Slashdot Mirror
Ask Slashdot: How To Best Setup a School Internet Filter?
An anonymous reader writes "I was recently volunteered to be the network/computer admin for a small non-profit school. One of the items asked of me had to do with filtering inappropriate content (i.e. stuff you wouldn't want your mother to see). Essentially we want to protect people who aren't able to protect themselves, at least while on campus. Basic site filtering is fairly easy — setup squid with one of the many filtering engines and click to filter the categories your interested. Additionally, making the computer lab highly visible uses public shame and humiliation to limit additional activity. The real question — How do you filter Facebook? There is a lot of great content and features on Facebook, and its a great way to stay in contact with friends, but there is also a potentially dark side. Along with inappropriate content, there is a tendency to share more information than should be shared, and not everyone follows proper security and privacy guidelines. What's the best way to setup campus-wide security/privacy policies for Facebook?"
Just block it all together. Not worth it.
OpenDNS has parental control addresses, so it's a start.
Just don't set up a filter. Done!
No need to be doing that during school - it can wait, no, really, it can wait!
You are obviously going to ignore this so don't forget to burn the books in the library on your way out.
My mother was a porn star. There's not much that I wouldn't want her to see.
Slippery slope, my man.
Not being too unfriendly here given the fact that almost every other week the same thing gets asked here on Slashdot...
but I've had enough of these questions.
As far as I'm concerned,
You can a.) google for it
b.) hire someone
So don't bother.
Even if you block the filth and facebook, they'll find a way to numb their minds. Like watch youtube.
If you really don't want them to use the school computers for extra curricular web browsing, don't connect them to the internet.
There is a lot of great content and features on Facebook, and its a great way to stay in contact with friends, but there is also a potentially dark side. Along with inappropriate content, there is a tendency to share more information than should be shared, and not everyone follows proper security and privacy guidelines. What's the best way to setup campus-wide security/privacy policies for Facebook?"
In a word, don't. Unlike adults, teenagers won't have any qualms about bypassing your filtering. They'll use proxies. Tor. Thumb drives with other operating systems on it. Mobile phones. Secret non-broadcasting wifi networks. No filtering software yet designed has survived more than a few months in a public school without leaving the server running it as little more than a smouldering carbon scorch mark on the floor.
If this were a corporate environment, you could count on the fear and paranoia of being fired. You have no such power over teenagers... and many of them would do it even if you threatened them with life in the electric chair, because teenagers do not have good judgement. Even if you ask them "Is that a good idea," and they reply, "No," they'll probably keep doing it. And if you ask them why, they'll give you about as good of an answer as randomly seeking to some point in addressable memory and reading out whatever strings may or may not be present.
My advice... turn off the internet, lock the systems down, bolt them to the tables, put epoxy in all the USB ports, remove the optical drives, put everything behind plexiglass (little fingerholes for the keyboards), load up your operating system of choice and lock it down as much as you can, and then maybe, just maybe... you have a chance.
#fuckbeta #iamslashdot #dicemustdie
Either your organization agrees with facebook's content policy and you don't filter anything or you disagree and you block facebook. Why are you making this hard on yourself?
Also, you also didn't tell us exactly what kind of content on facebook you feel is inappropriate. Why are you making this hard on us?
So allow porn in your school?
More seriously... Just block Facebook, YouTube, and twitter. And then add some porn/warez filter.
Remember that in order for auto-filtering to occur, content that should be blocked must be defined by a set of rules that the computer has the ability to interpret (i.e. you can block pages with a certain number or type of profanity words, but you can't block pictures with a certain content). Keep in mind that a transparent proxy may not be able to block SSL pages, and they are encrypted everywhere between server and client. You'll need client software on each computer to get around that limitation.
First, like any project, define scope. What filtering is necessary, and what is "nice to have"? If you had a choice between allowing Facebook 100% and blocking it 100%, which would you choose? Both of those are easy. Then decide if it's worth it to put in the extra work to block only 50% of it, and decide how to define that 50%.
The best way to filter is to make sure that their screens are easily visible to passers-by. Kind of hard to watch porn when your screen is set up nice and high where everyone can see it.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
Many years ago I connected an Internet feed for a private girls school - a very conservative, christian, and very well respected one - in Sydney. During the setup I was talking to the Headmistress about if she had any concerns regarding the content the girls might access. I thought her response was particularly enlightened; her comment was something like 'Whatever you try to restrict will make them want to access it more, which they will do secretly and unguided. If we don't make any restrictions then it will never be a big deal, and anything they feel uncomfortable about they can discuss with their teacher. Good kids will know to do the right thing, and all our girls are good.'
If I had a daughter, I probably would have sent her to that school.
Until someone offers your boss a compelling case demonstrating the educational value of access to Facebook, you block all of it. The purpose of the computers is to be an aid to the school's educational mission.
Only educating the users would work. Explain how and why, then revoke user-IDs of the offenders.
This not only the wrong message to children, it's also impossible to outsmart a teen who wants to get on facebook.
Untangle is a free, linux based web appliance. Its basic functions are free, but there are subscriptions you can buy to enhance certain areas. Put it on a machine with plenty of CPU and Ram, with 2 nics, and you got a bang up free web filter. I use it at a school of 1000+ students and teachers on an old HP DL3800 G3, and it runs the 20meg line just fine, not too much overhead.
Given the utterly dismal record of Facebook the company when it comes to the privacy of its users, I wouldn't bother allowing access. Not only do you have your users to worry about, you have external Facebook users and Facebook itself - that sounds like a recipe for disaster to me. Aren't we due for a reset of our privacy settings to 'Everything shared with everyone' any day now?
I'm waiting for a "-1 somepeoplejustshouldn'tgetmodprivileges" meta-moderation.
You need to start reading up on the laws that govern this for school including CIPA. There are also K12 Tech specific sites like www.tech-geeks.org that have forums and mailing lists where topics like this are discussed all of the time.
plug it in to the net.
There is a lot of great content and features in homemade lunches, and they are a great way to stay in contact with friends and enjoy eating, but there is also a potentially dark side. Along with inappropriate content, there is a tendency to share more than should be shared, and not everyone follows proper nutritional and safety guidelines.
The solution is obvious: open a cafeteria on the premises and make it illegal to bring any outside food. This way total control over food quality and nutritional content can be achieved. Additionally, making the cafeteria highly visible uses public shame and humiliation to limit inappropriate activity, such as enjoying food.
