It's OK dear I'm only watching this grumble flick for the sake of research...
"... bypassing the filter, should one wish to access inappropriate sites for the sake of research or similar."
Paris 'cos she's been well 'researched'...
Internet access isn't about PCs any more, and keeping an eye on one's children is tough for even the most techno-literate parent despite the plethora of tools available. It's not puritanical to want to control what one's offspring see and hear – there are things on the internet with the power to scar an adult – and while no one …
"... bypassing the filter, should one wish to access inappropriate sites for the sake of research or similar."
Paris 'cos she's been well 'researched'...
http://www.theregister.co.uk/Design/graphics/icons/comment/thumb_up_32.png Great article! It's certainly a minefield of consideration to make the web safe, but open for those under our care.
There's a really good offering from Blue Coat which whilst it's machine specific, is the best filtering system I've seen around for free - K9 Web Protection. K9 is free for personal use, and allows filtering controls against particular categories one might not want ones child to hit.
It's even useful for us adults - I use it for blocking four common, but dangerous categories - Spyware/Malware, Spyware/Malware Effects, Phishing and Suspicious. The Spyware categories include botnets and their C&C servers.
The rating system used is dynamic, so if a URL or domain isn't categorised by a local copy of the DB, it's sent to Blue Coat's 'Web Pulse' cloud service for on-the-fly rating which returns a category within a few seconds. Blue Coat claim to have 75+ million users of the 'Web Pulse' cloud service who submit around 3 billion URLs for classification per-week so if one user sends a new URL to be classified, everyone gets the benefits of that classification.
If covering more than one device in the family household is needed (and you can have up to 10 clients per-email address with K9) then as a home sysadmin you could run your own proxy and force access to go through it.
..2nd for K9. We use it for a youth club (plus a proxy) after rejecting the likes of OpenDNS which took me about 30 seconds to get around.
They tried to get aorund it for about 3 weeks before finally giving up.
It throws up some odd stuff, but on the whole about the best we've ever seen. Best fo all , it's free for home use.
Personally I have 25+ devices on my home network, so I agree an automated approach to blocking is required - my preferred approach is a low-power Linux box running a dedicated firewall/proxy/content filter in combination with OpenDNS - at the moment I'm using the Zentyal distribution, which gives you a nice web-based interface to set this all up. Additionally, anti-virus checks can be payed into the mix at the gateway, and QoS support prevents the kids from nicking all the bandwidth whilst Dad is try to work!
opendns and kidzui
Back when we had one XP-based PC without parental controls, (the Macs are pretty well locked down) and no DNS solution in place yet... the 10 year old couldn't remember 'kidzui' she had heard about in school. 'kinky' was the closest thing she could think of, and typed that in... my fault entirely, and steps have since been taken. But you can't un-ring that bell.
1) Flat out told them they could surf whatever they wanted on the web, but they would have to be prepared to explain what they were looking at to their mother or me.
2) To not do anything on myspace or facebook that would get their step mother tattling to their father.
3) Keep them busy with activities they enjoy that don't involve the computer.
We've had two incidents of stupidity from the eldest that were nowhere as bad as things I got into with a modem and a PC in the mid to late 80s.
This is the route we took as well.
As a lot of people have alluded too you can only protect your own network and less technical parents will let their kids have unrestricted access to the internet.
The only thing we ever did was stop their internet access at 10 o'clock (just a simple firewall rule on a schedule) this was to stop them staying up to late in the evenings.
Obviously random auditing helped with this! Although once they had learnt to clear up behind themselves this became a bit pointless. I did have VNC installed on their machines so I could randomly and unnoticed check what they were up too!
I hate to say this as being draconian is all to easy to step into, but virtulization and a strict whats on the VM or not is whats needed.
Put things like you tube etc ... on they deny list (pick your favorite) and set the VM to be non-persistent after the build. That way even if they do get past the deny/favorite method of blocking sites, it has to be repeated when the VM is closed.
Not all people can use Linux, some have Mac's and most have Windows. Personally I prefer the filtering option such as dansguardian, but what do I do when my little one learns about ssh tunneling. The only option I see is to make the effort required to break free of the controls not worth it, and hell they might learn something in the process and quell some curiosity.
