What's a good web filter for a non-profit school-age PC lab?
February 21, 2004 9:19 PM Subscribe
What's a good web filter for a non-profit school-age PC lab? [more inside]
My client is a neighborhood community center with over a dozen computers in two labs which serve children of both elementary and high-school ages. They would like to secure these PCs to avoid both embarrassing mistakes (whitehouse.com) and deliberate rules flouting, including possible peer sexual harassment. They're generally a sensible, tolerant bunch and I would like to give them a sensible package that, for example, permits the teenagers to look up more challenging material, while protecting the younger set.
My chief experience is with corporate-style proxy-type filters such as Websense, and it's always been my impression that desktop-filters would be a more difficult solution to manage, and I also would expect free or low-cost solutions to tend toward lame-brained keyword-blocking rather than having an army of site raters and categorizers. There's also a difference between a reporting-oriented system, which would take a lot of staff time these folks don't have, and a straightforward prevention-oriented one.
Unfortunately, the noise level drops off between the two peaks of the Peacefire filters-are-evil advocates and the hide-the-table-legs prudes who actually go so far as to rate and compare filters. Now that CIPA has had time to settle in, is there a good, sensible, middle-of-the-road choice out there?
My client is a neighborhood community center with over a dozen computers in two labs which serve children of both elementary and high-school ages. They would like to secure these PCs to avoid both embarrassing mistakes (whitehouse.com) and deliberate rules flouting, including possible peer sexual harassment. They're generally a sensible, tolerant bunch and I would like to give them a sensible package that, for example, permits the teenagers to look up more challenging material, while protecting the younger set.
My chief experience is with corporate-style proxy-type filters such as Websense, and it's always been my impression that desktop-filters would be a more difficult solution to manage, and I also would expect free or low-cost solutions to tend toward lame-brained keyword-blocking rather than having an army of site raters and categorizers. There's also a difference between a reporting-oriented system, which would take a lot of staff time these folks don't have, and a straightforward prevention-oriented one.
Unfortunately, the noise level drops off between the two peaks of the Peacefire filters-are-evil advocates and the hide-the-table-legs prudes who actually go so far as to rate and compare filters. Now that CIPA has had time to settle in, is there a good, sensible, middle-of-the-road choice out there?
The most important thing is to keep the PCs out in the open I think. Your technically adept high school student is likely to have the time, inclination and expertise to get around any web filtering software. You can reduce the inclination part if the computers are always visible to somebody in charge.
posted by substrate at 10:27 AM on February 22, 2004
posted by substrate at 10:27 AM on February 22, 2004
Take a look at Screendoor. Its' probably going to be your best bet for non-labor intensive content filtering.
What you get is a black box PC that you hook up on a subnet between your internal networks and your pipe to the internet using an unswitched hub. It scans the traffic going out to the net and will cancel any requests that are on its blocked list. It will work with HTTP, FTP, NNTP, etc.
They've got a huge list of blocked sites, arranged by category. That allows you some discretion. When I was put in the position to have to find and recommend such a system, all I blocked were the sex sites and let most other things through.
There will be some sites that are blocked when they shouldn't be, but at least with Screendoor you can edit the blocked list to rectify that. I couldn't get them to give me a human readable version of their blocked list though. And the opposite is true too. There will be porn sites that aren't blocked. When I had the system up, I was easily able to google up some hardcore porn that would come through. But the obvious ones are all covered: whitehouse.com (although before the incident that imposed this solution on me, I'd had that blocked with an ACL on the routers), playboy.com, etc.
You can also use the system to control which machines can or can't use various network services, although I never implemented that.
For what it is, it's a really good solution. It doesn't have any impact on network performance, as it's just scanning passively until it sees something that triggers it. And there's no need to be running from machine to machine installing buggy software.
posted by ursus_comiter at 10:45 AM on February 22, 2004
What you get is a black box PC that you hook up on a subnet between your internal networks and your pipe to the internet using an unswitched hub. It scans the traffic going out to the net and will cancel any requests that are on its blocked list. It will work with HTTP, FTP, NNTP, etc.
They've got a huge list of blocked sites, arranged by category. That allows you some discretion. When I was put in the position to have to find and recommend such a system, all I blocked were the sex sites and let most other things through.
There will be some sites that are blocked when they shouldn't be, but at least with Screendoor you can edit the blocked list to rectify that. I couldn't get them to give me a human readable version of their blocked list though. And the opposite is true too. There will be porn sites that aren't blocked. When I had the system up, I was easily able to google up some hardcore porn that would come through. But the obvious ones are all covered: whitehouse.com (although before the incident that imposed this solution on me, I'd had that blocked with an ACL on the routers), playboy.com, etc.
You can also use the system to control which machines can or can't use various network services, although I never implemented that.
For what it is, it's a really good solution. It doesn't have any impact on network performance, as it's just scanning passively until it sees something that triggers it. And there's no need to be running from machine to machine installing buggy software.
posted by ursus_comiter at 10:45 AM on February 22, 2004
Jay Currie runs a blog about library filtering issues [and also, himself, sells a low-end but useful filter IF 2k] which has links to a lot of the reviews and companies. I have two personal pieces of experience with filtering companies [and mercifully we don't have to put filters on our library computers]. N2H2 has categorized my entire website as "porn" and has been ignoring my email to ask them to please more sensibly recategorize my site. Smartfilter was very nice when I asked them to recategorize my site, even though they just changed it from "chat" to something that was more approximating "college kid home page" which is still off base. I'd recommend Squid, keeping all the computers in the open, establishing an Internet use policy beforehand [to the extent that you can], training staff in how to deal with infractions and using a filter that allows you to use at least some of your own discretion when blocking and unblocking sites. Remember that CIPA only mandates blocking images, so looking for CIPA-compliance [which is a fake term anyhow, honestly] won't probably get you what you are looking for.
posted by jessamyn at 4:08 PM on February 22, 2004
posted by jessamyn at 4:08 PM on February 22, 2004
This thread is closed to new comments.
posted by plinth at 10:09 AM on February 22, 2004