Orbot broke using DNSPort
Orbot 14.0.3.1 completely breaks networking, if you have firewall scripts which don't allow leaks.
THIS MEANS THAT ORBOT IS LEAKING LIKE THE FUCKING PENTAGON PAPERS, EXCEPT NOT IN A GOOD WAY.
This is because Orbot (as of 14.0.3.1 and later) sets DNSPort 0
, which disables tor's DNSPort
entirely. This means that people who use iptables scripts outside of Orbot (as described in Mike Perry's recent blog post) to redirect UDP DNS traffic to the DNSPort
cannot do so. It also means that every other application will leak traffic all over the place.
Currently, the only way to fix this mess is to force stop and uninstall Orbot, download an older (14.0.1) .apk onto another device, and copy it over manually to the broken one to reinstall it. This is ridiculous. You're practically bricking people's devices, and you're forcing them to jump through extreme hoops to preserve their anonymity.