Page 1 of 2

Parental Control (Impossible to bypass)?

Posted: 2019-09-03 02:53
by bester69
Hi,
How can I implement a home parental control kids cant bypass by using VPN or any other methods?
----

Fo what Ive being looking up on internet, It seems there's not an easy way.. Im thinking of any of these solutions.:

1. Router with whitelisting feature , so It only can browses thoses web list sources pages ( dont know if this exist or is possible)
2. Whitelisting Hosts file in a linux with user privilege, so that linux can only browse thoses pages. (dont know if this method can be bypassed)
3. Implement a proxy server with parental control, so they cant bypass internet in any way.

A question.: If they dont have root account (so cant alter resolv.conf) and have opendns's setted, cant they bypass Opendns parental control?

So, What do toyu thing, any idea bout it?

Re: Parental Control (Impossible to bypass)?

Posted: 2019-09-03 04:49
by Hallvor
I wouldn't bother. Kids will always find some way around them - in your house, in their friends' houses or with their mobile phones.

By all means, use parental control if you want to, and call me old fashioned, but I prefer warning children about harmful sites on the web instead.

Re: Parental Control (Impossible to bypass)?

Posted: 2019-09-03 14:44
by bester69
Hallvor wrote:I wouldn't bother. Kids will always find some way around them - in your house, in their friends' houses or with their mobile phones.

By all means, use parental control if you want to, and call me old fashioned, but I prefer warning children about harmful sites on the web instead.
I think I will buy them analog phones and public linux computer in the living room with a proxy server in my bedroom (need to block TOR protocol and VPN's).

I dont want them to contaminate their souls ,they need to learn porn is an evil weapon, it infects your soul in hundredths of different ways.

Re: Parental Control (Impossible to bypass)?

Posted: 2019-09-03 15:14
by bester69
This firewall looks an amazing Solution.:

UTM Endian firewall
https://www.endian.com/products/utm/
https://www.endian.com/community/download/

Use
https://www.youtube.com/watch?v=eEFPmaB3Ddg

Installation
https://www.youtube.com/watch?v=JqeRyoXJCxE

Or As well---------------

ClearOs Router gateway (prizing $600)
https://www.clearos.com/products/hardwa ... es#pricing

Re: Parental Control (Impossible to bypass)?

Posted: 2019-09-05 03:34
by Deb-fan
Hey now, stop being so hard on porn! What'd it ever do to you?! Messing around, not up on parental control + gnu/nix, so can't offer much constructive on it.

Re: Parental Control (Impossible to bypass)?

Posted: 2019-09-05 07:26
by pylkko
Bester, you can also use DNS-services which have family filters.

Many router software are total crap, but there might be a way to install yout own OS on them. I have open-wrt running on mine and I can balcklist sites for the entire network from there, but also set the DNS servers for the entire network or for individual machines. This is nice in the battle against adds and scams sites, but could also work for parental control. If you don't hand out the router root user to other people, there is no way anyone can change to settings. (especially if you block physical access to the router as it might have debugging ports/pins or hard reset buttons). If a new machine (a new computer is bought, a friends laptop comes to the LAN) appears, it will also fall under these rules.

A combination of these might work the best.

There is, still, the problem that you could for example VPN-tunnel around these. Of course, this requires some technical know-how and if I had a kid that could do that I would be happy and try to support them in learning more about comptuers... :D But most router firewalls also allow you to block ports and services. Many also have the possibilty to cast several networks (like a guest network and your own). So you could have different settings for the kids and your self (in case you need to VPN).

Also, you can set another DNS server for an individual computer. Many people do this when the use public wifi to avoid redirects. But this can be blocked by nor giving root to kids on their computer (just like no android users have root, you don't need it). Also, if the hosts has bad sites black listed, changing the DNS server on the machine would not get past this anyway. You can download ready made black lists with the worst known offenders.

You cannot prevent them from, say, borrowing a friends mobile and using that. However, it makes it a bit more harder and potentially embarrassing to ask to loan someone else's phone...

