A great option for taming the massive onslaught of advertisements constantly invading your phone has been an app available on XDA called AdAway.
Unfortunately, it requires root access, which is not yet available on the Galaxy A71 5G (SM-A716U with Snapdragon 765G).
However, the next best option for managing ads at the device level is using a feature built into Android 9 and up which allows you to set a custom DNS server. And this does not require root access or otherwise hacking your phone. You are just changing a setting.
Many private DNS services exist which provide a variety of additional benefits. Some not only block Ad sites, but also block known malicious sites, and block sites that are not appropriate for children.
This page lists several options for DNS services depending on what you want to block.
https://cyanish.com/how-to-block-ads-and-malicious-domains-in-android-easily/
I find that AdGuard and Nixnet seem to be the most effective at blocking ad sites. OpenDNS and Quad9 are better at blocking malicious or inappropriate sites. I set my home router to use OpenDNS for this reason.
Note that some DNS services may be based in other countries. You may want to do some additional research to help decide which one is most appropriate for you.
Once you have decided which DNS service to try, on your Android phone, go to:
Settings > Connections > More Connections Settings > Private DNS
And enter the host name of the DNS service you want to try.
You may need to reboot your device to see the full change. If you don't get results you are happy with, try a different service and reboot. You can change back to the standard DNS settings at any time.
I use DNS66 and it seems to work well but I haven't tried the others listed above. How do they compare?
I use OpenDNS on my home router since they allow you more control over the types of sites they block.
I tried Quad9. I did not see much ad blocking when using it. But that's not surprising since it is a consortium of companies like IBM, etc. It probably does a nice job blocking malicious sites.
AdGuard worked great at blocking ads. It is a Russian site, and that isn't necessarily a bad thing. But it helps make the point to do your research because whatever service you choose will know the sites you visit (unless you are using the encrypted DNS services specifically for that reason).
Some of the others are probably a better choice if you live in Europe, but in North America there are probably sites that perform better.
I went with Nixnet and have bee happy with it so far.
Ive done well without root using the Paid Adguard version. it worked well on my Huawei mate 10 Pro, and am now using it on the A71 5g AT&T variant.
There is a new version of AdAway on Fdroid
Related
I have checked several of the major Host ad blocking files available on the web and none reference Medialets & Zestadz Ad Server locations. Lookouts "Ad Network Detector" app found several apps using these companies to host ads and I want to block them via the host file.
I was using AdFree until I found AdAway, which has far more options, including using several host file update locations and manually entering ad servers to block. AdAway uses the same host file source, as well as several others but none of these reference Medialets & Zestadz. Apparently Medialets is now the worst of the bunch, with ads that can collect anything and everything on your phone.
This article in PC Magazine references the Medialet bstards but they don't list the ad server location like they do with several other ad services.
http://www.pcmag.com/article2/0,2817,2383261,00.asp
AdMob which seems to be the most common is just as bad, though their servers are at least known and are included in my host blocking.
"Veracode then drilled down to see what type of data each network was collecting. AdMob accessed GPS location, application package name, and application version information, and "there were variable references within the ad library that appear to transmit the user's birthday, gender, and postal code information," Veracode said."
Unfortunately, as I stated above Medialet's servers don't seem to be known to the public and were not listed in the article. A Google search comes back with nothing.
"Medialets library accesses the device's GPS location, bearing, altitude, android_id, connection status, network information, device brand, model, release revision, and current IP address."
Zestadz is also an unknown. I can't seem to find any info on their ad servers, and they are not referenced in any of the major host files so I can only assume they are not being blocked.
Spyware in PAID Apps!
The obnoxious thing is that Weather Bug Elite uses Medialet even though the app is the paid version. They say that its disabled in the paid "elite" version and is only active in Weather Bug Free, but I don't trust those Medialet a-holes and want to block them at the host level.
Zestadz are used in Flight View Elite, another paid app I own. Same situation above applies. I also found AdMob, AdWhirl and Millennial also embedded in the paid app.
Unfortunately, I can't just go DroidWall these apps as they both need network access so host blocking the ad servers is the only other way I know to prevent them from spying. Anyone know the ad servers for these two companies?
UPDATE: I contacted the parent company who owns WeatherBug and just started entering extensions until I got someone on the phone. I told them I wanted to speak to their legal department regarding a potential lawsuit, and they immediately forwarded me to someone who after some hold time told me "Medialet is NOT suppose to be part of the paid WeatherBug [IE: WeatherBug Elite], and if its showing up then our engineers need to remove it from the application." He said he would be getting back to me on the matter. Does anyone here actually believe this was a legitimate oversight? I am so tired of this privacy invasion crap. Companies think they can do whatever they want until they get caught and just play dumb when it happens.
