This app works by connecting to a VPN. From experience, user experience on these kind of apps using a VPN is pretty poor (for example, ad blockers)
I believe keeping VPN connected drains the battery because some of the device's chips cannot "sleep"
A VPN-based app also disconnects when going from Wi-FI to cellular.
Worse, when going from cellular to WiFi (ie: going back home) with a VPN on, the iPhone just keeps using the mobile network until the VPN is disconnected
These apps usually try to auto-connect to VPN but when your connection is spotty, it becomes a very annoying, you have to kill the app, disconnect the vpn manually etc
As user you're left manually putting the VPN on/off constantly if you're on the move
It's definitively not a "set and forget thing". I wish Apple could give a way for ad-blockers and this kind of apps to function normally without using a VPN as a crutch
On IOS there's also DNSCloak[0], which goes even further and has the option to choose for ad-filtering (eg, via PiHole) in combination with no-logging and using 1.1.1.1 as DNS.
ISP DNS servers will always be closer, eg have less latency then third party DNS servers. And after one query, the result will be stored locally, eg no DNS servers will be used for following lookups. The thing with expensive DNS solutions is they only speed up the very first lookup, which might be cached on your ISP anyway. DNS is already a distributed system, which is much larger then any single private entity. Some third party DNS services might also sacrifice resiliency for performance, they will for example not try secondary DNS if primary is down. The reason why private organizations want you to use their DNS service is because they want to know every site you visit, then sell that information.
For what it's worth I think this is a beautifully designed app. The usability and user experience is great. Yes, it does just one simple thing but it does so in a smooth and elegant way.
Been using this since the beta on testflight and it has beeen awesome.
The only thing it needs IMO is the ability to whitelist WiFi networks not to run it on. I run a PiHole instance at home that does DoH through CF already so I have to remember to turn it off/on all the time to get the ad blocking.
On Android I use DNS66 [0], it creates a VPN server in my phone, redirects DNS traffics through it and filters it. This way I get adblock all the time even if I don't have a PiHole. Edit: I see now this app by CloudFlare does the same. However DNS66 let's you choose your own hosts filters and your own DNS servers.
I'm not quite so sure why everyone is happy to just blindly trust Cloudflare. These are the people who play games when Adobe Flash "updater" sites which are clearly, obviously and unambiguously hosting Trojans are hosted via their services.
What do you mean, you don’t trust them? Cloudflare provides services to scummy websites, yes. But Cloudflare isn’t doing anything to promote these websites, trick users into visiting them, or otherwise aide them in any way other than providing the exact same services they provide to everybody else.
I fully understand disagreeing with Cloudflare’s decision to turn a blind eye towards what their customers are doing. I just don’t understand why this behavior means you “don’t trust them”. What do you think Cloudflare is going to do?
I am not saying you are wrong, but the decision is which provider do I trust the least? I personally do not trust Verizon Wireless at all and they know my real name, mobile phone number, address, and credit card number. Cloudflare does not have these validated data points about me, so maybe they are using my data in a nefarious way, but they don't have the other PII to go along with it. Perhaps they have a method to match my data requests to publicly purchased PII, but their matching is not already validated by me, so there is a chance for error fuzzing.
You shouldn't, but there's some vague notion that giant corporations have taken over the net and fighting against it is actively harming your privacy more than it helps. Is cloudflare better than your {ISP, self hosted, Google, etc} DNS servers? That's probably for an individual to decide.
Configuring with iOS settings sends unencrypted DNS requests to 1.1.1.1 and, as a result, the sites you access can be seen in your internet traffic by people like your Mobile provider (when using mobile internet) or the local cafe (when using their WiFi) or your home ISP (when using your home WiFi).
This app enables your DNS requests to be encrypted. Your requests are still seen by Cloudflare, of course.
That setting change only changes DNS while on Wifi. IOS offers no direct method of changing DNS while on cellular. Without something like Terminal on an iPhone, pretty difficult to tell which DNS is being used by the iPhone unless the phone is jailbroke. I use an app called Net Analyzer to check various networking configs. I'm not sure even the Cloudflare app is actually changing DNS. Need to do a bit more poking about to figure out what exactly is going on.
Edit: After playing around a bit, with the CloudFlare app alongside Net Analyzer, DNS on cellular appears to modified from my cell provider to what I think is the CloudFlare VPN profile on the device with IP addresses 192.0.2.2, 192.0.2.3, 192.0.2.4.
So the app shows you your DNS logs, without any sort of protection.
I imagine this is a trivially simple way of snooping on an unsuspecting target. Let’s say you don’t trust your spouse. You install this app – showing them the security benefits as advertised by the application, letting them do their own research if necessary – then a day later come back and scroll through their DNS logs looking for cheatonmypartner.com.
This app changes nothing. If you've got access to install software on someones handset then there isn't much they can do to prevent you from installing tracking tools - aside having to trust that you wouldn't.
DNSCloak supports Cloudflare (among many other options), and has since day one. It will also let you choose how to steer DNS traffic, what domains to block and when, has a built-in cache to reduce latency, and more.
Is there a trustworthy third-party review of DNSCloak?
Short of installing & packet sniffing myself, or breaking apart the package; neither of which I have time to do.
(edit: to be clear, I’d love more options, including one that allows me to use Google’s DoH DNS, but I won’t blindly instal an app that intercepts my traffic, even if ‘just’ DNS)
It’s not a real VPN from what I think of a VPN in that my IP is still from my ISP (checked at whatismyip.com) just the DNS requests are encrypted. Still cool though.
Can someone please help me understand something please? I understand that the main feature of 1.1.1. is privacy from the ISP, however, after the DNS resolution when my device will actually go to the destination, lets say to www.example.com domain - my ISP will know about this too, so what exactly am I hiding here?
I trust my UK ISPs ( Goscomb, AA.net ) to whom I pay a monthly fee for service more than I do some US-based company who wants to provide me a critical service for 'free'. And yet which at other times prevents me reaching websites with a 'One more step...' blocker page.
Many sites these days are hosted on cloud services not owned by the company owning the site, and in these cases it can fairly hard to find the actual domain from the IP address. In other cases, however, you’re right—the ISP can still figure out where you’re going.
In conjunction with tls your ISP loses the ability to know the domain. IP then becomes the thing they can track but in many cases that will just route to big IP blocks for hosting providers.
Having netflix.com is a lot more revealing than having an AWS block.
Will they rent/lease/lend/share my data out to partners/non partners/anyone? I understand they clearly state they won’t sell the data or use it (themselves) for ad targeting, but their wording doesn’t cover rental to others.
It's super slow for me. I'm on AT&T fiber at home. Which I can't even set my DNS to without taking everything down. But when using the Cloudfare app it appears to work, but it's 10+ seconds to load a page.
Related tangent: does this (or any other similar app or service) provide a straightforward way to bind a static IP address to outbound HTTP requests? Use case: persistent IP address that can be whitelisted by a secured endpoint.
[+] [-] EZ-E|7 years ago|reply
I believe keeping VPN connected drains the battery because some of the device's chips cannot "sleep"
A VPN-based app also disconnects when going from Wi-FI to cellular.
Worse, when going from cellular to WiFi (ie: going back home) with a VPN on, the iPhone just keeps using the mobile network until the VPN is disconnected
These apps usually try to auto-connect to VPN but when your connection is spotty, it becomes a very annoying, you have to kill the app, disconnect the vpn manually etc
As user you're left manually putting the VPN on/off constantly if you're on the move
It's definitively not a "set and forget thing". I wish Apple could give a way for ad-blockers and this kind of apps to function normally without using a VPN as a crutch
[+] [-] Mistri|7 years ago|reply
[+] [-] blinkingled|7 years ago|reply
[+] [-] sourcesmith|7 years ago|reply
[+] [-] saagarjha|7 years ago|reply
[+] [-] lenocinor|7 years ago|reply
[+] [-] Down_n_Out|7 years ago|reply
[0] https://itunes.apple.com/us/app/dnscloak-dnscrypt-doh-client...
[+] [-] codetrotter|7 years ago|reply
[+] [-] Mistri|7 years ago|reply
[+] [-] z3t4|7 years ago|reply
[+] [-] bart3r|7 years ago|reply
[+] [-] cntlzw|7 years ago|reply
[+] [-] tomschlick|7 years ago|reply
[+] [-] krispbyte|7 years ago|reply
[0] https://f-droid.org/en/packages/org.jak_linux.dns66/
[+] [-] seanp2k2|7 years ago|reply
[+] [-] ChrisAtWork|7 years ago|reply
Having the 1.1.1.1 on my phone is great except when I'm at home and want it disabled.
