This app works by connecting to a VPN. From experience, user experience on these kind of apps using a VPN is pretty poor (for example, ad blockers)
I believe keeping VPN connected drains the battery because some of the device's chips cannot "sleep"
A VPN-based app also disconnects when going from Wi-FI to cellular.
Worse, when going from cellular to WiFi (ie: going back home) with a VPN on, the iPhone just keeps using the mobile network until the VPN is disconnected
These apps usually try to auto-connect to VPN but when your connection is spotty, it becomes a very annoying, you have to kill the app, disconnect the vpn manually etc
As user you're left manually putting the VPN on/off constantly if you're on the move
It's definitively not a "set and forget thing". I wish Apple could give a way for ad-blockers and this kind of apps to function normally without using a VPN as a crutch
I’ve been using openvpn on iOS for about a year, and this 1.1.1.1 app for a day now, and I can guarantee that most of the connectivity issues described are not true. [edit: for me, of course. sorry, didn't mean to discredit parent comment like that. just wanted to add my perspective.]
- it automatically switches networks, both to and from WiFi
- it does not disconnect when switching
- the 1.1.1.1 app does not make anything more spotty or unreliable; it’s just DNS. Openvpn yes, but this app clearly not.
As for the battery issue: could very well be true, I have no idea how to test it.
The difference between this app and an actual VPN are clear from using it.
I wish there was an option in OpenVPN to not use connection on SSID/network xyz. I have static IP at home and use dyndns for DNS resolution with service specific subdomains. Then, using forwarder at home I create split DNS to point to local device for public domain. It currently doesn't work as I combined domain for VPN and another service out of laziness after moving VPN to physical box.
All that said, I don't need to VPN while at home to home network and prefer a little more granularity instead wifi or cell only. I believe this could be where battery drain would come from, at least in my case as the client constantly retries at home though it will never resolve the proper host internally cause I am lazy admin.
You’re right, that’s because (I think) this is an “on-demand” VPN, which basically only connects as needed, and allows for switching between Wi-Fi and cellular. It also shouldn’t drain more battery, since it’s not keeping the connection alive when the device is asleep.
'the 1.1.1.1 app does not make anything more spotty or unreliable; it’s just DNS. Openvpn yes, but this app clearly not.'
Not entirely true, in my experience it really fucks with your ability to connect to public hotspots (ex. airports, airplanes, trains, coffee shops) which took me a while to realize
Because it obscures the source address for DNS queries, it will mess with split-horizon DNS and other systems that give different answers in different places. You might be surprised how many that is.
It’s not a “real” VPN. I’m not sure exactly how much it does, but everything but the actual DNS queries happen on-device, with other network connections not touching CloudFlare servers.
On IOS there's also DNSCloak[0], which goes even further and has the option to choose for ad-filtering (eg, via PiHole) in combination with no-logging and using 1.1.1.1 as DNS.
As others have replied already, it does, depending on which solution you pick out of the list. I'm a happy user of this app, no affiliation at all in case someone was wondering.
ISP DNS servers will always be closer, eg have less latency then third party DNS servers. And after one query, the result will be stored locally, eg no DNS servers will be used for following lookups. The thing with expensive DNS solutions is they only speed up the very first lookup, which might be cached on your ISP anyway. DNS is already a distributed system, which is much larger then any single private entity. Some third party DNS services might also sacrifice resiliency for performance, they will for example not try secondary DNS if primary is down. The reason why private organizations want you to use their DNS service is because they want to know every site you visit, then sell that information.
Cloudflare is on record saying they will not sell the information. You can trust that or not but your ISP is almost certainly selling it if it is one of the major US ISP.
Verizon owns Oath, Att owns App Nexus, Comcast has a whole suite of adtech companies & owns gigantic publishers. Time Warner literally started out in the sell side of advertising.
I think ISP selling user data is outrageous and should be illegal. Thankfully where I live (EU) I got 20 ISP's to choose from, allowing me to vote with my wallet.
CloudFlare can say anything and have all the good intentions in the world. But, on Android, they are using a third party bug tracking software that they don’t have source control for (Instabug). That third party binary blob requests camera and microphone access.
For what it's worth I think this is a beautifully designed app. The usability and user experience is great. Yes, it does just one simple thing but it does so in a smooth and elegant way.
Been using this since the beta on testflight and it has beeen awesome.
The only thing it needs IMO is the ability to whitelist WiFi networks not to run it on. I run a PiHole instance at home that does DoH through CF already so I have to remember to turn it off/on all the time to get the ad blocking.
On Android I use DNS66 [0], it creates a VPN server in my phone, redirects DNS traffics through it and filters it. This way I get adblock all the time even if I don't have a PiHole. Edit: I see now this app by CloudFlare does the same. However DNS66 let's you choose your own hosts filters and your own DNS servers.
I've considered just creating a VPN back to my gigabit connection at home (running R715 in a homelab rack) but not super keen about the data making a round trip back home first, especially when travelling.
Readit News
I believe keeping VPN connected drains the battery because some of the device's chips cannot "sleep"
A VPN-based app also disconnects when going from Wi-FI to cellular.
Worse, when going from cellular to WiFi (ie: going back home) with a VPN on, the iPhone just keeps using the mobile network until the VPN is disconnected
These apps usually try to auto-connect to VPN but when your connection is spotty, it becomes a very annoying, you have to kill the app, disconnect the vpn manually etc
As user you're left manually putting the VPN on/off constantly if you're on the move
It's definitively not a "set and forget thing". I wish Apple could give a way for ad-blockers and this kind of apps to function normally without using a VPN as a crutch
- it automatically switches networks, both to and from WiFi
- it does not disconnect when switching
- the 1.1.1.1 app does not make anything more spotty or unreliable; it’s just DNS. Openvpn yes, but this app clearly not.
As for the battery issue: could very well be true, I have no idea how to test it.
The difference between this app and an actual VPN are clear from using it.
All that said, I don't need to VPN while at home to home network and prefer a little more granularity instead wifi or cell only. I believe this could be where battery drain would come from, at least in my case as the client constantly retries at home though it will never resolve the proper host internally cause I am lazy admin.
Not entirely true, in my experience it really fucks with your ability to connect to public hotspots (ex. airports, airplanes, trains, coffee shops) which took me a while to realize
[0] https://itunes.apple.com/us/app/dnscloak-dnscrypt-doh-client...
As well as the configuration file for the script that comes with dnscrypt-proxy: https://github.com/jedisct1/dnscrypt-proxy/blob/master/utils...
a) your ISP can competently run a secure DNS service correctly (latency is not the whole story of 'performance')
b) it's acting entirely in your interests and not attempting to hijack your DNS service to insert ads etc.
Personally, I've had ISPs where neither of these things have been true.
Verizon owns Oath, Att owns App Nexus, Comcast has a whole suite of adtech companies & owns gigantic publishers. Time Warner literally started out in the sell side of advertising.
Deleted Comment
[0] https://f-droid.org/en/packages/org.jak_linux.dns66/
I've considered just creating a VPN back to my gigabit connection at home (running R715 in a homelab rack) but not super keen about the data making a round trip back home first, especially when travelling.
Having the 1.1.1.1 on my phone is great except when I'm at home and want it disabled.
Dead Comment