GSoC-22 Final Project Report

Google Summer of Code 2022 with LEAP Encryption Access Project - Final Report

The following report summarizes the work I did for the VPN-Hole library under the LEAP Encryption Access Project organization as part of Google Summer of Code 2022.

📜 Project Description

• Title: Implement>Client-side Tracking-, Malware and Ad-Blocker
• Organization: LEAP Encryption Access Project
• Organization Repository: 0xacab/LEAP
• Project Repository: VPN-Hole
• Mentors: Cyberta and Kwadronaut
• Student Contributor: Pratik Lagaskar   📧           

VPN-Hole Repository consists a brief user guide which can be referred for using the product, testing/bug-reporting and further developing it. The library is released under the GNU GPLv3 License.

📰 Blogposts related to VPN-Hole

Follow the blog-series to get complete gist of the implemented project:-

• Blog 01: Introducing VPN-Hole
• Blog 02: Implementing & Integrating VPN-Hole
• Blog 03: GSoC’22 Journey with LEAP

📙 Project Overview

My project was basically to develop a self-contained Go Library from scratch which is capable of blocking advertisements, malwares and trackers using DNS Sinkholing technique. The final library is named as VPN-HOLE.

As it was a separate library; a new repository for it was created and most of the work was done in the same. The library then could be integrated with existing application of LEAP which are available across multiple platforms- Desktop, Android, iOS or simply run it by using the binary file generated by executing the script. VPN-Hole uses 1.1.1.1 as an Upstream DNS to resolve the queries and block the subscriptions from filter-lists. It is built with miekg-a mature dns library.

This project is inspired by Pi-Hole but with very simple installation and capabilty to easily run on android as well.

🌐 Use Cases

At LEAP; VPN-Hole will be integrated with Bitmask, RiseupVPN and other Desktop apps which can be found at bitmask.net.

VPN-Hole uses publicly available blocklists/filter-lists which help in removing unwanted content from the internet, including annoying adverts, bothersome banners and troublesome trackers.

• It can be used to block different types of targeted advertisements; may it be demographic targeting, geographic targeting or behavior & topic targeting.
• It blocks display, video, native, mobile and social advertising using the filter lists.
• Blocking suspicious domains helps in securing online privacy, reduce clutter on websites and avoid spyware-infected ads.
• Keeping users safe from malvertising and potentially providing protection against ransomwares, phishing and profiling.
• Using vpn-hole would help in reducing the number of HTTP cookies, provide faster content loading, better user experience and saving battery life of the device.

Users can use the widely available filter lists or create their own custom blocklists with specific set of applied rules and add them in the default subscription list. For detailed explanation about filter-lists refer to Blog #02 in the GSoC’22 series.

💻 Demo:

1. Run the vpnhole binary created after building the project.
2. Subscriptions are updated using the filter-lists in subs.list.

3. Check if VPN-Hole is working correctly:

   3.1. Using nslookup tool check if the domain in blocklist subscriptions which is updated from the given filter-lists in subs.list is being blocked.

  nslookup -port=53 adbuddiz.com

3.2. After confirming that the answer of previous query from the nameserver was invalid [0.0.0.0])(https://0.0.0.0) ; new query with domain name that is not in the filter-lists (which don’t serve ads/legit sites) would give a valid response in the form it’s ip address.

  nslookup -port=53 github.com

📝 Project Summary

For hosting their projects LEAP Encryption Access Project uses 0xacab which is a self-hosted gitlab instance.

Repositories involved during project were:

1. vpn-hole- Main repository which would give us the feature of blocking ads, malwares and trackers.
2. bitmask_android- which contains the source code for Bitmask android client.
3. bitmaskcore- which contains all golang dependencies currently used in Bitmask Android.
4. leap.se- for posting blogs on leap.se

🎯 Objectives

• Create a DNS-level library to block adverts, malwares and trackers
• Use custom filter-lists to form subscriptions.
• Invoke/Test the adblock feature against adblock-checkers.
• Generate language bindings for the package.
• Test: Integrate library into bitmask_core.
• Invoke: Library from within the android application.
• Implement UI for the ad-block feature.

✅ Contributions and Merge Requests:

Majority of the contributions were done in developing the ad-block library and adapting it to be integrated in existing android applications with the help of GoMobile and GoBind.

