Whitelisting sites for an Ipod Touch
February 26, 2009 1:45 PM Subscribe
My son (12) has saved his lawn mowing money and is buying a refurb Ipod touch. I want to mediate his internet access, if possible, at the router level.
Please believe me when I say that I know that social control is the best method for helping my son make choices about his internet usage.
But due to reasons I don't need to go into regarding the micropolitics of our home, I need to know if there is a way to use my linksys router or some other tool to create a whitelist of sites that he can visit, preferably without restricting the other computers in the home.
If you want to tell me I'm an idiot for trying to restrict my son's access, that's fine but please do it in a private message. I just am looking for an ipod touch/router/whitelist solution, if one exists, that has a nice degree of granularity. It's not just about protecting him from EEEEEEvil, but also to keep him from surfing the web until 2 a.m.
There is a limited discussion of Ipod parental controls here, but it's not quite what I'm looking for. And here is information on changing the /etc/hosts file, but that doesn't let me turn off the internet at 11pm (for him) while keeping it on for the rest of the house.
Thanks!
Please believe me when I say that I know that social control is the best method for helping my son make choices about his internet usage.
But due to reasons I don't need to go into regarding the micropolitics of our home, I need to know if there is a way to use my linksys router or some other tool to create a whitelist of sites that he can visit, preferably without restricting the other computers in the home.
If you want to tell me I'm an idiot for trying to restrict my son's access, that's fine but please do it in a private message. I just am looking for an ipod touch/router/whitelist solution, if one exists, that has a nice degree of granularity. It's not just about protecting him from EEEEEEvil, but also to keep him from surfing the web until 2 a.m.
There is a limited discussion of Ipod parental controls here, but it's not quite what I'm looking for. And here is information on changing the /etc/hosts file, but that doesn't let me turn off the internet at 11pm (for him) while keeping it on for the rest of the house.
Thanks!
Best answer: I don't think most residential routers support that kind of granularity. Either look into Tomato or DD-WRT (which if they don't support it could be modified to do so), or get a second router.
With a second router, you can daisy-chain: set the second up with restrictions specific to the iPod, and use mac address filtering so that only the ipod can connect to it. Then set up mac address filtering on the first router to accept all devices except the ipod, and connect the second router to the first. Password project admin access to both routers, and this will work until your son hard-resets one of the routers.
posted by orthogonality at 1:56 PM on February 26, 2009 [1 favorite]
With a second router, you can daisy-chain: set the second up with restrictions specific to the iPod, and use mac address filtering so that only the ipod can connect to it. Then set up mac address filtering on the first router to accept all devices except the ipod, and connect the second router to the first. Password project admin access to both routers, and this will work until your son hard-resets one of the routers.
posted by orthogonality at 1:56 PM on February 26, 2009 [1 favorite]
It's fairly easy to use the internal networking controls on your router to do any limiting you want based on the mac address. You say you have a linksys router: some descriptions of one linksys based system is here, and though it's not the exact same for every linksys router, this is pretty much the way to set it up.
I'd set it up on computer A, restricting computer B. Once you know it works correctly, just substitute in the mac address for the ipod touch (which you can find when you have the ipod, either physically or just by seeing which is the new mac address on your system).
I have done this for computers, restricting either websites or times or both, and it's worked fine.
posted by jeather at 1:58 PM on February 26, 2009
I'd set it up on computer A, restricting computer B. Once you know it works correctly, just substitute in the mac address for the ipod touch (which you can find when you have the ipod, either physically or just by seeing which is the new mac address on your system).
I have done this for computers, restricting either websites or times or both, and it's worked fine.
posted by jeather at 1:58 PM on February 26, 2009
Most routers have a "Parental Controls" section that lets you punch in a MAC Address (basically a number that identifies a network device) or and IP Address (the number that the iPod uses to send and receive network data), and then block/allow network access to that device hourly and daily. Here's a slightly older article that gives a good overview of what features are out there.
posted by niles at 2:00 PM on February 26, 2009
posted by niles at 2:00 PM on February 26, 2009
You know your son will be able to get online via any wifi access points within range of your home (or outside your home, of course), right? Your plans may be well-intentioned, but they're easily foiled by jumping onto someone else's internet connection.
posted by emelenjr at 2:05 PM on February 26, 2009 [6 favorites]
posted by emelenjr at 2:05 PM on February 26, 2009 [6 favorites]
It's not just about protecting him from EEEEEEvil, but also to keep him from surfing the web until 2 a.m.
The iTouch can have enough games and apps on it to make it a lot of fun even at 2am in the morning. Perhaps have him turn it in at night, before going to bed?
