Related
Since I run TOR on my computer I figured I'd check into it for Android and wouldn't you know, it exists. In this age of tracking and privacy going out the door, it's nice to still be able to retain a bit of anonymity.
EDIT: I figured I'd add a small explanation for anyone that's interested in this and doesn't know what TOR is.
Without getting into great detail, some of which I'd have no clue what the hell I'm talking about, it's a way to be anonymous. If you do it correctly no longer will your IP address show up as you current IP which can be used to spy, hack, trace, ad target, and so on. Your IP will show up as something else. e.g. My current location is Overland Park, KS - my IP will reflect this, my ISP also knows my exact address from that IP. With TOR my IP shows up as being located in say, Russia. Problem solved, no more tacking and other bs.
This isn't a pass to do what you want online, you're still a human so act like it. It's just a take back a little bit of privacy and anonymity.
theSpam said:
To simplify things, TOR does onion routing which involves routing your traffic through a number of hosts to final host called the exit node. Exit nodes directly communicate with other hosts on the Internet. The use of exit nodes and encryption throughout this process provides anonymity. See this for more info: http://en.wikipedia.org/wiki/Tor_(anonymity_network)
Click to expand...
Click to collapse
Thanks theSpam
UPDATE: I fixed the issue of Orbot not connecting me to the TOR network. There are more in depth methods but I'll just give the quick and dirty version. After installing Orbot make sure everything is unchecked in setting except: start on boot, transparent proxying, tor everything.
Download ProxyDroid and in setting:
proxy host: 127.0.0.1
Port: 8118
Proxy type: HTTP
Auto connect: check
Global Proxy: check
don't mess with anything else unless you know what you're doing.
Now you can check your IP or use Orbot to check if you're on the TOR network. Enjoy.
Tor? I'm curious
dont send me pm's crying about how i hurt your feelings in a thread
So you know what Tor is then?
Well I installed it and so far it's working aside from not actually connecting me to the network. My IP stays the same so I guess I have to do a few things manually, oh well. When you first boot up and it's starting it eats the processor like a fat lady eats cake but that goes away after 15-20 seconds. On the plus side it doesn't start loading until after the system has finished loading completely so boot times aren't effected.
No sir I'm not sure what TOR is. Was hoping you might shed a lil light on the subject.
dont send me pm's crying about how i hurt your feelings in a thread
OK I updated the OP for you. Hopefully I got it right. I'm not a network genius so I may be a little off.
To simplify things, TOR does onion routing which involves routing your traffic through a number of hosts to final host called the exit node. Exit nodes directly communicate with other hosts on the Internet. The use of exit nodes and encryption throughout this process provides anonymity. See this for more info: http://en.wikipedia.org/wiki/Tor_(anonymity_network)
My main concern with this app is with how TOR works. Does anyone know if Orbot will turn your phone into node used for intermediary routing? (the desktop version does this)
theSpam said:
To simplify things, TOR does onion routing which involves routing your traffic through a number of hosts to final host called the exit node. Exit nodes directly communicate with other hosts on the Internet. The use of exit nodes and encryption throughout this process provides anonymity. See this for more info: http://en.wikipedia.org/wiki/Tor_(anonymity_network)
My main concern with this app is with how TOR works. Does anyone know if Orbot will turn your phone into node used for intermediary routing? (the desktop version does this)
Click to expand...
Click to collapse
There's an option in the settings for it but it's not activated by default. I couldn't imagine switching that option on while using 4G
T-Mo blocks access to web pages if they see a certain UA string, its pretty easy to get around, but my question is,
Isn't how they are blocking us illegal? For them to be able to block this would they not need to do deep packet inspections?
Which is not legal to do to your customers in the U.S. unless you have government permission?
Or am I wrong, did we allow this somewhere when we signed the contract?
ThaDSman said:
T-Mo blocks access to web pages if they see a certain UA string, its pretty easy to get around, but my question is,
Isn't how they are blocking us illegal? For them to be able to block this would they not need to do deep packet inspections?
Which is not legal to do to your customers in the U.S. unless you have government permission?
Or am I wrong, did we allow this somewhere when we signed the contract?
Click to expand...
