Summary: Blocking pornography isn't always as simple as we'd like. However OpenDNS provides one of the easier solutions, particularly for an entire network.
I would like to block porn from coming into my house. I am sure many people feel the same way because they have children but my reason for wanting to block it is my idiot son-in-law.
My daughter, grandchild, and idiot son-in-law live in an apartment in our basement because he cannot support his family. They were using a dialup modem but I got tired of them tying up the phone so I agreed for them to connect wirelessly to my router.
Since then, and before I suspect, my son-in-law has been viewing porn and I really do not want it in my house but I do not want to start a fight with my daughter by taking away the DSL. Especially since he says he needs it to look for a job.
I tried installing OpenDNS and configuring the router to use it but it did not work. I posted to their forum and was told that each computer had to be manually reconfigured to use OpenDNS for it to actually block certain websites. Since I do not have the password to their computer and do not want to snoop on their machine, that option was out.
I have been reading your blog for years now and you are always telling people that your ISP can see anything and do anything. Well, I am my SIL's ISP so how do I use the router to block porn without having to access their machine?
•
Well, I believe you were on the right track with OpenDNS, but I suspect that the advice you got was a little off the mark.
That being said, I also have to throw out a big fat caveat as well, that you probably won't like.
•
The honest bottom line is that there's no way to absolutely, positively block porn, or anything else for that matter. You can make it more difficult, and maybe that's enough, but for every approach we might consider taking there will be ways to circumvent it.
So with that out of the way, let's block some porn...
You Are The ISP
The observation that you are your son-in-law's ISP is a very good one. The very definition of the acronym is pretty clear: Internet Service Provider, and you are providing internet service.
However:
Your ISP has something you don't: equipment, and lots of it. If you were to look at what your ISP actually has in their data center, you'd be amazed at what it takes to get those digital bits to and from your computer. A high end router, for example, could easily block access to various sites. Your ISP probably has several such routers, but is it worth $10,000 or more to you to get one for yourself? Probably not.
The more traditional approach is to install parental control
software on each machine that might be accessed by people you feel are
untrustworthy ("idiot" or not 
).
As you've indicated, even modifying the configuration for OpenDNS on each machine is not an option, so I'm certain that installing anything is even a less of an option.
So we'll head back to where the ISPs do: your router.
The approach is actually quite simple: when a computer connects to your network at boot time, it asks your router for an IP address. Along with that IP address the router also provides the IP addresses that should be used for DNS lookups (the lookups that translate human readable "ask-leo.com" into what your computer really uses to connect: 72.3.133.152).
OpenDNS
So, we configure your router to provide OpenDNS's DNS
servers to any computer that connects to your local network, including
that of your idiot son-in-law.
Now, unfortunately exactly how you do this will depend on your specific brand of router. For example, in the Linksys router I happen to use, it's configured in the DHCP settings:
With these settings any computer that connects to the internet through this router would use OpenDNS's service.
You'll need to make the equivalent settings for your own router, but fortunately OpenDNS's web site includes instructions for most common routers.
To enable content filtering, you'll need to set up an account with OpenDNS, and configure the types of filtering you want.
Now, there is one gotcha that I suspect is what the initial advice you received was about.
OpenDNS applies those filtering settings based on your internet IP address. In fact, it's part of what you set up when you create an account and add a "network" to the account. All the requests that OpenDNS sees coming from your network IP address are then filtered according to the rules you've configured for your account.
So what happens if your IP address changes?
This is a very common scenario for consumer internet connections, and is called "dynamic IP addressing". One day your internet connection might be on one IP address, and another day it might change. This is totally normal, and is controlled by your ISP.
You can update your IP address with OpenDNS manually, of course. However, OpenDNS does make available a small program which will automatically update OpenDNS's record of your IP address when it changes.
I'm thinking that this might be what they referred to as what you needed to install.
The missing piece is that you only need to install it on one machine - yours. Once OpenDNS understands that the internet IP address has changed for your account, its features are applied to all computers accessing sites through that connection.
So, in your situation, I do believe that OpenDNS remains the best solution - I just enabled it here on my home network's router, and all my machines are now protected.
But please, don't think of it as absolute protection. To the dedicated, there are likely ways around it.
One final caveat: what we've been talking about is web access. OpenDNS doesn't filter incoming email, so any porn spam you might be getting will continue. You'll need to investigate spam filtering solutions for that, and those are likely not things you'll be able to implement without impacting the computers involved.
Related:
-
On Kids, Parents and the Internet An old problem finds a home on new technology: cyber bullying and other internet related harassment seems to be on the rise. What's a parent to do?
-
How do I translate a URL to an IP address? Mapping a domain to an IP address is very easy with several tools, both on your machine and on the internet. I'll look at the two I use.
-
How can I keep my kids safe from internet garbage? There's a lot of garbage on the internet and it's difficult to prevent your children from seeing it. There are tools to help and steps to take.
Article C3667 - March 6, 2009
It's pretty demented to actually monitor which sites adults are visiting. Living with you sounds like a nightmare. Even if your son-in-law is a pain, you are no picnic yourself to live with, I am betting.
Thank God for the First Amendment. What do you have against it?
11-Mar-2009
configure your computer to use a specific IP address for your network AND a specific DNS, and you're not using OpenDNS ..
