Is this possible on any modern day phone or tablet? Selfhosting as made me very privacy-consciouss and am concerned about my iphone.

  • NeoNachtwaechter@lemmy.world
    link
    fedilink
    English
    arrow-up
    56
    arrow-down
    1
    ·
    edit-2
    3 days ago

    Yes. Firewalls.

    With an iPhone, however, you are screwed. Apple won’t let you do what you are looking for.

    • farcaller@fstab.sh
      link
      fedilink
      English
      arrow-up
      6
      ·
      3 days ago

      You can enforce an always-on VPN (for at least ipsec) via an MDM profile. This kind of features isn’t found in the casual user setup options, but there’s plenty of knobs to tune in the enterprise profile configurator.

      And yes, you can easily install that profile on your phone after.

    • seang96@spgrn.com
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      3 days ago

      VPN would still work for iPhone I imagine. Small whitelist of DNS would do 90%+ of the job.

      • NeoNachtwaechter@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        1
        ·
        edit-2
        3 days ago

        True, somewhat… but on the iPhone, many functions that seem like basic things are tied to Apple’s services and cannot easily replaced by selfhosted services. This phone would not work properly anymore.

          • NeoNachtwaechter@lemmy.world
            link
            fedilink
            English
            arrow-up
            6
            ·
            3 days ago

            In the other reply, you said something about GPS.

            Well, location services aren’t really GPS anymore.

            The phone looks at all of it’s radio environment (cell and WiFi and whatnot) and from that it calculates it’s location. GPS may help a little, too, but it’s not important.

            It needs Apple’s own databases to do that: collections of all antennas in the world, and their known locations.

            • zingo@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              3
              ·
              edit-2
              3 days ago

              Hmmm. That could be what’s slowing down the GPS locking on my old android phone I use for my fitness app.

              No SIM card or WiFi access. Takes a good 20 min just to get a GPS lock.

              That means it fucks up my distance monitoring and time intervals, if I don’t have patience to wait, which I honesty don’t!

              The app is basically a fancy timer at this point.

              ;)

              • NeoNachtwaechter@lemmy.world
                link
                fedilink
                English
                arrow-up
                4
                ·
                3 days ago

                In that case, your phone needs to “see” at least 4 satellites at the same time (more is even better) to get the first GPS lock, and that’s probably why you need to wait for so long.

                It could help to walk to a spot with no buildings, trees etc.

                Once there was an app called “GPS essentials” to help with that.

  • henfredemars@infosec.pub
    link
    fedilink
    English
    arrow-up
    11
    ·
    3 days ago

    Maybe I’m being stupid but a trivial way to ensure this is just don’t connect it to the Internet in any way. No SIM card. Cut it off from the Internet after setup, and only connect to a LAN with your chosen services all physically isolated from any internet machines.

  • catloaf@lemm.ee
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    1
    ·
    3 days ago

    Guarantee? You’d have to open it up and disable the cellular radio. The OS can override any settings you make.

  • thelittleblackbird@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    3 days ago

    The answer is mTLS.

    But you will run into the key distribution problem. But if your number of devices is manageable, it could be the solution

  • TaviRider@reddthat.com
    link
    fedilink
    English
    arrow-up
    4
    ·
    3 days ago

    On iPhones and iPads there are several technologies available for monitoring and filtering network traffic. Filter network traffic from the Apple Deployment Guide has an overview of the technologies and their trade-offs.

  • Celestus@lemm.ee
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    1
    ·
    3 days ago

    Remove the SIM card to ensure it doesn’t communicate with a cellular carrier. Then go into the settings for your specific WiFi network, configure IP address manually, and remove the entry for “Router” to prevent it from talking to the Internet

  • undefined@lemmy.hogru.ch
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    3 days ago

    One thing I want to bring up just so you’re conscious of it is WiFi calling.

    I currently use Tailscale and a sophisticated setup to route traffic via commercial VPNs. I also do a ton of DNS ad/tracking blocking which Tailscale wasn’t really designed for (and requires a rat’s nest of routing, iptables and the like).

    I’ve noticed I never receive incoming calls now even while attempting to send traffic to my carrier’s WiFi calling server (it’s just another traditional VPN server at a technical level) through the nearest Tailscale exit node.

    All this is to say, if you want WiFi calling to work you should consider this. I believe it’s the same for Android and iPhone.

    As for the traditional VPN bit I kind of discovered this a few years ago when using one of those mobile cellular gateways you can plug into your LAN (I lived in a dead zone). When looking up my current carrier’s WiFi calling server (a different carrier) I realized the port matches the same VPN thing they were doing on the cellular gateway, so I think it’s fairly common for wireless carriers to just use a VPN to get you into their backend.

  • mspencer712@programming.dev
    link
    fedilink
    English
    arrow-up
    4
    ·
    3 days ago

    I have an iPhone and a gl.inet gl-e750 portable cell router, and my SIM card stays in the router. I don’t actually restrict my phone the way you’re talking about, but this gives me vpn to my home network without needing the vpn running on each client device. And if I wanted to block connections to big tech company services, I could do that.

  • Kalreus@meinreddit.com
    link
    fedilink
    English
    arrow-up
    2
    ·
    3 days ago

    Can never guarantee anything but you got some options for decent security. I’ve used Tailscale and also Cloudflare with blocking all ips except for my known devices.