1. Welcome to NoFap! We have disabled new forum accounts from being registered for the time being. In the meantime, you can join our weekly accountability groups.
    Dismiss Notice

macOS blockers

Discussion in 'Porn Addiction' started by sinner76, Sep 30, 2021.

  1. sinner76

    sinner76 Fapstronaut

    780
    1,001
    93
    These methods are for OS X HIGH SIERRA AND ABOVE

    -I always recommend using more than one filter because they strengthen each other.



    -Cold Turkey
    1-Install Cold Turkey:
    https://getcoldturkey.com/

    2-Install Cold Turkey extension on your browsers.

    3-Enable "Allow in incognito/private" for Cold Turkey's extension on chrome and brave.

    The following step is very important to get Cold Turkey to detect that incognito is off.

    4-Open Terminal from your applications and enter these commands which will stop cold turkey from asking for incognito permissions:


    Do not proceed unless you do this step because after we install the filtering profile, "Allow in incognito" option will be hidden and Cold Turkey will block your browser.

    Screenshot on how to use and import configurations:
    https://imgbb.com/DgFBzG0

    Go to Settings>Blocking to add further restrictions.

    I highly recommend you block Activity Monitor, if you don't use it.

    Import this list:
    https://www.mediafire.com/file/i2fsvs8z6eqmbjp/Block+Lists+from+Sinner's+MacBook+Air.ctbbl/file

    Cold turkey will block unsafe browsers that could be used to access porn.

    The imported blocklist:
    *Blocks porn/proxies/VPNs
    *Blocks sites that contain bad (porn) keywords.
    Note that this list blocks bad sites based on keywords

    Remove the extension from browsers you want to block. You could block Safari (and Terminal) using the configuration mentioned above.



    (Cold Turkey prevents you from tampering with its files. If you want to additional protection to Cold Turkey, check out fapsecure which will be discussed later in this post)

    Best way to lock Cold Turkey's blocks:
    This method is possible because Cold Turkey allows you to lock blocks for a period of time from Terminal.

    Example:
    "/Applications/Cold Turkey Blocker.app/Contents/MacOS/Cold Turkey Blocker" -start "Bad Sites" -lock 720

    This will lock the block named *Block Bad sites for 720 minutes (12 hours).

    Now we need to execute this command automatically when your mac starts and to reset it to 12 hours (e.x. every 2hours). This could be easily done using launchctl.
    Download this plist:
    https://www.mediafire.com/file/sym9b6mddddjwgg/com.cold.redo.plist/file
    Keep it in your downloads folder and open it using text edit.

    You'll find this:
    <string>sleep 21; "/Applications/Cold Turkey Blocker.app/Contents/MacOS/Cold Turkey Blocker" -start "dontdeleteme" -lock 720; "/Applications/Cold Turkey Blocker.app/Contents/MacOS/Cold Turkey Blocker" -start "Safari macOS" -lock 720; "/Applications/Cold Turkey Blocker.app/Contents/MacOS/Cold Turkey Blocker" -start "Bad Sites" -lock 720;</string>

    These are several commands separated by semicolons ( ; ) in a single line. You can only put one liners in plist files. If you want to add more blocks, just add a semicolon and put your command.

    Explanation: The first command is a sleep command which is essential to give time for cold turkey to start up. The second command is important because for some reason Cold Turkey occasionally ignores the first command in the script.

    You'll also find this:
    <key>StartInterval</key>
    <integer>3600</integer>
    This will re-execute the command every 3600 seconds (1 hour).

    Make the changes that you want, then execute the following:

    -To copy the plist from the downloads to /Library/LaunchAgents then load it:
    Code:
    sudo cp ~/Downloads/com.cold.redo.plist /Library/LaunchAgents/com.cold.redo.plist
    
    launchctl load -w /Library/LaunchAgents/com.cold.redo.plist
    Wait for half a minute and your blocks will get locked.
    As long as this plist is loaded, the blocks will be locked for 12 hours every time you start your mac. It will be reset to 12 hours every 1 hour.