... then your school should be teaching kids how to use the Internet safely. There just isn't any technology that will protect your kids from everything they might do wrong.
I suppose you have to block sites that would offend parents (though the kids probably know all about them) but relying on filtering software to keep your kids safe is abdicating the school's responsibility
Don't bother with the filters, stick all the computers in a supervised area and kick out any students who break the rules. Speaking as someone who is personally sick to death of being managed by dumb computer programs (time management and performance evaluating software), why not have a responsible adult present to help guide the students? An old fashioned notion I know, but they are at school after all.
You can't partially-filter Facebook, not in any meaningful or effective way. If you try, you'll fail. Either users have access to it, or they do not.
And for a school (assuming K-12), the hypothetical benefits are massively outweighed by the problems. Not just the content-filtering ones, but the waste-of-resources and distraction-from-task kind. Give kids easy access to Facebook at school, and your computer lab will become a Facebook lab. It serves no educational purpose, and just like the Gameboys, Walkmans, transistor radios, whatever toys earlier kids tried to play with at school that distracted from what they were there for, it's perfectly appropriate to say "not at school".
http://alternatives.rzero.com/
Obligatory Dilbert strip:
http://dilbert.com/strips/comic/1996-09-07/
If you are looking to set up a proxy/firewall, take a look at Pfsense. It scales well and appliances can be purchased
rather cheaply on the web.
Use the hosts file!
Damn it. Learn to spell.
Worry about bandwidth, not content. Find some way to throttle video streams based on bandwidth. That will discourage watching porno and videos, and keep the upstream link from becoming choked.
Make each student install a proxy on their parents' internet connection and give the student access to the proxy from school. All other internet access is blocked. If the parents will not allow the proxy, the student will not have internet access at school.
I'm only half joking
And it's a race you will lose, should you choose to enter.
But if you really want to play -- take a look at Untangle (http://www.untangle.com) for a Linux-based appliance (free versions available) that will do other things such as spam filtering, basic AV, and more. Paid modules (inexpensive) let you add web caching, which cuts down on traffic, especially when you have a bunch of kids in a computer lab accessing the same web resources. So you can solve the problem for the hard-connected machines that are fairly well locked down individually.
But in the end, it's a pain in the ass. My wife is a middle school teacher, and she complained about their school's filtering "solution" keeping her from researching and accessing useful sites until my son reconfigured her laptop to use a proxy that he and some friends run so that they can get around school filtering solutions...
Set expectations early and often -- you will be able to block most of the kids (and adults). Some will always get around the barriers you put in place, often just for the sport of it.
Unless you set expectations, you will successfully block things for 598 students -- 2 will get through and you will be castigated as a FAILURE.
Still want to play the game?
this.
I would have transfered schools had they tried something like this. Theoretically the students are all adults. Maybe you should treat them like it?
Adults?! Surely you jest, Mr. Coward?
They are children and should be treated as such. Their brains aren't developed enough to understand many things out there, they lack judgement and are prone to do somethng quite stupid and even harmful. And even if they're over 18, I STILL wouldn't trust them too much.
Here's a prime eample. Fortunately for Ms. Dell, she had a team of guardian angels watching her. Do you think the average kid has parents or guardians that have the time to watch everything a kid does - especially when not at home?
And this is a school we're talking about. All you need is one girl to get postings from an old guy and that school and this guy will be up to their asses in lawyers and cops.
Your bosses and the parents of your students, whose desires are expressed to your bosses.
Ensure you don't own the decision.
The purpose of filtering is to demonstrate you have filtering.
After your bosses define what they want, give it to them as best you are able but get it in writing (spieling that it protects everyone to do it that way). Have a written AUP, etc.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
The only right thing to do is not censor. Censorship is wrong and your ethics should not be forced onto the students.
Fuck you, that's how.
I re-evaluated my works network filtering solution a couple years ago. The best class of solutions at the time were dedicated network appliances. There are a lot of vendors in this category. I liked iBoss and Barracuda the best. At the time we had a solution from 8e6 technologies and it wasn't dealing with the bandwidth that we had. At the end of the day I went with iBoss because they gave us development support to add some new features. Something that just didn't happen with any other vendor we were talking to. The box is pretty solid. No issues in 3 years and it has all of the features that I needed (blocking the bad stuff, logging everything and cross platform SSO). Also, no issues with ~1800 users. That said the Barracuda wasn't a bad solution either and I have a friend who implemented one for his organization. For what it's work the iBoss was a bit cheaper.
If you don't want to go that route there is always Untangle [http://www.untangle.com/] and the like.
Hope that helps!
and do not let them access so called "social" networks. if you do that you open yourself up for liability.
I'm assuming its not a university or a college. If thats the case you need to be 18 to have a facaebook account acording to their ToS. So, no kids should need to get to facebook.
If you nothing more to say then "Don't Filter A Thing," you waste his time and ours. It is not his decision to make.
The small non-profit school won't have the money to hire extra staff simply to monitor whatever passes for a computer lab. The geek may not like the idea, but a filter will have to carry part of the load.
Locate Facebook's main data center (Prineville, OR ?), and find the nearest electrical relay (big green thing). Hook up Honda generator. Run. Run fast. Done.
Your assumption that content people might find--Facebook or elsewhere--that is more harmful to them than a censorship policy just handed down to them--is false. This is your chance to confront the people asking you to implement the policy with a couple of questions:
1. Given all the ways people get uncensored internet even under autocratic regimes where the penalties are brutal, what makes you think any censorship policy could work?
2. Which feasible projects are you willing to divert resources from in order to tilt at this windmill?
Don't let them answer 2. until they've got 1. well in hand.
What part of "A well regulated militia" do you not understand?
You could just setup per user vpns that go through their individual home networks. If the parents want to filter, let them do it. Give them a grace period when the student registers or starts. If the parents don't opt-in and provide the home vpn after the deadline, that child browses unfettered.
If they're under 13 (elementary and middle school age range), they're not allowed to access Facebook due to their terms of service and (in the US, at least) COPPA.
From Facebook's terms of service:
You will not use Facebook if you are under 13.
This is due to the Children's Online Privacy Protection Act, which requires verified parental consent before children can provide information to the website. While this does not impact you directly (that is, the FTC isn't going to knock on your door), you could get some heat from parents or administrators for allowing it at all.
