Nebulo – DNS over HTTPS/TLS: Our interview with the developer
Nebulo – DNS over HTTPS/TLS is a small but neat Android app to make the internet a little bit safer for us. But for users who just want less advertising on their devices, Nebulo is an interesting option. Many interesting questions have come together thanks to the help of our readers.
Nebulo – DNS over HTTPS/TLS
As mentioned before, Nebulo comes with a few features that can be quite practical for us in everyday life.
- one-time configuration at the beginning, after that you don’t have to worry about anything anymore
- the provider promises: no advertising and no tracking!
- own servers can be specified
- comparatively low battery consumption, which is important for smartphone users
- also works without root.
If you like, you have the possibility to participate actively in the Nebulo Telegram support group. In the support group, you can always find the latest app version to download, or of course you can report bugs and make suggestions. Nebulo can also be found in the Google Play Store, on F-Droid or in the Aurora Droid as well as on GitLab.
Daniel Wolf and the Nebulo DNS App: our interview with the developer
Tarnkappe.info: Daniel, why do you concentrate on Android? Because it’s the better mobile OS? Or because it was easier to develop the DNS changer app for it, or get it approved by the app store operator?
Daniel Wolf: That’s a quick question to answer. Before I made Android apps, I programmed with Java. I also had an Android mobile phone, so the choice was obvious.
DNS Changer itself was created because I needed it myself.
Tarnkappe.info: As a developer of such an app, don’t you think that you have to deal with some advertising service provider legally afterwards?
After all, not only ominous advertising is blocked as a result, but also that which is completely legitimate and paid for!
Daniel Wolf: I don’t see any possible argumentation why I should be responsible for blocking advertising here at all. The app itself only offers the medium, but is not primarily designed for it, nor does it offer it directly. All ad blocking capabilities are created by foreign DNS servers or by special hostlists.
Nebulo – VPNs and all sorts of technical stuff
DNS over HTTPS/TLS sounds complicated. So what exactly does this Nebulo app do?
Tarnkappe.info: Daniel, aren’t you as a developer worried that the app will lead you ad absurdum, because it is mainly based on tricks via the VPN-API?
Most smartphone users on the net with a professional background need exactly this VPN connection!
Daniel Wolf: The detour via the VPN API is necessary, there is no other way to intercept the DNS requests – and this has to be done in order to be able to forward them encrypted. The disadvantage is of course that no other, normal VPN can be used. But I would say that not too many users use a VPN. Especially since a good VPN should already encrypt the DNS requests, but you don’t have the choice of the DNS server – if you don’t trust your VPN provider in this respect, you should ask yourself why you use the VPN at all (apart from VPNs for work).
Tarnkappe.info: Okay. That makes sense. What about local services (e.g. an intranet)? How does Nebulo work?
Daniel Wolf: Local services work (almost) problem-free with Nebulo. In the network, „search domains“ are set in the DNS servers, these specify the DNS suffix of the devices in the local network. Nebulo does not send domains with this suffix to the DoH/DoT server, but to the DNS server in the local network. For a Fritz!box, for example, the search domain is fritz.box. Nebulo sends e.g. „MyPc.fritz.box“ and this.
The only problem is that the app intercepts all traffic to the DNS server and no differentiation in the port is possible. This means that, except for DNS, there is no communication with it (e.g. HTTP). In the case of a Fritz! box, the web interface is not accessible as long as Nebulo is active.
From iOS portings, fast DNS servers and secure DNS providers
Tarnkappe.info: Thank you for this detailed explanation. There are certainly many iOS users among our readers. Will there be a port to IOS in the future?
Daniel Wolf: No, I can program a little Swift, but to implement this app on iOS, I miss by far the knowledge.
Tarnkappe.info: Let’s ask a „basic“ question. Why should you use a DNS changer under Android when a good VPN covers the DNS and IP addresses? The app is advertised from the point of view that you should be more secure in the network. So what is the use of disguising the DNS if you still connect to your own IP?
Daniel Wolf: More or less I have already answered this question. The app does not claim to disguise the IP address, but limits itself to encrypting DNS queries. Who already uses a VPN (which is not leaked!) does not need this app. Nevertheless, you are more secure (and more private). The reading of the ISP is prevented (e.g. Telekom is notorious for this), advertising and tracking (at least on the client side) is prevented by using appropriate host lists and DNS servers.
Tarnkappe.info: Which DNA is fast and safe? Does the app with the biuld in speed test offer this service?
Daniel Wolf: The speed test in the app is aimed at users who want to use the benefit of encryption, but are otherwise only interested in speed – basically anyone can use it, of course, but the fastest server is not always the safest or best. Cloudflare, for example, is usually quite fast and claims to operate a minimal logging policy, but is still quite controversial. I prefer small servers, which are usually only operated by one person – for example NixNet or BlahDNS. Private persons usually have no interest (+ no budget) to collect or evaluate data. So my trust lies with such servers.
Investigating authorities and other inquiries
Tarnkappe.info: Did any authorities ever approached you because of ongoing investigations to ask for the real IP address of a user?
Daniel Wolf: No, because the app only runs a dummy VPN and does not obscure the IP addresses. So far (and I don’t know why this should change), there hasn’t been a single request from an agency.
Tarnkappe.info: And what about other requests? Since this app of course contributes a lot to anonymization on the Internet, I would like to know if you have already received requests from the IPTV area (illegal area)?
Daniel Wolf: No, I have never received such requests. But from time to time I get inquiries whether DNS servers of the respective person can be included. I would like to emphasize again that Nebulo actually contributes to anonymization, but tracking is still possible – the IP address is still visible, because the app only uses a dummy VPN.
About the future of the Internet and the children of the nineties
Tarnkappe.info: One last question. Daniel, what do you think the Internet will look like in 5 or 10 years? At the moment we are constantly moving in the direction of even more monitoring and regulation. Will such services as yours be banned at some point?
Daniel Wolf: Hard to say. At the moment Russia is uncoupling itself, I think that will go wrong sooner or later. For example, the users there are simply too used to the normal Internet.
I also think bans are very unlikely – at least here. Due to the openness of the network it is now easy to communicate encrypted and when the first ‚young‘ (that is, children of the 90s and 2000s) people come into politics (after all, politicians don’t get any younger) I think we’ll see a turnaround.
And at the very latest when regulations affect the comfort of the users, there will be immense resistance – only with article 13, a topic which is of little interest to the average user, there was a big protest. What would this look like if, for example, Netflix or YouTube were unusable due to new regulations?
Tarnkappe.info: Daniel, thank you very much for this detailed interview. We wish you all the best with your Nebulo App. And of course greets and a big thank to our readers for the many suggestions and questions they have submitted.
Cover foto by Daniel Wolf, thx!