Mikelius

Glad it's getting a little more light. Been trying to tell people this for a few years now lol. It's the reason I've stayed away from it since first learning of the tool and looking at the "source code".

Hey this is pretty nice and simple, I like it. Had to hold down on the app to select the settings to change my server, would be nicer if that settings button was within the app itself... But got it pointing to my self-hosted instance and tested it out. Works perfectly! Thanks for sharing

I personally use mullvad for all outgoing traffic and then airvpn for any let forwarding I require. Basically airvpn is exclusive to incoming traffic, like my self hosted services or game servers, and then anything I do on the internet routes through mullvad. All setup through opnsense since they both support wireguard.

I always had issues with proton's port forwarding being reliable in the past. That being said, if you need things like video streaming services, mullvad seems to be having a hard time with these recently where as proton worked well for me back when I used it (unsure if that's still true).

I'll have to check out TrackerControl, that's a new one to me!

I have seen app manager but currently use AppOps. I didn't recommend AppOps above because I'm not sure it's still supported or not, and it's also not really Foss. It's treated me well over the years, but I'm definitely interested in finding a better alternative. The last time I checked app manager, it wasn't as good... But maybe that's changed as it's been several years now so I think I might be due for looking at it again!

My wireguard connection on my phone connects to my home network to an pi hosting my internal VPN... But the network is completely covered by a mullvad VPN through opnsense. I've got pihole setup using the mullvad anti-trackkng private DNS. With this setup, the only real need I have for root on my phone is because I do some pretty low level automation on it through crond and some backups of core app data that I'd really hate to lose... And the complex firewall rules lol.

1. AFWall+ firewall to allow list apps to internet using your preferred method (e.g. VPN, wifi, data, etc)
2. PcapDroid to help monitor and analyze packets, or to just confirm things aren't communicating unexpectedly
3. AdAway if you're not using your own dedicated dns over a permanent VPN connection

If not all 3 of these, AFWall is probably the best to go with. Having a way to not only block Apps, but also define your own custom firewall rules is very powerful. For example, I redirect all DNS requests to my own DNS with a custom rule (for apps, like Termux, using hardcoded DNS lookups instead of what the phone is set to)

Even if a game doesn't look like it'll work based on protondb, try it anyway. Many times I've had games that were marked as low ratings start up without any changes lol. I remember even when d4 beta came out, I saw people struggling to install and play it on the first weekend... Worked out of the box for me.

I'd do my part in buying games from them more if they didn't block my home network from their website lol. Yes it's behind a VPN, and no I'm not turning it off to give up my privacy just to buy something I can get from stores that won't block me.

I honestly used to buy games from them a lot, but once their website became inaccessible, I sorta forgot about them. Surely I'm not the only one right...?

I personally use it on a protectli with the 2.5G ports. I also replaced my ISP modern with a protectli running OpnSense. Decided to opt into that as my solution to have two different softwares protecting my network and also so I could scope internet facing devices at the OpnSense level instead of internal to the network. Just in case they get compromised, they can't access the rest of the network. Call me paranoid... But I also find it much easier to manage lol.

This is what I use. The project is dead and had some bugs that kept it running on my system right away, but as it's open source, I was able to fix the code a little bit to success. Just wish it was a little friendlier on cpu or could be selective on which apps to run instead of recording nonstop regardless. I have it start up with Steam for now though.

Even if it's removed from fdroid because they want to close source it, I assume my current installations of their apps would be unaffected - just become stale and obsolete over time since they won't get updates... But as they're offline anyway, not too concerned in the short term. Hopefully the company respects the privacy amd care of the open source community and won't take that away from us, though. One way to find out.

I wish there were some descriptions per provider with the ratings. Mullvad gets constant tests by third party against their network and has proven many times they have a no log policy that's working, yet they got a 4 out of 5...

With only numbers and generic descriptions that don't quite match the truth, feels like this sheet is a little misleading. Also, I find it ironic that it's on Google sheets.

Ah got it. Looked at the open core link on there and like like all the features I use or care about are what's open source, so there are likely some other things out of scope for myself that aren't, and that's why I didn't notice. Thanks! 👍

Ahh okay, so not necessarily the entire software was a whole, but just a few things that would probably be targeted more towards the Enterprise folks? Assuming you don't mean the issue boards for codebases, but rather the support requests. Probably why I hadn't noticed, thanks!

Just curious, what part isn't open source? I'm running a dockerized instance of it on my local server and have made my own modifications to the rails code in several places to meet my needs closer. Haven't seen anything that would indicate it wasn't open source, so just wondering where I should be looking. Unless these comments are related to the .com website and not personal instances

Only 2 problems I have with Graphene personally is the need to give Google money, which the irony is just too much, and no option for rooting. Otherwise it seems like a pretty good OS overall. In the meantime, while I wait for those options to be more flexible so I can have full control, I just use a rooted lineage os with all the extra Google stuff (ntp, DNS, etc) stripped and replaced with my own self hosted systems.

This isn't really a "Linux" problem. Calling it a Linux problem implies all distros do the same thing out of the box because it's a part of the core system. Systemd has a file, /etc/systemd/resolved.conf which has one line DNS= that you can add the servers you want. It's as simple as that. If you're using Dnsmasq for DNS instead, you'd edit the Dnsmasq file. If you're not using my of those (i.e. you removed systemd-resolved, Dnsmasq, etc) then you can just edit the /etc/reeolv.conf directly without worry of it being overwritten.

While many distros come with systemd out of the box, not all of them do. For example, I use Gentoo with rc and after editing my resolv.conf, never had to worry about it again unless I decided to install a custom DNS software on it later.

I read many replies to your post as "DNS software shouldn't be allowed to change DNS settings" for the most part, and that doesn't quite make sense to me. If it's a problem, remove said software. Browsers are definitely annoying in the DNS front, I won't disagree with that. Fortunately, they allow you to turn that off though.

I personally prefer NoScript not for just the privacy stuff, but for the security of knowing that an accidental click to a malicious site using some zeroday JavaScript exploit won't kick in like it would, had it not been default blocked.

My NoScript profile is also fairly populated with things I've trusted over the years, so it's really only new websites that require JavaScript that I have to worry about.

Maybe just me being over cautious, but just keeps me at ease, personally.

I forward all router logs to a syslog server which then parses and alerts me of "unknown Mac addresses" joining the network as soon as even one log shows up. If you have a syslog server and some way to index/parse those logs, that's one way to do it

Text wall is too much to even try to read, but if this is what I think it is, I'd recommend for folks to buck up and go manual on data removal. Unless you want your info exposed even more, of course.

https://inteltechniques.com/blog/2023/09/19/the-dangers-of-data-removal-service-doxxing/

Just ran a Wireshark on it for 12 hours. The only thing it ever does is a frequent ping to their home site, but includes no useful data other than an IP address if you're not on VPN. I wouldn't worry about it personally. If it's a big deal, DNS block darkreader.org or block pings to it through your firewall... Chances are it's just to download the latest css rules when they have them or something.