Personally, I think the law is too draconian, but I wouldn't put my position in jeopardy to protest it.
Use PFsense with Squid Proxy WAN object caching and DansGuardian (with the paid list updates) and on top of that, OpenDNS filtering.
OpenDNS will help with malware prevention and botnet computers.
Use Unbound forwarding to pull OpenDNS but also locally cache DNS entries for faster response times.
Block DNS port 53 from exiting the WAN from anything but the pfsense proxy to prevent circumvention of your local proxy.
Forgive me if I'm wrong, but does a School not have a duty of care towards the students - and thus all mature and most social media sites should be blocked, not just to prevent access by the majority, but to avoid offending the minority who might see over another student's shoulder.
Also I hear a lot of "have the computers facing the teacher" comments, but nobody is discussing one-to-one laptop programs where the screen is a lot easier to hide.
While it's not clear from the OP what the age range is, assuming K-12, I would suggest different classes of filters for different computers/connection types. I don't like filters, but begrudgingly consider them a necessary evil in schools. At best, they prevent accidental access to "material nobodies mother should see, and at worst, they either try to enforce a particular brand of ideological puritanicalism or create a false sense of security and oppressive environment students will rebel against. If your organization is hellbent on imposing a particular world view based on some strict religious definition of morality through filters, I hope you fail miserably.
Soap-boxing aside, Age ranges, and how public the computer is are the main factors that determine how strictly you should filter. Your public computer labs are easily monitored by having a staff member present, and the knowledge that the screen is visible to others in the room should be sufficient to prevent misuse. Filters for the lab should therefore be tailored to prevent accidental access to obscene material and malware, otherwise students should be able to access almost anything in a controlled setting.
Less public locations are the real problem if this is a K-12 environment. Honestly, I'd completely block social media on any computer that isn't constantly watched as part of a lab environment, particularly if the location of the computer is relatively secluded. The harder it is for a staff member to approach from behind without the chance for the student to alt-tab or alt-f4 their way out of something they shouldn't be accessing, the more restrictive that computer's internet access should be. If your school offers Wifi access to students, this should probably default to being the most restrictive form of connection in the school. Access to social networking, private email accounts, and the like should be broadly blocked from poorly supervised computers. If email is part of the instructional program, it should be with school provided email accounts which have no expectation of privacy - if students have social network profiles or private email accounts they can access them in a public lab if you permit that or from home where it's not your problem.
Staff members should be able to override filters on a case by case basis for students. If this capability is provided, I highly recommend you set it up so that the way it works requires that the teacher or other staff member add exceptions from their desk and never from the student's computer. Exceptions by most staff members should be temporary and confined to their area of responsibility with the ability to request review by the administrator for a longer term exception - ie a teacher should be able to unblock facebook for the day in their classroom in order to use it for a lesson, but not for the whole school.
Also important, assuming you are dealing with K-12 students, you should monitor student's computer use, you should be up front about such monitoring and it's extent, and you should follow up on it.
You should also strongly consider talking to your institution's lawyers about some sort of permission form/disclaimer to be sent to parents stating the extent and limitations of filters. IANAL, but it probably needs to spell out that filters are never perfect, and that the administration is making a best effort, but can't guarantee the ability to foresee everything harmful that might exist on the internet. Ultimately, a lot of online safety is not filtering, but educating children to be smart online and protect themselves.
If you implement filtering, then the first time "something bad" gets through, be prepared to be the fall-guy.
Don't waste your time with filtering. It will just make the kids want to see the "blocked" sites more. Anything you do a kid can get around in no time. If the kids are under 18 then it should be the parents call on whether they are on FB or not. The teachers can surf on their own time OFF the clock.
Just put the modem in a locked closet or the principals office with an on/off switch. When you need to get online to download software or access some educational site you can turn it on just for that.
There is a lot of great content and features on Facebook,
Oh my sides. Please! Stop!
and its a great way to stay in contact with friends
This doesn't need to be done in class or at work.
I have to return some videotapes...
Among managing IT for approaching 100 users I run the internet filter for a youth group. We provide free internet terminals for them to use. We used to score pages on facebook myspace bebo etc based on keywords. We need to allow https traffic for various reasons. Facebook are now pushing their user base towards https for profile pages to prevent various cookie hijack based attacks, this means we cant effectively filter their traffic, therefore I have suggested it should be entirely blocked. You cant filter https.
www.pfsense.org Setup squidguard. Easy, fast and with carp you can put in two for failover.
Actually, many of the more complex commercial firewall products CAN partially filter facebook. For example, you can permit reading but block posting updates, or permit access to most pages but block Farmville and all streaming media from fbcdn.' I've always thought the easy way to cut down on problems with this sort of Internet access was to permit Content-type: text/* but block all images, audio, and video. Basically, let them read Playboy for the articles!
I do not deploy Linux. Ever.
You can't solve a social problem with technology. You can try but you'll fail. Any protection you build someone will go that extra mile to break it - and break it he/she will.
It is always better to be a first grade version of yourself than a second grade version of someone else.
If you control the terminal, and don't mind invading the user's privacy (and possibly increasing your liability, e.g. if passwords are compromised), then yes, you can filter HTTPS just like you filter HTTP. All the major commercial web filtering appliances can do it, as can Squid: http://blog.davidvassallo.me/2011/03/22/squid-transparent-ssl-interception/
I do not deploy Linux. Ever.
The trouble with not-for-profit schools is their budgets are very low for things like this. The OP clearly wants a free as in beer solution.
OpenDNS all the way
If you are looking for a free program to filter with... Snort does a good job. It is an IDS (Intrusion detection system), but it is flexible enough that it would work as a very good filter, allowing you to filter by keywords, domains, ports, have-at-you...
You can combine that with lists of questionable content and you'd have yourself a pretty effective and versatile system.
These kinds of rules are probably most relevant to your interests.
http://comments.gmane.org/gmane.comp.security.ids.snort.general/33780
The arch foe.
Yea. I totally don't get those two guys. If they can't even bother to set up a cacheing DNS proxy, they deserve to pay hundreds of dollars in fees.
I've been a school network admin for half a decade..
Some of the other posters here have no idea what they are talking about when it comes to k12 filtering requirements. The "YOU SHOULDNT FILTER" responses are amazingly stupid in this space.
If you take E-rate funds for your internet/phones you have to be CIPA compliant. Not having a filter is a bad idea. Think of all the fun liability if no effort is put into a filter. I would recommend being CIPA compliant regardless of the E-rate situation.
