Jigsaw-Code
Move DoH provider selection to earlier in the setup process
I just installed Intra in order to review it for possible inclusion on PRISM Break. I found a lot to like, but one thing really bothered me.
During the setup process, I was not presented with the ability to choose my preferred DoH provider until after it was already up and running using the default Google option. I would like to request this be changed such that users are presented with and asked to approve this selection before the app ever starts running in VPN mode. Different people (and countries) will have different criteria for what connections are "dangerous" or what their security model is and this should be an informed decision they are asked to approve of up front, not a default passed silently through.
When you first set up Intra it does notify you on the last page of the setup flow that Google will be used by default. However, if you click "cancel" on the VPN permissions dialog, it will then be in a disconnected state, allowing you to select a server of your choice. I know it's a workaround, but if it's a widespread request we can consider finding an alternative on that same screen that would both have a default for the average user, but allow advanced users a different choice.
I'd like to clarify something based on your mention of danger and security models: Intra is only encrypting a user's DNS traffic. If a user has very heightened security concerns, a network would still be able to see the SNI and IP address destinations of their connections. For users concerned about such, I would suggest they seek another, more appropriate tool.
@cjhenck Thanks for the clarification. That work around may be enough for some geeks like myself that find this first, but it is a blocker to recommend it for general use. I saw that on two grounds: ① Google's servers are, arguably, not the best ones to point folks concerned with privacy at by default and ② there are specific threat models this approach excludes.
This sort of thing may not be a part of your threat model, but it is for people in quite a few countries. I know of countries with specific laws against using specific DNS servers (such as Google & CloudFlair's popular ones) while is is still completely legal to use 3rd party DNS in general. I fully understand the difference between encrypted 3rd party DNS and a full traffic VPN. However again it is actually illegal in places to use a VPN while allowed to use your own DNS (again sometimes excluding specific ones). I know this sounds silly to people in the western world with relatively unfettered internet access, but if you are trying to be both privacy conscious and legal at the same time, this is one thing that very nicely fits a specific threat model.
Thanks providing the additional detail. I certainly agree that Intra is an improvement where a VPN is not an option, but I wanted to make sure there wasn't a misunderstanding.
Let me speak to some folks and see what we can do. Would it meet your needs if, for example, we had Google as a default with an option to change on the last on-boarding page? I should point out that Jigsaw is a unit of Google, so I would prefer to keep a default that aligns with users expectations using a first-party tool.
@cjhenck I do understand wanting to keep the default as Google, that makes some sense for this project. And yes I think what you describe would probably do the trick. As long as the menu with alternative options was clearly presented and a choice could be made before the on-boarding was finished and the user is prompted to activate it, that should suffice for this particular concern.