TrackerControl VS AdvancedPrivacy

https://www.twinhelix.com/apps/signal-foss/

The loginscreen was just blank even after some time. Had similar behaviour with other apps.

I agree with you, I remember that Android can use only one VPN and, as you, I can see that TC works with AP enabled but, without IP hiding. AP activate the VPN icon (the little key at the top of the screen) only when IP hiding is enabled.
In the settings ā†’ Network and Internet menu, VPN show which application is enabled (TC or AP). If the VPN is owned by AP, when you enabled TC, it kick off AP to take the VPN privileges. These tests tell me 2 things :

  • You can enable only a unique VPN connection at the same time (in fact it is false if you use profiles)
  • TC trackers blocking is using VPN but AP tracker blocking is working in other way, and donā€™t need VPN. So both can work together.

Thanks to Shelter App I activated the ā€œWork Profileā€, and TC is installed in my personal and working profile. I can enable the two instances of TC in the same time. But, in this case, TC monitor only app in the profile where it is installed.
@MaMaTT88 perhaps it is possible to enable AP from the Work profile to only activate the IP Hiding, et keep TC in the private profil to monitor the trackers from the app.

1 Like

TrackerControl (TC) is not redundant. It functions very differently from Advanced Privacy (AP) and therefore provides something that AP cannot deliver.
AP acts as a DNS, hence it blocks DNS requests to trackers. This is a very easy and simple way to implement a blocker, but it can as easily worked around. Itā€™s very similar to the internet blocking of some sites that some countries implement to prevent their usage, and the protection is just as weak. e.g. the ip can be hard coded into the site (itā€™s not that hard to update that) or the app could just contact another DNS server in case that it canā€™t resolve the address of a tracker.
Given that there is actually money behind the whole tracker business, Iā€™m pretty sure that this will happen sooner or later if many people block stuff. (Maybe it already happens, I donā€™t know.)
And if that happens, AP has no means of detecting that.
Therefore, AP actually gives you a false sense of privacy.

TC on the other hand actually tracks connections or rather connection attempts. To do so, it uses a local VPN, which is also the main disadvantage of using TC. This VPN means that you canā€™t use a real VPN or you have to disable TC when you do and it also results in slightly higher battery usage (although I havenā€™t measured it).
However, the approach is much more solid and for that reason, I would always choose TC over AP.

The other two features of AP (faking location and ip) are completely unrelated to TC.

2 Likes

Thank you for your comprehensive and complete answer :grinning: I didnā€™t know that AP act as a DNS, and now I understand better some weirdness when I tried to use Private DNS and why TC and AP can work togetherā€¦

Thatā€™s my setup as well. Advance privacy is an excellent app but I do use Netguard too. I like having the power to decide which apps are allowed to go online and which arenā€™t.

Thatā€™s interesting information. On my system, AP shows up as an entry under the VPN section in the system network settings, so there seems to be at least some kind of VPN component to it, not just DNS, so I wonder whatā€™s going on there.

As for software bypassing DNS, I know of at least one company that does it: I have observed that Adobe desktop software sneakily tries to connect to 1.1.1.1 if it fails to reach some of the analytics/advertising hosts it connects to at every launch. Tested on macOS with Little Snitch.

As for trackers in Signal: It might be caused by a website from a link that was sent via Signal message. AP also shows trackers in Fennec, but they are really part of websites that I visited and must have somehow bypassed uBlock Origin.

Ultimately, as great as AP is already, I hope one day /e/ will extend it into a real system-level firewall with tracker blocking (eg. a collaboration with Calyx with their Datura firewall) so we can be protected even if:

  • native code or system components call home
  • weā€™re using another VPN connection (home or office network, commercial vpn like mullvad etc.) or another software that needs a DNS server
  • an app connects to trackers by IP address instead of hostname
  • an app bypasses system DNS lookup and uses a different DNS server
  • an app uses system components to handle the network activity instead of connecting directly
  • we want to shut off internet completely for an app
  • we want to monitor all connections that are being made to discover and block (and ideally even report) endpoints that are not in the blocklist yet

I think we can all agree that ultimately, stacking multiple more or less comprehensive protection tools that may or may not interfere with each other is not idea. Not to mention that it is too much to ask from a novice user who knows nothing about networking and just wants to protect their privacy.

1 Like

Yes, there is indeed, it is the ā€œHide my IPā€-function of AP (the sheer entry in system settings is only a required prerequisite so that AP may use androids vpn-interface, it does not prove it actually does):

1 Like

Correct, the VPN part of AP is used when you hide your IP, which is done via Tor. See here:

Thatā€™s a quote from the link on AP posted above.

Back in November, when I had to reinstall /e/ on my FP3 (do to the lack of an upgrade path) and was faced by the new version with AP, I was going trough all the questions that were brought up here. I thought I might be able to drop TC and just keep AP. After reading the post linked above, I decided to stay with TC, since in my opinion it is the better solution regarding trackers.

2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.