Related
Long time reviewer, first time poster - can't post in the dev forums until I have 10 postings (sigh).
Question for the devs or others in the know - in the ICS (granted very early) builds, I can't get IPtables to work, but an earlier list of changes seems to indicate that this should be working.
Manifests itself with errors starting the firewall in Droidwall. So, am I doing something wrong or is IPtables not available in the current ICS builds (I'm using the 0120 nightly)?
Other than that and the lack of Flash, my experience with the NC ICS builds has been nothing short of amazing.
Many thanks for the answer and for the ICS builds.
I just noticed this last night when Sshtunnel wouldn't work on my nook, but is fine on a Touchpad. I'd rather not compile my own kernel if enough people would find iptables useful.
Apparently not many CM9 users are concerned about IPtables and restricting access to the internet by apps. Hopefully one of the devs will pick this up for a future build. I worry about the info that my apps are sending out to the extent that I might go back to CM7 on my NC...
It ain't that I am unconcerned, it is just that I don't know the answer. I actually consider a working firewall to be of the utmost importance. I am pretty sure we are not alone. I did have trouble with it too, it said that the kernel came loaded with an updated version of (all numbers approximate) iptables 1.4.1.11 instead of the 1.4.1.10 that the droidwall was looking for. I honestly don't know what the issue is, but I am trying to be kinda ok about it, simply because I bet you dollars to donuts that firewalls work on cm9 sooner or later.
Lots of stuff work on cm9, I just don't feel like I can get my panties in a bunch because my pet issue isn't ready yet. I bet if we're patient it wont be long.
Or I just need to learn how to run the software better. If figure it out I will report back.
I guess my issue is that one of the chagelogs indicated that Netfilter was functioning in the upstream builds, but wasn't (apparently) working in the NC version. "Glad" to see it's not just me, but not so good that it seems to be lingering without a Dev comment.
user17600 said:
I guess my issue is that one of the chagelogs indicated that Netfilter was functioning in the upstream builds, but wasn't (apparently) working in the NC version. "Glad" to see it's not just me, but not so good that it seems to be lingering without a Dev comment.
Click to expand...
Click to collapse
PS - Anyone able to post this question in the Dev thread (I can't due to low posting count)?
[Note: I am not addressing firewalls; just iptables and global SOCKS5 forwarding in this post]
I very much need iptables support in the kernel and it appears to be here now. My needs are for a global proxy that all Android apps using the network will use. In theory, it ought to be as easy as loading the relevant, pre-built kernel module, and writing the correct iptables script to route all outgoing connections through your already-running ssh proxy. There are several apps that do this already.
I noticed there's a newer app for iptables maintenance "Iptables (beta)" in the Market by Moroni Granja, who also wrote the Autoproxy utilities. His utility does indicate that CM 7.2.0-RC1-encore (as of 2012-03-24) does have the required modules on it and offers to update the iptables binary for you which may (or may not) be necessary. I did update mine.
Whether it automatically re-routes all your outgoing connections through your already running SOCKS proxy I have yet to find out [edit: see my **UPDATE** below]. I have seen several apps like this in the market but none have worked on my Nook Color CM 7.1.X but I will try to see if they work on CM 7.2.X with Moroni Granja's utility. Another one that claims "global proxy support" is MAX LV's "ProxyDroid." None of them will open an SSH tunnel using SOCKS dynamic proxying and then iptables to it [edit: see my **UPDATE** below].
Dropbear on Cyanogenmod is not built with "-D" option. If it were, you could open a dynamic socks proxy using "ssh" on the device, set Proxydroid to use 127.0.0.1:58080 as your SOCKS5 proxy, set it to global mode (or set up an iptables script for this), and you have your own SSH tunnel. I don't see any app that will do this all at once anywhere in the market but I'm close to putting together a skeleton if only I had OpenSSH or Dropbear with "-D" dynamic forwarding compiled into it. That's the big obstacle here [edit: see my **UPDATE** below]..
