Planning to do some development in this area, may be a package similar to AdBlock, I would like to get some feedback regarding expected functionality, in a series of questions/answers to/from the community.
First of all: Should the policy (blocked domains, web access schedule, etc.) be individual for the controlled device (laptop, PC etc.) OR or to be individual to the user ?
In case, policy is individual to connected device, this will also cover connected TVs etc. But the controlled device should not be handled to another person.
Policy, individual to the user, would need some identification, i.e. similar to a captive portal. Allows a shared family PC, but does not handle a device like a TV.
I find the idea of captive portal approach interesting, but I am not sure if there will be demand for it. I mean I belive these days most kids have their own devices or share devices among themselves (in which case they all probably require similar amount of control).
Actually, I am only talking about devices, connected to the WiFi of the openwrt router. So, to go to the web, every user has to log-in on the captive portal, like in a public hotspot. And according to the log-in, the corresponding, pre-defined profile applies. I.e. Tom, 6 years, will get no access to facebook, and no access to porn sites. However, Mary, 16 years, is allowed to use facebook. Whether the device using the openwrt router, is private or shared, then does not matter.
As mentioned, this method will not work with TV via WiFi, for example.
I am very acquainted to the methods to be used. I.e. on commercial basis, I did several hotspot projects, always using coova-chilli, which is the most advanced, and complicated tool for the captive portal. And I did few clones of openDNS, for various WISPs, who do not want to pay for a commercial license of openDNS.
So the kernel of parental control I have already. But I do not want to waste my time going into the wrong direction, regarding the usage.
AFAIK there are quite a few devices on the market, using WiFi, which will not be able to do a login via captive portal, like TVs, speakers. But in case the parental control is device based (MAC), this is a non-issue.
BTW: This parental control can do ad-blocking, too, of course.
Unfortunately, based on the amount of feedback, it looks like this topic "Parental Control" is not very interesting. Although quite a few commercial products on the market ...
I think the lack of response is because the question was posted in one of the most hidden corners of the forum, plus most users come here if they have issues.
If everything works as it should, they probably don't read/google it.
I too think it's a good idea, even though my kid is soon to old for the tools box you're describing.
This stuff works ok sort of... But its easy to wind up with exceptions. My kids have no access during such and such hours but now their teacher assigns some homework so I have to bypass all my controls anyway. Or there's a kindle book I want them to have. Or they want to video chat with a friend who is only available at certain time. Or they need to access some website houseofdicks.com because it's actually about Richard Nixon and it's legit for a school project or whatever. It's almost more trouble than it's worth... Almost. I'd suggest rather simple stuff and then an easy web page where you can click a button and do a 15, 30, 60, or 120 minute bypass. The bypasses are always the annoying part and there is just no way to go without them.
Note please don't click that link thinking it's about Richard Nixon I just made that up and never went to that site so I don't know where it goes
I'd rather have a device based set up, with or without grouping, so I could easily block all the
devices jr have access to (phone, ipad, PS4 , laptop whatever ....)
What dlakelan wrote is also important - the possibility to increase by fixed values, or X mins, applied on device and/or group.
Site black list would be good to, but those would have to be maintained, unless there
are domain lists you could subscribe to. A disable/enable switch is probably a must here.
For my family usage , I would prefer MAC (device based). Mostly because that is what I am most familiar with. My kids are still quite young and if they had to periodically type a password into a captive portal they would be furious with me.
While I admit that the idea would be useful for some (or more during these troubled times) it won't work for the majority on the long run. The only good "Parental Control" is a android/IOS app that should also work when connected to public hotspots or mobile data.
Mobile and laptop devices can use MAC randomization for privacy, and this tendency is likely going to escalate in the future to be enabled by default.
Thus, although you can provide MAC-source based restrictions, you should consider using a separate SSID to make it reliable.
Client OS and browsers can use encrypted DNS, and in many cases this is already a problem to restrict client devices to exclusively local DNS.
So, content filtering that solely relies on DNS cannot be considered reliable nowadays.
Your args are valid, but I do not agree on your conclusion. Yet.
...in many cases this is already a problem to restrict client devices to exclusively local DNS....
In which cases ? Chrome and FF both provide methods to avoid encrypted DNS. Which is very "suspect" in corporate environments. Or schools. Or ...
