Medium Accountability (Somewhat Technical)

iPhone

For those who can handle slightly technical tweaks on iOS, you can enhance content blocking by adding network filters and stricter device configurations on top of Screen Time:

• Use a Custom DNS Profile: By default, iPhone will use the DNS provided by whatever network it’s on. You can override this for Wi-Fi networks. Go to Settings > Wi-Fi, tap the “i” info button next to your Wi-Fi network, and select Configure DNS > Manual. Enter a known filtering DNS service (for example, OpenDNS FamilyShield addresses or Cloudflare Family). This will apply when you’re on that Wi-Fi. (Keep “Limit Adult Websites” enabled in Screen Time as well; the DNS provides an extra layer of blocking at the network level.) Keep in mind, this won’t cover cellular data – for that, you might install an app-based DNS filter as below.
• Always-On DNS Filter Apps: Consider using an app like AdGuard or Safe Surfer for iOS. These apps create a local VPN on the phone solely to enforce DNS filtering for all connections. For instance, AdGuard can be configured with a family-safe DNS (AdGuard has a built-in “Family Protection” DNS option). When enabled, it will block known adult domains across all browsers and apps. Safe Surfer is another free app that specifically targets pornographic content filtering via a VPN profile. Install the app, enable the filter, and it runs in the background (with a VPN icon) to intercept inappropriate domains.
• Strengthen Screen Time Settings: In addition to what was done in Light steps, you could set “Allowed Websites Only” mode and create a fairly broad allow-list covering only sites you trust. This is more technical because you have to manage the list of allowed sites, but it’s very robust – anything not on the list is blocked by Safari and other web views 🔗 support.apple.com. For an adult, this can be cumbersome (since you’d need to allow a lot of sites for normal browsing), but for a child it can be practical to allow, say, school websites and a few others only.
• Guided Access / Single-App Mode: If the situation calls for extreme measures (like a child’s device that should only use one app or educational sites), you can use iOS’s Guided Access feature to temporarily lock the device to a single app (like a homework app or a children’s browser) with a passcode. This isn’t a daily solution, but it’s technical control that ensures no other content is accessible during a session.
• Accountability Apps (Optional): You might also install an accountability app like Covenant Eyes or Accountable2You on the iPhone. These apps (paid services) use a VPN configuration to monitor web traffic and block known explicit sites. They are more complex to set up and do require a subscription, so we suggest them only if the free methods aren’t enough. For example, Covenant Eyes on iPhone can scan the screen for explicit images and report them to an accountability partner, providing a layer of oversight that pure blocking doesn’t.

By implementing a custom DNS or using a dedicated filtering app, you add a system-wide net that catches content Apple’s filters might miss. Remember, keep the Screen Time passcode protected with someone else’s help – that remains crucial. Medium-level steps ensure that even if one safeguard fails (say Apple’s list misses a site), the DNS filter or VPN filter will catch it, yielding more comprehensive coverage.

Android 

For Android users with some technical confidence, you can go beyond basic parental controls by editing network settings and using specialized apps:

• Private DNS (Android 9+): Modern Android versions allow setting a Private DNS for all connections. Go to Settings > Network & Internet > Advanced > Private DNS and select Private DNS provider hostname. Enter a hostname for a filtered DNS service. For example, you can use CleanBrowsing’s family filter by entering family-filter-dns.cleanbrowsing.org, or AdGuard’s family DNS with dns-family.adguard.com. This routes all DNS queries (Wi-Fi and mobile data) through that service with encryption, blocking adult sites at the DNS level (no separate app required). This is a one-time setup and applies phone-wide.
• Third-Party DNS Apps: If your Android version doesn’t support Private DNS or you prefer an app UI, consider apps like DNSChanger or Intra. You can input OpenDNS FamilyShield (208.67.222.123 and 208.67.220.123) or Cloudflare family DNS (1.1.1.3) in these apps. They create a local VPN to enforce those DNS settings, similar to the iOS approach. This will filter out adult domains on all browsers/apps.
• Hosts File Modification: For advanced users (rooted phones only), you can edit the Android hosts file to block specific domains by redirecting them to localhost. This is technical and requires root access. If your device is rooted, you can use a hosts editor or a tool like AdAway to merge a large porn-site blocklist into your hosts file. This will effectively make those sites unreachable on the device. However, rooting voids warranty and is not suitable for most users – proceed only if you know what you’re doing.
• NoRoot Firewall App: Use an app like NoRoot Firewall (available on Play Store) to block websites on all browsers. NoRoot Firewall lets you set up filter rules without root 🔗 techwiser.com 🔗 techwiser.com. For example, you can create a rule to deny access to a specific domain (or a keyword in URLs) on both Wi-Fi and cellular. This app acts as a local VPN and can be configured per website. It’s a bit technical to set up each site rule, but useful if there are a handful of sites you specifically want to block everywhere (in addition to general filters).
• Multiple Browsing Profiles: If you are moderately technical, consider using Firefox with a filtering add-on as the only browser (similar to the Linux advice). Firefox on Android supports extensions; you can install LeechBlock NG or BlockSite extension in Firefox to maintain a blocked list of sites. Then avoid using Chrome altogether (or keep it only for safe sites).
• App Lockers: As an accountability step, you could use an app locker to protect certain apps. For instance, lock down the Settings app or Play Store with a PIN (known only to a partner) so you can’t easily remove the Private DNS or uninstall filtering apps. Apps like AppLock can do this. It’s an extra safeguard if you fear you might try to disable the filters.

Combining these techniques can make an Android device quite resilient against inappropriate content. For example, Private DNS filtering will silently block porn sites system-wide, and an app like NoRoot Firewall can catch any specific sites or even block entire categories by IP or domain keyword. Remember to also keep basic things like SafeSearch enabled in Google and YouTube Restricted Mode on. At Medium level, all solutions mentioned are free. Just be sure to document any changes (like which DNS you used) in case you need to troubleshoot connectivity issues (some public Wi-Fi networks might block custom DNS – you can switch to automatic DNS temporarily if needed).

Windows 

Medium-level solutions on Windows involve customizing the system beyond the out-of-the-box Family Safety:

• Edit the Hosts File: Windows has a hosts file (C:\Windows\System32\drivers\etc\hosts) which can map hostnames to IP addresses. By adding entries for known adult sites and pointing them to 127.0.0.1 (localhost), you effectively block the system from reaching those sites 🔗 techwiser.com. For example, adding a line 127.0.0.1 www.example-porn-site.com will make that site inaccessible. This requires editing the file as Administrator. You can find pre-made lists of adult domains (like the Steven Black hosts list with porn filters) and copy those into your hosts file for a broad cover. Hosts-based blocking works across all browsers. However, maintaining a large hosts file can slow down DNS lookups slightly, and new sites won’t be on the list until you update it.
• Use OpenDNS or Alternate DNS at System Level: Instead of (or in addition to) the hosts file, change your Windows network settings to use a family-filtered DNS. Go to Network & Internet Settings, find your active connection (Ethernet/Wi-Fi), and edit the IPv4 DNS servers to OpenDNS FamilyShield (208.67.222.123 and 208.67.220.123) 🔗 windowsforum.com. This simple change means any attempt to visit a blocked site will be stopped by OpenDNS, which often shows a block page. This method is effective on all browsers and apps 🔗 windowsforum.com and doesn’t require installing software. It’s a one-time network setting tweak. (If you have multiple networks or if using both Ethernet and Wi-Fi, set it on each adapter.)
• Browser Extensions for Blocking: Install extensions on all browsers you use for an extra layer of filtering. For Chrome or Edge, the BlockSite extension can block categories (Adult category is blocked by default in free version 🔗 thewindowsclub.com) and specific URLs. You can protect the extension settings with a password so it’s harder to disable. On Firefox, you might use LeechBlock NG or FoxFilter. These extensions let you define blacklists and even keywords to block. For example, FoxFilter can dynamically scan pages and block those with pornographic content, not just by URL.
• Third-Party Web Filtering Software: There are free programs like Cold Turkey Blocker and K9 Web Protection (if you can still find the installer) that act as system-wide filters. Cold Turkey (Windows and Mac) allows you to block websites across all browsers by running a background service 🔗 thewindowsclub.com. You can schedule blocks or make them permanent. It also can block applications. K9 Web Protection was a popular free filter; it’s discontinued officially, but if acquired, it automatically blocks a broad range of adult sites and can enforce SafeSearch. Another modern option is Qustodio’s free plan which offers web filtering for one device 🔗 safetydetectives.com. You’d install Qustodio, set up the filtering profile (it can block porn sites and allow you to add specific blocks), and it runs continuously.
• User Account Control: As mentioned in the Light section, using a limited user account is key. For medium level, you might go further and use Windows’ built-in Local Group Policy (if on Pro edition) to enforce some rules. For example, you can use Group Policy to prevent access to Registry Editor (so the user cannot edit back the hosts file easily), or to disallow running certain applications (like an installer for another browser). These steps ensure that even if someone knows their way around Windows, they can’t easily remove the protections without the admin password.
• Apply Edge’s Strict Settings: Even if not using Family Safety, Microsoft Edge (and Chrome via extensions) have settings worth using: enable Strict SafeSearch in Bing/Google, turn on tracking prevention (to maybe catch porn ad domains), and consider using Edge’s built-in filter by logging into a family account. You could also create a scheduled task to regularly flush DNS cache (ipconfig /flushdns) so that if any site was recently resolved before you changed DNS/hosts, it clears out and picks up the new rules promptly.

At this level, none of these solutions cost money – they just take time to configure. The combination of a family-safe DNS and a well-curated hosts file is quite powerful: DNS will block most known adult domains by category 🔗 windowsforum.com, and the hosts file can cover any specific sites or act as a backup if DNS is changed. Extensions and software add redundancy and can filter content by analysis (which DNS/hosts cannot do). Be sure to keep the admin account secured, so the standard user (the one using the PC daily) cannot undo these changes on a whim.

Mac 

For macOS users willing to venture into Terminal or install third-party tools, you can bolster the basic Screen Time controls with network and system tweaks:

• Hosts File Blocking: Just like on Windows, macOS has a hosts file (/etc/hosts). You can edit it by opening Terminal and using a text editor with sudo (e.g., sudo nano /etc/hosts). Add entries for domains to block, mapping them to 127.0.0.1. A comprehensive approach is to use a pre-made list. For instance, you could fetch an updated hosts list that blocks porn sites (there are projects on GitHub for this) and append it to your hosts file. Once updated, flush the DNS cache (sudo dscacheutil -flushcache). This will null-route those domains for all apps.
• DNS-based Filtering: Change your Mac’s DNS settings to a service like OpenDNS FamilyShield or Cloudflare Family (1.1.1.3). On macOS, go to System Preferences > Network, select your active connection, click Advanced, then DNS tab. Add the filtered DNS IP addresses at the top of the list. Now, regardless of which browser or app you use, any attempt to reach a flagged site will be blocked at the DNS level 🔗 windowsforum.com.
• Third-Party App Filters: Install an app like SelfControl or Cold Turkey on the Mac. SelfControl is a free Mac app that lets you block a list of websites for a period of time you set (even if you reboot, you can’t access them until the timer ends). It’s more for productivity, but you could use it each day to block sites during all hours except maybe a small window – effectively making them inaccessible. Cold Turkey (mentioned in Windows section) also has a Mac version that can enforce blocks across browsers at the OS level, with scheduling and password protection.
• Firewall Rules: macOS has a built-in firewall (accessible in Security & Privacy settings) but it doesn’t easily let you block domains. Instead, you can use the underlying packet filter (pf). This is advanced: you would create a pf rules file that blocks traffic to certain IP ranges known for bad sites or even uses domain filtering through pf’s table feature. For example, one could generate a list of IPs for popular adult sites and add to pf block list. Given the complexity, a simpler route is to use a third-party firewall like Lulu (free, open-source). Lulu can alert on outgoing connections and you can create rules to block certain domains or apps from reaching the internet. You might run all web traffic through a proxy (like Privoxy) and use its filtering features as well (similar to Linux DansGuardian approach, but on Mac).
• Multiple User Profiles / Browsers: If multiple people use the Mac, set up separate user accounts with Screen Time limits individually. For a single user scenario, you can augment your main browser with filtering add-ons as described (installing something like BlockSite extension on Chrome or Porn Block Plus on Firefox). These aren’t foolproof, but add friction. Additionally, removing or locking down alternative browsers (maybe remove Chrome if you use Safari with filters, or vice versa) helps.
• Enforce Settings with Configuration Profiles: If you have access to Apple’s Configurator or an MDM, you can create a configuration profile that enforces Screen Time restrictions (like web content filter settings) and cannot be removed without a password. This is similar to what schools do for managed iPads. It’s quite technical, but an IT-savvy person could generate a custom .mobileconfig that, for example, always enables “Limit Adult Websites” and install it on the Mac. Once in place and if the device is marked supervised, the user cannot remove those restrictions.

By applying these medium-level methods on Mac, you achieve a layered defense. For instance, combining Screen Time limits, DNS filtering, and an app like Cold Turkey means a website has to escape multiple barriers to load: if it’s not caught by Screen Time’s list, the DNS might block it; if DNS doesn’t, Cold Turkey will intercept it. Meanwhile, the hosts file and pf firewall can serve as a safety net if someone tries to use the IP address directly or a non-standard app. All this can be done at no monetary cost. Just remember to keep track of your changes (like backing up the original hosts file, etc.) in case you need to undo something.