(Grav GitSync) Automatic Commit from dan
This commit is contained in:
GitSync
parent
f21e67cbd6
commit
a72c790c1a
1 changed files with 71 additions and 0 deletions
|
|
@ -0,0 +1,71 @@
|
|||
---
|
||||
title: 'No root, no custom rom - use "Rethink DNS + Firewall" instead'
|
||||
author: Dan
|
||||
published: true
|
||||
taxonomy:
|
||||
category:
|
||||
- news
|
||||
tag:
|
||||
- rethinkdns
|
||||
- firewall
|
||||
- android
|
||||
- security
|
||||
- dns
|
||||
- dnscrypt
|
||||
- wireguard
|
||||
aura:
|
||||
author: dan
|
||||
---
|
||||
|
||||
# No root, no custom rom - use "Rethink DNS + Firewall" instead
|
||||
|
||||
I recently broke my display (new replacement is on the way) and had to buy a new phone quickly.
|
||||
|
||||
I went for two options in a price range below $300 (NZD):
|
||||
- Motorola Moto G34 5G (2024) Dual SIM 4GB+128GB
|
||||
- 6.5"HD+ Display - Snapdragon 695 5G Chipset - 5000 mAh Battery - NFC
|
||||
- Xiaomi Redmi 12 5G
|
||||
- 6.79" 90Hz FHD+ Display - Snapdragon 4 Gen 2 Chipset - NFC- Android Enterprise Recommended - IP53 Dust & Splash Resistant - 5000mAh Battery - 50MP AI Dual Camera
|
||||
|
||||
The decision was actually made quickly!
|
||||
I already have a Xiaomi (Poco) phone and I would never use Xiaomi phones without any custom roms capabilities. The privacy aspect of Xiaomi is disastrous! And I don't like Xiaomi's HyperOS (before MIUI).
|
||||
Motorola on the other hand has a look of pure Android and is just super easy to use, but it also comes with some privacy issues along with it. Some bloatware like Tiktok, Facebook, etc. was easy to uninstall but Google's services are mostly on all Android phones and so it is on this one. You can't just uninstall gmail etc. You only can disable all services/apps from Google and Motorola and whatever else you don't want to use, but the risk that every update re-enable them again is too high.
|
||||
So the easiest way to get rid of it is to install a custom rom like LineageOS but both phones aren't supported. And if you delete apps with root only, it is very likely that your Android device will encounter some problems and you might have to start all over again.
|
||||
|
||||
And how do I deal with my privacy now?
|
||||
Normally I had to use root because I had always established a VPN connection and was also using a firewall (Afwall) at the same time which is only possible with root.
|
||||
Netguard and other firewall apps route the entire traffic through VPN and Android only supports one VPN at a time. I could no longer use my personal VPN. Which is not an option for me.
|
||||
So if you don't want or can't get a custom rom or root for your device, the best solution at the moment is to use [Rethink DNS + Firewall](https://rethinkdns.com/) (https://github.com/celzero/rethink-app) instead.
|
||||
It has an integrated [Wireguard service](https://docs.rethinkdns.com/proxy/wireguard) that allows you to connect to your own VPN (even "Connects to **multiple** WireGuard VPNs of your choice.") and use a firewall at the same time.
|
||||
In my opinion, this application has a very good overview, even though it comes with so many options to fine grade your firewall for every single app.
|
||||
So it's no problem to block the entire Android system or just Google & Co.
|
||||
|
||||
Actually, with RethinkDNS it is no longer necessary to use a custom rom or root, but I still wouldn't rely on it. The safest way is still to get rid of everything via a custom rom. Just in case some data does find its way through the firewall or around the VPN! But root is definitely no longer necessary, at least for this setup.
|
||||
|
||||
I ran a test using our tutorial [Device inspections with mitmproxy/wireshark and other clever tools](https://wiki.digitalprivacy.diy/en/extras/device_inspections) during the setup of the Moto g34 device (right at the first start) and afterwards when everything was set up properly.
|
||||
Both images below shows you the collected traffic for about 2 hours each image.
|
||||
RethinkDNS already has a great impact on your privacy! And if you find a strange connection, just add it to rethink's firewall option by either IP or domain!
|
||||
|
||||
Before (packets = 775.847):
|
||||
|
||||
|
||||
After (packets = 55.331):
|
||||
|
||||
|
||||
A tiny tutorial is available in [our wiki](https://wiki.digitalprivacy.diy/en/phone/apps/rethinkdns).
|
||||
RethinkDNS has also the possibility to use DNSCrypt. So it replaces InviZible Pro. Read the readme about the features on [GitHub](https://github.com/celzero/rethink-app).
|
||||
I have updated the phone category in general. Lsposed and xprivacylua are no longer there because they are no longer maintained anyway and instead of iceraven browser it is now fennec & mull.
|
||||
|
||||
If you like RethinkDNS, you should donate to keep this important app development going:
|
||||
- [Stripe - direct link](https://donate.stripe.com/dR6cNe776920cxOdRb?prefilled_email=anonymous.donor%40rethinkdns.com&locale=auto)
|
||||
- [GitHub](https://github.com/sponsors/serverless-dns)
|
||||
|
||||
In general, the [Android donation list](https://wiki.digitalprivacy.diy/en/extras/donation_list#android) has been updated.
|
||||
|
||||
Good to know:
|
||||
- **KDE-connect** only works if the “Do not router Private IPs” option is activated. This only works if you have not activated the option “Block connections without VPN” in your Android settings under “Always-on VPN”.
|
||||
- **Be careful** if Rethink asks you again to allow or continue to block certain applications. Especially if it's just a number like 1021. It might be the case that you are allowing a bunch of applications to access the internet. Which you probably want to block! So check the number twice just in case.
|
||||
- If you need to use an **application that involves trackers**, simply use the “**Isolate Firewall**” option. Start the application and only give IPS/domains access to the Internet so that this application can run but the trackers are still blocked.
|
||||
|
||||
Have a good day and stay private
|
||||
Dan
|
||||
Loading…
Reference in a new issue