Facebook? ... Is it really worth the problems? If bullying via facebook takes place on campus -- you will have issues. Lawsuits are not worth it. Block that stuff. It's silly not to over 'cool info' that you can find on facebook. The insane conspiracy guys saying things like "OMG IF YOU FILTER AND SOMETHING GETS THROUGH YOU WILL GET PWNED IN COURT" are just that. Insane. Look, if you put forth a reasonable effort to block unsafe content and prevent bullying you are going to be in better shape than making zero effort and turning a blind-eye.
I use a filter from lightspeedsystems.com -- it's in the area of $8/year per machine.. it also comes with a mobile filter option that will query your local server for district machines that are off system. I don't work for them and am not affiliated (in fact.. some days i despise them.) I have however actually stopped potential suicides due to the search filtering and logging/alerts. There are other products out there, but this is one that is pretty popular in our area
Facebook is near imposible to filter. My suggestion is use something else such as Moodle, MyBigCampus, or Gaggle that either is filter for you or that you would have complete control.
I had great success with this Norton's Enterprise Web Gateway Security Software.
http://www.symantec.com/web-gateway
It was easy to pick the categories of content you want to block. For Norton's enterprise security software, I loved the very lightweight footprint that runs on user's workstations, while the main install goes on the internet gateway server. Much less RAM usage, bloatware, etc... on user's workstation compared to McAfee. You can remotely install clients who are on your AD network. And pulling down latest definitions was easy.
Make subnet the schools machines on unroutable. Setup a squid http://www.squid-cache./ proxy and use http://www.squidguard.org/ http://www.squid-cache.org/. Point all machines at the squid cache. It is how my friend got threw teen years with his kids. The easier approach: K9 Web Protection - Free Internet Filter and Parental Control ...
www.k9webprotection.com/ is another interesting choice.
Still a lot of arguments are correct, sometimes it isn't worth trying to sanitize things, better to try to learn about them.
DNS Redirector all the way http://dnsredirector.com/ Block everything, or block by categories, never any subscription fees.
Been working in Education for the last decade and I can say give it up. I have never seen any filter work more than a day at best. Lightspeed whatever just doesn't last very long. Kids start with proxy, but quickly switched to stealing passwords. The school year is only a week old and I have already seen a fairly complete list of staff passwords and ever our sys admin password. Get a Federal approved filter and do the best you can, keeping the systems working will kill all the time you have believe me.
If the school is any good it should be part of the curriculum to teach
students to think for themselves.
Not joining Facebook would be a good start.
As for filtering the rest of the web, you might as well try to stop
the ocean tides. Children are curious and they have lots of time.
Sooner or later they will defeat all your efforts and then YOU will
end up with egg on your face and probably a dismissal from the job.
As others have already posted, what you need is untangle. It's basically built to help you manage schools.
I really hope this is not at the university level. If it is, walk out. You do not filter adults.
One such company is Socialware, for example. I think for a lot of these settings Facebook has exposed assets and you can directly manipulate things in a "whack-a-mole" fashion, but hiring a company like Socialware gives you all of that managed for you in a proxy. Obviously this is out of reach of one guy running an elementary school, though.
It doesn't hurt to be nice.
1. Block outbound dns and force all queries to go through a central DNS server
2. Filter the domains that server allows to resolve
3. Adopt zero tolerance policy to evasion of firewalls
4. Do random audits of network traffic and punish anyone caught bypassing the firewall by any means.
5. Install deepfreeze so that students can't monkey with the machines
number 4 is good because you don't want your policies to become a joke. Kids these days are hardly technophobes, and you may need to be prepared to match wits with another nerd in the making. You need to instill a healthy respect for your rules.
If this sounds overbearing, then reconsider what sites you wish to filter out. Just remember, a policy is no good if it is not enforced.
. The filter list I use catches the vast majority of smut, adverts and other undesirables but there's no way you'll catch them all.
Look, no SIG!
Yeah, but which ready-to-go Linux firewall/proxy combo really supports whitelists.
I've research (though not used) ClearOS and a bunch of the others, and whitelist seem to be a feature that people ask about in the forums as opposed to something that's a first-class feature.
For a restricted use environment, like elementary school, it would great to add 10, 100, 1000, or even 10000 or 100,000 websites to a list and be done as opposed to chasing every new weird site.
As far as 1st Amendment issues, think of it like this: The library doesn't subscribe to every magazine on Earth, right. At most, it gets 100 or so. So just consider whitelists as subscribing to ten thousand websites.
What would be awesome would be: You (attempt) to go to a non-whitelisted site. You get an error message with an HTML form. Since you believe it to be useful, you fill in your whitelist request along with a reason, hit Submit, and it instantly goes to the librarian (?) or whoever's in charge of whitelisting, and they have a quick look at the site and approve or deny.
Anything like that available for Linux?
I'm not a lawyer, but I play one on the Internet. Blog
Buy a DNS-based service like Internet Guide from DynDNS and move on to the next project. The admins can tell you which twiddly bits to flip on their configurator, othewise what you see is what you get.
Possibly set up an internal recursive DNS with zones to allow some machines to go out unfiltered.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
I work for a non-profit that has teen centers. Its not fool proof, but a setup of squid + dansguardian + OpenDNS does a decent job of filtering for the good ole price of nothing but the hardware. Of course nothing ever beats having an adult in the room keeping an eye on things. Plus you can do some url matching in squid to allow only certain Facebook sites if you want.
Done. I used a 80C for a private school of 300 kids and admin office. No viruses on the LAN in 2.5 years, no porn either. Unless you want to spend your time messing around with build your own solutions; I assume as a volunteer you have better things to do with your life, this is the best solution. We use the 110C at work and soon will be upgrading to 100D. Great products. Does take some time to get familar with it, but all good products require some time to learn the UI and how it works. They have great KB and HowTos on their web site.
For decades, 'social media' sites and their precursors were blocked by the various services under the DoD. Facebook is available today, along with all the attendant problems, because the Secretary of Defense ordered it available, along with youtube and various other sites.
I can't imagine a Dean having much less power to simply declare it an educational tool and tell you to 'make it work'.
I don't read AC A human right
The big message that the kids would have in their faces is that speech is not free and a bit of confrontation or sense of propriety somehow justifies censorship.
