Here’s a post I did a couple years ago describing my set-up. My son, then eight and now ten, has a computer in his own room.
Maybe.
But I’ll tell yuo what I’ve done. I’m running Privoxy , an open-source web proxy and whitelist-capable application.
It’s running on a secure Linux box that’s locked in the basement office. That Linux box is dual-homed, with one interface going in (the Ethernet from my kid’s room and a WiFi AP that’s using WEP) and an interface out to the rest of the network. All MACs in use on the general network are white-listed at the router, which is also physically secured. My child’s MAC address is NOT on that white list.
So basically, the only way he gets traffic out of his computer is through that proxy server, and only to the addresses I whitelist. The WiFi AP is there so he can use Nintendo DS games with wireless capability; all of those go to nintendo.com , which is permitted in the routing tables for non-http traffic.
He’s not an admin on his local box, and even if he were to become one, it makes no difference – his traffic out of the room and into the Internet is controlled.
My theory is that when he can break THAT, he deserves to see anything he wants.
I don’t see any way of circumventing that setup.
The only update now is that his WAP is running WPA2 now because he has a 3DS, which is WPA-capable. He has a Nook and an iPod Touch, but only access to his WiFi, not the general household one.