Hallvor wrote:I wouldn't bother. Kids will always find some way around them - in your house, in their friends' houses or with their mobile phones.
Uhmmm.. mobile phones are actually the easiest to control. Google and Apple offer services that allow you to monitor every single thing your child does. You can, of course, also see your own google search history and all the youtube videos that you have looked at and so on with a tool in the settings of the account. Not everyone realizes this, I guess. Additionally, they have extra features for kids, so that parents can see where they are on the map with gps, decide what apps they can install, what sites they can visit and how many hours per day various things on the phone can be used. It's also become normal (at least where I live). So for example, you are expected to follow them on gps if you are a responsible parent, so that they don't get lost or something else.

Personally I think nudity should not be feared. We are mammals and we do mammal things and children should learn that. In a way there is and should not be anything special about the fact that there is nudity and the people are sexually attracted by it. Sex should be a normal and good thing like getting hugs and food (and all other things we need because of our evolutionary history). Empirical evidence shows that people with a healthy sex life even are physically more healthy.

But then on the other hand, there is some sick porn stuff on the net that could cause quite bad experience or trauma even for children. Also, porn addiction and these kinds of things are probably real.

Re: Parental Control (Impossible to bypass)?

Posted: 2019-09-05 15:02
by bester69
pylkko wrote:Bester, you can also use DNS-services which have family filters.

Many router software are total crap, but there might be a way to install yout own OS on them. I have open-wrt running on mine and I can balcklist sites for the entire network from there, but also set the DNS servers for the entire network or for individual machines. This is nice in the battle against adds and scams sites, but could also work for parental control. If you don't hand out the router root user to other people, there is no way anyone can change to settings. (especially if you block physical access to the router as it might have debugging ports/pins or hard reset buttons). If a new machine (a new computer is bought, a friends laptop comes to the LAN) appears, it will also fall under these rules.

A combination of these might work the best.

There is, still, the problem that you could for example VPN-tunnel around these. Of course, this requires some technical know-how and if I had a kid that could do that I would be happy and try to support them in learning more about comptuers... :D But most router firewalls also allow you to block ports and services. Many also have the possibilty to cast several networks (like a guest network and your own). So you could have different settings for the kids and your self (in case you need to VPN).

Also, you can set another DNS server for an individual computer. Many people do this when the use public wifi to avoid redirects. But this can be blocked by nor giving root to kids on their computer (just like no android users have root, you don't need it). Also, if the hosts has bad sites black listed, changing the DNS server on the machine would not get past this anyway. You can download ready made black lists with the worst known offenders.

You cannot prevent them from, say, borrowing a friends mobile and using that. However, it makes it a bit more harder and potentially embarrassing to ask to loan someone else's phone...

Hallvor wrote:I wouldn't bother. Kids will always find some way around them - in your house, in their friends' houses or with their mobile phones.
Uhmmm.. mobile phones are actually the easiest to control. Google and Apple offer services that allow you to monitor every single thing your child does. You can, of course, also see your own google search history and all the youtube videos that you have looked at and so on with a tool in the settings of the account. Not everyone realizes this, I guess. Additionally, they have extra features for kids, so that parents can see where they are on the map with gps, decide what apps they can install, what sites they can visit and how many hours per day various things on the phone can be used. It's also become normal (at least where I live). So for example, you are expected to follow them on gps if you are a responsible parent, so that they don't get lost or something else.

Personally I think nudity should not be feared. We are mammals and we do mammal things and children should learn that. In a way there is and should not be anything special about the fact that there is nudity and the people are sexually attracted by it. Sex should be a normal and good thing like getting hugs and food (and all other things we need because of our evolutionary history). Empirical evidence shows that people with a healthy sex life even are physically more healthy.

But then on the other hand, there is some sick porn stuff on the net that could cause quite bad experience or trauma even for children. Also, porn addiction and these kinds of things are probably real.
Thanks pylkko, As always you're pleasure to read
If I was able I would even block myself access to porn, Internet Providers should be able to offer Activation parental control (Im not sure this exist), so you dont have to anything but call to ISP for them to activate it.

In my experience and perception porn is a demonic sptiritual trap, its not about physically healthy but soul healthy. Whenever you get dirty with porn, demonic stuff starts happening around you, thats my own experience and perception. So I dont want my kids do the same mistakes i made so they dont get all these spiritual troubles in life. Amish is the right way to go

Re: Parental Control (Impossible to bypass)?

Posted: 2019-09-06 10:50
by Hallvor
pylkko wrote: Uhmmm.. mobile phones are actually the easiest to control. Google and Apple offer services that allow you to monitor every single thing your child does. You can, of course, also see your own google search history and all the youtube videos that you have looked at and so on with a tool in the settings of the account. Not everyone realizes this, I guess. Additionally, they have extra features for kids, so that parents can see where they are on the map with gps, decide what apps they can install, what sites they can visit and how many hours per day various things on the phone can be used. It's also become normal (at least where I live). So for example, you are expected to follow them on gps if you are a responsible parent, so that they don't get lost or something else.
Yes, I guess anything can be controlled (in theory) if the parent lacks scruples.

While I only see good intentions here, I would also like to note that the road to hell is paved with the best of intentions.

While monitoring is a very good idea, total surveillance is plain wrong. It is the pinnacle of distrust and insecurity of oneself as a good parent.

Giving oneself that warm and fuzzy feeling of control and power, while violating the privacy and freedom of others, is not good parenting.

If a child or a teenager discovers that their phones are compromised, they will just leave them.

Re: Parental Control (Impossible to bypass)?

Posted: 2019-09-06 15:57
by bester69
Hallvor wrote:
pylkko wrote: Uhmmm.. mobile phones are actually the easiest to control. Google and Apple offer services that allow you to monitor every single thing your child does. You can, of course, also see your own google search history and all the youtube videos that you have looked at and so on with a tool in the settings of the account. Not everyone realizes this, I guess. Additionally, they have extra features for kids, so that parents can see where they are on the map with gps, decide what apps they can install, what sites they can visit and how many hours per day various things on the phone can be used. It's also become normal (at least where I live). So for example, you are expected to follow them on gps if you are a responsible parent, so that they don't get lost or something else.
Yes, I guess anything can be controlled (in theory) if the parent lacks scruples.

While I only see good intentions here, I would also like to note that the road to hell is paved with the best of intentions.

While monitoring is a very good idea, total surveillance is plain wrong. It is the pinnacle of distrust and insecurity of oneself as a good parent.

Giving oneself that warm and fuzzy feeling of control and power, while violating the privacy and freedom of others, is not good parenting.

If a child or a teenager discovers that their phones are compromised, they will just leave them.
I would put them Analog Phones and a GPS Smartwatch locator, thats a good idea... and In home a linux controlled PC in the middle of livingroom with internet timing, so only you give them access to internet for their homework tasks or anythink they ask you for. :o

We need to take care of our children, pornography must not be accessable to them in home, neither when thet get adult before 28yo.

Re: Parental Control (Impossible to bypass)?

Posted: 2019-09-06 16:23
by eor2004
@ bester69: another suggestion is that you become a Luddite. :)

Re: Parental Control (Impossible to bypass)?

Posted: 2019-09-06 20:59
by NFT5
bester69 wrote:We need to take care of our children, pornography must not be accessable to them in home, neither when thet get adult before 28yo.
:o :o Good luck with that.

In my experience (x3, all of whom made it safely to 28) the most powerful parenting tools are example, education, explanation and encouragement. Denial is a sure way to drive them to try something. Knowledge of dangers and their consequences is much more effective.

Re: Parental Control (Impossible to bypass)?

Posted: 2019-09-07 08:18
by Dai_trying
^^ +1 ^^

Re: Parental Control (Impossible to bypass)?

Posted: 2019-09-13 23:32
by bester69
Until Now, Ive figured it out some interesting aproaches of restriction in a installation.

HERE THE MESURES FOR NO MORE PORN:

