################################################################################
DIY Parental Controls
- Willow Willis (2023-01-28)
* (or, how to mess with the hosts file for fun and profit)
* (no software installation required)
################################################################################
## UNDERSTANDING THE PROBLEM ##
So, you're a web-savvy parent in the age of YouTube, TikTok, OnlyFans, PornHub
and Twitter. You want to limit your child's access to websites and services
that you deem harmful, until they are old enough to know better. What are your
options?
* Install proprietary 3rd party software
* Rely on the parental controls for your OS of choice
* Take matters into your own hands
Each comes with upsides and downsides. If you decide to install 3rd party
software on your child's machine (e.g. Net Nanny, Qustodio, Norton Family,
etc), you will be shelling out money for the privilege of installing active
spyware on your child's machine. The OS approach is hardly better -- turning on
parental controls through Microsoft will result in your child's search history
being recorded and the number of hours they spend on various apps dutifully
logged. Also, in the US at least, an OS will turn OFF parental controls once a
child reaches 13 years old, regardless of whether that child is ready to be
using the internet unsupervised (see: the Child Online Privacy Protection Act
or COPPA).
In either case, you have no control over what these companies choose to do with
that information once they have it. Will they sell it? Keep it indefinitely?
Use it to build a psychological profile of your child? The point is, you don't
know.
That leaves one safe and sane option: take matters into your own hands.
Ideally, your internet saftely plan will:
* Treat your child as worthy of respect
* Teach your child safe internet practices
* Protect your child from malicious websites
We'll work on the last of these today. This, then, is how to roll your own
blacklist.
################################################################################
## HOW TO RESTRICT ACCESS ON A SINGLE MACHINE: ##
Whether your child uses Linux, Windows or MacOS, there is a single file that
can be used to restrict websites on a per-machine basis.
* Linux: /etc/hosts
* Windows 10: c:\Windows\System32\Drivers\etc\hosts
* Windows 11: C:\Windows\System32\drivers\etc\hosts
* MacOS: /private/etc/hosts
The contents look something like this (sample taken from a Windows machine):
--------------------------------------------------------------------------------
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# LINES OR FOLLOWING THE MACHINE NAME DENOTED BY A '#' symbol.
#
# For example:
#
# 102.54.94.97 RHINO.ACME.COM # source server
# 38.25.63.10 X.ACME.COM # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
--------------------------------------------------------------------------------
As long as you have root-user privileges on your child's machine, you can
modify the contents of this file to block any number of domains you choose.
To block TikTok, for example, add the following entry to the bottom of the file:
--------------------------------------------------------------------------------
127.0.0.1 tiktok.com
--------------------------------------------------------------------------------
(Remember to use the TAB key instead of spaces between the IP address and the
domain url!)
What this is telling your child's computer to do is take any instance of
tiktok.com and resolve it to 127.0.0.1, the loopback address. In layman's
terms, it's pointing any request for TikTok back at your child's machine,
rather than reaching out to the web for content. This effectively blocks all
requests to TikTok.
Note: This will also block any services hosted on the domain in question. If
you decide to block google.com, for example, all Google services installed on
the machine and all calls out to Google from 3rd party software and websites
will fail. Tread carefully here.
################################################################################
## HOW TO RESTRICT ACCESS FOR THE ENTIRE HOUSEHOLD: ##
The above method works fine if you're trying to restrict a single machine. It
fails utterly on iOS, Android, and other devices (unless Jailbroken or
otherwise modified), because you can't access the hosts file on these devices.
You *can* add website restrictions to the Safari browser that comes with every
iPhone/iPad, and I encourage you to do so, but this won't restrict apps and
services.
For a large household, it may be appropriate to create a general blocklist at
the network level. For this tutorial, you'll need to find the IP address of
your router (see How to find the IP address of a router if you need help)
--------------------------------------------------------------------------------
Step 1: Open any web browser and enter the IP address of your router.
Step 2: Log in to your router. Did you remember to change the default
user/password? Now's a good time if you haven't.
Step 3: Look for something like "URL filtering" in the router's settings.
Depending on the brand, it may be under Firewall settings or something similar.
Step 4: Enter each domain that you want to block. This is commonly called a
"blacklist".
Step 5: Save your changes and restart your router.
--------------------------------------------------------------------------------
If you did it right, then visiting that URL from within your network simply
will not work. I recommend testing this on ONE website initially, before going
crazy with the blacklist. Make sure you do this right.
Also note that your router's blocklist will not work if your child disconnects
from your home's WiFi and goes straight to cellular data. You can mitigate this
by setting up restrictions directly with your cellphone's carrier (Verizon
customers, for example, can set up website blocking through their My Verizon
account).
################################################################################
## THE OTHER SIDE TO INTERNET SAFETY ##
Blocking websites is an important tool for every parent to have, but it should
not be the only thing you rely on. In this day and age, you can't afford to
ignore your child's internet usage. None of this should be treated as "set it
and forget it" -- you need to find time to talk with your child about internet
safety and addiction.
I'm not advocating for constant monitoring of your children. However, they
should know that you're watching and that you care. Do you know who your
child's friends are? Do you know what social media your child engages in? What
websites does she frequent? What YouTube videos does she watch? Does she know
how to limit her own internet usage, or does she still need help in this area?
Who does she text, who's asking her for pictures, and can she video chat with
anyone you don't know?
If you do nothing else, I *strongly* recommend blocking all social media for
children -- Reddit, TikTok, Facebook, Twitter, SnapChat, OnlyFans, etc. These
sites influence how your children feel about themselves, and open the door for
cyberbullying, adult grooming and worse. I don't think it's possible for our
kids to be safe on these sites, regardless of how harmless they seem at first
glance.