Using open source to fight porn

Our daughter was rummaging through a box of memorabilia and found an evelope of photos taken in early 2001, about the time I'd purchased a cool new macro lens. One minute she was flipping through a series of cute puppy pictures and the next minute she's face to face with a set of full-frontal nude photographs depicting...a wolf spider. In fact, the spider was so exposed, the close-up so extreme, that Amy could not bring herself to even handle the photos so as to put them back into the envelope from which they came.

So when I got home I did the manly thing and, judging their scientific value to be near zero, tossed the spider pictures into the trash. When our daughter threw something away later that evening, and then needed to retrieve it, she shrieked again at the vile images that she could not unsee (and I was chastised for merely disposing of them instead of using our new commercial-grade shredder). Is there any possible way to prevent our children from accessing images or content that is disturbing to them or to us as parents? And should that be our sole criteria for judging whether or not we have won the war on porn?

A new Red Hat employee queried an internal e-mail list as to methods of protecting their children from accessing pornography, and through the responses I learned a few things I thought I'd share...

Perhaps the first question to answer is "what is to be protected?" We live in a media-saturated culture where some of the raciest material is to be found in all its pixelated glory of some of the most conservative TV programs (see Fox News Porn). Between the catalogs, newpaper ads, billboards, etc., there's plenty of disturbing material to go around. Indeed, when traveling through the airport with my daughter last year, she had quite a laugh when she came face-to-face with the image of a woman barely dressed on the cover of Cosmopolitan. (She called her "naked-bottom girl" for the rest of the day.) Deciding where to begin has become difficult indeed.

One popular approach is taken by OpenDNS. (Disclaimer: OpenDNS was funded by the former CEO of CNET.) The Domain Name Service (DNS) is the service that translates a URL (such as wikipedia.org) into an actual IP address (such as 208.80.152.2). By using OpenDNS instead of regular DNS, you give them permission to help you with the translation:

• wikipedia.org -> 208.80.152.2
• wikipedia.og -> 208.80.152.2 (it corrects your "spelling mistake")
• playboy.org -> BLOCKED! (if you want to filter out Web sites that serve "pornography" or "nudity")

But they also log every site you visit (part of the bargain of being between you and a "real" DNS server) and there is vigorous debate as to whether OpenDNS should be doing application-level rewrites of network-level requests. People think it is wrong (evil, even) that Google's toolbar does this. And they raised holy hell when VeriSign did this back in 2003. But if you are not bothered by the idea that whatever you type into your browser goes first to OpenDNS.com, and secondly, that when you request Site A, it could transparently and silently take you to Site B as if it were Site A, then it may be an interesting solution. As with any service that collects and interprets such sensitive personal information as your browsing habits, I suggest you read their privacy policy carefully. And you should be aware that OpenDNS is not open source.

If you want a content filtering solution that is open source (because you want to independently verify what is being logged, and you want to independently verify how the blocking choices are being made), you might be interested in DansGuardian. They have an impressive list of users as well as a blacklist you can review, adopt, or ignore. Several of my colleagues said that they use DansGuardian and that it works well.

An even more interesting suggestion was to use a firewall to force all Internet access through a proxy that can log every connection from every client computer. One family reported:

The proxy doesn't have a filter on it, but it does mail my wife and I a daily summary of what each computer asked for and when, so we know what the kids are doing online. And we make sure the kids know that we know.

I must admit that at first I was taken aback by the idea of having this type of access to somebody else's surfing history. But then I asked myself: if I am at all bothered by the idea of parents having such access to their children's surfing habits, how happy am I to be trusting that data with some third party, their supercomputer, and who knows what federal agencies?

Back to the topic of open source. One parent raised the issue that they are quite confident of the security and configuration of their own computer network, but what about the neighbor with the open wireless access point? A little education goes a long way. First, if you see a neighbor has an open wireless connection, suggest that they may wish to close it, as it represents a security problem for you. Second, if they are concerned about being a gateway to inappropriate content, suggest a mechanism whereby they, too, can play a role in filtering the content. OpenDNS might not be the right solution if your neighbor does not agree with their business model, but DansGuardian could be a good alternative. Third, use this as a positive opportunity to discuss with your children the "rules of the road" of Internet use. Those rules could range from accepting real-time oversight (how we do things at our house) to requesting specific permission to access the Internet (the parent turns on the sole wireless router the child's computer is configured to access) to accepting arbitrary monitoring and reporting. Or, do none of the above and study hard for what you plan to do when your child inevitably does access something you find disturbing and inappropriate, not to mention the disturbing and inappropriate things that porn-serving companies like to do to your computers. Worse than spiders, for sure.