What I’m doing is using WireGuard over public WiFi and mobile (LTE) to connect to my home router and use that as DNS. The DNS (dnsmasq) uses blacklists to filter ads, so I don’t see any ads in any apps. It then forwards to unbound which uses DNS over TLS (its slightly slower because of this setup, but doable). This solution doesn’t require root on clients though WireGuard runs better as root. Furthermore, all outbound traffic on my router with destination port 53 (TCP and UDP) is redirected to dnsmasq. So it catches 126.96.36.199 and 188.8.131.52 and anything else unencrypted.
can you explain how do you block ads via DNS?
I’m using openWRT with adblock (with custom lists), but the majority of ads are not blocked since the block is not possible at DNS level.
Remember that 184.108.40.206 and 220.127.116.11 are google DNS. It is much better to use OpenNIC via DNScrypt (18.104.22.168 and 22.214.171.124 or via DNScrypt 126.96.36.199 and 188.8.131.52) or, if you like DNS over TLS, cleanbrowsingDNS (184.108.40.206 and 220.127.116.11) or cloudflare (18.104.22.168 and 22.214.171.124) that are more privacy focused that google .
Why is the block not possible at DNS level?
These are the rules I use:
DNAT tcp -- 0.0.0.0/0 !192.168.0.1 tcp dpt:53 to:192.168.0.2:53 DNAT udp -- 0.0.0.0/0 !192.168.0.1 udp dpt:53 to:192.168.0.2:53 DNAT tcp -- 0.0.0.0/0 !192.168.30.1 tcp dpt:53 to:192.168.0.2:53 DNAT udp -- 0.0.0.0/0 !192.168.30.1 udp dpt:53 to:192.168.0.2:53 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 to:192.168.0.1:53 DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 to:192.168.0.1:53
All loose DNS traffic is being forwarded through 192.168.0.1 (my gateway internal LAN address). Except when it is going to 192.168.0.2 (my main server). That’s for failover. The 192.168.30.1 rules are for VPN. The DHCP server also already gives the correct DNS information; the above is just for stuff which (for whatever reason) still wants to use something else.
OpenDNS = Cisco. I use Quad9, but that’s owned by IBM. I don’t assume any of these companies are not data hungry (including Cloudflare) but I will agree with you that Google seems to be one of the worst offenders.
Just supporting your thought of avoiding Google!.. I’ll keep digging on how to uninstall Google from my FP2 - as it feels like malware to me - once I found out Google was automatically copying my photos up to some Cloud somewhere - and I could only access them when I had wi-fi… Maybe a clean re-install? (I’m over 60 - and think mobiles are for making telephone calls - and I’m only just working out the basics of them also taking photos… and there’s a list of other things I don’t understand, but that seem to have “icons” - but why would anyone under 30 care? )
@Stuparod I don’t think it’s a very good idea to reply to a 4 year old post by a user who hasn’t been active for 3 years.
Have you heard of Open OS yet? It’s a Google free OS officially provided by Fairphone.
Here is a guide on how to install it:
PS: I also moved this to the corresponding topic for the FP2.
3 posts were split to a new topic: Can’t find the option to link FP2 to PC via USB (and other issues)
Recently installed Fairphone OpenOS, and much as I would like to only use open source apps, there’s a few that I can’t go without, such as WhatsApp and my banking apps. I have a vague idea of how much Google collects your data and would like to avoid that happening as much as possible.
Would downloading the Google Play Store allow this to happen? Are there ways of getting round this?
PS Here’s a photo of a concise Private Eye article (paragraph?) on the subject.
Yes, very much so.
Yes and no, there are websites and apps that let you download free (as in free beer) apps from the Play store that don’t send that much data - but still some - to G%§$e.
One example is the Yalp store.
You might also be interested in forum topics found under #livingwogoogle.
You can download Whatsapp directly from their website: https://www.whatsapp.com/android/ Do realize though, that they are owned by Facebook and I’m not sure what’s the bigger evil - Google or Facebook.
Yeah I know, it’s just one of those things that I (almost) have to use just because everyone else does. I would have essentially no way of communicating with my friends without it, since a lot of them don’t even text or call anymore.
Thanks for the links, very helpful!
I recently took the approach that anyone who can’t talk to me personally or on a phone line, use an e-mail account or use text message isn’t really my friend.
Seriously, I dropped Facebook and etc. (use mostly Telegram now) and my life (after I made the mistake of opening a Facebook account many years ago) has never been better!
It’s important to be able to recognize the signs of dependency and addiction when they are in front of our nose.
I don’t want to insult you, but by thinking this and acting accordingly you make the situation worse. I am 21 years old, and as you probably already guessed it, I am one of only two people I know who don’t use WhatsApp, even my grandma does (the other one is @paulakreuzer).
While this can sometimes lead to discussions (which I am very willing to hold), over the past few years I could get many people to download Signal to text with me, and for the others I just use SMS.
Please don’t. Telegram is much more insecure than they present themselves, their chats aren’t end-to-end-encrypted by default and no one uses “secret chats”, you can’t encrypt group chats, their encryption protocol isn’t open source and can’t be verified and they collect metadata like crazy.
Why you should stop using Telegram right now
Crypto Fails - Telegram’s cryptanalysis contest
You are right about Telegram, I tried a few other P2P apps but for some reason they didn’t work with my Open OS setup, will need to debug the system again some day.
What about Signal?
(You can install it thorugh signal.org/android/apk if you don’t have Yalp Store.)
Do you recommend it? Is it really safe?
And what about the impact on battery? One of the reasons for using Telegram is because one version uses GCM. Although I hate GCM, I need it for some public service apps. Telegram without GCM kept my phone from sleeping, battery consumption increased substantially.
Signal has its own problems regarding the ethics of free software and privacy. You can read this article for further details: why I won’t recommend Signal anymore.
I’ve used Signal for several months on FP Open OS before switching to XMPP with the Conversations app. To be honest, Signal is quite performant, the battery usage is okay (no GCM) and from the crypto point of view, it looks like to be good (I’m far from being a specialist but the EFF included it in its Surveillance Self-Defense guide, so it’s good enough credentials for me).
In the end, it depends on your need and your sensibility to software freedom
I recently tried to install Skred Messenger (P2P), but it crashes when launched.
Especially the part at the end is funny:
Even then, lack of encryption is not reason enough to stop using it altogether. If it was, I look forward to your article calling out everyone to stop using Email altogether.