We wrote a one-pager back in 2021 to articulate to ourselves what we were thinking at the time about the problem domain and how we'd want to approach it.
Of course, we were either too ambitious, or too comical, or too naive when we wrote it; we had no way to know! 'Open sourcing' it, in the spirit of well... being more transparent about our intentions and why we are all-in, and sacrificing a tonne along the way in the pursuit of money, I mean, freedom.
It has been a painful yet fulfilling journey so far for the 3 of us.
Here's the doc:
Revised: 26 August 2021
Mission: Develop and democratize security and privacy enhancing technologies.
Goal: Turn android devices into "user agents".
RethinkDNS is an open-source anti-surveillance tool for Android. The app currently has two modes: The DNS mode gives the end-user their own unique server-endpoint and routes all DNS traffic from the mobile device to their assigned endpoint encrypted over TLS. The end-user can enable (from a web front-end) pre-curated blocklists and/or add custom blocklists to block name-resolution of select domains, and optionally, capture DNS logs for analytics, reporting, and diagnostics. The Firewall mode lets the user deny internet-access to entire applications based on events like screen-on / screen-off, app-foreground / app-background, connected to unmetered-connection / metered-connection / always; or based on play-store defined categories like Social, Games, Utility, Productivity; or additionally, based on user-defined denylists.
Similar apps: Lockdown HQ (iOS), GuardianApp (iOS), NetGuard (android), Glasswire (android), Blokada (android), AfWall (android), Bouncer (android), JumboPrivacy (iOS), AdGuard (cross-platform), 22.214.171.124 (cross-platform), NextDNS (cross-platform), Pi-Hole (cross-platform), OpenSnitch (Linux), Snitch (macOS), PortMaster (cross-platform).
So far: Launched a MVP in August 2020 and have been in touch with users through that. The app has since been installed over 15000+ times with 3000+ DAUs. We continue to gather user-requests through email and telegram groups, and continue to prioritize feature-set based their inputs. In July 2021, we open-sourced our content-blocking DNS-over-HTTPS resolver, and are continuing to engage community input on how to best take that project forward.
Work ahead: The app is continuing to evolve into a comprehensive network security tool with immediate work focused on making insights from network flow actionable. Medium term, we’d like to release something similar for iOS, too. Current plans also include creating a novel VPN mesh-network where users who trust each other (typically, friends and family) can share each other’s bandwidth.
Quintessential user: Folks who want visibility and control over network activity of their unrooted android devices.
Monetization: The current plan is to sell cloud-based services to users that help them identify threats (ex: Indicators of Compromise, Security Information and Event Management) and side-step them.
Milestones: The only Indian team to be accepted into Mozilla’s Fix-The-Internet incubator in Summer of 2020. One among 1200 teams that applied, and one among 22 that made the cut. The developers at the Tor Project are some of our vocal advocates. TechRadar ranked us among the best security apps of 2020 and 2021.
Insights: For an always-on, always-connected device like smartphones, a network security solution may soon become a must-have, just like how anti-virus software is in the post-Internet PC-world. The concerns around privacy are such that users find it hard to trust anything that isn’t open-source, and isn’t built by developers with enough street-cred to go for them.
Challenges: Google or other Android OEMs themselves could bundle-in advanced network protection spelling the end of a tool like RethinkDNS. The other big elephant-in-the-room is to somehow monetize this open-source software among a consumer-base known to favour libre (free) solutions.
Endgame: A smartphone that makes it extremely hard for app developers to spy upon their unassuming, non-consenting users. This involves eventually taking over the mobile network itself (say, as a radically privacy-friendly MVNO or ISP) in ways legally possible and putting users-first instead of everything else.
A lot has changed since we wrote this. I mean, the 3 of us aren't even the same people that started this project: We've grown a lot because we've learnt a lot; made a tonne of mistakes (continue to), and endured the pain these mistakes inflicted upon us.
But: Still here. Still working. Time will tell how this pans out.
Cover image: Androids dreaming up a blueprint for a time machine (link).