Talk

Advanced search

Configurable 'white list' of sites I'm ok with my DC accessing from any internet-enable device

(12 Posts)
LeninGrad Fri 02-Sep-11 13:26:21

Message withdrawn at poster's request.

niceguy2 Fri 02-Sep-11 13:58:05

OK, firstly I think you will have to sit down and think how much money you want to plough into this. What you want isn't easy....nor cheap. Well depends on your definition of cheap.

Plus you can't block texts as that won't go through your internet router. The only way to stop that is to take the phone off your child.

And bear in mind what us regular geeks say here. There's nothing worse than a false sense of security. You can sit there smug in the knowledge you've blocked porn but your child learns to use an anonymising service like TOR or a proxy to bypass your controls.

Plus regular routers are say £50-£60. You can get some which you can specify keywords to block like "porn, sex" but they tend to be crap because often the words aren't used and it also catches legitimate sites like sexual health...even MN if someone's used the word 'porn' like on this topic.

To do what you want properly, you'd need is an enterprise class router like a Vigor 2830 which costs £150ish. On top of that you will need an annual subscription to a filtering service which is about £50-£60 per year.

That would give you pretty robust control over all devices surfing the web via your router. I dont think that even gives you time control either.

A cheaper alternative is to install the excellent K9 Web Protection onto all PC's. Ok this won't cover mobile phones but then you aren't spending £200+ either.

My point is you need to work out how much this supposed 'protection' is worth to you, whether you have the expertise to keep on top of it (given kids are v. resourceful) and what the realistic risk is if you didn't do the above but just went for the free version.

LeninGrad Fri 02-Sep-11 14:14:09

Message withdrawn at poster's request.

BadgersPaws Fri 02-Sep-11 14:36:56

"I want all logs of all traffic in and out of our cable modem and/or any mobile phone. This is what the ISPs/ mobile internet providers need to provide, they must have it."

It's worth remembering that the traffic in and out might very well be encrypted. Your router and ISP might be able to tell you that something went from a machine in your house to a server on the internet but they cannot tell you what that was. And if that server on the internet is some kind of proxy or routing service then it could be heading anywhere and carrying anything.

So the best and only realistic level of control is to do something on the machine that is actually accessing the internet. So things like K9 come to the fore and simple things like making sure that the child doesn't have the permissions required to do things like change the internet connection settings or install new software to get around them.

Trying to lock at the ISP or router level will also mean that you will be subject to the same browsing and internet restrictions as your children, which is far from ideal.

Snorbs Fri 02-Sep-11 14:57:05

Most (all?) mobile phone companies offer some form of opt-out filtering service for Internet access. My DS's Vodafone phone has it enabled by default as does my T-Mobile phone. I'm not sure exactly which category of site is blocked; I think it's porn and gambling, I'm not sure about violent or otherwise unpleasant content.

As with any ISP-level filtering service it's not 100% reliable and will have very limited options for modification of the allow/disallow lists. I have heard that Orange, for instance, blocks mumsnet. I don't know of any mobile companies that can provide logs of which sites have been accessed and which have been blocked.

I've talked to my DS about my expectations of his mobile phone use. I also have a look at it every now and then - he likes playing Angry Birds on my Android phone so I have told him that he can use my phone if I can look at his grin

As for at home, I use Windows Family Safety Center on the PCs that my DCs have access to. They've got their own accounts and they have allow/disallow lists that are tweaked by me. Family Safety Center also provides logs of which sites have been accessed and when, plus it can also do time limits and cover locally-installed applications as well. It only works on Vista or Win7 though.

niceguy2 Fri 02-Sep-11 17:49:52

Your router won't be able to provide logging like that. Neither will your mobile phone. Packages like K9 & Microsoft Family Safety can though.

I'd suggest if you are that concerned about inappropriate internet usage on their mobiles then not to give them a smartphone.

Like snorbs & badgers say, mobile companies will filter out porn etc by default but if accessing via home wifi, you would need an expensive router combined with a 3rd party filtering service....or build yourself a firewall like Smoothwall which will involve a deep technical understanding combined with something like Dansguardian.