Well, I did write that last paragraph a little hastily. There are two apps, "SSHTunnel" and "SSHTunnel (beta)" which come close to these requirements, but the author specifically notes they are intended for people behind the "Great Firewall" and I have had very little luck getting this to work. However, these apps do have interesting internals that can be used to further the effort for a true SOCKS5 tunnel using SSH to a remote host because, as you may already know, all you need is a remote Unix host to get this to work completely.
**UPDATE** I have successfully used SSHTunnel (beta) to connect to a remote host through the SSH SOCKS5 tunnel without setting any browser settings on CM 7.2.0 on my Nook Color. It is working now, though it's cumbersome to say the least. I am observing several connections on my remote SSH host that are being made from my Nook Color to places like Wikipedia and Google Play Store using http and https, among other things. I cannot confirm that all of my outgoing connections are being made through the SOCKS5 proxy but many are.
The executable being used is named /data/data/org.sshtunnel.bat/sshtunnel and it is actually OpenSSH_5.8p2. OpenSSH is very inefficient as compared to Dropbear. Indeed, the author of SSHTunnel says it will significantly reduce battery life. Replacing this with a Dropbear binary with dynamic forwarding may result in significant speed increase, battery life, and decreased memory usage.
In conclusion, I can report that global SOCKS5 proxy via SSH does work on CM 7.2.0-RC1-encore using the "IPtables (beta)" app in conjunction with SSHTunnel (beta).
Spent this weekend putting all my root goodness back on my G4 -- thanks again to all the devs who worked on this. I didn't realize how much I missed being rooted until I was again!
I had been running AdBlock Plus on my previous phone, galaxy S4, and never thought much about it, but in the course of reading various threads while waiting for root on the G4, it seems like most people mention AdAway as the preferred ad blocking tool. I gave it a shot, and it seemed to be far inferior to AdBlock. So I feel like I must be doing something wrong and was hoping for some discussion on this.
AdAway works by changing the hosts file to block known ad sources. For me this caused several problems. Web pages still load slowly (perhaps because of timeouts associated with trying to access a non-responding server?). There are still large areas on the screen with broken link icons where the ads used to be, which is pretty ugly. I tried using the AdAway local server, to provide a response to the spoofed/blocked domains, it didn't seem to make much difference. Finally, using the default config, many commercial web sites are just blocked entirely, which is a non starter.
My understanding is that AdBlock instead creates a proxy. With AdBlock web pages load MUCH faster than with AdAway, even when running the local server. It also removes the content entirely, instead of just blocking, so the output is a lot prettier.
The difference in web browsing experience was stark for me. AdBlock was the clear winner. So I'm trying to understand why so many people seem to prefer adaway. I would rather use a more light-weight solution if it works as well, but it just didn't seem to for me. Am I missing something?
I prefer AdFree, http://adfree.bigtincan.com/.
jamtre said:
Spent this weekend putting all my root goodness back on my G4 -- thanks again to all the devs who worked on this. I didn't realize how much I missed being rooted until I was again!
I had been running AdBlock Plus on my previous phone, galaxy S4, and never thought much about it, but in the course of reading various threads while waiting for root on the G4, it seems like most people mention AdAway as the preferred ad blocking tool. I gave it a shot, and it seemed to be far inferior to AdBlock. So I feel like I must be doing something wrong and was hoping for some discussion on this.
AdAway works by changing the hosts file to block known ad sources. For me this caused several problems. Web pages still load slowly (perhaps because of timeouts associated with trying to access a non-responding server?). There are still large areas on the screen with broken link icons where the ads used to be, which is pretty ugly. I tried using the AdAway local server, to provide a response to the spoofed/blocked domains, it didn't seem to make much difference. Finally, using the default config, many commercial web sites are just blocked entirely, which is a non starter.
My understanding is that AdBlock instead creates a proxy. With AdBlock web pages load MUCH faster than with AdAway, even when running the local server. It also removes the content entirely, instead of just blocking, so the output is a lot prettier.
The difference in web browsing experience was stark for me. AdBlock was the clear winner. So I'm trying to understand why so many people seem to prefer adaway. I would rather use a more light-weight solution if it works as well, but it just didn't seem to for me. Am I missing something?
