Related
Description:
Positron allows you to share your location with your friends in a completely secure way.
Basic Idea: End-To-End encrypted Google Latitude (or Apple's Find My Friends) via XMPP.
You can use any existing XMPP/Jabber Server (or set up your own).
(End-To-End encryption means that only you (sender) and your friend (recipient) is able to decrypt the message. Nobody in between (e.g. the server) is able to decipher the content!
Click to expand...
Click to collapse
Features:
* Securely send your location via XMPP/Jabber
* Request your contacts' locations
* View your contacts' recent locations on a Map
* 1024Bit RSA / 256Bit AES Encryption
* Automatic Public-Key Exchange via VCards
* Public-Key Verification using QR-Codes
* Use any XMPP-Server (jabber.ccc.de, jabber.belnet.be, ...)
Click to expand...
Click to collapse
The App has been in development for some time now and has reached a pretty stable level - so I guess it's time to drop the closed beta restriction and expand the audience to get more feedback!
I plan to release the source-code when the app is a bit more mature, so you can verify the security claims - encryption is worth nothing if you can't trust the author
What do you think? - Try it out and post your feature suggestions, comments or other ideas!
Market Link:
Code:
https://market.android.com/details?id=de.ility.android.positron
QR-Code:
Code:
https://chart.googleapis.com/chart?chs=256x256&cht=qr&chl=https://market.android.com/details?id=de.ility.android.positron
Google+ Page:
Code:
https://plus.google.com/u/0/112976427851996289107
Code:
Changelog:
v.0.3.8
* Android 3.x/4.0 Support!
* Reduced traffic usage when reconnecting
* Dialog when receiving an update from an unknown address
* New Position-Accuracy-Circle of received updates
Sorry for the text-only links and missing pictures - I'll update this post as soon as I've got the necessary post count!
Just the QR based verification seems like a major step forward for the WoT. Very nice looking project.
Thanks, yep using the qr-codes it's pretty easy to verify out-of-band. I've started writing a three way handshake using qr-codes, but I guess it isn't really necessary in real life
New Version released (v0.3.8)
* Android 3.x/4.0 Support!
* Reduced traffic usage
* vCard Sync-Frequency can now be configured via Settings
* Added a Dialog when receiving an update from an unknown address
* Accuracy of your current location and the accuracy of updates you receive is shown inside the accuracy-circle
If you're running Positron on an Android Tablet, please post your feedback!
Feature-Request, Suggestions, etc. are always welcome!
Hi,
What if I don't need a periodical updates.
I'd like just if someone wants to see my actual location, he opens the app, selects me and his app will send a ping to my phone which will once update my location and send notification back to my friend, who will then see my current location on the map. So that everything runs on the background without me even knowing.
No periodical updates, no battery drain, always current position.
I've been looking for such app for some time now, but without success.
Can you implement such functionality into your app?
Anyone Get the Google warning?
Sent from my MB860 using xda premium
foxrivertrekker said:
Anyone Get the Google warning?
Sent from my MB860 using xda premium
Click to expand...
Click to collapse
Chrome just gave me the alert:
"Danger: Malware Ahead!
Google Chrome has blocked access to this page on forum.xda-developers.com.
Content from security.rltk.us, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware.
Malware is malicious software that causes things like identity theft, financial loss, and permanent file deletion. Learn more..."
Is it an ad that's causing it or ...?
i posted somewheres else about this as well ...... any mods have an answer ?
Same here. Sure like to hear from someone in charge around here
nukebreath said:
Same here. Sure like to hear from someone in charge around here
Click to expand...
Click to collapse
Seems to have cleared up. I haven't searched yet for other threads/responses, but just did a little more digging on security.rltk.us. Appears Google Safe browsing has the originating site as blacklisted due to being categorized as "Adult & Pornographic content". Per Sucuri SiteCheck it's been blacklisted but clean, but provided a clean security report (warnings found):
Blacklisted: Yes
Malware: No
Malicious javascript: No
Malicious iFrames: No
Drive-By Downloads: No
Anomaly detection: No
IE-only attacks: No
Suspicious redirections: No
Spam: No
Plus it lists other sites that checked the domain and cleared it:
* Domain blacklisted by Google Safe Browsing: security.rltk.us - reference
* Domain clean by Norton Safe Web: security.rltk.us - reference
* Domain clean on Phish tank: security.rltk.us - reference
* Domain clean on the Opera browser: security.rltk.us - reference
* Domain clean by SiteAdvisor: security.rltk.us - reference
* Domain clean on Sucuri IP/URL malware blacklist: security.rltk.us - reference
* Domain clean by the Sucuri Malware Labs blacklist: security.rltk.us - reference
* Domain clean on Yandex (via Sophos): security.rltk.us - reference
Not going to dig much further, but possibly an ad originating from this domain and the message triggered because of the blacklist?