On to whoever makes FlightView. Going to raise some hell them next. Will update. Still trying to figure out Medialets & Zestadz ad server info. If I can pry it out of these two companies I will post the information as well.
UPDATE 2: The "Office Manager" of Flightview is out of the office until Monday and the tech support department is in a meeting. I will try back later (or Monday) but even though I was [or at least started off] extremely polite, the rep I talked to was a total *itch and tried to dodge my questions on in-app spyware every way possible. Will update when I have more info.
EFF is bringing the security and privacy of HTTPS Everywhere to an important new frontier: your Android phone. As of today, you can install HTTPS Everywhere on Firefox for Android (until now, it could only protect desktop browsers). With HTTPS Everywhere installed, Firefox for Android encrypts thousands of connections from your browser that would otherwise be insecure. This gives Firefox a huge security advantage over every other mobile browser available today.
This is exciting news, because HTTPS encryption allows smartphone users to safely download apps, browse the web, exchange emails and instant messages, sync data between devices, and countless other everyday tasks. As we carry around our phones and tablets, we often connect to unfamilar WiFi networks, putting our personal data at risk of being monitored, collected, and tampered with by anyone else on the same network, as well as Internet Service Providers, network operators, and government agencies. In fact, we discovered last week that NSA and GCHQ have been invisibly tracking and profiling users based on data leakage from smartphone apps.
HTTPS Everywhere guards agains these attacks in your browser by switching insecure HTTP connections to secure HTTPS connections whenever possible using thousands of URL rewrite rules. Whereas data sent to a server over HTTP can easily be read and modified by third parties, HTTPS uses strong encryption to guarantee data confidentiality and integrity.
Click to expand...
Click to collapse
https://www.eff.org/deeplinks/2014/01/making-the-mobile-web-safer-with-https-everywhere
Figured I'd share this with you guys. HTTPS Everywhere has been a great desktop Firefox addon, I'm really happy to see them finally get a mobile Firefox version out. Probably the best way this would protect people are when using public wifi, but of course the site you visit would have to offer some form of HTTPS/SSL for the addon to work. It basically just helps you get the most out of sites that do offer it (some sites, like Youtube for instance default to HTTP).
Hmmm.. interesting.... But does Https Everywhere still have the problem that because of it, pages in general load a lot slower?
I haven't noticed any slow down personally. All this does really is help sites that support HTTPS/SSL to some extent, but for whatever reason do not default to it when I user visits the page. And obviously they make sure the site doesn't get broken before adding it in their extension's site list.
There's a whole FAQ here too that might explain it better than I ever could. All I know is if Tor browsers use it along with Noscript, it's a good security add on. Way better than nothing.
https://www.eff.org/https-everywhere/faq
But the add on should also make use of their SSL Observatory, which is a measure in place to protect users:
The EFF SSL Observatory is a project to investigate the certificates used to secure all of the sites encrypted with HTTPS on the Web. We have downloaded datasets of all of the publicly-visible SSL certificates on the IPv4 Internet, in order to search for vulnerabilities, document the practices of Certificate Authorities, and aid researchers interested the web's encryption infrastructure.
Click to expand...
Click to collapse
https://www.eff.org/observatory
Lots of people are having trouble getting Orbot working on newer devices. To solve this I made Orxy: a compatible alternative free anonymous Tor proxy.
Orxy is an Orbot alternative that supports devices running the latest Android. Orxy protects network traffic using The Onion Router (Tor) network. Tor encrypts the data and sends it through random points across the world to hide where the connection started. For example, while using Orxy, a website you visit might think you're looking at it from another country. Use it the same way as Orbot: configure your apps to use the local proxy server settings. Instruction details on the play store page.
It has optional add-ons to get full Tor proxying without root, and to hide the Tor traffic in another a layer of encryption. Neither are required to use the app.
If Orbot is not working, I hope it helps get people their Tor back.
Available on Google Play
Legalese: It is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else. Do not use without knowing the inherent risks and limitations of Tor. Use at your own risk.
Thanks....
It's Cool
Glad you like it, thanks for the support.
Promo for XDA readers:
https://rideem.io/from/orxify/for/xda gives out a code per day to get the orxify add-on free.