1- Blacklisting Applications with groups permissions(by using a whitelisted group and retiring running permission to others)
2- Creating a restrited shell for the user, so he cant do anything with shell.
https://access.redhat.com/solutions/65822
3.1- User Home space with no execute permission (mount -o noexec)
3.2- USB automount with no execute permission (mount -o noexec)
3.3- Create a partition for /tmp so it mounts with no execute permission (mount -o noexec)
4.1- DNS with parental control filter (OpenDNS)
4.2- Parental Control Chrome/Firefox Extensions
4.3- Public Blacklisting Lists for Online servers Proxy (/etc/hosts)
5- Preventing livecd boot (disable bootcd and BIOS passwored)
6.1- IP filtering in router to only allow internet to the computer protected
6.2- Locking Network Interface Auto-creation /etc/network/interfaces (chattr +ì),So he cant add a cellular data connection.
7.1- A very strong and secure measure would be whitelist /etc/hosts
7.2- A very strong and secure measure would be whitelist with a Proxy Server (require another computer)
:mrgreen: :P
-------
With all of theses prevention methods, we can ensure user wont be able to run anything within the computer apart from the whitelisted commands group. He wont be able to install any vpn neither run then, he wont be able to bypass the DNS filter by using an external portable browser, or any other kind of Tor application.
  • - So, he wont be able to access porn with Internet Browser. (Opendns filter, blocked extensions, blocked installations, blocked execute permissions)
    - He wont be able to run or install anything to download porn (emule, torrent applications)
    - we could even block flash in browser and video player access temporary in the system with some kind of script that blacklisted them when we're out.
So, In an easily way, and with litle efforts we've been able to implement an armoured system with parental control against porn.


What do you think, do you see any weak or vulnerability to these measures?, I dont happend to know how they could break or bypass them

Re: Parental Control (Impossible to bypass)?

Posted: 2019-09-14 05:52
by bester69
GREAT APPLICATION for parental control

Vrate Plugin (chrome & firefox)
The vRate browser plugin, is a Smart internet filter that automatically analyzes images on a web page and blocks that inappropriate content by applying the latest artificial intelligence.
https://www.vrate.net/#!/internetFilter
  • Dynamically filters image content on the Internet
    Protects children from exposure to inappropriate content
    Easy to setup and use
    Available for free preview, download now!
Image

Re: Parental Control (Impossible to bypass)?

Posted: 2019-09-21 07:56
by Luna Moon
NFT5 wrote:
bester69 wrote:We need to take care of our children, pornography must not be accessable to them in home, neither when thet get adult before 28yo.
:o :o Good luck with that.

In my experience (x3, all of whom made it safely to 28) the most powerful parenting tools are example, education, explanation and encouragement. Denial is a sure way to drive them to try something. Knowledge of dangers and their consequences is much more effective.
I agree with this. I also support the use of parental control for very young children, so that they don't accidentally click on something, which might scare them and things like this. But they will never learn how to act responsibly online if you try to shelter them from everything. Offering support is the best solution in my opinion.

Re: Parental Control (Impossible to bypass)?

Posted: 2019-09-21 15:38
by Fernando Negro
I've made the test, years ago, of altering the DNS Server addresses that my computer connected to, to the ones given by the "OpenDNS Family Shield" service (https://www.opendns.com/setupguide/#familyshield) and it worked. And, I know that routers nowadays also allow you to do the same. (If yours doesn't, just buy a new one.)

However, I think that the problem here is mainly a political one...

If every government agrees that pornography is harmful to children, it should take steps to prevent easy access to it.

Like, (1) forcing every pornography website to move to a .XXX address, in order to allow an easy block of such websites, just by blocking every website with such domain name in our routers and such, or (2) making it mandatory to control access to such websites, somehow, on the ISP side, and having the client (i.e. the adult that pays the ISP) have to specifically choose the option to access pornography websites or not.

In the UK, the government is trying to control access to these websites (https://www.wired.co.uk/article/porn-bl ... d-explains). And, in Russia, the government has simply banned access to the websites that don't solve this problem themselves (https://www.bbc.com/news/technology-37373244).

Re: Parental Control (Impossible to bypass)?

Posted: 2019-09-21 19:25
by bester69
Fernando Negro wrote:I've made the test, years ago, of altering the DNS Server addresses that my computer connected to, to the ones given by the "OpenDNS Family Shield" service (https://www.opendns.com/setupguide/#familyshield) and it worked. And, I know that routers nowadays also allow you to do the same. (If yours doesn't, just buy a new one.)

However, I think that the problem here is mainly a political one...

If every government agrees that pornography is harmful to children, it should take steps to prevent easy access to it.