Also, as parent who dealt with something similar for a cellphone, you should really lay down the rules for use of the device and that there will be consequences if things get out of head. Trying to micromanage electronic devices can quickly snowball into hair pulling.
posted by Brandon Blatcher at 2:06 PM on February 26, 2009 [3 favorites]
The iTouch can have enough games and apps on it to make it a lot of fun even at 2am in the morning. Perhaps have him turn it in at night, before going to bed?
Also, as parent who dealt with something similar for a cellphone, you should really lay down the rules for use of the device and that there will be consequences if things get out of head. Trying to micromanage electronic devices can quickly snowball into hair pulling.
posted by Brandon Blatcher at 2:06 PM on February 26, 2009 [3 favorites]
You may want to look into implementing dan's guardian and forcing all your traffic to go through it as a web proxy. This is easier said than done and requires a computer on 24/7 to run the proxy.
but also to keep him from surfing the web until 2 a.m.
I believe if you run Dan's Guardian with squid, you can tell squid to disable access at a certain time.
If this is too complex you might want to look at buying a second wireless router and setting it for the times you want your son to use it and then leaving the original wireless router as-is but making sure he doesnt know the WPA password.
Im not sure if the stock linksys firmware lets you make a policy for just a selected group of computers. dd-wrt does. I believe the linksys routers also support some kind of content filtering too. You should log into your linksys and see what it offers.
posted by damn dirty ape at 2:07 PM on February 26, 2009 [1 favorite]
but also to keep him from surfing the web until 2 a.m.
I believe if you run Dan's Guardian with squid, you can tell squid to disable access at a certain time.
If this is too complex you might want to look at buying a second wireless router and setting it for the times you want your son to use it and then leaving the original wireless router as-is but making sure he doesnt know the WPA password.
Im not sure if the stock linksys firmware lets you make a policy for just a selected group of computers. dd-wrt does. I believe the linksys routers also support some kind of content filtering too. You should log into your linksys and see what it offers.
posted by damn dirty ape at 2:07 PM on February 26, 2009 [1 favorite]
DD-WRT will allow for a lot of persnickity settings about access and will do so based on time of day as well. If you want to do a little less overt behavioral engineering you might use the quality of service option to simply tune the speed of access WAY down during the late-night hours. Might be a nice way to get what you want in an indirect manner as a counterpoint to the direct manner.
That said, emelenjr is right - it's not like the touch is locked down as to WHICH access point it can use. You might find it more productive to simply require that the device be handed over at Deadline o-clock and not given back again till the morning.
posted by phearlez at 2:21 PM on February 26, 2009
That said, emelenjr is right - it's not like the touch is locked down as to WHICH access point it can use. You might find it more productive to simply require that the device be handed over at Deadline o-clock and not given back again till the morning.
posted by phearlez at 2:21 PM on February 26, 2009
The Tomato firmware for Linksys routers can do access restrictions for a specific device.
posted by jaimev at 2:21 PM on February 26, 2009
posted by jaimev at 2:21 PM on February 26, 2009
I might be suggesting something too simplistic, but if your DSL/Cable modem is close by (and has open ports) can you run a network cable from that to your own computer or laptop and just turn off the wireless router at your curfew time?
posted by 543DoublePlay at 3:10 PM on February 26, 2009
posted by 543DoublePlay at 3:10 PM on February 26, 2009
Some routers and presumably DD-WRT will do logging so you can simply review a list of everything he's doing daily/weekly/whatever and handle it that way. For example, you simply cannot block every porn site out there. But with logging you'll get a pretty good idea of everything internet-related he's doing.
posted by GuyZero at 3:25 PM on February 26, 2009
posted by GuyZero at 3:25 PM on February 26, 2009
opendns.com
posted by HuronBob at 3:35 PM on February 26, 2009 [1 favorite]
posted by HuronBob at 3:35 PM on February 26, 2009 [1 favorite]
I'd second surrendering the iTouch at a certain time. As an avid childhood under-the-covers reader, I can tell you for certain that if I had had one of these way back when, I would have been dead from lack of sleep long ago. No internet required.
posted by Aquaman at 3:41 PM on February 26, 2009 [2 favorites]
posted by Aquaman at 3:41 PM on February 26, 2009 [2 favorites]
Thirding taking it away at night.
I annoyed the hell out of my boyfriend when I went to visit him because I was up until 4 in the morning playing Wordle of all things. No internet required for hours and hours of time wasting fun.
Though, I suppose if you just allow him to put music on it, and no apps or anything, it would solve the issue, but it makes having a touch rather than a nano or classic kind of pointless, imo.
posted by sary at 7:00 PM on February 26, 2009
I annoyed the hell out of my boyfriend when I went to visit him because I was up until 4 in the morning playing Wordle of all things. No internet required for hours and hours of time wasting fun.
