First of all the obligatory mention of talking to your children about internet safety is by far the most important step in keeping them safe.
Here's what I do.
I have a separate Wifi network dedicated for the kids devices (check and see if your router supports 'Guest Network ' functionality.
This Wifi network runs on a schedule so it turns on at 8am and disappears at 8pm.
All mobile devices and kids computer accounts use the free family shield DNS service https://www.opendns.com/home-internet-security/
Mobile phones are trickier because their data can circumvent most stuff. Check to see whether your cellular carrier offers parental control setting on data. Personally I lock down which apps can use mobile (for example YouTube can't
Some years ago I did some volunteer review work in website labelling on OpenDNS
Sidenote: OpenDNS is great if you know anyone with kids and who want a free DNS filter that blocks bad sites, specific types of sites, including pre-packaged lists of site categories
Anyway after just an hour or two, you really start to rethink humans as a single species. Not sure how else to say that.
You know there are some truly disturbed, sick bastards in the world, but when you see it and you know they are targeting kids on top of it...
I quit after that day.
Use a different DNS, like openDNS.
You can set you own filter and even set your own graphic and message for when people try to access things that they should not.
Because this filtering is at the DNS level and not software level, it'll be much harder for kids to get around.
Mobile data is still an issue, but there are ways to combat that too.
only a stupid person will install such app .
you can delete your porn and put safe DNS like OPENDNS (<strong>https://www.opendns.com/</strong>) to stop opening porn sites .please don't trust anyone
Yeah. It's probably time we start moving to encrypted DNS, something like https://www.opendns.com/about/innovations/dnscrypt/ maybe?
If the DNS request is encrypted, and the HTTP request is also encrypted, there's not a lot left for the ISP to know about, is there?
Are you talking about Google Public DNS or OpenDNS? They're not the same.
Though for what it's worth I do like using Google's Public DNS, they resolve faster than many ISPs' own DNS servers so it's kind of a speed boost for your web browsing & whatnot. Haven't used them to get around ISP level site blocks, not sure how well this works in that context.
run an "Offline Scan" with Windows Defender. It will scan your PC before Windows loads.
majorgeeks.com for your one stop shopping place for free stand alone scanners
Try ADWCleaner (Malware-Bytes bought them out a few years ago)
Then run Malware-Bytes Anti-Malware
Once you get things cleaned up:
Install Ublock Origin in your browser(s)
Sign up for a free OpenDNS account and add their DNS servers to your network
Internet is not going to censor itself for your children, if you don't want your kids to see something use an internet filter. It's YOUR responsibility to control what your children get to see on the internet, on TV and everywhere else. Seriously if it bothers you so much look into using something like this: https://www.opendns.com/home-solutions/parental-controls/
>The beta version of the app which is for now meant for laptops and desktops was launched on Monday and has so far 238 downloads.
238.. Wow! So many! Also reinventing the wheel
Wont stop 8 yo's from bypassing it though. And if you want to give your 8yo a bit of a challenge, use https://www.opendns.com/setupguide/#familyshield
You could make a separate vlan for your child's devices and block adult content on that vlan using https://www.opendns.com/home-internet-security/ as the DNS for that vlan.
https://www.opendns.com/home-internet-security/
Free DNS filtering that goes on your router that blocks all of this stuff from your entire home network. Pretty easy to set up and manage. Then, you can make sure that the kids account on the computer is not an admin account so they can't change the DNS setting on the computer itself to get around it.
>does not hijack your browser if you try to visit a non-existent page
OpenDNS does exactly that though, unless they've changed lately.
EDIT: /u/312c is right, they have changed and recently stopped hijacking queries: https://www.opendns.com/no-more-ads/
It's not really blocked, it's just a DNS hijack. I live in Norway, and thepiratebay.gd is most certainly not blocked for me.
But then, I use opendns.com's DNS server. Another good DNS server is 8.8.8.8 (Google).
Yet another workaround is to use one of Pirate Bay's own proxies.
First of all, the DNS settings are independent on the type of connection you're using. It applies to both wired and wireless connection, so it's not a "Wi-Fi tip".
Secondly, the DNS is the service that translates names such as (www.reddit.com) into addresses. Unless your ISP's DNS servers are slow (far) as hell, it's unlikely that you will get a faster response from Google's. That said, Google DNS is likely far more reliable than your ISPs (a couple of times my ISP's DNS went down, for instance) and you might be more comfortable (or not) knowing that your DNS traffic is known by Google and not your ISP.
Since all DNS is generally sent in the clear, you might want to check out DNSCrypt from OpenDNS.
Speaking of OpenDNS, I use their DNS instead of Google's because I trust them more. Also, since all their business revolves around DNS, I bet it's as reliable as Google's, if not more. I put Google's DNS as a backup, though.
To conclude, the only way to improve your Wi-Fi connection is through a careful configuration of your Wi-Fi router. But you have to know what you're doing.
I use some of the adult content filters in pihole and they are pretty effective. In addition, as a second layer, you can also set the DNS resolver in pihole to Adblock DNS Family Protection or OpenDNS Family Shield ip adresses that are both free of charge.
Most requests would be blocked by the pihole, but anything that gets through is blocked by these services. Of course, these services apply to the whole household. But adult content can still be accessed via a VPN on a machine-specific basis and this goes around the pihole.
