Help me filter the porn!
May 28, 2006 3:35 PM   Subscribe

For my work, I've been asked to prevent a client's son from browsing porn on the family computer without spending money on NetNanny style products. I confess to encountering some difficulty. I have set Win XP to use the MVPS hosts file and tried a couple of free porn filters but have come up against a brick wall. Help me!

Further info:

The free porn filter I tried was useless. It was poorly engineered and though it promised operation at the TCP/IP layer, it was only able to (poorly) filter Internet Explorer traffic. I need FireFox filtering, too.

One idea I had was routing all requests through a Squid proxy running on a dedicated server? Would that work?
posted by dance to Computers & Internet (37 answers total) 1 user marked this as a favorite

 
Tell the client to put the computer in a public area of their house.
posted by jellicle at 3:41 PM on May 28, 2006


And at the very least take it out of the son's bedroom.
posted by cellphone at 3:44 PM on May 28, 2006


"family computer", nevermind.
posted by cellphone at 3:45 PM on May 28, 2006


Install a keystroke logger. Then TELL the kid you've installed a keystroke logger.
posted by frogan at 3:46 PM on May 28, 2006


I don't think the proxy/firewall technology is the biggest problem. How do you recognize a porn site? Even if you somehow managed to put together a list of all the porn sites on the Internet (which is impossible even for the largest organizations that are dedicated to creating blacklists), it will be out of date in something like 24 hours.

If you want to completely prevent porn viewing, either put the computer somewhere where others will be able to see the screen anytime the kid uses it, or use a whitelist rather than a blacklist (that is, rather than try to list the sites he can't visit, list the sites he is allowed to visit).
posted by winston at 3:49 PM on May 28, 2006


Even the for-money filters will not work against someone who is sufficiently competent on a computer. But if the parents are willing to do a little work, it can be done for cheap.

One free solution is to keep a log of all sites that are viewed (via a DNS proxy, for example) and then every so often, block the ones that are objectionable (at the DNS or IP level). This would have to be done every day. Its best to target the "hub" sites (those sites that link to others), since I assume this person is not paying for anything with a CC.

This does not stop any of the alternative methods of getting at this stuff, such as using P2P or Usenet.
posted by clord at 3:51 PM on May 28, 2006


The other question is how to prevent the kid from disabling the filter. e.g. If you had a dedicated proxy server, what prevents the kid from just unplugging and re-plugging the cords to bypass the proxy?

You have the same problem with any software not designed for the purpose.
posted by winston at 3:53 PM on May 28, 2006


You have a thankless task. If the child is old enough to seek out pr0n, he's old enough to work around anything you build, and you'll likely be blamed for it. Squid on a dedicated server transparently filtering all traffic might work, but you'd probably need something like a whitelist of approved sites instead of a blacklist to walk away from it.
posted by holgate at 3:58 PM on May 28, 2006


I think it's a parenting issue. Implement a method to track every site he visits, and email it to the parents every day. Set up logging and teach the parents how to read the logs. I agree that kids' computers should be in family areas, with screen visible, but plenty of 11 year olds are home alone after school. Serious nasty porn is easily available to young kids. Parents need to talk to their kids about it. Kids should be outside, where they can find their porn in the woods.
posted by theora55 at 4:12 PM on May 28, 2006 [1 favorite]


The better solution is the social one. His parents HAVE to keep an eye on him and if it's such a huge worry, the computer cannot be in his room or another area that's private.

You aren't going to be able to keep him from looking at stuff ... there's porn everywhere. I think you can even sign up for daily emails, and the images are attached ... so website filtering wouldn't work.

There just isn't a technology solution to this problem for a kid with any sort of intelligence and computer savvyness.
posted by SpecialK at 4:14 PM on May 28, 2006


Whitelisting is the only way to have even a chance of succeeding. Be aware you can't whitelist any email services because web-to-email gateways exist.
posted by Mitheral at 4:14 PM on May 28, 2006


One idea I had was routing all requests through a Squid proxy running on a dedicated server? Would that work?

If you're able to run a separate machine in this way then the most reasonable technical solution is probably to use Squid with DansGuardian.
posted by Olli at 4:28 PM on May 28, 2006


I'm definately tending towards a social solution. If you want to go technological, either a whitelist whereby the parents (having been asked by their kid to add a site) can very easily log into an interface and add a domain. Or, simply a nicely organized log file of all the domains visited (extra points for thumbnails of images found on those domains) for the parents to peruse at their leisure. Both these could be achived through a proxy.

