Even tho am using proton VPN (free) with private dns enabled. dnsotls-ds.metric.gstatic.com this domain directly connects to my real isp and leaks my real location.
Am using private dns in order to block trackers in my bloated phone. (Debloating is not an option for me as i lack a laptop and bootlocker is not unlocked, i tried many ways to debloat but all i can do is disable system apps) I don’t installed any proprietary apps even whatsapp or banking apps to never sent my data to them. The issue is just system apps trackers. Am using ironfox with ublock and tor with noscript.
Any way to prevent this vpn leak ?
My threat model is to hide my traffic from isp as my isp is a spyware privacy invader.
Am enabled block connections without vpn always. In my case orbot is very slow and constant captcha pops up which is very irritating to use the web. Even tho some privacy respecting search engines like brave and startpage too showing me captchas.
Am finded about dnsotls-ds.metric.gstatic.com from my dns provider log which directly connected from my real isp ip address (personal adguard dns free). From my search i finded that adguard or any other dns servers establish dnsotls-ds.metric.gstatic.com this connection in order to check the status of the private dns enabled or not. To block this i have to use a no-google blocklist which leads to inconvinience.
I don’t have enough money to pay for paid services (which means i don’t have a job as am a final year student).
No gecko based android browsers provide option to change dns provider. But blink does but i hate them. Blink based browsers are annoying and no addons like ublock origin never get supports. Brave is making too much background connections which is annoying. Other browsers like cromite, vivaldi have nothing to say unique just hardened like i always do in every browser. Edge supports exrensions but you know whats the point of using a spyware inorder to protect privacy ?
Not using a custom or private dns leads to,
I always know my phone bypass and sent most of the connection to my dns or the device parent company. Because of that also i don’t store much info on my phone. Never take photos. Stored contacts as no other apps can see (using fossify contacts). Keep important docs on proton drive.
I believe the situation is little more understandable now. Providing my logs directly to my untrustable isp feels stupid.
Also it would be nice to know leaking my location to dnsotls-ds.metric.gstatic.com leads to any consequences. Or is it just a private dns current status checking url ?
Thank you for reply.
I’ve never had a captcha with DuckDuckGo, if you want to give that a try. Otherwise, metasearch engines like SearXNG act as a proxy between you and other search engines.
Good to know. It’s up to you whether you want to trade privacy for convenience.
GrapheneOS’s browser Vanadium is a good option if you want to move away from Firefox-based browsers, but it’s not easy to install anywhere other than GrapheneOS. If you’re up to try, here’s how.
Brave can be hardened to minimize most of those, but I agree it is annoying that there are still background connections.
Besides Google being able to see every time you ping the domain, there’s not much else going on. It’s unlikely that it’s leaking any private data, so it’s relatively harmless. It’s not ideal that it connects to it, but it doesn’t pose too large of a threat.
Mullvad’s leta (google) is my default search engine. Also am a big fan of duckduckgo for more advanced search and its duck.ai is amazing.
Sure i will give a try vanadium browser if am able to install it.
Thank you for taking time to answer my questions.