Parental Control (Impossible to bypass)?

If it doesn't relate to Debian, but you still want to share it, please do it here

Re: Parental Control (Impossible to bypass)?

Postby Fernando Negro » 2019-09-21 15:38

I've made the test, years ago, of altering the DNS Server addresses that my computer connected to, to the ones given by the "OpenDNS Family Shield" service (https://www.opendns.com/setupguide/#familyshield) and it worked. And, I know that routers nowadays also allow you to do the same. (If yours doesn't, just buy a new one.)

However, I think that the problem here is mainly a political one...

If every government agrees that pornography is harmful to children, it should take steps to prevent easy access to it.

Like, (1) forcing every pornography website to move to a .XXX address, in order to allow an easy block of such websites, just by blocking every website with such domain name in our routers and such, or (2) making it mandatory to control access to such websites, somehow, on the ISP side, and having the client (i.e. the adult that pays the ISP) have to specifically choose the option to access pornography websites or not.

In the UK, the government is trying to control access to these websites (https://www.wired.co.uk/article/porn-bl ... d-explains). And, in Russia, the government has simply banned access to the websites that don't solve this problem themselves (https://www.bbc.com/news/technology-37373244).
I just *love* the stability, much more bug-free nature, and also modular installation options, of Debian. Apart from the unfortunate adoption of "systemd" (viewtopic.php?f=20&t=129881&start=165#p671030) this distribution is *great*.
User avatar
Fernando Negro
 
Posts: 125
Joined: 2013-11-24 01:29
Location: Portugal

Re: Parental Control (Impossible to bypass)?

Postby bester69 » 2019-09-21 19:25

Fernando Negro wrote:I've made the test, years ago, of altering the DNS Server addresses that my computer connected to, to the ones given by the "OpenDNS Family Shield" service (https://www.opendns.com/setupguide/#familyshield) and it worked. And, I know that routers nowadays also allow you to do the same. (If yours doesn't, just buy a new one.)

However, I think that the problem here is mainly a political one...

If every government agrees that pornography is harmful to children, it should take steps to prevent easy access to it.

Like, (1) forcing every pornography website to move to a .XXX address, in order to allow an easy block of such websites, just by blocking every website with such domain name in our routers and such, or (2) making it mandatory to control access to such websites, somehow, on the ISP side, and having the client (i.e. the adult that pays the ISP) have to specifically choose the option to access pornography websites or not.

In the UK, the government is trying to control access to these websites (https://www.wired.co.uk/article/porn-bl ... d-explains). And, in Russia, the government has simply banned access to the websites that don't solve this problem themselves (https://www.bbc.com/news/technology-37373244).

yeah, Im agree, porn domains should be moved to an alternative surveillance internet network, so parents can decide if they want porn accesible when they hire with theirs Internet providers.

The best way to prevent those bypasses, is to install linux with only user permissons, so dns are fixed to system level (router cant change them), user cant install anything in system, users can only run whitelisted apps (groups permissions), and mount home partition and /tmp folder with noexec permissions (so they cant run any portable browser solution like tor), blocking extension in browser with chattr +i folderExtensions (so they cant install a vpn extension).. and installing a proxy cache anti porn extension so they cant watch porn by using some proxy cloud services in browser

Doing these easy steps, its almost impossible to access porn..
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1496
Joined: 2015-04-02 13:15

Re: Parental Control (Impossible to bypass)?

Postby bester69 » 2019-09-21 19:41

Luna Moon wrote:.....
I agree with this. I also support the use of parental control for very young children, so that they don't accidentally click on something, which might scare them and things like this. But they will never learn how to act responsibly online if you try to shelter them from everything. Offering support is the best solution in my opinion.


That's neccesary not enought, they will consume porn anyways if they have it accessible.. :?

The best thing is to have a one protected computer in middle of livingroom,

or eneabling ip filtering Parental Control Time Schedule (in a router password protected)or something like that.. So they can only get a ticket time period of internet access on demand for their homework tasks (they ask you for internet access to their ip laptop for their homework tasks).

or , better, buying a router with advanced parental control.:
https://www.wifiattendance.com/blog/par ... l-routers/
https://www.lifewire.com/best-parental- ... rs-4160776
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1496
Joined: 2015-04-02 13:15

Re: Parental Control (Impossible to bypass)?

