Cloudflare Launches a DNS-Based Parental Control Service (bleepingcomputer.com) 58
Cloudflare introduced today '1.1.1.1 for Families,' a privacy-focused DNS resolver designed to help parents in their efforts to safeguard their children's online security and privacyââââââ by automatically filtering out bad sites. From a report: This new tool makes it simple for parents to add protection from malware and adult content to the entire home network, allowing them to focus on working from home instead of worrying about their kids' online safety. "1.1.1.1 for Families leverages Cloudflare's global network to ensure that it is fast and secure around the world," Cloudflare's CEO Matthew Prince said in an announcement published today.
DoH (Score:3)
The DoH endgame is this. No more distributed DNS
Re: (Score:3)
Except for now, DoH is how you get to bypass Cloudflare's filter. It's an ironic time to announce a DNS-based web filter.
Re: (Score:2)
Isn't the default DoH server Cloudflare?
Re: (Score:3)
DoH iand DNS as your OS uses them aren't distributed.
Sure DNS itself is a distributed database, but the stub resolver your OS uses is too dumb to actually do that. Instead, the stub resolver talks to a recursive resolver that then queries through the DNS hierarchy for the address, the result is returned back to the stub resolver.
All DoH does is replace the stub resolver your OS ships with and the recursive resolver it uses with another stub and recursive resol
Re: (Score:2)
Yeah, one that's baked into the browser, not one the local admin chose. No thanks.
Re: (Score:2)
DoH is a protocol to query DNS servers which support it.
How distributed the DNS system is depends entirely on who is providing the DNS service and where they are getting their data from and is completely unaffected by how you chose to query your DNS system of choice.
Of choice. You know choice? Like how 100% of DoH implementations to date offer you the ability to enable, disable, choose custom servers, or even set domains to bypass this functionality? Additionally DoH is configurable to use whatever server y
Women and children hit worst (Score:3, Insightful)
Amimojo's earlier submission of the same advertising for Cloudflare [slashdot.org] complained about "some LGBT sites" being blocked, while "Nazis" aren't...
The particular set of examples is, of course, ridiculous. Still it shows, once again, how such things can be dangerous. All it takes is for government to mandate the use of such services in libraries or schools.
Re: (Score:2)
All the more reason to support commercial providers of filtering software, rather than let the government create one.
At least if your library's filter is bad you can petition them to switch to a better one.
Re: (Score:2)
That's true, of course &mdash and applies to the likes of FDA, OSHA, and your town's building inspectors as well.
Re: (Score:2)
If your library has a filter your librarian needs to be fired and replaced.
Re: Women and children hit worst (Score:1)
Are all filters created by clever algorithms nowadays? HTML5 doesn't allow the META tags for PICS-label content ratings... So I'm guessing nobody actually content-rates their websites anymore, they just let other companies' algorithms label them?
Ahhhhhhhhh....... (Score:4, Funny)
ÃÃÃÃÃÃ
Pretty much sums it up.....
This already exists, it's called OpenDNS Home (Score:3)
OpenDNS Home is free and works great.
https://signup.opendns.com/hom... [opendns.com]
Re: (Score:2)
Isn't that the one that captures all domain typos instead of allowing for failure detection?
Re: (Score:2)
You can disable it if you wish [labnol.org]. You can't really expect a free service to stick around if you prohibit them from making money in any way. They gotta pay their bills somehow. And at least they let you disable it if it really bothers you.
Re: (Score:2)
Nice, thanks. As to business, if they wanted a few bucks a month for the service instead of ads that would probably be fine, but when it started up it was basically browser hijacking and made me skeptical about their entire service... How much redirecting were they doing? Was it also on the roadmap to redirect existing ad networks to their own? Are they going to express their political opinion via censorship? etc, etc.
Maybe I'm just too cynical ;)
Think of the Kids by Not Thinking of the Kids! (Score:2, Interesting)
This new tool makes it simple for parents to add protection from malware and adult content to the entire home network, allowing them to focus on working from home instead of worrying about their kids' online safety.
