This is where rooting the phone is required. I use wireguard without root and have AFWall granted with root at bootup so it doesn't require acting as a VPN
Mikelius
joined 9 months ago
- AFWall+ firewall to allow list apps to internet using your preferred method (e.g. VPN, wifi, data, etc)
- PcapDroid to help monitor and analyze packets, or to just confirm things aren't communicating unexpectedly
- AdAway if you're not using your own dedicated dns over a permanent VPN connection
If not all 3 of these, AFWall is probably the best to go with. Having a way to not only block Apps, but also define your own custom firewall rules is very powerful. For example, I redirect all DNS requests to my own DNS with a custom rule (for apps, like Termux, using hardcoded DNS lookups instead of what the phone is set to)
Try using the private IP options instead and see if that works. The generic one being 10.64.0.1, but other options that include ad voicing and such ranging from 100.64.0.1 to 100.64.0.25 or something like that. I've got my entire network setup behind their VPN and a a pihole pointing to one of their private DNS addresses without any issues. I left their pubic DNS years ago so that I could make sure my DNS requests were always within the tunnel instead
Remember, you can always opt out of sending any technical or usage data to Firefox.
How about you show you respect user privacy by making it an opt-in...?
Feels like no matter where I turn, even the "privacy friendly" options turn away from privacy eventually.
It's not free, they ask you to buy credits. I didn't buy any so don't know how much they cost, but just mentioning to make this clear.
I assume anyone who's set their profile to private without sharing apps, external links, etc, and only go to private servers wouldn't have much to worry about against this scenario?
Even if a game doesn't look like it'll work based on protondb, try it anyway. Many times I've had games that were marked as low ratings start up without any changes lol. I remember even when d4 beta came out, I saw people struggling to install and play it on the first weekend... Worked out of the box for me.
Only 2 problems I have with Graphene personally is the need to give Google money, which the irony is just too much, and no option for rooting. Otherwise it seems like a pretty good OS overall. In the meantime, while I wait for those options to be more flexible so I can have full control, I just use a rooted lineage os with all the extra Google stuff (ntp, DNS, etc) stripped and replaced with my own self hosted systems.
I always recommend Amcrest for anything related to cameras. Idk about the doorbell since I don't have that specifically, but the cameras are completely local (no cloud server acting as the relay) and no sign up required unless you use their home app (I use the view pro app to avoid signups).
Reolink doesn't require signups, but their cameras generally require internet from my experience, as they use their own cloud servers as relays, which would mean they can't work offline like you're wanting.
I'll have to check out TrackerControl, that's a new one to me!
I have seen app manager but currently use AppOps. I didn't recommend AppOps above because I'm not sure it's still supported or not, and it's also not really Foss. It's treated me well over the years, but I'm definitely interested in finding a better alternative. The last time I checked app manager, it wasn't as good... But maybe that's changed as it's been several years now so I think I might be due for looking at it again!
My wireguard connection on my phone connects to my home network to an pi hosting my internal VPN... But the network is completely covered by a mullvad VPN through opnsense. I've got pihole setup using the mullvad anti-trackkng private DNS. With this setup, the only real need I have for root on my phone is because I do some pretty low level automation on it through crond and some backups of core app data that I'd really hate to lose... And the complex firewall rules lol.