Now, I am testing the VPNs - the one by factory (some others) and the Orbot as application which allows me to exclude from its VPN much more apps and in particular the download manager which is missing in the list reported in the picture in the post #1. Is there a way to extend the list of those apps shown into e/OS/ hide my IP?
Advanced privacy shows applications with Internet permission. Is this download manager an independent app or is it part of another app (browser)?
Can you tell me exactly what app this download manager you mentioned is?
Another thing that I noticed is the DNS settings into networking settings: 220.127.116.11 by default. It is ok.
Unfortunately, I cannot add another one. Just one. This is a limitation because:
that IP can go down or being filtered or anything else which puts it down for a while even if it is an improbable but no any service can reach the 100% uptime on the long run;
more than one IP means that the queries are distributed among all of them with a certain policy that balance the load and keep on top the most performant, etc but also - among 4 different DNS servers offering almost the same QoS - jeopardise the data collection especially when 2 different providers are used like Squad9 and AdGuard.
Is there any patch / trick that allows me to overcome this limitation and possibly also decide the DNS querying policy?
Downloads and Downloads Manager are system application installed by default. You can find them in
Settings → Apps and notifications → See all → 3-dots menu → Show System → Q:download
I suppose they are part (separate threads) of the Media Storage app because they both have the same icon of Media Storage and the same permissions about networking.
My gut suggest me that Media Storage has the aim to sync photos and documents with the Murena Clouds and download files when triggered by a browser. Despite the double nature, I do not think I need to hide the my IP accessing the Murena Cloud but I may be wrong because man-in-the-middle attack can be much more easier towards a known IP source (or a limited pool) and IP destination (or a limited pool). About downloading contents, it is a matter of choice between performances and privacy. Most depends on the nature of the contents and their source: downloading from a SaaS which knows my identity is not such a great advantage hide my IP to them (security like above can change the weight of this claim).
It is OT here - just to keep a note - the default browser that looks like a Chromium rebranded has the HTTPS not forced which is not a very fortunate default settings:
Browser → Settings → Privacy and security → Always use secure connections: OFF by default.
Yes, I did not noticed sensitive difference in performances and hiding capabilities respect Orbot the Onion TOR client that offer a VPN for the apps. After all, the Advanced Privacy VPN is based on that software / network but integrated into /e/OS.
By the way, Advanced Privacy let me choose which apps are INcluded / constrained into the VPN. In fact, the list of the apps (installed) is reloaded every time. I hope the list is cached unless an operation over the apps will invalid that cache.
While the Orbot let me choose which apps are **EX*cluded and this is not so clear at first sight into Orbot but on the long run, I have the sensation that Orbot policy - all INcluded and user check out what is EXcluded - is better.
In fact, Advanced Privacy does the same but with check inversion: all INcluded and checked, user unchecks out those to EXclude. In Orbot, the same but users checks those are EXclude. I would have appreciated the same check/uncheck logic shared among Advanced Privacy and Orbot because after all, these two services are siblings.
AFAIK, I do not think that a DNS quering policy can be implemented by a firewall apps. I would not bet my life against iptables because the magic of the command line can cast some magic that I cannot even imagine. For sure - on theory - the firewalling is not about multiple servers quering policy.
About firewall apps, I took quick look to the Google play store presentation of afwall+ and I have the sensation that netguard is much better but less stylish.
play.google .com/store/apps/details?id=dev.ukanth.ufirewall (just two links per post, WTF!)
The right tool for dealing with the alternating multiple DNS is dnscache which also cache the queries as the name suggest hiding information about how many times a domain name is hit and then how much time is spent on a site unless trackers n the website will collect and keep that information for each POST or GET request. The other tools that I suppose /e/OS is using - I hope - is the DNS proxying in conjunction with the TLS/SSL encryption. Finally, three components are necessary
to optimising the querying speed, balancing, anonymisation and privacy. It remain open the initial question: why just one DNS IPv4 is allowed? I wish to use 4 IPv4 and 4 IPv6, at least.
Are you telling me that for using more than 1 DNS server only, I have to recompile the whole application and then force it with adb or via “allow installation from untrusted source”? I am asking, just to know.
Well, among trackers - bugsnag - can be also considered a feature and it would deserve at least a link of explanation in exodus analysis (few trackers have it), it may should not accounted as -1 for trackers in privacy and let the users approve for it (possibly that option is disabled or enabled in the app configuration, as well).
Finally, I wish to ask a suggestion. I am using TooGoodToGo but even if I choose to save my credit card data, that function does not work. IMHO, it is because the related tracker is blocker. Which one? Can I enable it or enable it specifically for that application? Thanks in advance for the answer.
Regarding FairEmail, neither the F-Droid repo nor IzzyOnDroid repo list the use of Bugsnag as an Anti-Feature. It is Opt-In and disabled by default. App Manager also does not show Bugsnag at all for in-app trackers. Checked the Play Store version.
Can’t say why Exodus considers it a tracker.
About TooGoodToGo, I think that it cannot save the credit card number because the datadome.co tracker is blocked - However, visiting their site, it seems that they are an anti-fraud platform on which APIs applications trust for some sensitive data transaction like those require a money transfer. Under this point of view, blocking that “tracker” by default does not seems to me a good idea. IMHO and AFAIK, obviously.