This is the worst "think of the kids" excuse I have seen. We no longer need to worry about our kids' online safety. We can hand it all over to Cloudflare and get some real work done for a change.
Fuck you Cloudflare. Fuck you.
Re: (Score:3)
Grow up. They're offering a service. If you like it, use it. If not, move along.
Re: (Score:3)
I'm considering the anti-malware one for my mother.
Re: (Score:1)
Unfortunately it will also block her BBC porn.
Re: (Score:2)
It doesn't even work. Stormfront is not blocked, LGBT support sites are. Whatever blacklist they used was complete shit.
Re: (Score:2)
Fuck you Cloudflare. Fuck you.
For providing a 100% optional service that parents can choose to use? WTF is wrong with you.
And what is wrong with Slashdot moderators today? Were only the tinfoil hat psychoes given modpoints or something? Why is this drivel being modded up?
A joke? (Score:3)
It's a good thing kids will never figure out how to bypass DNS based filtering.
Re: (Score:1)
Re: (Score:3)
yea - I mean having a setup like I do where all requests on port 53 are redirected to my preferred DNS regardless what a client sets
who would have thunk it - its not bypassed
DNS over HTTPS uses port 443.
You're welcome.
Re: (Score:2)
well what games / software can be run with out that in windows?
Re: A joke? (Score:3)
Re: (Score:2)
plenty of games it seams runs from under their c:\users\account, really makes it a pain when you have a drove/partician for OS stuff, and a games disk, and you end up with gigs and gigs of minecraft and roblox junk and other stuff.
even without admin, they still get the spyware crap installed along it too somehow.
Re: (Score:2)
If you're giving kids admin on a system you've already lost
Yup.
Re: A joke? (Score:1)
I'd argue that if your kids can figure out how to boot Linux off a thumb drive, they're mature enough to not need a filtered internet. ;)
Re: (Score:2)
I'd argue that if your kids can figure out how to boot Linux off a thumb drive, they're mature enough to not need a filtered internet. ;)
True, but likely no need to boot a whole OS for that.
Re: (Score:3)
It's a good thing kids will never figure out how to bypass DNS based filtering.
By the time they figure out how to bypass the filter, they are old enough to not need it.
8-year-olds should be sheltered from the ugliness of the world. 15 year-olds can make their own decisions.
If you are old enough to form a babby you are old enough to know how is babby formed.
Re: (Score:2)
Re: (Score:2)
It's a good thing kids will never figure out how to bypass DNS based filtering.
Define kids. Kids has a big range. Are teenager as a kid? Yeah no chance. A gradeschooler, well the point of that isn't to prevent them from bypassing a filter, it's to isolate them from the world so they don't realise that they *need* to bypass a filter in the first place.
Filtering definitely has its place. The fact that it doesn't work on 15 year olds is irrelevant.
What about Google? (Score:1)
So they're blocking *google* (and it's minions) too right?
That's the biggest anti-privacy elephant in the room.
Look at the date! (Score:3)
Let's hope kids don't figure out about IP addresse (Score:1)
That trick never works (Score:1)
2. 'Net Nanny' software never works. It either blocks things it shouldn't block (see above), allows things it shouldn't allow, or can be bypassed; what's to prevent your teenage son from using a numeric IP address instead of a URL?
3. Parents, are you really going to let Cloudflare have a say in how your kids are raised? Do you trust your kids
Re: (Score:1)
Re: (Score:1)
Also your dog wants steak; see to that soonest.
Re: (Score:2)
You are the one deciding, by deciding to use a simple DNS filter
Re: (Score:1)
You are the one deciding, by deciding to use a simple DNS filter
..no, you're ceding control of the situation to Cloudflare; you have no control over their choices of what is blocked and what is not.
Re: (Score:2)
Re: (Score:1)
Here's a better idea for you: how about you raise your kids to respect you and your decisions regarding them, so you don't have to use force to keep them away from things on the internet you don't want them accessing? Then you won't need a 'service' of any kind. Bonus points: they grow up to be better adults.
