Database Info

[APP][2.3.3+][PROXY][NO ROOT] Orxy -- Android Tor Proxy

Lots of people are having trouble getting Orbot working on newer devices. To solve this I made Orxy: a compatible alternative free anonymous Tor proxy.
Orxy is an Orbot alternative that supports devices running the latest Android. Orxy protects network traffic using The Onion Router (Tor) network. Tor encrypts the data and sends it through random points across the world to hide where the connection started. For example, while using Orxy, a website you visit might think you're looking at it from another country. Use it the same way as Orbot: configure your apps to use the local proxy server settings. Instruction details on the play store page.
It has optional add-ons to get full Tor proxying without root, and to hide the Tor traffic in another a layer of encryption. Neither are required to use the app.
If Orbot is not working, I hope it helps get people their Tor back.
Available on Google Play
Legalese: It is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else. Do not use without knowing the inherent risks and limitations of Tor. Use at your own risk.

Thanks....
It's Cool

Glad you like it, thanks for the support.

Promo for XDA readers:
https://rideem.io/from/orxify/for/xda gives out a code per day to get the orxify add-on free.

[GUIDE][COLLECTION] All About Ad-Blocking

Introduction
Welcome to the thread which is dedicated to the numerous ways of how to block advertisements on your Android device. This guide will show you different ways how users can enjoy an ad-free Android experience, both for unrooted as well as rooted users. In general, this thread will give you an overview about apps, whose purpose is to block ads within apps and even web browsers.
Searching for keywords like "ad blocking" on XDA will result in many different threads with numerous aspects. But I found the lack of a centralized collection quite annoying, so I decided to start this thread to provide users with the latest possibilities to effectively block advertisements on their Android device. There is no way I am going to say that this is the "Ultimative Ad-Blocking Thread", as this is (and maybe always will be) rather an evolving than a finished topic. As each user has its own personal preferences, this is not a mandatory setup, but a guide for users which are new to the subject as well as for users, that have experience but nevertheless want to learn about other possibilities.
Basics
So let's start with some basics. There are different ways how to block ads. The most popular one is the use of so-called hosts files. Basically, this is a local file, containing a list of web addresses, which can’t be connected to from your device, so that all content (for example ads, banners, 3rd party Cookies, 3rd party page counters, web bugs and even most hijackers) from those addresses will be blocked. This way no advertisement content originating from those addresses will be shown. For more information about host files, visit Blocking unwanted connections with a hosts file.
Important: if you use a browser with data compression feature (like Chrome or Opera for example), you have to turn off this feature within the browser, otherwise the ad-blocking by using the host file will not be reliable any more. This issue arises from the fact that all data traffic is redirected over a compression server, which will result in the fact that all data – content and ads – are coming from those servers instead of the original ones, whose names are included in the host files.
So much text! Where are the apps?
Here they are. I have set up four categories for you:
Root required (check post #2) – apps that require a rooted device
No root required (check post #3) – apps that don’t require a rooted device
private DNS (check post #4) – utilizing Androids private DNS function
Browsers with ad-blocking methods (check post #5) – ad-blocking web browsers
Please note:
I have just started to fill this thread with information. If you are interested, but not satisfied with the provided information, please consider re-visiting this thread after some days and check the change log.
Disclaimer:
I am not responsible for bricked/broken devices due to modifications you decided to apply on your device. Furthermore, none of the linked apps in this thread are my own work, so I am not able to include more features or fix bugs. If you feel the need to ask for features, please visit the corresponding app’s thread or web page.
Credits:
delta_foxtrot2 - for AdFree
mrRobinson/PerfectSlayer - for AdAway
Team AdGuard - for AdGuard
M66B - for NetGuard
BSDgeek_Jake - for MoaAB - Mother of all Ad-Blocking
Mozilla - for Firefox Browser
arnaud42 - for Kiwi Browser

Root required
AdFree for Android (XDA thread)
AdFree is a simple app for Android operating system that modifies the system hosts file to redirect known advertising and tracking hostnames to local host.
The current version (v0.9.9) ships with mongoose, a small webserver, and a copy of tcpdump, so you can log DNS requests, this allows you to discover new hostnames not currently blocked.
The web interface at http://adfree.odiousapps.com/index.php allows you to configure white and black lists from your desktop manually (requires a free account at AdFree).
It will block all ads within apps and web browsers. If you have issues, you have to open AdFree and enable "local web server" as well as "start TCPdump". This way you can track connections which have been blocked by checking the AdFree log file (AdFree -> Settings -> show TCP host names) and add them to your personal whitelist manually via web interface (link is given above).
Works for mobile connection as well as for WiFi connection.
required Android version: 2.1+
advantages: blocks all type of ads
disadvantages: setup of a personal whitelist/blacklist is not possible via the app itself
AdAway (XDA thread)
AdAway is an open source ad blocker for Android using the hosts file. AdAway lets you select your own sources of hosts files. In addition, you can add exceptions to your whitelist from within the AdAway app if an app is not working when specific hosts are blocked or define extra hostnames in your own Blacklist.
One big issue: AdAway will not work reliable when on mobile networks like 3G. You can deactivate that proxy by going to your selected APN (on Android 4: Wireless and networks -> More… -> Mobile Networks -> Access Point Names) and remove the value in the proxy field.
required Android version: 2.1+
advantages: properly blocks ads based on hosts file
disadvantages: does not work reliable on mobile networks with default settings
MoaAB - Mother of all Ad-Blocking (XDA thread)
Mother of all Ad-Blocking (MoaAB) is an ad blocker for Android which utilizes the hosts file. Simply flash it through recovery and most apps are blocked. However, this method requires a custom recovery to be installed on your device (and each update has to be flashed again through recovery). Furthermore, MoaAB requires a device with a minimum RAM of 2GB (MoaAB uses up to 40MB of RAM while you use your device) as well as a CPU with at least 1.6GHz to run smoothly. On devices that do not fulfill this minimum requirements, it may work but it will make your device slow and laggy.
required Android version: 4.2+ (Note: 5.0.x is not supported (memory leak)! Check the MoaAB XDA thread for more information.)
advantages: properly blocks most ads based on hosts file
disadvantages: a custom recovery (CWM, TWRP) is required to flash MoaAB (as well as each update); causes performance issues on older devices

