child safety filters?

Only microsoft can help you. So stop using ub.
------Original Message------
From: kw
Sender: <email address hidden>
To: <email address hidden>
ReplyTo: <email address hidden>
Subject: [Question #80288]: child safety filters?
Sent: Aug 17, 2009 5:56 PM

New question #80288 on yelp in ubuntu:
https://answers.launchpad.net/ubuntu/+source/yelp/+question/80288

I need to set up child safety filters for the internet on ubuntu, so my grandchildren will not get into the wrong places.

--
You received this question notification because you are an answer
contact for yelp in ubuntu.

Sent via BlackBerry by AT&T

OK. That was a dumb answer....

Approaching the question more seriously, I'm also looking into this problem. I haven't gone too far with it yet but here is what I've done so far:

In System->Administration->Synaptic Package Manager you will find a program called Privoxy. It's default settings work quite well at killing ads and such.

Basically, you install it, then set up the web browser of your choice to use it as a web proxy. Usually, this is under advanced settings.

In Opera, for example, it's under:

Tools->Preferences->Advanced->Network->Proxy Servers

It's here that I set the http and https proxy servers to point to the computer running Privoxy (use 127.0.0.1 if it's running on the same PC), port 8118.

Under Firefox, the proxy settings are set in:

Edit->Preferences->Advanced->Network->Settings

What happens when someone browses the web is that the request goes to Privoxy, not directly to the internet. Privoxy then scans the resulting web page before sending it to the browser. Within Privoxy's configuration file, you can set it to react to keywords you don't want. It works fairly well.

My other solution is to install Bind9 using Synaptic. All web sites are actually located by number, not by name. The internet does not understand names. When you type in a name (google.com for example) your computer must first contact a DNS server to get the name translated into an actual numeric address. The browser then uses the address to contact the web site.

DNS servers act as relays. It's impossible for one DNS server to keep a list of all the world's web sites so they relay the request around. If a DNS server is said to be "authoritative" that means it actually controls the name services for a particular web site. If it is "non-authoritative" it means it doesn't know what a web site's number actually is but it *might* know another DNS server that does and the request gets relayed.

I've used Bind9 to set up my own DNS server and I've told it that it is the authority on a wide range of web sites (technically, Domain Names) that I don't want the kids to see. Let's pick on AdultFriendFinder.com (I'll call it AFF). To stop the kids from seeing ads from or connecting directly to AFF, I've told my DNS server that it is the authoritative server for AFF. That means it "knows" how to convert "adultfriendfinder.com" into a numeric address. Since the server thinks it knows this as a fact, it won't relay the request anywhere else. The thing is, I lied. I told it the address was 192.168.0.100 (my PC). Indeed, I told it that all the web sites that I don't want the kids to see are at 192.168.0.100. The browser will always get that number as an answer to any unwanted internet name and, as you might expect, there is no such web page so the kids see nothing.

As you might have guessed, there are potentially 100's of thousands of undesireable sites and manually trying to enter them all in is a logistic impossibility so this solution is not the be-all-end-all. There are better ways and I'll keep watching this thread to see what other people suggest.

I've included the sites that I come across most frequently. If you decide to go this route, I'll post a message with a list of banned addresses that I use.

I've been using OpenDNS for years now because of it's security and privacy. It allows me to set up my router to bypass my ISP's DNS servers, which is good for a lot of reasons. Another feature I've recently started using is their content filtering. It is simple to set up through a GUI and easy to custom configure for more complex installations.

Go to opendns.com and they have easy tutorials on setting up your router and/or computers to use the system. Set up a free account and go to the Settings tab to select your level of filtering and to apply any custom rules you want. You can test access to sites right there on there setting page.

The big advantage to this "cloud" method is that your entire network is protected and if configured on individual machines you get this protection wherever the computer is used as in a laptop at a public hot spot. There is no complex configuration to go through on each machine and/or for new installs. Just redirect the DNS to your OpenDNS account and don't worry. Works well with Win, Mac, and 'nix boxes.

OpenDNS sounds like a good idea. I haven't looked into it myself, but I'd heard of it. I went with my own solution in large part because I wanted to be able to review the logs of what the kids were in fact browsing to. I haven't looked into it yet, but I'd be surprised if OpenDNS keept logs on an individual client basis for parents to review.

No, OpenDNS doesn't keep that level of logging. You might consider using OpenDNS for your filtering because they can spend the time updating the rules for you and it is much harder for a user on your machine to circumvent the filtering if it's not locally hosted. There are numerous solutions to maintain, view and report on IP traffic over your Internet gateway. Being paranoid here but kids have a lot of ways to bypass filterers if they want to. Just ask any school district how effective their filters are. By logging locally and possibly at the router level you will at least know when the filters have been bypassed. Also there is no reason you can't use multiple filters like OpenDNS for general filtering (like google safe search) and then set up local rules on the kid's user accounts. I have seen an article or two on setting times when the Internet can be accessed as well. Search for server applications as that's where this type of applications are used.

Sounds like you're on the right track.
RAM

Update on OpenDNS, yes they do have detailed logging. Under the stats tab you can select several detailed reports as well a overview charts. I had a malware attack (conflicker) blocked by them and I noticed that on one day 665 break-in attempts to my server were also blocked. In the detailed logs it is a simple mater of point and click to add or delete a site from your custom block list.

Sorry to sound like an OpenDNS advert here but the more I get into oit the more I'm impressed by the service.

RAM

For what it's worth, I've now started using the eBox package on a Pentium III computer as my proxy server/firewall/DNS and it's working quite well to filter what the kids see.

If anyone tries to go this route, I would highly recommend downloading and installing the eBox platform cd which contains Ubuntu 8.04 and all the eBox packages pretty much pre-configured.

I had initially tried installing the eBox modules via synaptic manager and, while that does work, it's a more involved processes and I had difficulty getting it to work to my liking. It turns out that the packages downloadable via synaptic are not up-to-date and don't contain all the modules that are available on the eBox server CD, so grab a spare PC and set it up independently.