[+] [-] johnklos|7 years ago|reply
I don't trust them one tiny bit.
[+] [-] eridius|7 years ago|reply
I fully understand disagreeing with Cloudflare’s decision to turn a blind eye towards what their customers are doing. I just don’t understand why this behavior means you “don’t trust them”. What do you think Cloudflare is going to do?
[+] [-] rabboRubble|7 years ago|reply
I am not saying you are wrong, but the decision is which provider do I trust the least? I personally do not trust Verizon Wireless at all and they know my real name, mobile phone number, address, and credit card number. Cloudflare does not have these validated data points about me, so maybe they are using my data in a nefarious way, but they don't have the other PII to go along with it. Perhaps they have a method to match my data requests to publicly purchased PII, but their matching is not already validated by me, so there is a chance for error fuzzing.
[+] [-] whorleater|7 years ago|reply
[+] [-] judge2020|7 years ago|reply
[+] [-] rajacombinator|7 years ago|reply
[+] [-] ptrinh|7 years ago|reply
[+] [-] cjensen|7 years ago|reply
This app enables your DNS requests to be encrypted. Your requests are still seen by Cloudflare, of course.
[+] [-] rabboRubble|7 years ago|reply
Edit: After playing around a bit, with the CloudFlare app alongside Net Analyzer, DNS on cellular appears to modified from my cell provider to what I think is the CloudFlare VPN profile on the device with IP addresses 192.0.2.2, 192.0.2.3, 192.0.2.4.
[+] [-] philliphaydon|7 years ago|reply
[+] [-] dnh44|7 years ago|reply
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] tuananh|7 years ago|reply
[+] [-] jen729w|7 years ago|reply
I imagine this is a trivially simple way of snooping on an unsuspecting target. Let’s say you don’t trust your spouse. You install this app – showing them the security benefits as advertised by the application, letting them do their own research if necessary – then a day later come back and scroll through their DNS logs looking for cheatonmypartner.com.
[+] [-] laumars|7 years ago|reply
[+] [-] seanp2k2|7 years ago|reply
[+] [-] benbristow|7 years ago|reply
[+] [-] kevinSuttle|7 years ago|reply
[+] [-] blablabla123|7 years ago|reply
[+] [-] jedisct1|7 years ago|reply
DNSCloak supports Cloudflare (among many other options), and has since day one. It will also let you choose how to steer DNS traffic, what domains to block and when, has a built-in cache to reduce latency, and more.
[+] [-] elithrar|7 years ago|reply
Short of installing & packet sniffing myself, or breaking apart the package; neither of which I have time to do.
(edit: to be clear, I’d love more options, including one that allows me to use Google’s DoH DNS, but I won’t blindly instal an app that intercepts my traffic, even if ‘just’ DNS)
[+] [-] gigatexal|7 years ago|reply
[+] [-] auslander|7 years ago|reply
1. You won't be able to configure real VPN, iOS allows only one VPN profile. Get a real VPN for native IKEv2 client you have.
2. It gives CF golden mine of your browsing history. It already has your traffic to many sites in plaintext, emails and passwords included
3. You trust the third-party app without the source code, probaly with access all your traffic
[+] [-] odedregev|7 years ago|reply
[+] [-] dingaling|7 years ago|reply
I trust my UK ISPs ( Goscomb, AA.net ) to whom I pay a monthly fee for service more than I do some US-based company who wants to provide me a critical service for 'free'. And yet which at other times prevents me reaching websites with a 'One more step...' blocker page.
[+] [-] Gaelan|7 years ago|reply
[+] [-] kasey_junk|7 years ago|reply
Having netflix.com is a lot more revealing than having an AWS block.
[+] [-] homero|7 years ago|reply
[+] [-] natch|7 years ago|reply
[+] [-] CoryG89|7 years ago|reply
[+] [-] kevinSuttle|7 years ago|reply
> “Cloudflare will never sell your data or use it to target ads. Period.".
https://www.producthunt.com/posts/the-1-1-1-1-app#comment-69...
[+] [-] zackbloom|7 years ago|reply
[+] [-] imagetic|7 years ago|reply
[+] [-] chrisweekly|7 years ago|reply