Posted by transpute 3 days ago
But it’s more designed to be a debug tool than to block traffic from specific apps
I am pretty sure it is open source. I’ve been using it for years both for upstream DNS and blocklist filtering.
* Shadowrocket - you can set complex rules on what hosts/connections should be routed by what, but afaik you are not able to isolate traffic on a per-app basis.
* I think you can set up per-app VPN on iOS, but you must use MDM, can’t do it on an unmanaged profile. Link: https://support.apple.com/guide/deployment/vpn-overview-depa...
Yet iOS allows Safari per-site VPN without enterprise MDM, via Apple Configurator profile.
Any alternatives to Lockdown on iOS/iPadOS would be nice to know about.
unless you use any other phone that is not a google pixel running GrapheneOS
Really? Remind yourself who works on Android. Google have been removing functionalities that benefit privacy for ever, and then put half backed alternative buried under tons of settings.
The creator also made XPrivacyLua (hooks Android API system calls to block premissions)
Netguard (per HN title) is open-source GPLv3: https://github.com/M66B/NetGuard
Rethink uses cloud services by default?
The [DNS] resolver is deployed to Fly.io at max.rethinkdns.com
and Deno Deploy at rdns.deno.dev too,
apart from the default deployment on Cloudflare Workers.
> Rethink uses cloud services by default?
There isn't anything sinister going on here with the use of "cloud services" [0][1]. Rethink, which is geared more towards anti-censorship, has its default resolver "ip-fronted" on Cloudflare (whose IPs are seldom blocked) and it works great in countries where the app is popular.
Users can opt to switch to any DoH, DoT, ODoH, DNSCrypt v3 resolver of their choice. In fact, we encourage users on our reddit/telegram groups to use ODoH (we also run a public-facing ODoH proxy) and DNSCrypt upstreams because of their privacy guarantees.
[0] If anything, hosting it cost us a bomb: https://old.reddit.com/r/rethinkdns/comments/17h2y6r / https://archive.md/slpZ9
[1] Our stub resolvers are open-source & "open deploy" (ie deploy straight from github actions): https://github.com/serverless-dns/serverless-dns/actions/
I have a question for you about RethinkDNS:
Can you point me the link to one thread or question about Netguard on some major internet forums like HN, Reddit or similar, where you or other RethinkDNS devs did not jump in and hijacked the thread? Only one example, please?
Your spammy marketing tactics of spamming makes your product looks like a scum, and I don't even have a desire to test.
Also, why do you keep comparing one on device firewall like Netguard with a cloud first solution like RethinkDNS?
I (try and) mostly only respond to subthreads that mention Rethink.
> why do you keep comparing one on device firewall like Netguard with a cloud first solution like RethinkDNS
Rethink isn't cloud-first.
> where you or other RethinkDNS devs
There's 2 of us. The other one isn't on HN, or reddit, or any other forum.
> spammy marketing tactics of spamming makes your product looks like a scum
I'm sorry you think that.
Yes rethink uses public fly resolver by default but you can self host that as well. Apologies, that's something I should have mentioned.
I had previously set Android's private DNS to dns.adguard-dns.com, which didn't block anything.
Rethink's battery usage is 15 - 20% on my pixel in logging mode.
It definitely works, but I can't seem to associate blocked requests with apps, which renders it far less useful.
Overall I think it's a very busy UI.
You definitely want to exclude Firefox with uBO as elsewise Firefox behaves as though the network is down, whereas with uBO you can interactively choose to proceed.
I see there is an option to download the block lists locally. Does that mean it no longer uses DNS blocking? I see it described as a DNS blocker but it requires a VPN.
Anyway, off to try a Adaway next.