BT Parental Controls - absolutely rubbish now!

[AnonymousBird]

We switched this on a year or so ago, as the children started to be more independent with their use of devices, the Mac and so on. I did some checking on it of very obvious searches to make sure things were being blocked - naked lady, Matt Smith in the shower (!) and so on and all these things were correctly blocked on all devices linked to our BT Hub.

I had reason to check it again recently, not really sure why, just an instinct thing and discovered that despite the fact it was turned on, nothing at all was being blocked any more. So I deactivated and reactivated, only to discover that very little is now blocked in the way it was before.

The odd thing gets caught (typically, the things that you don't mind going through, so I override to approve certain websites) but the dodgy photos and everything get past BT so called Parental Controls.

As a result, I have put on Google Safe Search which hopefully achieves the same end, and have restrictions now set on each device, but I am seriously miffed that BT appear to have moved the goalposts.

I cannot bring myself to have yet another 45 minute phone conversation with someone very helpful, but who doesn't actually understand what I am getting at and who simply puts me through to "the technical team" who then switch it all off again, as happened yesterday, so can anyone shed light please, or has experienced the same?

The whole idea of network-level parental controls is broken.

Google have, rightly, moved to https-everywhere on all their services, and browsers have shifted as well. So now, if you use a browser search box, or the combi-box on Chrome or Safari (OSX or iOS), the search is sent to Google and the response comes back via a secure connection. That's good: it means that it's far, far harder for some of the conjectured attacks on public WiFi to be executed. The same goes for a huge range of other services: in 2015 the extra resources required to encrypt and secure connections are trivial, so why not (I've recently moved to enforce https on the page I use to distribute lecture notes because, well, why not?)

This means that network level parental controls simply can't work, because the ISP (indeed, the router) cannot see the traffic other than noting that a stream of something is passing by. They can't tell whether you're searching for Peppa Pig or Hardcore Porn. If, as increasingly is the case, the content is coming either from a CDN like Akamai or from Amazon Web Services or other cloud providers, they can't have any insight into the content either.

We (ie, people who know how the Internet works) said this to the ISPs. I was working for a telecoms manufacturer at the time and pointed out that BT's enthusiasm for network level controls as a differentiator would be short-lived, as https-everywhere was obviously coming. Snowden probably accelerated it by a year, but it was inevitable.

Secure. Network level controls. Pick one.

We have the opposite problem. Even with just light filters turned on, we were finding lots of unexpected websites were being blocked.

Yes, Mini, that's the other issue. If you can't see the content, you can't filter. If you can see the content, anything other than the crudest analysis would require solutions to a wide range of AI problems we are nowhere near solving. At the moment it's a mixture of URL blocklists and keyword blocklists. Yes, the vendors claim they're doing much fancier things; aside from well, they would, wouldn't they, they can't do fancy things inline with a multi-Gigabit stream of data, so the only place you can do fancy things is in the endpoint. And the blocklists are drawn up by (largely) American conservatives, for whom all sex is bad but most violence is OK, and have a strange focus on politics and gambling which defies all reason.

The whole idea is, as I say, completely broken.

mini - yes, actually I have had that too. We get the hard porn images, but I can't surf on the Adnams website to buy wine!!

Thanks Ricardian - so as of a year ago, the controls would have blocked "naked lady" porn pics, but today they can't/don't, is that right? Thankfully restrictions on individual devices do seem to block the worst of it.

so as of a year ago, the controls would have blocked "naked lady" porn pics, but today they can't/don't, is that right?

Pretty much. I'm a fully paid up member of the cult of Steve these days, so I don't see much outside the world of Apple, but consider the passage of a search for something that might seriously corrupt young minds, "bruce springsteen video".

I type it into the box on Safari. Safari makes an encrypted connection to Google and sends "Bruce Springsteen Video". There's no chance for a network level filter to intervene, because it's encrypted. Google sends back the response, again, encrypted, so the filter can't do anything. The first hit is Youtube. I click on it, and my browser makes an encrypted connection to Youtube (owned, not coincidentally, by Google). My browser then sends a request for the video in question, encrypted so the filter can't see it, and youtube start streaming the video and showing me the comments, again, encrypted, so the filter can't see it.

Short of blocking access to Google and Youtube, or doing some very dubious and arguably illegal tricks to force the encryption off, there is nothing the network filters can do about this.

There are things that can be done inside companies, where the computers are controlled by the company and everyone has signed an acceptable use policy, and where the law is very different. So companies can use some technical means that rely on their control of the client devices to decrypt traffic at the edge of their network and scan it. But that won't work, and is in any event illegal, outside a company.

We get the hard porn images, but I can't surf on the Adnams website to buy wine!!

Americans, see? Which of those two activities has a higher age restriction in the US? Which of those two activities has been the subject of massive legislative activity including two, count 'em, two constitutional amendments?

"so as of a year ago, the controls would have blocked "naked lady" porn pics, but today they can't/don't, is that right? "

Ricardian did a brilliant explanation there, the ISP won't see you searching for naked lady pics. It sees you sending encrypted data to Google, and Google sending you some encrypted data back. Your ISP can't tell whether you searched for "bus timetables", "how to build a bomb", or much worse "Bruce Springsteen videos". So it can't block results for one of those things, it would need to block access to Google itself, which would probably cause a few issues among the population to say the least.

My DC are adults now so I'm not too concerned but I was wondering why BT parental controls are no longer as effective. It's a bit worrying. I'll have to try turning on my Apple restrictions back on.

So following on from a thread on the primary board, does that mean that unless school computers have filters on individual devices/machines, network school filters are useless?

And are all websites with https encrypted? (Was surprised by how many have that s when I started looking.)