User Manual

Everything you need to understand and use Obstruo safely and effectively.

Important: Obstruo is a system-level website blocking application. It does not scan, crawl, or probe websites. All protection is enforced locally on your device using rule-based domain blocking.

Obstruo is a privacy-first Windows desktop application designed to block access to pornographic websites at the system level. Unlike browser extensions or cloud-based filters, Obstruo operates locally on your device and applies protection across all browsers and applications. No browsing data is collected, transmitted, or analyzed externally.

Obstruo v1 works by blocking known pornographic domains using a curated, locally stored blocklist. It does not inspect page content, images, or videos, and it does not monitor user activity. All blocking decisions are deterministic and domain-based.

The application is designed with predictability, transparency, and user control in mind, making it suitable for personal use, families, and shared computers where reliable system-wide protection is required.

  • Operating System: Windows 10 (64-bit) or newer
  • Architecture: x64 system recommended
  • Disk Space: Less than 50 MB for installation
  • Memory: Minimal usage; no special RAM requirements
  • Permissions: Administrator privileges are required during installation and when applying or updating system-level blocking rules
  • Internet Connection: Required only to download the installer or manually check for updates. Not required for normal operation or website blocking
  • Browsers: Works system-wide across all browsers and applications that rely on standard Windows networking

Obstruo is distributed as a standard Windows installer (.exe).

Download the installer only from the official Obstruo website or GitHub release page.

After downloading, Windows may display a Microsoft Defender SmartScreen warning stating that the app is from an unknown publisher. This warning appears because Obstruo v1 is not yet digitally code-signed, not because it is malicious.

To proceed with installation:

  • Click "More info" on the SmartScreen warning.
  • Then click "Run anyway" to start the installer.
  • Administrator permission is required to complete installation.

Once installed, Obstruo can be launched from the Start Menu or desktop shortcut. On first launch, users will be guided through an initial setup process, including creating a PIN.

Additional notes:

  • After Obstruo is downloaded and run by multiple users, Windows SmartScreen may stop showing this warning automatically.
  • This warning is expected for unsigned applications and does not indicate malicious behavior.

Obstruo requires administrator permission to apply system-level blocking. This is necessary because Obstruo modifies protected Windows networking configuration components to enforce blocking across all browsers and applications.

Administrator permission is requested during installation. Administrator permission is also requested when enabling, disabling, or updating core protection.

Obstruo does not continuously run with elevated privileges. Normal actions such as viewing status, reviewing logs, or navigating the interface do not require administrator permission unless system-level changes are being made.

Obstruo does not perform background privilege escalation or hidden system modifications.

Core Protection is the primary mechanism Obstruo uses to block access to pornographic websites.

Core Protection becomes active automatically once the user completes initial setup and creates a PIN.

Obstruo enforces blocking using Windows-supported networking mechanisms to prevent access to known pornographic domains system-wide.

Core Protection is deterministic and rule-based; it does not analyze page content, images, or videos.

Core Protection is designed to remain active at all times during normal operation. Protection is only temporarily paused when the user activates the Emergency Pause, which disables blocking for 15 seconds and then automatically resumes.

If Core Protection cannot be applied or encounters an error, Obstruo clearly indicates this state to the user instead of silently failing.

Attempts to bypass protection by deleting application files or modifying protected components will trigger a forced reset or restoration behavior.

Obstruo requires the user to create a personal PIN during initial setup.

The PIN is used to authorize sensitive actions, such as:

  • Temporarily pausing Core Protection via the Emergency Pause
  • Managing or modifying the blocked sites list
  • Performing factory resets or restoring Obstruo after tampering

Security design:

  • PINs are never stored in plaintext
  • Stored using hash + salt combined with Windows DPAPI (CurrentUser) encryption
  • Only decrypted at the persistence boundary, never kept in memory longer than necessary

Progressive lockout:

  • Incorrect PIN entries trigger a progressive lockout countdown, visually displayed to the user
  • This protects against brute-force attacks while maintaining user awareness

Emergency Pause usage:

  • Activating Emergency Pause always requires the correct PIN
  • Pauses Core Protection for 15 seconds and auto-resumes, with a 60-second cooldown before the next pause

Tampering or deletion of configuration files may trigger a forced factory reset, ensuring PIN protection cannot be bypassed

Session Protection is separate from Core Protection and tracks user activity during the current session.

It provides real-time status monitoring, including:

  • Domain block events
  • Emergency Pause activations
  • PIN attempts and lockouts

Logging:

  • All relevant events are logged in a hybrid log system
  • Logs are kept locally, respecting user privacy
  • Logs are automatically cleared every 24 hours, minimizing persistent sensitive data

Emergency Pause events are clearly logged, including start time, duration, and cooldown state.

