• darcmage@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    58
    arrow-down
    3
    ·
    6 months ago

    “The report detailed how the user managed to leak DNS queries when disabling and enabling VPN while having “Block connections without VPN” on.”

    Not to diminish the severity of the issue but I can’t imagine this being the factor that pushes the average person to ios over android.

    • TheAnonymouseJoker@lemmy.ml
      link
      fedilink
      arrow-up
      33
      arrow-down
      2
      ·
      6 months ago

      The amount of leaks iOS intentionally does, let alone the part where they tell you to use their own (not so) Private Relay feature, is enough to stick around on Android.

          • meseek #2982@lemmy.ca
            link
            fedilink
            arrow-up
            5
            arrow-down
            2
            ·
            6 months ago

            The one that irks me is how some apps that have already established a connection can ignore the VPN. I always wondered about that, like if I enabled my VPN, what happens to existing connections. One thing I couldn’t find is what apps can do this? If it’s third party apps, that’s pretty serious. But if it’s just Apple apps or default ones, that’s a far less of a concern seeing as Apple seems to bypass VPN anyway for its in-house wares.

            • TheAnonymouseJoker@lemmy.ml
              link
              fedilink
              arrow-up
              7
              ·
              edit-2
              6 months ago

              You should treat Apple as a third party to your data. Apple is not your friend. No corporation is your friend. Apple is even worse than the average corporation.

              • meseek #2982@lemmy.ca
                link
                fedilink
                arrow-up
                2
                arrow-down
                3
                ·
                6 months ago

                LOL. They built the entire fucking OS. If they want to siphon my data, they can. Without anyone knowing. Also everything is linked to my Apple ID. So what’s the point? They already know everything and have tied it all together with my unique IDs, device serial numbers and the payment data associated. What’s the point the of running FaceTime over a VPN? They already know everything…

                At some point you have to stay calm and think rationally.

                Now if Twitter or some random app I downloaded from GitHub can bypass my VPN, then yeah, that’s a pretty big concern as they currently have nothing on me.

                I’m going to ignore the “corpos aren’t your friend” because FUCKING DUUUHHHHHH

                • TheAnonymouseJoker@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  6
                  arrow-down
                  1
                  ·
                  edit-2
                  6 months ago

                  If you have sold your soul to Apple already, then that is not a problem. You may take this as offensive or factual, I do not care. Why? Because I use Android phones without a Google account. You may think, this person does not have a life, I do. But I also have a life. I use online groceries and use shopping sites through Firefox web browser. I have WhatsApp and Discord with lots of restrictions and a firewall with 400k+ domains blocked all the time.

                  How much data you consider okay to give away to corpos is up to you. However, understand that once you give away this or that data about you, there is no way to return back to an option or time where nobody had that data about you.

                  Yes, I am pretty anal about my privacy, security, anonymity and freedom. And I am shameless about it.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      11
      ·
      6 months ago

      I’m not sure of anyone who switches from iOS. Once you are in the ecosystem they won’t let you leave.

      • dubyakay@lemmy.ca
        link
        fedilink
        arrow-up
        21
        arrow-down
        11
        ·
        edit-2
        6 months ago

        Why is this stupidity repeated ad nauseum? I’ve successfully switched from iOS to Android and back to iOS again without any hindrance.

        It’s not any different from switching from windows to Linux.

        • Possibly linux@lemmy.zip
          link
          fedilink
          English
          arrow-up
          14
          arrow-down
          2
          ·
          6 months ago

          Then why can’t I use an Apple watch with anything but Apple products? Why do I need a Mac to create iOS apps?

          • kugmo@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            11
            arrow-down
            3
            ·
            6 months ago

            If you just have an iPhone and nothing else and treat it like a smart phone it is very easy to migrate over to android and vice versa. If you get invested in the apple ecosystem it might be hard to leave or use some other products that are gimped without an iPhone

            • Possibly linux@lemmy.zip
              link
              fedilink
              English
              arrow-up
              8
              arrow-down
              4
              ·
              6 months ago

              Third party products will not work well with an iPhone as Apple makes sure that there products work best. Additionally, iphones have very bad SMS and MMS support.

          • meseek #2982@lemmy.ca
            link
            fedilink
            arrow-up
            4
            arrow-down
            5
            ·
            6 months ago

            Lmao. People really are just out there on the raggedy edge. The watch communicates with a shit ton of sensors and other tech only found on Apple devices. Also, last I checked, I can’t run an Android Watch on iPhone fully, there is always a slew of things that don’t work or kinda work. Maybe Apple didn’t want that experience for its users.

            You need a Mac to build Apple apps because why in the actual fuck would you use a PC to do that!? What’s the point?

            I’m not defending Apple as they clearly gate a lot of shit but the complaining about the dumbest shit ever doesn’t make them Nazis. Also, Google, Samsung, Microsoft, all of them are the same level of asshole. Big Tech is trash. This is not new news.

            • Possibly linux@lemmy.zip
              link
              fedilink
              English
              arrow-up
              5
              arrow-down
              2
              ·
              6 months ago

              You could use an Android watch with iOS but Apple will not let you. I don’t get why you are defending Apple

              • meseek #2982@lemmy.ca
                link
                fedilink
                arrow-up
                4
                arrow-down
                3
                ·
                6 months ago

                What do you mean don’t let you? https://screenrant.com/samsung-galaxy-watch-4-use-with-iphone-compatible-explained/

                Same shit as with Apple on Android, basic functionality, nothing more.

                So you blame Apple for Android having basic functionality with an aWatch but then blame Apple for a Samsung Watch having basic functionality on iOS? So it’s just Apple’s fault all the way around then?

                I guess you also missed the part where I say all big tech is the same? And are all basically shit? Or you just didn’t read that far…

  • TheAnonymouseJoker@lemmy.ml
    link
    fedilink
    arrow-up
    13
    ·
    edit-2
    6 months ago

    I think the problem is Reddit user (who Mullvad cites) not knowing that the Private DNS feature in AOSP/Android defaults to Google or Cloudflare DNS, and that you need to set a custom DNS of your choice to prevent this.

    AdGuard provides a whole list of DNS providers to pick from. Pick a hostname from DNS-over-tls row for any provider, remove the “tls://” part and enter the rest in Private DNS custom option.

    https://adguard-dns.io/kb/general/dns-providers/

    • youmaynotknow@lemmy.ml
      link
      fedilink
      arrow-up
      4
      ·
      6 months ago

      If you do this, you’ll be using the DNS you assign instead of using the VPN’s DNS, as intended. That will make you stand out from the rest of the same VPN users, effectively affecting privacy.

      • TheAnonymouseJoker@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        6 months ago

        Either stand out or let your ISP or Google/Cloudflare or VPN read all your domain visit queries. It is better to not let ISP or Big Tech decipher your internet history for obvious reasons.

    • Scolding0513@sh.itjust.works
      link
      fedilink
      arrow-up
      1
      ·
      6 months ago

      mine gives me three choices. Off, Automatic, and Private DNS (type in your own). should i set mine to off then? will that prevent the leak?

      • TheAnonymouseJoker@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        6 months ago

        I am not sure what off does. Might need to recheck Android documentation. But I remember the custom one definitely uses whatever you set, and nothing else. No Google/Cloudflare DNS.

        For example, if you like AdGuard, you can just enter dns.adguard.com there.

          • TheAnonymouseJoker@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            6 months ago

            Automatic on Android always falls back to Google or Cloudflare DNS in the same way systemd DNS resolving works. Or if that does not work, ISP is being sent whatever domain queries user is requesting directly. I am going off from connecting the dots between what I know about Private DNS from Android documentation, and what the Reddit poster did not mention who Mullvad cited in their blog post. I am assuming that the time gap between Android’s killswitch turning off and on with always-on settings is giving time for DNS queries to go through (detected by Wireshark), and since the default DNS provider is almost never set by people on Android, this may be happening.

  • Tundra@lemmy.ml
    link
    fedilink
    arrow-up
    11
    ·
    6 months ago

    What I don’t understand though, doesn’t using mullvad automatically set their own DNS?

    • lemmyreader@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      6
      ·
      6 months ago

      On the desktop it does. But on Android things are maybe different ? Not directly related but I remember (long time ago) wanting to tether from an Android phone with Mullvad VPN app in use, to a computer, only to find out that the Android defaults (In Android not in the Mullvad app) needed a button swiped to make it work correctly on the other device.

    • youmaynotknow@lemmy.ml
      link
      fedilink
      arrow-up
      5
      ·
      6 months ago

      Only if your Android connection is set to automatic DNS. Additionally, they are assuming it is an OS bug. However, they also acknowledge that they had to fix something on their app to mitigate. I tried myself with Wireguard instead, killed the network access to it, and nothing ever left my phone, as Android immediately killed all connections due to the VPN always on feature.

      So, I’m going to take their claim with a grain of salt until AOSP says something about this and denies or confirms the alleged bug.

  • Pantherina@feddit.de
    link
    fedilink
    arrow-up
    5
    ·
    6 months ago

    Any system app on Android, the captive portal login and more CAN all bypass a VPN in “block all other connections” mode.

    Android is really problematic and having as little system apps as possible is the only fix.

        • MotoAsh@lemmy.world
          link
          fedilink
          arrow-up
          23
          arrow-down
          1
          ·
          edit-2
          6 months ago

          You and I don’t have to imagine that, dummy. We’ve already done it.

          • GolfNovemberUniform@lemmy.ml
            link
            fedilink
            arrow-up
            1
            arrow-down
            19
            ·
            6 months ago

            Well idk about you but I did it many times unfortunately. Imagine accusing people in what you’ve done yourself I guess. Very pathetic indeed

          • GolfNovemberUniform@lemmy.ml
            link
            fedilink
            arrow-up
            3
            arrow-down
            7
            ·
            6 months ago

            Realistically speaking, I’m not. Technically speaking, accusing people in what I do too may not be considered bad but that depends on the culture. Anyways I didn’t mean to be rude when I made that original comment. I still don’t understand how was it rude. I guess it’s my English knowledge that sucks again

            • jet@hackertalks.com
              link
              fedilink
              English
              arrow-up
              5
              ·
              6 months ago

              You said “imagine doing a thing” implying it was a really dumb idea… Like imagine eating a tidepod… Crazy right?

              But it was “imagine using a android” which like 70% of the world uses… Now your implying 70% of the world is doing something so dumb it is surprising you.

              People sensibly ask you, what should they be using instead if they care about freedom etc, and your reply is use something that doesn’t exist yet…

              So now the full circle is imagine doing a thing, crazy! , you should really be using something that doesn’t exist yet… You created a rhetorical situation thats impossible, and that’s why people respond very negatively to you. Your logic is inconsistent.

              • GolfNovemberUniform@lemmy.ml
                link
                fedilink
                arrow-up
                1
                ·
                6 months ago
                1. I didn’t know the imagine phrase means it’s stupid. I thought it’s just judgment (e. g. imagine killing people). And I didn’t even say it very seriously. I already explained the reason. If you care to actually be fair, read that

                2. In this case I understand why people would respond negatively but imo rudeness and general toxicity is not justified. These things are always bad. Well maybe except the cases when the other side acts the same way or is just evil and you use toxicity as a form of terminating the person’s ability to hurt others. Though if what I said really was extremely rude, probably it’s fair idk

                • jet@hackertalks.com
                  link
                  fedilink
                  English
                  arrow-up
                  4
                  ·
                  edit-2
                  6 months ago

                  I haven’t been rude to you. Or at least I don’t think I have been.

                  I explained everything as clearly as I could.

                  Remember with communication, it’s not your intent it’s the perception that’s important. And yes your initial phrase came off as hostile and condescending

          • GolfNovemberUniform@lemmy.ml
            link
            fedilink
            arrow-up
            1
            arrow-down
            8
            ·
            6 months ago

            I honesty don’t understand the rudeness. What I said is unpopular as 8K monitors and I do think it can be downvoted but why being rude? I just don’t want to participate in toxicity because then I become toxic too. Ignorance is the best in this case. And I use LineageOS that’s based on Android btw

            • TheAnonymouseJoker@lemmy.ml
              link
              fedilink
              arrow-up
              15
              ·
              6 months ago

              Then why did you exactly say “imagine using android”? Makes no sense even if you were trying to make a joke hidden beneath many layers of logic.

              • GolfNovemberUniform@lemmy.ml
                link
                fedilink
                arrow-up
                4
                arrow-down
                5
                ·
                6 months ago

                Well yea that didn’t really make sense. I guess that’s what being autistic is. Anyways upvoted and thank you for not being toxic

    • lemmyreader@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      32
      arrow-down
      1
      ·
      7 months ago

      Well, yes, I prefer desktop. But you know, in some countries some people have nothing else than phones. I am glad that Mullvad has posted this and hopefully Google can fix the bugs soon.