Click to collapse
It is in the TOS and in the end it is their network not public airwaves. If you tether and do not follow the TOS they have every right to cancel you. They also have every right to see what kinds of packets are passing through and where they are going to and coming from
There is no reasonable expectation of privacy on the internet. It is a common misconception
CARBON NIGHTLIES. | KROZ BROWN Theme | Crack Flasher
RonnieRuff said:
It is in the TOS and in the end it is their network not public airwaves. If you tether and do not follow the TOS they have every right to cancel you. They also have every right to see what kinds of packets are passing through and where they are going to and coming from
There is no reasonable expectation of privacy on the internet. It is a common misconception
CARBON NIGHTLIES. | KROZ BROWN Theme | Crack Flasher
Click to expand...
Click to collapse
Thank you, so it is in the TOS.
Now do you think I can argue them into removing this block?
I already tried it and it seemed to be working but they never called me back.
My argument was that I want to be able to use Chrome for desktop 28 UA strings to always have a desktop view, and by them not allowing me that liberty I can not load certain websites to get the full experience on my Note 2.
"Your limiting my Note 2 not a tether!".
Think if I keep going they'll give me what I want? Or should I just give up and drop it?
ThaDSman said:
Thank you, so it is in the TOS.
Now do you think I can argue them into removing this block?
I already tried it and it seemed to be working but they never called me back.
My argument was that I want to be able to use Chrome for desktop 28 UA strings to always have a desktop view, and by them not allowing me that liberty I can not load certain websites to get the full experience on my Note 2.
"Your limiting my Note 2 not a tether!".
Think if I keep going they'll give me what I want? Or should I just give up and drop it?
Click to expand...
Click to collapse
I do not see them changing their business model concerning tethering based on that argument.
Background on DPI
Service providers obligated by the service-level agreement with their customers to provide a certain level of service and at the same time, enforce an acceptable use policy, may make use of DPI to implement certain policies that cover copyright infringements, illegal materials, and unfair use of bandwidth. In some countries the ISPs are required to perform filtering, depending on the country's laws. DPI allows service providers to "readily know the packets of information you are receiving online—from e-mail, to websites, to sharing of music, video and software downloads".[8] Policies can be defined that allow or disallow connection to or from an IP address, certain protocols, or even heuristics that identify a certain application or behavior.
CARBON NIGHTLIES. | KROZ BROWN Theme | Crack Flasher
Ok, thanks for that info, so no threatening to sue (not that I would do that.) And I did indeed agree to this....damn.
I was going to try to give them some BS about being a website designer needing to test my sites with different UA to test for compatibility.
You know, any bullocks someone who isn't tech savy would believe. I mean I was getting somewhere in the store until the manager (he was so confused) decided to call support and they put me off for 3 days. Today is Day 3. If I cant convince them today, I will give up and continue to use the stupid Opera UA.
Thanks again, now I know what I'm working with.
Isn't it true that you can tether/hotspot if you root? I have no block.
Also, with reference to the "desktop experience", have you tried Puffin?
ThaDSman said:
T-Mo blocks access to web pages if they see a certain UA string, its pretty easy to get around, but my question is,
Isn't how they are blocking us illegal? For them to be able to block this would they not need to do deep packet inspections?
Which is not legal to do to your customers in the U.S. unless you have government permission?
Or am I wrong, did we allow this somewhere when we signed the contract?
Click to expand...
Click to collapse
It's not necessarily that they are just watching packets, but when your IP is sent out over certain channels it sets off a flag. Simple programming stuff:
Code:
("If UA=X, then Run "UpgradeService.Script")
It's because when you tether the traffic by default (it's in framework-res.apk) is pc.tmobile.com and that is not the main APN that is used by the phone itself. Strings need to be modified so that APN is replaced with the regular data APNs for it to be undetectable.
KillaHurtz said:
It's not necessarily that they are just watching packets, but when your IP is sent out over certain channels it sets off a flag. Simple programming stuff:
Code:
("If UA=X, then Run "UpgradeService.Script")
It's because when you tether the traffic by default (it's in framework-res.apk) is pc.tmobile.com and that is not the main APN that is used by the phone itself. Strings need to be modified so that APN is replaced with the regular data APNs for it to be undetectable.
Click to expand...
Click to collapse
But I' on a AOSP rom, RootBox, would it still be in my framework?
RonnieRuff said:
I do not see them changing their business model concerning tethering based on that argument.