I'm in IT and I would second this. If you're looking for content filtering (which it sounds like you are for the most part) OpenDNS running at the level of your network is a great way to do that without leaving any software installed locally that he could potentially remove. OpenDNS has a number of free options as well as a paid service that would provide some of the analytics you'd want to be able to see if he'd potentially run across something malicious/disturbing, what websites he's spending his time on, etc. It's also updated far more frequently than most installable content filtering software. https://www.opendns.com/home-internet-security/
I would also strongly recommend setting him up as a standard on the new machine. Reserve the administrator account for yourself to assist with software changes and system settings modifications. This setup would also allow you to set the local DNS on his computer to point to OpenDNS without filtering setup for the entire household (network level) if you'd prefer that configuration and would prevent him from modifying the DNS settings once you've changed them. Forgive me if any of that was over-explained. :) Hope that helps!
As long as people are mucking around with their DNS settings, they might as well install DNSCrypt. It won't help for things like this, but it will prevent some MITM attacks and encrypt DNS traffic.
You probably need to set up something like this https://www.opendns.com/home-internet-security/ to block torrent sites, and then add it into your house rules that guests will be liable for any fines from downloading illegal content
You shouldn't feel guilty. Your a 17 year old your body is wreaking havoc on your brain. Your brain is still developing and getting away from undesirable habits is hard. This is one of the hardest points in your life to have have control over self.
God is not disappointed in you. God understands that we sin and gave us salvation so our sins don't have to weigh us down. Your going to make mistakes and going to fail over and over again. That's ok! That's part of life and struggles that come with being human. What's important is that you reflect on those mistakes and try to live better the next day.
Also you should know your normal. It's normal for young people to feel the way you do. If your starting to have a problem this is a good time to catch it early. Treat it like you would any other goal. Break things down to obtainable short term goals and build up to long term ones. You should do this with everything you want in life. Including your walk with Christ. Life is long and complicated your journey with Christ will likely be the same. Understand failure is not an unsuccessful attempt it's when you stop trying
On a more practical note here is a link to setting up a DNS filter for porn.
https://www.opendns.com/setupguide/#familyshield
If you set this up most explicit sites will be completely blocked. You will have to put effort into turning this filtering on and off. That way you have a minute to think about what your doing.
>revise el historial y tenia weas como: big fat mom,anal rape mom,cumshot mommy y puras weas con mom y cosas asi.
Puede ser una coincidencia de las recomendaciones de los sitios. Si estás preocupado por la falta de figura maternal, consulta con espcialista. He conocido hombres con actitudes bien raras en la adultez por la falta de la figura materna.
Algunos consejos:
Ten la típica charla padre-hijo sobre sexualidad, si que aun no lo haces.
¿Qué clase de padre le da acceso libre a internet a un menor? Bloquear el porno es muy fácil. Aunque si el muchacho quiere ver porno lo conseguirá igual.
Está claro que el muchacho está empezando a conocer su cuerpo y no sepa canalizar toda esa energía acumulada. Alguna actividad o pasatiempo podría ayudar (lo ideal es que ambos participen), mejor si son deportes ya que así gasta energía y no le darán ganas de agitar la nutria.
Pero no le gustan los deportes, pasa metido en la casa. Bueno, enséñale a tus hijos el amor por los videojuegos y te aseguro que en el futuro no tendrán dinero para drogas.
Asume que el muchacho se va a masturbar igual. Si no es con porno desde internet, será con cualquier cosa que se asemeje con una mujer.
Checks out:
208.67.222.222
208.67.220.220
208.67.222.123
208.67.220.123
EDIT: formatting
> Den jäveln runkade!
Ungdomar som vill titta på porr kommer bara att söka sig till suspekta sidor där porren är tillgänglig. Folk tittade på porr innan internet och det verkar inte ha varit så svårt att få tag på, så det enda man gör är att vifta med moralpinnen. För någon lösning på porrmissbruk och kass kvinnosyn är det inte.
Jag klagar inte på att införa ett filter, men då ska det vara att man aktivt gör valet att använda filtret. Inte tvärtom. Ett internet där staten reglerar vilka sidor jag får och inte får besöka ska vi inte ha.
Apropå filter för att blockera porr så finns det redan. Informera oroliga föräldrar om det istället. OpenDNS är ett lättanvänt exempel, så slipper man sin internetleverantörs DNS-serverar på köpet.
OpenDNS. You'd have to find the ad servers and blacklist them. My list is:
ad.ca.doubleclick.net
ad.doubleclick.net
ad.nozonedata.com
adclick.g.doubleclick.net
adimages.go.com
admonitor.net
ads.pointroll.com
ads.web.aol.com
ads.x10.com
adservices.google.com
advertising.com
amazingmedia.com
atdmt.com
clickagents.com
cloudservices.roku.com
commission-junction.com
doubleclick.com
doubleclick.net
go2net.com
googleads.g.doubleclick.net
googleadservices.com
msads.net
pagead2.googlesyndication.com
qksrv.net
zedo.com
You can have encrypted DNS with dnscrypt, however OpenDNS describes that as complementary to dnssec:
"DNSSEC does a number of things. First, it provides authentication. (Is the DNS record I’m getting a response for coming from the owner of the domain name I’m asking about or has it been tampered with?) Second, DNSSEC provides a chain of trust to help establish confidence that the answers you’re getting are verifiable." https://www.opendns.com/about/innovations/dnscrypt/
I'm with you that a user would want both, but it's a bit harsh to call dnssec lame when it is simply not the whole solution. It's still a step in the right direction.
Trygt å bruke om man syns det er greit at all internett-trafikken din går via Google, som allerede vet det meste om de fleste, mener du?
