My own setup at home is that my son’s computer is connected to an isolated VLAN that runs to a dual-homed Linux host running Privoxy, which allows me to white-list sites. I can also white-list a site for referral. So he can get to marvel.com and nintendo.com, plus (without intervention from me) get to any site linked to from those sites. Anything else, he’s stuck. He has nearly 1,800 white-listed URLs now (this setup has existed for several years) and I look back with fondness on webkinz.com, his very first white-listed site.
His computer’s MAC is blacklisted at the home router. He could grab the router and factory reset it, to be sure, but then I’d know he’d done so.
There’s also a WAP on his VLAN to support his iPad use.
If he learns enough to get around that, he’s old enough to look at what he wants.
Or he sticks a router with wifi in line with the WAN feed. Does the WAN side of your LINUX use DHCP? Or figures out how to get into a neighbour’s wifi. And so on…
I think your last line is the most valid. Like most parenting situations, all you can do is try…
It’s not really correct to ask about “the WAN side” of the Linux host; both interfaces are LAN. One is the kid VLAN; the other is the house VLAN. There’s no DHCP on the house VLAN; all house devices are statically assigned and their IPs white-listed at the border firewall. (I also have a guest VLAN on yet another wireless AP that routes directly to the outside world; that is enabled when I have guests and I give them the password and change it when they leave.)
He could physically add a router with Wifi to the house LAN, but that router wouldn’t have access to the outside world because it’s WAN side IP isn’t whitelisted at my router. He could theoretically unplug my border firewall and plug in his own router, but that would trigger my Nagios instance because it could no longer ping external reference points. So my Nagios dashboard would show an unexplained drop in network connectivity that would be hard to explain.
No, the Linux host isn’t locked up physically…but if he were to reboot it with a Live CD (and to do that he’d have to know the BIOS password in order to enable boot from the CD) that too would show up in the Nagios dashboard as an extended outage.
Why not just set up a virtual PC and let him look at whatever he wants? Personally, I’d be more concerned about protecting the computer from malware than protecting the boy from boobies.
If you’re aware of a technical solution that could limit questionable sites to those that merely expose “boobies,” I would certainly be interested in learning more. My concern is more that he stumbles upon Raven, Starfire, and Beast Boy in a threesome scene that ends when Beast Boy is knocked out by a tentacle creature with rapey intentions towards the two female Teen Titans.
More generally, I am convinced that at 12, it’s still appropriate to sharply limit his unfettered access to the Internet, because the questionable material that is available is not “boobies.”
I understand that you, personally, would not be as concerned as I, and of course that’s your privilege to apply to your children.
It’s not a concern I can bring myself to share. I get that rapey violent cartoons (or rapey violent media in general) might seem like they should mess a kid up, but I’m not convinced they do.
Further discussion along those lines is more GD than GQ so I’ll drop it. If the OP is determined to put in such blocks, I’ll give some thought to purely technical suggestions to that end.
He could theoretically spoof one of the authorized devices on the adult network. But that’s going to trigger an IP address conflict from the device he’s spoofing.
Nope. The minimum age for the site is 13, so that’s a hard-stop. If he’s interested, I’d be open to adding it to his white-list after he’s 13.
