this post was submitted on 14 Mar 2024
19 points (75.7% liked)

Privacy

31974 readers
263 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

After the discussion in the following post I dug a bit deeper the rabbit hole.

While I mostly relied on Exodus to see if an app has trackers in it... I was baffle to see all the sketchy requests it made while dumping the DNS requests with PCAPdroid...

Over 200 shady requests in a few seconds after login... here's a preview:

While I don't use AdguardVPN, I have Adguard Home as my DNS server in my homelab... I think It's time to switch to pi-hole !

Edit: VPN pcapdroid

top 8 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 8 months ago* (last edited 8 months ago) (1 children)

I really wish I knew WTF was going on here. I don't use iOS, but from what I've heard, there are approximately two ways to enable decent content blocking on it and AdGuard has always been recommended as one of them.

If they're stealing data intentionally, this seems like the dumbest way to go about it. And if it's not intentional, what a mess. And if you're somehow getting inaccurate data... How?

[–] [email protected] 5 points 8 months ago* (last edited 8 months ago)

And if you’re somehow getting inaccurate data… How?

I'm not sure how I could get inaccurate data. I have a rooted android and de-bloated to a maximum. PCAPdroid only works without a VPN connection... And those requests appear when I open the AdguardVPN app.

Other apps like Firefox doesn't send that much DNS requests just the usual ingest.sentry.io.

Edit: I have added other screenshots

[–] [email protected] 2 points 8 months ago (2 children)

A lot of paranoia on this community :(

There's a few sign in checks (The variety makes me think Disqus or something similar.), a couple of keep alives, your phone registering for Wi-Fi calling, Fallback DNS requests, a couple of CDN requests which I would get is likely update checks and finally YouTube content for NewPipe. I think I'm seeing five tracking cookies based on the rest of your apps here, probably being sent "Do Not Track" requests.

[–] [email protected] 8 points 8 months ago* (last edited 8 months ago)

This dump is only from AdguardVPN app. This traffic is not my routed traffic to the VPN.

As you can see on the second screen my vpn is connected to PCAPdroid.

And 800 requests in less than a minutes on a rooted/debloated android?

I have seen a lot of keep alive/cdn packets and fallback dns... and I know how a VPN and routing works. I have setup my whole homelab with selfhosted wireguard/dns/router... I have seen a lot of request on my Adguardhome and played arround with wireshark to see the whole network traffic.

Sure on a whole network there is a lot of traffic, but this amount of request for a single app? There's something fishy !

Edit: Try it for yourself and post some screenshots.

[–] [email protected] 4 points 8 months ago

N0x0n started as a skeptic and used one piece of software to test it, I used NetGuard and was pretty skeptical myself... do you have the VPN app and can you test too?

[–] [email protected] 2 points 8 months ago (1 children)

These all seem like pretty run-of-the-mill dns requests. Are there specific requests that give you some pause?

[–] [email protected] 11 points 8 months ago* (last edited 8 months ago)

Hummm... These are probably normal request for the "average user", but not for privacy advocates from this community:

37.120.218.14 33across.com

33Across has over 15 years of experience building identity resolution technology, programmatic monetization, and audience segmentation through big data and a global first-party publisher foundation. Future-proofing the industry's addressable infrastructure, 33Across provides direct access to critical signals that power privacy-safe ...

193.19.204.51 usc1-gcp-v61.api.snapchat.com

Snapchat's Marketing API

66.203.113.242 match.prod.bidr.io/

Match.prod.bidr.io. Match.prod.bidr.io is an application for Chrome, Firefox, Edge and other Windows browsers that can annoy you with hundreds of pop-up ads, banners and promotional messages. In addition to that, Match.prod.bidr.io may automatically redirect your web searches to pre-defined web pages that generate pay-per-click revenue.

212.102.40.187 init.supersonicads.com

init.supersonicads.com is 's script. Going forward, it's going to need help adding value to your business' marketing efforts. Since 2017, this script has been at least 20-25% less effective than you think. Why? Because privacy-first browsing is here. This is a game changer for scripts like init.supersonicads.com and businesses like yours ...

Just to name a few... The list goes on... If this doesn't raises an eyebrow of suspicion, than the privacy community is probably useless....

Also, most of those links are blocked by default by uBlock origin.

Edit: Why would a VPN application make a request to tiktokcdn.com.c.bytefcdn-oversea.com ? Okay It's "just" a CDN, but why In the hell tiktok? I have never used any of those sketchy apps why would It need to go to tiktok or snapchat?

[–] [email protected] 1 points 8 months ago

I recommend Wireguard VPN, is in kernel.