Blokada upsells a paid VPN service right on the homescreen. Tagging the app as such, as it is an anti-feature as far as f-droid is concerned.
Blokada has stuble tracking in its code. For ex:
-
go.blokada.org is redirected through a known analytics company, rebrandly.
-
Blokada generates unique-id per installation regardless of whether a user is a paying customer or not, and shares it with their servers.
-
Blokada sets SOA records to "invalid.blokada.org" whenever DNS resolutions are blocked. This is unnecessary and leaks identity to other installed apps as to what or who blocked the request.
-
Blokada seems to aggressively construct a user-agent with a lot of revealing information about a user than necessary, and there's no way to opt-out of that.
-
Also, there's no way to stop Blokada right now from contacting its servers to fetch "repo.json" which contains update channels, build-types, etc;
-
Another annoying thing is Blokada downloading hostfiles from its mirrors instead, and not letting users disable that option and/or add their own mirrors I get why this is required for an app with an installation base as large as Blokada's but, for f-droid builds at least, there should be a switch to let me disable periodic blocklist updates from their mirrors. Note how these periodic updates coupled with an aggressive user-agent string, generating per-installation unique-id, and using rebrandly for url-based tracking completely breaks all notions of privacy that users of such an app are looking for.