The Loomiverse

Ok, so at 2 years old, my daughter isn’t exactly surfing the web yet.  But I have been thinking about how we’re going to deal with the safe internet usage thing when she does.  More generally, how will we deal with the reasonable amount of time on the computer thing.

The Australian governments recent Clean Feed internet trials have also got me thinking about exactly how the tools that are supposed to be there for users actually are.

Like many workplaces, mine implements web and spam filtering software and firewalls which very rarely actually get in the way of me doing my job.  Of course, I also know how to completely bypass them when they won’t let me look at www.2600.com because it’s a hacking site.  Or spend more than an hour on other sites because the filter thinks that they aren’t work related.

The plan

About four months ago, I switched from a Linux based laptop to a MacBook – that is probably the subject of a blog post in itself – suffice it to say that I am now happily using OS X 10.7 which happens to include what appears to be a decent set of parental controls.  Today I decided to switch them on, and subject myself to “Parental Control”

Of course, it isn’t as easy as simply turning the controls on, setting the defaults and leaving it at that.  Aside from seeing what it is like to live in a restricted environment, I still need to be able to do work at work – and while that doesn’t necessarily mean a local admin account on OSX, it does mean I can’t use some of the more interesting Parental Control features.

The setup

With the above in mind, I have set up 3 accounts.  My original “Loom” account, a “Loom at Work” and a “Parent”.  I have also created a dedicated email address for the Parent account, and configured Mail accordingly.  The “Parent” account is the only member of the Administrators group, and is used to manage Parental Controls for the other accounts.  The “Loom at Work” account is standard user account that is restricted to logging in between the hours of 7am and 6pm Monday to Friday.

The “Loom” account is much more restricted :

• The set of usable applications is limited to Parental Controls default
• The dictionary profanity filter is turned on
• The automatic adult website filter is turned on (I tried the restrict to a limited set option, but it was too painful)
• Mail and iChat are both limited to approved contacts only.
• I am limited to 3 hours per day computer time on weekdays and 4 hours per day on weekends
• “Bedtime” is set to 10pm-7am for “school-nights” and midnight-7am for weekends

Since I also have the password to the Administrator account, it is easy for me to change these settings if I want to, my intent is to change them only if I need to.

Using applications

If something is on the approved list, it will run, if not, I get prompted to allow it to run once, or to be permanently added to the allowed applications list.  My intent is to use “Allow Once…” the first time I receive this message for an application and “Always Allow…” should I receive them regularly.  I expect that the list of approved applications should settle down after a few days.

Mail and iChat approval

The list of approved contacts is empty to begin with.  Every time an email is sent to or received from an address not on the list, an email is sent to the admin account to request approval.  This email includes the full text of the one to be sent or received.  Again, I intend to approve all contacts.  I’m only bothering to do this to get a feel for the process.

Time Extensions

There is provision for the Parent to allow logins beyond the imposed time restrictions.  At this stage I am not planning to allow any activity outside of the restrictions, the exception will be allowing the “Loom at Work” account to log in if needed.

The experience so far

After 3 hours, the only issue I have found is that the content filter blocks all https traffic to domains which aren’t explicitly added to the whitelist. When the domains in question are embedded in other pages, the popup “get an administrator to approve this” button doesn’t work, and the preferences pane is needed.

More significantly though, the idea of blocking all secure traffic because it is secure bothers me.

Where to next

A day is hardly enough time to draw conclusions, I hope to have more to report in a day or two.

Possibly Related Posts:

• Parental Controls – Wrapping things up
• Parental Controls and XCode
• Parental Controls – First Impressions
• Configuring Asterisk – Part 4
• Configuring Asterisk – Part 3