Hotspot and VPN Usage

[Metr0pl3x]

Add documentation in usage or FAQ to explain how traffic routed via the hotspot is not directed via the handset/user profile VPN and any external device must have it's own VPN connection to protect traffic.

[Vauxal]

Suggest including this as an onscreen warning / tick to confirm - as easy to miss / not intuitive, and consequence potentially high.

[thestinger]

VPNs are per-profile. I don't think it's unintuitive with that in mind.

[tashijayla]

VPNs are per-profile. I don't think it's unintuitive with that in mind.

I was running a WhatsApp account' with shelter and a Instagram account in a work profile for a few months until I worked out that you need a separate VPN per profile. I would love to see a option to root all internet traffic through the Maine profile in the future, it would save a lot of time not needing to have a Separate VPN for every profile I have

[Metr0pl3x]

Using a separate VPN for each profile is useful even when you want to use the same VPN provider and app for every single profile, because it makes a separate tunnel for each one, providing improved privacy by not tying them together with IPs. We don't want to make things worse.

Using the Owner profile's VPN for tethering/hotspot clients or using the Owner profile's VPN for other user profiles would unnecessarily tie them together. We're against the approach taken to this elsewhere, which we see as more of an anti-privacy feature than a privacy one.

[tashijayla]

Add documentation in usage or FAQ to explain how traffic routed via the hotspot is not directed via the handset/user profile VPN and any external device must have it's own VPN connection to protect traffic.

Interesting, I use a VPN in my Maine profile and I regularly connect my phone to public WiFi while sharing a hotspot with my computer, I thought my computer wouldn't be exposed to the network. I guess it's time for me to do a fresh reinstall 😕

[thestinger]

Android VPN support is per-profile instead of global as a privacy feature. Routing traffic through the Owner user is less private than each secondary profile and connected devices having their own tunnels. System connections not tied to profiles are part of Owner.