Hello! I feel really silly/dumb for asking but is it there a way to use a VPN and also block trackers from apps?
I currently use the Tracker Control app and due to its nature (since it uses a VPN connection), am unable to use a regular VPN for its usual purposes.
Is there a way I can do both? I know one way to minimize trackers is obviously to use the website/web app version of whatever it is, but it’s just not possible for every app I have on my phone.
Is there perhaps a VPN than can do both? In terms of app trackers, I care most about fingerprinting and analytics, I suppose.
Android’s Private DNS setting aka a DoT server you input there to use as your dns resolver would superceed your vpn’s dns server so pick any adblocking DoT server you like and just use the Private DNS feature in tandem with whatever your vpn provider is. You’ll be blocking ads and trackers systemwide.
I would’ve assumed even basic lists would take care of 98% of app based trackers. But then I only install bear minimum and not so shitty apps. FWIW mullvad’s mostly based on easy list (not only) and that seemed pretty effective from my casual testing.
the thing with adguard lists is that they whitelist the trackers they use themselves… At least they did when i checked last.
My personal solution is to add the ProtonVPN WireGuard configuration files to RethinkDNS and use on-device blocklists as well, but AFAIK on-device blocklists require some RAM, because when I was surviving with 1 GB of RAM my phone constantly RAM-crashed (a RAM-crash is when your phone runs out of RAM and closes almost everything to free up some memory.), so you’ll need some RAM if you take this option a try.
The main problem of this method is that you’ll need to manually import the WireGuard configs into RDNS if you wanna connect to the VPN server you want to connect and that you’ll not going to get access to some features of the official ProtonVPN client, of course, but if you want something simple and you’re not hopping between VPN servers you could give it a try.
System level DNS on Android in combination with a VPN leaves you vulnerable to IP exposure to the DNS provider (if the DNS provider is different from the VPN provider). I have tested this myself, the real IP address is visible to the DNS provider.
The app overall itself needs 140mb+ in addition. A
Less if you disablelogs (turn off Configure → Settings → Enable on-device logging) entirely.
In the upcoming version, v055o (due in a few weeks, but I’ve been saying that for months… as a forum member here notes) we’ve tried to optimize for RAM usage wrt on-device blocklists (instead of reading the entire blocklists in, we only selectively read what’s needed), some more. Let’s see.
We were nerd sniped by Daniel Micay in to implementing a client-side multi-hop. It works nicely, dare I say, in our testing. And so, wrt hopping specifically, in the upcoming version, v055o, you’d be able to hop any WireGuard over any other WireGuard (for instance, hop Proton over Amnezia, like I do).
Thank you everyone for your responses, and apologies for my slow response. I’ll try out rethinkDNS! This fits exactly what I needed, thank you! In terms of on device blocklists, are there any in particular that I should use? (Since, looking at those available, there are quite a lot!)
Additionally, I know that using the web app version of things is generally best. But if you use an app alongside with rethinkDNS, can that be just as good as using the web app? The web app version of some things (social media being the biggest one) just sucks, to be honest.
I followed the steps to adding a wireguard configuration specifically from proton. Though I’m wondering, how can I have both proton wireguard proxy on for VPN, and RDNS PLUS for DNS? I hope that makes sense.
In the current Rethink version (v055n), use WireGuard in “Advanced” mode.
Optionally, tap on Proton config you just imported and set it to “Always-on” to have it route all apps through it. Or, if you prefer, you can individually add apps to this Proton config (tunnel) by tapping on a button that goes “Add / Remove (0 apps)”.
DNS queries should be routed through user-set endpoint (in Configure → DNS), when WireGuard is setup in Advanced mode. This endpoint will be proxied over any Always-on WireGuard (chosen at random if multiple Always-on are set up). This behaviour can be disabled by turning ON Configure → DNS → Never proxy DNS.
You can exempt apps from Always-on WireGuards too, by turning ON Bypass app from all proxies from Configure → Apps (then use the search bar to look for the app to bypass).
In the next version, v055o, we’ll let user decide whether to use WireGuard DNS or user-set DNS, even in Advanced mode. The setting to be turned ON will be Configure → DNS → Split tunnel.