Teenagers aren't the kids we're talking about (Score:4, Interesting)
> what's to prevent your teenage son from using a numeric IP address instead of a URL?
Teenagers aren't kids in this regard. I guarantee you my 5yo isn't going to be entering IP addresses when she intended to load her school website.
> 3. Parents, are you really going to let Cloudflare have a say in how your kids are raised?
It's MY decision that I don't want Peppapig.xxx loading on her machine. This service is one thing parents can do to help avoid the.
> Do you trust your kids so little that you need to actively block them from so-called 'adult' content?
Given the things I've seen accidentally come up on screen during business meetings, no I don't trust that my kid will always know what's okay to click and what isn't. Especially with sickos out there purposely trying to trick kids and parents with sites and videos featuring preschool characters along with sexually explicit material and blood and gore.
You forgot the one I used to say. "Shouldn't the parent be staring at the screen and the kid all day? Parents don't have to poop, or shower, or work, right?"
Re: (Score:2)
No one gives a fuck. Let their agenda apply to block as much of the internet from kids as possible. No porn! Check, No politics, check, no other bullshit, check. Blocking things it shouldn't block for kids, oh woes me.
2. 'Net Nanny' software never works.
Net Nanny software works just fine for it's intended purpose. You just don't seem to have a clue what that intended purpose is and are catch-alling it with other requirements.
3. Parents, are you really going to let Cloudflare have a say in how your kids are raised?
You have no idea how the world works do you. Otherwise you wouldn't ask a question for which the answer is an obvious y
Well so much for the Domain Name System (Score:1)
DNS was designed to allow anyone anywhere to query a hierarchy of server to convert domain names (like for example "www.slasdhot.org") to an IP or IPv6 address.
This breaks all that... violates the DNS RFCs... and is an egregious censorship grab by a company known for denying DoS attacks. Now they'll be known for breaking DNS for anyone using them. Bad move, CloudFlare.
Ehud Gavron
Author of RFC-1535
Tucson AZ
Re: Well so much for the Domain Name System (Score:2)
Disagree that this breaks DNS. DNS still works fine. CloudFlare servers simply decide which requests they respond to.
Re: (Score:1)
Not really. DNS is about everyone returning authoritative and accurate data.
If you're unable to do that your DNS server is a "limited resolver" and nobody should trust it.
E
Re: Well so much for the Domain Name System (Score:2)
You can trust it if you trust CloudFlare, and due to their history of protecting vulnerable sites I think many do. Anyway as others have said you always have the choice not to use it.
Easy option for safe online home schooling (Score:2)
I'm the chairman of our school board and our school is closed due to the national lock down.
The teachers have handed out the classroom laptops (google chromebooks) and iPads to the kids.
Normally, within the school network, there would be a blanket filtering system in place.
The school principal sent out an email last week suggesting parents look into safe online practices for their kids - ie supervised, no technical solution given.
I don't like the idea of a filtered internet any more than any of the rest of
Re: (Score:2)
Except for those of us that care we've been doing it all along.
Sure, some of us may be more geek level to do it but anywhere from "kids computing devices in the living room only" to " well, I run a Pi on my home network that acts as a DNS server and hijacks DNS for known malware and advertising and tracking domains as well as whatever i decide to add".
Only change this work from home stuff has done is that I now throttle the "not my stuff" subnet of my LAN down to near dialup speeds while I'm "at work" since
It sounds opt in, so why should I care? (Score:2)
It appears you (or your ISP) have to specifically "opt in" by choosing to use one of the two DNS options (1.1.1.2/1.0.0.2 or 1.1.1.3/1.0.0.3) so why is it a big deal? These kinds of services (most being far more effective than simple DNS blocking) have been around for decades at both the individual and ISP level. As long as it doesn't become the default I don't think it really changes anything. And at least for the foreseeable future there are plenty of DNS servers out there if Cloudflare starts misbehav
Neustar has been doing this for many years (Score:2)
Neustar has been doing something like this for many years.
156.154.70.3, 156.154.71.3 for parental controls. Not DNS over HTTP, though.
https://www.home.neustar/dns-s... [www.home.neustar]