I’m a proud Visionary user and have been since day one. As part of liking my privacy I use ProtonVPN, and have up until now resorted to rooting my phone to get the pleasure of native adblocking within Android with Adaway writing to my hosts file.
In another sub, a developer (rightly so) advocates that rooting is a security risk beyond measure. Which is correct. However, as things are now, I don’t see any solutions on how to natively block ads, while still using ProtonVPN.
There are non-root solutions like Blokada or DNS66. But since they use internal VPN, I can no longer use ProtonVPN. I can’t control Proton’s DNS to inject a list/lists of domains to block. Using a firewall like AFWall requires root to write iptables rules. If I force Android’s DNS via Pie’s settings, I’ll need to disable DNS leak project protection within ProtonVPN to be able to use it, and I’m a subject of DNS leaks, which defeats a/the purpose of using a VPN.
So I’m out of options if the solution has to be non-root but not a VPN. Any suggestions?
If you ever find out, let me know! I can’t see how ad blocking is ever going to be allowed without root, given who controls Android. The only way to get around it, as you’ve mentioned, is to use the VPN feature, but that obviously stops being viable when you need to use the VPN feature for it’s intended purpose.
I use uBlock Origin in my browser, but that obviously doesn’t stop ads and trackers in other apps. I’ve never come across a solution to what you’re asking but would love to know if anyone has.
Once you are connected to ProtonVPN, you are using our own DNS resolver and there’s not an option to implement custom DNS at this time. However, this is already considered, and we may implement this as a feature in our further developments. We advise against rooting your device as that’s a potential window for unwanted malware and “bricking” your device, so we do not have a practical suggestion for you at the moment.
Personally I’m of the camp that “Rooting is a security risk” is utter bullshit. Especially given that many devs already have chosen not to respect user choice in an ecosystem intended to empower users more (Android)
#Rooting is not inherently more insecure…IF AND ONLY IF YOU KNOW EXACTLY WHAT YOU ARE DOING.
If you’re careful enough; a rooted device will be fine, but you may be discarding some security assurances that the Android OS makes due to it’s design. As usually being rooted means you’re usually on your own if your device is damaged by the exploit through carelessness. If you are not careless, you will likely not be bitten because your phone was rooted.
If you’re an adult enough to handle that, you can and probably should root your device if you ARE UNHAPPY with the path that many Android implementations are taking. This may vary wildly by Device Manufacturer and even the carrier or source you purchase the device from!
The only solution I can think of is to use StrongSwan or OpenVPN for Android to rewrite what DNS server is used via the VPN.
You can do this without root; but unfortunately it comes with the downside that it will break the compatibility that ProtonVPN seems to bake into it’s plus servers that enable you (if a US customer) to actually stream Netflix or Hulu. Although if that’s an issue you can easily pardon those specific apps from going over the tunnel.
Yes it requires a split tunnel; and running a DNS server that may potentially be slower or possibly vulnerable to other privacy concerns; but the Adguard DNS servers DO work at blocking advertising and tracking on your device.
I won’t detail the IP addresses or instructions to set this up here but they are publicly available. Instructions to setup OpenVPN or StrongSwan are available on ProtonVPN’s website; and you can specify DNS servers when setting up your connection profiles, so you can switch around between Adguard or not if you need to.
I also use Tasker and IntentTask to aid in allowing me to command StrongSwan to shift profiles to a random one. I also have a voice command via Saiy available to shift between random picked server profiles too. I don’t intend to share the task profile though, because it’s dependent on IntentTask and StrongSwan uses GUIDs to identify it’s profiles; you’ll have to wizard up your own Task, and configure ways to launch it that meet your needs.
I could suggest that you could use StrongSwan and it’s own native shortcuts on the homescreen though; to switch from Adguard on (and possibly a split tunnel configuration that let’s you stream) to one that has Adguard configured and has no split tunneling.
Personally I don’t see the use in blocking ads in apps; if an app is just annoying or bad in it’s placement of ads, what business does it have even being installed? The dev clearly chose to optimize ads over UX which is a very bad decision that makes it clear that they may not choose to respect your privacy with how they implement advertising and trackers.
If ads and trackers are a bane; please oh please look through f-droid first! https://fdroid.org.