A guard that never watches
A strange thing about most content filters: to protect you from the internet, they ask you to route your entire life through their servers. We think that trade is wrong, so we refused it.
When you look at how most blocking apps work, you find one of two designs. Either your traffic is sent through the company's remote servers, where their machines decide what you may see, or the app watches your activity locally and reports home about it. Both designs have the same flaw. The thing protecting you is also, structurally, in a position to observe you.
For an app like GazeGuard the stakes are higher than usual. The whole point is that someone is working on a private struggle. The last thing that person needs is a log of their weakest moments sitting on somebody's server.
The design we chose
GazeGuard raises what Android calls a local VPN. The name is misleading, because nothing is sent to any VPN company. It is simply the mechanism Android provides for an app to stand at the phone's own doorway. The same approach is used by well respected open source tools like NetGuard and Blokada, and it means everything happens on the device in your hand.
Here is the entire flow, with nothing left out. When any app on the phone wants to reach a site, it first asks a simple question: where does this name live? That tiny lookup is the only thing GazeGuard touches. The question is checked against a list of more than 186,000 harmful, explicit, gambling and tracking sites, stored right on the phone. If the name is on the list, GazeGuard answers: that door does not exist. The app that asked simply cannot find the site. If the name is clean, the question passes through a family safe resolver, which adds a second, independent layer of protection and enforces safe search on the major search engines.
Your pages, your videos, your messages: none of it flows through GazeGuard, and none of it flows through us. There is no us to flow through. We do not run a server in the path at all.
What this buys you
- No history, anywhere. The app keeps no record of what was asked or what was blocked, and there is no server side to keep one either. Nothing exists to leak, subpoena or sell.
- No slowdown. Answering a name lookup on the device takes a fraction of a millisecond. Your actual traffic takes its normal route at its normal speed.
- It works offline. Because the list lives on the phone, blocking keeps working with the internet off. This is a founding rule of GazeGuard: protection must never depend on a connection, because a missing connection must never be a way around the guard.
- Nothing to trust but the code on your phone. You do not have to trust our uptime, our security practices, or our promises about logs. The architecture removes the question.
The honest fine print
We are plain about the edges too. The optional sign in exists only to keep your progress numbers, such as days guarded, synced if you change phones, and it stores nothing about your browsing because nothing about your browsing is ever collected. The app checks for an updated site list occasionally, which is a single anonymous file download. That is the complete list of things that ever touch the network.
A guard should stand at the door and look outward, not inward. That is the standard we hold ourselves to, and it is written into the architecture, not just this page.