Hadde tenkt å anbefale OpenDNS, men de er visst kjøpt opp av Cisco. Noen som vet om en god, uavhengig DNS?
It is better to lock down things at the router level using something like opendns
https://www.opendns.com/home-internet-security/
Problem with lockdowning a pc, it is easy to get round using tablets, mobile phones etc.
You might be able to lock down their devices easily enough, but you cannot do it to their friends, short of denying them access to your router.
If you lockdown the router and password protect router your 'little monkeys' cannot easily get round it.
Even then, there are ways of getting round it, but by the time the 'little monkeys' know how to do that, you can only rely on education and trust ,and at least be satisfied you have budding computer experts.
For anyone who may be interested, OpenDNS's (I refuse to start calling it Cisco OpenDNS) has an acquisition FAQ page.
Also, quoted for the record (from the above linked FAQ) so I can point back to this when they inevitably break their promise and discontinue free individual use:
>The free service will continue to operate. It’s part of who we are, and Cisco loves who we are. We wouldn’t have entered into this agreement if we believed our free service would be in jeopardy. On contrary, Cisco’s commitment back to you is to maintain OpenDNS’s DNS services exactly as it is today. In their words: “This level of service for all users is a priority.”
Assuming that the iPad is on your own WiFi network, you can use something like OpenDNS. Basically after you sign up, you go through there config screens to set what sites you don't want accessed. Then you'll set your WiFi router's DNS to the IP that OpenDNS gives you. Any device that connects will go through OpenDNS and sites you don't want accessed will be blocked. You will have the ability to set a bypass password so that you can still get to them if you want.
Answers based on my own experiences with eero. I moved to eero from AirPort.
Should be able to cover everything an old AirPort can cover, but antennas and interference can have an effect. You may have to change placement.
Apple devices work fine these days and with one eero, it shouldn't matter.
eero is plenty fast enough to handle pretty much any internet connection, short of gigabit fiber (and you won't handle that wirelessly with anything).
You can use a third-party DNS with eero like OpenDNS Family Shield or OpenDNS Home. https://www.opendns.com/home-internet-security/ Pausing a set of devices (a profile) is part of the base eero functionality.
Bonus. You can keep your Time Capsule (turn WiFi off or join the eero network) and still use it for backup.
This is a completely useless way of testing the performance of any service that sits on top of a global network - testing from 14 nodes means they're not even hitting all of these providers' facilities. OpenDNS has nearly twice as many facilities than he has test nodes.
Also based on the locations they tested from, guessing he just spun up a bunch of servers in AWS or Digital Ocean, which tells you absolutely nothing about the performance an end user on an actual eyeball network could expect from any of these services.
Look at the results from New York: #1 Google: 1 msec #1 Quad9: 1 msec The server they tested from is literally in the same building (or they're hitting local cache which would be even more facepalm).
Several relevant suggestions have been made but your reply to all of them has been this:
"Can I let someone else do this? I have no idea on how to do all this."
If you aren't willing to learn you either need to educate your users not to look for inappropriate content or you can try a managed service such as OpenDNS. If the users are smarter than you they could easily bypass this of course.
Use these OpenDNS IP addresses for your router:
208.67.222.222
208.67.220.220
You can do some really neat things using OpenDNS if you're so inclined:
https://www.opendns.com/home-internet-security/
Exactly. I can recommend DNSCrypt: https://www.opendns.com/about/innovations/dnscrypt/
It's a step beyond just using Google's DNS or something like that, but it's a completely uncensored, secure solution that can easily be coupled with a caching local nameserver. That means
Uncensored DNS responses
No spoofing or other practices to change the replying server
No alterations to the data stream itself possible
No sniffing of visited sites, no leak attacks against VPN users etc
Control over the transport mechanism for greater resilience against authorities blocking uncensored DNS servers
Easy control over your DNS cache, i. e. less queries that take time (with a caching nameserver)
Better rulesets for determining what server to use in what case (with a caching nameserver)
[Edit: Just changing your DNS by 'ordinary' means would eliminate everything past the first point. And the first point is of course not verifiable in either case, but I'd trust someone who develops such a system more than other DNS server providers.]
Linux instructions are here (not really Arch-specific), I don't know how to do it on Windows or Mac OS. I've not noticed any kind of drawback apart from the setup process taking some effort and new names not being propagated as quickly (which shouldn't really be an issue to the average user).
Look into OpenDNS.
https://www.opendns.com/enterprise-security/solutions/web-filtering/
No offense, but you won't be able to setup a DNS server on your own network, it's not for the uninitiated.
As another reply said, they haven't done that since June. https://www.opendns.com/no-more-ads/
Worth mentioning that namebench doesn't list it for OpenDNS (it's a whopping 2x as fast as my ISP's) whereas NX hijacking is listed for my ISP which obviously has an interest in injecting targeted ads.
Disclaimer: Obviously nothing is perfect, kids should always be monitored when using the internet.
I did nothing extensive because things were generally secure from the start.
I didn't give her a sudo password, installed and set rkhunter to occasionally run a scan, and made sure the firewall was up and running.
I also implemented some rudimentary content blocking via OpenDNS. It's fairly easy to do for a single device. You could accomplish the same thing with PiHole if you'd like something more fine grained or under your control.
This is a rather blunt tool I put in place for additional peace of mind. It's still possible to find adult content on a site like say, reddit, for instance. Any kid old enough to go looking for that kind of content is probably smart and/or determined enough to find it on non-porn websites. But OpenDNS or PiHole might prevent you from having an awkward conversation before they're ready.