Click to expand...
Click to collapse
Just a thought, but AdBlock Plus has to be running 24/7 in the background, so some people may notice or think it takes a hit on battery and system resources. I am running AdBlock Plus now as well, but I downloaded AdFree after the user above recommended it, I'll give it a go.
geoff5093 said:
Just a thought, but AdBlock Plus has to be running 24/7 in the background, so some people may notice or think it takes a hit on battery and system resources. I am running AdBlock Plus now as well, but I downloaded AdFree after the user above recommended it, I'll give it a go.
Click to expand...
Click to collapse
I'll try AdFree too, hadn't seen it before. But it seems to work the same way as AdAway does so I'm not expecting much difference...
I used to use adaway but it broke my Pandora app, and after switching to adblock plus it hasn't crashed
Sent from my LG-H811 using Tapatalk
Some people don't like ABP's "Approved Advertisers" (or whatever they call it), where some ads aren't blocked by default. I know my boss complains about it, but it doesn't typically bother me. That may be the reason some people prefer AdAway (or some other similar host blocker).
I noticed that with Adblock Plus, anytime I tried to go to Android Central i'd get a Error 400 and couldn't open the site. With Adaway it loads fine, minus the godawful scrolling ads.
I used to use AdBlock Plus but I remember there was a reason I switched over to AdBlock instead. I think they were blocking all ads, even those you should just leave alone to support sites you enjoy or something along those lines. Since switching to AdBlock I'm never bothered with ads and enable ads for sites I respect.
I've never really had any of those issues with Adaway. I haven't used ABP in a while but the last time I did (and to the best of my knowledge out still works this way) it was just a proxy, which newer versions of Android wouldn't let the app configure itself. I could never get it working without being really slow and clunky and I couldn't figure out how to use it on a data connection at all. I'm away from wifi a lot so something that doesn't work at all half the time and works poorly the other half was useless to me.
Zorque said:
I've never really had any of those issues with Adaway. I haven't used ABP in a while but the last time I did (and to the best of my knowledge out still works this way) it was just a proxy, which newer versions of Android wouldn't let the app configure itself. I could never get it working without being really slow and clunky and I couldn't figure out how to use it on a data connection at all. I'm away from wifi a lot so something that doesn't work at all half the time and works poorly the other half was useless to me.
Click to expand...
Click to collapse
That's only if you aren't rooted. There is no manual config if you are. You need to be rooted for adaway no matter what so seems fair to compare root mode of ABP only.
I have been using adfree since before they pulled all ad blocking apps from the play store. Adfree doesn't slow anything down or leave broken links in web pages. Pages load fast like they should plus it blocks ads and popups in apps also which is great cause I have been going almost postal on some of these ads popping up when I close some apps. I guess I'm OCD about that.
Yea I noticed that when using Adblock Plus, my links on SlickDeals.net won't work. They get a redirect error and just fail.
Going through a Proxy is dangerous too since any and all traffic goes through them, so be careful when entering login/credit card information. You are also creating a bottleneck where all traffic must go through, so if the Proxy is overloaded or offline, so is your connection unless you change your local routing (I guess by uninstalling the app).
For me it is a back and forth issue. I prefer NOT to use a Proxy. This is a work related phone so I do not want to have any 3rd party company playing Man-in-the-middle with my data traffic.
Personally I like to just block apps on my device. Yes it causes longer page loading times while crap sits there and times out... but at least my data is safe and the page is easier to navigate once the ads are gone.
I just downloaded AdFree from the official website but it requires Root (I haven't rooted yet). I think all Ad blocking apps require root.
Many sites on slickdeals redirect through viglink.com or similar for revenue. All you have to do is whitelist those [*.viglink.com] and it will begin to redirect just fine
player911 said:
Yea I noticed that when using Adblock Plus, my links on SlickDeals.net won't work. They get a redirect error and just fail.
Going through a Proxy is dangerous too since any and all traffic goes through them, so be careful when entering login/credit card information. You are also creating a bottleneck where all traffic must go through, so if the Proxy is overloaded or offline, so is your connection unless you change your local routing (I guess by uninstalling the app).