Postby Fernando Negro » 2019-09-21 20:19

On a regular computer - and, because of the way that GNU/Linux works,

It's easy to control what normal users (who don't know the password for the root account) can access or not, by - as I said - altering the DNS Server addresses to block negative content, including proxy servers.

The thing is, nowadays a kid can just buy a smartphone for a few bucks, and use such an alternative device to connect to the house router. This being the reason why I said it's best to solve this at the router level.

(Although, to be really safe... One would have to either lock the router inside a closet or a room, with a key, or routinely check that the filters are still working properly...)
I just *love* the stability, much more bug-free nature, and also modular installation options, of Debian. Apart from the unfortunate adoption of "systemd" (viewtopic.php?f=20&t=129881&start=165#p671030) this distribution is *great*.
User avatar
Fernando Negro
 
Posts: 125
Joined: 2013-11-24 01:29
Location: Portugal

Re: Parental Control (Impossible to bypass)?

Postby bester69 » 2019-09-22 07:57

Fernando Negro wrote:On a regular computer - and, because of the way that GNU/Linux works,

It's easy to control what normal users (who don't know the password for the root account) can access or not, by - as I said - altering the DNS Server addresses to block negative content, including proxy servers.

The thing is, nowadays a kid can just buy a smartphone for a few bucks, and use such an alternative device to connect to the house router. This being the reason why I said it's best to solve this at the router level.

(Although, to be really safe... One would have to either lock the router inside a closet or a room, with a key, or routinely check that the filters are still working properly...)

You restringe IP range to just necessary computers, and enable MAC filtering, so he cant connect his movil, then you set password in router so he cant alter it..

perhaps best solution would be to buy an advanced Router Firewall with a strong parental control, for example ASUS AiProtection:
https://techcyn.com/security/asus-aipro ... e-network/
https://www.redeszone.net/2017/04/07/as ... s-de-asus/
The given feature in the AiProtection’s Parental Controls is:
Internet Activity Dashboard
Kid-safe preset
Schedule Block Time
Content Filter


It even features external DNS services sucha as OpenDNS and DNS filtering, so they cant by pass dns.:
A very useful feature is that we can filter globally with a specific dns, or just specifically about certain customers. We can register up to a total of 64 customers, and specify which service dns want to use that particular computer.


Image


I think with this kind of router firewall, you can filter DNS bypass, P2P traffic, all video type extensions, can use opendns services..and a lot of more things.. this firewall would be an ultimate parental control..furthermore, you install chrome with whitelist policy extensions and user permissions so he cant install any vpn extension or proxy server extension.
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1496
Joined: 2015-04-02 13:15

Re: Parental Control (Impossible to bypass)?

Postby bester69 » 2019-09-22 08:12

bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1496
Joined: 2015-04-02 13:15

Re: Parental Control (Impossible to bypass)?

Postby pylkko » 2019-09-22 11:22

For Asus routers there is a open source firmware made by the community that uses that same OS (as you show in the image) but adds all kinds of more features into it. It is called AsusWRT merlin.

https://www.asuswrt-merlin.net

When you install it, your asus router is a linux box that you can control normally (i.e more freedom). But otherwise it remains the same, even the UI looks the same.
Not sure if you can change the hosts file on the ASUS made version...

https://github.com/StevenBlack/hosts/bl ... /readme.md

But one problem I see you have not addressed is that one can search google images for porn. The Family openDNS will block opening those pages, I suppose, but does it blok the preview?
Last edited by pylkko on 2019-09-22 17:59, edited 1 time in total.
User avatar
pylkko
 
Posts: 1589
Joined: 2014-11-06 19:02

Re: Parental Control (Impossible to bypass)?

Postby bester69 » 2019-09-22 15:23

pylkko wrote:For Asus routers there is a open source firmware made by the community that uses that same OS (as you show in the image) but adds all kinds of more features into it. It is called AsusWRT merlin.

https://www.asuswrt-merlin.net

When you install it, your asus router is a linux box that you can control normally (i.e more freedom). But otherwise it remains the same, even the UI looks the same.
Not sure if you change the hosts file on the ASUS made version...

https://github.com/StevenBlack/hosts/bl ... /readme.md

But one problem I see you have not addressed is that one can search google images for porn. The Family openDNS will block opening those pages, I suppose, but does it blok the preview?


