Hello, which is better, use default DNS while using tor or Orbot? Or even more secure would be using DNScrypt or oDoH, for example by using RethinkDNS or Invizible Pro.
Anyway DNS is in both scenarios different than isp, but are all options encrypted, what about leaks, or other security considerations?
Tor - because it is private, secure and really anonymous. The Tor ExitNode (the last link in the chain) does the DNS resolution and doesn’t know you. You get all DNS information back encrypted.
But this entry must not be missing in the Tor configuration file torrc.
SafeSocks 1
Do i need to change to that or its by default?
The SafeSocks option is irrelevant to Orbot usage when using the VPN mode.
If you want to have .onion access or strictly ensure that your requests are processed by each respective exit node you should not change DNS settings and ensure the system Private DNS and Chromium Secure DNS features are disabled.
However if you want to use a DNS blocker or the security benefits of a protective DNS (blocking or DNSSEC) then you should use the system Private DNS feature.
If you want more control of blocking and doing so client side, then you can use Rethink combined with Orbot.
While not routing your DNS via the respective exit node may technically be a leak, it will still be passed through Tor with a circuit that expires every 10 minutes, so it isn’t nearly as bad an issue as it might be with a traditional VPN but said DNS could link requests to an extent.
I personally prefer and use Orbot system wide with all isolation options enabled and then combine it with Quad9 via system Private DNS feature.
I’m using Orbot with rethinkdns, but as proxy mode, rethink disconnects Orbot in VPN mode.
SafeSocks does nothing for Orbot in VPN mode and every single app that might use SOCKS does so using SOCKS5 (not SOCKS4) which does handle DNS.
because???
nonsense
Shadowsocks is not comparable to Tor.
Tor has been quite performant with the recent improvements (congestion control + conflux)
You shouldn’t use VPN provided Tor routing as that defeats the purpose of what Tor offers.
I have really big mindfuck now haha
So does it route first through orbot and then Quad9, or just Quad9 only