I'm an addict, but I set up OpenDNS (www.opendns.com) on our home network. This both filters out adult content and will log what websites are accessed and when, *even when using incognito mode*.
While this won't help you prove he hasn't used in a year, it may help you feel better moving forward.
Of course, he can always switch to a mobile device and a mobile data network...if he has an iPhone I'd recommend asking to see his "Screen Time" app, which shows what he's been doing on his phone for the past 7 days.
> Sean Goltz, a senior lecturer at Edith Cowan University Joondalup’s school of business law, said there were arguments for technology’s positive impact on our ability to connect and access information, but the internet was inherently bad.
Yeah, I wouldn't use an article like that to back up your argument. There are so many controls that are easy to put in place on devices that you can use to access the internet. If kids are accessing stuff that they shouldn't be, then it's the parents that have failed. It's understandable though as there's a fear bred from articles like the one above.
Letting kids have unfettered access to the Internet is like letting them loose in a library. There's some amazing stuff out their that can enrich their lives, but there's also a lot of stuff that you as a parent may want to keep them away from until they're older.
With iPads, it's trivial to control what apps the kids can load. If you're concerned about what they might be browsing on the Internet, set up something like Family Shield from OpenDNS. That's what I used before I set up a proper firewall at home (I'm in IT, that's probably beyond where most parents would go).
A parent's job is to keep one step ahead of their kids with pretty much everything they do, but don't be misled into blanket bans on things like technology as they could end up missing out on some great stuff.
alright, here's two things to try:
reset your DNS cache -- Start > Run > cmd /k ipconfig /flushdns
switch to an alternate DNS provider, such as OpenDNS, GoogleDNS, or Cloudflare.
the first method might work immediately, but sometimes i've had to restart the browser or even the whole computer for it to take effect.
the second method is a permanent solution to many DNS issues, typically because your ISP's DNS servers aren't performing well (or even if they're blocking some sites).
if neither of these work for you, then it points to some other issue with your PC or your network configuration.
one question.. you said it works on your phone with mobile data.. but does it work on your phone when you're on your home WiFi ?
Look at grammar and spelling very closely, often these attacks are coming from Africa or Eastern Europe and you can tell the writer's primary language isn't English.
Threats of "account suspension for (insert reason)" if you don't click a link and "verify" your account information right away. If in doubt, forward the e-mail to campus tech support and they can tell you if it's legitimate.
Mousing over any links shows that you're being sent to some other website than an office on campus. Often, there will be a ".ru" or other foreign extension instead of ".edu."
E-mail claims to come from "Campus Technology Services" or some other generic name, but there is no such office on campus.
Here is a good quiz that you can take to see if you can spot legitimate websites vs. fake ones:
You can do this now if you like :
https://www.opendns.com/home-internet-security/
Set your home router up to use their DNS servers and you’re 1000x more effective as porn filtering than you are right now.
It’s free and pretty effective.
Came to say this! Ad blockers!!
Also relevant: Raspberry Pi DNS based Adblock
I use both (raspi as primary & opendns as fallback). I also configured the Pi to replace ads with cat gifs.. it's great!
openDNS family shield, you can change you router's DNS to these DNS setting and it catches a lot. Not a solution to your situation but a step that can help.
For a rock bottom solution many consumer routers offer scheduled internet access so it could turn off at bedtime and on in the morning. I have an Asus AC66u that has this although there are better options now. As far as filtering you could use something like opendns family shield which will restrict the general content that's available https://www.opendns.com/setupguide/?url=familyshield. From there just make sure all your kids devices are fed from that router.
I'm in the same situation with kids getting internet access and am looking at setting up Sophos UTM on an old computer I had lying around. This enables more control/logging/ and virus scans for downloads with a more friendly gui than pfsense.
Really it comes down to how much time/money you want to invest, how technical your kids are, and how much control/logging you want.
Darò per scontato che tu abbia familiarità coi DNS e coi motivi per cui uno potrebbe volerli cambiare.
Vodafone ha storicamente sempre filtrato tutte le richieste DNS con la scusa della sicurezza, in pratica potevi mettere il DNS che volevi ma comunque la station avrebbe intercettato la richiesta e avrebbe risposto lei con DNS Vodafone. Se googli trovi molta gente che se ne lamenta.
L'unico modo sensato per aggirare quel filtro era DNSCrypt, non comodissimo e utilizzabile solo su pc e portatili. Da circa sei mesi invece (credo grazie all'intervento di qualche autorità) è comparso nel pannello di controllo della station il tasto "Secure DNS" accompagnato da questo spauracchio:
>Keep Secure DNS setting to ON in order to prevent malware to infect your devices and direct your Internet traffic to malicious websites. You can turn it OFF if you wish to manually configure the DNS on your devices.
Tra l'altro sniffando il traffico, sebbene al momento le richieste DNS vadano a chi di dovere, si può notare come la station si metta ancora in mezzo. Una richiesta DNS per "A sito.com" viene modificata prima in "A sito.com.station", poi in "AAAA sito.com.station" e solo dopo che sono falliti i primi due verrà richiesto "A sito.com". (Ma questo credo sia un refuso nel firmware, rimasto da quando i DNS erano per forza vodafone.)
>Also, la tua casa dista molto dal cabinet?
A me la fibra entra in casa, non credo abbia senso parlare di cabinet.
So technically it wasn't tracking software...just opendns adult content site blocker. He'll figure out how to disable it when he puts his mind to it.
I believe this is the responsible thing.
OpenDNS Family Shield. Just a quick run down, when you type in an address, like "reddit.com" your browser sends that address to the DNS server. Your DNS server turns that into an IP address (198.41.208.139). If your DNS server is set to Family Guard, and you try going to a blocked site, the server won't give your PC the right IP address. https://www.opendns.com/home-internet-security/parental-controls/opendns-familyshield/
Sadly not purely with Eero. The simplest way to achieve this (the least technically involved one) would be to use OpenDNS, which lets you sign up and configure filters, then you can set that as your DNS in Eero. That doesn’t let you filter on one network but not on the other, however.
The more technically involved option, which would probably enable you to filter on just one network, is to run your own DNS resolver locally. Pi-hole is super popular for this kind of thing, so you’ll find plenty of tutorials and documentation for it.
I think you have something backwards here. Google is 8.8.8.8 and 8.8.4.4. https://developers.google.com/speed/public-dns/
OpenDNS is 208.67.222.222 and 208.67.220.220.
They have their own, competing "standard" if you will... https://www.opendns.com/about/innovations/dnscrypt/
Although OpenDNS is now owned by Cisco, so maybe they will adopt this standard as "better" than the last?
In the end, it comes down to who do you trust for DNS, cause if you "tunnel" "securely" to OpenDNS or Google DNS, do you really think they're going to do any less shady (monetizing) things with your DNS than some of the major ISP's have?
> I'm looking for the most simple and direct solution to help "grandma/your parents/your teenage daughter" navigate the internet safely.
Why not set them up with OpenDNS Personal? That's going to be much simpler.
> your average non-IT person has no idea how often they should be buying/upgrading
3-5 years is typically fine for hardware. That often nets you the OS upgrade too because the Microsoft client OS is on a 3-ish year cycle.
>what gives viruses and what doesn't
Documents opened from email. Pop-ups from webpages telling you to download and install software ("you must install this special version of the Flash player only available from this webpage..."). Use something like UBlock Origin to protect your browser. Setup OpenDNS personal to help mitigate network based attacks.
How do you learn this sort of stuff? Using Reddit is a good start. Places like /r/techsupport and /r/HomeNetworking are great places to ask questions. There have also been countless articles on this sort of thing published on the likes of LifeHacker and others over the past five years. With the rise of ransomware these types of articles and simplified solutions are even more prevalent.
Use whatever router you want but set up your DNS servers to be either OpenDNS FamilyShield or Norton ConnectSafe. I use OpenDNS at the router (ERL) and it works great. At some point your kids will get sophisticated enough to get around it but by then they'll probably be drinking and smoking anyway lol.
I'd recommend looking into either Norton ConnectSafe or OpenDNS FamilyShield. Configure your router to use these custom DNS servers instead of the Google DNS. You change this under the advanced setting in the app.
https://dns.norton.com https://www.opendns.com/setupguide/?url=familyshield
Check out OpenDNS Family Shield. It should be a fairly passive filtering system but it still might miss content you think is inappropriate on youtube, for example.
If you'll indulge my own opinion... Don't even bother with filtering. Just keep all computers (the kid uses) in a "public" room. Make sure it has a password set so s/he can only use it when a parent is around. Change the password once in a while, kids are very resourceful ;)
Eventually, s/he will access some inappropriate material. When you catch it, explain to him/her that it's in appropriate and WHY it's inappropriate. In my humble opinion, kids need examples from which to learn how to conduct themselves appropriately and safely on the internet.
As /u/Kinno mentioned, you can control this on your router, but an easy way to manage this is to point your router's DNS to either OpenDNS or Norton ConnectSafe, then you get their controls.
Norton is easy and free, the simplest use (malware blocking) doesn't require you to do anything other than configure your router to use it for DNS.
https://connectsafe.norton.com/homeuser.html
OpenDNS is also free, but a little more complicated as you have to sign up for an account and install software on a PC (unless your router has OpenDNS support). I personally prefer OpenDNS because it provides great performance, good default categories and the ability to blacklist or whitelist, and report on usage, for free.
Can you add our company, OpenDNS? I'm based out of our SFO office, but we have >50 people downtown in Vancouver. Email me (pthomas at opendns) and I'm happy to answer any questions or directly refer you. We have had many interns and new hire grads in the past.
You have a couple of options.
You can keep the network as is, same password, same security. However to restrict devices and people, you can enable MAC filtering. Create a whitelist and register each device on the network. Disadvantages are that some lower end routers have a limit of 20 or so addresses. Registering MACs can be tedious at fist. However enables you to know exactly what device gets on the network.
The other option is to opt for WPA2 Personal. This too is tedious to manage, but would allow you to give out each person their on username and password to log in with.
In order to monitor what people are doing, you'll need to set up some DNS caching or proxy. This is more advanced and frankly they can just setup a VPN to bypass it. It may not be worth it. I'm not sure what country you're in, but in the US a federal judge has ruled that an IP is not enough to ID a person. This may not be enough to keep the SWAT from bringing down your door though. If that's the case, look into setting up an Open DNS account.
DNS is a fickle beast and I agree on using alternatives to ISP's as they can get borked from time to time, Vox is the worst offender as far as I am aware.
OP, may I rather suggest making use of OpenDNS? Their free to use service I find is quicker than Google's DNS and somewhat more reliable. For the more tech savvy you can configure a DynDNS service with it and block specific categories including malware.
OpenDNS server addresses are:
208.67.222.222
208.67.220.220
And they have a handy guide for configuring it.
Not exactly.
> Why DNSCrypt is so significant
> In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks.
I had many times when MMOs went bad with connection.
usually what helped me "get around" until it is fixed was this:
go to open DNS and update your computer to use Open DNS: https://www.opendns.com/
open CMD and type: ipconfig /flushdns
launch the game and check it out again.
if that is not working try to ask zos for an address to run pathping command on to see which pointing the way is slowing you down, might be something with your ISP which pathping can give you indication on what to tell them.
Curious Have you reached out to OpenDNS to get a quote?
https://www.opendns.com/enterprise-security/solutions/k-12/
What is your budget that you have to work with? I guess what im asking is, what is cheap to you?
Do you have problems with any other Japanese site? If you haven't done so, try using Google DNS or OpenDNS. Your ISP's DNS probably isn't optimized for overseas connection at all.
> These things are always going to need to be grouped though, expecting parents to be able to create and manage filters for thousands of sites is unlikely to work well. Why not have a free service provided by the ISP? >
http://www1.k9webprotection.com/
Completely free, easy to install, updated automatically.
Why are ISP controls needed when free stuff like this is available?
If you're going to pay there's also NetNanny and stuff.
OpenDNS for all devices on a network too, free, no matter what platform.
Level 3 also allows their DNS servers to be used; 4.2.2.1-4.2.2.8 I think. I have my network manager in kubuntu set to 4.2.2.1 and 4.2.2.4.
opendns hijacks mispelt domains for ads :( but they are the only servers that provide for encrypted queries apart from DNSSEC which seems to be a very very heavy tool, when all I want is to do prevent DNS leaks....
208.67.222.222 is one of the IPs for OpenDNS, which I'm guessing the exe forwards the irrelevant requests to it so you can still use the internet on your device without going back and forth with settings.
I had to look out of state for a good paying IT job. I am a System Administrator for OpenDNS and I work from home in the OKC area and travel out to San Francisco every other month for a week. We don't support SOPA or PIPA, ~2% of the world's internet users rely on us for DNS services, we have 15 data centers in 5 different countries. We're always doing something pretty awesome. ;)
Protips:
More like a routing problem actually. There's only two OpenDNS DC in South America, both in Brazil, while NextDNS have at least five countries
Recommend you look at this for his PC:
Free.
https://www.opendns.com/home-internet-security/
Can block adult content, violent content, fringe political, etc.
Not hard to set up.
You can try https://www.opendns.com/ it’s a DNS service powered by Cisco. After creating an account you can configure something. I never used it but networkchuck from YouTube did - https://youtu.be/BSplICgr7iU
>είναι ασφαλές, δεδομένου ότι οι συσκευές θα χρησιμοποιούνται για e-banking, παρακολούθηση καμερών κτλ.;
Πρεπει να ορισεις τι εννοεις "ασφαλες". Από ποιον θες να προστευτεσεις τι; Δεν παιζει να ορισεις την ασφαλεια αν δεν πεις τι ειναι αυτο που θες να προστατευσεις και από ποιους. Παραδειγμα: αν θες να προστατευσεις την ιδωτικότητά σου απότο google ε τότε οι dns της google δεν ειναι ασφαλεις. Οπότε πες τι θες να προστατεψεις και από ποιον. ;)
>υπάρχει περίπτωση η αλλαγή αυτή να επηρεάσει το τηλέφωνο του σπιτιού, δεδομένου ότι κι αυτό πλέον λειτουργεί μέσω Διαδικτύου;
Ξερεις ότι μπορεις να ξαναλλάξεις τους DNS αν δεις καποιο πρόβλημα ετσι; ;)
​
>Σκεφτόμουν να χρησιμοποιήσω, κλασικά, τους σέρβερ της cloudfare ή της google.
αυτό το "κλασικα" πολύ θα θελα να ξερα πως προεκυψε. Εγω π.χ. κλασσικά για τουλαχιστον 15 χρονια (και βαλε) χρησιμοποιώ opnedns ;)
Pi-hole and their blocking is great but only updates weekly, I use OpenDNS as my upstream DNS to take advantage of their real-time blocking and other features. OpenDNS
There is a PI-hole Reddit. https://www.reddit.com/r/pihole/new/
Ti do un consiglio da informatico. Cambia i dns del tuo computer con quelli di OpenDNS, i family shield nello specifico. Installa uBlock Origin per bloccare gli ads e i siti poco affidabili. In due minuti ti sei risolto gran parte dei problemi e futuri "fastidi".
P.S. Gli ip dei due dns, così non perdi tempo. 208.67.222.123 - 208.67.220.123
Thank you for sharing this, also a better solution would be to block Adult content internet wise and not per device. If you get tempted you can rush to your laptop and watch it there. Take a look at OpenDns Family Shield 🛡 You can set it on your router or set it on every device you use. May Allah make it easier for all of us.
No, it's still around. Anyone can still point their DNS to their IP addresses, or sign up for some of their other free tiers for like family shield stuff.
Depending on the ISP, other dns providers might be more reliable and faster (faster at resolving the url request; does not increase your internet speed). A minor thing I’ve hated about ISP dns is that it often redirects to a search page for url errors; other dns providers don’t.
