FORUMS

[APP][8.0+] BraveDNS: Anti-Censorship + Adblocker + Firewall [open source] [no root]

29 posts
Thanks Meter: 29
 
By ignoramous, Junior Member on 8th August 2020, 01:31 AM
Post Reply Email Thread


BraveDNS is an anti-internet censorship tool with DNS-based adblocking and a firewall built-in.

The app itself is free to use. We would charge only if users opt to use our DNS resolvers (private beta in 2 to 3 weeks from now) instead of Adguard's (which is the default and free to use). Why'd users want to do that? The BraveDNS resolver would provide for custom blacklists, whitelists, ability to store DNS logs for later analysis, view those logs consolidated from multiple devices in a single interface and so on: Pretty much a pi-hole in the cloud.

Why'd we build this?

As concerned Android users: It absolutely irks us that people who do care enough about privacy still couldn't use privacy-enhancing apps without requiring a degree in computer science. We saw this pattern unfold multiple times and a lot of tools over the years have done a tremendous job of making niche security tools accessible to naive users. We wanted to further that conversation on Android with a vision for what we think such a tool should look like:

1. Anti-censorship: Enable open internet. DNS over HTTPS (and the imminent ESNI standard) is going to effectively break censorship as implemented in a lot of countries without requiring to route the traffic through VPNs. VPNs (and distributed tech like IPFS and mesh networks like Lantern) are still required in countries that employ Deep Packet Inspection. That's something we'd like to tackle in the near future.

2. Anti-surveillance: Expose apps, their activity logs, network logs, and provide some actionable insights to the users on what they could do next. Exodus Privacy does a good job at statically analyzing an app and laying bare the trackers and permissions in-use, whilst the evergreen NetGuard does ever-so-well in revealing an app's connectivity history. We believe, there's a lot more that can be done than simply firewall an app: For instance, you could disable it, uninstall it, remove its permissions, remove the so-called special permissions (like read notification permission, read SMS permission, read app-usage statistics permission etc). Basically, empower the user with whatever control is available without-root in a neat little interface (think CleanMaster vs using the stock Settings app but being actually effective and not lie).

The current version of BraveDNS is a start in the direction laid out above partly because we want such an app ourselves and partly because we feel people deserve more such tools, and we hope to build it with this community's input, because god knows we have been wrong plenty when it comes to "what people really want".

As privacy enthusiasts: We were frustrated that if we wanted to use NetGuard we couldn't use another VPN app, or if we wanted to use a DNS changer like Blokada then we couldn't use NetGuard (though, NetGuard + Private DNS feature alleviates the problem on Android 9+). We wanted something that wasn't as restrictive because we knew it could be built and so we did.

Key points:
1. Easy configuration.
2. Root isn't required.
3. Free and open source (forked from Intra).
4. No built-in trackers or analytics.
5. In continuous development.

Current features:
1. DNS over HTTPS (circumvent censorship and prevent surveillance of DNS logs by ISPs and everyone else).
2. View DNS logs.
2. Ad-block through BraveDNS' free resolver or add your own.
3. Firewall by app categories.
4. Firewall individual apps.
5. Firewall when apps are in the background (not-in-active-use).
6. Firewall when device is locked.

Planned (in order):
0. Code cleanup and bug fixes (it is an early release, so please be kind; the repository is open for pull requests).
1. Connections tracker: Track TCP/UDP connections made by apps not firewalled.
2. Ability to temporary disable Firewall and DNS.
3. Battery Optimization reaper work-around.
4. Firewall based on metered (LTE) or unmetered connection (Wifi).
5. Support for both DNS + Firewall (dual mode) on Android 8+. Currently, the dual mode is supported only on Android 10+.
6. Android 6+ support.

We can't emphasize this enough: Let us know what you'd like to see us build and more importantly what'd make this tool use-able for other Android users who care enough but aren't as tech-savvy.

If you'd like to contribute, please feel free to send pull requests our way.

Thanks.

---

Source: github/celzero/brave-android-app
Website: bravedns.com
Blog: brave.imprint.to
Twitter: twitter.com/bravedns
FAQ: bravedns.com/faq
License: Apache 2.0

Download: via bravedns (In PlayStore in a week from now; f-droid, too, once we figure that out).

