exclusive username and password
• Configuration guide document

Privacy Protection

We value user privacy:

• No collection of personal user information
• No marketing emails or SMS sent
• Strict adherence to Privacy Policy

5.5 - Mini Program Cannot Be Accessed

If the blocking rules are too strict, some legitimate services may be blocked, causing them to malfunction.

Temporarily Disable Protection

If you need an urgent, temporary fix, you can resolve the issue by temporarily disabling protection; the change usually takes effect within 10 seconds.

Add the Service to the Allowlist

For services you use regularly, add them to the allowlist to prevent future blocks; the change usually takes effect within 10 seconds.

Temporarily Deactivate Settings

Public service users can resolve the issue by temporarily deactivating the service; the change usually takes effect within 60 seconds.

5.6 - Slow Access to Some Websites

Slow Access to Some Video Sites

If you experience slow access to certain websites while using NullPrivate, it may be due to the following reasons:

ECS Support:

NullPrivate’s free tier does not support ECS (Extended Client Subnet). ECS is a DNS protocol extension that allows DNS servers to provide more accurate responses based on the client’s network location. Many CDNs (Content Delivery Networks) use ECS to direct users to the nearest server, thereby improving speed. The free servers are located in Shanghai and Hangzhou.

Impact:

• Slower Speeds: Without ECS, NullPrivate may be unable to direct you to the optimal CDN server, resulting in slower speeds.
• Inaccurate Geolocation: You may be routed to a server far from your actual location, increasing latency.

Solutions:

• Upgrade to Paid Plan: NullPrivate’s paid plans support ECS, which can resolve this issue and improve speed.
• Use Another DNS Server: You can try another DNS server that supports ECS.