But there is nothing that replaces supervised access.
I don't have any children myself, but I've been thinking about this for my sister, and her two. My thoughts were gearing towards putting in an open source firewall. I never liked IPCop, but got on better with Endian, and they support content filtering - http://www.endian.com/en/community/overview/
Pretty sure it's Dans Guardian as was suggested before, which works on the transparent proxy. Rather than changing DNS to get to a blocked site, it can simply be unblocked with a parental username and password.
Obviously requires some knowhow to set it up, but it can run on an old PC, and after that is free.
Has anyone looked at using software from BlueCoat, their K9 "home filtering" suite?
"K9 Web Protection is a free Internet filter and parental control software for your home Windows or Mac computer. K9 puts YOU in control of the Internet so you can protect your kids. "
I use BlueCoat ProxySG appliances a fair amount, and this was advertised on one of the courses I went on last year.
I installed it to see what it was all about, but given I'm 23 and have no kids, I don't have a use for it....
The problem with many of the responses here is to take the article, on a techie site, and assume it's for techies.
A parent who has a PC downstairs connected to an ADSL router with WiFi and one or two laptops upstairs, plus PS3/Xbox and probably another WiFi router configured as a bridge is sure as hell a SysAdmin in my book regardless of the paid job. And often it's not about keeping them away from porn or violence but making sure they don't burn out on Facebook or YouTube and do their chores etc and not to mention bandwidth capping.
OpenDNS and filtering by time and content on the router is the easiest way to go. There are better ways but the more you add on the more complicated it gets.
My one, on her own in 3 days, smashed our 60gb bandwidth limit by watching 1.4TB(!!!!!!!!!!!!!!) worth of YouTube!!!! I swear, I think going to dial-up speeds is the only thing that's stopped her(that and I've perma-disconnected her from the wifi network)
Now my other two are in there teens so I assumed it was them with steam, but to find my pre-10-year-old daughter setting my bandwidth on fire like that just sent me mental!
Atom bomb because...well...it's what happened to my bandwidth
In my experience with pre-teen girls, they use youtube as some sort of music streaming service. I've seen them stream the same video clip over and over and over in a background tab whilst doing other stuff in the foreground.
When asked what they are doing they respond with "listening to the song"
Spot on mate. We had ISDN in our house from 98 onwards and an NT4 server that my dad used for some mad exchange setup he had with a business partner (apparently Demon used to hold your mail for you and forward it to an SMTP port when you came online, off topic and overkill, I know).
I figured out I could dual channel this connection and get 128kbps. He and his business partner locked this machine down to the max, but I got round all of it, had my own freeserve account, the works. Set it up as a gateway and away I went on my own presumed non-internet pc. Oh the horror. Racked up a £600 bill in a quarter in 1999 or 2000 thanks to good old napster. Needless to say my dad figured out why his mail wasn't coming through as regularly as before.
I am amazed at how tech savvy my nieces and nephews are, and I have no doubt any child who has restrictions imposed on them and a desire to circumvent them, will.
Block the worst the internet has to offer, and hope for the best, I'm not sure making the block obvious is going to have a positive effect. Talk to them and maybe, just maybe, the curiosity wont kill the innocence!
My kid's terminal, and later computer, was in family space, not her bedroom. Today, she appreciates why I handled it this way. We're over a quarter century on, and her infant daughter will grow up the same way.
Would you allow your child to wander around any of the largest cities on the planet at random, unescorted? Seriously. Think about it.
I wish it was as easy these days as it was back In the days before iPods, DSis, PSPs, iPads, and ubiquitous wi-fi. Not saying the principal isn't valid, it's just not as simple as the "family room computer" any more.
Actually, it *IS* that easy, if parents actually parent. Until kids reach the age of majority, the kids are, in essence, their parents chattel.
Kids can't enter into a contract. This is reality.
Kids can't even have a land-line telephone account (by law) unless their spokes-adult allows it, and signs for it ... much-less world-wide wireless internet access.
Think about it.
