6 Tools for Keeping Kids Safe with Open Source
My family uses open source software almost exclusively. Everyone from the toddlers to the teen to the Mrs. have what they need to play games, chat with friends, manager emails, surf the web, keep busy schedules straight, do homeschooling, and pretty much anything they may want to do.
One of Dad’s needs is to make sure everyone’s Internet experience is safe. Over the years, we have used a variety of methods and tools, but I thought it would be helpful share what we currently do to keep the kids safe. Not all of these ideas are exclusive to Linux or open source so you don’t have to be a Linux geek to take advantage of them. There are also tons of other tools and techniques, this is just a list of what I use :
- Firefox : For web browsing, the first line of defense is a good browser. Firefox offers a range of safety features, is relatively exploit-free, and has very timely auto-updates when a problem is found.
- Dansguardian and Squid : We use Dansguardian to filter web content and block sites. One of it’s nice features is that I can use an identd server on each of our boxes to identify the the owner of the process accessing the Internet and adjust the filter accordingly. For example, the kids browsers are pretty restricted to kids safe sites, but when my wife logs into the same box, her surfing experience is more permissive ( she doesn’t want to see porn sites so we have turned on blocking in those cases ) . The cron jobs responsible downloading updates and other files are unrestricted. Squid caching helps to re coop some time lost to filtering.
- Openfire XMPP Server : While and I want my older kids to be able to chat with their friends, there are too may horror stories of pervs getting to kids through chat for me not to want to log and monitor what they are doing. To that end, I set up a chat server that has gateways to all of the major chat networks and allows me to control access and log conversations. The kids get to participate in AIM, MSN, Yahoo, GoogleTalk, and XMPP networks using one client and one access point.
- ASSP EMail Proxy : ASSP is a filtering email proxy that has been a God-send for reducing the spam, phishing attempts, email bombs and viruses entering our house to almost zero. It uses a huge arsenal of techniques to stop unwanted email and has blocked over 56000 junk messages since we started using it.
- OpenDNS : This is my most recent discovery. OpenDNS is a service that will do name resolution for our network, but redirect domains with adult or offensive content. It make a nice supplement to DansGuardian’s domain filters.
- Postfix Email Server : After ASSP get done with the email, the kids’ mother and myself still need an option to monitor and review their email if we get any indications something bad is going on. To that end, I have added bcc_from and bcc_to setting to our internal mail server to keep copies of email to the kids’ accounts.
- Limiting Computer Time : One of the weaknesses I have found with our choice of OS and desktop environment is there is no clean way to limit they amount of time they spend of the computer. While we monitor usage by hand hand, it’s often hard to keep track of exactly how much time each kid is spend. One of the philosophies that drive open source software is the “scratch an itch” principle – If you have a need that isn’t being met, the tools and information are available to the “scratch the itch” yourself. I have started a little set of shell scripts that check login time, sends a 10 minute warning using a libnotify popup, and eventually attempts to log the user out gracefully. But that will likely be another blog entry when it’s ready.
The most important “open” thing we use to keep out kids safe is open knowledge – all of the security and expoit information available for free, advice and ideas posted on websites and forums and detailed information on how to best secure your choice of computer tools. It takes effort to keep up to speed and make use of the knowledge, but I’m pretty sure my clan is worth it.