top | item 47135086

(no title)

In what sense? DNS blockers work generally do they not? Adguard also censors google search results.

I don't see why your kid should be browsing reddit.

I mean even only allow whitelisted sites. As I say this can be standardized further.

These measures I truly believe do not need to be 100% foolproof so long as the hurdle is high enough that children give up it's fine. And these measures could potentially notify a parent of a suspected breach or attempt to game it, without intruding too much into the child's privacy.

discuss

ndriscoll|6 days ago

DNS blockers only work if the device/application is not adversarial or if you also have a smart enough firewall to block DoH, which is designed to blend in with web traffic. Once ECH is widespread, you'd likely need to MitM the device (so you need to install your CA, which is intentionally made very difficult and you might not even be able to do across all apps anymore on mobile devices? At least without enterprise MDM. And as was observed elsewhere[0], apps like spotify can contain a web browser), or perhaps use DNS requests as a trigger to briefly open a default deny outbound firewall.

Things have definitely been converging toward making it impossible for non-corporations to manage the devices they own, the network they run, etc.

[0] https://news.ycombinator.com/item?id=47128069

KoolKat23|6 days ago

This is very interesting thanks.

I agree that ECH is perhaps a stumbling block although as you say MitM, this is indeed possible to pursue considering the whole set up child account on device thing going on with many of these devices.

On the rest of of your points fair enough, but again I ask is it actually proportionate? Are we talking about children or black hats?