LeninGrad Fri 02-Sep-11 23:08:15

Message withdrawn at poster's request.

BadgersPaws Sat 03-Sep-11 11:21:32

"Is that right? For some reason I didn't think there was much if anything yet."

There is, but it's very patchy and unreliable. New web sites pop up all the time and the blocking can't keep up and then sites like this are also often blocked.

So it's debatable how worthwhile it actually is. Certainly I would never trust it to protect my child. Any slightly determined or even curious person will get around the blocking in moments.

And then it won't work when the gadget is connected via WIFI.

But the phone companies can charge you £1 to get the thing turned off so it's all good for them.

lurkingdad Fri 09-Sep-11 11:08:33

I have experimented with this on the home broadband for the future. The easiest option is a service from Opendns.

To explain it in it's simplest terms your router always looks up a domain name and turns it into an ip address. This is done by looking up on your ISPs DNS server. OpenDNS takes the place of your ISP dns server and you configure on a web page what you want to be viewable. Stats are also available. If a page is on the blocked list a "this is blocked please contact your admin" page appears

Where you may fall down is if your ip address is dynamic as this is how opendns identifies you. You would need a piece of software installed on one of your machines that would keep this updated. I bought a fixed IP address from my ISP (for other reasons, I also host my own mail server) which cost £5 one off.

The benefits of this are that it installs nothing on the computer and can log any attempts to access unauthorised sites. The biggest downside I can see is that it is possible to set a new dns server on the local machine which may be able to bypass the opndns, something I've not tested.

As for mobile services, I don't think there is anything you can do there. I'm figuring when my children are young enough to accept the controls we will be fine, as soon as they work out how to get around them we need to decide whether to explain the risks and fall back on education and trust, or whether we enter a constant arms race chasing each other round the internet. I can't say which way I'll go until I get there.

LeninGrad Fri 09-Sep-11 11:37:06

Message withdrawn at poster's request.

BadgersPaws Fri 09-Sep-11 11:43:39

"I have experimented with this on the home broadband for the future. The easiest option is a service from Opendns."

I'm far from convinced about such services.

To begin with there's still the whole massive issue about what is on their blacklist. They claim that "this Web filter is always up-to-date", and that worries me, because anyone with an ounce of technical sense knows that that is utterly impossible. Even the Chinese Government with all of it's vast resources, lack of respect for human rights and ability to throw anyone in prison if they don't comply can't keep their web filters up to date. It's moving into the realms of fantasy to claim that a small private company can do what they can't. So for that company to claim that is misleading either through ignorance or deliberate lies, and they want us to trust them with our children's safety? I think not.

And what exactly is "adult" content? Do they block sites like this?

And because it works between your router and the internet it means that all computers in the house are subject to same rules. So if they decide, quite reasonably, that Mumsnet is "adult" and block it then no one can access it.

And let's also look at this claim: "We block a constantly updated (24/7) list of adult websites from ever reaching your computer."

That again is either technical ignorance or a lie designed to get parents to give them their money. "We block a list of adult websites from reaching your computer as long as it's accessed using a domain name not an IP address and as long as we're not avoided in one of the many ways around this so called solution" is a more accurate way to put it, but they'll get less parents coughing up their hard earned money if they put it that way.

And those worries aren't even touching on the massive holes in this solution.

Access a site by it's IP address and there's no DNS lookup, go where you like.

Access a VPN or Proxy by it's IP address and then you can bypass the entire system.

And then there's the option for the more technically literate to either set up an alternate DNS for a machine or to just do away with the DNS lookup entirely by telling each machine what the IP address for each web site it.

In the end would I trust this to protect my children?

No, no I wouldn't.

niceguy2 Fri 09-Sep-11 12:57:03

OpenDNS is useful in certain situations. But since it would literally take someone with a modicum of technical knowledge about 20 seconds to choose another DNS server, it's not really effective as a Internet filter.

Join the discussion

Join the discussion

Registering is free, easy, and means you can join in the discussion, get discounts, win prizes and lots more.

Register now