How about teaching kids that speech sometimes hurts and people do get hurt from time to time and that is just part of being alive?
I worked for a company that sold web filtering devices primarily to schools. The school admins spent more time hunting down proxy sites, web proxy sites, figuring out how to block kids running SSH tunnels off their home PCs and tunneling with putty on a USB stick. The web filter did awesome, until you got one smart alec in the mix and taught everyone else how to bypass it. THEN you start in on locking down the PCs with GPOs, adding layer 3 filtering for external proxy sites, prohibiting any unknown executables from ever running (yeah, makes those self-extracting printer drivers fun).
Glad I'm out of that business.
"I was recently hired to be the network/computer admin for a large for-profit corporation. One of the items asked of me had to do with monitoring inappropriate content (i.e. stuff you wouldn't want your BOSS to see). Essentially we want to monitor people who aren't able to protect themselves, at least while at work."
Effective Internet filtering cannot be done at this time. The only option would be to have every page cleared by a human being in real-time.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
It can filter out apps and stuff from facebook, i know from personal experience. it can block VPN its goddam annoying as hell to get around.
Just find an open proxy with a Chinese IP, and send all traffic through it. Or, you can just send all the kids to China. Your move fascist.
Websense Content filtering is the right solution for this problem. you can just block the content you want on facebook. every other thing on facebook will work only the the stuff you don't want the user to see/read will be blocked. great product and right solution for this kind of problem.
Depending on the size of the school and how much traffic is being generated you might try investing in a hardware proxy. Something like Bluecoat Proxy SG. I've used it for large corporate networks and it really is quite effective. Again as a couple of others have noted it's hard to block specific things on a website, but that is not to say that it cannot be done. Another alternative would be to use k9 web protection. It's freeware, depending on how many computers you install it on individually. Each license requires an individual email account. Good luck with the website blocking!
I don't want my mother to see the NRA website lest she give them more money.
If you have no filters then you're going to upset everyone for exposing students to plainly unsuitable material. If you block only part of the net, you'll upset fewer people but still there will be cases where someone objects to something that they think should be blocked and isn't. Block everything and you satisfy everyone and stop the young minds from going out and looking for information to allow them to do their own thinking and decision making.
We've got to stop them young'uns from doing any critical thinking on their own, ya' know.
But, of course, log everything.
Let the school do what it's intended for, and educate the kids on how to use the internet safely...
If you setup a strict filtering policy it will never be perfect, and people will still come across content they aren't meant to see, or as mentioned in the summary they will make dangerous levels of information available to the public via sites like facebook. Also you will always get a few kids who will actively try to bypass the filter, being told no is the biggest motivator for some kids (i was one of those).
Another thing to consider, is while you can try to protect them from potential dangers on the internet while they're on campus, all you are really doing is leaving them less prepared for the real world. They won't consider that you were trying to protect them, they will just think you were trying to restrict them, and when they find themselves with access to an unfiltered internet connection they will encounter and/or seek out all manner of content.
So the key is education... And that's what a school is supposed to do, prepare kids for what they will encounter in the real world, not hide them away from it.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Just drop the domain, kids shouldn't be on Facebook at school
#include <sig.h>
Have you thought about that?!
Or is it an American school?
As a European (Belgian) it is shocking to see an almost complete lack of outrage.
Filtering is bad. No excuses.
If you raise your kids as if they are irresponsible, they will be irresponsible.
( remember)
Raise your kids in a sense of mutual trust and respect. Learn them what parts of the internet to avoid. Spend some time surfing together. Learn them to talk about things that confuse and upset them. That is the only safe way: put the filter inside the kid.
Or in a more populistic way: raise your children to be good citizens, capable of moral choice and prepared to take responsibility. Raise them with the values of democracy, allow no censorship.
You need to either make the filter whitelist of approved sites with a librarian able to add things on the fly, or don't even waste your time because the kids will be spending their days searching for porn sites that you haven't yet blocked.
If it's a computer lab dedicated to research and approved uses, then whitelist. If it's computers for general use, where they can check email, there's no excuse for blocking. Partly this is about the age of the students -- I'd expect younger kids to be on whitelist only, while in high school, they've already got live streaming hardcore porn on their smartphones.
"Setup" is a noun, not a verb. Your title should read "Ask Slashdot: How To Best Set up a School Internet Filter?".
Back in 1999 or so, I was asked to do something similar for my church. (Believe it or not, people were really coming to church in the middle of the night and using church computers for porn. Actually, 'person'.) At that time, there were no good OSS filtering proxies, so I settled on a simple solution: accountability. We setup a squid proxy with a login requirement, and then we emailed the account holder a list of all the websites they had visited each day. Instantly, we had no porn problem.
Not sure I'd want to take this approach in an academic environment; a great deal would depend on the school, the age of the kids, and the values of parents, but I thought I'd mention it.
Nowadays, I'd just use a filter in the router forcing all DNS requests to go to OpenDNS, and use OpenDNS' content filtering. It's not as fine grained as you might want (it only works at the domain level) but it's still pretty effective. In this area, there's no such thing as 100% -- all you can do is try to keep it down to a dull roar.
"He who would learn astronomy, and other recondite arts, let him go elsewhere. " -- John Calvin, commenting on Genesis 1
OK. Go ahead and block Facebook. But, it's hard to use the Web without a search engine.
Google and Bing provided instant access to all sorts of porn. Let me know how it works out
for you.
All other comments give teenagers too much credit. And, by the way, block google cache too, as it can be used to bypass badly implement filtering (I've seen it!). But, the best thing you could do to keep your implement system working, and this is assume you have a small school, is to approach the kids that could be bothered to bypass it (both the ones willing to google and the ones that know how) and tell them the next: "DO NOT LET OTHERS KNOW ABOUT IT!". There is little point in telling them not to do it, as they will do it if they want (teenagers), but you don't want that to spread. Better to have 5 kids with unlimited access and everybody else locked down, in my opinion.
Now, the best solution would be: no internet. If they are kids below 12 anyway. For above that, those are the ones you have to worry about. They are also the ones that will make whatever you implement useless. Good luck!
Many years ago I setup some school filters with Squid and DansGuardian. If wouldn't make any sense to do it today. Kids have unfiltered Internet at home and usb keys and phones to carry files around. Lots of school Internet connections have quotas and performance that are years out of date and filters that go completely overboard. Many kids have faster Internet connections in their pocket. The Internet isn't a scarce resource you can be gatekeeper of anymore. Adults, both parents and teachers, need to engage with kids again instead of relying on companies and technology to do their job for them.
