New emoji for 2020

as a part of Unicode 13 we will soon have the universal emoji for “network engineer” – among many others (see: emojipedia)

“network engineer” – obviously a typo
2020-emojipedia-sample-image-collection
full list at emojipedia

but my personal favorite is this one:

it’s short for “speak italian”

DNS based parental controls (ghetto way)

so parental controls are needed for some people.. or frankly.. sometimes you just can’t hide from all this porn and stuff that you rather would prefer not to have seen afterwards. However only Apple has a properly working solution, and that’s user based, anyway… so how to do this for windows, apple, linux, mobile phones, TVs, etc etc etc.. in a home?

For the android mobiles I have family link, Apple devices have solid parental controls but Windows/Linux is either expensive or.. well. do it yourself :)

I decided to do three things: 1) change DNS resolver on the home router and 2) manipulate the laptops using CNAMEs to force them to enable safe search (as you can still see smut when using google/bing/youtube and disabling safe search). Step 3 was rolling out Google Family Link on the mobile devices.

Step 1: DNS resolver.

Easy. Go to openDNS and search for “family shield” – their DNS resolvers have not only security filtering but also parental controls enabled.

Put those into your router instead of the ones provided by your ISP. That works well. I have not found a way to do this with IPv6, though.. the open DNS resolvers for IPv6 do work but I could not find them for family shield, help?

router settings
finished result

Step 2: Google image search still finds smut.

Let’s adjust that, too ;)

https://support.google.com/websearch/answer/186669?hl=en

same for bing: CNAMEs for google/bing/youtube. I was not aware this exists but you can force the safe search setting by pointing www.google.com (and every other country needed/used) to the IP of forcesafesearch.google.com in your hosts file (or DNS server / DHCP relay) – in my case: just /etc/hosts

the same goes for strict.bing.com, youtube, yahoo, duckduckgo and youtube.com – just create CNAMEs / hosts entries as indicated here based on where geolocation/anycast sends you to.

so from this:

#ping strict.bing.com
 Pinging a-0017.a-msedge.net [204.79.197.220]

#ping restrict.youtube.com
 Pinging restrict.youtube.com [216.239.38.120]

(alternative: restrictmoderate.youtube.com - have not tested this)

#ping forcesafesearch.google.com
 Pinging forcesafesearch.google.com [216.239.38.120]

#ping safe.duckduckgo.com
 Pinging safe.duckduckgo.com [52.142.126.100]

you create this:





216.239.38.120 www.google.com #forcesafesearch
216.239.38.120 google.com
216.239.38.120 google.de
216.239.38.120 www.google.de
216.239.38.120 google.nl
216.239.38.120 www.google.nl

216.239.38.120 www.youtube.com #restrict.youtube.com
216.239.38.120 youtube.com
216.239.38.120 www.youtube.de
216.239.38.120 youtube.de
216.239.38.120 www.youtube.nl
216.239.38.120 youtube.nl

216.239.38.120 youtube.googleapis.com #restrict.youtube.com
216.239.38.120 youtubei.googleapis.com
216.239.38.120 www.youtube-nocookie.com
216.239.38.120 youtube.googleapis.de
216.239.38.120 youtubei.googleapis.de
216.239.38.120 www.youtube-nocookie.de
216.239.38.120 youtube.googleapis.nl
216.239.38.120 youtubei.googleapis.nl
216.239.38.120 www.youtube-nocookie.nl

204.79.197.220 www.bing.com #strict.bing.com
204.79.197.220 bing.com 
204.79.197.220 www.bing.de
204.79.197.220 bing.de
204.79.197.220 www.bing.nl
204.79.197.220 bing.nl

216.239.38.120 yahoo.com #redirect to safe google
216.239.38.120 www.yahoo.com
216.239.38.120 yahoo.de
216.239.38.120 www.yahoo.de
216.239.38.120 yahoo.nl
216.239.38.120 www.yahoo.nl

52.142.126.100 duckduckgo.com #safe.duckduckgo.com
52.142.126.100 www.duckduckgo.com
52.142.126.100 duckduckgo.de
52.142.126.100 www.duckduckgo.de
52.142.126.100 duckduckgo.nl
52.142.126.100 www.duckduckgo.nl

(YAHOO DOESN’T OFFER THIS SERVICE SO WE JUST REDIRECT TO GOOGLE. THEIR FAULT)

the internet just got a lot more funny :)

Step 3: Mobile Phones/Tablets

Kids are smart. they will find out that using 4G they bypass the filters that we just created. So I can only recommend Apple’s parental controls, they are solid and can be fine-tuned but they are per-device. Google has a different framework called Family Link.

It takes control over the phone, allows you to set limits for use, bedtime, app installs, filters for browsing, force safe search, etc..etc. – also works well for Apple. It also forces you (the parent) to link to the family as “Admin” so you will be asked questions for app installs, can approve and reject, keep track how much time was spent on what app, set limits per app, etc.

Step X: moving on

Please. for the love of god: Take a moment and explain to your kids why you do this. Make them understand that there are people out there without good intentions. That you are protecting them for their own good and that these restrictions will be dropped when they turn 13/16/18 years old – make a plan and PLEASE tell them that you are able to track that phone. Be transparent and they will be, too when they grow up. Also: they will trust you. If you disagree with me please watch the “Black Mirror” episode “Arkangel”

sources:

  • https://www.leowkahman.com/2017/09/11/enforce-safe-search-on-google-youtube-bing/
  • https://support.opendns.com/hc/en-us/articles/227986807-How-to-Enforcing-Google-SafeSearch-YouTube-and-Bing