this post was submitted on 06 Oct 2023
57 points (100.0% liked)

F-Droid

8069 readers
23 users here now

F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.

Website | GitLab | Mastodon

Matrix space | forum | IRC

founded 3 years ago
MODERATORS
 

I am pretty excited about this new release. The app is open source and seems to follow strict security standards.

top 14 comments
sorted by: hot top controversial new old
[–] dutchkimble@lemy.lol 3 points 1 year ago (3 children)

Does it allow split tunneling so you can blacklist/whitelist apps to go through VPN or not?

[–] Pantherina@feddit.de 4 points 1 year ago

Yes on Android it allows permanently set split tunneling. Btw, all system apps CAN bypass the VPN if they want. Captive portal, connectivity check and possibly SUPL do this. So GrapheneOS, maybe distros with the same patches, the rest will send your IP to Google.

On Android root you can use Magisk modules to change the SUPL provider. Using an adb permission "captive portal control" can change the captive portal server.

But nothing can change the connectivity check, device attestation and whatnot, which still all go to Google.

[–] DarkThoughts@kbin.social 2 points 1 year ago* (last edited 1 year ago)

Not in a comfortable way unfortunately.
You can launch an app through the Mullvad app which then will be launched bypassing the VPN until it is closed. You cannot permanently blacklist / whitelist specific apps to always / never be routed through the VPN.

Edit: Didn't see the community. On Android it seems to feature a whitelist for apps to not be routed through the app, which seems to be permanent. Not sure why the desktop version does not have that.

[–] netchami@sh.itjust.works 0 points 1 year ago

It already had split tunneling, didn't it?

[–] netchami@sh.itjust.works 3 points 1 year ago* (last edited 1 year ago) (3 children)

Unfortunately still no multi-hop though. That's the reason why I'll stay with IVPN, I guess.

I'm just using Mullvad as is but yeah, kinda bummer.

[–] Pantherina@feddit.de 3 points 1 year ago (3 children)

What is the advantage? Its not Tor, dont the nodes know your full route?

[–] netchami@sh.itjust.works 3 points 1 year ago (1 children)

I'm pretty sure the entry server doesn't know the destination, as WireGuard encrypts everything, and it wouldn't make sense for the entry node to already decrypt the traffic. It also protects against ISPs or other companies/institutions monitoring network traffic.

[–] Pantherina@feddit.de 3 points 1 year ago (1 children)

So it works like tor, with encryption layers?

[–] netchami@sh.itjust.works 3 points 1 year ago

I think so. But with Tor, you of course get the benefit that (ideally) all 3 nodes are run by different parties, which is not the case with multi-hop VPNs. They might be hosted by different server providers, but they are still all administered by the VPN provider.

ISP(and ultimately, authorities) will have harder time making ties with you and the server you visited.

[–] jet@hackertalks.com 2 points 1 year ago

Ignoring privacy features, its a great way to make up for bad internet routing, so I can connect to local mullvad server, then route my traffic to far away mullvad server, and get a better connection (latency, packet loss) then if i went directly.

[–] jet@hackertalks.com 1 points 1 year ago (1 children)

Mullvad does support multi-hop when you generate a wireguard config (not in their app currently).

[–] netchami@sh.itjust.works 2 points 1 year ago

I know, but a static Wireguard config makes changing servers a pain in the butt. A native mobile app with multi-hop support is a must-have for me. Still, props to Mullvad for offering their service for just 5 EUR/month, including multi-hop (on Desktop). IVPN is 10 bucks, they have fewer servers and it can be kinda slow at times.