High traffic in idle state about invizible HOT 13 OPEN

Yes!
InviZible cannot display its own traffic due to the application specifics. In all modes, it shows the total speed and traffic for all applications, except for its own. Thus, you see not idle InviZible traffic, but only traffic from all applications except InviZible.

from invizible.

I did the following tests, and discovered 5 bugs: (note that i used fennec and aurora store to connect through tor socks proxy in some tests)

TEST1 - NOTIFICATION

1. stop tor module (if open), close and force kill invizible pro
2. open invizible pro (but do not run tor module)
3. browse any tor settings > go back to main screen > notification showing traffic every time (even if tor is stopped) for about 12 seconds

[BUG 1 - notification shouldn't show at all when tor is stopped]

• same bug occurs when rotating screen (whenever view changes the notification appears)
  **3C network manager shows no connection during this time (which is normal)
  ***netguard show no traffic flowing during this time (which is normal)

TEST2 - SOCKS ON

1. stop tor module (if open), close and force kill invizible pro
2. open invizible pro and start tor module only (via obfs 4 bridge) with tor settings : "Enable SOCKS proxy: on" and "SOCKSPort: 9050)"
3. while no app was using the proxy (both fennec and aurora store were stopped and proxy settings disabled inside their config), notification showed in a timeframe of 3 minutes: 205 KiB down / 165 Kib up.

[BUG 2 - traffic constantly showing in the notification, even if no app is using the proxy]

*3C network manager shows the socks proxy alive and the connection towards the obfs4 bridge
**netguard shows traffic towards obfs4 bridge

4. stopped tor module. notification resets to 00:00 showing no traffic and eventually exiting after several seconds

[BUG 3 - notification should stop appearing right after stopping invizible pro - tor module (might be related to BUG1)]

TEST3 - SOCKS OFF

1. stop tor module (if open), close and force kill invizible pro
2. open invizible pro, change tor settings > "Enable SOCKS proxy: off"
3. close and force killed invizible pro
4. re-open invizible pro, made sure that socks proxy is off (also in tor.conf), start tor module
5. while no app was using tor (since proxy is disabled), traffic is constantly flowing in the notification. In total, in a timeframe of 3 minutes: 46 KiB down / 59Kib up; in 25 minutes: 360 KiB down, 234 KiB up

[BUG 4 - traffic constantly showing in the notification, even if proxy is stopped]
[BUG 5 - socks port is still listening on start when disabled from tor.conf. related somehow with BUG 4]

tor log tab says while starting tor:

"Read configuration file "/data/user/0/pan.alexander.tordnscrypt/app_data/tor/tor.conf"
"Opening Socks listener on 127.0.0.1:9050"
"Opened Socks listener on 127.0.0.1:9050"

At this point:
*3C network manager shows the listening socks proxy port on localhost:9050, even if disabled !
**netguard shows traffic towards the obfs4 bridge

6. I then set the socks proxy on port 9050 in 2 apps app (aurora store and fennec) and both were able to access it and to route traffic through tor

At this point:
*3C network manager shows the listening socks proxy port on localhost:9050
**netguard shows traffic towards the obfs4 bridge while browsing aurorastore / fennec
***opened https://browserleaks.com/ip in fennec(firefox browser) and shows my ip as tor relay when using in about:config network.proxy.socks: localhost and network.proxy.socks_port: 9050
****i looked into tor.conf with termux and the line was indeed commented: #SocksPort 9050

from invizible.

Version i have is 1.0.4, Android Q

from invizible.

1-4 are not bugs. I kindly ask you to reread my answer above.

5 is interesting. I can reproduce it. But I don't know if this is a bug or a feature. Leave an issue to the Tor project anyway. This is not directly related to InviZible. I am using the official Tor inside InviZible.

from invizible.

Now on a second read I think I know what you mean on what you previously wrote - that the traffic shown in the notification is for:
all apps traffic (routed or not through proxy) - invizible pro traffic (such as updates, query bridges etc)
Correct me if I am wrong.

Still, in this case, for BUG 1 and BUG 3 the notification could be stopped when in proxy mode, when no module is running. (Alternatively, the notification could be shown at all times, not intermitently).

from invizible.

You are wrong. It shows the total speed and traffic for all applications, except for its own. Take total phone traffic and subtract InviZible traffic (Tor, DNSCrypt, bridges, etc.).

It should disappear after 10 seconds if none of the modules are running.

from invizible.

I come back after 2 years, right now i am only using dnscrypt module in tandem with netguard following your guide (https://invizible.net/en/invizible-and-netguard-firewall/). However, i believe the notification is unintuitive, as it cannot be 2gb only for dns traffic and as you said it is reported from all apps. My suggestion would be to add in the notification something like "total apps traffic since 'date'"

from invizible.

My suggestion would be to add in the notification something like "total apps traffic since 'date'"

With pleasure. But it is impossible to find a place for it, except to make an extended notification, which is not desirable.

from invizible.

I have some doubts about setting up netguard and dnscrypt in invizible.. In the guide says to allow invizible in afwall and disable rules in netguard. However, i allowed vpn in afwall and also allowed the dns servers in netguard for invizible app and for the apps that will access the dns servers. It seems to work fine as i see apps in the netguard log querying the dnscrypt ips, but not the localhost ip (127.0.0.1). Is this a problem ? Is the dns traffic encrypted even if the apps seem to query the dns servers directly ? is it just apparent that apps connect to these dns servers but actually the dns traffic is proxied? Not sure if i am doing it right.. I know this is off topic but i would appreciate if you could clarify this a bit for me. Thanks!!

from invizible.

Are you using NetGuard, AfWall and InviZible all together?

from invizible.

yes all 3 :) there are some reasons why i use afwall as well:

• startup leaking prevention (not sure if netguard can tackle that as well)
• more visibility of what's going on (afwall log can help also)
• i manage apps in different ways, for example:
  -- for apps more trustable like newpipe, fennec, aurora droid, tor browser etc., i allow wifi/data and disable rules in netguard completely
  -- other apps i allow vpn only in afwall, and then manage them in netguard more granullary to see exactly what ips/domains to block
  -- other apps are blocked completely in afwall (nothing allowed) (reason for that would be not to spam my netguard log)
• i have some startup script set in afwall to disable and block ipv6 completely

there might be some other reasons why i choosed this way, that i can't think of right now

from invizible.

yes all 3

I have not tried using them in this way.

i see apps in the netguard log querying the dnscrypt ips, but not the localhost ip (127.0.0.1)

NetGuard does not handle connections to the local host.

is the dns traffic encrypted

Just check it out with sites like browserleaks.com.

from invizible.

Actually looking into the netguard logs, the app shows to be connecting to 127.0.0.1:5354 even though it shows in the app's connections as connecting directly to the dns server. Browserleaks dns leak test seems to be fine. Thank you!

from invizible.