Boring filter: The anatomy of a network sandbox for Android

<p>Rethink Firewall is the most downloaded FOSS network security tool on F-Droid for Android devices. For seemingly always-on, always-connected smartphones, on-device firewalls are notoriously hard to implement and maintain. This talk is about how 3 unsuspecting developers frustrated by digital surveillance and internet censorship got together, using the $12k in grant awarded by Mozilla in 2020, to build the missing "network sandbox" for 3B+ Android users, and the financial, technical, systemic challenges they faced along the way: From fighting the networking gods to make IPv6 work across a garden variety of topologies, to pushing the limits of SQLite for real-time stats &amp; capturing network flows, to using Rethink itself to monitor &amp; block its own egress, to testing the frontier of packet manipulation (for Deep Packet Inspection censorship resistance) and IP/domain filtering (supporting over 12 million entries) an Android app can achieve consuming limited resources (battery, processor, and memory), all the while supporting multiple WireGuard upstreams at once through open source virtualization layer (gVisor) Google built for its cloud servers! With a stream of recommendations from GrapheneOS, CalyxOS, DivestOS, the Guardian Project developers, and the varied feature-set Rethink packs, has made it the most downloaded (and probably the most confusing) WireGuard client on F-Droid.</p> <p>Since Aug 2020, we've also been operating Rethink DNS, an anycast, public, censorship-resistant, highly-available DNS resolver serving 40bn requests per month &amp; 400 TB / month in traffic at peak. It has been subject to DDoS attempts &amp; bans by state actors. It is used in the default configuration by some popular anti-censorship projects like VLess, Hiddify, and I2P. The costs for Rethink DNS is paid for by its lead developers and partially by grants from FOSS United, an Indian non-profit. Besides discussing the software optimizations on both the client and server to bring down the costs, an unexpected lending hand from Cloudflare played a major role in handling traffic surges and keeping bad actors in check.</p> <p>An anti-censorship and anti-surveillance tool for non-rooted Android devices is something we wished existed. We thought we'd be done in a year, but it is year #5 and we've so much left to do, as new users bring in newer feature requests, which mean more bugs and higher costs, too. To give a sense of our strong purpose, the toll of having drawn no salary for 5 years yet feeding our kids, living a frugal lifestyle just so this thing that we're building would exist, is not something our wives take very lightly!</p> <p>Code: https://github.com/celzero/rethink-app (the UI) https://github.com/celzero/firestack (the network engine) https://github.com/serverless-dns/serverless-dns (the resolver)</p>