For me it is a back and forth issue. I prefer NOT to use a Proxy. This is a work related phone so I do not want to have any 3rd party company playing Man-in-the-middle with my data traffic.
Personally I like to just block apps on my device. Yes it causes longer page loading times while crap sits there and times out... but at least my data is safe and the page is easier to navigate once the ads are gone.
I just downloaded AdFree from the official website but it requires Root (I haven't rooted yet). I think all Ad blocking apps require root.
Click to expand...
Click to collapse
Someone correct me if I'm wrong, but the proxy is on you own device. Not in any other server.
seb93 said:
Someone correct me if I'm wrong, but the proxy is on you own device. Not in any other server.
Click to expand...
Click to collapse
Either way adblock downloads the whole page ads and all then removes it. Adblock app has to be running in background to strip ads.
Adaway blocks access to the ad site altogether.
As for site formatting being wrong or not pretty would be the site page programmer programming certaib spaces in the page dedicated to thr ad that was supposed to show there.
I also like no ads in apps and youtube. Hence why I prefer adaway.
Parcing a large host file may require more resources..
In both you can whitelist if youre missing content you'd prefer to see.
clockcycle said:
Either way adblock downloads the whole page ads and all then removes it. Adblock app has to be running in background to strip ads.
Adaway blocks access to the ad site altogether.
As for site formatting being wrong or not pretty would be the site page programmer programming certaib spaces in the page dedicated to thr ad that was supposed to show there.
I also like no ads in apps and youtube. Hence why I prefer adaway.
Parcing a large host file may require more resources..
In both you can whitelist if youre missing content you'd prefer to see.
Click to expand...
Click to collapse
I was just saying that adblock is not "dangerous" because he thought the traffic goes through another server.
Envoyé de mon LG-H815 en utilisant Tapatalk
seb93 said:
Someone correct me if I'm wrong, but the proxy is on you own device. Not in any other server.
Click to expand...
Click to collapse
Correct. Proxying elsewhere can be very dangerous.
I think I can answer this question...ADP sucks (and I use it religiously in Chrome) when it comes to your phone.
It COMPLETELY broke MMS for me (on Cricket). I removed ADP, rebooted, and was good to go.
I've always Adfree as it is simple and lightweight only modifying the hosts file.
Adblock kills MMS for me. Cannot send or receive.
I have a Shield TV arriving later today. On my previous Android box I setup a VPN with a kill switch via AFWall+. This involved the installation of the OpenVPN connect application with my VPN provider details, then I used AFWall+ to prevent any data that didn't originate via a VPN connection, effectively making this a kill switch. This involved allowing both the OpenVPN application and Android's VPN api full access. It's the latter I'm enquiring about, does this api exist on the Shield TV? I've heard that native VPN isn't possible as the normal VPN settings aren't present. But does that include the vpn service api itself?
No one?
Beefheart said:
I have a Shield TV arriving later today. On my previous Android box I setup a VPN with a kill switch via AFWall+. This involved the installation of the OpenVPN connect application with my VPN provider details, then I used AFWall+ to prevent any data that didn't originate via a VPN connection, effectively making this a kill switch. This involved allowing both the OpenVPN application and Android's VPN api full access. It's the latter I'm enquiring about, does this api exist on the Shield TV? I've heard that native VPN isn't possible as the normal VPN settings aren't present. But does that include the vpn service api itself?
Click to expand...
Click to collapse
i have the exact same setup on all my devices, including shield tv, although ive only had to allow the openvpn app, wifi/data/vpn access for things to work, ive never had to allow androids vpn ........is their a specific reason you grant android vpn access?does it not work otherwise?
I use the other openvpn app, by the way
I originally set it up on the tutorial in the link below, which mentions that the VPN Networking service needs to have full access. Is that service present on the Shield?
https://www.privateinternetaccess.c...otection-on-android-with-afwall-requires-root
Beefheart said:
I originally set it up on the tutorial in the link below, which mentions that the VPN Networking service needs to have full access. Is that service present on the Shield?
https://www.privateinternetaccess.c...otection-on-android-with-afwall-requires-root
Click to expand...
