iAntiSpy

Frequently Asked Questions

Last updated: 11 January 2023
 
 

Why do I need iAntiSpy?

The web is infested with annoying and intrusive ads, distributed tracking servers and other nasties. iAntiSpy blocks these and more. For example, if you're tired of being followed around by the same retargeted ads on websites you need iAntiSpy. If you're tired of a simple news site taking ages to load, you need iAntiSpy. If you're worried about your browsing habits being collected, collated and resold in bulk, you need iAntiSpy. Not convinced? See https://www.wired.com/story/track-location-with-mobile-ads-1000-dollars-study/ for more information on how ad servers track you.
 

How does iAntiSpy work?

iAntiSpy installs a system extension that scans DNS lookups before they leave your computer. If a request is to a known tracking, malware or phishing server's domain, iAntiSpy will respond that the domain does not even exist. This causes requests to fail quickly, silently and gracefully. All of this is done locally on your Mac before a lookup occurs over the network. Your information is safe, iAntiSpy does not actually know which domain you are requesting - all of our databases and the request itself is transformed using a one-way cryptographic hash function before processing. The only place the actual requested domain is stored is temporarily in memory, and only for the purpose of displaying the blocked alert & in the table that allows you to add it to the ignore list.
 

What is a DNS lookup?

The Domain Name System (DNS) translates domain names to the numerical IP addresses needed for locating and identifying computer services. Think of it as the phonebook of the Internet. Whenever you browse the web your browser will perform many lookups to your DNS server. Usually websites contain tracking functionality loaded from known tracking and ad servers. When you visit websites your browser will use DNS to resolve the addresses of these and any other servers referenced from the website you're visiting.
 

Will iAntiSpy speed up my browsing?

Yes! For example, by simply visiting the Sydney Morning Herald's website in Safari iAntiSpy processed 82 requests and blocked 25*.
So just on that one site, we blocked about 30.5% of the usual DNS lookups, had the DNS lookups not been blocked, those servers would have responded with various bundles of tracking and analytics javascript, further slowing the browsing experience.
* tested with the 7 Dec 22 iAntiSpy databases.
 

What do the numbers mean?

There are 2 numbers on the main screen of iAntiSpy, and also in the system menu if you have that enabled. Requests processed means the number of DNS lookups iAntiSpy has scanned before they had a chance to leave your computer. Requests blocked are all the requests we blocked because they were to known tracking, ad, adware, malware or phishing servers (depending on your settings)
 

How do I unblock something you're blocking?

Click the blocked alert, then Allow in the window that appears. You can manage your allow list at any time by clicking the    icon, then "Manage Allow List".
 

I want a domain added or removed from your databases/blocklists

Send an email to with the domain and your reasoning. e.g domain.xyz is hosting a CnC server or startive.com is a false positive.
 

Why should I upgrade to the paid version?

The paid version supports further development and allows you to enable Enhanced Protection.
Enhanced Protection has several benefits:

Feature

Free

Enhanced

Database updates Every month or so Daily
Phishing / identity theft Protection None Updated daily
Encrypt DNS & block more malicious content NO YES
Customer Support Basic Priority

 

Gotten a new Mac, need to activate

The correct way to activate or re-activate iAntiSpy depends on where you originally purchased it from:
  • AppStore: click "Restore" on the payment page. Make sure you are signed in with the same Apple ID you purchased with.
  • Our website: Click "Activate Now" then "Restore purchase" on the web page that loads.
For technical and other reasons the licensing between the App Store and the web version do not interoperate.
Please make sure you re-install iAntiSpy from the same place you purchased it from.
 

Why don't you make browser extensions?

By using a system extension, we are able to protect every single application on your Mac. Any version of any browser and also any program or app you run. Did you know many apps now connect to various analytics servers and send data about your usage and your Mac every time you open them? Most malware connects to a control or update server to install other payloads and keep itself up-to-date. Browser extensions cannot protect you against these.
 

Why don't you inspect and filter web traffic content?