Credits: BSDgeek_Jake Hello Friends!
# What is a 'hosts' file? What it Does? Whats in it for Me?
The 'hosts' file contains the mappings of IP addresses to host names and loaded into memory (cache) at startup. Android OS checks the 'hosts' file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the localhost (127.0.0.1), which is a loopback and traffic is dropped instantly (saving your millions of money used by network traffic 2G/3G/4G). Another feature of the 'hosts' file is its ability to block other applications (bogus applications) from connecting to the Internet, providing the entry exists.
'hosts' file is used to BLOCK ADs, BLOCK Banners, BLOCK 3rd Party Cookies, BLOCK 3rd Party Page Counters, BLOCK Web Bugs, BLOCK Web Hijackers, BLOCK Phishing Sites, BLOCK Malwares, BLOCK Spywares, BLOCK Trackers, BLOCK Unauthorized Application connections to web and BLOCK other Malicious activities...
This is not 100% Protection but atleast it takes care of ALMOST ALL OF THE SECURITY ISSUES FACING FROM THE BAD SITES.
For full Security, Use Antivirus or Security Suite from Android Market.
# Performance Issue? Will my device run SLOW?
I am using this 'hosts' file from my chilhood days and never had any performance issue to date, Although you might have a little delay in startup for few seconds (but you will not even notice) and then everything will be cool in standby and active mode. I say "Little delay is better than ADs, Malwares and Spywares..."
# Compatibility?
OEM: Samsung, HTC, Sony, LG, Google, Motorola, Huawei, ZTE, Almost ALL OEM...
ANDROID FAMILY: 2.2.x, 2.3.x, 3.x, 4.0.x, 4.1.x, 4.2.x
# How to install?
Just Flash in Clockworkmod Recovery (CWM) and Thats It. ENJOY
Download with Dev-Host
thank for share. But not need post a new thread in here because we will have it in Android Software And Hacking General. It will be search by user.
P/s: You edit file zip? you credit for he and upload your host! It as is you bring and that it is of you. Please if want create new thread you should create link to Original Post to help any people to have update from OP's:good:
You can also use adaway from fdroid free software market
Wow, giving credits is one thing, but copypasting and mirroring is another...
And you receive thanks for sth another guy did... We do not need this type of repost
...
Anyway, editing the hosts file is much better than using AdAway or AdBlock...
nice share
Sent from my GT-I8160 using xda premium
Introduction
Welcome to the thread which is dedicated to the numerous ways of how to block advertisements on your Android device. This guide will show you different ways how users can enjoy an ad-free Android experience, both for unrooted as well as rooted users. In general, this thread will give you an overview about apps, whose purpose is to block ads within apps and even web browsers.
Searching for keywords like "ad blocking" on XDA will result in many different threads with numerous aspects. But I found the lack of a centralized collection quite annoying, so I decided to start this thread to provide users with the latest possibilities to effectively block advertisements on their Android device. There is no way I am going to say that this is the "Ultimative Ad-Blocking Thread", as this is (and maybe always will be) rather an evolving than a finished topic. As each user has its own personal preferences, this is not a mandatory setup, but a guide for users which are new to the subject as well as for users, that have experience but nevertheless want to learn about other possibilities.
Basics
So let's start with some basics. There are different ways how to block ads. The most popular one is the use of so-called hosts files. Basically, this is a local file, containing a list of web addresses, which can’t be connected to from your device, so that all content (for example ads, banners, 3rd party Cookies, 3rd party page counters, web bugs and even most hijackers) from those addresses will be blocked. This way no advertisement content originating from those addresses will be shown. For more information about host files, visit Blocking unwanted connections with a hosts file.
Important: if you use a browser with data compression feature (like Chrome or Opera for example), you have to turn off this feature within the browser, otherwise the ad-blocking by using the host file will not be reliable any more. This issue arises from the fact that all data traffic is redirected over a compression server, which will result in the fact that all data – content and ads – are coming from those servers instead of the original ones, whose names are included in the host files.
So much text! Where are the apps?
