this post was submitted on 03 May 2024
300 points (99.7% liked)

Privacy

31900 readers
556 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] TheAnonymouseJoker@lemmy.ml 13 points 6 months ago* (last edited 6 months ago) (3 children)

I think the problem is Reddit user (who Mullvad cites) not knowing that the Private DNS feature in AOSP/Android defaults to Google or Cloudflare DNS, and that you need to set a custom DNS of your choice to prevent this.

AdGuard provides a whole list of DNS providers to pick from. Pick a hostname from DNS-over-tls row for any provider, remove the "tls://" part and enter the rest in Private DNS custom option.

https://adguard-dns.io/kb/general/dns-providers/

[–] jjlinux@lemmy.ml 4 points 6 months ago (1 children)

If you do this, you'll be using the DNS you assign instead of using the VPN's DNS, as intended. That will make you stand out from the rest of the same VPN users, effectively affecting privacy.

[–] TheAnonymouseJoker@lemmy.ml 3 points 6 months ago

Either stand out or let your ISP or Google/Cloudflare or VPN read all your domain visit queries. It is better to not let ISP or Big Tech decipher your internet history for obvious reasons.

[–] user224@lemmy.sdf.org 2 points 6 months ago (1 children)
[–] TheAnonymouseJoker@lemmy.ml 1 points 6 months ago

I like AdGuard, but any decent provider is going to be fine except for Google/Cloudflare or western Big Tech ones.

[–] Scolding0513@sh.itjust.works 1 points 6 months ago (1 children)

mine gives me three choices. Off, Automatic, and Private DNS (type in your own). should i set mine to off then? will that prevent the leak?

[–] TheAnonymouseJoker@lemmy.ml 2 points 6 months ago* (last edited 6 months ago) (1 children)

I am not sure what off does. Might need to recheck Android documentation. But I remember the custom one definitely uses whatever you set, and nothing else. No Google/Cloudflare DNS.

For example, if you like AdGuard, you can just enter dns.adguard.com there.

[–] Scolding0513@sh.itjust.works 1 points 6 months ago (1 children)

so automatic will allow the leak?

[–] TheAnonymouseJoker@lemmy.ml 2 points 6 months ago* (last edited 6 months ago)

Automatic on Android always falls back to Google or Cloudflare DNS in the same way systemd DNS resolving works. Or if that does not work, ISP is being sent whatever domain queries user is requesting directly. I am going off from connecting the dots between what I know about Private DNS from Android documentation, and what the Reddit poster did not mention who Mullvad cited in their blog post. I am assuming that the time gap between Android's killswitch turning off and on with always-on settings is giving time for DNS queries to go through (detected by Wireshark), and since the default DNS provider is almost never set by people on Android, this may be happening.