Proton Mail, Tuta mail, runbox.com, to name three.

You have to trust someone. There’s no way around this. But trusting some app written by some unknown person that has nobody overseeing it is probably the worst place to put your trust.

So, decide. You either trust some unknown app developer, your ISP, or a VPN provider. You must choose one. Which one do you choose? Choosing none means you are off the Internet.

I have more trust in Proton VPN, Mullvad VPN, Mozilla VPN, and some other reputable VPN providers than I do in my ISP, some cheap VPN run by unknown people, or some app making crazy claims. I strongly doubt that a reputable VPN provider is doing any tracking of user traffic. But I bet MockTraffic is telling someone all the websites you’re visiting.

I think if you are worried about your traffic being tracked, you are safest with a reputable VPN provider.

I see so much wrong in these claims.

1. Anyone analyzing your traffic is not just doing so based on DNS queries. They use Deep Packet Inspection (DPI) and they track packets across the Internet to find out what you’re doing. A fake request won’t fool them.
2. Similarly, they use machine learning and behavioral analysis, which won’t be fooled either by a bunch of DNS queries.
3. The increased noise could be detected as malicious activity, like a DDOS attack. You can find yourself rate limited, and your network performance can drop substantially.
4. If the fake requests are real websites, your IP address can become associated with a wider range of interests, leading to more targeted advertising.
5. Instead of using a simpleton’s approach that won’t work, use real protection. Use a paid-for VPN, or at least a reputable free one (not many) with built-in ad and tracker blocking to bypass your ISP.

**The App sounds fishy, actually. ** Many apps come out claiming to provide some unique security, and they eventually turn rogue and start stealing information. This one sounds ripe to go rogue, especially since it can’t make it into the standard store. I expect to read about MockTraffic someday being caught stealing information.

I wouldn’t go near it.

Depends on the application for me. For Mastodon, I want to allow 12K character posts, more than 4 poll question choices, and custom themes. Can’t do it with Docker containers. For Peertube, Mobilizon, and Peertube, I use Docker containers.

My Mastodon instance is on the list. I try hard to block them.

The problem with the list is that it’s a target list, but not a list showing how much content, if any, they manage to process from any of the sites.

I’m on the Mozilla VPN which uses Mullvad and I don’t see a problem.

Coincidentally, there’s this post today about Yunohost: https://my-place.social/display/db471d1f-c06c03be288f78d7-ad573aef

@_elena@mastodon.social

Elena Rossini, well known for her help in growing the Fediverse, raves about Yunohost, https://news.elenarossini.com/my-year-of-fediverse-explorations/. You should be fine using it.

@_elena@mastodon.social

This tells me that you’d be in a lot of trouble if you lost your phone or had to wipe it because someone got into it. It’s probably good then that you’re now thinking about this so you can prepare for a time when you won’t have your phone for other reasons.

All sites supporting 2FA usually allow you to use a second method. Email is usually an alternative. Assuming that your email is your universal second OTP method, you just need to make sure you will always have access to your email account and you’ll be fine. So just solve for the OTP problem for your email account.

Pre-buy your burner phone and make it a second OTP device for your email account. For more assurance, buy a couple of physical keys (like Yubikey) that can be used with your email account. These can also be set up for some of your other accounts that support it, which may be more convenient than email when accessing them.

This better be an April Fools joke

Yes, it’s worth it. I own mine for just the reason you give. You can take it to any other provider. And there’s no danger of the email provider deciding to close your account or cutting you off unexpectedly. Imagine losing your email access. At least with your own domain, you can switch it that same day to someone else.

Unsure about whois lookup privacy. My registrar hides my details as an option. Anyone looking up the domain just sees them as the contact for the domain.

Nope. Locked inside a VPC with only one VPS allowed to communicate with it.