DNS Hijacking: what it is and how to deal with it

Some internet service providers (ISPs) such as the the provider of your home internet, or the provider of your mobile phone data, will employ a practice called " DNS hijacking" which intercepts certain types of internet activity for various purposes, such as the display of advertisements, or surveillance of user activity.

Which devices are affected by DNS Hijacking?

In the current version of Freedom, only iOS devices can be affected by DNS hijacking. Mac and Windows are not affected.

How do I know if my Freedom sessions are being defeated by DNS hijacking

The simplest way to know if your mobile device is experiencing DNS Hijacking is to test of Freedom is working when it's connected to WiFi vs. when it's connected to your mobile data connection. If Freedom is working on one but not the other, then it's likely that the network it's not working on is experiencing DNS Hijacking.

To be extra sure, you can also do this test on each network:

  1. Start a session on your iOS device, either from the phone app, the desktop app, or the freedom.to dashboard. For the purposes of this test, it doesn't matter what sites you are blocking.
  2. In the Freedom app on your device, ensure that the session is running and that it includes your iOS device (one of the devices listed in the session should say "(this device)" next to it.
  3. Visit http://testfreedom.com. If the site is blocked, Freedom is working and your device is not experiencing DNS hijacking. If you can visit and read the website, then your device is experiencing DNS hijacking.

How to fix DNS Hijacking on a Mobile Data Connection (3G, 4G, LTE, etc.)

Method 1: change service providers

Contact customer support for your mobile provider, they may have a solution to offer if you threaten to leave them because of this issue. If they do not, and you are able to, switch to a provider which does not do DNS hijacking.

Method 2: use a VPN

You can use a free or for-pay VPN service, which will put all of your internet traffic over an encrypted protocol that your ISP can't modify. The drawback is a) the cost and b) it will probably decrease the speed of your internet (although sometimes, the performance is quite good). A popular VPN app which we have tried with success is "Betternet", which as of this writing has a free version.

How to fix DNS Hijacking on a WiFi connection

Method 1: change ISPs

If you are luck enough to be in an area that has multiple ISPs, you can contact your ISP and tell them that if they don't stop hijacking your DNS you are going to switch. Maybe they will have a solution for you, and if not, you can switch.

Method 2: use a VPN on your router

You can use a free or for-pay VPN service, which will put all of your internet traffic over an encrypted protocol that your ISP can't modify. The drawback is that a) the cost and b) it will probably decrease the speed of your internet (although sometimes, the performance is quite good). Choosing and setting up a VPN is beyond the scope of this article. Here's a search to get you started:  https://duckduckgo.com/?q=set+up+router+vpn

Method 3: use custom router firmware and dnsmasq

This method is very technical and might void the warranty of your router. But it will result in bypassing DNS hijacking, and you won't have to slow down your connection by sending it over a VPN. Here are some resources to get you started:

Method 4: buy a router which comes preinstalled with dnsmasq-capable firmware

This is the same technical solution as method 3, but it is easier to do and won't void your router's warranty. As of this writing, Buffalo is the only commercial vendor who has such products: http://www.buffalotech.com/products/category/wireless-networking/wireless-routers-airstation

Bad News Appendix: Changing your DNS servers won't work

You might be familiar with the concept of changing your DNS servers at the computer/phone or router level, to something like Google Public DNS or OpenDNS. It's reasonable to think that this might be a fix. Unfortunately, because of the nature of DNS hijacking, this won't solve the problem. The Freedom iOS app sends out requests to our special custom DNS servers. These requests are being intercepted at the protocol level and mutated by the ISP.