Netguard as a safety net around /e/

Dear all,
for the past week I have been using Netguard to monitor the network traffic of my /e/ phone. My main reason was to get an independent assessment of the state of un-googling of /e/.

In short: my usage of /e/ has been nearly 100% Google free. I say nearly, because there were just a few DNS calls on 8.8.8.8/8.8.4.4, of which I could not determine whether is was /e/ or some app. These calls were not even everyday.

All other calls on Google servers were related to webpages and non-/e/ apps. I have right away uninstalled one app.

I took me a few days to find out the netguard setting that worked for me. To see the log a made a donation. I enlarged to length of PCAP messages to 512. I turned on filtering system apps.

Via the ecloud the files came to my laptop. The dns resolved names are in xml, which a converted to CVS with TreeLine, and imported in LibreOffice Calc. I opened the PCAP in Wireshark, and copied to Calc. I have written some Basic code in Calc to combine the two output files. The combination is not perfect because one ip address can belong to multiple domains. But the combination gives a good idea of the visited sites.

To have a comparison I did the some exercise for one day on a previous stockrom phone, on which I had disabled all the Google apps and removed my Google account. The difference is overwhelming… There were thousands of calls to 8.8.8.8/8.8.4.4, seemingly doubling the same call to the DNS in my network. Many Google domains were called. I can give more details.

Once a day I shut down the network connection, dumped the Netguard network log and the list of resolved domain names and cleared both. Then rebooted /e/ to take the startup into the monitoring. Then started Netguard and opened the network connection. To keep the log within limits I turned of the network connection for most parts of the day.

I am not an expert on network monitoring, and I still have questions, which I would like to discuss further. I want to refrain from statements about /e/, and just stick to what I have seen with my own eyes. What I can say is that I am very pleased with this low (or none?) footprint on Google eco system.

I am a modest smartphone user. No apps that use the playstore. No location.

At this moment I intend to do this monitoring more often, maybe after each release of /e/? I would welcome more persons doing this as a kind of safety net around /e/.

Most time in analysing the Netguard output went in to figuring out trackers in webpages or apps. That was a side benefit of my research question. I am intending to use less apps and make more use of corresponding webpages, with uMatrix and PrivacyBadger als safeguards.

I might keep Netguard running but check it out less frequently. It is very informative about what is going on. And it gives me the feeling I am in control.

Grtz, Henk

To complete the picture…

I found Netguard on F-Droid. But to make a donation you need to download it from Github: https://github.com/M66B/NetGuard/releases . there is also all the documentation/FAQ: https://github.com/M66B/NetGuard .

I found out Wireshark can also resolve hostnames, so I started to copy the columns with resolved host names seperately to Calc.

The past few days I also started to peruse the log in Netguard itself and make some screen prints of peculiar network traffic. That is the only way I can find to document the relation to system/user app… I contracted the author of Netguard about this, but the development has completely stopped because of little interest for the tool.

Today I searched for Netguard on this forum and saw that for this community it is a very well known tool. Still to get more people going I wrote a bit extensive above.

Have you ever tried the ‘better’ Netguard … TrackerControl ?

No, but I could, no problem. What are the advantages? Does it have a good export? Does it show the apps which originate the network traffic?

@HenkK: very nice, thanks for you effort!!
You encouraged me to try it myself. The app is already installed.
Now I just have to find the time, to analyse the results…

yes, all this and a better screen layout and easier to use

Thanks @tial . I you want to follow in my steps I can share the Calc sheet with the Basic code.

Thanks, @harvey186 . I will give it a try!

@HenkK: i will try both, netguard and trackercontrol. if i need some help or your calc sheet, i will let you know. Thank you again!

for TrackerControl there is a telegram group https://t.me/TrackerControl

The dev is very smart and helpful.

@harvey186

Off topic: Doesn’t VPNs override the default DNS settings of google?

nope It doesn’t …

Thank you, @harvey186 for your assistance for me in trying out TrackerControl.

TrackerControl has a very fragmented CSV output: per app a summary list of detected trackers. No datetime, no ipnr. It is very far from a full scale network logging. The goal and usage is different than Netguard. Depending on your goal, you might call it ‘better than Netguard’, but it does not satisfy my research interest (trying to understand what all is hapening on the internet side of my smarthphone).

I think you should better use Netmonitor on your device and/or PI-hole on a server. there you can monitor your internet connections

Thank you, Harvey!

I just tried NetMonitor. It is a neat tool, might come in handy sometime. But it scans only one time per second. In the display you first see only ip address numbers… You have to click on each and every listed connection to see more, and the resolved host names are not always the (informative) host names the app has used. And there is no export…

As for a PI-hole… I have read the name more these days concerning network monitoring. But I don’t have a server at home, and then how do I use it when I am on my way elsewhere?

you could configure a vpn on your router at home, so you could permanently be connected to your pi-hole on the go (via vpn).
advantage: using a vpn to your “home-network” prevents possible logging of your data in untrusted wifis and you can always access all services/data in your home-network (depending on your setting)
disadvantage: you use up your mobile-data and your home-data-connection at the same time. and you open up your home-network for possible attacks on the ports used for vpn.

Hi ! Thanks for your post, it made me install NetGuard, Blokada and TrackerControll, to se what was going outside my phone, it was very helpful to me.
On your NetGuard export, is the traffic sorted by app, or like in blokada, you only have a list of domains, and not the app which requested it ?
I’m asking because I’ve seen some pings to google and google’s DNS in Blokada, but I can’t figure out which app they came from…

I have the same problem for PiHole, I would love to use it but I don’t have a server, so I can’t, for the moment… Any Blokada / Netguard alternative for PC ? (but not requiring a server…)

Another question, I can’t find how to buy pro features without google play version, how did you manage to do it ? And how much was it ?

Hi @pili, wonderful to read that you installed Netguard and the other stuff.

In Netguard in the log screen you see the app that triggered the network communication. In the export this information is no longer visible. But in my monitoring days I was able to deduct the app from other network calls surrounding it. If you would analyze the export apart from Netguard, you can look into the log as long as you have not cleared it.

To activate the pro feature of Netguard without Google Play you have to install the apk from Github, see the second post in this thread. Donating more than 1 euro is enough. The donation screen had pre-filled 7.5 euro, that’s what I did.

Net Monitor is one way of associating network connexions with apps making them.

You can presumably use the same sets of blocked addresses with firewalls or DNS sinks on something else, but how will depend on your system. At least on GNU/Linux, you can sandbox programs with something like firejail too.