mmmm
Honestly my opinion is underinformed, I only started looking into RethinkDNS a few days ago.
My understanding is that vanilla RethinkDNS can help you monitor network traffic (similar to tools like LittleSnitch, Wireshark, etc) and then block domains that you disagree with (firewall). I think there's more to say about this, but I lack the expertise to type it up. Would appreciate anyone else's input / correction.
The drawback is that it uses up the one and only active VPN slot on your pixel, without actually being a VPN - you don't get the benefits of a VPN that way. From the Rethink site:
It isn't a VPN, at least not yet. Though, it is effective in circumventing internet censorship in most if not all countries. Rethink DNS uses VPN APIs to only route the DNS traffic and not the actual internet traffic.
Rethink DNS isn't a tracker. Rethink DNS logs DNS requests if a user opts-in. Rethink doesn't sell any user information or use it for anything else other than to provide analytics and reports to the user.
https://rethinkdns.com/faq
After some research, I did find that variant linked in my last post, which allows one to use a Wireguard protocol compatible VPN (like ProtonVPN) and get the benefits of RethinkDNS, all in one app and active VPN slot on your device.
I don't consider this to be as trusted as vanilla Proton VPN, so it will not be my daily driver. But I think its interesting and good for testing like this. Proton's disclaimer:
we strongly recommend using WireGuard via our apps as this is the easiest way to use WireGuard, and it allows you to benefit from many of Proton VPN’s advanced features. For example:
Kill switch and permanent kill switch
Smart protocol
DNS leak protection
Port forwarding (Windows only)
However, Proton VPN’s implementation of WireGuard follows the official open-source specifications for the protocol. This means that advanced users can use any WireGuard client that also matches official specifications to connect to Proton VPN servers using WireGuard
https://protonvpn.com/support/wireguard-configurations/
Its interesting to note that the official GOS site also does speak favorably of RethinkDNS:
If you're using a VPN, we recommended against having a Private DNS server configured. If you want to filter traffic while using a VPN, use a VPN service app able to do both such as RethinkDNS. Private DNS also interacts strangely with multiple profiles since each profile has their own VPN configuration but Private DNS is global. Either leave Private DNS on the default Automatic mode or set it to disabled when using VPNs.
https://grapheneos.org/faq#vpn-support