• All of the commits in VPN-Hole and the list of some of the important commits to understand vpn-hole development:-

  • cd8e60 Add: EventLogger Interface.

  • f620de BugFix: Invoking Start/Stop Functionalities.

  • a4e751 BugFix: Solve Import Cycle Issue.

  • 7bfbf9 Implement: Add subscriptions to the blocklist.

  • 974393 Implement: Blacklist to update subscriptions.

  • 6b7fbc Implement: Request Handler.

  • c89fb4 Import: Public Filter-lists.

• All of the commits in bitmask_core and some of the major commits to understand adapting of golang dependencies for the Bitmask Android:-

  • aa79c9 Adapt: build_core.sh to compile vpn-hole.

  • 71dadd Create: patch to exclude mod & sum files.

  • b16435f Import: vpn-hole.

  • 8ca06f7 BugFix: vpn-hole compiling using GoMobile.

  • 07e41e3 Add: Required modules in mod file of bitmask_core.

• Merge Requests in vpn-hole

  • a3a3d3: To develop the ad-block library.

  • 4a8508: To fix the entry point of the library for compiling using GoBoind.

• Merge Request to add vpn-hole as submodule to bitmask_core.

• Miscellaneous: Apart from the scopes of the project; designed some logos and other images using pre-existing templates under creative commons licences.

📖 Broad overview of my GSoC duration:

This summer I spent a good amount of time learning how to adapt good coding practices in order to enforce decent code quality. I maintained constant communications with the mentors about the progress and plans to proceed with tasks in foresight. Thanks to the timely responses from my mentors, I was able to keep a track of the activities and goals of this projects.

📈 Personal progress:

Participating in GSoC has definitely improved my interpersonal and technical skills. Throughout the duration of the project, I have grown a lot.

• Learnt open-source etiquettes and how to work with team across different time zones.
• Understanding and implementing the suggestions of mentors in the project.
• Analysing different approaches to solve a problem.
• Realising that a strict timeline is not necessary to successfully complete a project.
• Learnt a lot outside of programming from my mentors including good mentorship and patience.

💡 Challenges Faced:

• Though Go wasn’t new to me, I faced few issues which took time to resolve due to unavailability of the proper documentation.
• At early stage of the program had minor issues creating language bindings for Java.
• Personal issues due to poor health and participation in a National Hackathon set me back a few days from the planned timeline. I am grateful to my mentors for understanding it and kind enough to support me to get back on track.

⬜ What’s left?

Majority of the work planned for this season of GSoC has been completed but still there are underlying issues with the project integration. I will be continuing with integration, resolving issues with the new library and maintaining it.

• Invoking library from within the android application.
• Android Toggle Switch UI for VPN-Hole

📆 Future Work

There are few deliverables that are pending and I hope to complete them. After successful release of the adblock feature on android; I hope to expand this to other platforms available at LEAP.

• As of now, vpn-hole works smoothly as a CLI tool; I hope to integrate it with bitmask_android soon.
• Working on bitmask-vpn for the integration with desktop applications.
• Getting involved with work on pluggable transports and censorship circumvention.

🙏 Acknowledgments

I am thrilled to be a part of the awesome LEAP Encryption Access Project and its community. LEAP community has always been welcoming and helpful. I would like to sincerely thank Cyberta and Kwadronaut for being such amazing mentors. It was your guidance that helped me grow a lot as a developer.

I am immensely grateful to Cyberta for guiding me throughout the program with timely and extensive code reviews, and engagement in regular discussion to clarify my queries. Special thanks to Kali: for guiding me in the project documentation phase and mcnair: for giving me an opportunity to be with LEAP.

Thank you everyone at LEAP. I am really glad to be part of this great community.

⌨️ Post GSoC

I enjoyed my summer with LEAP very much and will be continuing with the release of the ad-blocker feature on multiplatforms. I also hope to maintain the VPN-Hole repository, resolve issues and help with other awesome projects.

🔗 Important Links:

• OpenVPN for personalDNSfilter
• DNS-Based Host Blocking for Android
• miekg dns module
• AdBuster in Kotlin
• DoH
• GoMobile
• DNS Sinkholing Guide