As someone who has worked remotely as a software developer for the past 10 years, I understand how unfiltered access to the internet can lead to bad habits and compulsive behaviors. Easy access to adult content can be a major distraction and even turn into a destructive addiction.

Numerous methods exist for blocking porn, but not all of them are effective when you account for common bypass techniques. An effective porn blocker system requires a multi-layered approach.

Has a single, foolproof blocking app been developed yet?

The truth is, each type of device imposes different limitations on the control a blocking app can have, making it difficult to create a one-size-fits-all solution that will block porn sites in an effective way.

Additionally, Apple and other device manufacturers have strict controls in place to prevent apps from having more control over the device than the user.

Effective blocking can be achieved, but it requires more than installing a one-size-fits-all blocker app.

And that's why I started Tech Lockdown: to help hundreds of thousands of people take their blocking setup to the next level.

The Tech Lockdown membership that I provide goes beyond providing just another blocker app - it includes access to three areas:

1. DNS Filtering focused on Adult content blocking and bypass prevention.
2. Step-by-step guides to help people take blocking and bypass prevention to the next level through device management techniques. 
3. Expert support from specialists like me in content blocking and device management  
   

This guide will provide a high-level view of the blocking and bypass prevention techniques I've figured out and developed after hundreds of hours of testing.

Is Blocking Worth it?

If you're like me, you've probably tried to block porn in the past but found the blocker so easy to bypass that it was like it wasn't even there.

Here's the thing: implementing effective blocking takes some time and effort, but it's absolutely worth it.

Here's why:

It's easy to form bad internet habits

Have you ever wondered why it's so hard to stop compulsive behaviors? Some behaviors, especially internet porn use, can quickly form into a habit or even an addiction. 

---

Are you addicted to porn? Take the porn addiction assessment .

---

Here's why:

Cues

A habit starts with a cue or a “trigger” that prompts you to follow through on the associated routine. 

Common cues related to porn use: 

• seeing an attractive person on Instagram
• boredom and procrastination
• stress and anxiety
• time of day
• roommate leaving to run errands

Routines

In response to a cue or trigger, you “follow through” on the habit by performing a routine (a specific set of actions).

The critical thing to understand about habits is that once a habit is hardwired into your brain, you perform it without consciously thinking about it.

In response to a cue, maybe you automatically open a private browser and navigate to a specific site, then mindlessly browse. If this is a habit for you, you probably don’t even realize when you’re doing it.

Internet Porn hijacks your brain so that it's even harder to quit

The brain's reward system is hijacked by technology to encourage compulsive behaviors. High-speed internet is the force multiplier that turns porn use into a “need” instead of a casual behavior.

The reward chemical called dopamine is intended to further your survival so that you can pass on your genes. Dopamine ultimately drives motivation and the absence of dopamine can result in apathy.

The brain creates powerful, long-lasting associations with behaviors that produce dopamine. This is one of the reasons why cravings for porn can feel so powerful. The association with dopamine is so strong that the brain thinks it's a really important behavior, despite it ultimately being destructive to you. 

When it comes to destructive behaviors, such as binge eating, the brain attempts to dampen the pleasure response so that you stop the behavior.

This is known as “desensitization” and it's the reason why you become sick of food that you are overeating or lose interest in the same song after many repeat listens.

You build tolerance and become desensitized to it. The pleasure response is reduced and you ultimately lose interest for a period of time. This is one of the biggest negative effects of watching porn .

Porn addiction probably wouldn't be a widespread problem without high-speed internet. This is because the main way to override desensitization is through novelty - or consuming something new and different.

In the context of sexual behaviors, this is known as the coolidge effect and it basically just means that watching new porn videos triggers an elevated dopamine response because the brain isn't desensitized to that particular media. This effect helps to explain why porn is so addictive . 

Since the brain can create such a powerful association with pornography and dopamine, you will probably find that you need a system for blocking content and preventing bypass as a long-term protective measure – it's not something you will temporarily use.

If you want to learn more about these concepts, read my highlights from the book " Your Brain on Porn " by Gary Wilson. 

How to break bad habits

The most common way to stop yourself from following through on a bad habit is to use willpower. However, this is only if you are lucky and aware enough to catch yourself before you automatically follow through on a habit without thinking.

Completely relying on willpower or “white-knuckling" doesn't work in the long-run. Willpower is a finite resource and having the option to browse an unfiltered internet can be draining on your willpower because you’re consistently restraining yourself.

According to  Atomic Habits , two aspects of breaking a bad habit are:

1. Remove cues from your environment
2. Make the habit difficult to perform

Controlling your devices reduces environmental cues that trigger the habit so that you don’t have to use as much willpower in the first place.

Effective porn blocking and bypass prevention make the habit difficult to perform. When you combine blocking and bypass prevention with accountability and a conscious effort to quit porn , you have a much higher chance of being successful.

Configuring Better Blocking

There are a few approaches to setting up effective blocking. The approach you use will depend on the devices you use and the specific "sticking points" that you are running into.

Some people are completely fine with a more basic blocking setup while other people need a more extreme setup, like converting their smartphone into a dumb phone .

I've spent hundreds of hours writing guides that show step-by-step setup instructions  for the most commonly used devices.

In this section, I'll provide an overview of the available blocking capabilities. 

DNS Filtering

A DNS Filtering service is an effective approach to blocking content and it's the cornerstone of my blocking stack. Because it's so important, I include a DNS Filter with all Tech Lockdown memberships.

Choosing a DNS Filter service

If you are just trying to block websites or monitor websites visited on your WIFI , you won't need to be as picky over what features to look for when evaluating a filtering service.

However, if you're an individual trying to quit porn or a parent protecting yourself and your children from harmful content, you should pay special attention to the available features. 

Here are critical features that you need to make sure any DNS Filtering service you evaluate has:

Customizable Categories

The filter service should allow you to select what categories of content you want to block. You'll want to have the option to block P2P & Illegal file-sharing websites that are frequently used to distribute Adult Content, but aren't themselves classified as Adult Content. 

Also, you should block Proxy & Filter Avoidance categories to prevent common bypass techniques.

Furthermore, it's important to block search engines that don't support safesearch while enforcing safsearch on the unblocked search engines.

Customizable Block and Allow Lists

Sometimes you'll come across a website that is classified in Message Boards & Forums or Social Networking, but adult content can easily be found. For example, Reddit.com isn't categorized as an Adult Content website, but that content can easily be found within the various subreddits dedicated to that content.

It's crucial that you can maintain your own block list so that you can selectively block those "grey-area" websites entirely.

Alternatively, for a "grey-area" website like Reddit, you could choose to block images on the website instead of blocking the website entirely. In order to do that, you would add the following domains to your block list:

external-preview.redd.it
v.redd.it
redditp.com
redditstatic.com
alb.reddit.com
thumbs.redditmedia.com

Having access to an allow list also gives you more control over how strict you make your filtering. For example, you can block a category like Social Networking, but add facebook.com to your allow list, which will unblock facebook.com while blocking every other social media website.

Smart Categorization

Some DNS Filtering services rely on manually reported websites or they go off of a really old list of bad websites. These filtering services aren't effective at all because the filtering categories are so inaccurate and outdated that they are basically useless.

The ideal service should have a sophisticated method for categorizing content using something like machine learning & artificial intelligence to automatically find websites that should be blocked.

Social media companies use these sophisticated methods to automatically identify and tag photos.

Force Safesearch browsing

Search engines like Google provide different levels of search result filtering. Safe search is a strict search setting that removes adult content from search results.

Safe search has significantly improved over time as search engines get better at classifying websites and images.

DNS Filtering services can enforce safe search (lock the setting on) while also blocking search engines that do not have a safe search option.

Roaming Filtering

A huge problem with legacy filtering services is that they only work on your home network. This is easily bypassed by switching network connections and it doesn't work if you travel with your laptop or smartphone.

The ideal filter provides a filter application that you can download and configure on your laptop or smartphone so that filtering works on any internet connection.

Home Network Filtering

A DNS Filter should be set up on your entire home network. This will enable filtering on most devices that use your home internet connection without installing anything on those individual devices.

Setting up filtering on a router is a sticking point for some people, especially considering the variety of routers and features that your internet service provider gives you access to.

Most DNS Filtering services are configured similarly. I'll give you a high-level overview of what steps go into configuring filtering on your router. For specific instructions, read the free guide to configuring DNS Filtering on a Home Router . 

For home internet connections with an IPv4 address, here are the general steps:

1). Enter your public network address (IPv4 address) into the DNS filtering service

2). Point your home router to the filtering service by entering the filter DNS IP addresses

3). Handle IP address changes so that if your internet resets and your IP changes, filtering continues to work properly.

If your home internet uses an IPv6 address, the process is usually simplified. Here are the general steps:

1. Check that your DNS Filtering service supports IPv6
2. If it does not (it only supports IPv4), disable IPv6 on your router
3. If it does support IPv6, point your router to the filter using your router's DNS

Roaming Network Filtering

In addition to setting up DNS Filtering on your home internet, you should also configure your devices to use DNS Filtering when roaming (on any internet connection).

One way to do this is by using the filter application provided by the DNS Filter.

Alternatively, you can directly configure a device's network settings to point to the filtering service you are using. 

Built-in Content Filtering

The next level in my suggested setup involves using a device's built-in filtering capability to enable another blocking layer. Built-in filters are a critical blocking layer because they will often work while a VPN or Proxy is active.

Managed Content Filtering

If you set up a managed device, you can enforce content filtering and prevent the user from changing the content filtering settings from the device itself.

Device management is a core focus of the Tech Lockdown premium guides because it provides the most control over the device and unlocks more blocking capabilities.

Windows, Mac, Android, and iOS devices can all be managed and enable a built-in content filter.

In addition to toggling on the built-in content filter that limits adult content, you can also add your own list of URLs that should be blocked.

Hosts File

The computer's hosts file can be used to block websites or enforce safesearch on search engines. The hosts file blocking method works even with common bypass techniques.

For example, adding the following lines to your hosts file will enforce Google safesearch even if you aren't using a DNS Filter:

216.239.38.120 google.com
216.239.38.120 www.google.com

Adding the following lines will block Facebook:

0.0.0.0 facebook.com
0.0.0.0 www.facebook.com

If you are a Tech Lockdown member , you get access to a pre-curated hosts file that contains a list of adult websites to block and search engines with enforced safesearch.

Learn more about how to use the hosts file to block websites .

Blocker Applications

Blocker applications are often weak on their own, but when combined with other layers of a blocking system, they can open up more blocking flexibility and control.

For example, blocker applications can typically filter URLs, which allows you to block pages within a website.

Block Searches

You can block searches containing specific keywords on Google, Youtube, or most other search portal websites.

For example, when you search for"fruit" on most websites, the URL will usually have a part like this:

?query=fruit

?q=fruit

To block searches on Google and Youtube containing the word "fruit," you can use a blocking application to block that with a blocking expression like this:

Block Google Images

If you want to block Google images , you'll likely need to use a blocking application. You can force safesearch using a DNS Filter, which filters Google images, but you can't block image search entirely. This is where a blocking application can provide some benefit to you if you don't want the option to search images at all.

When you search on Google images, the URL changes to something like this: https://www.google.com/search?q=apples....&tbm=isch. 

If you want to block Google image search entirely, you can use a blocking application to create a block like this to target image search specifically:

*google.com/search*tbm=isch*

Block Pages within a Website

With a blocking application you can use URL filtering to filter within a website. For example, you can block all of reddit.com, but whitelist the subsections of reddit that are safe. DNS Filtering services can't do this - they can only block an entire website, not sections within a website. 

Reduce “fishing” for unblocked content

Some blocking applications will penalize you for finding blocked websites. For example, blocking applications on Android smartphones can temporarily block usage of your device for 5 seconds each time you find blocked content. This makes it really tedious to search for unblocked content.

Block Based on Window Titles

When you visit a page in your browser, you'll see the title in the tab.

You can configure blocking applications on platforms like Windows to block any website that uses a specific title or contains specific words. 

Enforce Blocking and Prevent Bypass

The second area of focus involves bypass prevention strategies so that blocking is enforced.

One of the best ways to harden your blocking system is to configure device restrictions using device management. My approach is identical to what an IT department would do when they set up company devices. This is a key focus on the Tech Lockdown premium guides .

You can manage most kinds of devices: Windows computers, Mac laptops, iOS devices, and even Android devices. 

Companies use device management so that they can remotely supervise work devices that they issue to employees. A company's IT department has complete control over their corporate devices - they can remotely install or remove software and they can customize what settings you have access to. 

Device restrictions vary depending on the device, but they all have a few things in common.

Here are a few examples:

Prevent Changing Network Settings

It's important to prevent a user from easily removing or changing DNS and other network settings. There are a few strategies for restricting access to modifying network settings. 

On managed MacOS devices, you can distribute a config file that locks DNS settings.

iOS and Android smartphones have access to a similar capability where you can distribute a config file with a Mobile Device Manager that enforces network settings.

Mobile device management can even be used to restrict the user from configuring a VPN on the device.

You can also restrict a user from connecting to unapproved Wi-Fi networks.

Unmanaged Windows devices can use a blocking application to block windows based on the window title. This makes it possible to password-protect access to changing DNS settings by blocking the window title Network Connections.

Block Browser Extensions

In addition to enforcing DNS settings, it's recommended that you set up a managed browser so that you can block unapproved browser extensions and enforce other browser restrictions. Blocking browser extensions makes DNS Filtering more effective and harder to bypass.

Enforce Browser Extensions

The downside of blocker apps on Windows and Mac is that they have limited ways to prevent themselves from being disabled.

You can make a blocking application more effective by enforcing the browser extension so that it can't be disabled.

Setting up a managed browser allows you to enforce the use of extensions, like the extension that the Cold Turkey Blocker application relies on. Notice that cold turkey doesn't have the option to be removed or disabled while Google Docs can be removed or disabled:

Browser Proxy

When a browser like Google Chrome is managed, you can disable the ability to set a proxy to avoid common filter bypass techniques.

Enforce Browser SafeSearch

In addition to using a DNS Filter that enforces SafeSearch on supported search engines, you can also enforce SafeSearch in a managed browser. This is a great fallback for if the DNS Filter is bypassed.

Guest Mode & User Accounts

A common bypass method involves a user signing into a computer or browser using guest mode, which often allows the person to bypass some levels of blocking.

On managed MacOS, you can remove Guest Mode entirely and even restrict access to managing Users & Groups so that new user accounts can't easily be created.

If you've set up a managed browser like Google chrome, you can disable guest mode there as well:

Prevent Deleting Browsing History & Incognito Mode

Add a higher level of accountability by removing the ability to delete browser history or use incognito/private browsing mode. This is possible when managing a browser.

Using Kiosk Mode to Limit Features

Managed smartphones get access to a powerful feature called Kiosk mode. Enabling Kiosk mode gives you access to even more device restrictions and the ability to customize your own dumb phone .

Kiosk mode lets you remove access to everything other than what you've specifically allowed.

You can use this approach to block access to device settings or even remove the ability to use web browsers. 

Prevent Uninstalling Apps

You can even distribute apps to your iPhone or Android smartphones from your mobile device manager. Apps that are distributed via Mobile Device Manager are difficult to uninstall.

In the below video, I use an MDM to remotely install a blocking application on an Android device. The app can only be removed using the MDM, not from the device itself. 

Block apps

You can use a mobile device manager to completely restrict the usage of any application that can be downloaded from your phone's app store. You can block apps on Android and block apps on iPhone  and even block apps on Windows and Mac computers.

On managed smartphones, you could choose to block all apps and only approve a few specific apps. Alternatively, you could block individual apps. In the below example, I block the Instagram app, which uninstalls it if it already exists on the device and prevents it from being reinstalled.

Frequently Asked Questions

Handling VPNs and Proxies

One of the reasons a blocking system is so important is because you have more flexibility over handling conflicts and common circumvention techniques.

Proxies, VPNs, and other DNS providers are common pain-points when it comes to blocking porn. This blocking system takes these circumvention methods into account. Here are the bypass prevention strategies (you should use as many as possible):

1). Use a DNS Filter that blocks Proxy & Filter avoidance category so that it's harder for a user to download a VPN or find websites used to bypass filters.

2). Use device management to restrict the ability for users to configure VPNs

3). Enforce a device's built-in blocking capabilities, which usually work even with a VPN

4). Use a blocking application, which will usually work even with a VPN.

What do I do if I need to use a VPN?

If you need to use a VPN to bypass regional restrictions, consider using a VPN that lets you set DNS resolvers. You can set the VPN's DNS servers to point to a generic filtering service, like Cloudflare for families . This will at least provide some level of protection while you browse on a VPN. 

Preventing yourself from logging in and unblocking content

If you are self-managing your own blocking system, it's important that related accounts are difficult to access. In order to reduce the likelihood that you simply disable your safeguards or update your filter settings less restrictive. It’s important to set up a system that makes this process really tedious (but not impossible).

I place a big emphasis on providing tools and strategies for people who are self-managing. For example, the Tech Lockdown DNS Filter lets you lock your filter settings using a second email address so that you have to retrieve a randomly generated pin to make your filter less restrictive:

I thought about this scenario when I created the Tech Lockdown Filter. I wanted users to be able to easily sign in to their account using their normal email address so that they could update billing information or add items to their blocklist easily. Adding a second email to your Tech Lockdown account allows you to lock your filter settings so that you have to access your second email account every time you want to make your filter less restrictive.

Why use a second email address?

A second email address is critical when self-managing your own blocking setup.

You should create a second email address using an email provider that you don't already use (like  Proton Mail ). Randomly generate a password that you can't memorize and store it in a way that is time-consuming to retrieve.

If you use this second email address to create any accounts related to blocking and filtering, you should not store those account passwords. Instead, use the "lost password" option available on most login forms so that you have to login to your second email in order to access the account. 

The most Restrictive Setup for Smartphones

The strictest possible setup for iPhone and Android smartphones involves converting your smartphone into a 'dumb phone' by customizing the device to block access to certain features. Learn how to  create your own dumb phone .

How Do I Get More Help?

If you want help setting up my recommended blocking and bypass prevention methods, become a Tech Lockdown member . Membership includes access to step-by-step, premium guides and access to expert support.