    You could add blocked items to locked blocks but you can't remove anything while locked. If you want to unlock the block:
    -Unload the plist:
    launchctl unload -w /Library/LaunchAgents/com.cold.redo.plist
    sudo rm /Library/LaunchAgents/com.cold.redo.plist

    -The lock will be unlocked automatically after 12 hours

    If you want to make any changes to the plist file, unload it, then start from the beginning by editing the plist in the downloads folder.
    -----
    Hint:
    to block the google images search add this:
    *tbm=isch*
    to block the google videos search add this:
    *tbm=vid*
    -Pluckeye
    This is one of the best blockers for macOS.
    https://forum.nofap.com/index.php?threads/pluckeye.300403/
    For Big Sur and later versions of macOS, you'll need to follow these steps to be able to enable pluckeye's system feature:
    https://docs.pluckeye.net/how-to-install-on-macosx
    I highly recommend pluckeye for Big Sur and later versions even if you can't use the system feature.
    Plucky's system level hardening is not yet perfect on Big Sur+. You should not notice anything different except if you're really tech savvy. If that's the case and you want the system level to be super hardened just like on windows and Linux, you'll need to disable System Integrity protection on your mac.
    This could be done by booting up your mac into recovery mode (Command+R on macs with intel chips or holding the power button on Apple Silicon macs) From there, open Terminal and enter the following command:
    csrutil disable
    You're done, just restart your mac. You might also want to check out how to password protect MacOS recovery mode in the MacOS thread.
    -macOS filtering profile:
    The Default removal password of the profile is nofap
    Edit the profile and change the password then use lockbox.pluckeye.net to save the password:
    https://ibb.co/fv19C1R
    You can modify everything in the profile using TextEdit such as the DNS used by browsers or the system. Make sure you change the default removal password which is nofap to a random password and save the password on lockbox.pluckeye.net

    -Download:
    https://github.com/John889/macOS_filtering_profile/archive/refs/heads/main.zip

    Features:

    -System DNS: set to CleanBrowsing Family.
    Cleanbrowsing family blocks reddit and enables Youtube restricted mode. Check out how to fix that below using the hosts file.

    -Chromium browsers(Chrome, Brave, Vivaldi):
    Enforces Leechblock extension
    Browser DNS set to Cleanbrowsing family
    Enables built-in porn blocker + Search engine safe search.
    Blocks: incognito, private windows, Guest accounts, new accounts, installing external extensions, VPN/proxy extensions, Tor on Brave.

    -Firefox:
    Enforces Leechblock and SafeSearch Enforcer extensions, disables private browsing, safe mode, profile switch, DNS set to Cleanbrowsing family

    -Safari: Enables the built-in porn blocker

    -Siri: Profanity filter ON. You can also completely block Siri.

    You can also block access to specific panes in "System Preferences". Editing instructions are included.

    (After you open the profile, you'll need to go to System Preferences>Profiles and click on install.)

    ----
    Other extensions enforced by the profile:

    LeechBlock: This will be enforced only on firefox. Right click the extension>options.
    Copy everything in this link and paste it in the domains to be blocked:
    https://github.com/John889/blocklists/blob/main/leechblockkeywords

    * at the beginning of the list means filter all sites
    + means allow a domain
    ~ keyword(if no keywords are added and there is an asterisk in the first line, all sites will be blocked.)

    Select all days of the week: Sun Mon Tue Wed Thu Fri Sat
    Check "Immediately block pages on these sites once blocking conditions are met"

    The above Blockset only filters keywords. You can't block domains in this blockset. So, Just click on Blockset2 and add whatever sites you want to block. Then enable for all days of the week, etc.

    Go to General tab, check "Process only active tabs (improves performance when multiple tabs open)"

    Then set a password and save it lockbox.pluckeye.net

    Leechblock can slow down your browser as we are using keyword blocking. Make sure you don't keep many tabs open, just the ones you need and it the performance should be good. It filters all open tabs every second.

    If needed, you could block the chrome and the firefox store using pluckeye. Just block: addons.mozilla.org and chrome.google.com

    -Editing and locking the hosts file
    The following hosts file will do the following by default:
    Enable Safe search on Google, Bing, duckduckgo & Yandex.
    Block other search engines.
    Allow access to reddit and twitter. (Edit the file if you want to block images and videos).

    Enable youtube normal (unrestricted) access.
    You could also block any site.

