DNS Leak on iOS

Hello,

I am getting DNS Leaks using Blokada, using the Blokada Profile for iOS on iOS 15.0. I tried to disable IPV6 in the Router and no changes.

Hi,
Blokada Cloud is using Google DNS.
We filter your traffic on our servers and relay the dns queries to Google DNS.
Don’t worry:
They won’t know who’s looking for what since all they see is Blokada Cloud looking up IPs and web adresses on their DNS database
Here’s more:

That’s scary, even if you filter it. I also saw a connection to ‘ghs.googlehosted.com’ in the logs.

1 Like

Is there not a more elegant solution that one can see and verify it goes through Blokada - or that you get your own DNS Resolver?

But even then, surely even Quad9 would be more decentralised.

2 Likes

If there’s activity in the activity screen on app.blokada.org that shows its working

It’s critical that user-side choice of DNS provider is not limited beyond the v4/v5 (Android) in-app DNS list. I’ve never used Google DNS for very good reason.

Moving beyond the privacy concerns of Google DNS, is the censorship. This is why the option to change DNS servers on the fly has been a feature of Blokada. When Cloudflare arbitrarily blocks access to Archive.is/Archive.today/Archive.ph, I switch to DigitalCourage. DigitalCourage doesn’t have enough servers in North America, and thus is too slow to be my primary DNS provider. Plus I like the option to switch to Cloudlfare’s malware protection servers, using AdGuard DNS to lighten the app adblocking load (until it’s server addresses got mixed-up in Blokada), and was on Quad9 for a few months until it became ridiculously overhanded on website filtering/censorship.

If Cloud is going to be the ultimate stand alone on both iOS and NOW Android (le sigh), then it must offer the same granular controls — especially with DNS. A cloud-based solution is not the best solution in the use-case of what’s supposed to be a system-wide firewall, DNS “changer,” and ad-blocker. That is what Blokada is.
Not to mention, the moment your servers go down, or inevitable DDoS attacks, there’s no ad blocking or DNS for the user.

Lastly, I have concerns regarding Blokada’s pricey VPN service that offers to tunnel traffic thru “Blokada’s” own encrypted DNS servers. Are these also Google’s? See Mullvad VPN for industry standard ethical privacy standards & provider that fully encrypts traffic thru their own DNS. I’ve long waited to see Blokada VPN’s privacy policy, no logs policy, whether you’ll implement a canary in case of search warrants, etc so I could finally use a VPN with Blokada, but no dice. Please post.

for iOS one can just create/install a Profile, avoiding another App that chews battery.

What I do agree with and a major concern, is the Google DNS servers. These should be changeable in the WebUI for Blokada Cloud, to remain flexible for all clients/profiles/settings.

Cloudflare is a pariah, blocking all Tor addresses and making the Internet unusable.

DigitalCourage doesn’t has a single server outside of Germany. They’re a german NGO

Blokada Cloud was created to offer stable adblocking on ios again. This was made necessary by apple changing their ads framework. Blokada cloud for android is being pushed to the Google play store since that’s where our app got kicked out regularly

I’m really sorry to disappoint you here but the bloka AB is based in Sweden.
Hence Swedish jurisdiction applies not US jurisdiction or something similar.
There is no law which forces it to listen to it’s users hence such a warrant canary wouldn’t really serve any purpose - at least that’s my takeaway here
It might look good,
But it’d be pretty useless
As long as there’s no law forcing us to log anything, we can’t share anything
Sure… A warrant canary might look good and maybe make you “feel” better.
But it wouldn’t serve any purpose at all here. It’d just be a piece of text on a website with no meaning because nothing is connected to it
Welcome to Swedish legislation.

Here’s the privacy policy of blokada+

And here are the ToS:

You seem to confuse something here.
Blokada+ ≠ Blokada Cloud.
Blokada cloud is part of Blokada+ but contrary to blokada cloud blokada+ also offers wireguard based VPN. Here’s a quote on that. @balboah might be able to assist me with the technicalities on all this

2 Likes

Hello :wave:

I’m not sure if it was clarified yet but I’ll add that when using Blokada Plus there will be no interaction with Google DNS and you will be using the Blokada resolver dedicated to Plus users. This is the service that we expect privacy focused individuals such as yourself to use.

When using Blokada Cloud, queries that are not already cached will be resolved using Google DNS as described by @PrintableCharacter. Blokada Cloud focuses on ad-blocking with reliable performance, while still adding to privacy as you’re proxied through Blokada. But it doesn’t provide the privacy level of Blokada Plus, Blokada Cloud on its own is not a VPN service and shouldn’t be compared with VPN service providers.

Blokada Cloud for Android is optional and will be a separate app download. Read more here:

3 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.