Privacy

I see so much wrong in these claims.

1. Anyone analyzing your traffic is not just doing so based on DNS queries. They use Deep Packet Inspection (DPI) and they track packets across the Internet to find out what you're doing. A fake request won't fool them.
2. Similarly, they use machine learning and behavioral analysis, which won't be fooled either by a bunch of DNS queries.
3. The increased noise could be detected as malicious activity, like a DDOS attack. You can find yourself rate limited, and your network performance can drop substantially.
4. If the fake requests are real websites, your IP address can become associated with a wider range of interests, leading to more targeted advertising.
5. Instead of using a simpleton's approach that won't work, use real protection. Use a paid-for VPN, or at least a reputable free one (not many) with built-in ad and tracker blocking to bypass your ISP.

**The App sounds fishy, actually. ** Many apps come out claiming to provide some unique security, and they eventually turn rogue and start stealing information. This one sounds ripe to go rogue, especially since it can't make it into the standard store. I expect to read about MockTraffic someday being caught stealing information.

I wouldn't go near it.

This will increase your privacy by protecting you from ISP web traffic analysis. It does this by generating fake DNS and HTTP request.

If you're the kind of attacker in a position to be doing traffic analysis in the first place, I suspect that there are a number of ways to filter this sort of thing out. And it's fundamentally only generating a small amount of noise. I suspect that most people who would be worried about traffic analysis are less worried about someone monitoring their traffic knowing that it's really 20% of their traffic going to particular-domain.com instead of just 2% of their traffic, and more that they don't know it to be known that they're talking to particular-domain.com at all.

For DNS, I think that most users are likely better-off either using a VPN to a VPN provider that they're comfortable with, DNS-over-HTTP, or DNSSEC.

HTTPS itself will protect a lot of information, though not the IP address being connected to (which is a significant amount of information, especially with the move to IPv6), analysis of the encrypted data being requested (which I'm sure could be fingerprinted to some degree for specific sites to get some limited idea of what a user is doing even inside an encrypted tunnel). A VPN is probably the best bet to deal with an ISP that might be monitoring traffic.

There are also apparently some attempts at addressing the fact that TLS's SNI exposes domain names in clear text to someone monitoring a connection

so someone may not know exactly what you're sending, but knowing the domain you're connecting to may itself be an issue.

In a quick test, whatever attempts to mitigate this have actually been deployed, SNI still seems to expose the domain in plaintext for the random sites that I tried.

$ sudo tcpdump -w packets.pcap port https  

<browses to a few test websites in Chromium, since I'm typing this in Firefox, then kills off tcpdump process>

$ tshark -r packets.pcap -2 -R ssl.handshake.extensions_server_name  

I see microsoft.com, google.com, olio.cafe (my current home instance), and cloudflare.net have plaintext SNI entries show up. My guess is that if they aren't deploying something to avoid exposure of their domain name, most sites probably aren't either.

In general, if you're worried about your ISP snooping on your traffic, my suggestion is that the easiest fix is probably to choose a VPN provider that you do trust and pass your traffic through that VPN. The VPN provider will know who you're talking to, but you aren't constrained by geography in VPN provider choice, unlike ISP choice. If you aren't willing to spend anything on this, maybe something like Tor, I2P, or, if you can avoid the regular Web entirely for whatever your use case is, even Hyphanet.