No root required
Adguard - No Root Ad Blocker (XDA thread)
Adguard is a tool designed to make web surfing of Android users more comfortable and safe, and one of the best parts: no root is required. Adguard establishes a local VPN connection to connect to the internet, by which all advertising content is blocked. In addition, Adguard sets up a firewall to control in- and outgoing traffic.
There is a free trial version available as well as a pro version. The free trial version blocks ads in browsers, whereas the pro version (which you have to purchase after trial period in order to get Adguard working again) blocks ads systemwide (browsers + apps).
required Android version: 4.0.3+
advantages: blocks ads in apps as well as some browsers
disadvantages: requires a VPN to constantly run in the background -> burden on the system; you also need to trust the provider of the VPN
AdAway (XDA thread)
AdAway is an open source ad blocker for Android using the hosts file. AdAway lets you select your own sources of hosts files. In addition, you can add exceptions to your whitelist from within the AdAway app if an app is not working when specific hosts are blocked or define extra hostnames in your own Blacklist.
One big issue: AdAway will not work reliable when on mobile networks like 3G. You can deactivate that proxy by going to your selected APN (on Android 4: Wireless and networks -> More… -> Mobile Networks -> Access Point Names) and remove the value in the proxy field.
required Android version: 2.1+
advantages: blocks ads in apps as well as browsers; open-source
disadvantages: main purpose is achieved by setting up a local VPN (so you can't use another VPN in parallel), does not work reliable on mobile networks with default settings
NetGuard - No-root firewall (XDA thread)
NetGuard is a new open-source application, developed by XDA Recognized Developer M66B, which you might know for his famous XPrivacy modul for Xposed. NetGuard is a lightweight and easy to handle firewall, and one of the best parts: no root is required. NetGuard establishes a local VPN connection to connect to the internet, by which the user can define which applications should be allowed to access the internet. In addition, NetGuard can be used to download host files to block ads (GitHub version only, don't use the one from Play Store).
required Android version: 4.0+
advantages: blocks ads in apps as well as browsers; open-source
disadvantages: main purpose is achieved by setting up a local VPN - network traffic becomes somewhat slower (should not be noticeable during daily usage); you can't use another VPN in parallel
personalHTTPproxy (XDA thread)
personalHTTPproxy is an Android app that can filter all your HTTP (and of course HTTPS) traffic to block ads - no root needed. The app is open source software and is free of charge. It loads one or more hosts filter to block ads, thus all HTTP(S) protocol traffic will be filtered. This is very efficient when ads use the HTTP(S) protocol, but embedded ads mostly use other methods such as AdMob or AdSense, so they can not be blocked by personalHTTPproxy.
required Android version: 2.3+
advantages: blocks ads that use the HTTP(S) protocol
disadvantages: does not block ads that use other methods than the HTTP(S) protocol

Androids "private DNS" option
Since Android 9, Google added the option to set your own private DNS. This option can be found by following the below listed path.
Settings - Network - Advanced - Private DNS
(Please note: this path is valid for AOSP based ROMs and it might vary for other custom ROMs or OEM ROMs. Please use your preferred search engine to get more information about where to find this option on your ROM)
Using a custom DNS server has a lot of advantages. You can circumvent so-called DNS-based blocking, which will see an increased usage in the future in some countries, based on their corresponding laws which will force telecommunication providers to block specific webpages based on the providers DNS server. In addition, some independent DNS providers have their own blacklist, which include well-known ad sources. So by setting up your own private DNS source within Androids settings, you can block ads (and also malware) systemwide! Wow, that's pretty cool, eh? And you know what? YOU DON'T NEED ROOT OR A VPN RUNNING ALL THE TIME
But how does it work? Well, that's quite easy. Network adresses, which are on the DNS blacklist of the provider, can't be reached at all, similar to what blocking by utilization a hosts file does. If you need further infomation, please check this link for example.
There are numerous DNS servers out there which offer ad blocking, for example AdGuard, Dismail or DNSforge. If you are interested in one, please do your reserach and chose one.
required Android version: 9+
advantages: systemwide blocking ads/malware on DNS-base; no additional app or even root is required
disadvantages: no possibility to define your own personal block list (but this shouldn't really be an issue)

Browsers with ad-blocking methods
Lightning Browser (XDA thread)
Lightning Browser is an open-source lightweight Android web browser dedicated to delivering a high-quality experience. It does block all apps within the app itself, but you need to purchase the pro version for this. Nevertheless, this one does not require root, so if you are worried about your device's warranty but want an ad-free experience while surfing the web, give Lightning a try.
required Android version: 4.0+
advantages: does not require root; open-source based web browser
disadvantages: requires paid pro version to blocks ads within the browser itself; no ad-blocking in other apps; last update in late 2019 (as of April 2021)
Firefox Browser (Play Store link)
Firefox Browser is an open source web browser which most people know as a web browser for PC's. But the version for Android does not lack any important functionality, it even offers the possibility to install plugins, most important the uBlock Origin plugin. This plugin offers a large variety of adblocking possibilities (and also malware blocking) as it is able to utilize custom hosts files. If you simply want a easy-to-use ad blocker, just install the plugin and enable the ad blocking in its settings and you are done - ads are blocked and you can enjoy your web browsing.
required Android version: 4.0.3+
advantages: does not require root; possibility to use customized hosts file; blocking of malware
disadvantages: no ad-blocking in other apps
Kiwi Browser (XDA thread)
Kiwi Browser is an open source web browser based on Chrome. Beside the possibility to block ads natively, it even offers the possibility to install plugins, most important the uBlock Origin plugin. This plugin offers a large variety of adblocking possibilities (and also malware blocking) as it is able to utilize custom hosts files. If you simply want a easy-to-use ad blocker, just install the plugin and enable the ad blocking in its settings and you are done - ads are blocked and you can enjoy your web browsing.
required Android version: 4.1+
advantages: does not require root; possibility to use customized hosts file; blocking of malware
disadvantages: no ad-blocking in other apps

Changelog
2021-04-09
removed Xposed modules section and replaced it with "private DNS" section
removed some outdated browsers
added Kiwi Browser
added AdAway (VPN-based) to non-root section
older changelog:
2016-09-02
removed AdBlocker from the list of Xposed modules, as it has been banned on XDA (warez app)
added Atlas Web Browser to the list of ad-blocking browsers
added Firefox Browser to the list of ad-blocking browsers
2016-06-24
added Slimperience Browser to list of ad-blocking browsers
2016-05-17
added Opera Mini to list of ad-blocking browsers
2016-04-04
removed Adblock Plus for Android from list of methods which don't require root
removed Adblock Browser for Android from list of ad-blocking browsers
added AdClear to list of methods which don't require root
added personalHTTPproxy to list of methods which don't require root
updated Cornowser's description
2016-03-23
added AdBlocker to list of methods which require root
2016-03-09
added NetGuard to list of methods which don't require root
added Cornowser to list of ad-blocking browsers
2015-12-21
added AdBlocker to list of ad-blocking Xposed modules
2015-11-23
added Naked Browser to list of ad-blocking browsers
2015-10-22
added Adguard - No Root Ad Blocker to list of methods which don't require root
2015-10-14
added MoaAB to list of methods which require root
2015-10-07
added UC Browser to list of ad-blocking browsers
2015-10-06
added list of ad-blocking browsers
2015-10-05
opening of this thread

Great work buddy!Subscribed
Tapped from my ❶+❷

Updated the thread, especially the section for ad-blocking browsers.

Thread updated (check changelog for more information).

Thread updated (check changelog).

This is a really well made guide. Thank you OP:
Suggestion, possible to add the wonderful "naked browser"?

kongha said:
This is a really well made guide. Thank you OP:
Suggestion, possible to add the wonderful "naked browser"?
Click to expand...
Click to collapse
Thank you for the suggestion. Will add it when I return from vacation.

Thread updated (check changelog).

orville87 said:
No root required
Adblock Plus for Android (Adblock Plus for Android web page)
Adblock Plus for Android is designed to work on all devices, no root is required. Adblock Plus establishes a VPN connection to connect to the internet, by which all advertising content is blocked.
Download the .apk file from the above linked official web page and install it (make sure Unknown Sources for installation are enabled). Open Adblock Plus and activate filtering. This way it will all advertisements while using WiFi connection. To use it with mobile network, one has to add a proxy to your APN manually.
Go to System Settings -> Network Connections -> More networks -> Mobile Networks -> Access Point Names. Copy all settings from your default APN, add a new proxy and paste all settings from your default APN. Now add the following entries:
Proxy: localhost
Port: 2020
Now activate the newly created proxy and Adblock Plus should work on mobile network, too.
Click to expand...
Click to collapse
Can you write a step by step guide for Adblock Plus settings for mobile data network? Thanks!

