this post was submitted on 01 Jul 2025
28 points (93.8% liked)
Privacy
39557 readers
365 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
TLDR; risks far outweigh the benefits. See bottom of response for recommendations.
Should you use it?
Zen will be able to decrypt and analyze your entire traffic. And then it'll encrypt what it allows before letting it leave/enter the device. This means even if you trust Zen, that one certificate is the only thing standing between your traffic staying encrypted. It gets compromised, you're compromised.
Do not trust an app with your entire traffic, ever. Even if its not malicious there are going to be bugs, vulnerabilities, leaks, etc.
Moreover, something being open source does not mean its audited by people who know what they're doing - neither for hidden malicious code or mistakes. I did not see any formal audits being mentioned in the readme.
https://grapheneos.org/faq#ad-blocking-apps
What can you use instead?
You should instead use ublock in the browser and system wide DNS blocking on your device. You can use an adblocking public DNS server (e.g. Mullvad) or setup pihole locally. You do not have to self host pihole, you can just set it up on your computer and use on that device only which would be the same thing as using Zen on that device.
Note that using a public, blocking DNS will block less domains because they have to make sure it does not break anything for anyone but it will make you less fingerprintable. OTOH, using a custom blocklist you can get the most out of blocking but you're probably the only person blocking that specific subset of domains which will make you more fingerprintable. Take your poison.
What about content filtering on desktop/mobile apps DNS blocking cannot solve
DNS blocking merely stops the application from accessing certain domains. It won't be able to block malicious content served from the same domain as the content you actually need (e.g. YouTube serves both ads and videos from the same domain so you can't block their ads without blocking the video itself).
You should not install applications you don't trust on your device and use them on the browser as much as you can or use and alternative FOSS frontend (e.g. Reddit, Discord, YouTube etc.)
But some applications might be circumventing system DNS
Yes, there's nothing stopping an application from doing its own DNS resolution or using hardcoded static IPs. You should not run applications trying to be actively malicious in this way. Neither Zen, nor anything else will be able to protect you from untrusted code doing suspicious things on your machine.
Nice, thank you for the reply. That's kind of how I was feeling about it but wasn't sure if I was missing something about it that was highly regarded.