This is a situation I found as a community trainer all of the time - especially my generation ( who grew up in the 80's) with offspring. Computer in home, dominated by the tech savvy kids brought up on it, whilst the adults stumble around with a mouse, they were lucky to get a computer class, for the nerdy math kids like me.
I had to remind parents often that they PAID for the electronics, phone line and access, they have every right to impose sanctions and rules. Good relations with the kids was to be the starting point, and a shared/open approach to the internet with a good dose of sense and communication. It was always the the 'nagers downloading the ring tones and games which caused the problems. Kiddy catcher - because we're only kids once.
Kidzui/FF for the young ones, whilst I'm here.
OpenDNS doesn't give me enough control with a free account, and I find there updater software to be a disaster. I switched to DNS Redirector and haven't looked back - no monthly fee and I can whitelist/blacklist as much as I want. For the younger kids I have a white-list only scenario where everything but a few sites are blocked, the teen gets a password to bypass that restriction but still can't get to porn or malware, I get a password to bypass that and go wherever I want.
The method may be over kill, but a HTTP filter with DNS filter, which only allows a whitelist would suffice?
Theres multiple solutions available, the easiest one I have happened to find is 'Activewall' which works in most network environments, or privoxy (which is more advanced, but slightly more technical)
The problem is similar to piracy in my opinion, you change the goalposts and the way around it changes with it... so if you go for the exclusively exhaustive filtering method, its a sure way of working it... but then can hinder the use of the web, through the method of restriction.
^^^ My wife's response when I explained my plan for safe net access for our kids
No offence intended, and it's slightly off topic but that's the kind of response I get tired of hearing from the pond-life that can't be arsed to stop watching TV and start parenting.... usually when it comes to putting the relatively tiny amount of effort into sorting out their kids head lice.
but it's still no reason not to enforce the best practice you can within the environment for which you are responsible.
Do what you can, and hope for the best, I suppose.
I'm all for anything that gives parents a better/easier option to control what their child is exposed to but mostly it's pointless. Kids are crude, vulgar and nasty by default. When their young it's boogers and farts, then it becomes dirty jokes, stashes of adult magazines, and two girls and a cup style videos. And guess what, chances are they are experimenting with sex much earlier than you would think possible.
In my opinion the best thing you can do is be a good role model for your kids. A real world example is far more powerful than a you tube video. Show them healthy respectful relationships, mature conflict resolution, responsible alcohol use. If you want them to read more let them see you with a book in your hand. If you want them to take school seriously, let them see you exhibit a love of learning.
However it would be really appreciated if their is was a could friendly, curated you tube spin off. :)
We use OpenDNS for general content filtering, enforced at the router level, plus the restrictions afforded by DD-WRT router firmware allow setting time-access restrictions and P2P protocol and website URL/keyword blocking on a per-client MAC address basis. Problem solved! (at least while the kids are at home, unless they can hitchhike on a neighbor's WiFi, or...)
Good article mate.
I use kidswatch for the monsters machine, but that is on a locked down user account, which presents its own challenges in getting software to behave. A lot is still written expecting full admin rights, and won't work without out. Pathetic but true.
So you end up logging in as admin just to get software to work.
Neither 'manages' YouTube for you.
I highly recommend gargoyle-router in conjunction with OpenDNS for this. Gargoyle is firmware that runs on cheap consumer routers (TP-Link WR-1043ND recommended) and has a good and easy to configure firewall with some basic filtering rules and whitelisting. In addition it has good traffic and quota management to deal with that other home internet problem of "who used all the gigas??".
The amazing thing, reading these stories, is that I never ever come on the 'dark side of the internet' when reading and browsing and following up my ordinary interests. The Internet looks a lot like TV from here, occasionally sexual content of a perfectly ordinary sort, well, you would not expect it to be a totally sex-free zone, any more than the average thriller or murder mystery or newspaper is, but basically innocuous. Am I living in a fools paradise?
and have some idea of what you're doing?
I have the misfortune to have signed up to Sky Broadband (uk) which requires you to use their router which in turn does not let you change the dns servers and therefore use OpenDNS. Will be changing once my lockin period is over.