Posted by: Amin Shah Gilani at March 10, 2009 10:48 AMHope the guy's idiotic son-in-law isn't a computer geek ..
.
btw .. using an online proxy should bypass OpenDNS security .. atleast i think it would. OpenDNS would only see traffic coming in from the proxy server and let it go. O don't remember much from when i last used my OpenDNS account .. =P .. but if OpenDNS blocks proxies, google translater is a useful tool.
.
the guy who asked this should be praying his son-in-law doesn't read this thread .. =P
My ISP requires a login before using its services. I prefer using my router, thus I don't have to login from my machine. More importantly, as Rahul points out, if IS-I-L resets the router, then no one gets out until the router is reconfigured again, assuming they don't know the password required by the ISP.
For those who login in from their machines rather than use the firewall, but have a situation similar to the author of the original question, one could switch over the configuration, per Rahul, AND change the password without providing it to IS-I-L. From that point on, if, IS-I-L pushes the reset, but there goes his access.
I've had several routers. Both allow backup of settings to a PC. This greatly simplifies restoring settings if a router is reset.
Footnote, if IS-I-L actually resets the router, the fight you wish to avoid will be out in the open, but you are on solid to ground to regulate what comes into your own home.
A lawyer would have to advise whether or not you'd have any responsiblity should child porn be downloaded by IS-I-L, notwithstanding the First Ammendment.
Posted by: TacoMonster at March 10, 2009 11:04 AMI've tried three approaches:
1. The content filter on ZoneAlarm running on each machine. This worked pretty well. But the version of ZoneAlarm I was working with about a year ago did not like Vista.
2. Webroot Parental Controls. It is possible to setup a "server" that manages all the clients. Far and away the best controll over who can use the computer when.
3. The Zone Alarm Z100 hardware firewall with wireless G. Extreemly good content filtering. Note there is a supsciption fee per host per year that can be bought in groups of licenses for 5 hosts.
I creat on each machine a "play" account and a "School" account. I then use the Webroot parentla controls to allow "play" only for a few hours after dinner and all day Saturday. The "student" account is allowed to go to only school related accounts any time of day. The content filtering is then done against checkpoints database via a proxy which has proven to be very good. I put the Z100 and other network equipment in a locked cabinet. If you have a tendency yourself to surf porn that you want to mitigate, have your wife enter the password for the Z100.
The only bad thing I can say about the Z100 is that it is on the upper end of complexity for a home user. It's ability to support printers via it's USB ports is limited. I highly recommend checking with ZoneAlarm for supported printers before planning to use the USB/Printer function.
I note that ZoneAlarm is owned by Checkpoint who makes six digit $$ firewalls for most of the banking industry.
We don't allow the public interstate system to be used for a crime, why the internet? The question is porn a crime? Or asserted that we cannot define it thus we cannot make it a crime. Is child porn a crime? Some place in the shades of gray from frontal Nudity to Child Porn a line is clearly crossed. "Under the Influance", e.g. DUI is really shades of gray too but we don't allow it on the highway or streets. Using the highways for a crime is a crime, for example crossing state lines with children of the "Ex". I'm stating something we've already excepted, i.e. public resources should not be used in criminal activity. Do what you want with your own private network. But please don't think the public Tax dollar should be used to support a crime.
Posted by: William at March 10, 2009 2:31 PMWilliam
I have to agree with m g (Posted by: m g at March 10, 2009 9:56 AM). I have my own personal computer in my bedroom and another out in the living room.
Both connected with a router to a cable connection and the last thing I want to do is to spy on any one using the client computer. What they are viewing is there business.
I also noticed the person in question only "suspects" - no real proof - "I may not beleive in what you say, but I'll defend your right to say it."
On the same hand, if there are children in the house, hopefully the son-in -law has taken necessary precautions to protect his child. I suspect in this case this statement is the bigger problem "... idiot son-in-law live in an apartment in our basement because he cannot support his family."
[link removed]
Posted by: Terry Hollett at March 11, 2009 5:53 AMIf SIL and family are living in "an apartment in the basement"--is that apartment really the OP's "own home"? What if rent is being paid?
The OP will find that trying to control the behavior of others is only going to lead to more and more problems. Far better for her to work on her own reactions and behavior--the only things she really has the power to control. But, good for Leo for trying to help, anyway.
I *heart* Ask Leo!
Posted by: afreespirit at March 12, 2009 12:19 AMA very effective ISP that controls porn is found at http://integrity.com/.
Posted by: Lynne Marie at March 16, 2009 5:12 PMCan you bypass opendns by modifing the dns on the computer you are using? Or use a web proxy to by pass it?
You didn't mentioned about desktop porn blockers, such as aobo porn filter, how do you think of this kind of software?
The questioner also did not have the option to install anything on the machine in question, so desktop blockers were not an option. Even so, any thing you install on the desktop can be bypassed by someone using the machine who has sufficient knowledge and motivation.
26-Mar-2009
You really need an internet filter software.
Posted by: WFilter at April 21, 2009 6:48 PMOur company is using "WFilter" to filter websites, block p2p, filter emails...
I am sure its helpful to you.
WFilter website: http://www.imfirewall.us
Posted by: WFilter at April 21, 2009 6:49 PM