Here they are. I have set up four categories for you:
Root required (check post #2) – apps that require a rooted device
No root required (check post #3) – apps that don’t require a rooted device
private DNS (check post #4) – utilizing Androids private DNS function
Browsers with ad-blocking methods (check post #5) – ad-blocking web browsers
Please note:
I have just started to fill this thread with information. If you are interested, but not satisfied with the provided information, please consider re-visiting this thread after some days and check the change log.
Disclaimer:
I am not responsible for bricked/broken devices due to modifications you decided to apply on your device. Furthermore, none of the linked apps in this thread are my own work, so I am not able to include more features or fix bugs. If you feel the need to ask for features, please visit the corresponding app’s thread or web page.
Credits:
delta_foxtrot2 - for AdFree
mrRobinson/PerfectSlayer - for AdAway
Team AdGuard - for AdGuard
M66B - for NetGuard
BSDgeek_Jake - for MoaAB - Mother of all Ad-Blocking
Mozilla - for Firefox Browser
arnaud42 - for Kiwi Browser
Root required
AdFree for Android (XDA thread)
AdFree is a simple app for Android operating system that modifies the system hosts file to redirect known advertising and tracking hostnames to local host.
The current version (v0.9.9) ships with mongoose, a small webserver, and a copy of tcpdump, so you can log DNS requests, this allows you to discover new hostnames not currently blocked.
The web interface at http://adfree.odiousapps.com/index.php allows you to configure white and black lists from your desktop manually (requires a free account at AdFree).
It will block all ads within apps and web browsers. If you have issues, you have to open AdFree and enable "local web server" as well as "start TCPdump". This way you can track connections which have been blocked by checking the AdFree log file (AdFree -> Settings -> show TCP host names) and add them to your personal whitelist manually via web interface (link is given above).
Works for mobile connection as well as for WiFi connection.
required Android version: 2.1+
advantages: blocks all type of ads
disadvantages: setup of a personal whitelist/blacklist is not possible via the app itself
AdAway (XDA thread)
AdAway is an open source ad blocker for Android using the hosts file. AdAway lets you select your own sources of hosts files. In addition, you can add exceptions to your whitelist from within the AdAway app if an app is not working when specific hosts are blocked or define extra hostnames in your own Blacklist.
One big issue: AdAway will not work reliable when on mobile networks like 3G. You can deactivate that proxy by going to your selected APN (on Android 4: Wireless and networks -> More… -> Mobile Networks -> Access Point Names) and remove the value in the proxy field.
required Android version: 2.1+
advantages: properly blocks ads based on hosts file
disadvantages: does not work reliable on mobile networks with default settings
MoaAB - Mother of all Ad-Blocking (XDA thread)
Mother of all Ad-Blocking (MoaAB) is an ad blocker for Android which utilizes the hosts file. Simply flash it through recovery and most apps are blocked. However, this method requires a custom recovery to be installed on your device (and each update has to be flashed again through recovery). Furthermore, MoaAB requires a device with a minimum RAM of 2GB (MoaAB uses up to 40MB of RAM while you use your device) as well as a CPU with at least 1.6GHz to run smoothly. On devices that do not fulfill this minimum requirements, it may work but it will make your device slow and laggy.
required Android version: 4.2+ (Note: 5.0.x is not supported (memory leak)! Check the MoaAB XDA thread for more information.)
advantages: properly blocks most ads based on hosts file
disadvantages: a custom recovery (CWM, TWRP) is required to flash MoaAB (as well as each update); causes performance issues on older devices
No root required
Adguard - No Root Ad Blocker (XDA thread)
Adguard is a tool designed to make web surfing of Android users more comfortable and safe, and one of the best parts: no root is required. Adguard establishes a local VPN connection to connect to the internet, by which all advertising content is blocked. In addition, Adguard sets up a firewall to control in- and outgoing traffic.
There is a free trial version available as well as a pro version. The free trial version blocks ads in browsers, whereas the pro version (which you have to purchase after trial period in order to get Adguard working again) blocks ads systemwide (browsers + apps).
required Android version: 4.0.3+
advantages: blocks ads in apps as well as some browsers
disadvantages: requires a VPN to constantly run in the background -> burden on the system; you also need to trust the provider of the VPN
AdAway (XDA thread)
AdAway is an open source ad blocker for Android using the hosts file. AdAway lets you select your own sources of hosts files. In addition, you can add exceptions to your whitelist from within the AdAway app if an app is not working when specific hosts are blocked or define extra hostnames in your own Blacklist.