Background on DPI
Service providers obligated by the service-level agreement with their customers to provide a certain level of service and at the same time, enforce an acceptable use policy, may make use of DPI to implement certain policies that cover copyright infringements, illegal materials, and unfair use of bandwidth. In some countries the ISPs are required to perform filtering, depending on the country's laws. DPI allows service providers to "readily know the packets of information you are receiving online—from e-mail, to websites, to sharing of music, video and software downloads".[8] Policies can be defined that allow or disallow connection to or from an IP address, certain protocols, or even heuristics that identify a certain application or behavior.
CARBON NIGHTLIES. | KROZ BROWN Theme | Crack Flasher
Click to expand...
Click to collapse
As much as I hate to agree with him on anything he's right on his tmobile policy stuff I think he's one of their lawyers
Sent from my GT-N5110 using Tapatalk 2
What worries me is that I use firefox ua on boat browser...
Can they think I am tethering because of this?
If I do tether I use ssh tunnel, so its undetectable.
dima202 said:
What worries me is that I use firefox ua on boat browser...
Can they think I am tetherithe store or call their supportng because of this?
If I do tether I use ssh tunnel, so its undetectable.
Click to expand...
Click to collapse
If you successfully connect to the internet on your tethered device without the Upsell redirect I think your good. It seems like that's the only block. I found a UA that isn't blocked and gives a desktop view all the time, I can pm it to you if you like. I've been using it for about 4 days now with no issues also I've pulled 53GB so far with no limiting or throttling. I never did go back to the store or call their support.
ThaDSman said:
If you successfully connect to the internet on your tethered device without the Upsell redirect I think your good. It seems like that's the only block. I found a UA that isn't blocked and gives a desktop view all the time, I can pm it to you if you like. I've been using it for about 4 days now with no issues also I've pulled 53GB so far with no limiting or throttling. I never did go back to the store or call their support.
Click to expand...
Click to collapse
I'd like to know what you're using to get tethering to work pm me or post away thanks!
Sent from my SGH-T889 using xda premium
I used to always unlock bootloaders, install TWRP, flash clean Android and load up AdAway until my latest S20 acquisition. The intention was to wait out the 2yr warranty period and then do it until I learned that ad blocking was possible using the Private DNS setting.
Over the first days of using my new S20 I was really shocked at the volume of crap blasting at me that AdAway was blocking in the past, so trying out Private DNS was a welcome relief (dns.adguard.com).
It's only been a few days since I've done this and I just applied the setting to the wife's (stock) Huawei P20 Pro, and yes a large volume of ads are now missing, a sight for very sore eyes.
Just wondering if others have had positive and/or negative experiences using Private DNS for ad blocking. I saw Pixel 2s were rebooting but I'm sure the latest versions of Android would have sorted this by now. I haven't experienced anything untoward so far but I'm a very light user and only had the phone 4 days.
Works great for me! No more Blokada, DNS66, et al. Been using this since my Note 9.
Install youtube vanced and you're all set.
Tried dns.adguard.com before but some ads were still going through so i stuck to blokada, but now it seems to work fine, no more vpn icon
Used AdAway on rooted devices too ... with dns.adguard.com i had no problems while using it .... if you want, try this.. dns.keweon.center ..which i currently use...also excellent DNS
No need to use VPN Ad blockers.
Instead of dns.adguard.com use nextdns.io
Get free account and configure it as You want, with many filters full loging etc. It's better than AdAway.
Then You can set private dns to Your custom nextdns config.
krogoth said:
No need to use VPN Ad blockers.
Instead of dns.adguard.com use nextdns.io
Get free account and configure it as You want, with many filters full loging etc. It's better than AdAway.
Then You can set private dns to Your custom nextdns config.
Click to expand...
Click to collapse
Thanks for this tip.
I've just set it up after a week of quite successful dns.adguard.com ad blocking but I really like the enormous flexibility of nextdns.io and its (potential) threat protection, as well as the logging (in CH) and analytics. Reminds me of OpenDNS but with ad blocking as well!
I have recommended it to a friend with two younger boys, he might appreciate the content filtering side for them, but generally the one thing that has irked me about smartphones is the potential for accidentally landing on a new malware site even if it is unlikely to infect Android.
The problem with the any DNS or VPN based blocking method: Chrome will randomly stop functioning whenever I am connected to any wifi network.
It will just stop loading random sites, not show all pictures in Google Image search, not show anything anymore when you click back and forward or just stop loading anything at all.
