Hi! ignoramous Could you please explain the reasoning behind locking local DNS filtering in Advanced proxy mode? My friend recently pointed out that Rethink's advanced proxy mode forces to use an external, non-proxy DNS, which defeats the whole purpose of VPN.
I'm confused, are you saying that if we use the proton mail with our graphenos phone google can track us?
OK... So...
Uh.
What stuff can I use alongside the Mullvad App? I don't want to use wireguard and non-mullvad DNS because Mullvad has lockdown and always-on, and using non-mullvad DNS makes my fingerprint more unique.
I really just want to use RDNS to block apps like discord and proton mail from connecting to anything except what they strictly need to connect to in order to function.
Aka, I only want the local, on-device filtering, and I don't know enough about anything to know what is local and what will mess up the Mullvad App.
GlytchMeister don't want to use wireguard and non-mullvad DNS because Mullvad has lockdown and always-on, and using non-mullvad DNS makes my fingerprint more unique.
Lockdown and always on can be done in the system VPN settings. And Mullvad DNS can be added to the wireguard config.
It appears that only the ProtonMail app uses Firebase.
Proton Mail - ProtonMail-4.0.14_9270.apk
Services - ProtonMail-4.0.14_9270.apk
androidx.appcompat.app.AppLocalesMetadataHolderService
ch.protonmail.android.mailnotifications.data.remote.fcm.PMFirebaseMessagingService
com.google.firebase.components.ComponentDiscoveryService
com.google.firebase.messaging.FirebaseMessagingService
androidx.work.impl.background.systemalarm.SystemAlarmService
androidx.work.impl.background.systemjob.SystemJobService
androidx.work.impl.foreground.SystemForegroundService
androidx.room.MultiInstanceInvalidationService
com.google.android.datatransport.runtime.backends.TransportBackendDiscovery
com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService
Receivers- ProtonMail-4.0.14_9270.apk
ch.protonmail.android.mailnotifications.data.local.PushNotificationActionsBroadcastReceiver
ch.protonmail.android.mailsettings.presentation.settings.autolock.broadcastreceiver.TimeSetBroadcastReceiver
me.proton.core.notification.presentation.deeplink.DeeplinkBroadcastReceiver
com.google.firebase.iid.FirebaseInstanceIdReceiver
androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
androidx.work.impl.background.systemalarm.RescheduleReceiver
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.diagnostics.DiagnosticsReceiver
androidx.profileinstaller.ProfileInstallReceiver
com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver
Providers - ProtonMail-4.0.14_9270.apk
androidx.startup.InitializationProvider
com.google.firebase.provider.FirebaseInitProvider
io.sentry.android.core.SentryPerformanceProvider
leakcanary.internal.PlumberInstaller
####################################
ProtonCalendar-Android.apk
Services - ProtonCalendar-Android.apk
me.proton.android.calendar.CalendarWidgetRemoteViewsService
androidx.work.impl.background.systemalarm.SystemAlarmService
androidx.work.impl.background.systemjob.SystemJobService
androidx.work.impl.foreground.SystemForegroundService
androidx.room.MultiInstanceInvalidationService
com.google.android.gms.auth.api.signin.RevocationBoundService
com.google.android.datatransport.runtime.backends.TransportBackendDiscovery
com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService
Receivers - ProtonCalendar-Android.apk
me.proton.android.calendar.ProtonCalendarBroadcastReceiver
me.proton.android.calendar.CalendarWidget
me.proton.core.notification.presentation.deeplink.DeeplinkBroadcastReceiver
androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
androidx.work.impl.background.systemalarm.RescheduleReceiver
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.diagnostics.DiagnosticsReceiver
androidx.profileinstaller.ProfileInstallReceiver
com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver
Providers - ProtonCalendar-Android.apk
androidx.startup.InitializationProvider
io.sentry.android.core.SentryPerformanceProvider
################################################
Proton Drive
Services - Proton Drive
androidx.work.impl.background.systemalarm.SystemAlarmService
androidx.work.impl.background.systemjob.SystemJobService
androidx.work.impl.foreground.SystemForegroundService
androidx.room.MultiInstanceInvalidationService
com.google.android.datatransport.runtime.backends.TransportBackendDiscovery
com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService
Receivers - Proton Drive
me.proton.android.drive.receiver.NotificationBroadcastReceiver
me.proton.core.notification.presentation.deeplink.DeeplinkBroadcastReceiver
androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
androidx.work.impl.background.systemalarm.RescheduleReceiver
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.diagnostics.DiagnosticsReceiver
androidx.profileinstaller.ProfileInstallReceiver
com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver
Providers - Proton Drive
androidx.startup.InitializationProvider
androidx.core.content.FileProvider
me.proton.core.drive.documentsprovider.data.DriveDocumentsProvider
me.proton.core.drive.documentsprovider.data.DriveFileProvider
io.sentry.android.core.SentryInitProvider
io.sentry.android.core.SentryPerformanceProvider
leakcanary.internal.PlumberInstaller
####################################
Proton VPN - ProtonVPN-5.3.93.0.apk
Services - ProtonVPN-5.3.93.0.apk
com.protonvpn.android.vpn.wireguard.WireguardWrapperService
com.protonvpn.android.vpn.openvpn.OpenVPNWrapperService
com.wireguard.android.backend.GoBackend$VpnService
com.protonvpn.android.components.QuickTileService
com.protonvpn.android.ui.settings.AppInfoService
androidx.work.impl.background.systemalarm.SystemAlarmService
androidx.work.impl.background.systemjob.SystemJobService
androidx.work.impl.foreground.SystemForegroundService
androidx.room.MultiInstanceInvalidationService
Receivers - ProtonVPN-5.3.93.0.apk
com.protonvpn.android.OnUpdateReceiver
com.protonvpn.android.notifications.NotificationActionReceiver
com.protonvpn.android.quicktile.QuickTileActionReceiver
me.proton.core.notification.presentation.deeplink.DeeplinkBroadcastReceiver
androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
androidx.work.impl.background.systemalarm.RescheduleReceiver
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.diagnostics.DiagnosticsReceiver
androidx.profileinstaller.ProfileInstallReceiver
Providers - ProtonVPN-5.3.93.0.apk
androidx.core.content.FileProvider
androidx.startup.InitializationProvider
io.sentry.android.core.SentryPerformanceProvider
################################################
Is Proton notification data end-to-end encrypted or only point-to-point encrypted?