Try setting your clients to use OpenDNS exclusively to bypass the sky servers.
Or do as I have done (not on Sky but on a cable service that insists you use their equipment) and use their router as a modem - disable NAT, they normally have a pass-through modem type setting - and get your own router with a WAN port. I have the Netgear WNDR3700. Yes you're running two devices, but you will never again be held to ransom by ISP equipment.
"One solution, admittedly a bodge job, is to create GMail accounts for the children to use themselves, but don't give them the requisite passwords."
Isn't it in Google's T&Cs that you can't have a GMail account if you're under 13? If so, wouldn't doing the above violate it?
who cares? like google respects us?
Since they don't have the password, you could argue it isn't their account - they just use it.
What's working well for my five-year-old daughter so far, is OpenDNS FamilySheild to protect against accidental typo-squatting pr0n, and then just spending time with her when she uses her netbook (and by "her netbook" I mean my old Eee 901 netbook, only her login has a stripped-down Openbox desktop with only the launcher icons she uses).
One thing I don't let her do is use the netbook on her own. For example she can't take it into her bedroom and shut the door. Mostly we use it on the kitchen table or in the lounge.
Oh, and I wholeheartedly recommend getting a cheap graphics tablet for young kids. The Trust Flex Ultra Thin is less than 20 quid delivered and, after a bit of xorg.conf wrangling, has done wonders for her Tux Paint masterpieces.
I run an OpenBSD firewall/proxy with dansguardian. It can be a bit fiddly to set up and refine but well worth the effort.
Stops the nasties and provides virus scanning as well.
For those commenting that the answer is to "talk to your kids", there is a time and place for this. I think the context of this post is *how* one could create a safer environment for kids to explore the Internet reducing the likelihood that they will come across material that they my not be yet emotionally and psychologically developed enough to deal with. There is a lot of great age appropriate content and learning tools on the Internet, and I want to kindle their curiosity and sense of discovery. IT IS NOT CENSORSHIP to want to protect my six-year-old daughter from seeing Pokemon's Misty naked, hog tied and being gang-raped by Ash and Brock when she is looking for a Pokemon coloring page to print out. My daughter is not emotionally mature enough to "talk to" about this, yet access to the Internet has definitely added to her development The Internet has brought her Khan's Academy (her first-grade teacher says she has "mad math skills" and Dinosaur Train (she will happily talk ad nauseam why pteranodons are not dinosaurs and currently wants to be a Paleontologist) among other great sites. She also watches her older brother doing research online is is always asking questions and searching for similar topics to "help" him. I think this is all great.
What I'm currently doing:
1) OpenDNS for basic domain filtering
2) The "general" family use two Macs where I have OS X's "parental controls" (essentially a OS-based transparent proxy) enabled for basic website filtering (like most proxy-based filters it fails miserably on SSL sites, which I have to unblock domain by domain myself). To make it a bit easier to administer I have one setup with OS X server and I'm using directory services to manage the URLs so that they apply across the kids' and the guest accounts.
3) On my kids' Safari and Firefox browsers on the desktops, I've "locked" Google's SafeSearch on and YouTube's safe mode by logging in with my google account, enabling the setting, and then logging out. (your kids DON'T need to have a google account to do this, only you)
4) I've configured my son's email account (google apps domain with my own Postfix mail server for inbound processing) to copy my wife on all inbound/outbound messages, he is aware of this too.
5) On my son's (9) iPod touch, I've disabled Safari, and use Mobicip browser to filter and report on his access (he is well aware of the reporting and is accountable for his actions). My daughter's hand-me-down iPhone (no phone) has browsing disabled entirely at this point.
What doesn't work well: SSL sites. For good security reasons, more and more sites are using SSL and even if used in a limited manner (cookies, login pages, etc.) each one of these needs to be excepted by hand in OSX's proxy or accepted globally which I don't want to do. Also, google's SafeSearch lock is a hack and a pain to setup for each kid's account and each browser - but with google's new SSL defaults, you can't just append the safesearch options in the GET request anymore.