Go to mobile connection, it immediately works. Disable the DNS/VPN blocker, it immediately works.
Reconnect wifi, it will work again for a while. Can be two days, can be ten minutes. It's completely random.
I am not able to figure out ANY reason why this is happening.
I know Chrome has its own DNS resolver and you should disable it when using DNS based blocking methods (disable async dns resolver and clear dns cache), and while this fixes the problem that not all ads are blocked in a reliable way, it doesn't fix the wifi connection loss.
Using DNS or VPN based blockers only cause problems in Chrome, no other app.
I know I could just switch browsers, its just that I use Chrome on desktop as well and like the synced bookmarks.
Does anyone have any idea why using a VPN/DNS based adblocker would cause Chrome to specifically stop working randomly only in a wifi network, but not via mobile?
I have had this issue over several devices and Android versions for years now and I can't figure it out.
fBx said:
Does anyone have any idea why using a VPN/DNS based adblocker would cause Chrome to specifically stop working randomly only in a wifi network, but not via mobile?
Click to expand...
Click to collapse
Does it happen only on your home network? If so, are you using additional adblockers such as Pi-hole or dns.adguard..com as your router's default DNS?
Interesting that it happens only with mobile Chrome. Just another reason to stop using Chrome....
just use Disconnect Pro instead, Adblock through KNOX.
Sorry guys you all lying to urselfs... best adblock is still only via root available! Energized or AdAway is where it's at.
chieco said:
Sorry guys you all lying to urselfs... best adblock is still only via root available! Energized or AdAway is where it's at.
Click to expand...
Click to collapse
Thanks captain obvious! Now go root my north american snapdragon s20...
Adguard for Android is nice, not the app store version either. It's on adguard.com
Sent from my SM-G988U using Tapatalk
[email protected] said:
just use Disconnect Pro instead, Adblock through KNOX.
Click to expand...
Click to collapse
This is a fantastic solution!
[email protected] said:
just use Disconnect Pro instead, Adblock through KNOX.
Click to expand...
Click to collapse
Thank you for this! I missed adhell so much since it worked through Knox as well. Right now I'm running private dns on my phone from adguard and I'm going to use this app along with it as well.
Just go buy a Raspberry Pi Zero W and throw an SD card into it, install Pihole on it and VPN into your home network. Most modern routers have a VPN server built into them, Samsung phones all have a VPN client built in, and you can get a Pi Zero for $10 (or under $20 bundled with an MicroSD if you don't have one lying around from an old phone).
No root or special software on the phone end needed, and once the Pi is set up it's plug and play.
---------- Post added at 05:51 PM ---------- Previous post was at 05:40 PM ----------
sublimaze said:
Does it happen only on your home network? If so, are you using additional adblockers such as Pi-hole or dns.adguard..com as your router's default DNS?
Interesting that it happens only with mobile Chrome. Just another reason to stop using Chrome....
Click to expand...
Click to collapse
Chrome is purposely crippled to do this - there's even a dev flag to disable the behavior. It's the main reason I stopped using it and disabled it entirely. I went to Samsung's browser and have actually been really happy with it - the dark mode actually makes all web sites dark, even the ones that don't work with Chrome's.
Thank you.
Do you see any issues accessing very secure sites like banks thru the DNS blocks?
sublimaze said:
Does it happen only on your home network? If so, are you using additional adblockers such as Pi-hole or dns.adguard..com as your router's default DNS?
Interesting that it happens only with mobile Chrome. Just another reason to stop using Chrome....
Click to expand...
Click to collapse
rustyram02 said:
Do you see any issues accessing very secure sites like banks thru the DNS blocks?
Click to expand...
Click to collapse
If the blocker is doing its job correctly, it shouldn't have issues with any legit site. This actually protects you since most of the blockers also block malicious domains so if you accidentally click a phishing link it *might* keep you from getting to it.
The problems you WILL see if that sponsored results in search engines will stop working, because they route through an ad site rather than directly to the thing you want to go to. Once you get used to ignoring the top few results in Google, it's not so bad. There's also the issue of sites that block you if they detect an ad blocker. Most sites aren't smart enough to be able to detect a DNS based blocker, but if they are you will either not be able to use the site, or you'll need to turn the DNS blocker off or whitelist the site while you do.