KT3 said:
Can you write a step by step guide for Adblock Plus settings for mobile data network? Thanks!
Click to expand...
Click to collapse
Well, it should be quite easy:
Go to System Settings -> Network Connections -> More networks -> Mobile Networks -> Access Point Names. Copy all settings from your default APN, add a new proxy and paste all settings from your default APN (if you don't know how to copy the settings from your default APN, just procede with the next step by entering the proxy and port info to your current APN). Now add the following entries:
Proxy: localhost
Port: 2020
Open the three dot menu on top right and save the configuration. You can always revert back to your default APN settings by clicking on "reset settings".
I have never done this by myself, as I have a rooted device and use AdFree or AdAway, so please be aware that I do not take any responsibility for what you do. If you are unsure, check the official AdBlock Plus for Android web page, where you can find a configuration manual. Another thread for mobile network settings you can find here on XDA.

might be a silly question..
so i am confused, if i am using adfree or adaway will i see ads on my chrome or other browsers?

reddead66 said:
might be a silly question..
so i am confused, if i am using adfree or adaway will i see ads on my chrome or other browsers?
Click to expand...
Click to collapse
As was said in the description of AdAway and AdFree, both apps modify the host file of your device. All access to the web pages on this host list will be blocked, both in apps as well as in internet browsers. So basically you should have an ad-free Chrome browser. I would recommend to install one of the apps and check it for yourself if you have a rooted device.

reddead66 said:
might be a silly question..
so i am confused, if i am using adfree or adaway will i see ads on my chrome or other browsers?
Click to expand...
Click to collapse
orville87 said:
As was said in the description of AdAway and AdFree, both apps modify the host file of your device. All access to the web pages on this host list will be blocked, both in apps as well as in internet browsers. So basically you should have an ad-free Chrome browser. I would recommend to install one of the apps and check it for yourself if you have a rooted device.
Click to expand...
Click to collapse
If you are using the data saver feature in Chrome or Opera you will still see ads when using a hosts file. Data Saver has to be disabled for a hosts file to work 'properly.' With Chrome's data saver enabled all of the data (including ads) for the website you are viewing is coming from Google's compression servers. Opera uses their own servers, same principle.

wantabe said:
If you are using the data saver feature in Chrome or Opera you will still see ads when using a hosts file. Data Saver has to be disabled for a hosts file to work 'properly.' With Chrome's data saver enabled all of the data (including ads) for the website you are viewing is coming from Google's compression servers. Opera uses their own servers, same principle.
Click to expand...
Click to collapse
Thanks for reminding me about this issue. When reading the thread again, I got the feeling that I missed something and you just gave me the answer :good:

orville87 said:
Thanks for reminding me about this issue. When reading the thread again, I got the feeling that I missed something and you just gave me the answer :good:
Click to expand...
Click to collapse
You're welcome! I've always used a hosts file on mobile and desktop, been working on it for years. It looks like some ads are blocked, some aren't and I see image placeholders when trying to use a hosts file with the data saver enabled. Without data saving enabled I never see image placeholders and rarely ever see an ad in Chrome or Opera.

[DEV] keweon - AdBlocker (RC1 Edition) [Project disruption]

Beginning with 2016 we will not longer support the coexistence with EYEO's AdBlocker.
This tool is an advertising gateway and they will pass more and more advertising.​
keweonDNS
THE FIRST ADBLOCKER WORLDWIDE
WHICH RUNS ON
EVERY OPERATION SYSTEM
EVERY BROWSER
EVERY SYSTEM
without any Software Installation
Tested & working on:
WinXP to Win10 - Windows Mobile - Linux - UNIX - Android - iPhone - iPad - MacOS - BeOS - BLACKBERRY - JavaOS - XBOX - PLAYSTATION - APPLE WATCH - WebOS - Microsoft EDGE - RASBERRY - NAS DEVICES - SmartTV's​
​
Click to expand...
Click to collapse
​I'm proud to present a brand new ad-block and security solution. I hope to find some supporter here to check, test and optimize the system.
The name of this system is keweon which is a short form from the German words "keine werbung online". Translated to English this would be "no advertising online"
Unfortunately every online presence is within German language because my English is not longer the best.
The idea and very first solution was born in year 2003. In the year 2013 I decided to launch the system as an online based system and we have tested this system almost on every device. AdBlocking is just only one of the many features but at the moment it's only important if the black and white lists are usable and what to change.
keweon is also the only adblock solution world wide which is not possible to block. If you find a web page where you receive the message "Blocked because you are using an adblocker" let me know this link here or post it on our facebook page and we will change this.
Now it's up to you to decide what you want to think about it.
How can you use it?
The big advantage is that you don't need to install any software. Just point your device to the keweonDNS Server and - that's it!
You can use it on your device or on your SOHO Router or you can use it just on your PC to test and see how does it work.
It's working on EVERY operation system, on EVERY device. Even on IPhone, PlayStation, XBOX and if you want it will even run on the Apple Watch.
Here are the keweonDNS Server list and where they are located:
DNS Server IPv4
GERMANY 01 (*) 46.101.208.121
GERMANY 02 (**) 46.101.187.194
UNITED KINGDOM 01 (*) 178.62.117.240
USA - Dallas (TX) (**) 45.32.198.153
DNS Server IPv6
GERMANY 01 (*) 2a03:b0c0:3:d0::3c:7001
GERMANY 02 (**) 2a03:b0c0:3:d0::b0:8001
UNITED KINGDOM 01 (*) 2a03:b0c0:1:d0::28:8001
USA - Dallas (TX) (**) 2001:19f0:6400:8945:5400:00ff:fe17:5dba
(*) = only available for Germany, Austria, Switzerland and Liechtenstein
(**) = global available
Our DNS Server are not pointing to Google server at the other end. We want to have a clean DNS solution. The DNS servers points to root-server.net infrastructure only.
This might cause some troubles e.g. with MarkMonitor URL's and Domains. I don't care because this company is anyway block at 99,999% via keweonDNS
HTTPS Advertising - no more chance
This is also a big advantage that keweon is able to cover also this crap. We know the current solution is not the best but it is the cheapest.
If you want get rid of the HTTPS advertising error message than you need to install the keweon Adblock Root Certificate on your Computer or on your device.
I know that there are better solutions but the problem is that keweon is currently just a hobby and to buy a public certificate and spending 800 Euro just for fun would be a big financial pain.
You don't need the certificate to use the keweon Adblock but if you want to get rid of the https nags you need to use is.
Browser example without keweon Root Certificate:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Browser example with keweon Root Certificate:
If you want to see what is inside this certificate than browse to the keweon HTTPS Sniper Server and take a look inside the SSL Certificate. You can see what URL's we will take over for ad-blocking reason.
How does keweonDNS work?
It's not a big secret because EVERYTHING is working on 100% pure native DNS technologies. The only thing you need is a FreeBSD Server, a LINUX Server and - YES, it is REQUIRED - a Windows Server. You need to build your own operation system based on UNIX and some special kernel things.
That's all!
I also have had a contact to a big AdBlock Company and the CEO still think this solution is a Proxy solution. I don't want to make a big discussion but keweon is running on 100% native DNS.
The only exception for this is currently YouTube. We have unlocked YouTube that you will not longer get stupid messages "Is blocked because...".
In non other country of the world are more Videos blocked than in Germany. Don't ask for the secret of the YouTube solution. It's working and we will not send the traffic over the keweon systems. That's the reason why we can offer this solution to nearly half a million users.
Check this and see:
https://apps.opendatacity.de/gema-vs-youtube/en/
Currently we have the problem that YouTube unblocker will not run 100% on iOS devices. If you want to see EVERY Video you need to uninstall the YouTube App from your device and watch the videos within the browser.
Therefore I would need additional help to sort out where the hell this app will take the GEO location information's. At the moment it seems it will use the iOS API for this but my knowledge about the iOS API is very limited.
Here are the important links:
On Facebook: https://www.facebook.com/keweonNetwork
On Twitter: https://www.twitter.com/keweonNetwork
Because of legal reason the web site is still offline. One little error on the page could cost a lot of money in Germany.
The Web: http://www.keweon.de
The keweon Root Certificate.
Keep in mind it is not required to use the certificate. If you want to get rid of the HTTPS error messages u can use it but for the basic Ad-blocking it is NOT REQUIRED.
Here is the list of the current entries within our certificate. You can double check this within our HTTPS sniper server: https://adblock.keweon.center
http://forum.keweon.de/viewtopic.php?f=9&t=8
For Windows Systeme (MSI File)
The certificate is working for IE, Edge and Chrome Browser.
http://pki.keweon.center/certs/keweonAdBlockCertificate.msi
MSI within a ZIP file:
http://pki.keweon.center/certs/keweonAdBlockCertificate-MSI.zip
For Android and iOS devices, also for Firefox and Mozilla Browser:
http://pki.keweon.center/certs/keweonAdBlockCertificate.crt
CRT within a ZIP file:
http://pki.keweon.center/certs/keweonAdBlockCertificate-CRT.zip
For Admins to use it within Active Directory as REG file:
http://pki.keweon.center/certs/keweonAdblockCertificate.reg
REG within a ZIP file:
http://pki.keweon.center/certs/keweonAdblockCertificate-REG.zip
If you want to have a "AllInOne Package" use this link please:
http://pki.keweon.center/certs/keweonAdblockCertificate.zip
What will this cost?
It will cost nothing. You can use it where ever you want to use it.
Why it's free?
Because we can do it.
We are unknown.
We don't know what you think about this solution.
That's the reason why this will be free of charge. But keep in mind that this system is only a demo system because we don't have the money to do what we want to do.
The only thing what we expect:
Like, Share and Promote us here by XDA (hit the Thanks Button), on Facebook and Twitter. That's all we want to have from you.
And now?
Now it's your turn.
Read it, use it and decide if you want to have the Internet in a newer Version. Take a look and see.
Hope you enjoy it!