One big issue: AdAway will not work reliable when on mobile networks like 3G. You can deactivate that proxy by going to your selected APN (on Android 4: Wireless and networks -> More… -> Mobile Networks -> Access Point Names) and remove the value in the proxy field.
required Android version: 2.1+
advantages: blocks ads in apps as well as browsers; open-source
disadvantages: main purpose is achieved by setting up a local VPN (so you can't use another VPN in parallel), does not work reliable on mobile networks with default settings
NetGuard - No-root firewall (XDA thread)
NetGuard is a new open-source application, developed by XDA Recognized Developer M66B, which you might know for his famous XPrivacy modul for Xposed. NetGuard is a lightweight and easy to handle firewall, and one of the best parts: no root is required. NetGuard establishes a local VPN connection to connect to the internet, by which the user can define which applications should be allowed to access the internet. In addition, NetGuard can be used to download host files to block ads (GitHub version only, don't use the one from Play Store).
required Android version: 4.0+
advantages: blocks ads in apps as well as browsers; open-source
disadvantages: main purpose is achieved by setting up a local VPN - network traffic becomes somewhat slower (should not be noticeable during daily usage); you can't use another VPN in parallel
personalHTTPproxy (XDA thread)
personalHTTPproxy is an Android app that can filter all your HTTP (and of course HTTPS) traffic to block ads - no root needed. The app is open source software and is free of charge. It loads one or more hosts filter to block ads, thus all HTTP(S) protocol traffic will be filtered. This is very efficient when ads use the HTTP(S) protocol, but embedded ads mostly use other methods such as AdMob or AdSense, so they can not be blocked by personalHTTPproxy.
required Android version: 2.3+
advantages: blocks ads that use the HTTP(S) protocol
disadvantages: does not block ads that use other methods than the HTTP(S) protocol
Androids "private DNS" option
Since Android 9, Google added the option to set your own private DNS. This option can be found by following the below listed path.
Settings - Network - Advanced - Private DNS
(Please note: this path is valid for AOSP based ROMs and it might vary for other custom ROMs or OEM ROMs. Please use your preferred search engine to get more information about where to find this option on your ROM)
Using a custom DNS server has a lot of advantages. You can circumvent so-called DNS-based blocking, which will see an increased usage in the future in some countries, based on their corresponding laws which will force telecommunication providers to block specific webpages based on the providers DNS server. In addition, some independent DNS providers have their own blacklist, which include well-known ad sources. So by setting up your own private DNS source within Androids settings, you can block ads (and also malware) systemwide! Wow, that's pretty cool, eh? And you know what? YOU DON'T NEED ROOT OR A VPN RUNNING ALL THE TIME
But how does it work? Well, that's quite easy. Network adresses, which are on the DNS blacklist of the provider, can't be reached at all, similar to what blocking by utilization a hosts file does. If you need further infomation, please check this link for example.
There are numerous DNS servers out there which offer ad blocking, for example AdGuard, Dismail or DNSforge. If you are interested in one, please do your reserach and chose one.
required Android version: 9+
advantages: systemwide blocking ads/malware on DNS-base; no additional app or even root is required
disadvantages: no possibility to define your own personal block list (but this shouldn't really be an issue)
Browsers with ad-blocking methods
Lightning Browser (XDA thread)
Lightning Browser is an open-source lightweight Android web browser dedicated to delivering a high-quality experience. It does block all apps within the app itself, but you need to purchase the pro version for this. Nevertheless, this one does not require root, so if you are worried about your device's warranty but want an ad-free experience while surfing the web, give Lightning a try.
required Android version: 4.0+
advantages: does not require root; open-source based web browser
disadvantages: requires paid pro version to blocks ads within the browser itself; no ad-blocking in other apps; last update in late 2019 (as of April 2021)
Firefox Browser (Play Store link)
Firefox Browser is an open source web browser which most people know as a web browser for PC's. But the version for Android does not lack any important functionality, it even offers the possibility to install plugins, most important the uBlock Origin plugin. This plugin offers a large variety of adblocking possibilities (and also malware blocking) as it is able to utilize custom hosts files. If you simply want a easy-to-use ad blocker, just install the plugin and enable the ad blocking in its settings and you are done - ads are blocked and you can enjoy your web browsing.
