But the ad-blocking vpn server is 127.0.0.1, so perhaps, like it says all the blocking happens right on your phone.
This is what I've been waiting for if this works.
Still getting ads on instagram though.
Intra  can DoH (but no on-device custom blocklists) and Nebulo  can DoH and DoT (with on-device blocklists). Personally, I see better latencies with DoH.
 https://getintra.org + adguard-dns or nextdns
 https://play.google.com/store/apps/details?id=com.frostnerd.... + adguard-dns or nextdns or hostfiles
DoH = DNS over HTTPS
DoT = DNS over TLS
Very useful apps!
No, I've never heard of blokada. Thanks for the tip.
Also agressive power management from phone makers close them.
A paid upgrade to the Play store version lets you filter traffic like adblock, or just use the releases from Github (they allow filtering, but not most pro features)
I wish there was global or group based ip rules though, since there's no way to whitelist DNS per app or temporarily, without completely turning off filtering.
It's kind of a pain, honestly. Some of the developers decisions seem pretty arbitrary to me. It's so close to being a must have app. I wish I had time to get familiar with the code.
That said, it's still my favorite option since losing adhell3 again.
settings -> backup -> import hosts file
settings -> advanced -> Filter traffic + Block domain names
Of course also fun in its own right to see the sorts of APIs an app uses and how often the developers like to query it.
That you have to go through the trouble of mitm'ing yourself to see this stuff is also the flip side of HN's native app fetishization and knee-jerk web hate.
You could always manually enter your DNS servers in your iPhone's settings.
Can you do this for mobile connections? From what I've been able to see, you have to set DNS settings on a per SSID basis, and that particular menu doesn't exist when connected to the cell network instead of wifi.
Apple forced the developer to "upgrade" it to use DNS based blocking and provide no lists of adservers, which pretty much let everything back through.
"Can", not "does". The App Store page for it (for both Mac and iOS versions) says
> Optional VPN for additional privacy
I haven't checked myself, but I read that it's likely because Instagram may use the same domain to serve ads as its regular content. So, if you block Instagram's domain, you will block Instagram itself.
Unless it also acts as a web-proxy, yes.
You also want to be able to know who the authors are, to evaluate them for trustworthiness, and to evaluate their processes to see how well hardened they are against malicious contributions.
Camera and mic? How does it do this as a vpn?
I see no requests for such things in iOS settings for the app.
My experience with running client-side DNS based blockers are they consume additional battery and need a lot of RAM if you block with aggressive lists that have more than 1M+ domains. Besides, DNS based blockers can be circumvented by apps that do their own resolution over DoH or use clever techniques like CNAME cloaking . Some nameservers such as the one run by Cloudflare flatten the CNAMES , effectively rendering even nextdns' solution ineffective .
I must also note that, Cloudflare does hide origin-IP if they are setup to reverse-proxy the traffic, which then would render IP based blocklists ineffective, too, unless Cloudflare's IPs are blocked, as well.
The folks who build the lockdownhq apps are also the makers of https://confirmedvpn.com.
u/willstrafach's https://guardianapp.com (VPN and ad-blocking), u/poitrus's https://nextdns.io (no VPN but imo the best DNS based content-blocker in the market today), and https://adguard.com (cross platform all-in-one network security suite) are other comparable alternatives.
Disclosure: I run a competing ad-blocking service.
are you saying the same group of subcontractors built them all? or that it's the same app repackaged multiple times? or something else?
i use adguard on iOS and while i don't like the first-party exposure (to adguard itself), it's better than being completely naked in public to all sorts of shady actors (including telecom/wireless providers). or is it?
No. Sorry, I meant that the creators of lockdownhq also built confirmedvpn.
> or something else?
some cool stuff here:
- Content Filter Providers: https://developer.apple.com/documentation/networkextension/c...
- DNS Proxy Provider: https://developer.apple.com/documentation/networkextension/d...
> Content filter providers are only supported on supervised iOS devices.
> DNS proxy providers are only supported on supervised iOS devices.
Also, the homepage states "Over 1 Billion Trackers Blocked", but that really feels misleading.
I'd say Guardian Firewall is a much better choice: https://twitter.com/guardianiosapp
The $1/day / $10/month / $100/year has been fairly well received, but may not be for everyone, especially those who enjoy running their own VPN server and/or curating their own block lists.
...in countries where $100 a year isn’t a lot for one subscription.
> but may not be for everyone, especially those who enjoy running their own VPN server and/or curating their own block lists.
...and also not for those in countries where $100 a year is a whole lot of money for one subscription.
I suppose an Indian commenter would 'Eesh' at that too though!
23K+ blocked since 1/16/2020.
I don't use too many apps, but I see it also blocked app telemetry/trackers (e.g., kochava.com stuff)
Is it possible to import such rules to Little Snitch? That's the go to firewall on macOS, though it is proprietary. There's also LuLu, a FOSS firewall for macOS. 
Now, from my memory, these block lists did cost quite some memory on a machine with 512 MB RAM. Even though it'd do dedup. What one could also do is build up a VPN with a remote server (in the cloud, or at home) and use say use WireGuard to have a secure connection while using a remote DNS on the VPN to get ads blocked.
I found this list (by Peter Lowe) for Little Snitch . There's also a shell script to convert to Little Snitch rules 
I can VPN to my home ad blocking network from anywhere, have more insights into my home network shenanigans, and still use my personal block list built over years. Super easy and most importantly, done.
It looks like the block lists are really short (https://github.com/confirmedcode/Lockdown-Mac/tree/master/Bl...).
This is a DNS-sinkhole, which can be easily circumvented by apps (for example by using hard coded IPs.)
I would say it's rather dishonest to state your app is a Firewall on the front page, when in fact it is not.
Or is it Google that does that?