Here's a simple idea - leave the internet open, you can't win. If you censor the network, you're teaching a lesson. You like many others at the school teach students lessons - some directly and some indirectly. So what will that lesson be? That you're good at following orders without thinking beyond how to complete a specific task? Will it be that censorship is actually a reasonable thing? Will it be that control like the kind you suggest is a reasonable thing? To shame people, perhaps in their only point of access?
I work full time on an anti-censorship system. I'd rather not need to do this task and I'd rather not be your enemy. The natural tendency of humans in a position of power appears to create the need for my job. Please consider a path that does not put us at odds.
When you ask how best to censor the internet for people - through shame or technology - I think to myself that you are teaching the wrong lesson. The best kind of internet censorship implementation would be refusal on moral and ethical grounds. If the school takes government money, I'd also suggest refusing on Constitutional grounds. Consider that if you're going to volunteer at the school that you could teach some kids about Tor to drive the point home and to give them some useful life skills that they'll need.
Some of the Tor developers would be glad to come give a talk at your school, especially if it would help you to make the right choice. Drop them an email at tor-assistants at torproject.org
No they don't block everything they want censored, that would let people *know* there's been censorship, their wall more insiduous than that.
It's a sort of man in the middle attack doing http-redirect in combination with IP spoofing, to serve a 'sanitized' versions of websites that china finds controversial.
You'd be feeding the students lies and obfuscation, or at the least untrustworthy data. I tested the feature when the core router was in development, and they've told me this feature was specifically requested by china.
The best thing to do is educate the students (that's what the school is there for, right?). Teach them proper security and privacy guidelines and why they are there. Kids will follow a rule if there is a valid reason for the rule and the kid knows the reason. (If there is no valid reason the rules are in place, then they don't need to be in place.) Then these kids will be safe not only on the school computers, but on their home computers, cellphones, ipads etc. etc. etc. If they break the rules then punish them for that. But don't treat them like rule breakers before they have even broken the rules, and don't hobble them by refusing to educate them.
For a private school, executive went for e-Safe (http://www.safenet-inc.com/data-protection/content-security-esafe/) on Mac and PC.
It a system that transmits a machine ID along with running a keylogger and screen capture. Key presses are filtered through a central filter that alerts on things such as IM preening, online bullying, self-harm indicators, and inappropriate search terms. Screen caps are thumb-nailed, identified by machine ID, and monitored by humans for inappropriate images or video, etc. The content filter blocks and logs URLs any websites we request or fit their blocklists..
The House Heads are emailed logs of inappropriate activities on a weekly basis, and self-harm or bullying activities are emailed or SMSed immediately.
My role is servers and I haven't seen any of the logs, I just provide login logs and supporting documentation. All devices on the "guest" or "mobile devices" SSID are have a school captive portal that requires their school login.
It seems to work well, in that people are educated post infringement. It has also alerted staff to possible at-risk students (including boarders) and a couple of webcam sessions involving minors. Since it's installed, it does have the vulnerability of being tampered with, but they also alert us to attempts to circumvent e-Safe.
Note: I can't verify it's effectiveness since I don't see Pastoral Care issues. You will need to decide whether it fits your situation. I have some moral objections, but I don't make those kind of decisions...
"We know what happens to people who stay in the middle of the road. They get run over." - Aneurin Bevan
Squid + Dans Guardian will filter both by URLs and by a system of weighted words, when a page is over the limit set, it blocks it.
Instructions for set up on debian (with NTLM for identify Windows Domain users and giving them different filtering based on their username:
http://www.petespcs.co.uk/petespcs/2011/10/dans-guardian-and-ntlm-from-active-directory/
This was done for an internet filter for a school, blocking can be done for only things you are concerned over, and actually we have whitelisted .ac.uk and .edu domains.
You can't do it on content.. aren't you SOL.
For a happy moment there I thought this was going to be a discussion on how to improve the internet's signal-to-noise ratio.
But no, it's just another banal post for people who think their children are too stupid to deal with the real world.
"stuff you wouldn't want your mother to see" What like naked bodies and swear words? She's given birth to three children. I'm fairly certain she's seen more naked bodies and spouted longer streams of vitriol than I have. OMG! Boobies! Quick, cut to a war film. Or a gratuitously gory horror.
> There is a lot of great content and features on Facebook,
dafuq did I just read?
Yes, there's going to be a group of kids who are more determined and resourceful than the person asking. In a nontrivial number of cases, they're called "future sysadmins". That's not to say that they'll all do so or that it should be a motivation for whether things get filtered at all, but it is a byproduct worth mentioning.
That said, you raise an argument of questionable logic. Essentially, you've stated that because he CAN'T block EVERYTHING that he SHOULDN'T block ANYTHING. That's not really the way things work in K-12 education. See, if it takes a proxy, a VPN, and a memorized IP address to get to content deemed inappropriate by the powers that be, then anyone who has gotten to it has shown clear determination to do so. Thus, it's significantly easier for the IT staff to say "We have had filters in place from the get-go that block this content. This student used an incredibly elaborate method to get around these filters, and this method no longer works as we've updated our filters to accommodate it" and thus place blame squarely on the student for determination and intent. Using your method of leaving the floodgates of the internet opened means that answering to those same people when a student accidentally stumbles upon objectionable content will sound like, "we don't have any filters because they don't work 100% of the time". Reference-free job hunting starts in the morning.
If a student wants to get into the building after-hours and orders his own RFID card off the internet and programs it to minic another card to unlock the door, it's going to be much tougher for the school to sue the security company than if the security company left the doors open 24/7 because there are 20-foot high windows.
Sure, students will bring in their issues of Penthouse or USB sticks with the contents of the latest pr0n torrent if they're determined to do so, but once again, it's how and where. A student walking into school with Penthouse in his backpack didn't get it from the school, therefore the school can't be held liable for the actions of the student. If the student downloaded an issue of Penthouse on a school computer, by contrast, now the school has made possible something that (for the sake of argument) the parents find objectionable and it's easy to point the finger at the IT admins since even a basic content filter would have mitigated the issue - or at the very least raised the barrier to entry significantly such that the IT staff can once again say "we can't block everything, but the filters do block all but the most determined attempts to get where he got" and absolve themselves from responsibility.
