Content Blocking and Bypass Prevention: Where should you draw the line?

Ben

|

Updated May 28, 2024

After several years running Tech Lockdown, I've interacted with thousands of people with different blocking and bypass prevention needs. Most people I interact with are focused on restricting themselves from accessing harmful content while others are helping another person.

I've realized that it's important to clarify something: How far should you go with blocking content and enforcing a blocking system?

As you probably know, I've dedicated hundreds of hours examining the best methods for blocking content and preventing bypass on each device. If you've read any of our guides, you'll see that there are many ways to customize how restrictive you get with a blocking system.

Blocking and bypass prevention is a key tool that can help break bad habits, but some people rely on it too much.

Let's start by summarizing what you can generally do from a blocking and bypass prevention standpoint.

Blocking and Bypass Prevention Guides

We've created guides for each device that are the ideal starting point for determining how far you want to go with your blocking system:

1. Block Porn on PC
2. Block Porn on Mac
3. Block Porn on iPhone
4. Block Porn on Android

These guides are the best source to start with, but here are some other guides that many of our members inevitably need to reference:

Windows

1. Block Task Manager
2. Disable Incognito Mode

Mac

1. Block Safari
2. Disable Private Browsing

iPhone

1. Enforce VPN
2. Disable Safari on iOS
3. Block Apps on iPhone
4. Lock Settings
5. Disable or Limit the App Store

Android

1. Disable Play Store
   
2. Block apps on Android

Blocking Layers

We recommend a blocking "system" that starts with a multi-layered approach to blocking.

This gives you a backup plan if one of the layer fails or is bypassed and provides more blocking flexibility since some layers have more customization due to how they block content.

Network-level Blocking

Filtering content on the DNS-level is a critical base layer for blocking content.

This is why I've put such an emphasis into building a solution that focuses on network-level filtering.

Tech Lockdown DNS Content Policy rules

Here's why:

1. DNS blocking works consistently across many different types of devices.
2. You can configure a home router to point to your DNS Content Policy , which allows you to automatically filter the internet connection on all devices using your home WiFi.
3. You can directly connect a smartphone or computer so that it works when away from home. 
4. Categorization on the DNS-level is incredibly accurate and doesn't depend on you knowing every website or app that needs to be blocked. Since artificial intelligence has advanced so much, DNS categorization is becoming even more accurate.
5. You can use your Content Policy to disable apps , so even if the app is downloaded from an App Store, it won't be able to connect to the internet.

Native Blocking

In addition to DNS-level blocking, smartphones and computers have their own ways of blocking content that works alongside DNS filtering.

Let's look at Apple devices first.

The iPhone and Mac provide access to the Screen Time API. You can use Apple's built-in screen time feature to block content. If you download a blocker app like Freedom blocker  from the App Store, it uses the same Screen Time API to restrict access to content. If you set up supervised device mode for iOS , you can better enforce the usage of screen time content filtering.

The iPhone has access to the following blocking layers that work alongside each other:

1. DNS-level blocking
2. Screen Time (optionally enforced with supervised mode)
3. Blocker apps that leverage the screen time API

Compared to the iPhone, Android devices can install better content blocking apps from the Play Store. For example, the Freedom blocker app works great on Android and has some basic bypass prevention techniques that it uses to enforce itself. Additionally, if you set up a mobile device manager on Android like we recommend in our guides, you can add your URL blocklist.

Android blocking layers that work well together:

1. DNS-level blocking
2. Blocker Apps downloaded from the Play Store (they must use Android's API to restrict content, like the accessibility service , and not configure a VPN profile).
3. URL filtering blocklists specified with a Mobile Device Manager

Mac and Windows computers can use the hosts file to block websites  and this blocking method works reliably alongside other methods without conflicting. Furthermore, you can install website blocker browser extensions, like what you would download for the Google Chrome browser. These browser extensions only function within the context of the browser, so they also don't conflict with any of the other blocking layers. Browser extensions allow you to filter specific URLs or even block elements within a web page, so it's a key part of a blocking system.

Windows and Mac computers have the following blocking native layers that work well together:

1. DNS-level blocking
2. Hosts file
3. Browser Extensions
4. Mobile Device Management

Enforcement Layers

The next problem you have to solve for is preventing intentional or unintentional bypass of your blocking layers.

How would someone unintentionally bypass blocking layers, such as the DNS-level blocking?

Some people might add a privacy or security tool to their devices, thinking it is increasing their security posture, but actually weakens it by bypassing the DNS-level protection. You want to make sure you catch these accidental bypasses. Furthermore, devices or routers can be misconfigured, leaving devices vulnerable. For example, a power outage might cause your router to reset, changing it's IP address and causing DNS blocking to not function correctly.

As you can imagine, intentional bypass is the most common and hardest problem to solve. So lets look at some strategies.

Preventing DNS Content Policy Changes

The first layer you have to account for is preventing changes to the DNS content policy that would disable restrictions. For example, you have to prevent someone (or yourself) from logging in and temporarily disabling a rule.

We've taken steps to limit bypass prevention in the rule editor, even if a profile is not locked. For example, depending on the rule action, you won't see certain options.

There are two more ways you can solve for this.

Profile Locking

Profile Locking prevents making changes that would reduce restrictions while allowing for adding restrictions.

Account Sharing

Sharing an account with a trusted person so that there is oversight into recent and popular traffic logs or any changes to the content policy or account settings. An authorized user can see a history of changes to the Content Policy. 

Enforcing DNS Settings

In order to keep your devices connected to your content policy, there are a few options you have access to in your Tech Lockdown account.

