If you are searching about hosts files, you can find those that fit to you at this address : https://github.com/StevenBlack/hosts
1 Like
More reading… Treading water here. Thank you for sharing. I am going to work to understand this. @clame
Thanks!
57.6% of all statistics are fabricated to support a narrative
Thank you for this information. @marcdw with this non-root setup I am still lacking the ability to block in-app trackers, correct? (Can’t use Tracker Control, Blokada, etc.) This because NetGuard is using the VPN slot? More I see, more I think App Manager with root is the way to go. I suppose if I got App Manager functioning with ADB over TCP this would work without root as well. App Manager can only block trackers with root.
Or is the in app tracking blocked due to the nature how InviZible is routing all data?
Why not simply use Quad9 in the DNS settings of the phone ? It’s the easiest way to have secured DNS (with DoH)…
And you can use your favourite VPN as well.
Often, simplicity is the best way to efficiency.
3 Likes
Thanks for this. That dang single VPN slot in Android still gets me… Do I go with a VPN or a tracker blocker with Quad 9 DNS? I appreciate the 9.9.9.9 suggestion. Just switched this on in a new Teracube 2e just flashed.
I use proton vpn + nextdns (private dns) That way you can block trackers/adds etc and still use VPN.
1 Like
@andrelam I actually run this exact setup now (different phones). How do you do this with NextDNS at the app level (block trackers)? I still am seeing trackers being blocked with Tracker Control (non-root setup) and App Manager (root setup) when using NextDNS systemwide from Settings > Network & internet > Advanced > Private DNS > Private DNS providers hostname > *enter personal info is *******.dns.nextdns.io.
EDIT:
-With root using ProtonVPN, and NextDNS systemwide App Manager still blocks in app trackers.
-Non-root setup Tracker Control is using VPN slot but NextDNS is still resolving systemwide. confirmed I too see a little message pop up at the bottom of screen in TC as outlined by @andrelam 
Maybe they get blocked before the DNS call, but this is quite interesting, maybe check if nexdns also catches the tracker(log enabled) when tc is off…
1 Like
Oops, what I meant was that the NetGuard/InviZible tutorial could be applied to a TrackerControl/InviZible combo since TC has the same/similar settings as NetGuard.
To be honest I never cared for NetGuard. I forget that TrackerControl can act as a firewall of sorts since it allows for turning off Internet Access for individual apps.
I see there’s been quite a few cool suggestions in this thread lately. On the non-root device I may reexamine and try something new.
Thanks to all.
TrackerControl with the old settings I had showing the similarity with NetGuard. Will try again without the SOCKS5 proxy (TOR) on OxygenOS.
2 Likes
Thanks for your comprehensive coverage of the topic.
57.6% of all statistics are fabricated to support a narrative
1 Like
For a more battery-friendly tracker blocker, I also highly recommend Blokada 5, available on F-droid. Similar to tracker control it gives precise control over domains, although it works differently, focusing on blocklists instead of apps.
Both services use a local VPN
I did a test with an app with 2 trackers, TC does catch them before sending out to DNS server, so that behaviour is “normal”. Nextdns did catch them also.
Excellent news! So from what you are seeing running NextDNS/Quad9 (Settings > Network & internet > Advanced > Private DNS > Private DNS providers hostname > *enter personal info is *******.dns.nextdns.io) should block trackers systemwide (apps and browser) and then coupled with a VPN (Mullvad, Proton etc.) we are effectively masked from big tech tracking (other than browser fingerprinting and non-FOSS app that are logged into). My next question is what filters do you use in the NextDNS UI to accomplish this? (Or does it even matter beyond their defaults)
Really appreciate people taking the time to educate, extremely helpful!
After reading fully I have appreciation for those who look at what goes on behind the scenes in FOSS apps listed on FDroid. The accountability and transparency I am learning about is very reassuring and helps me know where to put my money/donations. My gut tells me nothing malicious was purposely happening but I appreciate the standards being upheld by FDroid and those who raise red flags. Thanks for sharing. Taking a deeper look at
Yes, unless apps use fixed ip numbers to send their data. I dont know if that is done… The settings i use:
Nice nexdns feature is you can have per-device configuration.
2 Likes
Is NextDNS app FOSS ? I don’t think so…
1 Like
No, but on Android 9 you can use private DNS settings, so no App needed. The server side is also not FOSS.
2 Likes
Want to be sure I see the whole picture. So the code used to process DNS resolution on their servers is not open source but the way they encrypt traffic via DoH is? (Encryption of the info from the phone to their server for resolution)
This is less of a worry to you because with any DNS transaction one must put their trust in the said entity regarding how they really are processing the requests on their servers?
From my knowledge running the DNS at the DNS setting in the OS and not using an app also lessens the scope of a potential malicious attack on one’s phone by having less area to get at.
If this is correct I’m gonna have to take a deeper look at 9.9.9.9 which is so wonderfully already present in /e/ builds and compare a bit more along with @marcdw / other suggestions.
The DNS over TLS is done by the OS, Android. You will never know what they do with your data at the server side, but that’s with all DNS servers as you’ve mentioned. In my opinion this kind of DNS service should be offered by /e/ to be able to fight the tracking from within the OS side and outside. I contacted @GaelDuval a while ago to to ask him to investigate the option to cooperate with nextdns, he could do an audit at nextdns. One of the Nexdns founders is also French 
. Did not hear anything back, so don’t know the status of this.
1 Like