I think when you fix DNS's parental control, It fixes secure search.. In my case when Im using clearbrowsing dns's I cant search any porn on google, Ive to switch to other dns to be able to change not secure search on google. So I guesss It happens the same with opendns and other ones. but you can also fix that setting on system by using chrome policies; I think it would be SafeBrowsingEnabled policy, and you can also force installing vrate extension;

Vrate: Smart internet porn blocker that filters porn by analyzing images on a web page using the latest advances in artificial intelligence. (Chrome extensions)
https://chrome.google.com/webstore/deta ... hjdlpifcmk

chrome.json
{
"SafeBrowsingEnabled": ["true"],
"ExtensionInstallBlacklist": ["*"],
"ExtensionInstallForcelist":
["hikjbimjpogeajolkcggpbhjdlpifcmk;https://clients2.google.com/service/update2/crx"]

}
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1496
Joined: 2015-04-02 13:15

Re: Parental Control (Impossible to bypass)?

Postby Fernando Negro » 2019-09-22 17:52

Fernando Negro wrote:(Although, to be really safe... One would have to either lock the router inside a closet or a room, with a key, or routinely check that the filters are still working properly...)

bester69 wrote:you set password in router so he cant alter it..

You're right. (Because I don't bother much about router security, I hadn't thought about the following...)

If one changes the original Wi-Fi password, then the reset button being pressed on the router (to go back to factory settings, and eliminate the new DNS Server rules) also eliminates the new Wi-Fi password on the router. And, that way, when faced with a Wi-Fi connection problem, one would find out that someone had messed with the router.
I just *love* the stability, much more bug-free nature, and also modular installation options, of Debian. Apart from the unfortunate adoption of "systemd" (viewtopic.php?f=20&t=129881&start=165#p671030) this distribution is *great*.
User avatar
Fernando Negro
 
Posts: 125
Joined: 2013-11-24 01:29
Location: Portugal

Re: Parental Control (Impossible to bypass)?

Postby bester69 » 2019-10-02 23:13

CleanBrowsing (excellent dns filter)
https://cleanbrowsing.org/filters#family

dnsClean.sh
Code: Select all
#!/bin/sh
#

sudo chattr -i /etc/resolv.conf
sudo rm /etc/resolv.conf

#CleanBrowsind (proxy +vpn `+ adult)
 echo "nameserver 185.228.168.168" | sudo tee  /etc/resolv.conf
 echo "nameserver 185.228.169.168" | sudo tee -a /etc/resolv.conf
 nmcli con mod "NETGEAR03 1" ipv4.dns "185.228.168.168 185.228.169.168"

 
sudo /etc/init.d/nscd restart
sleep 1
sudo chattr +i /etc/resolv.conf




Porn Filters Compared: OpenDNS, Neustar, CleanBrowsing, Norton, Yandex and AdGuard
https://hackernoon.com/porn-filters-com ... 1f207062c4

Out of the 88 porn domains, I expected all of them to be blocked. Only CleanBrowsing blocked them all, with Norton SafeConnect very close in second place by missing 5 domains:

CleanBrowsing: 100% blocked
Norton: 94% blocked (83 blocked, 5 not blocked)
Yandex: 93% blocked (82 blocked, 6 not blocked)
OpenDNS: 89% blocked (79 blocked, 9 not blocked)
Neustar: 81% blocked (72 blocked, 16 not blocked)


Testing free proxies
There are many easy to use free proxies that should be blocked when you are filtering access to pornographic content. When testing the top 10 free proxy domains, only OpenDNS and CleanBrowsing blocked all of them.
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1496
Joined: 2015-04-02 13:15

Re: Parental Control (Impossible to bypass)?

Postby Head_on_a_Stick » 2019-10-05 15:09

bester69 wrote:Out of the 88 porn domains, I expected all of them to be blocked. Only CleanBrowsing blocked them all, with Norton SafeConnect very close in second place by missing 5 domains

You checked 88 pr0n sites? :o I hope you used lotion... :mrgreen:

And ftr, there was no interweb when I was young but we still managed to find naughty videos :|
Don't break DebianHow to report bugs

SharpBang GNU/Linux — a pre-configured Openbox/Tint2 desktop running on Debian stable
User avatar
Head_on_a_Stick
 
Posts: 10613
Joined: 2014-06-01 17:46
Location: /dev/chair

Previous

Return to Offtopic

Who is online

Users browsing this forum: FreewheelinFrank and 6 guests

fashionable