Some feedback regarding Proton VPN documentation and some confusion regarding Firefox DNS configuration:
https://protonvpn.com/support/browser-extensions#firefox says:
"By default, Firefox does not route DNS queries through the HTTPS connection to our VPN servers"
and then is mentioned a workaround to fix it.
That suggest alarming thing, that ProtonVPN Firefox user has to do some custom workaround in order to be private (prevent a DNS leak).
On another hand, https://protonvpn.com/support/dns-leaks-privacy says:
"DNS queries are routed through the VPN tunnel to be resolved on our servers"
these statements are a bit confusing/contradicting (though Proton later explains that this latest statement does not apply on a browser extension VPN apps) and Proton further adds at https://protonvpn.com/support/dns-leaks-privacy/#dns-over-https that the DNS leak can happen also due to enabled DoH feature in web browser.
Solution: ProtonVPN browser extension should (if possible) warn user in case it fails to process DNS and as a result, it is leaked. Vote for this feature request
Another "issue" is with the above mentioned/linked workaround (here I am speaking only about Firefox), this workaround: go to "about:config into the URL bar and hit . At the warning, click Accept the risk and continue → search for network.trr.mode"
In my case I had this set that variable to 5 which means DoH "Off by choice", Proton in said tutorial suggest value 3 instead, which means (According to https://wiki.mozilla.org/Trusted_Recursive_Resolver#DNS-over-HTTPS_Prefs_in_Firefox ) "Only use TRR, never use the native resolver.".
This confuses me since it looks like an opposite to what i have now, while any DNS leak site:
https://www.dnsleaktest.com/
https://ipleak.net/
does NOT report leak in my case nor in case i set network.trr.mode to 3. A bit weird but i guess no big deal?
Thanks for your feedback in advance.
Wrong (again) lol. I am aware about this text.