trash
fedilink
21
trash
fedilink
merde alors
link
fedilink
33M

i had the same problem till i configured private dns to “adblock.dns.mullvad.net

How to prevent DNS leaks ☞ https://mullvad.net/en/help/dns-leaks

@Activism2670@lemmy.ca
creator
link
fedilink
1
edit-2
3M

deleted by creator

The 8232 Project
link
fedilink
16
edit-2
3M

Even tho am using proton VPN (free) with private dns enabled

Do make sure Block connections without VPN is enabled. I know ProtonVPN had issues with leaks in the past, but it’s been resolved. I don’t know if it was only resolved for GrapheneOS devices, or ProtonVPN as a whole. You may look into Orbot if you’re willing to put up with the slow network speeds, to fully lock down any leaks from the VPN side.

dnsotls-ds.metric.gstatic.com this domain directly connects to my real isp and leaks my real location.

Where did you find this out? I’m assuming from your DNS provider, but which one do you use?

Am using private dns in order to block trackers in my bloated phone.

This is reasonable, but it won’t protect you if no DNS query is made in the first place (i.e. directly connecting to the IP address, rather than a domain name). In this case, however, it looks like it is creating a DNS query, but be careful because DNS based filtering isn’t magic. If you pay for ProtonVPN (or Mullvad VPN, which is a better VPN in my opinion) you can have greater control over what gets blocked.

Debloating is not an option for me as i lack a laptop and bootlocker is not unlocked, i tried many ways to debloat but all i can do is disable system apps

Thanks for the information, and that’s unfortunate. I’ve messed around debloating cheap Android phones, but you can barely scratch the surface from a user standpoint.

I don’t installed any proprietary apps even whatsapp or banking apps to never sent my data to them.

dnsotls-ds.metric.gstatic.com is a Google-owned domain, used for DNS over TLS. I don’t know much about it, as I don’t use a custom DNS provider, but check if your DNS provider is using Google’s DNS as a backend or a fallback. That may be where it’s coming from.

The issue is just system apps trackers. Am using ironfox with ublock and tor with noscript.

Check IronFox’s DNS settings, and set a custom DNS over TLS server, if you’d like.

Any way to prevent this vpn leak ?

Since you’re using a custom DNS, this likely isn’t a VPN leak, but more likely a DNS leak. If you want to simplify things, using your VPN’s DNS can help prevent misconfigured custom DNS solutions, so it reduces the risk of a leak. This will remove some of the filtering you have in place, though.

My threat model is to hide my traffic from isp as my isp is a spyware privacy invader.

It seems your threat model is hiding traffic from your ISP, minimizing telemetry, and using as much open source software as possible. If you prioritize only hiding traffic from your ISP, using your VPN’s DNS would achieve this, but there are known cases (especially on iOS) of the system bypassing the VPN and connecting directly anyways.

Best of luck!

@Activism2670@lemmy.ca
creator
link
fedilink
2
edit-2
3M

deleted by creator

The 8232 Project
link
fedilink
43M

Even tho some privacy respecting search engines like brave and startpage too showing me captchas.

I’ve never had a captcha with DuckDuckGo, if you want to give that a try. Otherwise, metasearch engines like SearXNG act as a proxy between you and other search engines.

From my search i finded that adguard or any other dns servers establish dnsotls-ds.metric.gstatic.com this connection in order to check the status of the private dns enabled or not. To block this i have to use a no-google blocklist which leads to inconvinience.

Good to know. It’s up to you whether you want to trade privacy for convenience.

No gecko based android browsers provide option to change dns provider.

GrapheneOS’s browser Vanadium is a good option if you want to move away from Firefox-based browsers, but it’s not easy to install anywhere other than GrapheneOS. If you’re up to try, here’s how.

Brave is making too much background connections which is annoying.

Brave can be hardened to minimize most of those, but I agree it is annoying that there are still background connections.

Also it would be nice to know leaking my location to dnsotls-ds.metric.gstatic.com leads to any consequences. Or is it just a private dns current status checking url ?

Besides Google being able to see every time you ping the domain, there’s not much else going on. It’s unlikely that it’s leaking any private data, so it’s relatively harmless. It’s not ideal that it connects to it, but it doesn’t pose too large of a threat.

@Activism2670@lemmy.ca
creator
link
fedilink
1
edit-2
3M

deleted by creator

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 124 users / day
  • 1.05K users / week
  • 1.3K users / month
  • 4.58K users / 6 months
  • 1 subscriber
  • 3.87K Posts
  • 97.6K Comments
  • Modlog