Really, though, it's a losing battle. No-one with the least degree of sophistication gets their porn off the web anymore. Usenet, IRC, a myriad of p2p apps, email, instant messenger. Shit, when I was eleven I was trading floppy discs of GIF porn with friends. Ultimately you will be doing the clients the best service if you explain these difficulties, and the importance, at the end of the day, of supervision and dialogue with the kid.
posted by Jimbob at 4:53 PM on May 28, 2006


I feel for you. I was an system administrator at a public library. I have parented teenage boys and girls. This is a completely serious response:

Educate the parent. Explain that he/she has asked you to perform a modern Herculean task. Help the parent understand the only sure-fire way to stop his/her son is to remove the family computer from the house. Then the son will go to the library, or his friend's homes, and he will find porn there.

Counsel the parent to speak to the son about the lure of porn and the need of children to mature in small steps. The parent should first remember his/her teenage years and the need to discover the things put "off-limits."

Most of all, if you are really serious about this job, is to make the parent understand you can not block all porn from the family computer. As others have pointed out, anything you can do, a 16 yo boy looking for porn can work around.

You can slow him down, and make the job harder, by installing all of the above answers. Then add a security camera with a direct link to the parent's office. Combine it with a electric kill switch on the computer that the parent can throw from his/her office.

Finally, give the parent the number of a good family counselor to help with the resulting loss of trust. That isn't really part of your job, but consider it "going the extra mile."
posted by ?! at 4:56 PM on May 28, 2006


Response by poster: ...amazing responses. Thanks!
posted by dance at 5:02 PM on May 28, 2006


(I should note, by the way, that I was trading porn via 2400 baud BBSes when I was 11 and 12. And when my dad found out, he said, "Cool! Show me what you've downloaded!" ... and I never, ever hunted for porn pictures again.)
posted by SpecialK at 5:14 PM on May 28, 2006


The parents being explicitly clear is probably the best case. Morality aside, the main point should be that he's free to do as he pleases on the internet when he's on his own and paying for it, etc. For a teenager, technical restrictions are just something to conquer.
posted by cellphone at 5:20 PM on May 28, 2006


I agree with all the above comments: it's a social problem, and technological solutions can only approach a solution. That said, I second Squid+Dansguardian. It may be a bit difficult to set up, but DG can block with a whitelist or blacklist, and it can scan webpages for naughty terms. All these lists are simple text files. If you set up a transparent proxy* and put the proxy in a locked closet or something, it can be very difficult to work around.

* I've seen proxies specified in IE's Internet Settings. This is very easily bypassed by simply changing it, or just using a different browser.
posted by bkudria at 5:27 PM on May 28, 2006


If you set up a transparent proxy* and put the proxy in a locked closet or something, it can be very difficult to work around.

Tor. Not to give the kid any hints, or anything. And once again, the web is a fairly blunt tool for obtaining porn.
posted by Jimbob at 6:13 PM on May 28, 2006


... my dad found out, he said, "Cool! Show me what you've downloaded!" ... and I never, ever hunted for porn pictures again.)

That is one of the most amusing things I have read in awhile. I think that would be a sure fire way to get many kids to stop looking at porn on the computer, at least for a little while, just due to the "gross out" factor.
posted by chrisroberts at 6:32 PM on May 28, 2006


If I were the parents, I think it would be really useful for me to read this page of mefi discussion. Both to understand there isn't a foolproof solution and to see the range of perspectives.
posted by allterrainbrain at 6:32 PM on May 28, 2006


What you are trying to do is very difficult. You can allow only port 80 only to specific sites. (the whitelist approach). If you allow ANY ports to connect anywhere, even port 25 for mail, he can get out. He just needs a friend to run a proxy on that port.

He can even hide the network traffic from all surveillance by wrapping it in Secure Shell... so if he can get just one port out to a friendly machine, he can do ANYTHING, and you can't see or stop him.
posted by Malor at 7:05 PM on May 28, 2006



Educate parents, then the kids. In my day, it was normal to steal Penthouse magz and similar, risking getting caught for shoplifting. Once that risk was too high, you beat up minors to do it for you. The pron on the WWW is a godsend, it keeps your children safe :)

(All said humourously, but with a point, if you make it hard, they will find another way, which may lead to much worse things, and the wrong crowds.)
posted by lundman at 7:06 PM on May 28, 2006


I second all of the above. Send the parents a link to this page if they think you're just not smart enough to come up with a decent solution.

BTW, my younger brother only has internet access from 6pm-8pm. He uses it to furiously play as many games of Halo as possible before my Linksys router automatically cuts him off. Kids shouldn't have unlimited access to the Internet, nothing like an MMO or FPS addiction before grades start dropping.
posted by exhilaration at 7:36 PM on May 28, 2006


I was trading porn via 2400 baud BBSes when I was 11 and 12.

Where there's a teenager, there's a way.

Cut the internet connection completely, or have the parents take the cable modem to work. It's the only way to be sure. (Or you could nuke the internet from orbit!) There'll still be magazine racks to pilfer, as well as public libraries and unsavory friends, but it'll solve the "not under my roof" problem.

I'd like to hear how this turns out. What solution did you go with, and what was the response/effectiveness?
posted by anotherpanacea at 8:18 PM on May 28, 2006


Put the computer in the family room or the kitchen or another public place.

Or leave it in the woods, since the proliferation of print material will be a distraction.
posted by acoutu at 8:39 PM on May 28, 2006


this is "for work", and you're meant to do it on the cheap? how much time (= employer $$) have you spent on it so far? how much more before you've got a working solution? just tell 'em to fork out for a commercial filter plus educate them on the social solutions.
posted by russm at 9:21 PM on May 28, 2006


Yeah, you've been set up. The task is impossible.
posted by krisjohn at 9:32 PM on May 28, 2006


As Malor says, if he can get to one port on a friendly machine, he can get anywhere. Which is why an incredibly restrictive whitelist is the only technological filtering solution with a prayer of a chance of success.

The trouble with an incredibly restrictive whitelist is that it's an incredibly onerous imposition on the end user, and an incredibly onerous administrative load on the parents. It's likely that there's more work in keeping a whitelist-based filter usable than there is in simply monitoring the kid's online behavior directly.

Logging-based approaches are probably best, if directly looking over the shoulder isn't going to work.

Personally, ISTM that making sure that any computer a kid has access to is in a public area of the house, and getting agreement on acceptable usage by frank and open discussion, is the only realistic way to go.
posted by flabdablet at 1:28 AM on May 29, 2006


christ i can't believe no one suggested this -

you will have a MUCH easier time just teaching the kid how to hide it from his parents. "problem" solved.
posted by Tryptophan-5ht at 2:36 AM on May 29, 2006


Can't be done. Sorry.
posted by rolypolyman at 6:00 AM on May 29, 2006


I'm with russm, the answer is to up your rate to the point that people would rather spend money on NetNanny style products than ask you for technical solutions to social problems.
posted by revgeorge at 6:48 AM on May 29, 2006


Is this for your own freelance business? Is this a new client? If so, is he worth keeping? Net Nanny costs all of $50 so if he's being cheap in "safeguarding" his own kids, you're probably in trouble.

You ARE charging him for doing this right? If not, you should be. Because what happens when you try to impliment something and the kid gets around it and the dad finds out? You won't look too good.
posted by Brandon Blatcher at 7:54 AM on May 29, 2006


Define porn. Can't? Then you see that from a technical standpoint it is completely impossible, seriosuly, you are wasting your time. He/she will always always always be able to find something.

What an amazing example or horrid parenting. The answer is to tell the child it is not allowed, track his usage (that part is easy) and then discipline accordingly.
posted by Cosine at 1:38 PM on May 29, 2006 [1 favorite]


I'm assuming this is only a problem when the parents aren't home, if it's a family computer. In that case, install VNC, and make sure the kids know about it and what it is.

If the parents can remotely check up on it (from *anywhere* -- there's a VNC client for just about anything) then for the kid it's as if they're there all the time.

If the parents can't be bothered to look over their children's shoulder from time to time, even electronically from afar, they don't care that much about the porn.
posted by bonaldi at 5:19 PM on May 29, 2006


I little note: The problem isn't about 'all porn'. The problem is about too much porn. Maybe some reasonable means to control the computer access combined with some decent softcore donations for the boy's legitimate needs, are the answer.

If the parents can't handle the notion that their little darling is gonna wank, let them pay for a solution.
posted by Goofyy at 5:07 AM on May 30, 2006


I thought the keystroke logger note looked promising.
posted by Alt F4 at 8:04 AM on May 30, 2006


« Older Need some help with reading sheet music.   |   Dumbass knows nothing. Newer »
This thread is closed to new comments.