Planning (and not yet success) on avoiding being monitored by the H K “Le@ve_H0me_$afe” app


H K gov is planning to have all people using an app “Le@ve_H0me_$afe” (this is trying to fool the search engine, hopefully it work for now) under the name of tracking COVID spread.

According to the claim of HK gov, the data are supposed to be stored only in local device, secured with encryption and removed after 31 days.

(Original link and web archive link below — future historian can fact check if the news would stay in the gov site the same as when it’s being archived)

On the other hand, another group blog about the app proven the claims are, in my words: “Close to truth, but not 100% accurate” (my definition of “close” is > 50%)

For detail, please see blog from:

What I want to do

Given I have my own VPN server, so it might work IF:

  1. the App is on the device that always connect to VPN server
  2. identify the traffic it requested
  3. at VPN server block the traffic I don’t like

While using iOS, I can only trust the network configuration to have all traffic using the VPN.

One might want to set the DNS record to trustworthy DNS server (like Cloudflare, Google

Most likely the default DNS your ISP provided is fully under their control, meaning if ISP is forced to not resolve some hostname (e.g. hk___chr0nicles.c0m ← you know it if you are from H K) to IP address, you cannot easily access the site.

Outline client on iOS, on the other hand, seems not yet actively using DNS over HTTPS/TLS (DoH, DoT), and I have no idea how to tamper with the VPN profile so I give it up for now.

The tools I considered to use was firstly Postman Proxy, which in NO LUCK it work.

So I fall back to one of my older tools — Fiddler


Example of intercept of traffic

From the screen above, the headers would give some insight of the User-Agent and thus the app’s name

I discovered connecting to Outline client VPN would disrespect the HTTP proxy settings in iOS, so that imply if I want the traffic to go through VPN while discovering what traffic the apps trying to make, I have to stop VPN in mobile device and enable Outline VPN in the PC installed Fiddler (by default Fiddler respect the proxy in system — which is the Outline VPN)

This is the unresolved part, as I am not expert in security, even Outline is completely open source, I am not considering to tamper it, there is feature request — (which was initiated from:

Alternatively, seems V2Ray already have that feature, but I am too lazy to try yet.

One last resort might be on Firewall level to reject outgoing traffic, but given most firewall are limiting using IP address, so this might be a bit uneasy (some people suggested cron job to schedule a domain resolve to IP then add to IPTable…)


Um…the most important step is not able to resolve yet, to be continued…




Love podcasts or audiobooks? Learn on the go with our new app.

Divide and Conquer Approach

Tutorial Fuzzy Logic Mamdani for Arduino

Tutorial Fuzzy Logic Mamdani for Arduino

Otomi: Self-hosted PaaS for Kubernetes on Windows (Minikube)

The Bash Scripting Tutorial, Part 4

We Need Both Experience And Knowledge

You asked, we answer pt. 2

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Stephen Cow Chau

Stephen Cow Chau

More from Medium

Q&A from the BNWES community

So it Seems Like We’re Having a Metaverse Shopify! Welcome to the Agoraverse

Intersectionality Feminisms applied to the WNBA