---
Attached Thumbnails
Click image for larger version

Name:	1.jpg
Views:	2056
Size:	167.2 KB
ID:	5075711   Click image for larger version

Name:	2.jpg
Views:	2028
Size:	186.5 KB
ID:	5075713   Click image for larger version

Name:	3.jpg
Views:	2018
Size:	236.5 KB
ID:	5075715   Click image for larger version

Name:	5.jpg
Views:	1856
Size:	179.0 KB
ID:	5075717  
The Following 12 Users Say Thank You to ignoramous For This Useful Post: [ View ] Gift ignoramous Ad-Free
8th August 2020, 01:33 AM |#2  
OP Junior Member
Thanks Meter: 29
 
More
Reserved.
GuestK00460
8th August 2020, 06:59 AM |#3  
Guest
Thanks Meter: 0
 
More
pls add system apps block on firewall, also block domain on dns log and dns server change
The Following User Says Thank You to For This Useful Post: [ View ] Gift Ad-Free
8th August 2020, 02:20 PM |#4  
OP Junior Member
Thanks Meter: 29
 
More
Thanks.

System apps: Good catch. We'd look to put that in the coming days.

DNS block button against a domain in the logs: We do plan add that but not sure if it ends up violating PlayStore terms. May be we need two versions, one for f-droid and another for PlayStore like Blokada has.

Can you elaborate what you mean by block domain on DNS server change?
GuestK00460
8th August 2020, 02:38 PM |#5  
Guest
Thanks Meter: 0
 
More
Quote:
Originally Posted by ignoramous

Thanks.

System apps: Good catch. We'd look to put that in the coming days.

DNS block button against a domain in the logs: We do plan add that but not sure if it ends up violating PlayStore terms. May be we need two versions, one for f-droid and another for PlayStore like Blokada has.

Can you elaborate what you mean by block domain on DNS server change?

block/allow individual domains which are showed by log.
change dns servers just like nebulo app.
also proxy on tor n dnscrypt support like invizible-pro app.
8th August 2020, 08:48 PM |#6  
OP Junior Member
Thanks Meter: 29
 
More
> change dns servers just like nebulo app.

Dnscrypt shouldn't be much trouble to implement but I wonder what extra protection it affords over DNS over HTTPS. That said, I've added it to our backlog.

> block/allow individual domains which are showed by log.

Gotcha but as mentioned before I am not sure if this feature breaks PlayStore terms. Added.

> also proxy on tor n dnscrypt support like invizible-pro app.

Yes! This is something that we want to do next. Once the part with Firewall and DNS is done (our immediate attention is adding missing features and later add support for Android 6+). Thanks for the heads-up: invizible-pro looks great, and exactly the kind of app that we envision to build ourselves.
9th August 2020, 12:06 PM |#8  
OP Junior Member
Thanks Meter: 29
 
More
No it isn't affiliated with brave.com.

We won a grant from Mozilla Builders, however; to pursue this, which we are now doing so full-time.
29th August 2020, 04:18 PM |#9  
y0himba's Avatar
Senior Member
Flag In a house.
Thanks Meter: 50
 
Donate to Me
More
Hello, I am on a stock Pixel 2 XL, Android 10, latest security patches as of August. The app starts and runs, but tapping the start circle does nothing. DNS or Firewall doesn't start.
29th August 2020, 06:39 PM |#10  
Senior Member
Flag Muck City
Thanks Meter: 35
 
More
So this still exposes one's real IP address, yes?
29th August 2020, 07:03 PM |#11  
OP Junior Member
Thanks Meter: 29
 
More
Quote:
Originally Posted by y0himba

Hello, I am on a stock Pixel 2 XL, Android 10, latest security patches as of August. The app starts and runs, but tapping the start circle does nothing. DNS or Firewall doesn't start.

Strange. This is unlikely related to Pixel or the latest Android Oreo update. Please check if any other VPN app has been set to "Always-on VPN" like-so (also see attached):
1. Settings -> Wifi and internet -> VPN.
2. Click on the sprocket icon against the apps.
3. Check if "Always-on VPN" is check-marked.

Disable that setting (if and only if you do not want that VPN app to be an "Always-on VPN") and BraveDNS should now prompt you for VPN access once you click "Start".

BraveDNS (or any app that requires VPN API access to function) cannot work with other VPN apps in-tandem (especially, not with "Always-on VPNs").
Attached Thumbnails
Click image for larger version

Name:	Screenshot_20200829-220251~2.jpg
Views:	798
Size:	19.7 KB
ID:	5088613   Click image for larger version

Name:	Screenshot_20200829-220256~2.jpg
Views:	800
Size:	48.8 KB
ID:	5088615  
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread