Is this possible on any modern day phone or tablet? Selfhosting as made me very privacy-consciouss and am concerned about my iphone.
Yes. Firewalls.
With an iPhone, however, you are screwed. Apple won’t let you do what you are looking for.
deleted by creator
On all networks, or just when on your home network?
This is a good question. On your home network, that’s pretty easy. On other networks, setting up a VPN that tunnels to your network seems like it should work.
Oh true! What an obvious answer. I could run it to my home adguard via tailscale. What about gps though…
GPS is kind of a tossup since your cellular provider can just as easily triangulate your position with their towers, and there is no escaping that outside of putting your phone in a faraday cage.
Good point. Wish there was a way to have a device that could only access my selfhosted applications then totally block all other tracking. I did the vpn route just now. Thanks for that tip!
If route all data through VPN and drop the unwanted packages in the firewall at home, you achieve this. But apple is a bitch and ignore VPN (and even DNS) for own domains.
Cell tracking is external to the phone. It’s done by the towers - they know signal strength, and by using known tables of that data, cell providers know pretty accurately where your phone is.
To block this you’d need a device that lacks any cellular technology whatsoever. Wifi only.
And that has the same issues, especially with companies like Comcast/Xfiniti using their cable modems to track all the devices around them, even if you don’t connect to them.
I guess foreign wifi or data. I have a router with adguard at home and work.
Take a look at “Rethink: DNS + firewall + VPN”. It is available through FDroid
I want something that does all that and blocks trackers as well, which is what I use DDG for.
Guarantee? You’d have to open it up and disable the cellular radio. The OS can override any settings you make.
More than just the cellular radio.
https://www.theregister.com/2023/04/27/qualcomm_covert_operating_system_claim/
I think this was built into the SOC itself, or the GPS module, but it runs 100% independently of your OS, even on custom firmware.
Maybe I’m being stupid but a trivial way to ensure this is just don’t connect it to the Internet in any way. No SIM card. Cut it off from the Internet after setup, and only connect to a LAN with your chosen services all physically isolated from any internet machines.
deleted by creator
The answer is mTLS.
But you will run into the key distribution problem. But if your number of devices is manageable, it could be the solution
Could you expand a little please? I read this https://www.cloudflare.com/learning/access-management/what-is-mutual-tls/
It seems this is mainly for reaching the server securely not blocking others, right?
You create a (self-signed) CA certificate, put its certificate as the client ca in your web server.
Then you can create certificates using this CA that you distribute to your devices, only devices that have a certificate signed by your CA are allowed to connect.
I have an iPhone and a gl.inet gl-e750 portable cell router, and my SIM card stays in the router. I don’t actually restrict my phone the way you’re talking about, but this gives me vpn to my home network without needing the vpn running on each client device. And if I wanted to block connections to big tech company services, I could do that.
On iPhones and iPads there are several technologies available for monitoring and filtering network traffic. Filter network traffic from the Apple Deployment Guide has an overview of the technologies and their trade-offs.
deleted by creator