How you can support keweon?
If you have found an address which is blocked that needs to be unblocked or if you have found additional critical address then just send this via email.
At the moment we need to cross check everything manually but we hope that we can automated this process within a few weeks. For this it is important how you send the email. Let's give a short example.
BLACKLIST EXAMPLE:
You have found the URL www.ads-terror.com. But this address is a Popup from the site www.cool-site.com
Now create a text file as like as a hosts file and add the bad URL. Use the Hash sign (#) to seperate the comment. As comment you should use the source URL where you have found the Popup.
www.ads-terror.com # www.cool-site.com
If you have found a malware site or address or something like the "Flashplayer Update" which is in real a malware or spyware trash than comment this with what it is. Just one or two words that we know what it is. You can also combine this or write a few more words. It's up to you.
www.ads-terror.com # fake flashplayer
WHITELIST EXAMPLE:
We know that 7 million entries will not be 100% safe and clean. So don't worry, if you find an address which is blocked which should be not blocked than let's whitelist this.
Also write this into a TXT File and comment this with some self spelling infos that we know why.
bit.ly # Twitter URL shortener
That's all. Please don't send any screenshot or PDF or anything else than a TXT file. Keep in mind that we only will work with the attachments. It does not make sence to send the information within the email body. Whatever you write in the mail this will be ignored because this is an half automated process.
Where to send?
It's easy.
If you have an request and attachment for white listing send this to:
[email protected]
If you have an request and attachment for black listing send this to:
[email protected]
Anything else?
Yes. If you have seen a website where you will receive the Message "this website is blocked because you are using an adblocker" than we also want this to know.
Sometimes it will take a few hours, sometimes this can take up to 3 days until whe are able to break this. But we keep you updated on twitter if we are able to remove this crap.
If you have found an address please copy this address also into a TXT file and send this to:
[email protected]
A few of our blocked URL's might cause some HTTPS errors. For this we have the Root Certificate and because of this we are able to manage this errors within a few minutes.
If you are using the keweon Adblock Root Certificate and find an error on a web page than make a screenshot OR send a TXT file with the URL.
We will double check this and if we see that this address needs to be placed in our HTTPS certficate we will do this. If something wents wrong we will remove this address from our blacklist.
If you see or find an error within the HTTPS certificate than we also need this to know. Send the screenshot or the TXT file to this address and we will take action.
[email protected]
Update of white and black lists
Currently we have a job, we have family and we can not offer 24x7 support for this. This system is just a damn small system, it's a hobby and this update procedure can cause a timeout for round about 60 sec. when we do an update on our DNS Servers. We know how to solve this but we don't have the money currently for this.
This update has only impact to NEW site and URL requests.
If you are playing an online game, stay on facebook or doing work on the same site you will see no interruption. If you do a new site request and you will see that this request runs into a time out take a smoke or move away for a new cup of coffee.
I hope you enjoy this and if you have any recommendations please let me know this.

What is keweonDNS?
keweonDNS is more than just a simple adblocker system. keweon is a solution which offers a lot of cute things.
privacy Protection
protection by Virus and Trojan infection (prevent the download of additional files)
protection against spying (blocking the source address)
Internet without Ads and Popups
real time online ad-blocking
domain address based
working with ipv4 and ipv6
tracking protection
malware protection
spyware protection
trojan protection
fake security filter
fake software filter
phishing protection
advantage because of all of this: up to 50% faster internet on all devices
We also have found a solution where we are able to block even IP Addresses and filter single websites or a picture. But currently it is to expensive to release this for public usage.
We need your support!
The keweonDNS phishing protection is a beta solution at the moment because we have the idea. We know what to do. We know where to do.
But we have no email with a phishing address or URL. We hope someone of you is able to support us and send us a few URL's.
If you receive a phishing mail than copy the content of the mail into a TXT file. Please make sure that you will copy the PHISHING address into this TXT file and then send the TXT file as attachment to:
[email protected]
!!! ATTENTION !!!
IF YOU DON'T KNOW WHAT TO DO - NEVER CLICK ON A LINK WITHIN A PHISHING MAIL.
ASK A FRIEND OF YOU OR SOMEONE WHO KNOWS WHAT TO DO!​
Click to expand...
Click to collapse
​If you are not sure than you can forward and send the complete mail to us. Please send this mail to:
[email protected]
The problem is that our mail provider might filter this mail. That is the reason why we are asking for the source and destination address within a text file.
It will not help if you only send a screenshot because the LINK and the LINK REFERENCE are completely different. It's also an idea if you are able to save the message and send the message as ZIP file.
If we have this mail we will take action and prevent phishing attacks when you are using the keweonDNS Servers.
Currently we have not a real solution how you can send the information's within a secure way. You can do what you want as long as you are safe and can make sure that you will be not infected.
If you have any idea how to send the complete mail your welcome to keep us informed.

