Important announcement regarding Blokada for iOS

Dear Blokada,
I am using your paid service on several devices.
With the latest blokada update on an iOS device I noticed that you are forcing me to use your DNS services which I feel uncomfortable with, since it would mean that through my DNS queries you would technically be able to log those which I feel somewhat uncomfortable with.
Since I am happy with the filtering happening on my device by filtering the stuff coming through my VPN to your service I would like to know why I am required to use your DNS services on my iOS devices.
Thanks for looking into this r for me.
-fuchs

1 Like

Hi there,
Here you go: Regarding iOS 14.5 update changes in adblocking

1 Like

Thank you,
but simply saying it doesn’t work anymore is not a sufficient answer to my privacy concern with regards to Blokada Cloud. I should not be required to trust Blokada or their business model at all or only to as little extend as possible.

  1. I would kingly ask you to explain the technical details of what has happened in much greater detail, thus the community can see and judge the problem on their own

  2. How can Blokada find a solution in which I remain free to use the DNS servers of my own choosing and not rely on Blokada to “see” everything?

fuchs

obviously I am asking kindly not kingly
Sry for that!

That doesn’t meaningfully answer the question. You note “some breaking changes in their ads framework” but don’t specify what they were.

If there were one, we’d offer that. But there isn’t. Hence Blokada hosted the cloud itself to ensure a suitable privacy policy and protection

1 Like

So it’s no longer free?

We don’t know the in depth details of what Apple changed in their ads framework.
However I can explain a bit of the differencea with Blokada v5 vs v6 for iOS.

Blokada v5

We implemented a “fake VPN” to be able to run background processing and to change the DNS configuration, apps are not allowed to run in the background on iOS except for special cases like VPN apps. This is not how Apple wants you to use the VPN api, they may reject apps doing this at any time.

On your phone, we would run an entire DNS server that process your requests and applies the filters you configured. Your phone would search the blocklists for each and every query.

As Mobile devices have special environments, you might get interrupted and go to sleep at any point in time. This causes issues when you try to keep connections open to resolve DNS queries as fast as possible.
It was hard to be conservative with battery, while still running a full blown DNS server and client and while having to re-establish connections.

Apple then also changed something in their iOS 14.5 update that caused Blokada to not receive all traffic any longer. Users reported that this and that app no longer had their ads blocked, some had issues with internet being completely unavailable, other said that internet was super slow.

All this made us look for alternatives to this fake VPN approach.

Blokada v6

In this latest version, we introduced Blokada Cloud. It basically moves all the processing from your phone to the cloud. This means we no longer need a fake VPN, instead we use the DNS api provided by Apple since iOS 14.
Blokada Cloud acts as a (highly customizable) DNS server which the native client provided by Apple can talk to, this is exactly how Apple wants you to use their DNS api. It’s no longer a work around.

Your phone no longer needs to maintain a full DNS server running on its own, it no longer needs to process and filter queries. Apple manages the connections and power management to keep things smooth in between when your phone sleeps.

All your queries are encrypted between your phone and Blokada Cloud, where the filtering can be made much more efficient at the server side than in your phone. Your battery doesn’t have to suffer any longer.

This also allows you to configure and manage all your devices that supports encrypted DNS (DoH/DoT) on the same subscription, either with the native app or by going to app.blokada.org.

Unfortunately this trust issue will have to be there in Blokada v6. Yes we could in theory take all those queries and sell them to someone. But we don’t, instead we have a subscription plan.

1 Like

I have a plus account and all the sudden I have ads! I play on an iPhone and iPad.

Please reach out to hello@blokada.org with your account info and I’ll help you.

Thank you @balboah,

I appreciate you giving us an insight into some of the technical backgrounds. I am still hesitant with regard to the cloud solution but I think I now understand better why you set up Blokada as the DNS-Server - since the cloud needs to intercept the data in order to apply the filters. Does the Cloud so to speak act as a proxy, who queries then filters and then sends the data to our devices?
Could you please help us to understand what data are logged within the cloud solution and for how long they are logged? Can you also link or cite the specific parts within the privacy policy? Could you guys also think about keeping the imperfect solution that filters on the device? It would also be great if you could be as transparent as to go into the development aspects of the non working solution - maybe tech savvy community has some hints, that could help to make the solution working again.

Thanks again for taking the time and for being more transparent about it…

Yes.

Please refer to the privacy policy

We don’t plan on bringing back the old implementation, Blokada v6 is how we move forward and how we solve the issues we discovered. However if any developers want to give it a shot, the source is available on our github.

You may also want to follow the linked articles on the announcement post above.

2 Likes

Thank you @balboah for answering so quickly,

I hope you don’t mind me asking you about the privacy policy for Blokada Cloud itself (or maybe forward my question to the respective person in charge…). Inside the privacy policy Blokada states the following:

How long is the personal data saved?

The time periods for which the personal data will be saved are the following.

Blokada Cloud

Data retention is explicitly decided by the user at the moment of activation of the monitoring feature.
User can disable the monitoring feature at any time, at which point no more data will be stored.

You start the paragraph with:

How long is the personal data saved?

and underneath you do not seem to give a specific answer to that very question, when it comes to the following data:

Device name specified by the user
Domain name that was queried
Whether the query was blocked or not
Timestamp of each query

can you give us a better idea of how that works in Blokada Cloud?
Are those data deleted withing microseconds? Or are they kept for hours or days or months. Are these data stored in a processed manner or are there backups of these data stored anywhere?

Thanks for clearing up those important questions…

Fuchs

I cannot follow your thoughts here. When starting blokada Cloud you get the option to opt-in into a data retention for 24h or no dns related data retention at all.
If you choose the 24h option to use the monitor feature, your data will be deleted automatically after 24h

Dear @PrintableCharacter ,
This matter is more delicate than this:
We are transferring personal data to your servers for processing - these data will necessarily be stored on your systems for the duration of the query and the subsequent filtering. It is only reasonable as a user to understand whether and how the data are stored during that process:
In what kind of memory are they stored during that process? How are they securely deleted in a manner that experts would consider as irretrievable.

Please understand that these are important questions for your customers, since by changing your strategy - your users are suddenly confronted with having to trust your company in a far deeper manner than before. Those clarifications thus are necessary steps of transparency and trust.

Fuchs

Your request is processed in RAM for at most 5 seconds and is then garbage collected.
Persisting your query to disk only happens when you actively opt-in as @PrintableCharacter suggested.

Blokada for iOS doesn’t have any personal data that can be connected to you, Apple will only send a receipt of payment to activate the random account ID. Thus your activity is also anonymized by design.

1 Like

Continuing the discussion from Important announcement regarding Blokada for iOS:

Device name specified by the user
Domain name that was queried
Whether the query was blocked or not
Timestamp of each query

Sorry, what?

I think that is the details they want to see in the Blokada cloud logs.

This is already available, or I am missing something, please explain.