confirmedcode / Lockdown-iOS

GNU General Public License v3.0
898 stars 85 forks source link

View unblocked requests and block them #11

Open ghost opened 5 years ago

ghost commented 5 years ago

A list of all domains going through vpn not just blocked but also a list for non blocked so users can see what domains a website/app are requesting and configure there settings to that website or domain

TimofeyK commented 5 years ago

This is certainly doable and very useful. I found that AdGuard Pro just released similar functionality with both running log of all requested domain with a quick block/unblock + DNSCrypt

I bought AdGuard and captured a list of 30+ domains I want to block but then I manually entered them to Lockdown as I prefer a smaller, just for this purpose app

Having this log/blacklist functionality in Lockdown would be the highest priority for majority of users because otherwise it's almost impossible to find what to block

mikegchambers commented 5 years ago

So, as you probably saw they added the blocked list. But I don’t think an allowed list could be generated, as the proxy only sees domains that it’s blocking.

So I don’t think it’s possible, at least not without a substantial rewrite.

Am I wrong?

TimofeyK commented 5 years ago

I’ve been playing whack a mole game with ads and trackers using AdGuard Pro in the past few days so it’s certainly possible - it shows all dns request that are going through the fake VPN

mikegchambers commented 5 years ago

For the record, with the latest release of code, things have changed significantly, and this now appears relatively easy to implement. Good news.

DominiqueComte commented 5 years ago

A list of all the unblocked and the ability to pick them for blocking would be great, yes

ghost commented 5 years ago

Make sure when it shows the dns log all domains, time, ips, etc info can be copied to clip board please

ghost commented 5 years ago

This is certainly doable and very useful. I found that AdGuard Pro just released similar functionality with both running log of all requested domain with a quick block/unblock + DNSCrypt

I bought AdGuard and captured a list of 30+ domains I want to block but then I manually entered them to Lockdown as I prefer a smaller, just for this purpose app

Having this log/blacklist functionality in Lockdown would be the highest priority for majority of users because otherwise it's almost impossible to find what to block

are you sure? i tested adguard pro (current version in the App Store) on iOS once.

if you want to activate this "fake VPN = local VPN". Do you have to choose such a DNS server?

You have to trust the DNS server not to store it. But this is not local.

What about Lockdown Firewall? Is it also like Adguard with a DNS server?

Or really everything local with the "fake VPN = local VPN"?

TimofeyK commented 5 years ago

Yes, I am sure. AdGuard Pro uses the same local “fake” VPN technique to block requests and also can use 3rd party DNS. I don’t use 3rd party DNS servers, only my internet provider

ghost commented 5 years ago

Yes, I am sure. AdGuard Pro uses the same local “fake” VPN technique to block requests and also can use 3rd party DNS. I don’t use 3rd party DNS servers, only my internet provider

Okay.

So I just have to select "System Default" under AdGuard Pro -> DNS Settings.

Then everything is really local, no 3rd party DNS servers?

Because if I select "System Default" or the other 3rd party DNS servers that AdGuard Pro offers by default.

Shows iOS system (Settings -> VPN -> AdGuard Pro VPN) all the same. Except for Server. There is the name.

You're sure? How do you know that? How can users verify that everything really runs locally?

ghost commented 5 years ago

I've heard some also use DNSCloak. https://apps.apple.com/us/app/dnscloak-secure-dns-client/id1452162351

Here I find only 3rd party DNS server.

The app is open source (https://github.com/s-s/dnscloak). But what good is it if it connects to a 3rd party DNS server anyway?

b961Rzf8gnkfMw commented 4 years ago

A list of all domains going through vpn not just blocked but also a list for non blocked so users can see what domains a website/app are requesting and configure there settings to that website or domain

Here's why this should be a higher priority.

Suppose Lockdown had a partnership with Google. Google could have some invisible domain, e.g., googledatacollection.com, that would be collecting all kinds of data. Lockdown would show us, "Hey, look at all these Facebook requests we're blocking! Don't you feel safe now?" But meanwhile...Google is sucking us dry. How would we ever know? And there would be NOTHING in the code of the app that would suggest this.

Or what if I want to experiment with shutting off Apple telemetry? I have to use AdGuard Pro right now. But AdGuard's app isn't open source. Sure, sure, DNSCloak - but I want to see all the requests and shut them off at will.

I use uMatrix on my laptop browser. Oh, what I wouldn't give for that kind of control system wide on my phone. I'd totally pay for that. And I'd subscribe to your VPN too. I'd pay for the app and then pay a subscription for the VPN. I'd love all that control.

I want Lockdown to be my one app to rule them all. This is how you can do that. This is how you can give me control over my phone. Please take my money for this.

johndoeandrewaki commented 2 years ago

Approved