I have always known that companies like google and facebook for example collect our data, web searches etc and sell this information for profit. Today, this has become an even bigger issue with what we see in the media with the nsa and other government organizations tapping into our devices and monitoring our usage. At the end of the day, most of us, myself included really dont have anything to hide, so it may not be a real issue. I have often thought that if anyone poked around in my pc or phone they would simply get bored as they are just full of geeky engineering files lol. The real thing for me is simply that it's an invasion of privacy and just not right. With that said, I find myself wanting to go the extra mile to make my pc and my phone completely private from outside sources taking my information, watching my web searches and seeing my data. My question is, is it possible to be 100% secure and private, and if not, how close can we get, and how? I have heard that VPN's can achieve this. Is this true? and if so are there any free secure VPN's for our android devices and or pc's that are really good? Do VPN's slow down our devices? Also, Is there a way when we delete android files to permanently delete them? I noticed when I flashed my rom, after doing the complete wipe that is still contains files from before the wipe.
(I know this isn't a pc forum, I only included the pc because it's relevant.)
Thank you all in advance.
There are no data retention laws in the United States. Meaning, if a data center does not want to hold any logs to their users' activity, they're not required by law to do so. Multiple countries are similar, which is why I recommend using Private Internet Access for your VPN. They have a client for PC and Android and they're really great. I've been using them for many years and have had no issues. And, if you're really wanting to remain "anonymous", you can pay for your VPN subscription using gift cards from popular outlets like Walmart, Starbucks, etc. And for search engines, I'd recommend DuckDuckGo, which doesn't log anything you search. For PC, I'd recommend disabling your IPv6 protocol in your router settings and getting uBlock Origin, HTTPS Everywhere, and PrivacyBadger. They're wonderful add-ons for Firefox or Chrome. uBlock Origin and PrivacyBadger can block WebRTC leaks which would leak your IP address and can be used to identify you. If you want more information, feel free to reply to my post and I'll help you out as much as I can.
Hoxic said:
There are no data retention laws in the United States. Meaning, if a data center does not want to hold any logs to their users' activity, they're not required by law to do so. Multiple countries are similar, which is why I recommend using Private Internet Access for your VPN. They have a client for PC and Android and they're really great. I've been using them for many years and have had no issues. And, if you're really wanting to remain "anonymous", you can pay for your VPN subscription using gift cards from popular outlets like Walmart, Starbucks, etc. And for search engines, I'd recommend DuckDuckGo, which doesn't log anything you search. For PC, I'd recommend disabling your IPv6 protocol in your router settings and getting uBlock Origin, HTTPS Everywhere, and PrivacyBadger. They're wonderful add-ons for Firefox or Chrome. uBlock Origin and PrivacyBadger can block WebRTC leaks which would leak your IP address and can be used to identify you. If you want more information, feel free to reply to my post and I'll help you out as much as I can.
Click to expand...
Click to collapse
Hoxic,
Thank you for all of the information. With the private internet access VPN on my PC and android, will that slow down anything like web surfing, uploads or downloads? I am limited to using Verizon's high speed DSL connection as they refer to it, (I refer to it as slowest speed connection lol) in my neighborhood and this is the only provider for me so it's already pretty slow compared to Fios and other broadband connections. I would hate to slow it down any more.
You mention to pay for these services using gift cards and such. Well as I mentioned, I do not have anything that I am actually worried about anyone seeing, this is simply my way of trying to protect my privacy so I wouldn't go that far but I am curious about that statement. Do you mean that using a VPN truly isn't private or is this just to remove any paper trail linking me to the use of a VPN provider? I have been using DuckDuckGo for several years already just to stop google from taking and selling my info. Weather it truly works or not I dont know but its a great search engine anyway so I figured why not use it.
Your advice to disabling IPv6 protocol in my router settings: I do not see anywhere in my router settings to do this so I googled it, and it looks like there's a way o do this in windows. Is that different that what you're advising? Also I read a windows blog on this and windows 10 says IPv6 is a mandatory part of Windows that they do not advise on disabling. Can you give me some more detail on this, and how to disable it, assuming the windows warning is bull.
Thanks for all of your help.
Private DNS has been around for a little bit on newer devices. However, finding a service that provides both the Private DNS side (TLS) and ad-blocking, filtration of bad domains, etc., has been another whole mess.
I've launched a donation-backed Private DNS service which provides an internet-side option. Think pi-hole style blocking without needing a VPN or only working from your LAN.
What's this entail?
1. Running Android Pie (or anything with the feature ported to it)
2. Using a custom Private DNS Server address that I will provide.
What happens?
1. Your DNS requests are routed via DNS-over-TLS to my CDN virtual machines.
2. Your DNS requests are then locally processed through several internal systems including the infamous Pi-Hole.
3. Final data requests from the local resolver are forwarded via DNS-over-HTTPS to root DNS servers such as 1.1.1.1 and others that are found to support HTTPS protocol.
