For those homeschooling teens online - I found a great distance learning high school with online curriculum which will work well, since we travel a lot, but how do you keep your teens from wandering around on the net without sitting next to them for hours daily? I know I can block individual sites, like Facebook or Hulu, but they can always come up with another site I didn't think of - any suggestions? I know, trust my kid, but she's already proven time and again to be unable to resist this.
While OpenDNS has proved to be very useful, in many cases it can be as frustrating an experience for the family as other methods.
Strickly speaking, there isn't such a thing as a canned solution that does what everyone wants, everytime. Notwitstanding the fact that each family has different needs, the actual solution lies in how much effort the family is willing to put in, and from what perspective - whitelist, or blacklist.
With a blacklist approach, such as the hosts file method I wrote about above or OpenDNS, You start by blocking sites, and build from there. Many families are eventually simply overwhelmed by this approach, as their children (succumbing to temptation, as Elizabeth points out above), begin to find end runs around the policies in place (They will indeed discover anonymous proxies through unblocked sites like http://www.publicproxyservers.com/proxy/list1.html and many more).
Hey, kids are smart, and eventually, they're going to be smarter - that's why we put them in school, so they can eventually become smarter than us :)
With a whitelist approach, it may seem, and indeed things do start out much more brutal for the kids: "Here is your school workstation. You can visit site X, Y, and Z, and if you need more access come let Daddy know and I'll add them.
The problem with most whitlisting methods is it requires frequent intervention in the beginning on your part, yet it is inherently easier to administer once you establish the sites your kids really need to visit.
The problem with the OpenDNS approach (if you're whitelisting or blacklisting, as OpenDNS does indeed have whitelisting capabilities), is simple: No one should connect their machines directly to your DSL or cable modems, etc. That means that you need a home router most people use the wireless variants nowadays) to add that extra shield between you and the 'bad people' who are looking for ways to subvert your systems and/or identity.
Not only that, but to connect more than one machine to the Internet, you either have to have all the other machines go through the one that is connected, or connect those to the router. Most homes use the wireless router.
The wireless router, has DNS settings. Those DNS settings are typically configured by your ISP when you plug the router into the DSL or cable modem. All the machines on your home network will use those DNS settings, unless you manually configure them otherwise.
Here's the rub, if you configure OpenDNS DNS servers on the router, then all of the machines on your home network are subject to the blanket rules. OpenDNS has provided for this scenario, so read up on their excellent docs.
It's actually very easy to set up an individual PC to use OpenDNS, and that is what I would recommend, but again, everyone who uses that machines is subject to the same policies. Hmmmm...
Okay, Here's a suggestion, since many folks are going to want to use the blacklisting capabilities of OpenDNS, along with something much more effective (and comprehensive) for some workstations.
For your student's machine, set up two login accounts for them:
A.) The school hours account (can login anytime) --
With this account you install the excellent ProCon Latte plug-in for Firefox, and completely disable IE, and Chrome (You may wish to find similar solutions for them as well). You can get ProCon Latte here: https://addons.mozilla.org/en-US/firefox/addon/procon-latte/
Login to the school account, and configure ProCon Latte's whitelist capabilities, add their school sites, and any other sites they may have to link to - you can wild card sites as well, providing more flexibility. Once you are finished and have verified that you can get to all of the sites they need to during the school day, you're done (less than ten minutes).
Occasionally, you will need to add a site - no need to go to a firewall (like I do), or add a whitelisted site to squid (running as a transparent proxy on the firewall) or safesquid (running on the windows machine itself), you simply walk over press CTRL+ALT+P or click on a button, enter your parental password, enter the site, and your back to making sandwiches for lunch again in litterally ten seconds!
This might go on occasionally for a week or two, and then all sites will be added.
B.) The after-school account. --
Combined with any blacklisting capability you decide upon (Or none, they're out of school now!), this account is restricted only by the hours which they are permitted to logon!
So they can't visit pokemon sites before 3:30pm because the after school acount is disabled until then.
Now, This is not only VERY EFFECTIVE, but very easy for the kids to understand. School is work, so you login to your work account during working hours and when you're finished, you login to your personal account.
I need to use Internet Exploder, FireFox, and Chrome. What should I use? --
If you prefer to use a different browser, try googling ie whitelist or chrome whitelist for starters. If you really need to have access to all three or more, like Safari or Opera, you need a centralized solution like that which SafeSquid - It runs as a service on windows, and supports blacklist filters, custom filters, whitelisting, etc. It does it all on a single machine.
It is good stuff, but it is horrendous to administer and it feels like one big kludge until you get the hang of it. I perform SafeSquid installations for my clients about three times a week. They have live chat support, and will walk you through many aspects of the configuration.
For more information on SafeSquid, visit http://SafeSquid.com
So to wrap it up, OpenDNS blacklist configs on your childs PC, and two login accounts - one for school only and one for regular access - along with ProCon Latte configured in the school account for whitelisted access, is a very easy, and incredibly effective solution to keep your kids out of facebook and pokemon sites while they're in school.
perhaps I'll do a future write up on Chat/IM programs and what you can do to lock those down.
I hope that helps,
Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.