• TheAnonymouseJoker@lemmy.ml
    link
    fedilink
    arrow-up
    13
    ·
    edit-2
    6 months ago

    I think the problem is Reddit user (who Mullvad cites) not knowing that the Private DNS feature in AOSP/Android defaults to Google or Cloudflare DNS, and that you need to set a custom DNS of your choice to prevent this.

    AdGuard provides a whole list of DNS providers to pick from. Pick a hostname from DNS-over-tls row for any provider, remove the “tls://” part and enter the rest in Private DNS custom option.

    https://adguard-dns.io/kb/general/dns-providers/

    • youmaynotknow@lemmy.ml
      link
      fedilink
      arrow-up
      4
      ·
      6 months ago

      If you do this, you’ll be using the DNS you assign instead of using the VPN’s DNS, as intended. That will make you stand out from the rest of the same VPN users, effectively affecting privacy.

      • TheAnonymouseJoker@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        6 months ago

        Either stand out or let your ISP or Google/Cloudflare or VPN read all your domain visit queries. It is better to not let ISP or Big Tech decipher your internet history for obvious reasons.

    • Scolding0513@sh.itjust.works
      link
      fedilink
      arrow-up
      1
      ·
      6 months ago

      mine gives me three choices. Off, Automatic, and Private DNS (type in your own). should i set mine to off then? will that prevent the leak?

      • TheAnonymouseJoker@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        6 months ago

        I am not sure what off does. Might need to recheck Android documentation. But I remember the custom one definitely uses whatever you set, and nothing else. No Google/Cloudflare DNS.

        For example, if you like AdGuard, you can just enter dns.adguard.com there.

          • TheAnonymouseJoker@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            6 months ago

            Automatic on Android always falls back to Google or Cloudflare DNS in the same way systemd DNS resolving works. Or if that does not work, ISP is being sent whatever domain queries user is requesting directly. I am going off from connecting the dots between what I know about Private DNS from Android documentation, and what the Reddit poster did not mention who Mullvad cited in their blog post. I am assuming that the time gap between Android’s killswitch turning off and on with always-on settings is giving time for DNS queries to go through (detected by Wireshark), and since the default DNS provider is almost never set by people on Android, this may be happening.