    1-Download SwitchHosts:
    https://github.com/oldj/SwitchHosts/releases
    (.dmg is for macOS. M1 macs need the arm64 version)
    2-Open SwitchHosts app, click the + button > local. Name it anything and save.
    3-Copy all of the contents of this file (command+a then command+c)
    https://raw.githubusercontent.com/John889/blocklists/main/hosts.txt
    4-Paste it in the new hosts that you've just created (command+v). Then activate the hosts using the switch button beside its name.

    You could edit this hosts as you wish. The instructions are present in the text. You could enable Youtube restricted mode, bock images on reddit and twitter, block any site that you want.

    If you want to lock your hosts file use fapsecure below. This is not recommended unless you have sufficiently tested your settings. You'll need to add this to fapsecure's protectedfiles.txt:
    /etc/hosts

    -Fapsecure for macOS ( DO NOT USE ON VENTURA OR ABOVE)
    Can only be removed if you have its password, or you'll have to wait for 4 hours.

    *Includes an app blocker that could be used to block any apps you want.(Instructions in "How to use.txt")
    *Includes a file protector that could be used to protect any file, folder or app.
    *Blocks unsafe browsers like Tor and many others automatically.
    *Enforces safe search on Google, Bing, Yandex.
    *Blocks tons of porn sites and proxies permanently.

    It can enforce a DNS on all the versions on macOS, not just Big Sur.
    Disables Screen Time "Ignore Limit" & "One more minute" buttons.

    By default, it changes your DNS server to Cleanbrowsing Family that blocks bad sites. Update: Now, you could use any dns server you want (IPv4 or IPv6)

    Cleanbrowsing Family DNS features: https://cleanbrowsing.org/filters

    1-Download "fapsecure.zip":
    https://github.com/John889/fapsecure-macos/raw/main/Fapsecure.zip

    2- Open Fapsecure.zip (it should be in "Downloads"). This will extract it and a folder called "Fapsecure" will appear in your Downloads.

    3-Copy the "fapsecure" folder to your Desktop. This is not optional.

    4-For the rest of instructions open "How to use.txt" in fapsecure's folder
    -Using macOS Screen Time to block apps:
    Requires Catalina or later versions of macOS.
    Located in Screen Preferences>Screen Time

    Normally, you can't lock Screen Time settings for an admin account. But you'll now see how it is done using Fapsecure.

    Hint: Don't make your mac a prison or you'll keep looking for ways to bypass the blockers.

    Turning it into an app lock:
    A)Turn on "App Limits" and select all the bad apps that can cause you to relapse into a new single app limit. Set the time to 1 min, which is the minimum. This option is recommended if you have all the bad apps downloaded on your mac.

    OR

    B)Downtime: The more extreme way. Not recommended except for tech savvy addicts.

    Blocks all apps even newly downloaded ones except for apps in the Always Allowed list.
    Go to "Always Allow" and select all apps (even if you don't use them) except the actual harmful apps. If you don't know what an app does, just keep it allowed. If you go too strict, you will end up removing the restrictions. Make sure you have downloaded all apps you need.
    DownTime will make Safari painful to use.

    Schedule: 6:00 AM to 5:59 AM



    You'll notice that when an app is blocked you can just click on ignore limits and allow the app. Fapsecure (discussed next) can block this button, if you add this to the blocked apps:
    ScreenTimeViewService

    Finally, you have to lock the Screen Time (to lock the settings) and "Users and Groups" panes (to prevent creating new users) using Fapsecure by blocking:
    com.apple.preference.screentime.remoteservice
    com.apple.preferences.users.remoteservice



    Fapsecure will also automatically prevent creating new users from CLI.

    If you open a blocked app, you'll have to right click its icon in Dock > Quit. Or terminate it by clicking command+option+esc

    -Disabling System apps like Safari (optional)
    This is not needed in almost all cases as many blockers mentioned here could block safari without taking any risks. Use this only if Safari is causing you problems and you can't block it using other blockers.

    This is an idea for the guys who want to only use the Chrome browser while blocking all other browsers.
    It's easy to just delete other browsers from your mac and use pluckeye's flee commands to block downloading other browsers, for example:
    pluck + flee word browser download
    pluck + flee word download browser

    But you can't just delete the Safari browser for two reasons:
    1-System integrity protection will prevent you from modifying its files.
    2-You might need it back later.

    Here's what to do to reversibly disable Safari:
    1-Boot up into macOS recovery mode. (Restart the mac and hold the power button for M1+ macs OR hold command+R for older macs)
    2-Go to Utiilties>terminal
    3-Enter this to disable SIP:
    csrutil disable
    4-Restart your mac and boot normally.

    Now we are going to compress the Safari browser with a password using the zip command. First, open TextEdit and type random stuff like jadsladsfjadslj. This is going to be the password to decompress Safari.

    5-Open Terminal and enter this:
    cd /Applications
    zip -er Safari.zip Safari.app

    It will ask you to enter the password that you want. Copy the one you typed in TextEdit and paste using Command+V.

    Now, you have a protected file named Safari.zip in your Applications folder. Save the password from TextEdit on lockbox.pluckeye.net then delete Safari application using this command:
    sudo rm -Rf /Applications/Safari.app

    (you can do the same to other system apps by replacing Safari.app with the app name in the above commands. Some apps like Terminal are located in
    /System/Applications/Utilities/
    Those apps cannot be deleted because they are on the system partition. Even if you delete them in recovery mode, they will be restored on reboot.)

    6-Go back to the recovery mode and enter this in terminal to re-enable SIP:
    csrutil enable

    That's is! You won't be able to launch Safari. If you want to restore Safari, you'll have to open Safari.zip (in your Applications folder), and use the password saved on lockbox.

    P.S. You only need to disable SIP the first time you compress and remove the app. After that you only need the zip password to decompress and use it.
    Password protecting the recovery mode (Command -R) & Single user mode (Command -S)(optional):
    If you have no idea what this is then do not proceed.

    THIS IS VERY RISKY.

    THIS PASSWORD HAS TO BE WRITTEN DOWN + TYPED & SAVED SOMEWHERE


    Macs with intel processors:
    https://support.apple.com/en-us/HT204455

    Macs with Apple Silicon:
    You'll need an MDM.
    A)Simple MDM:
    https://simplemdm.com/
    You'll need to select one time enrollment and download a profile. Open this profile using Apple configurator 2 (from app store) and click on File>unsign. This will allow you to edit the profile. In apple configurator with the profile opened, go to General, then under security click with authorization and enter a random password to be saved on lockbox.pluckeye.net. This will prevent you from removing the MDM supervision without the password. Now save and install the edited profile. Now go back to simplemdm.com and click on profiles> create a new profile and select recovery lock password, and uncheck generate a random password for each device, then enter a random password (you could use the same one you used above). Finally, you need to assign this profile to your mac by going to devices>yourmac>profiles>assign profile and select the one you just created. It will give you "unknown" status, but it will work.

    Apple Configurator 2:
    https://ibb.co/4mSt4t1

    History
    Enforcing a DNS server:
    If you're on macOS Big Sur or later, you could use profiles to enforce a DNS.
    The following profile enforces Cleanbrowsing family DNS (DNS over HTTPS).
    The major downside of the family DNS is that it enforces youtube restricted mode (no comments, blocks some safe videos). It also blocks reddit completely. If you want to allow access to reddit and unrestricted YT, you could use fapsecure (discussed next).

    EDIT: The DNS payload has been included in the macos filtering profile discussed earlier.

    -Enabling the built-in filter

    MacOS already has a built-in web filter. Normally, it could be enabled only on non-admin accounts. But this Profile will allow us to use it on admin accounts:

    EDIT: I added the built-in filter payload to the macOS filtering profile mentioned above.

    I have to mention that it works best with Safari, it also works with other browsers but many bad sites will pass through. Its main advantage is that it is system wide. I've added the following sites to the exclusions:
    https://Nofap.com/
    https://Yourbrainrebalanced.com/
    https://rebootnation.org/
    They must be in this format: https://site.com/
    The only way to add exclusions is by editing the mobileconfig file then reinstalling it. You'll need the password to overwrite the existing profile.
    Useless apps
    5-Sophos
    Download Sophos Home for Mac:
    https://my.sophos.com/en-us/download/
    After you install it, do this:

    ONE:
    https://pasteboard.co/JwJ0mug.png
    TWO:
    https://pasteboard.co/JwJ3PwY.png

    Do NOT block "sex education" category as it will block nofap.com
    Now, click again on sophos icon and click "check for updates"

    THREE:

    Sign up for a new account. This is important to protect your settings with a password.
    Don't sign up using your email because you'll be able to change sophos settings and reset the account's password. You could sign up with a friend's email and let him check his inbox for the confirmation email. If you don't want to involve a friend, you can use a temporary email:
    https://temp-mail.org/en/

    For the password, you could type a random password in TextEdit, ex:jfdadfsasjfasljlafjd. Then paste in the password field, you must not lose this password. I recommend you save both the email and the password on lockbox.pluckeye.net

    Again, do not lose the password or the e-mail address.

    Now, try clicking on Sophos>preferences. The webpage should ask you to login using your email and password. If it logs in automatically, it means you have to sign out:

    1-Click on your email then "My account":https://pasteboard.co/JyHjKEP.png
    2-Security>Settings:https://pasteboard.co/JyHk4pe.png
    3-Sign out all users:https://pasteboard.co/JyHkrYv.png

    In the next steps we are going to prevent anyone from removing Sophos.

    Locking Sophos:

    Protect Sophos app using fapsecure (mentioned above)
    You need to install this profile to prevent access to Security & Privacy" from Security Preferences. This will prevent you from removing Sophos permissions:
    https://www.mediafire.com/file/m1tulw9r5fgcr9e/Lock+Security+&+Privacy+.mobileconfig/file
    Don't forget to edit the file with TextEdit and change the removal password. The default password is nofap
    That's it!
    5-Forticlient



    Does not work on Big Sur.
    Official link for the latest 6.0.x version:

    https://filestore.fortinet.com/forticlient/downloads/FortiClientOnlineInstaller_6.0.dmg

    Setting up Forticlient for OS X (IMPORTANT):

    As I mentioned in the windows section above, the newer versions of Forticlient sets youtube to STRICT mode which makes youtube useless. So we'll have to edit forticlient settings:

    https://www.flickr.com/photos/187887389@N08/49929387771/in/album-72157714433295158/

    (Note that you might need to disconnect and reconnect to Wifi/Ethernet for forticlient to start working for the first time)

    Prevent removal of forticlient:
    Use fapsecure to prevent deletion of FortiClient files.
     
    Last edited: Aug 11, 2023
  2. the300clean

    the300clean Fapstronaut

    113
    116
    43
    that's a good start. but all of this text wall is confusing. i am not sure if all the blockers can prevent me from factory reset, or by other bypass. and it am not sure what is special about any one of them compared to the others.

    maybe you should give each filtering the following headlines:
    1. basic description.
    2. how to install
    3. way to bypass the blocker, and how to prevent it.
    4. advantages/disadvantages.
     
    sinner76 likes this.
  3. sinner76

    sinner76 Fapstronaut

    780
    1,001
    93
    You're totally right. I have noticed that most people don't reach the blockers at the end cuz it's very long. I'll do it but I think that I should edit other stuff right now before I forget. Thanks a lot for your opinion, man. I hope other people also give feedback ,and share bypasses and useful apps.
    To prevent factory reset, you'll need to password protect the recovery mode which is the last thing in the post. It would take you an hour to find it, if you started reading from the top..
     
    Last edited: Jan 20, 2022
  4. OhWhenThe

    OhWhenThe Fapstronaut

    1,175
    1,826
    143
    Is that the "Block Time & Language settings when a block is enabled" option?
     
    sinner76 likes this.
  5. sinner76

    sinner76 Fapstronaut

    780
    1,001
    93
    OhWhenThe likes this.
  6. zakhmisher

    zakhmisher New Fapstronaut

    4
    2
    3
    Hi Fapsecure new version isnt' working on Macos Monterey Beta. The older fapsecure now shows payload identifier error when installing profiles.
     
  7. sinner76

    sinner76 Fapstronaut

    780
    1,001
    93
    What is not working exactly? DNS IPv4 enforcement or app blocking?
    Forget about that profile. I added the secure DNS payload to the macOS filtering profile, but it will probably also fail to install on Monterey. I need to upgrade my OS to see what is going on but I'll have to wait for the public release for financial reasons.
     
    Last edited: Oct 14, 2021
  8. zakhmisher

    zakhmisher New Fapstronaut

    4
    2
    3
    Hi DNS leak test seems to suggest that cleanbrowsing is working but it is not blocking any site.
    I have upgraded by participating in the beta program for the macos.
     
  9. sinner76

    sinner76 Fapstronaut

    780
    1,001
    93
  10. JaJeJo

    JaJeJo New Fapstronaut

    3
    1
    3
    Hi, current version of Fapsecure doesn't seem to enable reddit or block other search engines, because whilst the guide here doesn't say that now, the how to use.txt still does. Is this normal behavior?
    Am using MacOS Mojave 10.14.5
     
  11. sinner76

    sinner76 Fapstronaut

    780
    1,001
    93
    The old fapsecure enabled reddit by editing the hosts file. I mentioned how to do it using switch hosts. I removed it from fapsecure to allow people to customize the hosts file according to their needs. Some people want images on reddit, others want it completely blocked.

    Sorry, I will have to edit the howtouse file in the next update.
     
    JaJeJo likes this.
  12. JaJeJo

    JaJeJo New Fapstronaut

    3
    1
    3
    Ah, okay. I got a 'new' refurbished macbook yesterday and installed the latest version of fapsecure straight away, but tested it out because it seemed very different (at the time knowing I still couldn't access reddit and still view other search engines) but anyhow also found 3 loopholes getting around this fapsecure version that were not present with the older version and even managed to remove the dns entirely and managed to access everything again and annoyingly relapsed, Is it possible to still get the old version as it was? Thank you
     
    sinner76 likes this.
  13. sinner76

    sinner76 Fapstronaut

    780
    1,001
    93
    I will send you a pm.
     
  14. iamShinra

    iamShinra Fapstronaut

    do I need pluckeye to run fapsecure?
     
  15. iamShinra

    iamShinra Fapstronaut

    I've installed and setup fapsecure but not pluckeye cuz it does not support my Current mac version
     
    sinner76 likes this.
  16. issuespleasehelp

    issuespleasehelp New Fapstronaut

    1
    2
    3
    Is there a version of fapsecure without the 4 hour uninstall time (so password only)
    Because otherwise it kinda defeats the purpose of having a lockbox if you can disable it in 4 hours anyway
    Thanks!
     
    Last edited: Nov 23, 2021
    sinner76 likes this.
  17. FootballingGenius

    FootballingGenius New Fapstronaut

    1
    2
    1
    Hey, so i got the Force DNS downloaded as well as fapsecure, I then wanted to uninstall these apps because of youtube and it blocking some of my work sites that I need. So I uninstall fapsecure but ForceDNS is still active, its super frustrating. How do I get this done?
     
    sinner76 likes this.
  18. sinner76

    sinner76 Fapstronaut

    780
    1,001
    93
    Actually pluckeye will work on Big Sur and Monterey if you disable System integrity protection. You could google it if you're interested.
     
    Koli Pratham likes this.
  19. hey m8, thanks for the great advise. id like to import your block list into cold turkey blocker but i cant figure out how to do it. unfortunatly the sceenshot is down. could you reupload it?
     
  20. HeraklesStrong

    HeraklesStrong New Fapstronaut

    2
    1
    3
    Fantastic and thorough list of blockers!!! Than you so much!

    Question: Does anyone know how to disable rebooting in "Safe Mode" on a Mac with an Apple M1 chip? Note that Safe Mode is different than Recovery Mode.

    With the M1 chip, there is unfortunately no longer a Firmware password. But I've blocked booting in Recovery Mode by creating an Admin account (and making the account I use a Standard User) and then placing pieces of the very long password in different lockboxes, which would take me a very long time to retrieve. This blocks me from accessing Safari in Recovery Mode and also from erasing the hard drive and installing a new version of MacOS.

    However, I can still boot in Safe Mode which doesn't load key blockers on startup. There has to be a way to block or disable it, right?

    Would be beyond grateful if someone were to help me out.
     
    sinner76 likes this.

Share This Page