Proton's blog posts [1] [2] don't state details on the filter lists being used, only that it's a "massive database of sites known to host malware, spyware, or any other malicious software."
But it looks like they mentioned on Reddit [3], "We have both public and proprietary lists that we maintain." 😕
[1] https://protonvpn.com/blog/netshield-ad-blocker/
[2] https://protonvpn.com/support/netshield/
[3] https://teddit.net/r/ProtonVPN/comments/kwb7pf/what_is_the_sources_of_dns_filtering_for/gj7ocwo/#c
Probably wasn't clear in my last toot..I'd hoped the filter lists Proton uses for this paid NetShield feature to be open source and shareable so that 1) users running say Pi-hole, AdGuardHome, or even uBlock Origin could benefit from that protection and 2) that security researchers could validate Proton's claims and even contribute to that list to help everyone out.
But alas, Proton needs to sell subscriptions.
Would be insightful for someone to conduct tests against bad sites [1] across security-focused DNS resolvers from Proton, Quad9, CleanBrowsing, Cloudflare, and CIRA Canadian Shield to see which comes out on top. Per site testing against some resolvers can also be conveniently done via https://dnsblacklist.org by CleanBrowsing.
[1] https://github.com/nextdns/metadata/blob/master/security/threat-intelligence-feeds.json