the DNS filtering works on chrome. yes, people can bypass it, but it doesn't even work on firefox, so they remove firefox. this isn't rocket science, and you're being foolishly contrarian instead of trying to understand what the original commenter's actual situation is. this leads me to believe that you are hypothesizing about work you don't do, but feel perfectly qualified to talk about "half assing" things.
close04|6 years ago
Perhaps because he's describing 2 different situations. One where "some schools" are removing Firefox, and one where it's not an option for him because of BYOD. Uninstalling Firefox is exactly the solution he can't apply. So I still maintain that the other schools that fully control the clients could have applied a proper fix faster and cheaper than any uninstall. It's one line in a config file [0], already linked above.
All your replies are gratuitously aggressive and insulting. That's not a good way to contradict my solution that works, is simpler and more future proof than uninstalling browsers with DOH.
Eventually all browsers will have DOH, you can't uninstall them all. And leaving a browser unmanaged and at the mercy of a student is not an option since requiring 2 extra clicks to bypass the filtering isn't a solution. You need some form of management either way.
I already gave you a solution that's better than removing the browser and "cheaper" than having to manage Chrome with GPOs (not a high bar). Insults won't change that.
[0] https://dxr.mozilla.org/mozilla-release/source/modules/libpr...
simondedalus|6 years ago
of course, you would need to do more in chrome (and windows/osx/ubuntu generally) to stop traffic to a site if a student knows what they're doing. that's not the point. the point is: we have this control in place. we've agreed it's working well enough. people can bypass the control simply by using firefox. to avoid adding overhead, we ditch firefox (for now). it's that simple.
as for future-proofing, that's a luxury. ...and part of why it's a luxury is that some goals ("make all traffic to any porn sites impossible on our school network") just aren't going to be met by budget IT.
re: BYOD, for that i go over to the armchair tech purist side i'm afraid, and just say "well, you allow that, so you need to get over that they can use VPNs and stuff. you're not DOJ or some wealthy corporation with important IP assets and equally 'important' VIP execs that insist on bringing their OSX 10.6 MBP to work. you don't get to have all the cool controls that might allow BYOD. sorry."