I’d argue that the biggest benefit of changing dns is setting two different DNS providers as primary and secondary (if one goes down, you don’t notice since your fallback is different). I use Cloudflare dns as primary, and Google DNS as secondary. I like Cloudflare for its privacy focus. My router has an option to set a 3rd DNS, which I set as OpenDNS. Cloudflare actually went down briefly last week and, while dns providers going down is rare, it’s nice to avoid the interruption by setting different providers for primary and secondary.
An alternate solution that you would have to really work at to disable:
Swap your dns over to a filtering dns like openDNS. Make yourself a brand new account on your mac without administrative abilities for your normal work. Have someone not you reset the administrative password on the admin account. The only downside here is that you'll need the other person when you want to install software etc.
Ultimately, nothing anyone here suggests is 100% safe from being bypassed, and you really ought to talk to someone as you're trying to use tech to solve a non-tech problem. That said, the above should be sufficiently easy to set up, and sufficiently difficult to bypass for the average person that it will likely be pretty good at deterring you.
Google Chrome extensions are easy to disable so that in case you have an unintentionally installed extension, it's easy to get rid of. I would recommend using web filtering software like OpenDNS Family Shield to block adult content. It can be installed on Macs/PCs, mobile devices, and at the router level to block all adult traffic on your home network.
If you install it at the router level, it may be possible to change the administrator credentials of the router so you can't get back in to change it. Make sure to give the credentials to someone you trust (or have them set the password) so you are able to get back in in an emergency.
If this advice is of any use to you, I only accept payment in the form of Reddit Silver or cat pictures.
Not working with quite a few DNS servers as you can see here: https://dnschecker.org/#A/forums.boxofficetheory.com
Set my router to use OpenDNS and now it's working. https://www.opendns.com/setupguide/#results
> leur empêcher facebook et le porno
Je doute que leur empêcher l'accès à Facebook soit judicieux. Si tous leurs copains utilisent ça et qu'eux sont coincés à l'âge de pierre (email)... bof.
Une technique qui fonctionne bien, c'est l'utilisation de la machine seulement quand les parents sont autour, ça évite un certain nombre d'abus... et pour bloquer les sites porno, regarde OpenDNS qui propose ce service : https://www.opendns.com/setupguide/#familyshield
Au collège, de mémoire :
If you're using duckduckgo but leave 8.8.8.8 / 8.8.4.4 as your DNS lookup it's pointless, since you're giving them every address you type in. Websites are not "www.infowars.com", they're numbers like 123.45.67.890.
DNS servers take the name and let you know what the IP is for it.
Everyone should be using OpenDNS so we're not sending EVERY WEBSITE WE VISIT to Google!
DNScrypt should help you, uses port 443
https://www.linkedin.com/pulse/quic-look-dns-james-montgomery
https://www.opendns.com/about/innovations/dnscrypt/
You may have to run a vm to convert DNS to dnscrypt as it may not be doable directly in pfsense.
DNS Crypt uses other ports than 53, its also encrypted and includes servers with no logs.
There has been too many vulnerabilities to TLS, I barely consider it a deterant but I still wouldnt for example use HTTP for sensitive stuff.
You are thinking about DNSSEC.
And I think DNSCrypt does use TLS and not anything less insecure. https://www.opendns.com/about/innovations/dnscrypt/
> I believe that using https will reveal the domain but not how long it is accessed or any folders visited therein.
This is correct, but I was wondering about secure DNS, but it looks like that is more of a system to prevent hijacking than it is to secure the privacy of the records. For that you need something like DNSCrypt apparently, but I haven't looked into the background of that enough to know how realistic that is.
> I know using a commercial VPN will bypass your ISP, but still subjects you to the integrity of the VPN itself, who can freely and legally sell your browsing information.
Yep.
> But, If you actually built and hosted your own VPN, in theory you would have total control over all of the information, and cut the ISP out of the equation completely.
You have to exit the system eventually.
Try changing the DNS in your home router. Do so also on your phone:
>208.67.222.123
>208.67.220.123
These come from OpenDNS, owned by Cisco.
I have a friend that uses the OpenDNS free/home version for work. I can select filter categories and whitelist/blacklist individual sites. It's somewhat hidden on the Cisco website.
Got a link for that? I looked at their $20/mo home VIP plan but it only seemed to include a year of logging and the ability to switch to a whitelist setup.
Set up OpenDNS with either their pre-built servers or roll your own filter with them for free. It's not hard to set up, and it does pretty well. I don't know how it does on image searches, but it'll stop stuff at the domain level.
We are getting each of our kids a Kindle Fire (2 bio, 2 foster), and to handle that we are also getting a Circle to enfore the parental controlls. Amazon already has some, but we wanted something a little more centralized. I can't speak with experience yet, but I'm impressed with the demo videos I've seen. The Circle handles things as a device-level, so if your daughter is the only one on the desktop, you can use it. Otherwise, it won't do you much good.
Finally, make sure the desktop isn't in her room, but in some semi-high traffic area. Nothing beats your presence when it comes to technology. We have already talked with each other about where and when our girls will be able to use their devices, and rooms are completely off limits. Our house makes it easy, all bedrooms are upstairs, downstairs is the living space. Thus, no tech upstairs.
> It will probably resolve itself though when an ISP inevitably gets hacked leaking a lot of people's personal information and the government realise how stupid and technologically incompetent they are to have introduced a law like this.
It'll probably resolve itself when BT decide to half-arse the filtering by simply using primitive DNS-blocks (that's all they used for the Pirate Bay block).
Change your network settings to use Google's unfiltered Public DNS servers or to OpenDNS and continue as normal.
