VPN vs DNS over HTTPS: Which Is Better for Privacy?

What DNS over HTTPS protects

DNS over HTTPS (DoH) encrypts only the DNS lookup — the request to translate a domain name into an IP address. Without DoH, DNS lookups are plaintext and visible to your ISP, your network administrator, and anyone on the same Wi-Fi. With DoH: the lookup is encrypted, preventing interception. What it does not protect: the actual connection to the website's IP address, which your ISP still sees.

What a VPN protects

A VPN encrypts all traffic from your device — DNS lookups, the connections themselves, and the data in transit. Your ISP sees only a connection to the VPN server, not where you are going or what you are doing. A VPN also masks your real IP address from the sites you visit. The tradeoff: latency increases (typically 10–30 ms), and you must trust the VPN provider with your traffic.

When to use DNS over HTTPS

DoH is the right choice when: you want to prevent ISP DNS logging without the performance overhead of a VPN, you are on a corporate or school network that blocks VPNs, or you want to reduce the number of entities that can track your DNS queries. Enable it in your browser (Chrome: Settings > Security > Use secure DNS) or router for network-wide coverage.

When to use a VPN

A VPN is the right choice when: you are on public Wi-Fi (airport, hotel, cafe) where traffic could be intercepted, you want to hide all connection destinations from your ISP, you need to appear to be in a different geographic location, or you are on a network with active surveillance. Recommended audited no-logs VPNs: Mullvad, ProtonVPN, IVPN.

Limitations of both

Neither DoH nor VPN prevents tracking by the websites you visit. Cookies, fingerprinting, and logged-in accounts track you regardless of DNS or VPN status. For comprehensive privacy, combine: DoH (or VPN) + a privacy-respecting browser (Firefox, Brave) + tracker blocking (uBlock Origin) + no Google account while browsing privately.

Which should you use?

For most home users: enable DNS over HTTPS as a baseline — it is free, built into modern browsers and routers, and requires no ongoing subscription. Add a VPN for public Wi-Fi sessions and situations where you want full traffic privacy. Using a trustworthy VPN 24/7 at home is reasonable if you have a high-speed connection and the latency overhead is acceptable.

Frequently Asked Questions

Does a VPN slow down internet speed?

Yes — typically 5–20% speed reduction on a fast connection due to encryption overhead and routing through an additional server. Premium VPNs (Mullvad, ExpressVPN) with modern protocols (WireGuard) have minimal overhead. On gigabit connections, the absolute speed loss is negligible for most uses.

Can my ISP tell I am using a VPN?

Your ISP can see you are connecting to a VPN server IP and using VPN protocols. They cannot see what you are doing through the VPN. Some countries require ISPs to block known VPN IPs — VPNs offer obfuscation protocols to work around this.

Does DNS over HTTPS work on all devices?

DoH is supported natively in Chrome, Firefox, Edge, and Safari on major platforms. At the OS level, Windows 11 and Android 9+ support it. For network-wide coverage, enable DoH on your router if it supports it — or run a local DoH resolver like AdGuard Home or Pi-hole.