It seems no one is using this System because of my self signed Root Certificate.
I want to get rid of the Certificate installation.
Does someone know if there are some provider who offers free public web server certificates?
Currently I only know Comondo.
Thanks in advance!
(2015/12/11 - 12:15) EDIT:
Click to expand...
Click to collapse
We have done a Certificate request with public domains entries within the SAN field.
After this the certificate request was catched by fraud detection and they denied the certificate.
Bad luck for us. But we don't give up.
If someone knows a different solution than our Root Certificate please let me know.
At the moment it is only possible to get rid of the HTTPS trash with our Root Certificate.
Thanks in advance!

Over 500 Hits and no one seems to be interessted?
Can someone explain to me why there is a problem to give it a try and test this System?
Would be a great thing. Thanks in advance.

I'll give it a try, i already promoted it over my friends, i thank you for your work
Inviato dal mio Nexus 4 con Tapatalk 2

jacomail95 said:
I'll give it a try, i already promoted it over my friends, i thank you for your work
Inviato dal mio Nexus 4 con Tapatalk 2
Click to expand...
Click to collapse
That's good to know.I will Update this Thread with more options.
I have no exerience with Italy and ads, Malware and Spyware.
Hope you will give some feedback to optimize it. Infos and how2 will follow within this Thread the next few hours.
Thanks and I hope you enjoy this system

Now you can help us with update and clean up the white and black lists.
http://forum.xda-developers.com/showpost.php?p=64055856&postcount=2
Best regards!

Hello , thanks for this dns. Could you provide server & net provider information?
Please take a look at dnscrypt.org , usage would be great.
Your website isnt loading , what happened
Sent from my GT-I9505 using XDA Free mobile app

HeathenMan said:
Hello , thanks for this dns. Could you provide server & net provider information?
Please take a look at dnscrypt.org , usage would be great.
Your website isnt loading , what happened
Sent from my GT-I9505 using XDA Free mobile app
Click to expand...
Click to collapse
At this point DNS encryption is not a thing we Plan to implement.
This System is comlete VPS based and a real smal system.
We are using some overloaded security on the servers. If we have success to establish this as an commercial system we will use DNS encryption.
But at the moment we only want to clean up the Black and white lists and for this DNS encryption will cause more troubles than security.
Best regards!

Technical Focus:
It seems that adblock blocking will become the "Advertising Surprise XXL Feature" for 2016.
May be for all other Adblockers. But this will not work with the keweon System.
We cross the fingers and we wil see :fingers-crossed:
Blocking Adblocker which blocking ads to make sure that ads will never blocked
If you see any Website which is blocked when you will use an ad-blocker please test this also with the keweon System.
Yahoo is working on this to prevent ad-blocker usage.
We are working on this problem too and for a well-balanced result we take the other side.
Help and let us know when you find such a site!

Tell us what you think about this:
kinox.to and movie2k.to are now 98% ad free.
We also removed the abo traps when you use this sites on your mobile phone.
Best regards and we hope you enjoy this!

What are you doing with all the user data you are collecting with this?
Gesendet von meinem HTC One mit Tapatalk

flummi3000 said:
What are you doing with all the user data you are collecting with this?
Gesendet von meinem HTC One mit Tapatalk
Click to expand...
Click to collapse
Collecting data? From users? Or any connections?
I guess you are german because that's typically german bull****!
Who the hell told you that we collecting data? Collecting user data via DNS Server? Did you saw any data collection?
Do you realy belive that we break the communication to nearly everywhere and than we collect data for what?
Oh damn!! Almost idiots only here in germany!

Sprint
Anyone know how to change the DNS on android KK?
Sent from my N9515 using XDA Forums Pro.

brad65807 said:
Sprint
Anyone know how to change the DNS on android KK?
Sent from my N9515 using XDA Forums Pro.
Click to expand...
Click to collapse
Check the Playstore and search "RomToolBox". But this tool requires root.
Unfortunately I'm using currently an iPhone but with this Tool I have had the best experience on android.
With higher versions than KK (4.4) I have no clue how to change the DNS Servers because HTC OneMax with 4.4 was my last android device.

I just use the DNS changer from Playstore. Works fine so far. Thanks for your effort!:good:

Shockwave71 said:
I just use the DNS changer from Playstore. Works fine so far. Thanks for your effort!:good:
Click to expand...
Click to collapse
Good to know. thanks for the Feedback :good:

bencozzy said:
I have to agree this is not open source so only security conscious conclusion is that you are data sniffing.
Click to expand...
Click to collapse
Hmmm... Data sniffing with DNS? How? And why?
Everyone is claiming that it is not possible to protect data. I have found years ago a solution and after 10 years I decided to launch this as an online solution.
Let's assume that I will data sniffing. What can I get?
Compare DNS as a phone book. You have the option to look inside where the Webserver or the destination exists. You are searching only a phone number or IP Address.
If you take data from the webserver this will not served and offered by the DNS Servers because this will be done from the webserver which you are browsing to. DNS is only telling your browser, hey go there and there you will find the rest.
The only thing I would get is which IP address is seeking for what address. So what data I should sniff? I only will get the information which IP address is searching xyz.com. Based on this information what should I do with this?
If I would like to have this Data that makes no sence because I have a account to statista.com where I can get more and detailed informations about this. Therefore is no need to launch such a tool.
I decided to build this project DNS based because in no country of the world it is requrired to log DNS request. May be China is an exception but especially in germany where it is required by law to log EVERY web server access DNS will be an exception.
Everyone is claiming that it is not possible to filter dangerous things within the Internet or web sites. Also the site and user tracking. If you use my DNS you can browse to Amazon do a search any you will get not "stalking result" when you visit ebay after your amazon visit.
I have disabled this online tracking which a lot of people say this it not possible. I'm working with this keweonDNS solution since years and also a lot of other people. This was finally the reason why I decided to launch this system as a public system. I'm specialist for Active Directoy since 2000 and I promises to you I will and I can do things with DNS where others will never dream of.
And yes. The system is closed source. And it will stay closed source.
On the one hand I have spend years of work into this system and if you ask someone who has experience with DNS this guy will confirm that this will not work what I do. I heard this so many times - but it's working. On the other handy I keep this closed because I will give no one the chance to break my system or doing some evil things.
If this system will have success than hey, I will find an Investor and I'm able to implement all the security features and launch this as an global system. Yes, this is what I want to do with this.
At the moment you will see only 20% of it's power because all other things would make this system damn expensive when I would release this as public system.
Big companies better pray that this never will happens because for them this system will become an evil nightmare.
If it's no success and everyone has concerns to use it than I will put everything back into the drawer and that's it. At the moment it is fun, fun, fun and more fun. Nothing more.
The same is with my Adblock Root Certificate. I was searching a solution. I found it and it's working. Within a Windows System you will see 42 root certificates. Do you know what they will do? Do you know what they are responsible for? I guess you will not know this but you trust them by default.
I will open and release my complete certificate if you want.
I can not take the fear away which you might have with my system, it's up to you to use it. But the main reason is I want to keep my data on my machine. I don't like if someone try to spy me, my machine and everything what I do.
At the moment I only want to know if the Black and White Lists are OK. To launch the system as a public system there is a lot of additional work required which is not possible that one or two guys can handle this.
I have a solution. I offer the solution as a public system and I will never say that this is the master solution. But with keweon you have more security and options than every other system.
It is absolut O.K. that someone thinks twice bevor he use this system. It is absolut O.K. when someone do not trust the certificate. And it's absolut OK when someone think that this is a big peace of sh**t.
I expected a lot of complains and I'm prepared for nearly everything.
But to think that I'm collecting data?
That's a hard pain because this is what I hate and that is something what this system prevent.
If you will not trust this solution it's O.K. for me. If you have any recommendations how can I achieve more trust into this system than let me know this because I'm open to anything.
Best regards!

bencozzy said:
I have to agree this is not open source so only security conscious conclusion is that you are data sniffing.
Click to expand...
Click to collapse
Just shut-up for godsake if you want to use it use it, or if you don't leave it, why so many complaints, go learn computer networks DNS stuffs and then talk, its just a solution, there are many other adblocking solutions out there. If you are concerned with too much privacy why use Google or xda there's trackers everywhere, its inevitable to avoid. Grow up please.

