This is the right way to go. Teach, don't block. You fuck up your relationship to your kids if you force them to keep secrets from you and constantly "fight" against you. Because trust me, that's how it'll end up.
It doesn't. I have a whitelisting transparent proxy for my primary school-age kids. It's not controversial and they don't attempt to get round it or rail against it. If they want something they ask. If I say no (and explain why) they accept it. They're interested in internet safety and we discuss it frequently. Teaching vs blocking is a false dichotomy.
As they get older I'll remove it in stages: blacklist, logging only, then direct access with no proxy. The opening up will be done when it seems appropriate and in full discussion with them. I don't have a schedule for it.
When they're old enough to have phones I can initially give them managed devices with always-on wireguard and the same transparent proxy. (I've tested this setup and it's not circumventible without wiping the device.)
The claims often made on hn about this stuff, that:
* Kids will resent any attempt to limit their access, and
* Kids are NSA-level hackers who will circumvent any attempt at limiting their access.
are empirically false, at least in my experience so far. I expect they become more true in the teenage years but that's when things can start to open up.
Even if the restrictions have to be entirely dropped or become irrelevant the second they enter senior school, they've already benefited a lot from this over the years.
The other argument, that other kids will have phones etc so there's no point, is just an abdication of responsibility. I feel like I should do my best here, whatever everyone else is doing.
The one thing that is true is that it's quite technically demanding. A managed phone with an always-on wireguard connection to a network with a transparent ssl-bump mitm proxy and a domain-based whitelist with an admin UI to browse logs and block/unblock domains is not an easy thing to set up.
It's possible, though, and it has value. It should be much easier.
> * Kids will resent any attempt to limit their access, and
> * Kids are NSA-level hackers who will circumvent any attempt at limiting their access.
There's plenty of people in their mid-20s now on HN who have been the kids, either working around their parents restrictions or their friends parents restrictions. I had an internet enabled phone as a 12 year old in 2004, so it's not a post-iPhone kid experience only.
And yes, parental control software has got smarter to not just be a matter of changing your DNS or using an alternative browser, but tunneling over SSH still defeats much of it, and yes the audience here is more tech savvy, but there's a hundred new web based proxies that open up every day that your chosen solution may not be up to date on blocking - whitelists avoid that but it's something a lot of people here are opposed to on moral grounds once kids reach a certain age. Certainly if you let them go out unsupervised that's not enforcable, and honestly you should be able to let a 12 year old go out unsupervised.
We teach and re-enforce. Blocking is the result of failing to respect the established terms and losing the privilege until we have re-established them.
It's really that simple.
In the case of NextDNS its less controlling what they see, we're not naive about that - but more about ensuring their safety and well being.
omnicognate|4 years ago
As they get older I'll remove it in stages: blacklist, logging only, then direct access with no proxy. The opening up will be done when it seems appropriate and in full discussion with them. I don't have a schedule for it.
When they're old enough to have phones I can initially give them managed devices with always-on wireguard and the same transparent proxy. (I've tested this setup and it's not circumventible without wiping the device.)
The claims often made on hn about this stuff, that:
* Kids will resent any attempt to limit their access, and
* Kids are NSA-level hackers who will circumvent any attempt at limiting their access.
are empirically false, at least in my experience so far. I expect they become more true in the teenage years but that's when things can start to open up.
Even if the restrictions have to be entirely dropped or become irrelevant the second they enter senior school, they've already benefited a lot from this over the years.
The other argument, that other kids will have phones etc so there's no point, is just an abdication of responsibility. I feel like I should do my best here, whatever everyone else is doing.
The one thing that is true is that it's quite technically demanding. A managed phone with an always-on wireguard connection to a network with a transparent ssl-bump mitm proxy and a domain-based whitelist with an admin UI to browse logs and block/unblock domains is not an easy thing to set up.
It's possible, though, and it has value. It should be much easier.
Macha|4 years ago
> * Kids are NSA-level hackers who will circumvent any attempt at limiting their access.
There's plenty of people in their mid-20s now on HN who have been the kids, either working around their parents restrictions or their friends parents restrictions. I had an internet enabled phone as a 12 year old in 2004, so it's not a post-iPhone kid experience only.
And yes, parental control software has got smarter to not just be a matter of changing your DNS or using an alternative browser, but tunneling over SSH still defeats much of it, and yes the audience here is more tech savvy, but there's a hundred new web based proxies that open up every day that your chosen solution may not be up to date on blocking - whitelists avoid that but it's something a lot of people here are opposed to on moral grounds once kids reach a certain age. Certainly if you let them go out unsupervised that's not enforcable, and honestly you should be able to let a 12 year old go out unsupervised.
supernovae|4 years ago
It's really that simple.
In the case of NextDNS its less controlling what they see, we're not naive about that - but more about ensuring their safety and well being.