Most of the web is now encrypted, to decrypt and modify HTTPS sites we'd need to install a self-signed root certificate on your Mac and effectively perform a man-in-the-middle attack, decrypting, parsing, modifying and then re-encrypting the traffic. This is technically possible but opens your machine up to various serious dangers and attacks. In our opinion this should not be done.
 

Does iAntiSpy work if I have a VPN?

Yes, iAntiSpy will still scan all lookups before they leave your computer.
We've most recently tested with a WireGuard based VPN (Proton) and found iAntiSpy to co-exist and work correctly with it.
 

Notes about VPNs

Connecting via a VPN adds extra latency and minimal benefit apart from specific use cases, so have a think about why you're using the VPN.
Often by using a VPN you're simply moving the opportunity for metadata collection, traffic analysis and so on from your ISP to the VPN provider.
Most of the web is now encrypted and attackers aren't able to passively see the contents of your browsing.
In most cases on the modern web, you will get good coverage and be better served by simply enabling the "Encrypt DNS traffic" setting in iAntiSpy. This will prevent snooping and tampering of your DNS traffic (which is the last main protocol that still operates in plaintext), without sending all data through a VPN. By enabling this setting your DNS queries will be sent using DoH to a fast and secure resolver. For more information, please see here.
Note: this setting enables our own implementation of DoH, which means it will work on all our supported versions of macOS.
Just as with the ad, malware and phish blocking functionality, encryption will only be active while iAntiSpy is running and enabled.
 

How do I know you're encrypting my requests?

You can confirm for yourself by using a network protocol analyzer, a good one is Wireshark.
With the iAntiSpy "Encrypt DNS traffic" option turned on:
  • Open Wireshark and start a capture, usually on the WiFi interface "en0"
  • In the filter section add udp.port==53
  • Browse the web or open a Terminal window and type something like nslookup google.com
  • Notice how no DNS traffic is being captured or displayed.
  • Now disable the "Encrypt DNS traffic" option, clear your DNS cache and perform all the same steps, then watch all the requests in Wireshark!
Hint: clear your DNS cache with sudo dscacheutil -flushcache; sudo killall mDNSResponder
You can also use Wireshark to confirm that our privacy policy is accurate and we do not transmit your information or make unnecessary connections.
 

System Requirements

  • macOS 10.15 or above, supports the latest Ventura (we recommend at least macOS 11)
  • Intel or Apple Silicon (M1, M2, Pro, Max, Ultra etc)
  • 8MB disk space
 

Installing

The correct way to load iAntiSpy depends on where you prefer to install it from:
  • AppStore: visit the iAntiSpy AppStore page and click Download.
  • Our website: Download and open iantispy.dmg and then drag the iAntiSpy icon to your Applications folder.
For technical reasons, iAntiSpy needs to be run from the Applications folder.
 

Updating

Updating the iAntiSpy app itself varies depending on where you installed it from:
  • AppStore: visit the Updates section of the AppStore.
  • Our website: click "Check for App Update..." on the iAntiSpy menubar
For free users, database updates are provided whenever there is a new version of the app. For paid users, database updates are provided automatically if the "check for database updates daily" option is enabled in the iAntiSpy settings screen. You may also check for database updates manually by clicking the "Update" link from the main screen.
 

Uninstalling

iAntiSpy is self-contained. To uninstall, make sure it isn't currently running then simply drag it to the Trash.
 

Cancelling Enhanced Protection

We hope you don't, we'd be sorry to see you go!
If you'd like to cancel your Enhanced Protection subscription here's how:
  • App Store - please see https://support.apple.com/en-au/HT202039 for instructions. Do this at least 24 hours before your renewal date.
  • iAntiSpy.com - please send us an email from the same address you signed up with. Do this at least 48 hours before your renewal date.
 

Troubleshooting

If you have found a bug, first make sure you are running the latest version then send us:
  • Your macOS version
  • Your iAntiSpy version
  • Whether your Mac has an Intel or Apple Silicon processor
  • Did you install from iantispy.com or the App Store?
  • The output from terminal command:
    systemextensionsctl list
 

Contact Us

To contact us please send an email to