required Android version: 4.0.3+
advantages: does not require root; possibility to use customized hosts file; blocking of malware
disadvantages: no ad-blocking in other apps
Kiwi Browser (XDA thread)
Kiwi Browser is an open source web browser based on Chrome. Beside the possibility to block ads natively, it even offers the possibility to install plugins, most important the uBlock Origin plugin. This plugin offers a large variety of adblocking possibilities (and also malware blocking) as it is able to utilize custom hosts files. If you simply want a easy-to-use ad blocker, just install the plugin and enable the ad blocking in its settings and you are done - ads are blocked and you can enjoy your web browsing.
required Android version: 4.1+
advantages: does not require root; possibility to use customized hosts file; blocking of malware
disadvantages: no ad-blocking in other apps
Changelog
2021-04-09
removed Xposed modules section and replaced it with "private DNS" section
removed some outdated browsers
added Kiwi Browser
added AdAway (VPN-based) to non-root section
older changelog:
2016-09-02
removed AdBlocker from the list of Xposed modules, as it has been banned on XDA (warez app)
added Atlas Web Browser to the list of ad-blocking browsers
added Firefox Browser to the list of ad-blocking browsers
2016-06-24
added Slimperience Browser to list of ad-blocking browsers
2016-05-17
added Opera Mini to list of ad-blocking browsers
2016-04-04
removed Adblock Plus for Android from list of methods which don't require root
removed Adblock Browser for Android from list of ad-blocking browsers
added AdClear to list of methods which don't require root
added personalHTTPproxy to list of methods which don't require root
updated Cornowser's description
2016-03-23
added AdBlocker to list of methods which require root
2016-03-09
added NetGuard to list of methods which don't require root
added Cornowser to list of ad-blocking browsers
2015-12-21
added AdBlocker to list of ad-blocking Xposed modules
2015-11-23
added Naked Browser to list of ad-blocking browsers
2015-10-22
added Adguard - No Root Ad Blocker to list of methods which don't require root
2015-10-14
added MoaAB to list of methods which require root
2015-10-07
added UC Browser to list of ad-blocking browsers
2015-10-06
added list of ad-blocking browsers
2015-10-05
opening of this thread
Great work buddy!Subscribed
Tapped from my ❶+❷
Updated the thread, especially the section for ad-blocking browsers.
Thread updated (check changelog for more information).
Thread updated (check changelog).
This is a really well made guide. Thank you OP:
Suggestion, possible to add the wonderful "naked browser"?
kongha said:
This is a really well made guide. Thank you OP:
Suggestion, possible to add the wonderful "naked browser"?
Click to expand...
Click to collapse
Thank you for the suggestion. Will add it when I return from vacation.
Thread updated (check changelog).
orville87 said:
No root required
Adblock Plus for Android (Adblock Plus for Android web page)
Adblock Plus for Android is designed to work on all devices, no root is required. Adblock Plus establishes a VPN connection to connect to the internet, by which all advertising content is blocked.
Download the .apk file from the above linked official web page and install it (make sure Unknown Sources for installation are enabled). Open Adblock Plus and activate filtering. This way it will all advertisements while using WiFi connection. To use it with mobile network, one has to add a proxy to your APN manually.
Go to System Settings -> Network Connections -> More networks -> Mobile Networks -> Access Point Names. Copy all settings from your default APN, add a new proxy and paste all settings from your default APN. Now add the following entries:
Proxy: localhost
Port: 2020
Now activate the newly created proxy and Adblock Plus should work on mobile network, too.
Click to expand...
Click to collapse
Can you write a step by step guide for Adblock Plus settings for mobile data network? Thanks!
KT3 said:
Can you write a step by step guide for Adblock Plus settings for mobile data network? Thanks!
Click to expand...
Click to collapse
Well, it should be quite easy:
Go to System Settings -> Network Connections -> More networks -> Mobile Networks -> Access Point Names. Copy all settings from your default APN, add a new proxy and paste all settings from your default APN (if you don't know how to copy the settings from your default APN, just procede with the next step by entering the proxy and port info to your current APN). Now add the following entries:
Proxy: localhost
Port: 2020
Open the three dot menu on top right and save the configuration. You can always revert back to your default APN settings by clicking on "reset settings".
I have never done this by myself, as I have a rooted device and use AdFree or AdAway, so please be aware that I do not take any responsibility for what you do. If you are unsure, check the official AdBlock Plus for Android web page, where you can find a configuration manual. Another thread for mobile network settings you can find here on XDA.
might be a silly question..
so i am confused, if i am using adfree or adaway will i see ads on my chrome or other browsers?
reddead66 said:
might be a silly question..
so i am confused, if i am using adfree or adaway will i see ads on my chrome or other browsers?
Click to expand...
Click to collapse
As was said in the description of AdAway and AdFree, both apps modify the host file of your device. All access to the web pages on this host list will be blocked, both in apps as well as in internet browsers. So basically you should have an ad-free Chrome browser. I would recommend to install one of the apps and check it for yourself if you have a rooted device.
reddead66 said:
might be a silly question..
so i am confused, if i am using adfree or adaway will i see ads on my chrome or other browsers?
Click to expand...
Click to collapse
orville87 said:
As was said in the description of AdAway and AdFree, both apps modify the host file of your device. All access to the web pages on this host list will be blocked, both in apps as well as in internet browsers. So basically you should have an ad-free Chrome browser. I would recommend to install one of the apps and check it for yourself if you have a rooted device.
Click to expand...
Click to collapse
If you are using the data saver feature in Chrome or Opera you will still see ads when using a hosts file. Data Saver has to be disabled for a hosts file to work 'properly.' With Chrome's data saver enabled all of the data (including ads) for the website you are viewing is coming from Google's compression servers. Opera uses their own servers, same principle.
wantabe said:
If you are using the data saver feature in Chrome or Opera you will still see ads when using a hosts file. Data Saver has to be disabled for a hosts file to work 'properly.' With Chrome's data saver enabled all of the data (including ads) for the website you are viewing is coming from Google's compression servers. Opera uses their own servers, same principle.
Click to expand...
Click to collapse
Thanks for reminding me about this issue. When reading the thread again, I got the feeling that I missed something and you just gave me the answer :good:
orville87 said:
Thanks for reminding me about this issue. When reading the thread again, I got the feeling that I missed something and you just gave me the answer :good:
Click to expand...
Click to collapse
You're welcome! I've always used a hosts file on mobile and desktop, been working on it for years. It looks like some ads are blocked, some aren't and I see image placeholders when trying to use a hosts file with the data saver enabled. Without data saving enabled I never see image placeholders and rarely ever see an ad in Chrome or Opera.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
RethinkDNS is an anti-internet censorship tool with DNS-based adblocking and a firewall built-in for Android 6+ devices.
The app itself is free to use and comes with RethinkDNS (previous name BraveDNS) resolver with support custom denylists, allowlists, ability to store DNS logs for later analysis, view those logs consolidated from multiple devices in a single interface and so on: Pretty much a pi-hole in the cloud.
Why'd we build this?
As concerned Android users: It absolutely irks us that people who do care enough about privacy still couldn't use privacy-enhancing apps without requiring a degree in computer science. We saw this pattern unfold multiple times and a lot of tools over the years have done a tremendous job of making niche security tools accessible to naive users. We wanted to further that conversation on Android with a vision for what we think such a tool should look like:
1. Anti-censorship: Enable open internet. DNS over HTTPS (and the imminent ESNI standard) is going to effectively break censorship as implemented in a lot of countries without requiring to route the traffic through VPNs. VPNs (and distributed tech like IPFS and mesh networks like Lantern) are still required in countries that employ Deep Packet Inspection. That's something we'd like to tackle in the near future.
2. Anti-surveillance: Expose apps, their activity logs, network logs, and provide some actionable insights to the users on what they could do next. Exodus Privacy does a good job at statically analyzing an app and laying bare the trackers and permissions in-use, whilst the evergreen NetGuard does ever-so-well in revealing an app's connectivity history. We believe, there's a lot more that can be done than simply firewall an app: For instance, you could disable it, uninstall it, remove its permissions, remove the so-called special permissions (like read notification permission, read SMS permission, read app-usage statistics permission etc). Basically, empower the user with whatever control is available without-root in a neat little interface (think CleanMaster vs using the stock Settings app but being actually effective and not lie).
The current version of RethinkDNS (previous name: BraveDNS) is a start in the direction laid out above partly because we want such an app ourselves and partly because we feel people deserve more such tools, and we hope to build it with this community's input, because god knows we have been wrong plenty when it comes to "what people really want".
As privacy enthusiasts: We were frustrated that if we wanted to use NetGuard we couldn't use another VPN app, or if we wanted to use a DNS changer like Blokada then we couldn't use NetGuard (though, NetGuard + Private DNS feature alleviates the problem on Android 9+). We wanted something that wasn't as restrictive because we knew it could be built and so we did.
Key points:
1. Easy configuration.
2. No root required.
3. Free and open source (forked from Intra).
4. No built-in trackers or analytics.
5. In continuous development.
Current features:
1. DNS over HTTPS (circumvent censorship and prevent surveillance of DNS logs by ISPs and everyone else), DNSCrypt v2 with Anonymized Relays, and DNS over Tor.
