How to be sure a foss app works locally only? (Without selfhosting)

The problem is there is data going from my devices to each other but how to be sure that data doesn’t leave my network to the internet, For example iam using Photon for Windows and Android which supposed to work locally but how to be SURE???

So, a few things:

On desktop, I’d advise you to look at firewalls. Great FOSS options are:

  1. Safings Portmaster, which is available on Windows and Linux. For Linux, you can download it from the site, or you’ll need to use the CLI. It’s not available on Debian or Fedora package managers. It is available on the AUR, though. For Windows, the installer will require an internet connection, to download the latest version. Do note, it does have issues with VPNs, though some of that can be worked around.
  2. Henry++ Simplewall is very simple, and… kind of effective. It’s probably the worst option here, but it’s had a good reputation in the privacy community for years, now. It’s Windows exclusive, it’s minimulist, and I’ve never had an issue with VPNs. The huge downside is that it uses the Windows Filtering Platform for it’s ruleset. That used to be good years ago, but not anymore. I’ve seen programs and malware, get around this easily.
  3. OpenSnitch is Linux only. It’s arguably one of the best firewalls, with no bloat. It’s available as a Deb and RPM. There is an AUR version, but I’ve had issues with the AUR version, and VPNs. Some components tend to be updated at different tiems, causing conflicts.
  4. LuLu is a great OSX FOSS option, but one I don’t have that much experience in. My Mac machine is a work machine, so when I’m using it I use…
  5. LittleSnitch is Mac exclusive, and is not open source. Though, it’s still a really good service, and one I’ve now been deploying for many years. It was so good, it inspired the FOSS OpenSnitch, on Linux.
  6. If you run AV, check their Firewalls. I know ESET has a fantastic one, that I’d argue is one of the best you can use. Of course, going this method also comes with privacy drawbacks.

With mobile it’s not so easy, especially for IOS.

  1. GraphineOS asks you if you want an App to have network connectivity, when you install it. As far as the app knows, you have no internet for it to use. From what I understand, this functionality is based on the Android Open Source Project, so no 3rd party software.
  2. CalyxOS uses the Datura Firewall. Again, based on AOSP, but greatly expanded.
  3. Netguard came to my attention in the latest Survailance Report. It’s not something I’ve ever used, but it could be worth a shot. It seems to be open source, and does not require root. Note: there is a lot of software with similar names… some of them are malicious, so be careful what you install.
  4. If you’re not on those platforms, as far as I’m aware you’d be relying on DNS filtering. Not the best option, but at least you should be able to tell if your device is connecting to a domain, you do not recognise. Something like a Pi-Hole, or NextDNS are great options.
  5. If you’re on IOS, you can use the aforementioned DNS blocking. However, IOS also monitors DNS traffic, and will tell you the domains an app is connecting to regardless of your network setup. Go into Settings → Privacy & Security → App Privacy Report. Click on an app, in the “APP NETWORK ACTIVITY” field, and you’ll see it’s connections. Sadly, there is no option to prevent this activity without a Jailbreak. Even sideloaded apps won’t be able to do it.

This is an excellent rundown of firewall options. You could also use a program like Wireshark to manually monitor the internet activity on your network. This is a bit more of an advanced option, but if you just want to know if the app uses the internet or not, it’s a good way to check.

On Android (even stock), if the app claims not to be local only, it should not request the network permission. You can see if the app has requested that permission in the app settings/info.

Good call. I forgot Wireshark has a desktop client. I’ve been using it in the router.

This is a bit of a low tech solution that obviously won’t catch something sophisticated enough, but if you flip on airplane mode and your calculator stops working, it’s time to look for a new app. Though I’m not sure how many apps would fall for that trick, lol.