"Censorship? Recall we're talking children, not adults here."
Age discrimination much? There's a simple way to deal with this issue. Don't make it a taboo thing and desirable, talk to your kids about online dangers, and remember, a picture/video of sex isn't gonna hurt. A stalker will.
(addressing everyone else as well.)
My father offered me small sips of alcohol growing up. (yes even before my pre-teens. Like 8yrs old and such.) Turns out I didn't exactly like the taste of it, and it happened to be very good scotch too... Had It been made taboo I most likely would've drank it anyway when he was at work as it would've been something of such curiosity and also to be rebellious. You also can't hide sexuality forever, it's a terrible idea, Imagine signing your kids out of all health classes, assemblies at school etc. about it, and further filtering and by 27 when a partner likes him/her......"what's sex???" If you're also such a highly strung up person to the point where you'd beat your child just for exploring his/her own body, then you're a sick person who should go to jail.
Note that I'm talking about home internet access here, not school internet access where it's a completely different story.
I ended up going for untangle as my firewall/gateway and web filter, which I use on top of using OpenDNS. It can also do protocol blocking for things like torrents and IM. I've only used the "Lite" (read, free) web blocking, but that seems to be fairly good. They have a paid for web filter too if you want. It's based on Linux, so as a Windows guy, I was quite pleased it comes as an ISO, however you do need a standalone box to run it which not everyone is going to have.
My kids are pretty young, so it's been sufficient so far, I guess only time will tell if I'll need something more
First, my kids are 3 and 1 and I'm in the "adult" business. I've asked other folk in the business and they've all replied "Ha they're too young to use a computer". It's a great fear for me, what they'll see since I know what horrible things I see every day. I hadn't even thought about the ps3 or the ipods for internet access since at home it only makes sense for me to use a real computer. I had figured on simply creating user accounts and using a simple firewall on the machine. I've only one working computer in the house, there's other's that're just off and a heap of netbooks and laptops that may still work, but are beneath me. I felt perhaps I'd try the honesty approach, but thinking about it. I saw my first grainy naked chick at 12 on mIRC and at 13 I smoked my first joint. But I turned out fine, the honesty approach works but it occurs that perhaps between 0 and 12 years perhaps you need some sort of lockdown. And aye you're kids will go to their friends or whatever but as said before in your space you should do what you can.
So My plan is apparently to keep up on this stuff, cuz if anything it's opened my eyes to needing a dummy router in front of my ISP's modem. And it is also clear to encourage outdoor (non-internet or tv based) activities to offer a balance. I personally hope my kids are better coders than I am and I also hope they still know how to start a fire with two sticks and a shoelace as well as knowing what herodotus' said of the giant ants and Marathon. And I know this can only be achieved with a balanced approach to internet access and barriers for them to overcome.
Maybe that's what we all hope with lock downs is that they beat us, but again only after the language and understanding are available to the kids for us parents to be able to explain what is going on and why it's likely not (just guessing) appropriate. I just hope this obvious conversation is sometime a decade later and not 3 years off. It's as if the fabled "birds and bees" conversation has turned to a "god help me never post online" conversation or worse "it's actually just milk" and explaining how that happened to occur and why women aren't to be treated as we've just seen.
And like that dude above said about getting a sip of scotch above when he was 8, what if it was a shot peach schnapps. Don't get me wrong I'm an alcoholic and the son of an alcoholic; it's not the actual alcohol that's the problem, but how you behave drinking. I saw how to be a happy drunk and how to be a mean drunk. I guess my point is nurture not nature is key.
My intention, when RaspberryPi get the bloody boards on sale (pleeeease hurry up, I can't wait), is Dansguardian on their distro on an RPi board - full content filtering on a 1W device ! That'll keep my little scrotes off 90% of dodgy stuff (and make them moan a lot). Hope DG will compile !
Equally, might be quite fun to block YouTube for a week for giggles.
One of the first things I searched for when I got the net was porn, I knew it would be there and I knew what I wanted. I am sure this is the case for everyone. I also remember people talking about stuff at junior school. Kids aren't innocent - they know all about it, they just don't say anything to their parents.
