iAntiSpy

The web is infested with annoying and intrusive ads, distributed tracking servers and other nasties. iAntiSpy blocks these and more. For example, if you're tired of being followed around by the same retargeted ads on websites you need iAntiSpy. If you're tired of a simple news site taking ages to load, you need iAntiSpy. If you're worried about your browsing habits being collected, collated and resold in bulk, you need iAntiSpy. Not convinced? See https://www.wired.com/story/track-location-with-mobile-ads-1000-dollars-study/ for more information on how ad servers track you.

iAntiSpy installs a system extension that scans DNS lookups before they leave your computer. If a request is to a known tracking, malware or phishing server's domain, iAntiSpy will respond that the domain does not even exist. This causes requests to fail quickly, silently and gracefully. All of this is done locally on your Mac before a lookup occurs over the network. Your information is safe, iAntiSpy does not actually know which domain you are requesting - all of our databases and the request itself is transformed using a one-way cryptographic hash function before processing. The only place the actual requested domain is stored is temporarily in memory, and only for the purpose of displaying the blocked alert & in the table that allows you to add it to the ignore list.

The Domain Name System (DNS) translates domain names to the numerical IP addresses needed for locating and identifying computer services. Think of it as the phonebook of the Internet. Whenever you browse the web your browser will perform many lookups to your DNS server. Usually websites contain tracking functionality loaded from known tracking and ad servers. When you visit websites your browser will use DNS to resolve the addresses of these and any other servers referenced from the website you're visiting.

Yes! For example, by simply visiting the Sydney Morning Herald's website in Safari iAntiSpy processed 82 requests and blocked 25*.
So just on that one site, we blocked about 30.5% of the usual DNS lookups, had the DNS lookups not been blocked, those servers would have responded with various bundles of tracking and analytics javascript, further slowing the browsing experience.
* tested with the 7 Dec 22 iAntiSpy databases.

There are 2 numbers on the main screen of iAntiSpy, and also in the system menu if you have that enabled. Requests processed means the number of DNS lookups iAntiSpy has scanned before they had a chance to leave your computer. Requests blocked are all the requests we blocked because they were to known tracking, ad, adware, malware or phishing servers (depending on your settings)

Click the blocked alert, then Allow in the window that appears. You can manage your allow list at any time by clicking the    icon, then "Manage Allow List".

Send an email to with the domain and your reasoning. e.g domain.xyz is hosting a CnC server or startive.com is a false positive.

The paid version supports further development and allows you to enable Enhanced Protection.
Enhanced Protection has several benefits:

Feature	Free	Enhanced
Database updates	Every month or so	Daily
Phishing / identity theft Protection	None	Updated daily
Encrypt DNS & block more malicious content	NO	YES
Customer Support	Basic	Priority

The correct way to activate or re-activate iAntiSpy depends on where you originally purchased it from:

• AppStore: click "Restore" on the payment page. Make sure you are signed in with the same Apple ID you purchased with.
• Our website: Click "Activate Now" then "Restore purchase" on the web page that loads.

For technical and other reasons the licensing between the App Store and the web version do not interoperate.
Please make sure you re-install iAntiSpy from the same place you purchased it from.

By using a system extension, we are able to protect every single application on your Mac. Any version of any browser and also any program or app you run. Did you know many apps now connect to various analytics servers and send data about your usage and your Mac every time you open them? Most malware connects to a control or update server to install other payloads and keep itself up-to-date. Browser extensions cannot protect you against these.

Most of the web is now encrypted, to decrypt and modify HTTPS sites we'd need to install a self-signed root certificate on your Mac and effectively perform a man-in-the-middle attack, decrypting, parsing, modifying and then re-encrypting the traffic. This is technically possible but opens your machine up to various serious dangers and attacks. In our opinion this should not be done.

Yes, iAntiSpy will still scan all lookups before they leave your computer.
We've most recently tested with a WireGuard based VPN (Proton) and found iAntiSpy to co-exist and work correctly with it.
iAntiSpy has also been tested with Cloudflare WARP and no incompatibilities were found.

Connecting via a VPN adds extra latency and minimal benefit apart from specific use cases, so have a think about why you're using the VPN.
Often by using a VPN you're simply moving the opportunity for metadata collection, traffic analysis and so on from your ISP to the VPN provider.
Most of the web is now encrypted and attackers aren't able to passively see the contents of your browsing.
In most cases on the modern web, you will get good coverage and might be better served by simply enabling the "Encrypt DNS traffic" setting in iAntiSpy. This will prevent snooping and tampering of your DNS traffic (which is the last main protocol that still operates in plaintext), without sending all data through a VPN. By enabling this setting your DNS queries will be sent using DoH to a fast and secure resolver.
Note: this setting enables our own implementation of DoH, which means it will work on all our supported versions of macOS.
Just as with the ad, malware and phish blocking functionality, encryption will only be active system-wide (applies to all apps and all browsers) while iAntiSpy is running and enabled. If you choose to have a VPN active, we generally recommend you turn off this setting while the VPN is on. Even if encrypt DNS is off in the app, iAntiSpy will still scan all outgoing DNS queries and block known tracking, ad, malware and phishing domains.