4. No personal data is stored. Only data with respect to filtration is stored such as blocked versus permitted domains, hit/misses, and caching statistics to continue to develop a more fluid system.
What do I do?
Put "DNS.DEREKGORDON.COM in your Private DNS settings for Android.
Use IP address 35.243.170.151 for other applications to include your home network router, ChromeOS, etc.
Like it? CONSIDER DONATING. This system is kicking out almost one million responses a day for users.
More information is at http://www.derekgordon.com/dns/.
Always provide THANKS no matter what folks. It's the nice thing to do....
So we are looking at a encrypted dns with ad blocking? I would be into trying that.
I'm using dns.agduard.com at the moment on my Huawei P20 pro running Android pie.
Have a number of people using it without issue now....
Check it out here:
https://www.derekgordon.com/dns
crypted said:
Have a number of people using it without issue now....
Check it out here:
https://www.derekgordon.com/dns
Click to expand...
Click to collapse
I'm gonna check it out
Cool. Give it a go. My only concern now rests with the attack prevention stuff I've added. It rate limits and bans those who are hitting the server or servers if expanded quite hard. Basically it's to ward off attackers. Anyway no bad reports from it but it's the only factor I'm not totally sure of.
Gonna give it a shot and give you my results in 24hrs.
Cool. I have zero issues on our family's Pixel 2s and 3s. No one said much bad except someone who had login issues on an Xbox when they used the system for their network's DNS. I solved that for them.
Note I'm not filtering Google ads domain as a few people complained since they click the first couple links on Google. I haven't felt intruded upon by ads with this change since making it a couple weeks back.
hi,
sometime i can use this dns, sometime cannot.
my mi 8 using baskalos rom stated coudlnt connect.
issit because of my isp?
Very strange. No one has reported that issue. Is it the same result on WiFi vs mobile data? Want to give me your IP to search logs?
I've used the server in four countries on various WiFi and mobile netwiens without issue on Pixel 3.
How did you get the Private DNS in android Pie to recognize your dns server? I've got my own pi-hole server, yet when I put in my FQDN, I lose internet access on my phone.
First, I don't use Pi-Hole only. I made a custom Debian image and deployed it into the world of CDN. Pi-Hole's opensource software was incorporated as one of my mechanisms for blacklists.
To your point on connection, you need two things: 1) a TLS server to establish the connection and 2) signed certificates for the domain you are using installed on your server. Android will connect via TLS and will verify that your certificate is valid against its root certificates on the device.
Happy note - my server is providing over 250,000 queries daily now and over 90% connect via TLS so that indicates lots of happy Android users.
I'm check yours out and see how well it compares to the VPN connection I currently use to my pihole.
Been loving your Private DNS so far. Great job on it. Question though, do you have a form or something for people to submit domains that are blocked and shouldn't be?
Hey. Feel free to tell me these domains. There is such high usage and hardly any feedback so I haven't even thought about it. I could make a Google Form later.
Actually, I had a spare moment at lunch. Try this: https://forms.gle/oGtAFKAc7yJPmmEZ6
crypted said:
Actually, I had a spare moment at lunch. Try this: https://forms.gle/oGtAFKAc7yJPmmEZ6
Click to expand...
Click to collapse
Was gonna request https://go.redirectingat.com be unblocked since many many sites use it to link to products on sites like Walmart and Amazon. Can't use that form though since you require a screenshot URL, and I can't screenshot a redirection site.
You figured out a good workaround to make your request. Processing now, give it a minute and should be good.
All of your requests are cleared if you didn't notice yet. Happy browsing.
Not really sure how to publicize this and it probably isn't worth trying to do... But for those who do use this, and there are plenty of folks, I have been working on some changes.
1. These will not work with Android as I don't have the extra cash to blow on more SSL certificates. But, they will work for home networking purposes:
US.EAST.DNS.DEREKGORDON.COM
US.WEST.DNS.DEREKGORDON.COM
DE.FRUNKFURT.DNS.DEREKGORDON.COM
BR.SAO.DNS.DEREKGORDON.COM
2. DNS.DEREK.GORDON.COM is now a pool of a number of VM instances that are connected to Google's CDN. It will grow as necessary. This helps spread out some of the intensity that has been hitting the TLS daemon.
3. Servers will automatically reboot between once a week to every other week depending on load and latency. Sometimes the intense flood of queries really makes things sluggish. Reboot takes just a few seconds and I'm working for it to time it during off-peak hours so hardly anyone will notice.
Hi, I have my own pihole installed on aws server. Could you please share tutorial how could i make it work with private dns in android pie. Thanks.