[guardian-dev] system-wide ad blocking without root

Hans-Christoph Steiner hans at guardianproject.info
Tue Oct 25 18:22:20 EDT 2016 

Seems like if the app can combine your TLS-hosted file with other
sources, then both the DoS and the out-of-date risks are mitigated.

One thing to be aware of is that TLS is easier to track than plain text
HTTP, via the TLS Session Tickets/Identifiers and other more complicated
attacks.  So HTTP over Tor will probably be the most private, as long as
DNS66 is not including any unique IDs of its own.

.hc

Dominik Schuermann:
> Hey,
> 
> thanks for mentioning this project. I am using it now and immediately
> created a small PR with some comments:
> https://github.com/julian-klode/dns66/pull/19
> 
> So the issue here is that many hosts sources are not available via TLS.
> This is not the dev's fault, but the fault of the hosts-maintainers. The
> dev is right that the attack vector is only a DoS attack in the sense
> that a MitM could disable the access to specific hosts. Still, I think
> the situation should be improved. I am not completely sure how. Maybe
> someone should provide a hosts file that is served via TLS and more
> trustworthy. I am currently hosting https://adaway.org/hosts.txt via
> GitHub + Cloudflare, but its not really updated regularly.
> 
> Cheers
> Dominik
> 
> On 10/25/2016 11:26 PM, Nathan of Guardian wrote:
>> I have considered this as an Orbot feature, along with some of the No
>> Root Firewall /Little Snitch capabilities. Obviously that would impact
>> anonymity, but perhaps no more than NoScript or HTTPsEverywhere already
>> does?
>>
>> On Tue, Oct 25, 2016, at 01:28 PM, Hans-Christoph Steiner wrote:
>>>
>>> This is an interesting app: DNS66.  It uses the VPN API to provide
>>> system-wide ad blocking without root access.  It just handles DNS, no
>>> other traffic, and uses the standard ad blocking blacklists to filter
>>> the DNS requests.
>>>
>>> https://www.reddit.com/r/Android/comments/59a8qm/dns66_a_dns_based_adblocker_that_works_systemwide/
>>>
>>> .hc
>>> _______________________________________________
>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
>>
>>
> 
> 
> 
> _______________________________________________
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
> 

-- 
PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556

More information about the guardian-dev mailing list