Private DNS for Android (and other systems)

Private DNS has been around for a little bit on newer devices. However, finding a service that provides both the Private DNS side (TLS) and ad-blocking, filtration of bad domains, etc., has been another whole mess.
I've launched a donation-backed Private DNS service which provides an internet-side option. Think pi-hole style blocking without needing a VPN or only working from your LAN.
What's this entail?
1. Running Android Pie (or anything with the feature ported to it)
2. Using a custom Private DNS Server address that I will provide.
What happens?
1. Your DNS requests are routed via DNS-over-TLS to my CDN virtual machines.
2. Your DNS requests are then locally processed through several internal systems including the infamous Pi-Hole.
3. Final data requests from the local resolver are forwarded via DNS-over-HTTPS to root DNS servers such as 1.1.1.1 and others that are found to support HTTPS protocol.
4. No personal data is stored. Only data with respect to filtration is stored such as blocked versus permitted domains, hit/misses, and caching statistics to continue to develop a more fluid system.
What do I do?
Put "DNS.DEREKGORDON.COM in your Private DNS settings for Android.
Use IP address 35.243.170.151 for other applications to include your home network router, ChromeOS, etc.
Like it? CONSIDER DONATING. This system is kicking out almost one million responses a day for users.
More information is at http://www.derekgordon.com/dns/.
Always provide THANKS no matter what folks. It's the nice thing to do....

So we are looking at a encrypted dns with ad blocking? I would be into trying that.
I'm using dns.agduard.com at the moment on my Huawei P20 pro running Android pie.

Have a number of people using it without issue now....
Check it out here:
https://www.derekgordon.com/dns

crypted said:
Have a number of people using it without issue now....
Check it out here:
https://www.derekgordon.com/dns
Click to expand...
Click to collapse
I'm gonna check it out

Cool. Give it a go. My only concern now rests with the attack prevention stuff I've added. It rate limits and bans those who are hitting the server or servers if expanded quite hard. Basically it's to ward off attackers. Anyway no bad reports from it but it's the only factor I'm not totally sure of.

Gonna give it a shot and give you my results in 24hrs.

Cool. I have zero issues on our family's Pixel 2s and 3s. No one said much bad except someone who had login issues on an Xbox when they used the system for their network's DNS. I solved that for them.
Note I'm not filtering Google ads domain as a few people complained since they click the first couple links on Google. I haven't felt intruded upon by ads with this change since making it a couple weeks back.

hi,
sometime i can use this dns, sometime cannot.
my mi 8 using baskalos rom stated coudlnt connect.
issit because of my isp?

Very strange. No one has reported that issue. Is it the same result on WiFi vs mobile data? Want to give me your IP to search logs?
I've used the server in four countries on various WiFi and mobile netwiens without issue on Pixel 3.

How did you get the Private DNS in android Pie to recognize your dns server? I've got my own pi-hole server, yet when I put in my FQDN, I lose internet access on my phone.

First, I don't use Pi-Hole only. I made a custom Debian image and deployed it into the world of CDN. Pi-Hole's opensource software was incorporated as one of my mechanisms for blacklists.
To your point on connection, you need two things: 1) a TLS server to establish the connection and 2) signed certificates for the domain you are using installed on your server. Android will connect via TLS and will verify that your certificate is valid against its root certificates on the device.
Happy note - my server is providing over 250,000 queries daily now and over 90% connect via TLS so that indicates lots of happy Android users.

I'm check yours out and see how well it compares to the VPN connection I currently use to my pihole.

Been loving your Private DNS so far. Great job on it. Question though, do you have a form or something for people to submit domains that are blocked and shouldn't be?

Hey. Feel free to tell me these domains. There is such high usage and hardly any feedback so I haven't even thought about it. I could make a Google Form later.

Actually, I had a spare moment at lunch. Try this: https://forms.gle/oGtAFKAc7yJPmmEZ6

crypted said:
Actually, I had a spare moment at lunch. Try this: https://forms.gle/oGtAFKAc7yJPmmEZ6
Click to expand...
Click to collapse
Was gonna request https://go.redirectingat.com be unblocked since many many sites use it to link to products on sites like Walmart and Amazon. Can't use that form though since you require a screenshot URL, and I can't screenshot a redirection site.

You figured out a good workaround to make your request. Processing now, give it a minute and should be good.

All of your requests are cleared if you didn't notice yet. Happy browsing.

Not really sure how to publicize this and it probably isn't worth trying to do... But for those who do use this, and there are plenty of folks, I have been working on some changes.
1. These will not work with Android as I don't have the extra cash to blow on more SSL certificates. But, they will work for home networking purposes:
US.EAST.DNS.DEREKGORDON.COM
US.WEST.DNS.DEREKGORDON.COM
DE.FRUNKFURT.DNS.DEREKGORDON.COM
BR.SAO.DNS.DEREKGORDON.COM
2. DNS.DEREK.GORDON.COM is now a pool of a number of VM instances that are connected to Google's CDN. It will grow as necessary. This helps spread out some of the intensity that has been hitting the TLS daemon.
3. Servers will automatically reboot between once a week to every other week depending on load and latency. Sometimes the intense flood of queries really makes things sluggish. Reboot takes just a few seconds and I'm working for it to time it during off-peak hours so hardly anyone will notice.

Hi, I have my own pihole installed on aws server. Could you please share tutorial how could i make it work with private dns in android pie. Thanks.

keweonDNS - info, facts and what is keweon actually

keweonDNS - info, facts and what is keweon actually
First, I would like to thank everyone who has used and thus supported keweonDNS, because without you this would not have been possible. The XDA Developers Forum and the Android-Hilfe Forum many thanks, as sometimes things aren't easy with me.
Everything I've developed over the last few years has to do with DNS, and this provides a little insight into what you can accomplish with DNS. Clearly, it functions, it performs – but maybe some of you have a piece of advice on what I can do differently or perhaps even better, after all, I'm up for everything.
With that said, here's the answer to what is keweon. In a nutshell – THIS is keweon:
keweon is an artificial bio-neural network capable of autonomously detecting online threats of various types, effectively blocking them and thwarting threats before they pose a threat.
Self-developed AI algorithms are used, for example, to perceive and forecast threats, as the application of stochastics (probability theory) has proven to be ineffective or too slow. These predictions currently reach up to 4 days, or 96 hours, into the future.
keweonDNS identifies and blocks Internet addresses prior to them being enrolled and live, regardless of whether the address is a domain, an alias, or a host. Detection is performed with a reliability of slightly over 80% with an error rate of approximately 20000:1.
Bio-neural AI technology safeguards against online threats without the necessity or requirement for SSL decryption of network traffic.
Click to expand...
Click to collapse
At this stage, I will not be able to outline all the details here in the forum. On the one hand it becomes too much and on the other hand “the giants” – you have cribbed enough from me so far – also read here. By now, the planned public documentation exceeds 100 pages, and I intend to accommodate and cover everything. So, before I post everything on the website, I'll first share it here on the forum with a limited group of contributors, as I'm interested in questions, feedback, and perhaps one or two remarks.
Why bio-neural network?
The most well-known neural network is the brain, whether in humans, animals, or plants, where information is perceived, classified, prioritized, and processed. As far as humans are concerned, the information is transmitted via sensors. In IT, this is called an “agent”, an unfortunate choice of words, in my opinion.
Sensors refer to basically anything that receives and transmits data. Nose, tongue, and eye are for instance sensors that transmit information to the brain and when processed in the brain, the neural network, triggers an action. Example: Fire (vision – sensor eye) + Smoke (smell – sensor nose) = Action (decision triggered by the neural network) is escape.
The goal of an AI is to artificially reproduce this “biological” behavior or sequence. The same applies in IT as in biology, a neural network must always be part of an AI. For me, there is no superior way than to apply this kind of approach to DNS.
How does keweon act as an “artificial neural network”?
What you see here is the so-called “frontend”. The one you know as the keweonDNS server:
Spoiler: keweonDNS - Frontend
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
There is nothing special here yet, nor does it have anything to do with “AI” or “ANN”. We will go into this in more detail shortly.
Let's talk about the “bio” factor. — To ensure that the keweon AI only does what it is designed to do, it was essential to set up not just one, but several control instances. Policing of the AI rests not only with the AI itself, but also with the user and with me. That is why I have used the term “Shared Manage & Controlling” to describe this process.
Internal control mechanisms within the AI guarantee that the system regulates, manages, and even polices itself. As an example, if the AI is manipulated by an external attack, a variety of defensive countermeasures are triggered, up to the most severe case, shutting down the infrastructure entirely. At this point, the DNS would remain operational, but at a slower pace and only with the default responses of the global root DNS servers.
By leveraging keweonDNS servers, each user, and their device, whether it's a cell phone, PC, or IoT device, automatically becomes part of the artificial neural network. To top it off – none of the user data is required to be collected for this, or even necessary at all. Through the query arises the control, and through the control arises the answer. In this way, sensory control and sensory data transmission occur simultaneously with the DNS query. Based on the term “crowdsourcing”, I have called this process “crowd request sourcing”.
User data collection at keweon?
At this point, I will only briefly outline the matter of data collection and processing, since that would completely go beyond the scope here.
No information is collected from users, devices, or other sensitive data within the scope of the GDPR; rather, the information processed relates solely to the DNS request. In other words, the address, FQDN, host or alias of the DNS request, namely only data that a DNS server possesses inherently, is used for this purpose. It doesn't matter who or what requested the address, only how often an address is queried becomes an additional assessment criterion for the AI. In part, this looks like this:
Spoiler: DNS Counter example
As a result, you can spot things, as seen here on the Apple iPhone, wherein strange DoH resolvers are doing DNS resolution in a hidden way. Apple's commitment to data security and privacy already belongs to the past. Especially, with the implementation of the advertising framework in the iOS operating system, the company is sawing at the branch it is sitting on, in my personal view.
At no time will keweonDNS collect or parse user data. The mistakes made by Jan Koum have taught me a lot. That's why I designed the entire development to make it technically impossible to ever do that. Data is processed only from the “root DNS server” to protect the user's privacy. In this way, “hidden (user) data collection” is prevented and ruled out, even if investors enter the project.
The fact that this is impossible turned out to be something I did not expect, indeed a knockout criterion for investors. Still, my point of view in this regard should be well known. Further details on data protection can be expected on the website in the section “AI & Data Protection”.
How does DNS work at keweon?
It functions not unlike any other DNS server.
Query from your device to DNS: What is the IP address of www.example.com?
DNS looks in the cache. If the response resides there, your device will get the IP address.
If the address is not in the cache, the subsequent (virtual) response occurs:
Wait, I don't know the address, but I do know a DNS server that might be aware of the answer.
Passing the query to the next DNS server (henceforth, it is no longer the IP address of the user who asks the query, instead it's the DNS server).
Passing the query to the root DNS server, which looks up the response. If the root DNS server does not know the response, it returns an NXDomain response, which means “Not existing domain“, or the matching IP address is returned.
The response passes through one or more validations and is then returned to your device as a response via the DNS resolvers.
DNS Mission accomplished.
The so-called “Visible Layer“, which are the DNS servers that you use, respond as DNS, are DNS and do DNS. All they provide is DNS over port 53 – and nothing else. No proxy, no other technology. 100% DNS. Well, companies that offer solutions for DNS-layer security – please keep reading, you may learn something. (#CISCO, #Cloudflare, #Microsoft, #Google, #Apple)
The AI, the so-called “AI Hidden Layer”, is the exciting part. In this context, the term “hidden layer” is used when referring to an AI because the AI itself is never directly addressed and is invisible to the user.
The “AI Hidden Layer” is a self-contained layer, or rather should be, to prevent manipulation or attacks. By far the best example of how an AI should not be built is Microsoft's “Bing AI”. It is reported that the staff there is already busy working on the implementation of AI-provided advertisements and sponsored responses. Effectively, this soon means that whoever pays more has the privilege to manipulate on a larger scale. Like Apple, this clearly shows that mistakes (from the past) are obviously ignored instead of drawing lessons therefrom.
AI and ANN – an architectural overview
The DNS server, the “hidden layer” that enables the entire technology, is shown in the figure:
Spoiler: keweonDNS - an architectural overview
I tried to keep it simple, and I hope it turned out well. If you have any questions – please let me know.
Hidden Layer – how does keweon act as an “artificial bio-neural network”?
We take the address “www.i-net.nx” as an example and assume that this is requested for the first time. The address in question is a “good address” invoking a “bad address” in the background – i.e., “bad.i‑net.nx” via a JavaScript, and so remains invisible to the user. Even though the TLD “.nx” does not exist obviously, we assume that it does.
The query originates from a cell phone and is transmitted to the keweonDNS servers.
Assume that here a fictitious counter starts with 0ms (0 milliseconds).
The DNS server doesn't know the address and passes on this request.
So far, ordinary DNS – now we let the magic begin!
Prior to forwarding, two databases are queried to see if this address is known in the “Allow or Deny” database. Of course not, we assumed a totally unknown and completely unfamiliar address.
The query i-net.nx is now forwarded by the ANN (Artificial Neural Network) to the root DNS servers, which in turn query the global root DNS servers. Within the ANN, this address is “copied” and passes through some checks in parallel, regardless of what is returned as a response.
The query is passed to the keweon root servers, which in turn passes it to the AI and analyzes it via the Pre.Ident process, which works with data such as “Newly Registered Domains”.
Note: “DNS firewalls”, for example, have a feature that blocks all newly registered DNS domains. Basically, pointless, and wrongly implemented – yet companies spend a lot of money on this feature and fill meaningless colorful dashboards with it. All that matters though is that they are colorful and have KPIs – no one questions whether this makes sense.
The security benefit on a scale of 1 to 10 is -10, since this represents a security risk on one side and pretends a “misleading security” on the other side. “Newly Registered Domains” are verified at keweonDNS via the Pre.Ident process and are not blocked across the board.
Spoiler: DNS Pre.Ident process – an overview
The Pre.Ident process performs the initial analysis of the query and is responsible for detecting threats that are emerging or may arise. As mentioned at the beginning, this can also be done with probability theory, for example, but this has proven to be too inefficient and too slow. The current predictions for “bad domains” extend up to 96 hours (4 days) into the future. This is calculated using the HFRA algorithm (High Frequency Research Algorithm), among others.
All AI processes and algorithms, such as Pre.Ident and the HFRA, are completely independent of each other, but support each other or collude.
The idea for the HFRA algorithm initially originated from a good friend, who sadly passed away from a brain tumor in 2017. Harlim was the lead developer for high frequency trading at a large German bank, and he contributed a lot despite his illness. High frequency trading ends with buy or don't buy, or to stay with DNS, block or don't block.
After the Pre.Ident process, the domain is decomposed into FQDN, IP, and Alias and inspected i.e., using the certificate instance. The big secret with the certificates is hence, on the one hand, to assign a positive certificate to all blocked addresses and, on the other hand, to be able to check and classify the DNS data on the fly. This procedure eliminates the need to resort to further DNS data and ensures the (self-)control of the AI.
Meanwhile, the ANN has (pre)analyzed the address and the PAA (Perimeter Analytics Algorithm) checks whether the server contains, i.e., malware or ransomware or whether this server shows other critical or endangering indications.
Whether and how a server, address, or IP is “malicious” is weighed by the various logics. The current criteria catalog includes a total of 1394 so-called matching points, how an address is to be evaluated if it is known, and up to 83 matching points for unknown addresses (floating run), whereby various factors also play a role.
Using fuzzy logic within the AI and with the help of the ANN, not only is it decided whether an address is “good” or “bad”, but also the result “I'm not quite sure” can be generated. This in turn causes a weighting and the ANN decides here “Allow or Deny” – based on further algorithms.
This decision that it is probably a good address is passed to a “returning logic“, evaluated as good, and thus the original IP address is returned to the user. It looks roughly as follows (in excerpts):
Spoiler: DNS Rating example
Let's stop the fictitious counter here (which we started at the beginning) and now, about 20ms (milliseconds) later, the user gets the response.
The returning cycle decides here when and if this address must be examined again, in which level of detail and possibly via a second, third etc. analysis of the address in the background. Different criteria are used depending on the weighting. Some addresses are checked every hour, others every week.
The web page is loaded and, as noted, it contains a JavaScript with the bad address. Since this address has at no time been requested, it is blocked from point 5, at the latest from point 6. The user gets this address returned, but with an IP address that states this address was successfully resolved and passes a virtual “OK” to the browser or JavaScript to make it believe that the address was properly resolved and does not need to be requested again.
If the address has now been resolved, the AI's work continues anyway. The address is reviewed again for a more detailed assessment of the threat posed by the address, as well as its rating. For this purpose, the address gets analyzed in detail in the background using the crowd request sourcing method and the HFRA algorithm. This time the entire program, because now it compares, for example, where the server is located, what the IP address does, what the server does, along with other options, and the results are again compared with other and similar addresses.
For one or two addresses this still sounds logical, but if we now take 20 or 30 addresses, it becomes more complex. The database currently consists of about 960 million addresses.
Summary
This is just a small part of what keweon is all about. Obviously, there is much more, but for now I'm curious to see who copies all this and uses it for their marketing. Admittedly, who knows me a little, understands that this is far from being everything.
The thing I'd like to know from you now:
What do you think about it? How do you rate it? What information do you miss here?
Comments, hints, tips, and questions are welcome and appreciated.

