I have been busy for a while figuring out just how much freedom and control I need to use to keep my children from harm from the online world.. after all I know how much trolling is going on and how much hate is being generated/amplified there.
At the same time I am still that blind optimist that believes as long as people talk to each other eventually the good guys will pravail and win because they work together.
Now, with facebook and google using smart algorithms mining big data that they generate from millions of hosts and applying that with addiction-generating systems that generate revenue.. I must admit that is a) very smart, b) a dick move and by all means c) unacceptable if it happens on the back of innocent, uncorrupted and ignorant beings (namely my children)

so I have been using google family link to control the devices of my kids for a while now.
I don’t care what websites they use and who they chat with, they need to learn that some people don’t want to be your friend themselves.
But I have created a blacklist that contains three words:
– youtube
– instagram
– facebook

these three started out wonderful and creative and are now what McDonalds feels like. Fat, lethargic and only interested in making more money. In my eyes they don’t exist anymore but I realize how much the peers of my children are pushing them back and always back again into these platforms.
Everyone who knows a bit about data mining will understand that even without a facebook account, the fact that 5 of your friends have one and they have your number in their address book, that facebook app has access to that address book (to help you “find your friends faster”) and that they get location and demographic information about you by banner ads and tracking cookies that are sent to your device will pretty much tell them all about you without you having an account. It is highly efficient and super scary.

So… while I can more or less control the mobile devices I can not do this for the PC at home.
Also I was looking for a time keeper to control how many hours they are busy.
(Again.. I don’t care if it’s music videos, reddit or minecraft.. but there has to be a balance)

Also laptops can be carried to the neighbors, so installing a pi-hole or DNS blocklists won’t work once they are at the neighbors, whos mother things I am paranoid (I am!) so.. another solution was needed. > see below

It comes in multiple stages.

For the network: (Fritz! Box)
They have a access profile that you can use for that – under parental controls
I added those to the blacklist and added it to the access profile of the SmartTV and the AppleTV and all devices that they use (switch, xbox, tablets, mobiles, etc..)

https://en.avm.de/service/fritzbox/fritzbox-7590/knowledge-base/publication/show/3344_Blocking-YouTube-in-the-parental-controls/

For mobiles: (Android only – although I am sure Apple has similar)
– google family link – create parental account and child account
– restrict all PG/R rated stuff (get rid of that once they are 14)
– restrict all browsers except chrome (otherwise the blacklist won’t work)
– restrict all new software installs / parental approval needed
– blacklist URLs/domains for chrome – block insta, facebook, youtube by keyword
– restrict time by hours / day and bedtime (no activity after 21:00 and before 06:00)

the parent app can create “single-use” keys that disable the restriction for a day, so if they can explain to me why they used the phone for 3 hours for school reasons (the school has a e-learning app) – I can see that in the “usage” overview and send them a code to disable for the day.

the same works for the nintendo switch – it is set to lock after one hour during week and 2 hours in the weekend > I can disable it remotely using my phone for a day (switch parental controls) – also there.. don’t care what exactly they play (as long as it is not rape simulator 2020 or whatever it is these days…) just the time matters.
https://www.nintendo.com/switch/parental-controls/

For the PC: (Windows/Ubuntu)
– there are timekeeping and app tracking apps that are super-scary, like.. I really don’t want to think about the poor children who have to have their parents whitelist every single contact they want to email with – but I want to know if you used the 2 hours for minecraft or for school or for videos.
So – Windows parental controls – track app usage and time. Also bedtime.
https://support.microsoft.com/en-us/help/4028244/microsoft-account-set-up-screen-time-limits-for-your-child
Ubuntu: Timekpr-next (had been deprecated twice, this is the most recent version)
https://launchpad.net/timekpr-next

And for the last part.. how do I block those sites without using the WLAN router and a DNS profile that can be bypassed easily by going to the neighbor?

> enter the hosts file. (Ubuntu: located in /etc/hosts and windows: Find it in \Windows\System32\drivers\etc\hosts )

I will upload the file here but it basically forces static DNS resolve addresses that point to 0.0.0.0 or 127.0.0.1 or whatnot.. something that is NOT the Internet.

0.0.0.0 apps.facebook.com
0.0.0.0 connect.facebook.net
0.0.0.0 facebook.com
0.0.0.0 fbcdn.com
0.0.0.0 fbsbx.com
0.0.0.0 fbcdn.net
0.0.0.0 graph.facebook.com
0.0.0.0 login.facebook.com
0.0.0.0 s-static.ak.facebook.com
0.0.0.0 static.ak.connect.facebook.com
0.0.0.0 static.ak.fbcdn.net
0.0.0.0 www.connect.facebook.net
0.0.0.0 www.facebook.com
and so on .. there are people on reddit that make a list.. it is still changing so don’t assume this will work forever.
hosts <– grab the entire file here

Also if your kids learn how DNS and networking works (and they manage to assume root) you can’t do much here, either.. but I kinda dream of the day being pwn’d by my daughter.. so I’ll allow it.