It had no adverse effects at all. In fact if anything, not being wrapped in cotton wool has made me the man I am today. Had I not had fully unfiltered net access from that age I am certain I'd have grown up to be a mindless pleb.
I think the problem was when the Internet started hitting the big time late 90s/early 2000s and the government seemed determined to expose every kiddy to the Internet via the school systems, then telling parents that they all had to have a computer and the Internet. Schools should have always been set up on some kind of AOL-alike network with restrictions that make Apple's App Store policies look tame, with the real Internet being something you might start work on in high school once you're starting to learn what this thing called "trust" is, and you're likely already aware of the aforementioned computer game character fetishists.
Anyway, hindsight's a wonderful thing (even if some of us had the foresight to see this Daily Mail wailing happening a long while before it happened), and we've just got to deal with the aftermath of the idiots who made it so it's now almost a necessity to have kids on the Internet. Technologically, a whitelist is probably about the only way you're going to stop someone going on sites you don't want them on, and even that doesn't stop them seeing whatever some hacker decides to graffiti a website's home page with.
A friend has a lovely solution though, that I believe one or two people here already use: The computer is in the living room. Only the older kids have devices that can get on the Internet. If you're somehow a younger reader that's stumbled onto this dark corner of the Internet and think that's cruel or draconian, think about how cruel or draconian a world would be where nobody can have access to an unfettered Internet because of all the "think of the children" wailing? You'll grow up. The rest of us won't^Walready have.
(and please don't tell mum that the Reg has been telling you about Sonic pr0n, I like this site when half the editors haven't been arrested)
This article is much better than many but it still omits the essential first step. Before worrying about how to censor the internet first determine what needs to be censored. That can only be done from facts and evidence. Myth and prejudice have no place is making policy over children.
The internet is about to have draconian censorship imposed. The politicans concerned, think Mary Whitehouse MP, claim that they are only following the recommendations of the independent Bailey Report. However Mr Bailey was appointed by the Home Office, assisted by the Home Office, presumably paid by the Home Office, he represents one particular religious group and I have little doubt that he was chosen because he would provide the answer desired. See Government Dirty Data, http://www.theregister.co.uk/2009/04/10/dirty_data/ There is strong evidence for the widespread and often serious harm that results from the attitudes associated with prudery but he completely failed to even consider the possibility that harm could result from his recommendations.
There is strong evidence that prudery results in harm, no good evidence that it provides benefit, and a bunch of neo-puritan politicans using "child protection" to further their own agenda. The causal links may be less obvious than a sexual assault but prudery is every bit as much child sexual abuse.
Don't forget that most kids eventually get phones and most have web browsers on them. You'll have to rely on their network providers to control what they see on those. Not all come with content control in place out of the box (although Vodafone does), I'm amazed how many parents have no idea what kids look at the the playground these days.
I've got a fairly well controlled home network so I know what they're looking at but I know that'll only last until my boys get their first phone... But I'm going to make sure they pay for their own data plans.
"most kids eventually get phones"
Not unless their parental unit(s) provide same, which is a vital point that most are missing.
"and most have web browsers on them"
Not in this household. Here at Chez jake, a telephone makes and receives telephone calls. That is all. Why? Because that is what a telephone is for. Making and receiving telephone calls. Simple, no?
and it is getting cheaper and cheaper. Soon you will be able to buy a box for £200 that does it all.
I know a company that sells very solid filtering systems to schools and colleges as schools/colleges are already aware of the need to control access via their networks, especially w.r.t. mobile devices via WiFi.
These systems actively block external proxy servers and most of the other methods that todays canny Teens find to circumvent many web filters. Websites are categorised and allowed/blocked according to their category. The SysAds can allow normally blocked sites and vice-versa but most are pretty happy with the standard categorisations. Not only that but if someone goes to a new/unknown website, it is blocked by default, but it also sends a message to the software developers and that site is then visited and categorised by a robot, and occasionally by a human.
While I can see the need to filter what kids get access to there is still the question of what the cut off age is or do you go for a phased approach. Legally at 18 years old, you can only restrict access on a network that you own.