this post was submitted on 03 May 2024
294 points (99.7% liked)

Privacy

31815 readers
257 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 54 points 6 months ago (10 children)

"The report detailed how the user managed to leak DNS queries when disabling and enabling VPN while having “Block connections without VPN” on."

Not to diminish the severity of the issue but I can't imagine this being the factor that pushes the average person to ios over android.

[–] [email protected] 30 points 6 months ago (13 children)

The amount of leaks iOS intentionally does, let alone the part where they tell you to use their own (not so) Private Relay feature, is enough to stick around on Android.

load more comments (13 replies)
load more comments (9 replies)
[–] [email protected] 39 points 6 months ago (1 children)

Mullvad is awesome. i think this is the second android bug/incident they brought to light?

Anyway, really really hope this gets fixed upstream, maybe by Graphene

How much you wanna bet this was intentional by Google? 😏

[–] [email protected] 7 points 6 months ago (1 children)

They didn't bring it to light, it was a user report posted on reddit. They merely investigated it further. Nothing against mullvad, it's a great vpn, but credit where credit is due.

load more comments (1 replies)
[–] [email protected] 13 points 6 months ago* (last edited 6 months ago) (7 children)

I think the problem is Reddit user (who Mullvad cites) not knowing that the Private DNS feature in AOSP/Android defaults to Google or Cloudflare DNS, and that you need to set a custom DNS of your choice to prevent this.

AdGuard provides a whole list of DNS providers to pick from. Pick a hostname from DNS-over-tls row for any provider, remove the "tls://" part and enter the rest in Private DNS custom option.

https://adguard-dns.io/kb/general/dns-providers/

[–] [email protected] 4 points 6 months ago (1 children)

If you do this, you'll be using the DNS you assign instead of using the VPN's DNS, as intended. That will make you stand out from the rest of the same VPN users, effectively affecting privacy.

[–] [email protected] 3 points 6 months ago

Either stand out or let your ISP or Google/Cloudflare or VPN read all your domain visit queries. It is better to not let ISP or Big Tech decipher your internet history for obvious reasons.

load more comments (6 replies)
[–] [email protected] 11 points 6 months ago (2 children)

What I don't understand though, doesn't using mullvad automatically set their own DNS?

[–] [email protected] 6 points 6 months ago (2 children)

On the desktop it does. But on Android things are maybe different ? Not directly related but I remember (long time ago) wanting to tether from an Android phone with Mullvad VPN app in use, to a computer, only to find out that the Android defaults (In Android not in the Mullvad app) needed a button swiped to make it work correctly on the other device.

[–] [email protected] 4 points 6 months ago (2 children)

I thought sharing the VPN was blocked and not possible. Do you remember how you did?

[–] [email protected] 3 points 6 months ago (1 children)

Ive recently managed to do this;

Settings> Network & Internet> Hotspot & Tethering> Allow Clients To Use VPN

[–] [email protected] 3 points 6 months ago

Not in pixel :( I would love this

load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 5 points 6 months ago

Only if your Android connection is set to automatic DNS. Additionally, they are assuming it is an OS bug. However, they also acknowledge that they had to fix something on their app to mitigate. I tried myself with Wireguard instead, killed the network access to it, and nothing ever left my phone, as Android immediately killed all connections due to the VPN always on feature.

So, I'm going to take their claim with a grain of salt until AOSP says something about this and denies or confirms the alleged bug.

[–] [email protected] 10 points 6 months ago (4 children)

Just use rethink dns with a wireguard tunnel and block every app except those you trust and need !

[–] [email protected] 3 points 6 months ago (3 children)

I tried out rethink DNS but I did not manage in any way to just use my VPNs DNS. Would you have a hint how to make it work?

load more comments (3 replies)
load more comments (3 replies)
[–] [email protected] 5 points 6 months ago

Any system app on Android, the captive portal login and more CAN all bypass a VPN in "block all other connections" mode.

Android is really problematic and having as little system apps as possible is the only fix.

load more comments
view more: next ›