            • lemmyreader@lemmy.mlOP
              link
              fedilink
              English
              arrow-up
              5
              ·
              6 months ago

              Well, I didn’t see the other comments till now, and wrote Upvoted as an alternative to Insightful which I was intending it to sound. I appreciated your comment because I think Google likely have their own priorities.

              • GolfNovemberUniform@lemmy.ml
                link
                fedilink
                arrow-up
                2
                arrow-down
                5
                ·
                6 months ago

                Well yea I understand. I just didn’t know what else to say. I didn’t want to just upvote and not reply because I don’t want to ignore nice (no I’m not saying that upvoting me makes you nice) people in this toxic and hopeless world. In the contrary I want to promote them. Though nobody (probably even myself) will believe in it after everything I’ve done and said here for various reasons. I guess it’s an imagine being sus moment

                • lemmyreader@lemmy.mlOP
                  link
                  fedilink
                  English
                  arrow-up
                  6
                  ·
                  6 months ago

                  All fine. Your comment where you mentioned autistic suddenly made me “understand” the let-s-call-them misunderstandings in this thread. And I agree about the toxic world, but we’re all in the same boat, so I’d say we may as well be nice to each other at least a few seconds per day. Sometimes small things can make a big difference.

      • GolfNovemberUniform@lemmy.ml
        link
        fedilink
        arrow-up
        6
        arrow-down
        13
        ·
        6 months ago

        Well iOS does have its advantages but tbh there are no fully usable alternatives for Android now. Hopefully Linux will get better on phones because I feel like we do need an alternative at this point

        • HEXN3T@lemmy.blahaj.zone
          link
          fedilink
          arrow-up
          22
          arrow-down
          1
          ·
          6 months ago

          Well, we live in right now, and right now, mobile Linux just isn’t suitable for many people, and the hardware that actually supports mobile Linux is a whole other story. It’s certainly not possible to just not have a phone at all anymore, either. Calyx, Graphene and Lineage are the current best options. To say someone is stupid for using these is, well, stupid.

          • GolfNovemberUniform@lemmy.ml
            link
            fedilink
            arrow-up
            2
            arrow-down
            12
            ·
            6 months ago

            I didn’t say that people who use Android are stupid and neither I intended to. What I meant is that Android is really enshittificated now. “It’s certainly not possible to just not have a phone” is another story. I think relying on phones too much hurts people and the world a lot but again that’s a whole new story

            • HEXN3T@lemmy.blahaj.zone
              link
              fedilink
              arrow-up
              13
              arrow-down
              1
              ·
              6 months ago

              Okay, but saying “Imagine using Android” paints a certain picture. And, yes, relying on phones is dangerous. It’s not that it’s impossible to live without a smartphone, it’s that arbitrary systems have been put up in society that have created a large dependence on them.

            • Tundra@lemmy.ml
              link
              fedilink
              arrow-up
              6
              arrow-down
              1
              ·
              6 months ago

              Stock android is definitely enshitified - but there is still hope with custom os’s

    • eleitl@lemmy.ml
      link
      fedilink
      arrow-up
      14
      ·
      7 months ago

      LineageOS with Jerboa over Mullvad VPN here. Not many options on mobile devices.

      • BearOfaTime@lemm.ee
        link
        fedilink
        arrow-up
        9
        arrow-down
        1
        ·
        6 months ago

        And Android runs a shit load of portable devices beyond phones.

        Most handheld store scanners are Android based today. Inventory management devices (like warehouses have used since the nineties) used to be Palm-based, are largely Android now, because it’s core is Linux. They don’t have to run the standard Android shell, they can run their own.

        I’ve used medical monitors that are Android based.

      • GolfNovemberUniform@lemmy.ml
        link
        fedilink
        arrow-up
        4
        arrow-down
        8
        ·
        edit-2
        6 months ago

        Yea unfortunately. Hopefully the enshittification of new versions will speed up the development of alternatives

        EDIT: imagine raiding (now seriously)

    • smileyhead@discuss.tchncs.de
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      6 months ago

      All things I use, besides JavaScript on websites and firmware, is basically open source.
      I am lucky to use open protocols for communication only, as when deleting Facebook my friends were willing to use Matrix with me.
      I can do many many compromises.

      But still, I have OnePlus 6T with mobile Linux and absolutely cannot switch now. I would love to, but working camera and some alternative to Organic Maps is a must I cannot jump around when Android is “just” fine now.