The upside is that this is also driving adoption of SSL/TLS even by sites which don't strictly need it (static sites, or read-only sites with no login or sensitive data handling), which helps hide your browsing history.
Not sure you can do this over mobile data, but if you are using your own router at home, you can get OpenDNS Family Shield and configure it to block porn. This doesn't need to be installed on each network device individually. What it does is configure each device on the network to automatically obtain the address of OpenDNS's servers. Then the Family Shield will stop all devices from accessing porn. I'm fairly sure you can even customize which sites are blocked.
Yes, Family Shield works on mobile devices as well as computers. The simple workaround to bypass OpenDNS's servers, however, is to manually type in the address of another public DNS server, such as Google's servers. If the device is not set to auto-obtain DNS, then Family Shield will not work.
Here's the link to the instructions for setting up Family Shield on your router at home.
EDIT: If you are not the owner of the network and cannot configure the router, you can specify the DNS nameserver for a particular network that you use. Simply follow these instructions and input the the server info for OpenDNS's Family Shield servers (found in the first link). These instructions require you to download an app (unless your phone is rooted), but it looks like that app allows you to choose your DNS even over 3G or 4G data connection! Hooray! Good luck with this my friend.
Use PFSENSE for the DNS. Have it forward to OpenDNS - see here: https://www.opendns.com/setupguide/?url=familyshield
Forcing safesearch:
Until a recent MS update you could simple add a CNAME for google.com and point it to forcesafesearch.google.com ... this was tidy. MS fucked this up though.
You can still use the IP address - but you must ensure you add country specific domains - eg:
216.239.38.120 www.google.com www.google.co.uk www.google.ca
216.239.38.120 www.google.fr www.google.it www.google.es www.google.nl
216.239.38.120 is the IP of forcesafesearch.google.com which is ronseal
OpenDNS has methods for Bing too
Use PFBlockerNG for the rest, I guess, if you need to. Or just add dummy zones for facebook etc to point somewhere useful.
To bypass DNS blocks - have the teacher use a different DNS server.
DNS is only 33% solution, but couple it with a decent terms of use agreement and you should be set at with minimal expertise or fuss
Like /u/Letardic stated, you have to set your router (preferred) or clients to utilize OpenDNS' name servers. It's better to do so in your router, as this means any clients on your network are forced through said DNS.
OpenDNS provides a 'test' site to show if you're truly routed through their servers:
https://www.opendns.com/welcome/
Also, even if you have things configured properly, it can take some time for things to start working -- i.e. you could be perfectly setup, but still able to access 'bad' sites within minutes, or even hours of initial setup.
It would probably be easier to use a different method like a family filter function in your modem router if it has one, or a dns filtering option such as OpenDNS: https://www.opendns.com/home-internet-security/
> IMHO right now OpenDNS is one of the most effective and least impact things you can do to instantly improve the security posture of a network.
I use it at home for kid safe browsing...
But I am curious about how it improves security for the enterprise. Would you mind expanding on that?
Thank you!
Bit late to the party.. BUT.. You could change your DNS settings to a safe DNS. eg. OpenDNS.
If your father doesn't know how to go incognito, then there's no way he'd know how to get around changing the DNS settings on your PC.
Basically, what this does, is if someone tries to enter "www.naughtypornsite.com" or whatever into your browser, the DNS server will say "Can't find it". But everything else will work normally.
https://www.opendns.com/
Read through their webfiltering section. It's a free service. (I'm NOT affiliated with it, but I've used it before for friends/family that had a similar'ish issue to you)
https://www.opendns.com/privacy-policy/
Under Service Usage Information they state that they are collecting >certain DNS, IP address and related information about you to improve the quality of our Service, to provide you with Services and for internal business and analysis purposes."
Which means they are logging you.
Under Tracking Technologies (right below) they state that they are using Tracking technologies such as: >cookies, beacons, tags and scripts are used by OpenDNS and our partners, affiliates, or analytics or service providers (including Optimizely, Google Analytics, Mixpanel, Crazy Egg, New Relic, Inspectlet, Bizo, Google Adwords, Doubleclick, Rubicon, Olark, Bizible, Salesforce, Marketo, Reachforce, Facebook, Google+, Twitter, Disqus, Scorecard Research, ShareThis and Customer.io).
Then >As is true of most web sites, we gather certain information automatically and store it in log files. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.
Even thought they claim they don't automatically link this info to rest of your data, it doesn't really say much.
While nothing here clearly says "we log you and share with Google" they clearly state that they do log and track you and that they are affiliated with other companies who will track you even if it's the last thing they will do.
Have you tried checking what your DNS is set to? Maybe the malware hijacked it.
OpenDNS or Google DNS are both good replacements if you can't figure out how to get back to the default setting from your ISP.
https://developers.google.com/speed/public-dns/?hl=en
I would suggest checking your browsers to make sure there's no add-on, search engine, or homepage still there but since it's in Steam it sounds like something deeper.
Haha, I just checked out this subreddit on a whim, it's weird in here. But I do have an answer for you.
Setup either your computer, or better your router to use https://www.opendns.com/ servers. Then you make an account and your home IP Address. You can then block all sorts of categories of sites.
Since you set it up, it's not impossible to get around, but it might be enough to help you keep off the sites. You can do this for free. If you do it on the router level, it'll block them for everything in the house (that dhcp's DNS servers). Phones, computers, even game systems. As an added benefit, it'll also block bullshit virus spewing sites too.
https://www.opendns.com/home-internet-security/parental-controls/opendns-home/