Algo: Interactive firewall (LittleSnitch-like functionality on iOS)

Created on 17 May 2019  Â·  5Comments  Â·  Source: trailofbits/algo

Is your feature request related to a problem? Please describe.
Algo is awesome. Algo with Adblockers is even more powerful!

On macOS, I'm using Algo + LittleSnitch and that helps me to prevent apps from making unnecessary/unwanted requests, like blocking a lot of ** connections that the Chrome browser tries to establish (I have to use Chrome from time to time, unfortunately).

On iOS, this kind of 'low-level' control doesn't exist, so the question is:
is it possible to implement a LittleSnitch-like functionality for iOS?


Describe the solution you'd like
— An additional iOS app (that doesn't require a Jailbreak), like WireGuard?

How it works:

  1. _Client-side_: An app makes a request, it's bypassed through Algo;
  2. Branching:
    2.a. _Server-side_: if Algo knows that a requested address is already allowed/white-listed, connection is granted and data is transmitted as intended; _(end of flow)_
    2.b. _Server-side_: if Algo sees that a requested address is new, a PUSH notification is sent to a
    requesting device and meanwhile the incoming request is put on hold, while a user makes a decision whether to ALLOW to DECLINE this request/domain/exact address (the same way LittleSnitch works).
  3. _Client-side_: A PUSH notification is received. A user opens the AlgoWirefall (name it) app and sees all pending requests and makes decisions. Decisions are transmitted back to the server and based on this input, Algo approves or declines connections that were put on hold.

decide-immediately@2x

If the explanation is not clear, I can come up with a flow\digram visualization.

PS.: I'm a huge fan of guidelines and design systems, particularly iOS, and I absolutely love the way WireGuard is designed: native, simple and it just works; so I could help to design a native(-looking) iOS app or design it from scratch alone as POC.


Describe alternatives you've considered
There're no available options, unless you have a jailbreak.

UPD: @TC1977 mentioned The first smart firewall for iOS (closed beta). Announcement on TechCrunch


Additional context
LittleSnitch (macOS) — wikipedia.org/Little_Snitch

If anything is missing, just let me know — I'll attach any required/missing information.

All 5 comments

Something like this?

@TC1977 , yeah, like this; but as an extension of Algo.

Thanks for the link!

None of this can be done with Algo on iOS, sorry.

@jackivanov , could you pls elaborate on that matter? What COULD BE potentially done to achieve this? Or maybe any other information?

I know that iOS application has to be developer separately, but what needs to be done on the server side? Who's the bottleneck or show stopper?

Btw, can you pls re-open this issue, maybe that's gonna resonate with other people? You basically didn't even give a chance for this topic to attract some attention.

@inlinecoder Please keep in mind Algo is a set of Ansible scripts to automate the process of installing VPN software onto an Ubuntu server. There isn't any content filtering other than using the DNS server to block ads. It isn't an iOS app at all, or even close. At the most it could help you with setting up some of your server infrastructure, _after_ you've developed your iOS app and server-side filtering software.

I'm not saying it's not a good idea, it's just _way_ outside the scope of this project as far as I can tell (and I have no affiliation with ToB whatsoever).

Was this page helpful?
0 / 5 - 0 ratings

Related issues

dguido picture dguido  Â·  4Comments

postmodern picture postmodern  Â·  5Comments

dguido picture dguido  Â·  3Comments

dmwyatt picture dmwyatt  Â·  3Comments

baimafeima picture baimafeima  Â·  5Comments