Wednesday 18 April 2012

How to protect your kids from internet pornography

I have just posted a blog on the report from a committee of MPs which makes recommendations about new measures to protect children from internet pornography.

Most of these are targeted at the ISP industry (and not a moment too soon!) but the real need is for parents to take steps themselves.

If you are interested about how practically to do it here is some advice from a Christian medical colleague (and computer whizz!) that I have gleaned today.

How to protect your kids (and yourself!)

Because of the proliferation of connectable devices having software just on a PC is inadequate - the entire home network needs internet filtering.

The best way to achieve this is for the ISP to do it. Out of the 4 main British ISPs (Virginmedia, Talktalk, BT and Sky) only Talktalk can do this at present.

The main system I use is ‘Covenant Eyes’. This is accountability software that I use with a friend. It monitors internet use and alerts your accountability partner if you are accessing inappropriate websites. Once installed it cannot be removed without your accountability partner being alerted. You probably know about this already but the website gives full details. It would be a brilliant thing to do with teenagers. Although there is little need for this if the OpenDNS service is used (see below), it has the advantage of monitoring a device whether it is used at home or elsewhere - OpenDNS only covers your home network.

Second, most mobile phone networks have the ability to turn on web filtering for smartphone use at a network account level. So as long as your kids have mobile phones on your account you can block the inappropriate use of mobile devices through the 3G network.

Third, and this is the really clever way of doing it, a home user can achieve network-wide site filtering by using a service called OpenDNS. A brief, simple explanation of what a DNS Server does can be found at the end of this post.

To set this up you have to create an account on OpenDNS.com, tell OpenDNS about the IP address your ISP has given your ADSL or cable modem, and then edit the settings in your router so you use OpenDNS's DNS Servers rather than your ISP's. They provide good instructions on how to do this, but it's a little technical. The service is free. (There is a more feature-rich service that you have to pay for but for most home networks the free bit is all you need).

As long as you keep the usernames and passwords for both your router and your OpenDNS accounts completely secret there is generally no way past this, even for your bright computer-savvy kids.

Check out www.opendns.com.

What a DNS server does (the technical stuff!)

Every networked device has a unique numerical address - an "Internet Protocol" (IP) address. It is a set of 4 numbers (between 0 and 255) separated by dots. The PC I am typing this on has the IP address "10.0.0.106". My PC at work is "172.22.255.42". When devices communicate over the network they talk to each other using these numerical IP addresses - but they are not very human-friendly! So each device also has a name - my PC is called "Saturn". At some point the IP address and the name need linking, so when I look at my network and see a PC on it called "Saturn" the software knows "Saturn" = IP address 10.0.0.106, and vice versa. This name to IP address translation is done through a database called "DNS" - "Domain Name Service". Every device has to know the address of the computers on their network that hold the DNS database (there's usually 2 - one main one and one backup). A computer holding the DNS is known as a DNS Server. With me so far? Good!

Now, this is also true on the Internet, with the condition that every device connected directly to the internet has to have a worldwide unique IP address. So the computer called "microsoft.com" (that responds when you type"www.microsoft.com" into your web browser) has the IP address "207.46.232.182" - no other computer exposed on the Internet can ever have this address. When you type "www.microsoft.com" into your browser your Internet router that connects you to the Internet realises no device inside your home network has this name so it sends out a request to your ISP's DNS servers which will respond with "the IP address you need is 207.46.232.182". Your router can then find this address on the Internet and you can see the Microsoft website. Every ISP provides all their users with the IP addresses of two DNS server so your router knows were to send the request for name to IP address translation to. For example, VirginMedia provides a primary DNS Server IP address of 194.168.4.100, and a secondary IP address of 194.168.8.100. Everyone using VirginMedia as an ISP will have these 2 IP addresses in the setup of their router so the network knows how to change website names into IP addresses.

A DNS server contains a huge database of website names and IP addresses - billions probably. Every single request to view a website that comes out of any device connected to your home network will go through the DNS server. Here comes the clever bit...

You don't have to use the DNS servers provided by your ISP. For example Google has a couple of public ones that you can use - their IP addresses are 8.8.8.8 and 8.8.4.4. Program those IP addresses into your router instead of the ones provided by your ISP and all your IP address requests will go through Google's DNS servers.

A company called "OpenDNS" provides 2 DNS server addresses for public use. They have built into them the ability to block certain website addresses from being passed back to your network. There is a massive classification database available that classifies millions and millions of websites into certain categories - hate, racist, violence, porn etc. The OpenDNS servers use this classification to allow you to filter website requests. So if I type "www.playboy.com" into my browser, VirginMedia's DNS servers would return "67.215.65.130" and off I go into the Playboy website. OpenDNS (assuming I have an account with them and have set up the filtering to block porn) will refuse to return an address and say the site is blocked. As you will now understand, any device connected to my network (smartphone, PC, laptop, PS3, XBox etc be they mine or guests in my home) will get the same response - "blocked".

3 comments:

  1. Hi, some advice from a techie father-of-four:
    (1) OpenDNS is useful but has holes you could drive a porn-bus through. It should definitely not be relied upon as your sole tool. For example, Googling 'porn' will still give you unsavoury images in your search results' 'image' view. You also need to be techie-minded it implement it, so it won't be the first choice of most people. 5/10
    (2) I can vouch for the TalkTalk filter. Fairly basic, nothing special but it works. 8/10
    (3) Premium services like Covenant Eyes and many others are rock solid but can be costly. I use 'Norton Online Family' which has a basic, free version. It has to be installed on all machines but can then be controlled from your own. There are all sorts of nice features, e.g. it enforces Google's strict filtering on search results so no chance of obscene images being returned. It also works on mobile devices. 9/10
    (4) MOST IMPORTANT - No one tool is perfect, use two or three layers of protection. I use all of the above.

    ReplyDelete
    Replies
    1. As the author of the details Peter published about OpenDNS I agree entirely. Several layers are needed. I think to be really thorough one of the layers of security should probably be a premium paid for service. it's worth every penny I think.

      Delete
  2. Go read Clochemerle (by Gabriel Chevallier): specifically the part of the story concerning the two priests confessing to each other.

    CovEyes is not the answer: in the wrong hands it will make matters worse.

    ReplyDelete

Note: only a member of this blog may post a comment.