Installed https://f-droid.org/en/packages/org.adaway/, but did not work. There was root or through VPN option. I choose VPN, because as I understand we do not have access to root through new phone, web install, etc. Do not exactly remember what issue was with VPN but just did not work.

I am rightly assuming solution can be a simple host file modification through ADB without causing system issues?

  • de0u replied to this.

    maqueen I am rightly assuming solution can be a simple host file modification through ADB without causing system issues?

    I am not an expert, but I believe this approach has been discussed on this forum and strongly recommended against. Maybe try the search function?

    • de0u replied to this.

      The ideal way to solve this issue would be to run a small DNS server on the phone, set the custom DNS server to localhost, and have the locally running server implement the filtering for blocked domains, or forwarding for all other domains.

      The "private dns" setting on GrapheneOS should make this possible, as long as it doesn't reject localhost.

      "If your end goal is to block sites, you don't want to have accessible, then there are apps that can do that for you (they'll have to occupy the VPN slot), or you could use a DNS that blocks these sites instead. Editing the hosts file or anything like that are obsolete methods of doing what you'd like to achieve and not really compatible with a modern secure OS.

      I hope that helps! If you need further guidance/more specific recommendations, let us know."

      So what exactly are the 'methods', or recommendations, IF host modification method obsolete and the app above does not work?

      You could try something like NextDNS. Android Offers the option to set a private DNS.
      You could also try another App that mimics a VPN to block ads and trackers, like Adguard

      The problem with using a VPN hack to implement this, is that it wastes your VPN.

      I am also not a big fan of VPN running all the time either, like for specific instances,so then I have to toggle Adguard on and off when I want to browse?...

        • [deleted]

        maqueen if you use Vanadium, you may have noticed most of the ads get blocked. If you use another browser i.e. firefox, mull, you can use addons to filter them out.

        I have only used Vanadium since installing graphene. The only reason I started looking was because ads stuck out so much. Not my usual browser experience on any devices as I have usually done host modification first off...

        maqueen

        You arent actually running via a vpn. Its just that what android calls the functionality for an app to have full control over and visibility into your networking.

        Often this functionality is used by apps that are designed to route connections via VPN, but its also used by apps that aim to monitor or control network connections.

        If you want to block ads and you dont use a VPN best bet is probably to turn on the functionality in Settings > Network > Private DNS
        Use
        dns.adguard.com
        or something similar.

        If you use a VPN, to blend in its best to use their DNS. If you are lucky like mullvad theyll have a adblocking option

          Okay, work with me here.

          I would install adguard (again).
          Settings > Network > Private DNS > do as instructed

          And, I would not have the VPN key showing at top (and on) constantly?

            maqueen thats right. No need to have an app at all just put that in the settings

            This option, while not as great, does do some work on ads which works better than nothing. I guess the search becomes looking for the better DNS options. Thank you!

            dazinism You arent actually running via a vpn. Its just that what android calls the functionality for an app to have full control over and visibility into your networking.

            That isn't quite accurate.
            While it is true that these adblockers don't actually implement a VPN, they still use VPN functionality and prevent you from simultaneously using a real VPN.

            The fake-VPN allows the locally installed application to intercept DNS requests to unwanted domain names.

            Yes, you can technically use a different DNS server to do this, HOWEVER, the DNS lookups will still occur, including the latency and lookup times associated with those network requests. The only way to avoid this performance penalty is to either run a LOCAL DNS server, which I don't think is possible on regular AOSP, or to use the VPN functionality.

            Actually not really sure what I said which was not accurate?

            I didnt mention the limitation that theres a slot for only one of these VPN / "fake VPN" apps for each profile (work or user), which can be occupied by an app which then controls network traffic from just that user. But that didnt feel relevant.

            It is however possible to have a "fake-VPN" app, which is occupying the slot handle traffic and then forward it on through a VPN. Just that has to be done via apps that support this method of operation.

            eg. apps such as Netguard and Invizible Pro can be run in the VPN slot and support sending all their outbound traffic via SOCKS5.

            There are also VPN apps, which dont need to occupy the android VPN slot, which can receive network traffic via SOCKS5 and route that onto a remote VPN. The wiki on Invizible Pro github has an example of such a setup.

            4 months later

            The problem with using a VPN hack to implement this, is that it wastes your VPN.

            Ann app can provide both.

            Providing a custom DNS resolver via a VPN service app works fine too. A VPN service app is responsible for providing DNS and can do that without actually routing traffic through themselves, meaning there's already a very efficient way to run a custom DNS resolver with anything you want like an alternate encryption approach than DoT/DoH, filtering the requests, monitoring the requests, etc. This can be a standalone app or can be part of an app providing support for VPN connections like OpenVPN, WireGuard, etc. It's entirely possible via apps already in a well implemented, reasonable way and therefore this doesn't need to be built into the OS.

            Has already mentioned look into nextDNS