logoalt Hacker News

mikestorrentyesterday at 7:30 PM8 repliesview on HN

I agree with you, as a longtime free speech believe.

but... I would also like to keep my kids from seeing the very worst of the internet before they're ready to handle it. I tried using a PiHole but Firefox DNS-over-HTTPS nullifies that now. It's not realistic for me to be watching over their shoulders 24/7; what can I do to keep them away from stuff 99% of people agree isn't for children to see, without something like this?

Replies

Benderyesterday at 7:45 PM

Unbound DNS if compiled with --with-libnghttp2 can listen for DoH and your Unbound/Pihole can forward to any destination you desire. This is what it looks like on my firewall:

    # https://doh-int.mydomain.net/dns-query
        interface: [ip of lan port]@443
        interface: [ip of wifi port]@443
        https-port: 443
        http-max-streams: 220
        tls-service-key: "/etc/unbound/keys.d/unbound_server.key"
        tls-service-pem: "/etc/unbound/keys.d/unbound_server.pem"
Null routing the open DoH resolvers is just having a startup script that reads a list of all their IP addresses and

    ip route add blackhole "${IP}" 2>/dev/null
People will argue that DoH can run on anything which is true but all the major resolvers will always use dedicated IP addresses as to not risk blocking CDN end points.

If the childs account is not able to gain admin privs then their ability to change settings can be disabled.

show 1 reply
trinsic2yesterday at 11:13 PM

Support getting rid of Citizens United and support your representatives to support enforcing antitrust.

This is the main problem that needs to be addressed. Everything else is just a byproduct of it. If you support the by product of what was created by conditions that are not being address, you only make the problem worse.

grim_ioyesterday at 7:39 PM

Well, you can't.

Like no past generation could stop their kids.

show 2 replies
fhnyesterday at 8:28 PM

You but them smartphones, tables, laptops, and internet access and then complain there is too much access?

show 1 reply
catlikesshrimpyesterday at 7:50 PM

If your kids are in the smart 1% who can bypass your authority, they will. Be proud. For the rest, we don't need a police atate

malickayesterday at 7:38 PM

You could block the default DoH services for Firefox, I reckon.

shevy-javayesterday at 8:51 PM

You describe a use case for you. That's fine.

Here we talk about use cases for EVERYONE. I don't see how your use case is fine for me, because I personally do not agree with it on any level at all whatsoever. You believe in restriction. I don't. There is no common ground here.

> It's not realistic for me to be watching over their shoulders 24/7

Is this your job? At which age will you stop monitoring them?

> what can I do to keep them away from stuff 99% of people agree isn't for children to see

99%? Where do you get those numbers from?

Besides, what stuff anyway? Even then the issue isn't about your kids. It is about laws for EVERYONE.

cyberaxyesterday at 7:50 PM

> what can I do to keep them away from stuff 99% of people agree isn't for children to see, without something like this?

Nothing. VPNs exist (including free ones), some of classmates will have unlocked devices, etc.

Next question?

show 2 replies