On Tue, Oct 25, 2016 at 3:25 PM, Hans-Christoph Steiner < [email protected]> wrote:
> > Its a tricky question, since an adblocker could prevent a lot of sites > from working, or maybe even Android apps. I'm not the expert, but it > seems that here is very minimal tracking risk from ad sites if > javascript is disabled. > So you break things - that's a risk of messing around with DNS. I conjecture that everyone who runs ad blockers understands that sometimes ad blockers will break something and they have to decide what's more important in that situation: accept the risk and unblock whatever, or accept the loss of functionality and leave whatever blocked. This may be safer than manipulating the hosts file since you can always turn off your vpn if you think the local DNS-over-VPN is serving bad data and the OS will let you know that a VPN is active and you don't need to make changes as root. Or it may be less safe because of those very things. I'm also not familiar with ad-hosting in Android apps. Is the network > traffic handled by the app? Seems like in that case, the system-wide > DNS filter would aide privacy. > There are tons of ad libraries linked into applications; here are the ones that minminguard knows about: https://github.com/chiehmin/MinMinGuard/tree/master/app/src/main/java/tw/fatminmin/xposed/minminguard/blocker/adnetwork It's an xposed module and depends on a rooted device (however that fits into your risk model) and it works by basically preloading no-op libraries in place of the real ad libraries. It can't protect you from requests that the app makes without using a known library - for example when it creates a web view to a page with ads. Those could potentially be blocked by putting their ad servers into the dns blacklist, until they do something like proxy both the ads and the app service through the same hostname :( > > .hc > > Nathan of Guardian: > > I have considered this as an Orbot feature, along with some of the No > > Root Firewall /Little Snitch capabilities. Obviously that would impact > > anonymity, but perhaps no more than NoScript or HTTPsEverywhere already > > does? > > > > On Tue, Oct 25, 2016, at 01:28 PM, Hans-Christoph Steiner wrote: > >> > >> This is an interesting app: DNS66. It uses the VPN API to provide > >> system-wide ad blocking without root access. It just handles DNS, no > >> other traffic, and uses the standard ad blocking blacklists to filter > >> the DNS requests. > >> > >> https://www.reddit.com/r/Android/comments/59a8qm/dns66_ > a_dns_based_adblocker_that_works_systemwide/ > >> > >> .hc > >> _______________________________________________ > >> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > >> To unsubscribe, email: [email protected] > > > > > > -- > PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556 > https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556 > _______________________________________________ > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > To unsubscribe, email: [email protected] > -- GDB has a 'break' feature; why doesn't it have 'fix' too?
_______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