2. View DNS logs, including latencies and other metadata.
3. Ad-block through RethinkDNS (previous name: BraveDNS) free resolver and local blocklists.
4. Add your own DNS over HTTPS / DNSCrypt v2 servers.
5. Firewall by app categories.
6. Firewall individual apps.
7. Firewall individual IP addresses.
8. Firewall when apps are in the background (not-in-active-use).
9. Firewall when device is locked.
10. Forward DNS and TCP connections to Orbot (Tor as a proxy).
11. Forward HTTP connections to any HTTP proxy.
12. Forward TCP connections to any SOCKS5 endpoint or to Orbot.
13. Forward DNS connections to any app running locally on-device or any endpoint (either local or on the Internet).
14. [v053g / Sep '21] Firewall when apps bypass DNS (for example, block connections to IPs that apps resolve themselves).
15. [v053g / Sep '21] Pause: Pause the Firewall and DNS for a brief time-period.
16. [v053g / Sep '21] DNS Trap: Proxy all requests made on Port 53 to user-set DNS endpoint (for instance, this traps and redirects all custom DNS requests WhatsApp sends to Google's `8.8.8.8` DNS servers to the DNS endpoint of a user's choice).
17. [v053i / Jul '22] IPv6 support.
18. [v053i / Jul '22] Firewall based on metered (LTE) or unmetered connection (Wifi).
Planned (in order):
0. Custom DNS allowlists/denylists.
1. WireGuard VPN integration.
3. Per-app DNS and VPN (route traffic to multiple VPNs / DNS based on which app is making those connections).
See: github/celzero/rethink-app/feature-backlog.
We can't emphasize this enough: Let us know what you'd like to see us build and more importantly what'd make this tool use-able for other Android users who care enough but aren't as tech-savvy.
If you'd like to contribute, please feel free to send pull requests our way.
Thanks.
---
Source: github/celzero/rethink-app
Website: rethinkfirewall.com
Blog: blog.rethinkdns.com
Twitter: twitter.com/rethinkdns
FAQ: rethinkdns.com/faq
License: Apache 2.0
Download: via RethinkDNS.com | PlayStore | F-Droid.
---
Reserved.
pls add system apps block on firewall, also block domain on dns log and dns server change
Thanks.
System apps: Good catch. We'd look to put that in the coming days.
DNS block button against a domain in the logs: We do plan add that but not sure if it ends up violating PlayStore terms. May be we need two versions, one for f-droid and another for PlayStore like Blokada has.
Can you elaborate what you mean by block domain on DNS server change?
ignoramous said:
Thanks.
System apps: Good catch. We'd look to put that in the coming days.
DNS block button against a domain in the logs: We do plan add that but not sure if it ends up violating PlayStore terms. May be we need two versions, one for f-droid and another for PlayStore like Blokada has.
Can you elaborate what you mean by block domain on DNS server change?
Click to expand...
Click to collapse
block/allow individual domains which are showed by log.
change dns servers just like nebulo app.
also proxy on tor n dnscrypt support like invizible-pro app.
> change dns servers just like nebulo app.
Dnscrypt shouldn't be much trouble to implement but I wonder what extra protection it affords over DNS over HTTPS. That said, I've added it to our backlog.
> block/allow individual domains which are showed by log.
Gotcha but as mentioned before I am not sure if this feature breaks PlayStore terms. Added.
> also proxy on tor n dnscrypt support like invizible-pro app.
Yes! This is something that we want to do next. Once the part with Firewall and DNS is done (our immediate attention is adding missing features and later add support for Android 6+). Thanks for the heads-up: invizible-pro looks great, and exactly the kind of app that we envision to build ourselves.
Is this affiliated in any way with https://brave.com/?
No it isn't affiliated with brave.com.
We won a grant from Mozilla Builders, however; to pursue this, which we are now doing so full-time.
Hello, I am on a stock Pixel 2 XL, Android 10, latest security patches as of August. The app starts and runs, but tapping the start circle does nothing. DNS or Firewall doesn't start.
So this still exposes one's real IP address, yes?
y0himba said:
Hello, I am on a stock Pixel 2 XL, Android 10, latest security patches as of August. The app starts and runs, but tapping the start circle does nothing. DNS or Firewall doesn't start.
Click to expand...