App Preferences

You can configure your App Preferences (found in your Tech Lockdown dashboard settings) to lock the filter switch and prevent someone from logging out of the app. This prevents someone from toggling it off on their device.

Manual Config

You also have the option to manually configure a device to point to the content policy.

This works in addition to the app that configures the VPN, so you have a fallback layer that keeps your device connected if the VPN connection fails.

On iPhone, you can use our DNS Config generator to install a profile that automatically sets the DNS on your iPhone. If you set up supervised mode, you can prevent this profile from being removed. 

Mac devices have access to similar capabilities if you set up a fully managed Mac Device, like we talk about in the premium guides . You can install a DNS configuration file that cannot be removed. Furthermore, you can configure Chrome, Firefox, Brave browser, or Microsoft edge to enforce the use of private DNS settings that point to your content policy.

Enforcing DNS over HTTPs on Managed MacOS

Firewall Rules

Using firewall rules to require the device be connected properly in order to browse the internet. This is a more advanced concept, but you can utilize firewall rules to enforce the use of approved DNS servers.

Customizing a Smartphone to make it dumber

Another approach that I highly recommend is to make your devices a bit dumber by reducing the features.

Smartphones tend to be the biggest source of problems when trying to break addictive behaviors. This is why I recommend spending some time to customize your smartphone to limit the features.

For example, you can essentially convert an iPhone into a dumb phone by removing core features without losing access to the useful parts of the iPhone.

You can do the same thing for Android smartphones with the dumb phone approach for Android . 

Where should you draw the line?

You can make your blocking system extremely strict, even imposing limitations like preventing the Erase Content & Settings option on iOS (using device supervision and management techniques ).

However, some people will go through great lengths to get around their blocking setup.

But you have to ask yourself, at what point will it be enough? You might find that no matter what you do, there will still be a moment where you have to use some self-control to stick to your goals.

Even though I put such a strong emphasis on bypass prevention and effective blocking, I'm a firm believer that you shouldn't make a blocking system that is impossible to get around. 

The main purpose of a blocking system is:

1. Remove environmental "triggers" that cause a spiral of thoughts.
2. Add friction between you following through on a routine when you are bored.

I started Tech Lockdown for these two reasons, but at the end of the day, these are just tools that you should use alongside other methods.

Alternatives to Complete Restriction

If you are weighing out the option of continuing to make your blocking system impossible to circumvent, or getting rid of your devices entirely (a valid option), consider adding in a few more strategies first.

Increasing Accountability and Transparency

Although people are often resistant to this, I recommend being more transparent about your technology use. 

Before I started Tech Lockdown, I was renting public office space so that I could work remotely in a more accountable setting.

The office space I rented before the COVID lockdowns

I noticed the difference almost immediately. Keeping my computer in an office outside of my apartment helped me create healthier boundaries and feel a stronger sense of accountability.

Ask yourself:

1. Is there a way for me to use my technology in more accountable ways?
2. Can I set better boundaries?
   

Here are some ideas.

Set Physical Boundaries with Devices

Instead of charging your phone next to your bed at night, consider setting up a charging station in a different room. Build a positive habit of creating physical boundaries with your devices.

Schedule use of social media

I'm an advocate for blocking social media entirely  or at least being more intentional about when you allow yourself to access it. Smartphones and social media apps are habit-forming and you probably use it more than you realize. You shouldn't allow yourself to compulsively access social media. My suggestion is to set a block schedule for certain times of the day, or certain days of the week, where you can access social media.

Limit "Gray-area" Website and App Access

There are some websites and apps that provide access to a mix of content that can create challenges for any blocking system. If you don't want to block access 24/7, consider combining a scheduled block rule with physical boundaries. 

For example, you could create a scheduled block rule with your Content Policy to limit access to a "gray-area" website like Reddit to Saturday morning when you go to a coffee shop.

Work Remotely from Shared Spaces

If you work remotely, I'd highly recommend Co-working spaces. Better yet, a shared and secured office where you can leave your devices and set work/life boundaries. If these aren't an option, it can be helpful to build a habit working from a local library.

Share device access with a trusted person.

This advice applies more to couples, but you could share the unlock passcode to your personal computer and smartphone. 

Invite Trusted People to your Tech Lockdown Account

You can invite trusted people to your Tech Lockdown account so that they can see changes you've made to your content policy and recent/popular web traffic logs. 

Disable Private Browsing Features

You can also disable private browsing features  on your devices so that anyone sharing your device can see browsing history. Not being able to open an incognito window can help you think twice about what you are doing. 

Reducing Cues from Normal Technology Use

If you are self-reflective about the times that you are "triggered," you might find that there was a clear set of events that led up to that point.

The most common thing that happens is normal internet browsing where you see something that kicks off a series of thoughts that can quickly get out of control.

For example:

1. Social media use
2. Display ads on news websites
3. Clickbait thumbnails on YouTube videos and YouTube shorts

So how can you handle this?

Here are a few strategies I would use:

1. Schedule usage of "gray-area" websites and apps. For example, you can schedule using a platform like Twitter (x) during early morning or lunch. The point is that you should be strategic about when you access platforms that can show "triggering" content.
2. Block YouTube thumbnails and advertisements entirely. You can use your content policy to do this, but I would suggest using Brave browser as well, since it can effectively block ads and limit YouTube clickbait.
3. Use a "default-deny" blocking approach, where you block an entire category like Social Media, but allow specific social media apps. Combine this with a schedule for extra effectiveness. You can utilize your Tech Lockdown content policy to customize these restrictions.