Reference: https://firebase.google.com/docs/cloud-messaging/concept-options#encryption_for_data_messages
[deleted] I believe e2e
https://proton.me/blog/proton-vs-tuta-encryption
This is specifically referring to the calendar app, but I doubt its any different with email. Worth double checking.
The calendar app does not appear to use Firebase.
[deleted] Neither does Drive but both Calendar and Drive have google mentions in the lists kindly provided by CyberAU above. Are they somehow different than Firebase?
Firebase Cloud Messaging (FCM) - "Using FCM, you can notify a client app that new email or other data is available to sync." Reference: https://firebase.google.com/docs/cloud-messaging/
If Proton email notifications are only point-to-point encrypted, I suspect it would be possible for Google to read the content of the notifications. Thus my previous question:
Is Proton notification data end-to-end encrypted or only point-to-point encrypted?
newbie24689 For now, I am happy to uninstall the Mail and Drive apps and revert to using Vanadium (which I also have used when I need to access my bank). I never used Proton notifications and have no Google services installed so this is disappointing to find that Proton have this in their apps. If they are good to their word and remove this in the future, I shall reinstall them. I suppose that I am fortunate in that I find that convenience is a luxury rather then a necessity in my life.
Proton Web App URL's
Proton Mail
https://account.proton.me/mail
Proton Calendar
https://account.proton.me/calendar
Proton Drive
https://account.proton.me/drive
Proton Pass
https://pass.proton.me/
It is a bit disappointing that proton will not allow you to use another email app (for example k9 mail) with your proton mail address, they force you to use the proton mail app.
[deleted] Is Proton notification data end-to-end encrypted or only point-to-point encrypted?
Have you reached out to proton? Just ask them. I'm 90% certain I read somewhere they're e2ee but I'm afraid I can remember where.
Edit- I found where I saw it. It was a reply to a random question on an Instagram post. If you so wish, browse the proton instagram page until you see the post regard apple and their fake privacy promises, its in the comments there. Or like I said ask them.
[deleted] Could you please explain the reasoning behind locking local DNS filtering in Advanced proxy mode?
Rethink's On-device blocklists should continue to work regardless of WireGuard running in Simple / Advanced modes.
[deleted] My friend recently pointed out that Rethink's advanced proxy mode forces to use an external, non-proxy DNS, which defeats the whole purpose of VPN.
In Advanced mode, Rethink does not split-tunnel DNS (because it isn't possible on Android to do so). And since multiple WireGuards are active, Rethink doesn't know which DNS upstream to choose and hence falls back to using user-preferred DNS as set in Configure -> DNS.
If there are one or more Advanced WireGuard configurations that are set to be Always-on, Rethink would proxy user-preferred DNS over it (unless Never proxy DNS is turned ON in Configure -> DNS).
GlytchMeister because Mullvad has lockdown and always-on
fwiw, Rethink also supports Always-on VPN and VPN Lockdown (aka Block connections without VPN).
GlytchMeister I only want the local, on-device filtering
Rethink can of course do a lot more; and so, it is advisable to continue using Mullvad's official app along with their content-blocking DNS upstreams (which aren't as configurable as ControlD/AdGuard/NextDNS etc), but hopefully it'll be someday.
ignoramous it is advisable to continue using Mullvad's official app along with their content-blocking DNS upstreams (which aren't as configurable as ControlD/AdGuard/NextDNS etc), but hopefully it'll be someday.
What is meant here by "configurable"? As in, you can specifically select domains to deny/allow similar to something like uBlock? I've not used those three services before, but are they more configurable than these Mullvad DNS options?
Dumdum As in, you can specifically select domains to deny/allow similar to something like uBlock?
Yes.
Dumdum I've not used those three services before, but are they more configurable than these Mullvad DNS options?
Yes, they are. Think of those services (AdGuard DNS, NextDNS, ControlD) as if you were running your own pi-hole instance (but of course it isn't yours per se, and you must trust those services to respect your privacy).
Just found this: https://www.reddit.com/r/ProtonMail/comments/1cmcre5/concerns_about_privacy_does_proton_mail_still_use/
Proton responds that notifications are end to end encrypted and that they are working on creating their own system of push notifications for the future.
ignoramous And since multiple WireGuards are active, Rethink doesn't know which DNS upstream to choose and hence falls back to using user-preferred DNS as set in Configure -> DNS.
I only use 1 Wireguard connection at a time, but Rethink still chooses user-preferred DNS. I use advanced mode only because it's impossible to leak network activity by accidentally stopping RethinkDNS. I'd love to see the Lockdown/Always-on implementation for Simple Mode as well..