Click to collapse
Strange. This is unlikely related to Pixel or the latest Android Oreo update. Please check if any other VPN app has been set to "Always-on VPN" like-so (also see attached):
1. Settings -> Wifi and internet -> VPN.
2. Click on the sprocket icon against the apps.
3. Check if "Always-on VPN" is check-marked.
Disable that setting (if and only if you do not want that VPN app to be an "Always-on VPN") and BraveDNS should now prompt you for VPN access once you click "Start".
BraveDNS (or any app that requires VPN API access to function) cannot work with other VPN apps in-tandem (especially, not with "Always-on VPNs").
pocholo36 said:
So this still exposes one's real IP address, yes?
Click to expand...
Click to collapse
Yes, BraveDNS isn't a VPN service like ProtonVPN / Mullvad / Lantern etc are. Right now (though we do have plans to add VPN servers like Lantern et al in probably two to three months from today but that'd be only to support anti-censorship and not anonymity). See: https://github.com/celzero/brave-android-app/issues/52 and https://github.com/celzero/brave-android-app/issues/51
We're adding support for SOCKS5 and HTTPS-Proxy in the upcoming release (next week) which would help forward traffic to VPNs (like NordVPN) that support those protocols: https://github.com/celzero/brave-android-app/issues/45
Right now, BraveDNS uses VPN access on-device to change DNS and implement Firewall functionality (similar to what the excellent NetGuard app does).
ignoramous said:
Yes, BraveDNS isn't a VPN service like ProtonVPN / Mullvad / Lantern etc are. Right now (though we do have plans to add VPN servers like Lantern et al in probably two to three months from today but that'd be only to support anti-censorship and not anonymity). See: https://github.com/celzero/brave-android-app/issues/52 and https://github.com/celzero/brave-android-app/issues/51
We're adding support for SOCKS5 and HTTPS-Proxy in the upcoming release (next week) which would help forward traffic to VPNs (like NordVPN) that support those protocols: https://github.com/celzero/brave-android-app/issues/45
Right now, BraveDNS uses VPN access on-device to change DNS and implement Firewall functionality (similar to what the excellent NetGuard app does).
Click to expand...
Click to collapse
I've been looking for an all in one solution. Currently forced to use AdGuard+Nord...
Looking forward to it. Thanks for all you guys do.
Thanks. Nice work.
Unfortunately, it usually comes down to firewall or VPN
Would love to see what you guys do (if at all) to allow third party VPNs
My brief experience with this is not great. Breaks several apps once turned off the app no longer opens so has to be uninstalled to turn it back on. Ad blocking did not seem to function at all.
ignoramous said:
Strange. This is unlikely related to Pixel or the latest Android Oreo update. Please check if any other VPN app has been set to "Always-on VPN" like-....
Click to expand...
Click to collapse
That fixed it. I should have figured as much, but I'm getting too old for this I think. I can't wait until you offer subscriptions! This is brilliant. I hope it's on the up and up though, I'm paranoid so don't mind me.
bladestonez said:
My brief experience with this is not great. Breaks several apps once turned off the app no longer opens so has to be uninstalled to turn it back on. Ad blocking did not seem to function at all.
Click to expand...
Click to collapse
So sorry this app has forced you to uninstall apps in order to use them. That definitely sounds like something went wildly wrong.
Would you please tell us more about the device, the Android version, and probably the list of steps that led to this issue you saw? You could also email us logs or a screen recording at [email protected]
We do know of crashes especially on flaky networks and on network changes, and we would eventually fix those but they have been extremely hard to track-down in production builds to a root cause (due to lack of stack trace / debug symbols for native crashes).
BraveDNS has been in development for a total of 2 months and was released three weeks back. It is a baby app and I fully expect stupid bugs to appear in the wild but cautiously hopeful that we'd fix most if not all.
Re: adblocking:
Adblocking is done exclusively through DNS. If the default endpoint doesn't work, you can point the app to a custom DNS over HTTPS endpoint. https://dns.adguard.com/dns-query is AdGuard's content blocking DNS endpoint. And https://doh.pi-dns.com/dns-query is another volunteer-run content-blocking DNS.
How is this different from adguard?
Using a VPN method to firewall on a rooted device is a no from me (i can totally understand if you use this to increase your userbase to non-root users, but thats not for me), ill stick with Invisible (for DNSCrypt & its ability to load my 19Mb blacklist) and my root firewall for now.
Really need to change the name.
Brave = Brave Browser
A lot of people are going to assume it's a VPN by Brave.
It's like calling it FirefoxVPN.