Click to collapse
I just checked for you, and yes, its there, mind you, im using zulu's full rom, not sure about stock rom but as with all my devices, i havent needed to allow this for vpn to work.
Unless theres a specific reason to do so, try without on your current devices, i suspect, vpn networking may only apply if you use androids inbuilt vpn found in settings
Edit
By the way, i dont know how far you wanna take it, but afwall has tasker plugin support, which i use to apply an afwall profile, i named "secure", that denies everything when screen turns off......aswell as other things in the same vain
Edit
I do it a little differently then what youre link suggests, i only allow the bare minimum of apps, those that i actually need internet for.......if an app has internet capability, but i have no need for that side of it, its denied, i dont whitelist ALL apps for vpn as your link suggests
I also suspect that guide was written for privateinternets method of using vpn on android, so maybe vpn networking applies if using private internet, but as for my openvpn app, its not needed.......neither is "GPS"
Cheers. Everything set up and working perfectly in stock, no DNS leaks. A combination of AFWall+, VPN and Xprivacy has the device locked down pretty well.
And what a device, the speed is in another league compared to other similar boxes and worth the extra money. I'm glad I returned my newly purchased Minix Neo U1, this thing is so much faster and not as restricted as I was lead to believe. With a bit of work the Shield TV, even on stock, can do as much as any other Android based TV box, even one based on vanilla.
Beefheart said:
Cheers. Everything set up and working perfectly in stock, no DNS leaks. A combination of AFWall+, VPN and Xprivacy has the device locked down pretty well.
And what a device, the speed is in another league compared to other similar boxes and worth the extra money. I'm glad I returned my newly purchased Minix Neo U1, this thing is so much faster and not as restricted as I was lead to believe. With a bit of work the Shield TV, even on stock, can do as much as any other Android based TV box, even one based on vanilla.
Click to expand...
Click to collapse
Yep, ive said it before and ill say it again, the shields an impressive piece of kit for sure
Xprivacy.........snap
We seem to have a very similar setup........believe me, if you wanna take it further at some point in the future.......tasker.........although, fair warning, theres a learning curve
Just some of the more basic things i automate with tasker with plugins like afwalls
When screen goes off, tasker......
Turns off wifi/3g
Turns of bluetooth
Afwall secure profile
Greenify all preselected apps
turn off "unknown sources" for extra measure, as tasker turns this off after it detects an apk install anyway
Turn of "debugging", incase i turn it on one day out of need and forget to turn off
Media volume set to 4 edit:this ones a bit out of place
Aplly afwall profiles depending on what app you happen to be using
Many possibilities with tasker, VERY usefull for many things
Non security related....kinda......... could potentially be used for such if modified
I have a small bluetooth media remote which has the numbers 1 to ten, with tasker and xposed additions module, i fooled around with it, pressing 1 connects the shields bluetooth to the bedroom speakers, long pressing 1 connects to the living room speakers..........i can imagine my self doing some neat stuff with these combination of apps and future accesories
Also, i use it to turn the shields light led to dim to let me now at a glance if the shields on or asleep, without having to change the channel
food for thought for those with similar setups
Edit
By the way, you mention dns leak, i assume you used a test site to check for the leak, any chance of a link? Incase its something very new
This ones the one i use,
https://ipleak.net/
Detects webrtc leaks on the specific browser you happen to be using at the time
Edit
For those interested
More on webrtc here
https://www.privateinternetaccess.c...ome-and-mozilla-firefox-while-using-private-i
If you use firefox or chrome, you can disable manually following this guide
https://www.purevpn.com/blog/disable-webrtc-in-chrome-and-firefox-to-protect-anonymity/
I think there are addons aswell
Edit
"and not as restricted as I was lead to believe"
Yep, i had the same thoughts, just my own assumption really, that android tv was completely different, internally, to "standard" android , pleasantly surprised, no incompatibilities so far............................good to know that stock is like that too :good:
Cheers, I'll read into all that.