Cloudflare, Inc. is an American company that provides content delivery network services, cloud cybersecurity, DDoS mitigation, Domain Name Service, and ICANN-accredited domain registration services. Cloudflare's headquarters are in San Francisco, California. Cloudflare operates an encrypted public resolver which you may use with iAntiSpy. For more information on Cloudflare's resolver, including their privacy policy please see here.
Cloudflare is generally the fastest resolver, so it is the default selection if you simply turn on "Encrypt DNS" on the iAntiSpy settings page.

Mullvad is a VPN service based in Gothenburg, Sweden known for a strong emphasis on user privacy. Mullvad operates an encrypted public resolver which you may use with iAntiSpy. Mullvad is subject to Swedish privacy law. By selecting Mullvad, iAntiSpy will connect to Mullvad's extended server. The extended server also tries to block ads, trackers and malware with Mullvad's own blocklists. Mullvad has a "no-logging of user activity" policy. For more information on Mullvad's resolver, including their privacy policy please see here.
iAntiSpy is able to use the Mullvad resolver. You may enable this by clicking "Encrypted DNS Settings" from the settings page, then clicking on the Mullvad icon.

Quad9 is a Swiss public-benefit, not-for-profit foundation that aims to improve the privacy and security of Internet users. Quad9 operates an encrypted DNS resolver that aims to protect users from malware and phishing. Quad9 is headquartered in Zürich and is subject to Swiss privacy law. Quad9 does not retain or process the IP addresses of its users. For Quad9's privacy policy please see here.
iAntiSpy is able to use the Quad9 resolver. You may enable this by clicking "Encrypted DNS Settings" from the settings page, then clicking on the Quad9 icon.

You can confirm for yourself by using a network protocol analyzer, a good one is Wireshark.
With the iAntiSpy "Encrypt DNS traffic" option turned on:

• Open Wireshark and start a capture, usually on the WiFi interface "en0"
• In the filter section add udp.port==53
• Browse the web or open a Terminal window and type something like nslookup google.com
• Notice how no DNS traffic is being captured or displayed.
• Now disable the "Encrypt DNS traffic" option, clear your DNS cache and perform all the same steps, then watch all the requests in Wireshark!

Hint: clear your DNS cache with sudo dscacheutil -flushcache; sudo killall mDNSResponder
You can also use Wireshark to confirm that our privacy policy is accurate and we do not transmit your information or make unnecessary connections.

• macOS 10.15 or above, supports the latest Sonoma (we recommend at least macOS 11)
• Intel or Apple Silicon (M1, M2, M3, Pro, Max, Ultra etc)
• 8MB disk space

The correct way to load iAntiSpy depends on where you prefer to install it from:

• AppStore: visit the iAntiSpy AppStore page and click Download.
• Our website: Download and open iantispy.dmg and then drag the iAntiSpy icon to your Applications folder.

For technical reasons, iAntiSpy needs to be run from the Applications folder.

Updating the iAntiSpy app itself varies depending on where you installed it from:

• AppStore: visit the Updates section of the AppStore.
• Our website: click "Check for App Update..." on the iAntiSpy menubar

For free users, database updates are provided whenever there is a new version of the app. For paid users, database updates are provided automatically if the "check for database updates daily" option is enabled in the iAntiSpy settings screen. You may also check for database updates manually by clicking the "Update" link from the main screen.

iAntiSpy is self-contained. To uninstall, make sure it isn't currently running then simply drag it to the Trash.

We hope you don't, we'd be sorry to see you go!
If you'd like to cancel your Enhanced Protection subscription here's how:

• App Store - please see https://support.apple.com/en-au/HT202039 for instructions. Do this at least 24 hours before your renewal date.
• iAntiSpy.com - please send us an email from the same address you signed up with. Do this at least 48 hours before your renewal date.

If you have found a bug, first make sure you are running the latest version then send us:

• Your macOS version
• Your iAntiSpy version
• Whether your Mac has an Intel or Apple Silicon processor
• Did you install from iantispy.com or the App Store?
• Is encrypted DNS enabled? If yes, which service?
• The output from terminal command:

  systemextensionsctl list

To contact us please send an email to