Hello! Apologies if this is not the right subreddit (and if it isn’t, I would definitely appreciate a nudge towards a more appropriate place to ask this question!).
I like to think of myself as an infosec-minded and privacy-conscious user and as such try to encrypt and protect my web traffic as much as reasonable. However, on iOS, it seems like three of the apps I’ve found and otherwise would like to use together seem incompatible:
1.1.1.1by CloudFlare (LINK) — For trusted & known networks like my home and work, I’ll put in the effort to go into Wi-Fi settings on my phone to set my preferred DNS IP addresses (e.g., NordVPN, OpenDNS, CloudFlare, Google) and search domain (guide.opendns.com). However, when accessing new Wi-Fi hotspots (e.g., public Wi-Fi networks), I find it easier just to use this app by CloudFlare to quickly enable 1.1.1.1 as my DNS address.
Lockdown (LINK) — This cool app blocks calls to certain web APIs regardless of what app is doing the calling. I started using this after reading that even on iOS certain apps were inappropriately sharing sensitive user data and metrics with entities like Facebook without user consent.
Turning on Lockdown seems to turn off NordVPN (at least on iOS), and likewise for 1.1.1.1. And while I *think* I correctly understand the purpose of each app, I also suspect my understanding may be off as I don’t understand why I can’t use all three at once.
So, ultimately my question is — with the above apps as a starting point, what would be my best course of action if I am eager to (within reason) protect my browsing history and internet connection from tracking for advertising, especially on unsecured networks and on mobile?
Each of the 3 mentioned iOS apps use their own on-device VPN configuration profile in order to enforce its networking service. And no, you can’t have two VPNs connected in iOS as you’ve already guessed.
The 1.1.1.1 has two modes: dns only and warp. The warp does hide your IP address behind the Cloudflare provided nearest location. It’s not true VPN in a traditional sense that hides your country of location. But it does hide your precise location based on IP.
If you’re truly looking for anonymity, look into the Tails OS. It’s a pain in the ass for daily use, but if you’re truly looking to remain anonymous, it’s the way to go.
Cloudflare certainly isn’t a privacy first option. VPNs aren’t much for anonymity either, especially the ones like Nord. Only Tor can give you actual anonymity, if you’re smart enough to not slip up.
The thing about 1.1.1.1 is that it doesn’t hide your IP address. This is a disadvantage for privacy and an advantage when signing in to web sites like stock brokers that get suspicious when they see an unfamiliar IP.
Tor doesn’t provide anonymity when the government owns a lot of the nodes involved. Connect to one bad node and your cover is blown. Wish someone would spend the time compiling a blacklist of suspected listener nodes
"One of the biggest concern regarding the privacy provided by the TOR network is its unsecured exit node. As it is clear by now that information in TOR goes through a series of concealing layers at various nodes. However, this layering protocol stops at the exit node, after which the data goes on to the destination server without any protection.
In such a scenario, anyone monitoring the exit node can get their hands on the information. However, they still won’t be able to identify where the data is coming from as the originating IP address is only with the first node.
Apart from that as TOR is a project of the US government, it, therefore, doesn’t protect the users of TOR from surveillance agencies. Moreover, it has also once before fallen victim to a crackdown by the FBI. They managed to break the network by injecting malware and thus exposing numerous IP addresses. "
Its not encrypted past the node, own the starting site or match the caught data to a forum posting that gets timestamped back in the post confirmation and there’s not much investigative work needed, assuming its a site that relies on having an account or you’re not the type to switch relays amidst sessions. You could bet your ass each one of those sites that has regular traffic has users or bots passively scanning the postings.
If you wanna put your trust of privacy into a government built system be my guest, it just seems too much like a reboot of the CIA’s Crypto AG to me. For journalism and getting around domain restrictions Tor is good, but I wouldn’t trust it for anything nefarious when that’s what its typically attracted for