Frequently Asked Questions (FAQs)
As an additional service to help users find certain information quickly, I will compile answers to some frequently asked questions about keweon here and continue to update this post.
Spoiler: keweonDNS Server Addresses and IP's – PRIVATE USAGE ONLY
Certificate:
https://pki.keweon.center
Apple DoH Profile:
https://apple.keweon.center/DOH/dns.mobileconfig
Apple DoT Profile:
https://apple.keweon.center/DOT/dns.mobileconfig
DoH Server Address:
https://dns.keweon.center/nebulo
or
https://dns.keweon.center/dns-query
DoT Server Address:
dns.keweon.center
DNS IPv4:
84.16.252.137
84.16.252.147
DNS IPv6:
2a00:c98:4002:1:8::5
2a00:c98:4002:2:c::80
Spoiler: Find the Post in your Preferred Language
German – Android-Hilfe Forum
Spoiler: The “GOOD OLD” Thread
keweonDNS - now with improved Certificate (iOS, Mac & Android)
Spoiler: PersonalDNSFilter with keweonDNS – PRIVATE USAGE ONLY
Initially, disable any active “Private DNS” in the Android connection settings.
Certificate:
https://pki.keweon.center
In the PersonalDNSFilter app itself:
Open the list of registered DNS servers.
Check the box next to “Disable DNS server discovery - Manual DNS servers as follows:” and activate the slider next to “Text based editing mode” in the section.
Add the following addresses to the displayed list using Copy&Paste:
DoH Server Address:
[178.162.228.115]::443::DOH::https://dns.keweon.center/nebulo
or
[178.162.231.49]::443::DOH::https://dns.keweon.center/dns-query
DoT Server Address:
[84.16.252.138]::853::DOT::pdnsfilter.keweon.center
or
[84.16.252.138]::853::DOT::personaldnsfilter.keweon.center
Next, uncheck the slider next to “Text based editing mode”.
Finally, check the boxes next to the added DNS servers and uncheck all others.
Spoiler: NetGuard with keweonDNS – PRIVATE USAGE ONLY
Initially, disable any active “Private DNS” in the Android connection settings.
Certificate:
https://pki.keweon.center
In the NetGuard app itself:
Located under “Settings” is the interesting “Advanced Options” feature.
Then enter either both IPv4 or IPv6 addresses for “VPN-DNS”:
DNS IPv4:
84.16.252.137
84.16.252.147
DNS IPv6:
2a00:c98:4002:1:8::5
2a00:c98:4002:2:c::80
Note: In order for the IPv6 addresses of the DNS servers to be accessible from your home network, it must be IPv6-capable.
Spoiler: AdGuard with keweonDNS – PRIVATE USAGE ONLY
Initially, disable any active “Private DNS” in the Android connection settings.
Certificate:
https://pki.keweon.center
In the AdGuard app itself:
Tap the “shield icon” at the bottom of the screen and activate the slider in the “DNS Protection” section.
On the same screen, tap the “DNS Protection” label to access the DNS settings.
Located under “Choose DNS Server” is the interesting “Add Custom DNS Server” feature.
Type in “keweonDNS” as the “DNS server name”.
Then enter either DoH or DoT for “DNS Upstream”:
DoH Server Address:
https://dns.keweon.center/nebulo
or
https://dns.keweon.center/dns-query
DoT Server Address:
tls://dns.keweon.center

@MrT69 Greetings. Please check your PM inbox. Thank you.
-Regards: Badger50

another "dns" dev here
This sounds exciting and novel. All the best!

@MrT69 great to se the DNS still going on. I hope you still remember older people

So, how do i set this up on Android using the Adguard app?

Blackeyedangel said:
So, how do i set this up on Android using the Adguard app?
Click to expand...
Click to collapse
Take a look at post #2.
There you can see the spoiler for “keweonDNS server addresses and IP's – PRIVATE USAGE ONLY”.
There you will find all the addresses you need. I don't know the AdGuard app, but I'm pretty sure you know what to use when you see the addresses.
Or just use the Android internal option “Private DNS” and set the “DoT Server” there.

methuselah said:
@MrT69 great to se the DNS still going on. I hope you still remember older people
Click to expand...
Click to collapse
Of cause It's years ago but some people I still remember.

:::UPDATE::: The configurations of AdGuard and NetGuard are added in the FAQ.