Some feedback regarding Proton VPN documentation and some confusion regarding Firefox DNS configuration:
https://protonvpn.com/support/browser-extensions#firefox says:
“By default, Firefox does not route DNS queries through the HTTPS connection to our VPN servers” and then is mentioned a workaround to fix it.
That suggest alarming thing, that ProtonVPN Firefox user has to do some custom workaround in order to be private (prevent a DNS leak).
On another hand, https://protonvpn.com/support/dns-leaks-privacy says:
“DNS queries are routed through the VPN tunnel to be resolved on our servers”
these statements are a bit confusing/contradicting (though Proton later explains that this latest statement does not apply on a browser extension VPN apps) and Proton further adds at https://protonvpn.com/support/dns-leaks-privacy/#dns-over-https that the DNS leak can happen also due to enabled DoH feature in web browser.
Solution: ProtonVPN browser extension should (if possible) warn user in case it fails to process DNS and as a result, it is leaked. Vote for this feature request
Another “issue” is with the above mentioned/linked workaround (here I am speaking only about Firefox), this workaround: go to “about:config into the URL bar and hit <enter>. At the warning, click Accept the risk and continue → search for network.trr.mode”
In my case I had this set that variable to 5 which means DoH “Off by choice”, Proton in said tutorial suggest value 3 instead, which means (According to https://wiki.mozilla.org/Trusted_Recursive_Resolver#DNS-over-HTTPS_Prefs_in_Firefox ) “Only use TRR, never use the native resolver.”.
This confuses me since it looks like an opposite to what i have now, while any DNS leak site:
does NOT report leak in my case nor in case i set network.trr.mode to 3. A bit weird but i guess no big deal?
Thanks for your feedback in advance.
Not saying it’s better than a native app but it’s probably more secure than an extension.
One benefit I could think of is customization of your configuration. I’m pratically a newbie in networking so take everything with a grain of salt, because a wrongly configured network device is as bad a not having one.
However, being able to re-route everything to a corresponding wireguard tunnel adding specific rules to each devices, give you more controle of your network flow (Yes this is more advanced stuff and I only scratched the surface of what is possible). There’s way more to it and I lack the proper knowledge, but reading here and there, suggests that extensions are really bad for security/privacy. Also, the more addons you have, the more fringerprintable you are (yes i’m probably over simplifing…)
Sorry if I lack the technical terms, I’m just a tinkerer and like learning new stuff. If there’s a native app for every device go for it, otherwise I would suggest to find a way to re-route your traffic through a tunnel without the help of a browser extension.
But hey I’m just some random on the web without any degree, so whatever 🫠