Parents are expected to oversee the use of digital devices by their children, but how can they implement this?

In this talk Johannes will give a high-level overview of solutions that can be combined towards a possible solution for parents with an emphasis on open source solutions.

Perhaps surprisingly, at some level, the requirements and solutions for “Parental Control” have a quite lot in common with enterprise “Acceptable Use” controls.

  • Device-level restrictions (Kid’s mode, Kid’s Home, Screen Time, Launcher, device separation)
  • Network-level restrictions (Pi-hole, Netguard Home)
  • Content-level restrictions (OPNSense, intercepting proxy, e2guardian, Squidguard, e2e encryption)
  • Mobile Device Management (MDM) (Flyve, Headwind)
  • Logging, Auditing

My mum took away the television antenna lead, I figured out a piece of flower wire did just fine ;)

Structure

Preamble

  • communication over technical solutions
  • “Vertrauen ist gut, Kontrolle ist besser”
  • all technical solutions can be circumvented
  • all you need is one child in the circle of friends with an unrestricted device
  • attackers always go after the weakest link ;)

Threat Model

  • unfettered access (duration, time of day, type of content)
  • inappropriate content
  • social media (bullying, grooming, etc.)
  • uncontrolled/ intransparent access

Device Access, Management

  • duration limitation
  • time of day limitation
  • app limitation
  • content/ site limitation

Network Access

  • DNS
  • content filtering
  • not breaking “normal” sites
  • VPNs!

Auditing

  • e2e encryption

Findings

  • Clear policy
  • OpenDNS/ Adguard family DNS
  • MDM (flyve, or maybe headwind)
  • OPNSense
  • e2guardian/ squidguard
  • https://pi-hole.net/

Activity Logging

https://github.com/SafeJKA/Kidlogger

Commercial

  • Windows Family Safety
  • Google Family Link for Parents
  • Kaspersky Safe Kids
  • Norton Family Premier
  • Qustodio (paid)
  • AdGuard
  • McAfee Safe Family
  • Bark
  • Heimdall (https://www.xda-developers.com/heimdall-free-parental-control-app/)
  • Google Family Link
  • ScreenTime (Google Play, paid)

Pi-Hole

  • Pi-hole
  • https://github.com/AdguardTeam/AdguardHome
  • https://github.com/AdguardTeam/AdGuardHome/wiki/Comparison

App Lock

  • https://geekflare.com/parental-control-apps/
  • https://github.com/gihankarunarathne/Parental-Controller-Android (7 years old)
  • https://github.com/bioverflow/Dobermann
  • https://github.com/Toolwiz/ToolWizAppLock (5 years old)
  • https://github.com/singhpk89/AppLocker (5 years old)
  • https://github.com/balrampandey19/AppLocker (3 years old)
  • https://github.com/EspoirX/AppLock (chinese)
  • https://github.com/iammert/AppLocker
  • https://github.com/nsacyber/AppLocker-Guidance

Launcher

  • https://github.com/betterclever/flawnkid
  • https://github.com/eltonkola/kidztv
  • https://github.com/OpenLauncherTeam/openlauncher

Device-level DNS whitelist

  • https://github.com/AdAway/AdAway
  • Blokada
  • https://github.com/hexene/LocalVPN
  • AFWall+ (root)
  • https://github.com/M66B/NetGuard

Proper VPN

disable all network unless going through dedicated VPN

Youtube

  • https://github.com/TeamNewPipe/NewPipe
  • https://github.com/ram-on/SkyTube

Smartphones for kids:

  • Hand-me-downs
  • Moto G7 Play/ Power!!! (ca. 85GBP)
  • Galaxy S8 (ca. 85GBP)
  • Nokia 6.1 (70GBP)
  • Moto E6 Plus
  • Xiaomi Redmi Note 8T
  • Galaxy J3, A5, A50
  • Huawei/ Honor?

MDM

  • Headwind! (https://github.com/h-mdm/hmdm-server, https://github.com/h-mdm/hmdm-android) (apache, 10 stars, cloud-based, 3 device limit, lots of more features in paid version)
  • Flyve! (no mention of source on website, looks good, GPL, has github repos)
  • Relution (up to 5 devices, up to 5 native apps, cloud-based)
  • https://github.com/micromdm/micromdm (apple only)
  • https://www.knowledgenile.com/blogs/open-source-mobile-device-management-tools/
  • https://cloudsmallbusinessservice.com/blog/top-5-free-and-open-source-mobile-device-management-software-solutions-98311.html

Transparent proxy, proxy firewall, intercepting proxy

  • OPNSense (fork of pfSense)!!! this is the way to go!
  • pfSense! (monowall fork)
  • Sophos XG Home (free)
  • IPFire
  • Untangle (paid? next-generation filtering)
  • zorp
  • VyOS?
  • ClearOS?
  • https://github.com/TechnikEmpire/CitadelCore

Content filter

  • https://github.com/e2guardian/e2guardian !!

  • squidguard
  • sensei content filter (free edition)
  • https://www.diladele.com/licensing.html (commercial)
  • privoxy??
  • nextdns??
  • ufdbguard (freemium)
  • https://www.urlfilterdb.com/products/ufdbguard.html
  • https://github.com/diladele/websafety (requires a license)

Updated: