RethinkDNS is an anti-internet censorship tool with DNS-based adblocking and a firewall built-in for Android 6+ devices.
The app itself is free to use and comes with RethinkDNS (previous name BraveDNS) resolver with support custom denylists, allowlists, ability to store DNS logs for later analysis, view those logs consolidated from multiple devices in a single interface and so on: Pretty much a pi-hole in the cloud.
Why'd we build this?
As concerned Android users: It absolutely irks us that people who do care enough about privacy still couldn't use privacy-enhancing apps without requiring a degree in computer science. We saw this pattern unfold multiple times and a lot of tools over the years have done a tremendous job of making niche security tools accessible to naive users. We wanted to further that conversation on Android with a vision for what we think such a tool should look like:
1. Anti-censorship: Enable open internet. DNS over HTTPS (and the imminent ESNI standard) is going to effectively break censorship as implemented in a lot of countries without requiring to route the traffic through VPNs. VPNs (and distributed tech like IPFS and mesh networks like Lantern) are still required in countries that employ Deep Packet Inspection. That's something we'd like to tackle in the near future.
2. Anti-surveillance: Expose apps, their activity logs, network logs, and provide some actionable insights to the users on what they could do next. Exodus Privacy does a good job at statically analyzing an app and laying bare the trackers and permissions in-use, whilst the evergreen NetGuard does ever-so-well in revealing an app's connectivity history. We believe, there's a lot more that can be done than simply firewall an app: For instance, you could disable it, uninstall it, remove its permissions, remove the so-called special permissions (like read notification permission, read SMS permission, read app-usage statistics permission etc). Basically, empower the user with whatever control is available without-root in a neat little interface (think CleanMaster vs using the stock Settings app but being actually effective and not lie).
The current version of RethinkDNS (previous name: BraveDNS) is a start in the direction laid out above partly because we want such an app ourselves and partly because we feel people deserve more such tools, and we hope to build it with this community's input, because god knows we have been wrong plenty when it comes to "what people really want".
As privacy enthusiasts: We were frustrated that if we wanted to use NetGuard we couldn't use another VPN app, or if we wanted to use a DNS changer like Blokada then we couldn't use NetGuard (though, NetGuard + Private DNS feature alleviates the problem on Android 9+). We wanted something that wasn't as restrictive because we knew it could be built and so we did.
1. Easy configuration.
2. No root required.
3. Free and open source (forked from Intra).
4. No built-in trackers or analytics.
5. In continuous development.
1. DNS over HTTPS (circumvent censorship and prevent surveillance of DNS logs by ISPs and everyone else), DNSCrypt v2 with Anonymized Relays, and DNS over Tor.
2. View DNS logs, including latencies and other metadata.
3. Ad-block through RethinkDNS (previous name: BraveDNS) free resolver and local blocklists.
4. Add your own DNS over HTTPS / DNSCrypt v2 servers.
5. Firewall by app categories.
6. Firewall individual apps.
7. Firewall individual IP addresses.
8. Firewall when apps are in the background (not-in-active-use).
9. Firewall when device is locked.
10. Forward DNS and TCP connections to Orbot (Tor as a proxy).
11. Forward HTTP connections to any HTTP proxy.
12. Forward TCP connections to any SOCKS5 endpoint or to Orbot.
13. Forward DNS connections to any app running locally on-device or any endpoint (either local or on the Internet).
14. [v053g / Sep '21] Firewall when apps bypass DNS (for example, block connections to IPs that apps resolve themselves).
15. [v053g / Sep '21] Pause: Pause the Firewall and DNS for a brief time-period.
16. [v053g / Sep '21] DNS Trap: Proxy all requests made on Port 53 to user-set DNS endpoint (for instance, this traps and redirects all custom DNS requests WhatsApp sends to Google's `126.96.36.199` DNS servers to the DNS endpoint of a user's choice).
Planned (in order):
0. Custom DNS allowlists/denylists.
1. WireGuard VPN integration.
2. Firewall based on metered (LTE) or unmetered connection (Wifi).
3. Per-app DNS and VPN (route traffic to multiple VPNs / DNS based on which app is making those connections).
4. IPv6 support.
We can't emphasize this enough: Let us know what you'd like to see us build and more importantly what'd make this tool use-able for other Android users who care enough but aren't as tech-savvy.
If you'd like to contribute, please feel free to send pull requests our way.
License: Apache 2.0
Download: via RethinkDNS.com | PlayStore | F-Droid.