If you follow the Privacy Cookbook (and decentralize.today) you'll  realize that both keep mentioning DNS. It is in my opinion one of the most important things you need to set up, regardless of if its browser or system wide. On iOS and Android it is even more important to combine it with ad and spyware blockers.

So far if anyone asks me what I use to protect my cellphones, I would have said AdGuard Pro on iOS combined with a great DNS, perhaps dismail or nextDNS which gives you so much power and can be integrated by just visiting apple.nextdns.io and downloading it as a profile. For some reason, I never clicked with Blockada, but we'll get to that later.

On Android, you have the option to integrate DNS system-wide and combine it with a great firewall like NetGuard or AdGuard. This is for non-rooted devices but you would have even better options for rooted devices. However, from a security perspective, I actually don't recommend rooting your device. So let's stick with non-rooted.  

This setup always worked for me, and you can block, via both apps on Android, access to wifi/mobile for each individual application. Which makes it pretty safe and even blocks Google from tracking you if setup correctly. With ADB comments, you can even remove/uninstall for the main user on most mobile phones including Samsung, Huawei etc.

Now why would I have said "worked for me"? And why don't I mention Blockada as a recommendation.

I think the best way to explain about Blockada is what was written by RethinkDNS.

Blokada vs RethinkDNS F-Droid edition
Blokada invokes the divine principle to claim they could do no wrong with all the telemetry and tracking they do of their users. RethinkDNS thinks otherwise

This brings me to, you guessed it - RethinkDNS.

Say hello to a safer Internet.
Block malware, spyware, ads, and trackers across all apps with RethinkDNS. Servers in 200+ locations: Experience Blazing fast speeds

It's not easy to find and fall in love with a DNS service, let alone with an app which offers easy DNS setup. RethinkDNS does that and so much more. For example, you can use a bunch of blocklists with a single click, and use it with the rethinkdns setup, but you could also host these lists on your device itself, downloading it from and within the app and use a different DNS but block on your phone.

Additionally, RethinkDNS has a firewall, which is able to block all apps, including system apps, and has a great log file to watch what is happening. But unlike other non-root firewalls, RethinkDNS lets you also block IP addresses. It lets you choose to not just block an IP or site via a single app, but system-wide.

If that is not impressive enough maybe you'll like the next part even more. RethinkDNS has a one-click Tor-as-a-proxy (orbit) setup and lets you route all traffic which you allow - via Tor. This makes it a very powerful tool when it comes to privacy.

RethinkDNS also announced WireGuard integration in one recent updates. This means you do not lose your VPN slot to DNS, but actually have a firewall, DNS and WireGuard/Tor setup in one application.

Self-described as “an OpenSnitch-inspired firewall and network monitor + a pi-hole-inspired DNS over HTTPS client with blocklists”, RethinkDNS is truly a one-app privacy powerhouse.

I am a strong believer in DNS providers who block malware, ads and other spy agencies, but RethinkDNS brings all of this to a new level.

So far RethinkDNS is only available on Android, but they are planning for iOS as well. Developments like this excite me, and you can see the power of FOSS in a setup like RethinkDNS.

If you own an Android smartphone, RethinkDNS is second to none when it comes to protecting your data, securing your HTTPS encryption and even blocking connections to your camera, Gallery, calculator and other applications which have no need to have access to the internet.

We publish a daily dose of decentralization here every day (UTC+8), for additional daily updates follow us on Mastodon, Twitter, Telegram or Element(Matrix). Please like & share all our output. We rely on User-Generated Content so why not write for us and since we try to avoid ads and sponsorship, why not donate to help us continue our work - all major cryptos accepted. You can contact us at decentralize.today and at blog@decentralize.today
Share this post