Like, (1) forcing every pornography website to move to a .XXX address, in order to allow an easy block of such websites, just by blocking every website with such domain name in our routers and such, or (2) making it mandatory to control access to such websites, somehow, on the ISP side, and having the client (i.e. the adult that pays the ISP) have to specifically choose the option to access pornography websites or not.

In the UK, the government is trying to control access to these websites (https://www.wired.co.uk/article/porn-bl ... d-explains). And, in Russia, the government has simply banned access to the websites that don't solve this problem themselves (https://www.bbc.com/news/technology-37373244).
yeah, Im agree, porn domains should be moved to an alternative surveillance internet network, so parents can decide if they want porn accesible when they hire with theirs Internet providers.

The best way to prevent those bypasses, is to install linux with only user permissons, so dns are fixed to system level (router cant change them), user cant install anything in system, users can only run whitelisted apps (groups permissions), and mount home partition and /tmp folder with noexec permissions (so they cant run any portable browser solution like tor), blocking extension in browser with chattr +i folderExtensions (so they cant install a vpn extension).. and installing a proxy cache anti porn extension so they cant watch porn by using some proxy cloud services in browser

Doing these easy steps, its almost impossible to access porn..

Re: Parental Control (Impossible to bypass)?

Posted: 2019-09-21 19:41
by bester69
Luna Moon wrote:.....
I agree with this. I also support the use of parental control for very young children, so that they don't accidentally click on something, which might scare them and things like this. But they will never learn how to act responsibly online if you try to shelter them from everything. Offering support is the best solution in my opinion.
That's neccesary not enought, they will consume porn anyways if they have it accessible.. :?

The best thing is to have a one protected computer in middle of livingroom,

or eneabling ip filtering Parental Control Time Schedule (in a router password protected)or something like that.. So they can only get a ticket time period of internet access on demand for their homework tasks (they ask you for internet access to their ip laptop for their homework tasks).

or , better, buying a router with advanced parental control.:
https://www.wifiattendance.com/blog/par ... l-routers/
https://www.lifewire.com/best-parental- ... rs-4160776

Re: Parental Control (Impossible to bypass)?

Posted: 2019-09-21 20:19
by Fernando Negro
On a regular computer - and, because of the way that GNU/Linux works,

It's easy to control what normal users (who don't know the password for the root account) can access or not, by - as I said - altering the DNS Server addresses to block negative content, including proxy servers.

The thing is, nowadays a kid can just buy a smartphone for a few bucks, and use such an alternative device to connect to the house router. This being the reason why I said it's best to solve this at the router level.

(Although, to be really safe... One would have to either lock the router inside a closet or a room, with a key, or routinely check that the filters are still working properly...)

Re: Parental Control (Impossible to bypass)?

Posted: 2019-09-22 07:57
by bester69
Fernando Negro wrote:On a regular computer - and, because of the way that GNU/Linux works,

It's easy to control what normal users (who don't know the password for the root account) can access or not, by - as I said - altering the DNS Server addresses to block negative content, including proxy servers.

The thing is, nowadays a kid can just buy a smartphone for a few bucks, and use such an alternative device to connect to the house router. This being the reason why I said it's best to solve this at the router level.

(Although, to be really safe... One would have to either lock the router inside a closet or a room, with a key, or routinely check that the filters are still working properly...)
You restringe IP range to just necessary computers, and enable MAC filtering, so he cant connect his movil, then you set password in router so he cant alter it..

perhaps best solution would be to buy an advanced Router Firewall with a strong parental control, for example ASUS AiProtection:
https://techcyn.com/security/asus-aipro ... e-network/
https://www.redeszone.net/2017/04/07/as ... s-de-asus/
The given feature in the AiProtection’s Parental Controls is:
Internet Activity Dashboard
Kid-safe preset
Schedule Block Time
Content Filter


It even features external DNS services sucha as OpenDNS and DNS filtering, so they cant by pass dns.:
A very useful feature is that we can filter globally with a specific dns, or just specifically about certain customers. We can register up to a total of 64 customers, and specify which service dns want to use that particular computer.


Image


I think with this kind of router firewall, you can filter DNS bypass, P2P traffic, all video type extensions, can use opendns services..and a lot of more things.. this firewall would be an ultimate parental control..furthermore, you install chrome with whitelist policy extensions and user permissions so he cant install any vpn extension or proxy server extension.