Tamper detection:

  • Attempts to modify logs or bypass session tracking are detected
  • Tampering may trigger warnings or a forced session reset

User visibility:

  • Logs are accessible via the UI, with clear timestamps and event types
  • Provides transparency while maintaining security

Emergency Pause is a PIN-protected temporary suspension of Core Protection.

Key points:

  • Activates for 15 seconds when the user provides the correct PIN.
  • After 15 seconds, Core Protection automatically resumes.
  • 60-second cooldown prevents immediate reactivation.

Visual feedback:

  • The UI clearly indicates when Core Protection is paused.
  • Countdown timers show both pause duration and cooldown period.

Tamper resistance:

  • Attempts to bypass Core Protection (e.g., deleting files, modifying protected components) trigger forced reset or restoration behavior.
  • Obstruo monitors critical components and reacts to prevent circumvention.

Self-blocking protection:

  • The app warns if a user attempts to block critical Obstruo files or directories.

Error handling:

  • If Core Protection fails to engage, Obstruo alerts the user instead of silently failing.
  • The Emergency Pause remains unavailable until normal operation is restored.

This section refers to persistent diagnostic logs, separate from session-level activity tracking.

Obstruo maintains a minimal local log for diagnostic and transparency purposes.

Logged events are limited to application-level actions such as:

  • application startup and shutdown
  • core protection status changes
  • errors or failure states

Obstruo does not log browsing history, visited websites, page content, or user activity.

Logs are stored locally on the user's device and are never transmitted externally.

Logged data is automatically deleted within 24 hours to minimize data exposure.

Logs exist solely to help users understand application behavior and to assist with troubleshooting.

Obstruo is designed to operate entirely offline after installation.

The application does not collect, transmit, or sell any personal data.

Obstruo does not monitor browsing behavior, visited websites, search queries, or online activity.

All blocking decisions are made locally using a curated blocklist stored on the user's device.

Application settings, logs, and sensitive state are stored locally and protected using Windows-provided security mechanisms.

Obstruo does not include analytics, telemetry, tracking libraries, or third-party data collection services.

No data is sent to Obstruo servers or any external service during normal operation.

Websites are not being blocked

  • Ensure Obstruo is running and Core Protection is active.
  • Confirm the website is a domain-based pornographic site (page-level filtering is not supported in v1).
  • Restart the browser to clear cached DNS results.

Obstruo fails to apply Core Protection

  • Make sure the application is run with administrator permission when prompted.
  • Check that no other security or filtering software is interfering with Windows networking behavior.
  • If an error state is shown, follow on-screen instructions rather than attempting manual fixes.

SmartScreen or security warning appears

  • This is expected for unsigned applications.
  • Click "More info" → "Run anyway" if you trust the source of the installer.

Application does not start or behaves unexpectedly

  • Restart the application.
  • If the issue persists, restart the system and try again.

Protection appears to be bypassed

  • Obstruo is designed to detect tampering and may trigger a forced reset if critical files are altered.
  • Reinstalling Obstruo will restore default protection behavior.

Do not

  • Manually edit the hosts file unless explicitly instructed.
  • Disable Windows security features to make Obstruo work.

Obstruo does not automatically update itself.

All updates are manually downloaded and installed by the user.

Update notifications are not fetched automatically from the internet.

Obstruo does not contact external servers to check for new versions.

Installing an update may require administrator permission.

User settings and configuration are preserved during updates unless otherwise stated in release notes.

Users are encouraged to download updates only from official Obstruo channels.

Obstruo v1 blocks access at the domain level only.

It does not filter individual pages, URLs, or content within a website.

Obstruo does not analyze images, videos, text, or media content.

The application does not provide ad blocking or tracker blocking.

Obstruo does not categorize or filter non-pornographic content.

Blocking effectiveness depends on the accuracy and coverage of the curated blocklist.

Some websites using uncommon networking methods or embedded content may not be fully blocked.

Obstruo support is provided through official project channels.

Users can report bugs, issues, or security concerns via the official GitHub repository.

Documentation and updates are published on the official Obstruo website.

Support is provided on a best-effort basis.

Obstruo does not offer live chat, phone support, or real-time assistance.

Users are encouraged to include clear details and steps to reproduce issues when requesting support.

Obstruo enforces blocking by applying system-level DNS resolution rules using Windows-supported mechanisms, including controlled hosts-based redirection to non-routable local addresses.

This approach ensures system-wide protection across all browsers and applications that rely on standard Windows DNS resolution.

Blocking rules are derived from a curated blocklist stored locally on the user's device.

Application configuration and sensitive state are stored locally and protected using Windows-provided security mechanisms.

Obstruo applies system-level changes only when necessary and avoids persistent elevated execution.

If a failure occurs while applying protection, Obstruo is designed to surface the error clearly rather than silently failing.

Safeguards are in place to prevent partial or inconsistent protection states.