These methods are for OS X HIGH SIERRA AND ABOVE -I always recommend using more than one filter because they strengthen each other. -Cold Turkey Spoiler 1-Install Cold Turkey: https://getcoldturkey.com/ 2-Install Cold Turkey extension on your browsers. 3-Enable "Allow in incognito/private" for Cold Turkey's extension on chrome and brave. The following step is very important to get Cold Turkey to detect that incognito is off. 4-Open Terminal from your applications and enter these commands which will stop cold turkey from asking for incognito permissions: Do not proceed unless you do this step because after we install the filtering profile, "Allow in incognito" option will be hidden and Cold Turkey will block your browser. Screenshot on how to use and import configurations: https://pasteboard.co/JMg1XPP.png Screenshot on how to prevent easy bypass: https://pasteboard.co/JTfSe8M.png I highly recommend you block Activity Monitor, if you don't use it. Import this list: https://www.mediafire.com/file/i2fsvs8z6eqmbjp/Block+Lists+from+Sinner's+MacBook+Air.ctbbl/file IMPORTANT: This list blocks many google searches so you have to turn on Google Safe search to exclude Google from being blocked https://www.google.com/preferences Don't forget to click save. Cold turkey will block unsafe browsers that could be used to access porn. The imported blocklist: *Blocks porn/proxies/VPNs *Blocks sites that contain bad (porn) keywords. Note that this list blocks bad sites based on keywords Remove the extension from browsers you want to block. You could block Safari (and Terminal) using the configuration mentioned above. (Cold Turkey prevents you from tampering with its files. If you want to additional protection to Cold Turkey, check out fapsecure which will be discussed later in this post) Best way to lock Cold Turkey's blocks: Does not work anymore. I will need to update it. This method is possible because Cold Turkey allows you to lock blocks for a period of time from Terminal. Example: "/Applications/Cold Turkey Blocker.app/Contents/MacOS/Cold Turkey Blocker" -start "Bad Sites" -lock 720 This will lock the block named *Block Bad sites for 720 minutes (12 hours). Now we need to execute this command automatically when your mac starts and to reset it to 12 hours (e.x. every 2hours). This could be easily done using launchctl. Download this plist: https://www.mediafire.com/file/sym9b6mddddjwgg/com.cold.redo.plist/file Keep it in your downloads folder and open it using text edit. You'll find this: <string>sleep 21; "/Applications/Cold Turkey Blocker.app/Contents/MacOS/Cold Turkey Blocker" -start "dontdeleteme" -lock 720; "/Applications/Cold Turkey Blocker.app/Contents/MacOS/Cold Turkey Blocker" -start "Safari macOS" -lock 720; "/Applications/Cold Turkey Blocker.app/Contents/MacOS/Cold Turkey Blocker" -start "Bad Sites" -lock 720;</string> These are several commands separated by semicolons ( ; ) in a single line. You can only put one liners in plist files. If you want to add more blocks, just add a semicolon and put your command. Explanation: The sleep command is essential to give time for cold turkey to start up. The first command is important because for some reason Cold Turkey occasionally ignores the first command in the script. You'll also find this: <key>StartInterval</key> <integer>3600</integer> This will re-execute the command every 3600 seconds (1 hours). Make the changes that you want, then execute the following: 1-Copy the plist from the downloads to /Library/LaunchAgents: sudo cp ~/Downloads/com.cold.redo.plist /Library/LaunchAgents/com.cold.redo.plist 2-Load the plist: launchctl load -w /Library/LaunchAgents/com.cold.redo.plist As long as this plist is loaded, the blocks will be locked for 12 hours every time you start your mac. It will be reset to 12 hours every 2 hours. You could add blocked items to locked blocks but you can't remove anything while locked. If you want to unlock the block: -Unload the plist: launchctl unload -w /Library/LaunchAgents/com.cold.redo.plist sudo rm /Library/LaunchAgents/com.cold.redo.plist -The lock will be unlocked automatically after 12 hours If you want to make any changes to the plist file, unload it, then start from the beginning by editing the plist in the downloads folder. ----- Hint: to block the google images search add this: *tbm=isch* to block the google videos search add this: *tbm=vid* (Create a new block and add those keywords, don't add them to the block I uploaded in this thread. It won't work) -Pluckeye Spoiler This is one of the best blockers for macOS. https://forum.nofap.com/index.php?threads/pluckeye.300403/ On Big Sur and later versions of macOS, the system feature does not work which means that pluckeye won't be able to block unsupported browsers and other apps from accessing the internet. Other apps in this post will perform this function. I highly recommend pluckeye even for Big Sur and later versions. -macOS filtering profile: Spoiler The Default removal password of the profile is nofap Edit the profile and change the password then use lockbox.pluckeye.net to save the password: https://ibb.co/fv19C1R You can modify everything in the profile using TextEdit such as the DNS used by browsers or the system. Make sure you change the default removal password which is nofap to a random password and save the password on lockbox.pluckeye.net -Download: https://github.com/John889/macOS_filtering_profile/archive/refs/heads/main.zip Features: -System DNS: set to CleanBrowsing Family. Cleanbrowsing family blocks reddit and enables Youtube restricted mode. Check out how to fix that below using the hosts file. -Chromium browsers(Chrome, Brave, Vivaldi): Enforces Leechblock extension Browser DNS set to Cleanbrowsing family Enables built-in porn blocker + Search engine safe search. Blocks: incognito, private windows, Guest accounts, new accounts, installing external extensions, VPN/proxy extensions, Tor on Brave. -Firefox: Enforces Leechblock and SafeSearch Enforcer extensions, disables private browsing, safe mode, profile switch, DNS set to Cleanbrowsing family -Safari: Enables the built-in porn blocker -Siri: Profanity filter ON. You can also completely block Siri. You can also block access to specific panes in "System Preferences". Editing instructions are included. (After you open the profile, you'll need to go to System Preferences>Profiles and click on install.) ---- Other extensions enforced by the profile: LeechBlock: This will be enforced only on firefox. Right click the extension>options. Copy everything in this link and paste it in the domains to be blocked: https://github.com/John889/blocklists/blob/main/leechblockkeywords * at the beginning of the list means filter all sites + means allow a domain ~ keyword(if no keywords are added and there is an asterisk in the first line, all sites will be blocked.) Select all days of the week: Sun Mon Tue Wed Thu Fri Sat Check "Immediately block pages on these sites once blocking conditions are met" The above Blockset only filters keywords. You can't block domains in this blockset. So, Just click on Blockset2 and add whatever sites you want to block. Then enable for all days of the week, etc. Go to General tab, check "Process only active tabs (improves performance when multiple tabs open)" Then set a password and save it lockbox.pluckeye.net Leechblock can slow down your browser as we are using keyword blocking. Make sure you don't keep many tabs open, just the ones you need and it the performance should be good. It filters all open tabs every second. If needed, you could block the chrome and the firefox store using pluckeye. Just block: addons.mozilla.org and chrome.google.com -Editing and locking the hosts file Spoiler The following hosts file will do the following by default: Enable Safe search on Google, Bing, duckduckgo & Yandex. Block other search engines. Allow access to reddit and twitter. (Edit the file if you want to block images and videos). Enable youtube normal (unrestricted) access. You could also block any site. 1-Download SwitchHosts: https://github.com/oldj/SwitchHosts/releases (.dmg is for macOS. M1 macs need the arm64 version) 2-Open SwitchHosts app, click the + button > local. Name it anything and save. 3-Copy all of the contents of this file (command+a then command+c) https://raw.githubusercontent.com/John889/blocklists/main/hosts.txt 4-Paste it in the new hosts that you've just created (command+v). Then activate the hosts using the switch button beside its name. You could edit this hosts as you wish. The instructions are present in the text. You could enable Youtube restricted mode, bock images on reddit and twitter, block any site that you want. If you want to lock your hosts file use fapsecure below. This is not recommended unless you have sufficiently tested your settings. You'll need to add this to fapsecure's protectedfiles.txt: /etc/hosts -Fapsecure for macOS Spoiler Can only be removed if you have its password, or you'll have to wait for 4 hours. *Includes an app blocker that could be used to block any apps you want.(Instructions in "How to use.txt") *Includes a file protector that could be used to protect any file, folder or app. *Blocks unsafe browsers like Tor and many others automatically. *Enforces safe search on Google, Bing, Yandex. *Blocks tons of porn sites and proxies permanently. It can enforce a DNS on all the versions on macOS, not just Big Sur. Disables Screen Time "Ignore Limit" & "One more minute" buttons. By default, it changes your DNS server to Cleanbrowsing Family that blocks bad sites. Update: Now, you could use any dns server you want (IPv4 or IPv6) Cleanbrowsing Family DNS features: https://cleanbrowsing.org/filters 1-Download "fapsecure.zip": https://github.com/John889/fapsecure-macos/raw/main/Fapsecure.zip 2- Open Fapsecure.zip (it should be in "Downloads"). This will extract it and a folder called "Fapsecure" will appear in your Downloads. 3-Copy the "fapsecure" folder to your Desktop. This is not optional. 4-For the rest of instructions open "How to use.txt" in fapsecure's folder -Using macOS Screen Time to block apps: Spoiler Requires Catalina or later versions of macOS. Located in Screen Preferences>Screen Time Normally, you can't lock Screen Time settings for an admin account. But you'll now see how it is done using Fapsecure. Hint: Don't make your mac a prison or you'll keep looking for ways to bypass the blockers. Turning it into an app lock: A)Turn on "App Limits" and select all the bad apps that can cause you to relapse into a new single app limit. Set the time to 1 min, which is the minimum. This option is recommended if you have all the bad apps downloaded on your mac. OR B)Downtime: The more extreme way. Not recommended except for tech savvy addicts. Blocks all apps even newly downloaded ones except for apps in the Always Allowed list. Go to "Always Allow" and select all apps (even if you don't use them) except the actual harmful apps. If you don't know what an app does, just keep it allowed. If you go too strict, you will end up removing the restrictions. Make sure you have downloaded all apps you need. DownTime will make Safari painful to use. Schedule: 6:00 AM to 5:59 AM You'll notice that when an app is blocked you can just click on ignore limits and allow the app. Fapsecure (discussed next) can block this button, if you add this to the blocked apps: ScreenTimeViewService Finally, you have to lock the Screen Time (to lock the settings) and "Users and Groups" panes (to prevent creating new users) using Fapsecure by blocking: com.apple.preference.screentime.remoteservice com.apple.preferences.users.remoteservice Fapsecure will also automatically prevent creating new users from CLI. If you open a blocked app, you'll have to right click its icon in Dock > Quit. Or terminate it by clicking command+option+esc Password protecting the recovery mode (Command -R) & Single user mode (Command -S)(optional): Spoiler If you have no idea what this is then do not proceed. THIS IS VERY RISKY. THIS PASSWORD HAS TO BE WRITTEN DOWN + TYPED & SAVED SOMEWHERE https://support.apple.com/en-us/HT204455#:~:text=a firmware password-,Start up from macOS Recovery: Press and hold Command (⌘,Enter the firmware password. History Spoiler Enforcing a DNS server: If you're on macOS Big Sur or later, you could use profiles to enforce a DNS. The following profile enforces Cleanbrowsing family DNS (DNS over HTTPS). The major downside of the family DNS is that it enforces youtube restricted mode (no comments, blocks some safe videos). It also blocks reddit completely. If you want to allow access to reddit and unrestricted YT, you could use fapsecure (discussed next). EDIT: The DNS payload has been included in the macos filtering profile discussed earlier. -Enabling the built-in filter MacOS already has a built-in web filter. Normally, it could be enabled only on non-admin accounts. But this Profile will allow us to use it on admin accounts: EDIT: I added the built-in filter payload to the macOS filtering profile mentioned above. I have to mention that it works best with Safari, it also works with other browsers but many bad sites will pass through. Its main advantage is that it is system wide. I've added the following sites to the exclusions: https://Nofap.com/ https://Yourbrainrebalanced.com/ https://rebootnation.org/ They must be in this format: https://site.com/ The only way to add exclusions is by editing the mobileconfig file then reinstalling it. You'll need the password to overwrite the existing profile. Useless apps Spoiler 5-Sophos Download Sophos Home for Mac: https://my.sophos.com/en-us/download/ After you install it, do this: ONE: https://pasteboard.co/JwJ0mug.png TWO: https://pasteboard.co/JwJ3PwY.png Do NOT block "sex education" category as it will block nofap.com Now, click again on sophos icon and click "check for updates" THREE: Sign up for a new account. This is important to protect your settings with a password. Don't sign up using your email because you'll be able to change sophos settings and reset the account's password. You could sign up with a friend's email and let him check his inbox for the confirmation email. If you don't want to involve a friend, you can use a temporary email: https://temp-mail.org/en/ For the password, you could type a random password in TextEdit, ex:jfdadfsasjfasljlafjd. Then paste in the password field, you must not lose this password. I recommend you save both the email and the password on lockbox.pluckeye.net Again, do not lose the password or the e-mail address. Now, try clicking on Sophos>preferences. The webpage should ask you to login using your email and password. If it logs in automatically, it means you have to sign out: 1-Click on your email then "My account":https://pasteboard.co/JyHjKEP.png 2-Security>Settings:https://pasteboard.co/JyHk4pe.png 3-Sign out all users:https://pasteboard.co/JyHkrYv.png In the next steps we are going to prevent anyone from removing Sophos. Locking Sophos: Protect Sophos app using fapsecure (mentioned above) You need to install this profile to prevent access to Security & Privacy" from Security Preferences. This will prevent you from removing Sophos permissions: https://www.mediafire.com/file/m1tulw9r5fgcr9e/Lock+Security+&+Privacy+.mobileconfig/file Don't forget to edit the file with TextEdit and change the removal password. The default password is nofap That's it! 5-Forticlient Does not work on Big Sur. Official link for the latest 6.0.x version: https://filestore.fortinet.com/forticlient/downloads/FortiClientOnlineInstaller_6.0.dmg Setting up Forticlient for OS X (IMPORTANT): As I mentioned in the windows section above, the newer versions of Forticlient sets youtube to STRICT mode which makes youtube useless. So we'll have to edit forticlient settings: https://www.flickr.com/photos/[email protected]/49929387771/in/album-72157714433295158/ (Note that you might need to disconnect and reconnect to Wifi/Ethernet for forticlient to start working for the first time) Prevent removal of forticlient: Use fapsecure to prevent deletion of FortiClient files.