Comment by master_crab
10 hours ago
I do want to point out that dumping all of your traffic through a home/office network is not always a good idea. YMMV, but if you are in, say, LA, and pushed your 0.0.0.0 traffic through your home in NY, you just added quite a bit of latency.
This is great for keeping things in a LAN, but make sure you use your network rules correctly and don’t dump everything to your home network unless you need to.
(I too have a gli slate, but I use UI at home so will consider this when it comes out)
I disagree. DNS is generally unencrypted and leaking that over whatever open wifi you're on is generally worse from a privacy perspective than the latency you add bouncing through your home where you probably have encrypted DNS setup.
Even if you don't visit any http sites, you never know what might phone home over http, so an OS level VPN provides foolproof privacy at the cost of a tiny bit of latency.
Using encrypted DNS doesn't necessitate routing all your traffic through your home network. You can still encrypt all your traffic by using an encrypted DNS service or, if you really want to, a VPN service. But moving everything through your home network is not necessary, especially if you have any kind of usage caps.
And to further reinforce this point, one of the basic config variables for wireguard is your dns servers. You could literally send no traffic but your dns queries to the wg tunnel.
DNS is just one example. Like I said on my post you never know what data might be sent home in plaintext