Content Filter Help for Parents

It never ceases to amaze me that the providers of our Internet service do not provide better options for managing content at home. In a workplace setting the network gurus will ensure that spam is filtered, malware is blocked and content does not violate company policy.

At home, you're on your own.

What's the best way to ensure your family is protected properly? This naturally is a personal choice and depends on many variables, but for most families, the question is complicated technically, not morally.

The typical family may have a dozen or more devices, and each one connects through a wireless network to the Internet. Many devices may also have a cellular connection to the Internet.

Content can appear on a mobile device (a phone or computer) and the two basic levels of control to consider are the device itself and the network that feeds the content to the device. Let's call them "device protection" and "network protection." A layered strategy for thinking about security and content protection will offer the most coverage, but it depends on what you need.

Content filtering is somewhat different from virus filtering, although they are closely related. We're not talking about virus protection, or spam protection for email, just content monitoring/filtering.

Protecting The Device 

The device could be a laptop or handheld, and it can be mobile or fixed. Increasingly homes have mobile devices, like a cell phone or laptop, so let's start with the cell phone.

Cellular:

I know of no cellular provider (AT&T, Sprint, Verizon, etc.) who will filter or provide network filtering options to family or company devices. Filtering content on a handheld device is largely a matter for third-party applications or software that runs on each phone or device. The software is installed on the device and no matter where it goes, the device is protected as long as the software is not removed/bypassed or disabled. For this there are a few options:

Android
If you own a smart phone, like an iPhone or Blackberry or Android device, you can purchase software like McAfee Family Protection Android Edition to manage content on your child's cellular device. CarrierIQ on Android has recently made headlines for tracking a bit too much information.

Apple
If you own an Apple product, such as an iPhone, iPad, or iPod Touch you can use iTunes to restrict the ratings for content you download to your devices, based on Apple's rating system.  This will restrict the content of the "apps" that run on the Apple device.  This will block software that you might find objectionable on Apple's iTunes App Store. Since Apple classifies (and blocks) most adult content/pornography on the Apple App Store, your filtering by rating should be effective for blocking content based on a rating system Apple designed.  Click here for more information.

Blackberry
If you have a Blackberry device, and it's not already being filtered by your company's policy, consider using PhoneSherriff, which works with more than just Blackberry devices.

To review, it's possible to view inappropriate content in two ways on a mobile device: A) You can view inappropriate content by downloading an "app" which comes from the iTunes or Android or Blackberry store, or B) you can view content by visiting web sites (through a "browser" like Safari). In other words, you can download an "app" or you can go to sites like Google or Yahoo and search for inappropriate material, or visit inappropriate sites by typing them into the "browser" as www.exampleadultsite.com directly on your device.

To restrict or filter the Internet browsing features on the device itself, you have a few options. First, you can subscribe to special browsers that replace Safari on the device with something like Covenant Eyes or K9. Instead of browsing the Internet using Apple software, the software from Covenant Eyes or K9 is installed and you turn off the normal Apple browser (Safari). Here's how to do this on an Apple device. Covenant Eyes allows you to surf the web with their special software, and then it either provides a "report only" mode or if you use K9 they provide a "filter" based on your desired level of protection. Since no filter is perfect, the report only mode allows you to keep tabs on sites visited without filtering, if accountability is more important to you than blocking. Blocking by category is not a perfect science, but you can generally set a level of protection which can restrict content based on your preferences.

All software-based options require you to protect the settings through passwords, so be sure you keep the passwords confidential in order to protect the settings from unauthorized changes.

Computers:

Desktops or laptop computers can be protected by software that can either restrict content or report usage. Apple computers running Apple's latest operating system, Tiger, have some great parental features. Click here to read more on Apple parental control features. There are many software applications and reviews here for Apple and Windows computers, but be sure to look at Covenant Eyes, SpectorSoft, McAfee, K9. A favorite? SpectorPro.

Google and many other web sites allow you to set up "family safe" search settings. These are easy to bypass but do allow a level of protection against accidental search results. Learn more here.

Protecting The Network

Protecting the device can restrict content no matter where the device goes. Visiting a friend's house? If your filters are set on the device, the restrictions will work everywhere, as long as the phone is not reset to factory settings, the password is not shared, or the software bypassed. Filtering on a device can have drawbacks, mostly related to "false positives" or sites that are blocked unnecessarily. Additionally, blocking vs. reporting will frequently not pick up visual search results. Content categories are never completely accurate. If you have sophisticated (i.e. children) people at home you may find a new device, virtual machine, or other computers in your home and they may not be protected unless you protect the network which feeds Internet to your home. Filtering each device can get expensive if you are a modern family with a dozen or more devices.

Network filtering generally happens on the router or device that brings the Internet into your home. This software or setting locks or filters your Internet connect at one single place: the router. A router is a gateway or traffic on-ramp to the Internet. It is usually a black box that is provided by your Internet Service Provider.

If you are reading this at home, the router device has an "address" on your home network and your device can frequently be viewed from a web site by visiting either 192.168.1.1 or 192.168.0.1 Check your router's manual for more details on how to connect to the router in your house.

All devices in your home route through this device unless they are using a cellular signal to connect to the Internet. Some devices that have cellular connections may switch to wireless (WIFI) when it's available. The router's login settings can be protected by a password against unauthorized changes.

To protect this network connection, one option is to use "DNS" filtering. The router that connects your home to the Internet uses a "phone book" called "DNS" (domain name system) to match the English name of a web site (whitehouse.gov) to the actual number that a computer understands (called the "ip address" or "internet protocol number"). When you type whitehouse.com into your web browser, it is the technical DNS system that resolves that name and routes the computer to the right web site on the Internet. If you subscribe or use the free services from OpenDNS (or similar service) you can allow all the site look-up traffic coming in and out of your network to pass through OpenDNS. They have a set of filtering categories that will allow you to choose what content is allowed into your home. More here. If use use a DNS service like OpenDNS, when you ask for a web site that is blocked, the DNS service looks up the site, and if it's a blocked site, it will display a "this site is blocked" message. The OpenDNS site has all the details on how to subscribe and use this service. Watch this video for a tutorial.

Visitors or any computer or device trying to use wireless at your home will be blocked if you use an OpenDNS-like solution. No software is required on each device. Consider using  SafeResolve or similar DNS filtering/blocking site. OpenDNS can be used to "report only" if you prefer accountability reporting vs. blocking.

To deploy DNS services properly, you should use something called "egress filtering" so that sophisticated family members cannot arbitrarily replace the DNS service and bypass OpenDNS. You should restrict administrator access to computers at home, and you should restrict proxy/anonymizers in OpenDNS.

The hardest part about filtering your network is making the settings changes needed and keeping them set after power outages, router upgrades, and network outages.

Some routers also come with family filtering options. iBoss is one, or consider options from DLink or Cisco or Adtran when sold with parental controls.

Bottom line? If you want filtering and you have the money, pay someone to install SpectorSoft on your computers and then install OpenDNS on your router including DNS egress filtering, block proxy/anonymizers, and do not allow computers at home to have administrator access. Have your technician show you the "console" so you can fine-tune the settings and keep tabs on your family's Internet usage. Don't share your passwords.