Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

'Lockdown' Firewall App That Lets You Block Ads and Trackers in All Apps Expands to Mac

simonmet said:
I hadn’t heard of the iOS app, so this is a good reminder, thanks!

It looks interesting. I always wanted a system-wide ad/tracking blocker, but didn’t want to endure the slowdown of online VPNs. This seems to solve that issue on iOS. I don’t understand the benefit of the paid version compared to the free tier however.
Click to expand...
The paid one is a VPN, the free version is just a tracker blocker system-wide.
[automerge]1581824171[/automerge]
Airforcekid said:
Why not just use a PiHole or a service like nextdns.io it covers every device with way more flexibility?
[automerge]1581717173[/automerge]

This isnt a firewall it modifies DNS requests to block trackers and ads.
[automerge]1581717280[/automerge]

Look into www.nextdns.io or the pihole project they accomplish the same thing but over your entire network.
Click to expand...

The key difference is the blocking happens on device vs on a server (NextDNS), but then using Lockdown would still pass on the unblocked DNS requests to a DNS server. So in this case, using NextDNS makes more sense, unless you want to encrypt your traffic by turning on the paid VPN of Lockdown.
[automerge]1581824459[/automerge]
Airforcekid said:
Why not just use a PiHole or a service like nextdns.io it covers every device with way more flexibility?
[automerge]1581717173[/automerge]

This isnt a firewall it modifies DNS requests to block trackers and ads.
[automerge]1581717280[/automerge]

Look into www.nextdns.io or the pihole project they accomplish the same thing but over your entire network.
Click to expand...

The key difference is the blocking happens on device vs on a server (NextDNS), but then using Lockdown would still pass on the unblocked DNS requests to a DNS server. So in this case, using NextDNS makes more sense, unless you want to encrypt your traffic by turning on the paid VPN of Lockdown.
luvbug said:
PiHole or dnscrypt-proxy for your whole network, or the Brave browser for browsing - all open source. As already mentioned, this is *not* a firewall, it's a dns filter, and I don't know why anyone would want to supersede an internal OS firewall anyway.
Click to expand...
You’re absolutely correct. But I’m moving from DNSCrypt to Lockdown as the former is no longer being updated. They’re working on DNS over HTTPS but that project has no GUI Mac client.

Lockdown can be used with NextDNS, but it would make more sense to add blacklists directly on NextDNS. The only downside is both Lockdown and NextDNS only let you add 1 domain in the blacklist at a time. For people with a customized blacklist, that would take eternity to import.
 
Last edited:
Smigit said:
In regards to PiHole you answered the question yourself later on...it covers “your” network. If your device is mobile then chances are much of the time is spent on other networks and unless you’re going to create a VPN and connect back to your home permanently, your access to PiHole ends as soon as you walk out the door. It’s a great product and I use it myself, but I still have on device filtering for mobile devices for that very reason.


That DNS option you posted looks interesting but it also carries a subscription cost so if this is free then I’m semi inclined to use PiHole at home across the entire network and then some on-device options for my mobile systems. Home desktop, TV, Console etc all can get serviced by PiHole but this or similar covers you on the go.

Again could set up a VPN to home but I’d likely see a huge performance hit in doing so compared to my 4G speeds.

curious how this compares to AdGuard which has some system wide options for various devices.
Click to expand...

I’ve been using AdGuard Pro for iOS since 2017 after switching from Disconnect which doesn’t allow customized blocking. I have well over 1000 apps on my phone. When I get a new phone, it’s the first app I prioritize to download so it starts blocking right away.

ADGuard Pro only costs a few bucks, it’s a one time purchase. Lockdown is free unless you want to use their VPN. I’m unable to give Lockdown a try due to its inability to import multiple entries at a time to black / white list, though I expect they work the same.

I had issues with ADGuard “personal VPN” dropping when going from WIFI to cellular on my older iPhones, which happened occasionally with older builds of Disconnect in 2016 too, but haven’t experienced the issue since upgrading to iPhone 11 Pro. Weird as it’s running the same version of iOS. ADGuard’s customized DNS server feature also finally works with native IPv6 on T-Mobile. Before that, I had to switch to system default every time my phone disconnects from WIFI.
 
I have noticed in Safari (iOS) the ad section is a big white space after installing this app. With AdGuard this doesn’t happen , the ad and white space are not there , making the pages easier to look.
 
Last edited:
nice idea for free, but even better, you should install PiHole which does the same but for all your devices connected to your home network. Its a tad more work than downloading an app and clicking "ON" but it will run everywhere.
 
I've been using VPN Unlimited on my phone. Any thoughts on the difference between that and Lockdown VPN?
 
Smigit said:
In regards to PiHole you answered the question yourself later on...it covers “your” network. If your device is mobile then chances are much of the time is spent on other networks and unless you’re going to create a VPN and connect back to your home permanently, your access to PiHole ends as soon as you walk out the door. It’s a great product and I use it myself, but I still have on device filtering for mobile devices for that very reason.


That DNS option you posted looks interesting but it also carries a subscription cost so if this is free then I’m semi inclined to use PiHole at home across the entire network and then some on-device options for my mobile systems. Home desktop, TV, Console etc all can get serviced by PiHole but this or similar covers you on the go.

Again could set up a VPN to home but I’d likely see a huge performance hit in doing so compared to my 4G speeds.

curious how this compares to AdGuard which has some system wide options for various devices.
Click to expand...

If you’re able to setup pihole then setting up OpenVPN shouldn’t be a problem.

Pihole is great once you work with white listing certain things. I did end up putting my wife’s iPhone and iPad in bypass because I got tired of the problems it would cause with Facebook and Hulu.
 
nickcliborne said:
If you’re able to setup pihole then setting up OpenVPN shouldn’t be a problem.

Pihole is great once you work with white listing certain things. I did end up putting my wife’s iPhone and iPad in bypass because I got tired of the problems it would cause with Facebook and Hulu.
Click to expand...
It’s not so much the complexity of doing it that’s put me off but rather it’ll likely degrade my mobile speeds which are often on par and can exceed my homes connection. I’m based in Australia where most residential plans top out at 100mbit down and 40mbit up. I’m fortunate enough to have that, many don’t, but if I use a VPN to access my homes PiHole instance then my residential 40mbit upload will become the max my mobile will achieve if all traffic, not just DNS, is going via the VPN. At least that’s my understanding. Given my mobile plan can out perform my home I don’t really want everything going via a VPN for that reason.

Could possibly look at other options for accessing PiHole. Right now I’m playing with either using AdGuard Pro with a number of on device filter rules or NextDNS + DNSCloak which was suggested here with server managed rules. It’s not as good but it’s probably a good enough compromise for me.
 
DoctorApple said:
I’ve been using AdGuard Pro for iOS since 2017 after switching from Disconnect which doesn’t allow customized blocking. I have well over 1000 apps on my phone. When I get a new phone, it’s the first app I prioritize to download so it starts blocking right away.
Click to expand...

1,000? That’s pretty impressive. Just out of curiosity, why so many?
 
miKaphd1 said:
This app is definitly not needed if you have Little Snitch. This morning I just created my own Little Snitch rule blocking the 555 domains that Locknote is blocking (you can find the list on their github). But if you are looking for very good list for Little Snitch (with much much more domains blocked than Locknote), take a look at


or

Click to expand...

I'm so curious about this. I didn't know that Little Snitch could do this, so I didn't look into any farther the first time I heard about it. But if it can block ads coming in at the network level, then it'd be well, well worth the price of entry for me.

I'll take a better look, but if you have any resources beyond what you've kindly provided I'd love to see them.
 
Dear experts,

A few questions from a newbie...

1. When I turn the Lockdown firewall ON, should I turn OFF the firewall which came with my Catalina macOS or still keep it ON?
2. When I turn the Lockdown firewall ON, should I turn OFF the Ad Guard for Safari or still keep it ON?
 
I tried this out on iOS earlier. Seemed to want to access my VPN settings to be able to turn on the firewall which I said no to. I'm not trying to use the VPN, just the Firewall...is Firewall an accurate description in this case if it instead routes all your traffic through some other service via VPN?

The description says it does everything on-device so I'm not sure where connecting to someone's VPN comes into that equation....
 
jeyf said:
i always wondered about how private the DNS process really is?
Click to expand...
Its not at all unless you use DNS over HTTPS or TLS. Cloudflare, Nextdns.io and adguard all have apps that offer encrypted DNS on IOS and MacOS.
[automerge]1582062171[/automerge]
Erehy Dobon said:
Unlike some people here, I actually leave the house occasionally.
Click to expand...
nextDNS works on any network if you have the app it works over LTE etc or you can configure it with OpenVPN to work with nearly any VPN provider. With pihole you can setup pivpn to compliment it but I havent had the need to with the first option working well.
 
Marx55 said:
How does Lockdown compare to Little Snitch on Mac?
Click to expand...

I tried lockdown for a minute and realized it requires use of their VPN. I already have a paid VPN so that was a deal breaker. Little Snitch gives far more control over connections IMO.

trigf said:
Tried to download it, but it "requires" Catalina...
[automerge]1581713120[/automerge]


Little Snitch only blocks/allows/monitors network traffic and connections. This blocks ad tracking that is used to target you with advertisements and analytics that are sold to marketing firms.
Click to expand...

I prefer a trustworthy VPN, little snitch, and a good adblocker myself.
 
Personally, I found that a pi-hole works the best and is the most robust. Anything on my home network gets blocked, the only things that seemingly get through are YT ads, and I use adblock plus to filter those out completely.
 
  • Like
Reactions: xodh
maflynn said:
Personally, I found that a pi-hole works the best and is the most robust. Anything on my home network gets blocked, the only things that seemingly get through are YT ads, and I use adblock plus to filter those out completely.
Click to expand...

The trouble with pi-hole (or any other kind of traffic filtering device on your network) is it only works when you're *on your network*.

Especially for phones that looks kinda useless to me.

How does this Lockdown thing work on iOS? It forces all your traffic through a VPN, so it has to go through *their* servers?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back