One issue I'm finding at the moment is that, on a reboot, AFWall+ doesn't apply as default on the Shield and has to be done manually. This doesn't happen on my Note 3 running Lollipop. I'm sure there is a simple explanation, I'll look into it a bit more.
That website is the one I user to check leaks but there are numerous others too.
Beefheart said:
Cheers, I'll read into all that.
One issue I'm finding at the moment is that, on a reboot, AFWall+ doesn't apply as default on the Shield and has to be done manually. This doesn't happen on my Note 3 running Lollipop. I'm sure there is a simple explanation, I'll look into it a bit more.
That website is the one I user to check leaks but there are numerous others too.
Click to expand...
Click to collapse
Im not sure i understand fully, afwall is not enabled? Or, afwall IS enabled, but your prefered profile is not "applied"?
On full android at least, afwall is enabled upon reboot i havent had any issues in that regard, (saw your other post) i dont need init.d script (usefull to have though, if/when possible)
Have you tried reverting all afwalls settings to default, to rule out that likely suspect
Another likely suspect, xprivacy, but that depends if you restrict everything like i do, including system apps , if so, have you checked xprivacies usage data for afwall and global apps?
Another suspect, could be stock firmware, but i have my doubts about that one
Assuming im understanding the issue correctly
Edit
I dont have "fix startup data leak" checked(as we dont have init.d), nor ipv6 support checked as your link described
Is there a way to make Dns66 properly/usefully work on MIUI?
I've set all kinds of settings I could imagine - as on screenshots, but cannot make it to work:
- Dns66 does not autostart on (re)boot, I must manually start the app and start its VPN
- When screen isblocked and later unlocked, I must again manually reopen Dns66 and manually restart its VPN
Etc.
Huawei' EMUI is e.g. also very picky but yet, Dns66 can be easily (with the same/similar settings) made to work there, and without root:
- Dns66 autostarts on (re)boot and establishes its VPN for DNS
- Dns66 is not running (as an app in the background), only its service runs
- If Dns66 app is started and killed, its service still continues to run
- When screen locks, its VPN closes, but once screen is unlocked, Dns66 automatically re-stablishes its VPN
- When connection breaks and later re-establishes, Dns66 reopens its VPN
The whole point of Dns66 is that it does not require root (on 'normal' phones) - unlike e.g. AdAway (which needs root), so is it possible to make Dns66 to work also on this Xiaomi's EMUI?
Btw, the advantage of Dns66 is not only that it does not require root - it can be also easily stopped/restarted, while stopping AdAway requires to restart the phone; and restarting it requires to update all hosts sources and again to restart the phone
Moreover, with Dns66 you can whitelist URLs (allowing a particular URL blocked by proceeding hosts sources, but for all apps) and also apps (allowing all the otherwise blocked URLs, but for a particular app), whereas with AdAway you can only whitelist URLs
I always used DNS66 on Samsung phones but when I switched to Xiaomi it stopped working, always got Google ads.
I decided to switch to Adguard.
In case of, I suggest to use only stable or beta builds because the nightly ones are often battery eaters.
I had the same problem with dns66. You can use blokada and it works very good. Completely free and no "premium" features
rms112 said:
I had the same problem with dns66. You can use blokada and it works very good. Completely free and no "premium" features
Click to expand...
Click to collapse
Blokada 'works' - showing green, but it doesn't really block me from ads.
With Dns66 I can define several host sources, with Blokada only one DNS server can be enabled - so which one should I use to get me free of ads and analytics?
Tried AdGiard and AdGuard Family - I see the ads
I want with Blokada (if possible) something to be of the same/similar level of protection like when using Blu or Basic EnergizedPtitection hosts sources with Dns66 (or with AdAway - currently cannot use AdAway since I didn't root my Xiaomi yet):
https://block.energized.pro/blu/formats/hosts.txt
https://block.energized.pro/basic/formats/hosts.txt
rms112 said:
I had the same problem with dns66. You can use blokada and it works very good. Completely free and no "premium" features
Click to expand...
Click to collapse
I tried Blokada Slim (as available on Playstore), but it's not the real ad blocker
Edit: Checking now Blokada Open source edition
zgfg said:
Blokada 'works' - showing green, but it doesn't really block me from ads.
With Dns66 I can define several host sources, with Blokada only one DNS server can be enabled - so which one should I use to get me free of ads and analytics?
Tried AdGiard and AdGuard Family - I see the ads
I want with Blokada (if possible) something to be of the same/similar level of protection like when using Blu or Basic EnergizedPtitection hosts sources with Dns66 (or with AdAway - currently cannot use AdAway since I didn't root my Xiaomi yet):
https://block.energized.pro/blu/formats/hosts.txt
https://block.energized.pro/basic/formats/hosts.txt
Click to expand...
Click to collapse
Never seen ads with Adguard.
It works like a charm.
giodeluigi said:
Never seen ads with Adguard.
It works like a charm.
Click to expand...
Click to collapse
As you cited above, I was talking about using AdGuard DNS server in Blokada Slim (not about using AdGuard apk) - and that didn't block ads
And with Blokada Open Source edition, nothing better than with DNs66 - although I enabled Autostart, I must still manually start Blokada on each reboot and leave it working in the background to get it blocking ads
Seems the real problem is in Xiaomi/MIUI (on Huawei, also Android 9, Dns66 can automatically start its invisible service on reboot, restart after every Airplane, without the need to manually start the app)
zgfg said:
As you cited above, I was talking about using AdGuard DNS server in Blokada Slim (not about using AdGuard apk) - and that didn't block ads
And with Blokada Open Source edition, nothing better than with DNs66 - although I enabled Autostart, I must still manually start Blokada on each reboot and leave it working in the background to get it blocking ads
Seems the real problem is in Xiaomi/MIUI (on Huawei, also Android 9, Dns66 can automatically start its invisible service on reboot, restart after every Airplane, without the need to manually start the app)
Click to expand...
Click to collapse
You can also use private Adguard DNS without the need of any third part adblocking app.
giodeluigi said:
You can also use private Adguard DNS without the need of any third part adblocking app.
Click to expand...
Click to collapse
Of course
But anyway, thanks for all the tips, unfortunately none of them provides complete solution for what I was asking for.
I will install the good old AdAway.
I would already root, but it takes a week first to unlock Bootloader
In the meantime, @mods please close the thread
Thread closed at op's request.
strongst
Forum Moderator
Edit: WARNING A few reports of AdAway temporarily stopping the service. You could possibly double up with Adguard or a similar connection blocker. But it's not going to be 100%. Router blocking or a Pi-Hole setup is going to be more secure, so only use this as a temporary measure.
---
I have been able to block FireTV updates using the latest AdAway. It still has the normal rooted method for the lucky folks (edit hosts) but now has VPN "emulation" for those without root. This supposedly uses "VPN API but does not connect to a VPN server" like with editing the DNS but all local to the device. It's open source, on XDA, and has been around forever, so I trust it more than the OpenDNS option.
I don't know how well this works and for how long, but update checks are coming back with errors. It also has a request logger and shows softwareupdates.amazon.com is being triggered & denied. No other domains are checked by the updater after that one fails FWIW.
Latest version 5.11.0
[APP][ROOT/NONROOT][OFFICIAL] AdAway v6.1.0
AdAway AdAway is an open source ad blocker for Android using the hosts file. Google Play Store notice According the Google Play Developer Policy, especially the "Device and Network Abuse" section, ad blocker like AdAway violates the "Apps that...
forum.xda-developers.com
TLDR setup: Sideload it, select the VPN option during setup, let it sync their block lists (mine kept going, so I just force closed and restarted after a few min), add the 5 domains under the router block method here: AFTV, ensure it's set to autostart in preferences. I also turned on "monitor connection" and IPv6 support but may not be needed. Restart.
INSTALL / SETUP
Sideload it
Select the VPN option during first run. I had to use my remote w/cursor but may be able to get around this if you just click ok after moving around a bit or force close it and can get it to start up w/out setup.
Let it sync their default block lists. Mine kept going, so I force closed AdAway after a few minutes.
ADDING AMAZON UPDATE DOMAINSOn the main page, select "Blocked" at the top. Add these from the AFTV article then hit APPLY.
d1s31zyz7dcc2d.cloudfront.net
amzdigital-a.akamaihd.net
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
updates.amazon.com
Click to expand...
Click to collapse
If there are any more, please share. This seems to do the trick though, and the built-in logger doesn't show any other connections triggered when softwareupdates.amazon.com fails. If this prevents another app from working, you can add the app to the exclude list in preferences.
PREFERENCES
Go to Preferences (bottom left) -> click VPN based ad blocker
Make sure it's enabled at startup
I also selected monitor connection and IPv6 support but no idea if its needed
You can exclude apps. Useful if something isn't working OR one of the domains they block by default messes with an app.
Restart the device
Once you're back up, check the notifications and there should be a persistent notification for AdAway, showing it is active. Go check for an update in the FireTV settings. It should show a connection error.
OPTIONAL AUTOMATIONIf you're super paranoid and want to get fancy, AdAway also responds to external commands. If you use something like Tasker or Automagic, you can send intents to start & stop the service. Example workflow: periodically test the update URLs, if they come back with a normal response then AdAway isn't blocking and probably isn't active, send start service intent.
Automation
AdAway is a free and open source ad blocker for Android. - AdAway/AdAway
github.com
thank you very much, looks like it worked! now i get the update error.
i hope this method will stay, but i cant see why not. nothing will update on the firetv now so it should stay.
5.11 will not install due to an error that it requires newer SDK version in Fire OS 6.2.8.1.
I tried this method with Blokada and it seems to work the same so for people having trouble with AdAway I recommend this app instead.
l_p_4_7 said:
I tried this method with Blokada and it seems to work the same so for people having trouble with AdAway I recommend this app instead.
Click to expand...
Click to collapse
Thanks, I have Blokada installed in Nox from a few weeks ago and it works great. I had forgotten about it since I only used it for blocking the VM ads and it didn't occur to me that I could also use it for the FS4K.
l_p_4_7 said:
I tried this method with Blokada and it seems to work the same so for people having trouble with AdAway I recommend this app instead.
Click to expand...
Click to collapse
thanks for the info, i tried adaway one my first firetv cube and it works great, but on my second one somehow it adaway doesnt use a VPN. will give blokada a try.
is there anything special to mind when using blokada?
I just added the domains listed above to the blocked hosts list and then excluded a few apps that might be affected by the VPN (I've excluded YouTube, Plex and Kodi). I haven't noticed any other problems so far.
some feedback:
adaway seems to not autostart anymore on my devices, so i switched completely to blockada.
Blockada seems to work fine now and also autostarts.
Time to set up a pihole it seems.
Codiox said:
some feedback:
adaway seems to not autostart anymore on my devices, so i switched completely to blockada.
Blockada seems to work fine now and also autostarts.
Time to set up a pihole it seems.
Click to expand...
Click to collapse
Yeah unfortunately I think it's having problems for me as well. I caught it mid-update today. Got the pihole planned for this weekend. But all this effort just to use the launcher we want... No idea how the devs here stay motivated to stick around.
psymsi said:
Yeah unfortunately I think it's having problems for me as well. I caught it mid-update today. Got the pihole planned for this weekend. But all this effort just to use the launcher we want... No idea how the devs here stay motivated to stick around.
Click to expand...
Click to collapse
Actually i just set up the pihole last night, was really easy following a tutorial and it works great.
I recommend using RaspberryOS light without a Desktop. With this the RaspPi only uses about 1-3% CPU and like 5MB RAM while operating.
i used an old RaspPi 1B+ i bought back in 2012.
l_p_4_7 said:
I tried this method with Blokada and it seems to work the same so for people having trouble with AdAway I recommend this app instead.
Click to expand...
Click to collapse
Did you enter those 5 lines in blocked hosts in Blokada? Or where did you enter them? Someone on another posts mentioned they entered them in the blocked hosts so i did the same but it did not work or block updates.