Introducing Guardian Firewall for iOS

Saw this posted yesterday and thought it was worth a share.

we are not just a firewall app. we are the first reasonably well-funded commercial entity with full-time staff dedicated to finding, exposing, and eradicating surreptitious collection of personal data. - https://mobile.twitter.com/chronic/status/1138588869358522374

…we are working towards a broader set of goals: Make surveillance capitalism an untenable business model. Degrade the quality of shadow profiles maintained on every user of an internet connected device. Methodically expose every bad actor we can find. The electronic devices you bought and own should not be snitching on you at regular intervals. Something has gone very wrong, and the course must be corrected to prevent pervasive data collection from becoming an acceptable norm. It’s time for war. No stone will be left unturned.

https://guardianapp.com/blog/2019/06/introducing-guardian-firewall-for-ios/

1 Like

Hmm, I thought this was by the Guardian Project for a sec, that seems misleading.

The cost is $9.99/month (or $99.99 per year) for VPN + Firewall capabilities. VPN-only service will be available at no cost.

This seems strange, seems like it should be the other way around. I’ve read this announcement a couple times and it sounds like all the firewall magic is happening on their servers, not locally on your device. So this is basically just another VPN. I don’t know how I feel about this.

2 Likes

Yeah, also how Sudo Security Group is marketing this as the “first firewall for iOS” sounds a bit misleading… it seems like–as you say–a glorified VPN with a type of nextdns/Pi-hole setup for tracker blocking. But I do like their privacy stance though and how they say they treat user data as a liability.

2 Likes

I’ll wait and probably try it out when it releases before I judge it, but yeah it does sound pretty much exactly like what nextdns.io is offering except with a full VPN package included. But again my problem with nextdns is that they are getting all your data and you just have to trust that, and I’m not convinced that’s the greatest solution.

Additionally their claim that local proxies that do firewalling/blocking on-device is inferior to their solution makes 0 sense to me. Intuitively, making a VPN connection to a remote server seems like it would use more power than the extra computation required for on-device stuff. So I guess I’d like to test out how the power consumption is with this app compared to something like AdGuard Pro.

1 Like

@jonah Your assessment if the design looks correct:

The Guardian Firewall app has been designed to simply act as a client for remotely hosted VPN servers running custom fully-featured firewall software

They also claim to not need to inspect the actual packets to determine the data type being sent to determine whether it should be blocked. They do of course know the IP of the packet destination so that is certainly part if the firewall decision process but they claim to not do deep packet inspection:

Screening app traffic in a preliminary manner so that we know what it will look like adds an attractive privacy benefit: We can inform users with reasonably high confidence what types of data present in connections we blocked, without actually needing to analyze content from the network packets as they flow through the firewall.

They also say they don’t track who paid for the app because by purchasing through the Apple Store they simply know that the app HAS been paid for, but not by which account. I believe this is true, because I have just started working on a project doing this exact thing- verifying app payment from Apple, who sends you a receipt for a paid app which only has information about payment status, app version paid for and any expiration dates.

Our lack of information collection may raise an important question: How are we are able to differentiate between a free and a paying user? Well, the only information we need to know is if the user sent us a payment. This allows us to simply use a digital receipt, which is generated on your phone when you make a purchase in the app, as your “all access pass” to our VPN servers and their corresponding APIs.