Illrigger said:
If the blocker is doing its job correctly, it shouldn't have issues with any legit site. This actually protects you since most of the blockers also block malicious domains so if you accidentally click a phishing link it *might* keep you from getting to it.
The problems you WILL see if that sponsored results in search engines will stop working, because they route through an ad site rather than directly to the thing you want to go to. Once you get used to ignoring the top few results in Google, it's not so bad. There's also the issue of sites that block you if they detect an ad blocker. Most sites aren't smart enough to be able to detect a DNS based blocker, but if they are you will either not be able to use the site, or you'll need to turn the DNS blocker off or whitelist the site while you do.
Click to expand...
Click to collapse
Yeah I stopped clicking the top search results a long time ago. I was an avid AdGuard user, but their app used too much battery. I changed my default DNS to dns.adguard.com and it blocks ads as well as their app, without the battery hit.
In 2017, I purchased two Adguard lifetime licences for $10/each ($20 total), one of my best purchased ever! Now the same license is $70/each.
Have not had a need to root and still no ads on our phones for years now!
Alright, I'm in that nice panic stage where you've learned enough to scare yourself but don't know enough to reassure yourself.
Had a factory reset recently, seems likely it was due to 3rd party lock/wipe app i triggered while dealing with my dog. (But not 100% sure there was a drop just prior and I've had stability issues since school has required me add a work profile but, of course tech support for both Microsoft and my school have zero response to inquiries)
Any way, user certificates now has two:
FindMyMobile
AttestationKey_com_wssyncmldm
And I have no idea how to verify those in any way. Its quite possible isn't it that an app could have actually installed them right?
Findmymobile, obviously is such a cert, allowing for find my mobile. It has a key a CA cert and user cert.
AttestationKey_com_wssyncmldm
Has a user key and user cert
I would say it's the school/work profile. Microsoft InTune is for enterprise IT management. If your school's IT managers don't know how to configure it, it can screw things up for everyone.
Try deleting your school profile and see what happens.
My company recently migrated from Google to Microsoft services and when I added my company as a work profile, my phone started acting wonky.
Sent from my SM-N976V using Tapatalk
I would reload and not put the crapware back on it.
It's your phone... my favorite word is No!
I have zero faith in the new MS; don't run any of their cloud junk on my 10+ and never will.
Find my device is normally present. You can disable it as a device administrator in advanced security settings.
It will auto enable on reboot or sometimes when you go to Playstore.
HungryRobotics said:
Alright, I'm in that nice panic stage where you've learned enough to scare yourself but don't know enough to reassure yourself.
Had a factory reset recently, seems likely it was due to 3rd party lock/wipe app i triggered while dealing with my dog. (But not 100% sure there was a drop just prior and I've had stability issues since school has required me add a work profile but, of course tech support for both Microsoft and my school have zero response to inquiries)
Any way, user certificates now has two:
FindMyMobile
AttestationKey_com_wssyncmldm
And I have no idea how to verify those in any way. Its quite possible isn't it that an app could have actually installed them right?
Findmymobile, obviously is such a cert, allowing for find my mobile. It has a key a CA cert and user cert.
AttestationKey_com_wssyncmldm
Has a user key and user cert
Click to expand...
Click to collapse
So are these both normal then?
sirv said:
So are these both normal then?
Click to expand...
Click to collapse
I don't know. I don't have a work profile set, and I show no user certificates.
The names seem off too. I see why the OP was a bit shook up. I'm running a AT&T 10+
Here's how they show on my 10+, it's running fast and clean.
sirv said:
So are these both normal then?
Click to expand...
Click to collapse
Find my mobile is for find my mobile being active when you have a VPN that may block it.
The other I still don't know but may be Knox related under same circumstances.
Thank you, @blackhawk and @HungryRobotics
I had a similar guess, that findmymobile was the Samsung service. Since I was using a VPN-based ad block (Adguard), it makes sense that it appeared there.
As for the other one (AttestationKey_com_wssyncmldm), I'm still not sure, but I wonder if it was for the Link to PC service.
It's alarming to find anything in User Certificates, honestly, and there seems no way to get information that they are legit. My hope is that it is only the system apps that can install certificates without user intervention.
sirv said:
Thank you, @blackhawk and @HungryRobotics
I had a similar guess, that findmymobile was the Samsung service. Since I was using a VPN-based ad block (Adguard), it makes sense that it appeared there.
As for the other one (AttestationKey_com_wssyncmldm), I'm still not sure, but I wonder if it was for the Link to PC service.
It's alarming to find anything in User Certificates, honestly, and there seems no way to get information that they are legit. My hope is that it is only the system apps that can install certificates without user intervention.
Click to expand...
Click to collapse
wssyncmldm is the infamous AT&T updater usually listed as in my previous screen shot.
Seems it might have something to do with this.
My guess is it has to do with setting up the work profile.
If it was there on the AT&T stock rom, after a factory reset it should be ok.
Maybe check with AT&T.
blackhawk said:
wssyncmldm is the infamous AT&T updater usually listed as in my previous screen shot.
Seems it might have something to do with this.
My guess is it has to do with setting up the work profile.
If it was there on the AT&T stock rom, after a factory reset it should be ok.
Maybe check with AT&T.
Click to expand...
Click to collapse
I don't have AT&T, but it could be an updater for my carrier.
sirv said:
I don't have AT&T, but it could be an updater for my carrier.
Click to expand...
Click to collapse
Those apps have every permission under the sun. Check to see what is set as system administrators. Find my Device will be there.
I don't know.
Maybe it's nothing but what if it's something
I found these and other User Certificates on another device, too. It's disconcerting. Is it known, can any app install User Certificates?
This may be helpful:
How To Remove all Stored Certificates on Android - Technipages
Ever been greeted by a popup saying, "The certificate doesn't come from a trusted authority?" when trying to access a website? These security certificates
www.technipages.com
Lockdown time, add Karma Firewall, a VNP based freeware app that uses almost no battery and has logging. Can run at boot up.
I also use this setting to globaly block ads...
blackhawk said:
This may be helpful:
How To Remove all Stored Certificates on Android - Technipages
Ever been greeted by a popup saying, "The certificate doesn't come from a trusted authority?" when trying to access a website? These security certificates
www.technipages.com
Lockdown time, add Karma Firewall, a VNP based freeware app that uses almost no battery and has logging. Can run at boot up.
I also use this setting to globaly block ads...
Click to expand...
Click to collapse
It's strange, I can find nothing online about common entries in User Certificates on Android. My thought is that they get generated when VPN is used, such as AdGuard.
Thanks for the Private DNS tip for ad blocking. In the meantime, I have been using Disconnect Pro (based on Knox).
sirv said:
It's strange, I can find nothing online about common entries in User Certificates on Android. My thought is that they get generated when VPN is used, such as AdGuard.
Thanks for the Private DNS tip for ad blocking. In the meantime, I have been using Disconnect Pro (based on Knox).
Click to expand...
Click to collapse
Can you delete them?
If you don't do/want OTA updates wssyncmldm isn't needed.
I'm still happily running on Pie...
I've ask this question before of other phones in other forums....and didn't have a good solution.
I have a new, unrooted US TMo S22. I'd like to replace the Hosts file to block the tons of ad sites while browsing.
Without having to root the phone...
1) does anyone know of a way to replace hosts?
2) or to redirect hosts lookup by browser to a location in the open storage file system location where I can transfer my preferred hosts file?
One solution may be to replace the DNS lookup to a custom server that blocks ads... Anyone tried that?
tia
I use a pihole dns server on my home network, works great at reducing ads.
Thanks! I use dual Pi-Holes on my home network and 2M line block list, yeah it works great.
I'm interested in when I'm away from home mostly. Or on 5G cellular.
I'm trying out Custom DNS entry for now, using DNS.AdGuard.com.
Wisiwyg said:
Thanks! I use dual Pi-Holes on my home network and 2M line block list, yeah it works great.
I'm interested in when I'm away from home mostly. Or on 5G cellular.
I'm trying out Custom DNS entry for now, using DNS.AdGuard.com.
Click to expand...
Click to collapse
You can also try blokada or adaway which work without root as VPN. Be sure to get them from f-droid
Wisiwyg said:
Thanks! I use dual Pi-Holes on my home network and 2M line block list, yeah it works great.
I'm interested in when I'm away from home mostly. Or on 5G cellular.
I'm trying out Custom DNS entry for now, using DNS.AdGuard.com.
Click to expand...
Click to collapse
Set up a NextDNS account. You get more control over what you filter and what you don't. Free version gives you 300k blocks a month, which should be more than enough for a single device. I put it on my entire network though, so I pay the yearly $30 fee.