Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you have root, you can use AdAway to modify the hosts file to use any blocklist you want.

If you do not, you can use a personal DNS server(or a service) to modify the blocklists.

I just simply don't get the VPN based approaches.



Unlike using a DNS or host file, with TrackerControl you can apply rules per host and/or per app, even block an app from using the internet at all. Also, one can log all the traffic and classify it per app, so it gives a lot of insight into which apps are communicating in the background and how often.

Note that the VPN that TrackerControl uses runs fully on the device (and TC itself is opensource) so there is no need to trust any additional third-party servers.


For Android, the VPN API is simply the only official and best-supported way of intercepting app traffic. Everything else requires root to mess with iptables, etc.


Some Apps will use a pinned/hard-coded DNS server to avoid your DNS based blocklists... a VPN sees all.


Can you give en example of how this is implemented?

I would love to test thebvpn blocker with some poc.


WhatsApp sends out DNS probes to 8.8.8.8 unencrypted (TrackerControl does trap and proxy these).

And spyware SDKs like InMobi and Gamooga do DNS over TCP which almost all apps on Android leak (but TrackerControl does not).

Telegram does its own DoH (?). Instagram does hardcode some of its IPs, not all (TrackerControl has no mitigation for these).

Disclosure: I co-develop a similar app to TrackerControl


NextDNS uses the VPN API to route all DNS traffic through it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: