The web is infested with annoying and intrusive ads, distributed tracking servers and other nasties.
iAntiSpy blocks these and more.
For example, if you're tired of being followed around by the same retargeted ads on websites you need iAntiSpy.
If you're tired of a simple news site taking ages to load, you need iAntiSpy.
If you're worried about your browsing habits being collected, collated and resold in bulk, you need iAntiSpy.
Not convinced? See https://www.wired.com/story/track-location-with-mobile-ads-1000-dollars-study/ for more information on how ad servers track you.
How does iAntiSpy work?
iAntiSpy installs a system extension that scans DNS lookups before they leave your computer.
If a request is to a known tracking, malware or phishing server's domain, iAntiSpy will respond that the domain does not even exist.
This causes requests to fail quickly, silently and gracefully.
All of this is done locally on your Mac before a lookup occurs over the network.
Your information is safe, iAntiSpy does not actually know which domain you are requesting -
all of our databases and the request itself is transformed using a one-way cryptographic hash function before processing.
The only place the actual requested domain is stored is temporarily in memory, and only for the purpose of displaying the blocked
alert & in the table that allows you to add it to the ignore list.
What is a DNS lookup?
The Domain Name System (DNS) translates domain names to the numerical IP addresses needed for locating and identifying computer services.
Think of it as the phonebook of the Internet. Whenever you browse the web your browser will perform many lookups to your DNS server.
Usually websites contain tracking functionality loaded from known tracking and ad servers.
When you visit websites your browser will use DNS to resolve the addresses of these and any other servers referenced from the website you're visiting.
Will iAntiSpy speed up my browsing?
Yes! For example, by simply visiting the Sydney Morning Herald's website in Safari iAntiSpy processed 82 requests and blocked 25*.
So just on that one site, we blocked about 30.5% of the usual DNS lookups, had the DNS lookups not been blocked,
* tested with the 7 Dec 22 iAntiSpy databases.
What do the numbers mean?
There are 2 numbers on the main screen of iAntiSpy, and also in the system menu if you have that enabled.
Requests processed means the number of DNS lookups iAntiSpy has scanned before they had a chance to leave your computer.
Requests blocked are all the requests we blocked because they were to known tracking, ad, adware,
malware or phishing servers (depending on your settings)
How do I unblock something you're blocking?
Click the blocked alert, then Allow in the window that appears.
You can manage your allow list at any time by clicking the icon, then "Manage Allow List".
I want a domain added or removed from your databases/blocklists
Send an email to with the domain and your reasoning.
e.g domain.xyz is hosting a CnC server or startive.com is a false positive.
Why should I upgrade to the paid version?
The paid version supports further development and allows you to enable Enhanced Protection.
Enhanced Protection has several benefits:
Every month or so
Phishing / identity theft Protection
Encrypt DNS & block more malicious content
Gotten a new Mac, need to activate
The correct way to activate or re-activate iAntiSpy depends on where you originally purchased it from:
AppStore: click "Restore" on the payment page. Make sure you are signed in with the same Apple ID you purchased with.
Our website: Click "Activate Now" then "Restore purchase" on the web page that loads.
For technical and other reasons the licensing between the App Store and the web version do not interoperate.
Please make sure you re-install iAntiSpy from the same place you purchased it from.
Why don't you make browser extensions?
By using a system extension, we are able to protect every single application on your Mac.
Any version of any browser and also any program or app you run.
Did you know many apps now connect to various analytics servers and send data about your usage and your Mac every time you open them?
Most malware connects to a control or update server to install other payloads and keep itself up-to-date.
Browser extensions cannot protect you against these.
Why don't you inspect and filter web traffic content?
Most of the web is now encrypted, to decrypt and modify HTTPS sites we'd need to install a self-signed
root certificate on your Mac and effectively perform a man-in-the-middle attack, decrypting, parsing,
modifying and then re-encrypting the traffic.
This is technically possible but opens your machine up to various serious dangers and attacks.
In our opinion this should not be done.
Does iAntiSpy work if I have a VPN?
Yes, iAntiSpy will still scan all lookups before they leave your computer.
We've most recently tested with a WireGuard based VPN (Proton) and found iAntiSpy to co-exist and work correctly with it.
Notes about VPNs
Connecting via a VPN adds extra latency and minimal benefit apart from specific use cases, so have a think about why you're using the VPN.
Often by using a VPN you're simply moving the opportunity for metadata collection, traffic analysis and so on from your ISP to the VPN provider.
Most of the web is now encrypted and attackers aren't able to passively see the contents of your browsing. In most cases on the modern web, you will get good coverage and be better served by simply enabling the "Encrypt DNS traffic" setting in iAntiSpy. This will prevent snooping and tampering of your DNS traffic (which is the last main protocol that still operates in plaintext), without sending all data through a VPN.
By enabling this setting your DNS queries will be sent using DoH to a fast and secure resolver. For more information, please see here. Note: this setting enables our own implementation of DoH, which means it will work on all our supported versions of macOS. Just as with the ad, malware and phish blocking functionality, encryption will only be active while iAntiSpy is running and enabled.
How do I know you're encrypting my requests?
You can confirm for yourself by using a network protocol analyzer, a good one is Wireshark.
With the iAntiSpy "Encrypt DNS traffic" option turned on:
Open Wireshark and start a capture, usually on the WiFi interface "en0"
In the filter section add udp.port==53
Browse the web or open a Terminal window and type something like nslookup google.com
Notice how no DNS traffic is being captured or displayed.
Now disable the "Encrypt DNS traffic" option, clear your DNS cache and perform all the same steps, then watch all the requests in Wireshark!
Hint: clear your DNS cache with sudo dscacheutil -flushcache; sudo killall mDNSResponder
macOS 10.15 or above, supports the latest Ventura (we recommend at least macOS 11)
Intel or Apple Silicon (M1, M2, Pro, Max, Ultra etc)
8MB disk space
The correct way to load iAntiSpy depends on where you prefer to install it from:
AppStore: visit the iAntiSpy AppStore page and click Download.
Our website: Download and open iantispy.dmg and then drag the iAntiSpy icon to your Applications folder.
For technical reasons, iAntiSpy needs to be run from the Applications folder.
Updating the iAntiSpy app itself varies depending on where you installed it from:
AppStore: visit the Updates section of the AppStore.
Our website: click "Check for App Update..." on the iAntiSpy menubar
For free users, database updates are provided whenever there is a new version of the app.
For paid users, database updates are provided automatically if the "check for database updates daily" option is enabled in the iAntiSpy settings screen. You may also check for database updates manually by clicking the "Update" link from the main screen.
iAntiSpy is self-contained. To uninstall, make sure it isn't currently running then simply drag it to the Trash.
Cancelling Enhanced Protection
We hope you don't, we'd be sorry to see you go! If you'd like to cancel your Enhanced Protection subscription here's how: