Guide to Internet Parental Controls -
Internet Filtering and Monitoring


This section consists of Four Articles (choose here or use the tabs across the top):

This Guide to Internet Filtering and Monitoring
Technical Features
Product Chart - Buyer's Guide with Web Links
Summary/Recommendations & Info Links

What are Parental Controls?


The Internet provides a ton of good information, from recipes to what's new in electronics, to movie reviews. However, there is also a lot of garbage out there with gambling sites, pornorgraphy, and the like. While you may never intentionally want to go to inapprorpriate websites, you may accidentaly get there through various means:

1. You may do a Google search and click on a header that looks right, but isn't what you intended.
2. You may manually type in an address and make a mistake, taking you to a site you didn't want to go to.
3. You might click on a hyperlink on a webpage that takes you to a page you don't want

Internet filters help to protect you from going to inappropriate websites by preventing those sites from loading in your browser.

Monitoring software by itself doesn't prevent you from going to inappropriate sites, but it does provide a tracking capability so that you can find out if your children are accessing websites you don't want them to, or to provide accountability for yourself.

Why would you want it?


1. Personal purity. As mentioned, you can accidentally stumble upon inappropriate websites that may expose you to pictures or writitng that you may wish you had never seen. It might be sexually explicit or perhaps highly violent, or maybe just rude. In anycase, the statement "what has been seen, cannot be unseen" applies here.

What Has Been Seen
(Note: I do not have copyright information for this photo - please alert me if I have used it inappropriately)

2. Children in the home. Children can be especially vulnerable to the attraction of the "dark side" of the Internet. Young children lack the understanding on what to avoid and how to avoid it, and older children are tempted to access the forbidden. Internet filtering tools can help to protect your children's innocense as long as possible.

3. Adult addiction: many adults (both male and female) become addicted to gambling and pornography on the World Wide Web. These sites not only promote adultery (If you even look at a woman in lust, you have commited adultery in your heart), they can consume hours and hours of valuable time.

How do they work? (Brief Overview)

A basic understanding of how computers work on the Intenet and how the various programs work will help you in selecting applicable products.

Computers on the Internet talk to each other through the use of Internet Protocol (IP) Addresses. An address is much like your home address that the Post Office uses to get your mail to you. IP addresses are a sequence of numbers that look like: 192.168.1.1. If we had to remember websites based on their IP address, it would be quite complicated, so a system called a Domain Name Service (DNS) exists to automatically translate between plain text websites such as www.google.com into the corresponding IP address. The end user (you) typically doesn't have to get involved in IP addresses.

Take a look at the diagram below. Let's say you want to allow your child to view images off of Server PG, but not from Server XXX on the Internet. We're going to look at what types of protections can be offered, and also where those protections can be placed in the Network.

Internet

Web Protections:

1. URL Filtering. Since each computer and device on the Internet is assigned a particular address, a Universal Reference Locator (URL) filter can be set up that blocks sites that are know to be bad, such as pornographic websites. For example, by blocking www.playboy.com, any child who tries to go to that website will see the blocked webpage screen instead. The limitation of URL blocking is that there are thousands and thousands of pornographic websites on the Internet and keeping up with them is a major undertaking. In the diagram above, server ?? may have just come on-line and is not included in the list of blocked URLs. If it is serving sexual material, it will not be blocked by a URL filter until it is discovered and added to the list. Another limitation is that just because an address is on the safe list, does not necessarily mean that adult content can't be delivered from the server at that address. In the diagram above, Server PG may be compromised by a hacker, and and adult images uploaded for viewing by anyone who comes looking for the PG content. I had a case some years ago where an Amish Bookshop website had apparently gone out of business and an adult site took over the same website name. I had not checked my list of web addresses for some time, so inadvertantly was leading people to what was now a forbidden website!

In one final example, the IP address for the friend's home may be on the "whitelist" to be allowed through. This does not prevent someone at the friends house from sending your child pornographic photos, however.

2. Internet Content Rating Association (ICRA) Rating: Internet Content Providers (all those websites on the Internet) can include ICRA ratings embedded in their web-pages. This allows websites to be filtered based on the ICRA rating, in categories such as Nudity, Language, and Potentially Harmful Activity. The limitation of ICRA ratings is that its use is voluntary, and many Content Providers do not label their websites. Many may not even be aware of the ICRA labeling system. At the very least, an ICRA based filter will prevent known prohibited sites from being viewed, but will still allow in the many unlabeled sites.

3. Keyword filtering. Because there are too many websites to tag all of them, and because new websites appear on the web every day, alternative methods of tagging unwanted sites is needed. Keyword filtering is similar to ICRA filters, but also scans the text of the webpage before loading it. It will look for keywords such as "pornography", "sex" and so forth and prohibit those sites from loading into the web-browser. The primary limitation of pure keyword filtering is that it is prone to many false positives. For example, during the research for this paper, this author had several of the anti-pornography websites blocked as pornographic. Apparently the filters saw too many references to "forbidden" material and blocked the page, even though the content of these sites are not pornograhic in this case.

4. Dynamic filtering. To overcome these limitations, many of the modern filters provide URL filtering in addition to some form of dynamic content filtering. Rather than just using keywords, algorithms have been devised to take more factors into consideration before blocking a page. Some may actually examine the flesh tones in graphic images on the web page, others do word analysis to differentiate "breast cancer" from just "breast", for example. The specific algorithms will vary from company to company, as will the effectiveness to prevent both false positives and false negatives.

5. Other Web Service Filtering: In the "Web 2.0" environment, applications like YouTube, Social Networking (Facebook, MySpace), Instant Messaging (IM), and Chat Rooms also represent challenges to keeping our children (and ourselves) safe. Modern protection schemes must also take these alternate means of transmitting pornographic material and content as well.

SIDEBAR: Keyword Filtering. False Positives and False Negatives: The ideal filter would block all unwanted websites and allow all wanted websites. In practice, however, this is very difficult to achieve. In protecting your child, you may wish to err on the side of False Positives. That is, you'd rather that the filter said a site was bad even if it was not. For an adult, however, it can be very frustrating to need to get to a website that the filtering tool has categorized incorrectly. For example, a site on "Breast Cancer" might be blocked because it contains the word "Breast". It should be noted that most modern programs check for this sort of situation, but it is also true that most filtering programs still experience a significant amount of both false positive and false negatives.

6. Computer Access Management. We may also want to limit access to particular programs on the computer, and manage the time that our children are allowed on. For example, if we go to bed at 11PM, we may want to ensure our children aren't getting up late at night and visiting sites they shouldn't be. Time management software can restrict the times that the Internet can be accessed. We may also want to restrict access to programs such as Peer-to-Peer File Sharing programs. While there can be legitimate uses for these programs, they are also often used to share pornography and unlicensed MP3s and movies. Windows Vista Parental Controls even allows online games to be blocked depending on their rating. For younger children, kid-freindly browser programs limit the Internet experience to only what they can access in a limited function web-browser. They usually work on an "allowed only" basis, restricting children only to those websites that the parent has approved.

Limitations of access management tools include the burden on the parent of setting up reasonable time schedules. I know in our household the times for computer use vary from week to week and even from day to day. Ensuring your time managment program is flexible enough for your lilfestyle is important. I noticed one program that even allowed the child to temporarily override the time-out function for an extra 15 minutes or so, which might be nice for some families.

Since access management programs typically must reside on your own computer, they are also more subject to being over-ridden by a saavy child. With physical access to a computer, there are multiple methods for overcomming any software protections that may be built in, and the Internet is full of methods for bypassing this program or that program. With that said, however, some programs are much harder to bypass than others, and often it will be detectable if the program has been tampered with, allowing you to confront your child as to why they bypassed the protections. Also, younger children likely will not have the capacity for bypassing the protections.

7. Computer Monitoring: Monitoring allows you to review what has been happening on your computer. Most monitoring programs allow you to review a list of websites visited, and will often flag attempts to reach "prohibited" websites. Note that is is not always a concern, since some of these can be accidental or when your child clicks on a link that they think should go to a safe site, but is malicious in intent and tries to take them to a bad site (this is also a good reason to not rely on monitoring software alone; many bad sites can be accidentally visited without intent).

Some programs get even more detailed, and allow you to record every keystroke made during a session as well as periodic snapshots of the entire screen. While this may be effective at times in case you want to grab a chat session to see what your child is really saying, it seems to be to border on spying.

In the late 1960's and eary 1970's, listening devices were all in the news because of President Nixon's Watergate scandal, the Mission Impossible show, and so forth. Laws were passed to make the possession or sale of these devices illegal. So suddenly, you started seeing the same listening devices being advertised not as "spy" tools, but rather as baby monitors. A fictitous ad might read, "place this tiny listening device no larger than a dime in your baby's room and listen from any FM radio in the house!". I see a parallel here. Keyloggers grab every keystroke made on a computer. They are often used by malicious hackers to grab passwords and account names off the computer. In fact, they might be used by your own child to grab the password to your Monitoring software! Keyloggers are now being advertised as "parental control tools" for Internet safety...

I'll leave it to you to decide, but for our household I want my children to know their websites visited are being monitored but I don't want them to live in an environment of "untrust" where they don't feel I can't trust them. On the other hand, there is the old maxim "trust but verify", and periodically we need to responsibly check that our trust in our children is validated. Children are children, and are not mature enough to always resist the wiles of the Devil! It is our responsibility to help them deal with these issues, but not to let them get overwhelmed.

I know some parents don't filter at all, but simply let their children know that their web access is being monitored. Personally, I want at least pornography blocking to prevent inadvertant stumbling upon bad sites.

8. Accountability: Related to monitoring, accountability controls allow listings of Internet activity to be e-mailed or accessed by an accountability partner. The partner could be your spouse or a friend that you trust, or a parent in the case of a child using the system. By knowing that your activity is being monitored by a freind, accountability software can help adults kick additiction problems, or can help keep children "honest".

Even if the accountability software is disabled, the partner may notice a gap in reporting, which still requires accountability!

Some accountability software works locally on your PC, but there are also some ISPs and other services that log your Internet use on their own websites, and your accountability partner can access the website from where-ever they happen to be.

Location of Parental Controls

Referring back to our diagram, where is the best place to place controls? Each location has various tradeoffs.

1. On the individual computer. The most obvious solution is to protect the individual computer that your child uses.

Advantages:

The software can be tailored for that specific computer and the users of it.

Since the software resides on your own computer, you typically have more control over what information is and isn't blocked. Some web filters at the ISP level, for example, may block a website that you need to get to for work, for example.

Disadvantages:

If someone has physical access to your computer, there are multiple ways to "hack" the system to bypass any type of control software that might be installed. In choosing a "local" solution, the parent needs to consider how much they want to "lock down" their PC, how much they can trust their children, how technically skilled their children are, and so forth. The controls in Microsoft Windows and other OSs can be tightened fairly well to make it difficult for a child to bypass security features, and many of the Parental Control packages are also difficult to defeat, but a knowledgable teenager is likely to be able to find a way around them.

If the software includes a database of known "bad" sites, this database will need to be updated periodically, which will require frequent downloads from the supplier.

As with any other software on your computer, it needs to be managed, and in some cases, it may conflict with other software you are running.

2. At the Router/Modem. This is still within your home, but moves the control from the computer to the router/modem that connects your families computers to the Internet Service Provider (ISP). There have been some routers sold on the market that included subscriptions to Internet Filtering providers.

Advantages:

By moving control off the PC, your child would have to crack the router/modem to defeat the controls, or would have to otherwise bypass the router/modem altogether (for example, if they used a dial-up service).

All computers in the household are now controlled by the filtering software.

Software management is eased because you only have one location to take care of rather than several (if your home uses more than one computer for Internet access).

Disadvantages:

Again, a saavy teenager may be able to crack the router/modem

You may not WANT all computers filtered. For example, perhaps you have a home office computer that you can't have restricted.

You lose the flexibility of some of the comptuer access controls such as restricting particular programs from being run. Monitoring is likely to be less granular since the software in the router may not distinguish between users. In general, you lose some flexibility in this approch while gaining ease of use.

3. At your Internet Service Provider (ISP) or other server.

Advantages:

Since the filtering is performed at the ISP, your child cannot bypass permanently filtered sites. Most ISPs provide some mechanism for local control of allowed and blocked sites, but most also permantly block some level of prohibited sites. Your child would have to bypass the ISP (or somehow trick the blocking rules) to avoid these filters.

The filtering lists and rules can be updated instantly, rather than having to "push" updates down to the users.

Some providers provide accountability services and since the logs are on the companies servers, you can't delete them.

Disadvantages:

You lose some level of control over what is being filtered, although most companies provide some level of parental decision over what is and isn't blocked.

All your Internet traffic has to go through the company's servers, which could have some performance hit.

Using ISP filtering alone does not provide you with as many local access control options on your child's computer.

4. At your Domain Name Server (DNS).

This is mentioned because there is a free service at OpenDNS.com that provides a nice DNS capability along with Internet Filtering and monitoring.

Advantages:

Since you need DNS anyway, there is no additional slowdown to your Internet service

As with an ISP, the filtering is controlled outside the sphere of your local PC, meaning the filtering can't be tampered with directly.

Disadvantages:

There are likely more ways to bypass using the DNS capability than there are in bypassing your ISP.

Use of Dynamic Host Configuration Protocol (DHCP), which is common with many DSL links, requires local software on your computer, providing yet another attack vector for a child who wants to bypass the server.

5. Combination Services:

Because there is no single ideal location for the controls, many products offer a combination of services.

Some programs provide software for your computer to allow the parent to do time management and local control, but also run all Internet access through their web servers. Thus, filtering happens at the ISP, with some local keyword and dynamic filtering occuring at the computer level, along with local program control.

You can also choose combinations yourself through selective purchasing of different packaging. For example, you might like the monitoring capabilities of package A, and choose an ISP filtering service as well.

Summary:

This article provided a brief overview of the methods you have to help protect your PC, and the advantages and disadvantages of the different "locations" these controls can be placed. This knowledge should help you in making an informed decicsion on which products to buy. The next article will cover some of the more detailed features to consider in choosing a package.

Next Stop: What Features to Look for In Parental Control Software