Though, I suppose if you just allow him to put music on it, and no apps or anything, it would solve the issue, but it makes having a touch rather than a nano or classic kind of pointless, imo.
posted by sary at 7:00 PM on February 26, 2009
I think you would need to take it away. Even if you block his MAC address, he can just change it if he is clever enough to use google.
posted by procrastination at 7:10 PM on February 26, 2009 [1 favorite]
posted by procrastination at 7:10 PM on February 26, 2009 [1 favorite]
DD-WRT allows you to only make Wireless available during certain hours of the day. Wireless/Advanced Settings/Radio Scheduling. That is a much better solution than a whitelist of websites, which is totally crazy in my opinion, that is if your concern really is him staying up too late (how would a whitelist help with that anyway?). Although if he's remotely tech-savvy, he can probably figure out how to connect to someone else's unsecured AP and bypass any restrictions you implement.
Nthing just having him surrender the iPod at a certain time. Filtering Internet access is just wrong. It's bullshit when businesses do it to employees and it would be bullshit to do it to your kid.
posted by DecemberBoy at 7:15 PM on February 26, 2009
Nthing just having him surrender the iPod at a certain time. Filtering Internet access is just wrong. It's bullshit when businesses do it to employees and it would be bullshit to do it to your kid.
posted by DecemberBoy at 7:15 PM on February 26, 2009
Response by poster: Thanks for the excellent responses. We actually have a spare router which can be flashed with DD-WRT. Our neighbor's wifi is weak and slow at best, so it is hopefully less appealing. One reason for doing this is to lower the anxiety levels of a parent, i.e. having something in place, even something only partially effective, is a precursor to getting the ipod. My primary methods will be to talk to him about internet usage and have him turn it in at night.
I did some site blocking in the past (he was camping out on DragonFables) and he was looking at Youtube videos on modding the /etc/hosts file and using proxies within minutes. So we will do a combination of things but primarily talk to him about usage and have him turn it in at night (then I can use it!)
DecemberBoy: you are at the wrong end of a game of telephone.
From the original post:
But due to reasons I don't need to go into regarding the micropolitics of our home, I need to know if there is a way to use my linksys router or some other tool to create a whitelist of sites that he can visit, preferably without restricting the other computers in the home.
If you want to tell me I'm an idiot for trying to restrict my son's access, that's fine but please do it in a private message.
I already mentioned that our primary, family computer is unfiltered. I am also whitelisting him because, prude that I am, I think he can wait a few years before stumbling across goat.cx and that whitelist will contain many sites. Plus, he only visits about 10 sites regularly right now. So unbunch those panties, buddy. The kid is twelve.
posted by mecran01 at 8:26 AM on February 27, 2009 [1 favorite]
I did some site blocking in the past (he was camping out on DragonFables) and he was looking at Youtube videos on modding the /etc/hosts file and using proxies within minutes. So we will do a combination of things but primarily talk to him about usage and have him turn it in at night (then I can use it!)
DecemberBoy: you are at the wrong end of a game of telephone.
From the original post:
But due to reasons I don't need to go into regarding the micropolitics of our home, I need to know if there is a way to use my linksys router or some other tool to create a whitelist of sites that he can visit, preferably without restricting the other computers in the home.
If you want to tell me I'm an idiot for trying to restrict my son's access, that's fine but please do it in a private message.
I already mentioned that our primary, family computer is unfiltered. I am also whitelisting him because, prude that I am, I think he can wait a few years before stumbling across goat.cx and that whitelist will contain many sites. Plus, he only visits about 10 sites regularly right now. So unbunch those panties, buddy. The kid is twelve.
posted by mecran01 at 8:26 AM on February 27, 2009 [1 favorite]
he was looking at Youtube videos on modding the /etc/hosts file and using proxies within minutes
That's not a good sign, and I would think that you're going to find anything you implement is circumvented far faster than you would imagine. The highest hurdle I can think of would do all of the following:
posted by oaf at 6:10 PM on February 27, 2009 [1 favorite]
That's not a good sign, and I would think that you're going to find anything you implement is circumvented far faster than you would imagine. The highest hurdle I can think of would do all of the following:
- Via DHCP, assign the iPod touch an essentially static IP address (i.e., he can renew the lease as much as he wants, but he's still going to end up having the IP address 192.168.11.6)
- Drop packets from the iPod touch's IP address to any IP address not on your whitelist
- Drop packets from the iPod touch's hardware address that have any source IP address other than the one you assigned to it
- Drop packets from any hardware address you don't recognize
posted by oaf at 6:10 PM on February 27, 2009 [1 favorite]
This thread is closed to new comments.
posted by freq at 1:54 PM on February 26, 2009