Back to Main Site Join Waitlist
Digital Accountability

GODSWATCHINU.exe

A 4-layer content accountability fortress compiled into a single 27.6MB executable.

Not an app you can just close. Not a browser plugin you can toggle off. It's infrastructure. Windows Service, SYSTEM-level privileges, dual watchdogs, encrypted config. One EXE. No installer. No account creation. Just run it, set your passphrase, and it's done.

Join the Waitlist Back to Kadosh & Co
1,029
Domains Blocked
1,590
Keywords Scanned
40+
Processes Killed
15+
Browsers Locked
Layer 1

Hosts File Hijack

Rewrites C:\Windows\System32\drivers\etc\hosts with 1,029+ domains redirected to 127.0.0.1. Pornhub, XVideos, RedTube, Tor Project, every VPN download site, proxy sites, NSFW Reddit alternatives — all of them. Locked with Windows ACLs. Verified every 30 seconds. If you tamper with it, it rewrites instantly.

Layer 2

DNS Enforcement

Force-sets every network adapter's DNS to CleanBrowsing Family Filter (185.228.168.168 / 185.228.169.168) — both IPv4 and IPv6. WiFi, Ethernet, VPN adapters, everything. Checks every 30 seconds. If you change it back, it re-enforces within the next cycle. Also blocks DNS-over-HTTPS at the firewall level so you can't bypass it through encrypted DNS.

Layer 3

Windows Firewall Rules

Creates outbound firewall rules blocking:

  • All known VPN service IP ranges (NordVPN, ExpressVPN, ProtonVPN, etc.)
  • All Tor directory authority IPs
  • All DNS-over-HTTPS provider IPs (Cloudflare, Google, Quad9)
  • Port 853 (DNS-over-TLS)
  • Only allows DNS traffic to CleanBrowsing servers
Layer 3b

Browser Enterprise Policies

Writes Group Policy-level registry keys for Chrome, Edge, Brave, Firefox, Vivaldi, Opera, Waterfox, LibreWolf, and 10+ other browsers:

  • Forces Google SafeSearch ON
  • Forces Bing SafeSearch to Strict
  • Forces YouTube Restricted Mode
  • Disables Incognito/Private browsing
  • Disables Developer Tools
  • Blocks DNS-over-HTTPS in the browser
  • Disables guest mode and new profile creation
  • Force-installs a content filter extension via enterprise policy
Layer 4

Process Termination

A real-time process scanner running every 3 seconds that kills on sight:

  • VPN clients (NordVPN, ExpressVPN, ProtonVPN, WireGuard, OpenVPN — 40+ processes)
  • Tor Browser
  • Proxy tools (Psiphon, Lantern, Ultrasurf)
  • SSH tunnels with SOCKS flags (-D, -L, -R)
  • WSL bypass attempts (detects curl, wget, tor, openvpn inside WSL)
  • Torrent clients
  • Android emulators
  • Virtual machine software
  • Sandbox tools
  • Remote desktop apps
Layer 5

Keyword Scanning

Scans every open browser window's URL bar and title using Windows UI Automation, matching against 1,416 instant-block keywords and 174 scored keywords with leet-speak normalization. Typing p0rn, s3x, h3nt4i, or even spaced-out variations into a search bar triggers detection. Also scans browser history databases and messaging app window titles for NSFW content.

The Intervention System

When a violation is detected, a fullscreen overlay takes over every monitor. It displays a Bible verse about purity, a countdown timer, and blocks Alt-Tab, Escape, Alt-F4, and the Windows key. You cannot interact with anything else until the timer expires.

ViolationsResponseDuration
First fewOverlay with Bible verse15 seconds
5+ in an hourOverlay with warning60 seconds
10+Overlay urging accountability partner120 seconds
Shutdown Protection

You can't just close it. Here's why.

Windows ServiceRuns as SYSTEM. You can't stop it from Task Manager.
Service DACL HardenedOnly SYSTEM has full control. Even Administrators can only read and start, not stop or delete.
Dual WatchdogsKill the service? Monitor restarts it. Kill the monitor? Service restarts it. Kill both? Windows Recovery Policy restarts automatically.
Safe Mode RegisteredThe service runs in Safe Mode too.
System Restore DisabledCan't roll back to before installation.
Registry Tamper DetectionIf you change the service startup type, it gets reset every verification cycle.
Boot ProtectionBCD settings modified to prevent recovery menu access.
Passphrase RequiredCtrl+Alt+Shift+F12 for 5 seconds, then enter the correct passphrase. 3 wrong attempts = 24-hour lockout.
Encryption

Config Encryption

All configuration (passphrase hash, whitelist, settings) encrypted with Fernet (AES-128-CBC + HMAC-SHA256). Encryption key stored with Windows ACLs restricted to SYSTEM and Administrators only. If someone deletes the key file to try to reset the passphrase, tamper detection kicks in — locking the system permanently.

Activity Logs

Every violation, every blocked site, every process kill is recorded in a tamper-evident encrypted append-only log with automatic 10MB rotation.

Browser Extension

Chromium Manifest V3 extension force-installed via enterprise policy. Can't be removed through normal means.

declarativeNetRequest — blocks URLs at the network level before the page even loads (1,047 rules)
Content Script — runs at document_start (before any content renders), scanning page text against all 1,590 keywords with leet-speak normalization
MutationObserver — watches for dynamically loaded content on SPAs for up to 200 DOM mutations
Enterprise Policy Lock — installed via Group Policy ExtensionInstallForcelist, not the extension store
The Numbers
MetricValue
Source Files52 Python files
Lines of Code~11,700
Blocked Domains1,029
Instant-Block Keywords1,416 (12+ languages)
Scored Keywords174 (word-boundary aware)
VPN/Proxy Processes Killed40+
Browsers Locked15+
Firewall Rules7
Verification Cycle30 seconds (all layers)
Process Scan Cycle3 seconds
Built WithPython 3.12, PyInstaller
OutputSingle 27.6MB EXE

One file. No installer download. No account creation. Just run it, set your passphrase, and it's done.

Join the Waitlist Back to Kadosh & Co
GODSWATCHINU.exe
Built by Kadosh | 2026