Yes, supervision absolutely needs to happen. The original post explicitly asks how to make supervision easier for that very reason. The question being asked isn't how to replace adult supervision with a technological solution, it's how to assist the teachers and try to fill in the gaps for the moments when the teacher is focusing on student #1 who happens to be seated at an inconvenient angle to observe student #2 doing the same thing.
Looking around, almost all of the people around me are talking to people on FB chat right now.
Of course, I'm on Slashdot. So I can't really say anything.
I am the IT staff at a state institution for delinquent youth. We are a 24/7 facility and the kids live on campus. This is a BIG issue for me. Background: There is a federal program that will pay for school connectivity, web filters, routers, switches, etc. and also pay for some "basic maintenance" on that equipment. In return all the FCC asks is that you obey CIPA (47 USC 254). CIPA mandates a "managed" web filter with the ability to locally override any blocks. This program is known as E-Rate. Currently if you are not at 88% free/reduced lunch or higher you will not get funding.
I use a light-speed rocket box. This is nice because I can have a fairly restrictive policy in place for students and non-authenticated users and then give authenticated staff and teachers the ability to override some sites (i.e. Facebook). For the computers in the dorm I lock down web surfing with a GPO white-list. Nevertheless, sometimes the kids manage to find inappropriate content, say on the BBCs music site. This isn't all together bad though, since if a kid is willing to put that much effort into finding a 2 minute clip of some gangsta songs then that tells you a lot about the kid’s priorities. For this reason I am working on a "special" Lightspeed rule set--feel free to suggest a name--which will redirect all streaming content to pink flamingos or Barney the Dinosaur or sumptin.
So the answer here really boils down to read CIPA and follow it. There may be some funds to go along with that.
Also we try to give the kids a LOT of things to do besides surfing. We have a green-house they run and we grow some of own vegetables. We take them on long bike rides, they make pottery, ride horses, etc.
I get the impression that many kids have smartphones these days. So this whole thing seems moot. If they want to get to inappropriate sites they can look them on their phones or use facebook from their phones.
We used many products over the years, N2H2, Websense, etc, the best I found was Dans Guardian running on squid, relying on key words rather than basic url blocking (whitelist/Blacklist). If page hits threshold of X number of bad words it became blocked. However it took a lot of tweaking. This also allowed for different levels of blocking per grade level.
However, after years of blocking etc, I found it mostly useless in grades Jr High and up, you have a giant group of users spending every hour of the day looking for ways to circumvent the blocking. And as you block the more well known sites, playboy or proxy.org it just sends the students to even less reputable sites on the web. It didn't help that the administration wanted google images blocked, just in case some nudity came up, so when students wanted image searches, they had to go to sites with even less control than google images, adware, and even more porn. It was this kind of stupidity that caused me to leave the job.
TL;DR
K-6 your basic filtering should work, danguardian recommended
7-12 I think it was a hindrance to research and at worst forced them to browse even worse websites.
I work for a school myself as an IT director. Before you get too far into making a custom filter you need to familiarize yourself with CIPA (Children's Internet Protection Act). If you are working at a school receiving public money you have to follow CIPA to a "T" or your school may lose its E-rate funding which is likely paying for the internet access in the first place.
is called an Air-Gap. Simply unplug the Lan from the Internet and have no internet access at all. It's certainly cheaper then worrying about filters and such.
Find some trustworthy high schooler who has study hall each period. Let that student hang out in the computer lab instead of study hall, in exchange for monitoring obviously inappropriate websites. Give them a line to a teacher if some douche is looking at porn and won't stop when they tell them to.
This is what my high school did; I was a computer lab monitor sometimes and it worked out pretty great. Only rarely even had to do anything (there was totally one moron who kept looking at stuff that he tried to claim wasn't softcore porn even though it really obviously was. He did get in trouble for it eventually.)
As for why you block porn in school - it isn't because kids shouldn't be allowed to see it if they want. I truly believe that you should block elementary schoolers from seeing that kind of garbage, but if you want to see it in junior high (i.e. after you've at least hit puberty), go ahead. You block porn in school because most people -don't- really want to see it, and it's a public space. Go view it in your bedroom by yourself.
I don't think there's really much you can do about blocking peoples' ability to give away information they shouldn't, without going crazy and blocking damn near fracking everything...
You need a purpose built product that is not only specifically designed to suit your needs, but is also highly effective and updated on a daily basis.
You need a product like WebSense. There is no Free / OSS solution that comes close. Not even Dan's Guardian is anywhere near as effective or reliable.
> Essentially we want to protect people who aren't able to protect > themselves, at least while on campus.
No you don't, or if you do, then I question how much thinking you really did about this motivation you claim to have.
What are you protecting them from? It seems to me like you are trying to protect yourself from parents who would complain. I understand that but, be honest about your motivations. Filtering doesn't protect the person who is denied access to what they wanted to see.
"I opened my eyes, and everything went dark again"
Get you a computer, just about anything modern will do, and a couple of supported nic's. I used the TEG-PCITXRL because I have use older model low profile optiplexes.
http://www.pfsense.org/
Firewall port 80 and port 443
set up squid
set up squidblock
Create a wpad.dat file and put it on the web server, so browsers will automatically configure to use the proxy as long as they are set to automatically configure
Then download some freely available pre-categorized sites. I used these, but you can also use shalla's if you are a non-profit.
1. http://dsi.ut-capitole.fr/documentations/cache/squidguard_en.html#contrib
2. http://squidguard.mesd.k12.or.us/blacklists.tgz
3. http://www.shallalist.de/
I also downloaded the list of websites that adblock uses from easylist, and put it in the right format with a quick macro in my text editor:
https://easylist-downloads.adblockplus.org/easylist.txt
You can get really fancy if you want, and if you have a domain you can do a man in the middle proxy by creating a certificate then installing it on your pfsense box and each desktop. This would allow you to just route all 80 and 443 traffic through squid, and then you could use dansguardian to do keyword filtering. For your application I would probably steer clear of this for now, because you need to have a good way of making sure that EVERYONE knows that you can see their passwords to banks, emails, etc, and it's in a policy they sign or you could get in deep doo doo.
As a former school-district sysadmin, I'd say that blocking (bad) content from a school while allowing (good) content is nearly an impossible task. Obviously you can make a good effort, but it's an arms-race you can't win.
One should not underestimate the resourcefulness of a school full of bored teens. Hell, some of the most amazing stuff I've done was while I was in High School.
As an adult, it's not easy to pick this stuff up with the time available. Being young with an active brain and free time is a powerful thing, and a school full of semi-intelligent bored teens can be a pretty interesting place.
You'll need to setup fine grained application controls. People can go to Facebook and post status updates etc but cant play games, or use chat and email functionality. Blue Coat has both an on-premise and cloud solution and you can try those out for 30 days. If you are looking for a free product you could use K9 Web protection.
http://www.opendns.com/
Several have mentioned content filtering, but I don't see recommended solutions that work fast and effectively. Here's one that is open source:
Have a look at WillowNG: https://launchpad.net/willowng/
Teacher: We don't want them on facebook, because they might take embarrassing/inappropriate pictures of other kids and post them online. We need you to block facebook.
Me: How are they taking these pictures
Teacher: With their camera phones. We're worried they may take pictures in the locker rooms etc. We need you to block it
Me: We can't block somebody's phone. It's using the phone network, not the school's
Teacher: It's in the school. You should block it. We can't let this happen
Me: Why not just deal with the students who are behaving inappropriately?
Teacher: I don't have time to deal with them. I have too many students. Just deal with it. Setup a block or something.
Use your bandwith to launch spam, DOS, and other attacks at facebook and wait for them to block your ip addresses. Then problem is solved!
Facebook is severed over HTTPS. You can either block it or not, but you can't filter it because the page contents are encrypted. For everything HTTP based, I use squid + dansguardian on my home network.
In the communications closet, you'll see a box labeled "Router" or something like that. Into it there will be plugged a cable labeled "AC" or "DC" or "Power."
Simply remove that cable.
AIR GAP
Have a LAN based network for the kids, and a public access network for the teachers. Of course then you still have the teachers looking at porn. Better yet air gap the whole school and save money on Internet access. Let the kids go home to look up class work. When I went to school we had this thing called "homework".
Not EVERY network needs to be connected to the Internet.
Since it's a school network I would think you'd just make anything they type in the URL bar would take them to wikipedia. But seriously though, I would spend a week creating a whitelist of sites and then whenever they reach a blocked site have it go to a page where they can request access to the site which would then email you a URL, the person requesting it, and their supplied reason for access. After which you'd just have to click approve a lot for a while and eventually it will die down. Whitelist with ability to add it is the only way to manage this sort of problem. Blacklist is impossible and never a good idea.
WITH OPENDNS. Perfect. Simple. Very effective.
The verb you want for the headline here is "set up". "Setup" is a noun. Sure, any noun can be verbed, but "to setup" means something very specific which is not the same as "to set up."
Standard peeve. See also "backup", "fuckup," etc.
OpenDNS is frequently mentioned as a solution schools use. ... they're NOT filtered. NOT one iota!! How can this work you ask? ... Don't let the students use computers, where the teacher, and anyone else in class, can see EXACTLY what
I use computers as a teaching aid, daily, and all of those computers are able to use the Internet.
Thing is
Pretty Simple
the students using the computers, are doing.
Kids will be the FIRST to yell and scream, and tell on another kiddo, if they're looking at something they shouldn't be. ... if there's more than two of them, looking at a screen ... they're looking at something they shouldn't be! ... but I didn't see much need to do lots of complicated work.
For the older youths (pre-teen, but still 'rowdy')
Kinda simple
In my previous life, as an I.T. worker extraordinaire, I was in on the ground level when corporate information security, started testing software to ... it wouldn't have worked! Similar, when large education providers (school districts & colleges) paid said telco, to come in and completely redo e-mail for staff & STUDENT use. Wait?! What?!? Student use e-mail? How the HELL are you expecting to control who/what/when those students e-mail?? ... but use was subject to school district Information Asset Use Policy. Somebody, really thought about it ... not me. I just implemented, documented, and trained the long-term support staff :)
sit on proxy servers, and count "pink pixels", looking for inappropriate employee surfing, that could result in disiplinary action, up to and including seperation from the company (termination/sacking, "YOU'RE FIRED!"). Had it not been THE major telco in the U.S. with deep pockets and able to throw lots of money at it
Can they just send e-mail willy-nilly to anyone, anytime?? In the end, the system was restricted to school days, when school was in session, and for students, no access between 12AM and 6AM. Students can e-mail one another, and teachers. No outside domain e-mail for students. Teachers can e-mail anyone, anywhere, anytime
Then I went into building and running large data center infrastructure systems. How fun!
We must combine filtering, surveillance, and education.
Education alone does not cut it.
No one leaves poison at the reach of children; we know that teaching them is not enough, we also have to keep the poison away, and also we need to watch the kid.
For the same reasons, teaching children about pornography or perverts is not enough; we also need to filter the computer at home, to put the computer where the parents can see it, to ask the school to do the same, and still we have to watch the kids.
I won't be running. I'll be ignoring you. You waste your own time and prove your irrelevance with every one of these screeds. I'm hardly the first person who's occupied so much of your attention and time, either. Too bad for you.
must be true since macraig went "silent" on us, lol!
must be true since macraig stfu, lol!
Hahaha, good tune, and very apt for macraig the troll who ran!
hahahahaha, "chow time" for macraig. Eatin his own words, lol!
it's "chow time" for macraig the troll, lol, eatin his own words.
New film titled "chow time" starring macraig the troll eatin his words.
hey, let macraig the troll eat (he can't like the flavor of his words, lol).
Special today @ macraig the trolls' diner is macraig's words, lol!
hahahaha, yea, but macraig's stuck eating them, lol!
macraig's bistro special = his words he's stuck eating, lmao!
macraig's bistro special = his words he's stuck eating, lmao!!!
that + his words to eat, lmao (macraig's diner special = his words).
Ooooh, THAT's gotta taste bad, troll words from macraig, lmao!
At least it's macraig stuck eating 'em since nobody else will, hahaha.
macraig must be eatin' them words since he shut up, rotflmao!
no, lmao, you'll be busy eating your words troll http://yro.slashdot.org/comments.pl?sid=3053749&cid=41023259
seems to the casual observer you're the one eating your words http://yro.slashdot.org/comments.pl?sid=3053749&cid=41023259
macraig, I wanna know 1 thing. How do yer words taste since you're eating yer words after this http://yro.slashdot.org/comments.pl?sid=3053749&cid=41023259
no crap. apk made macraig the troll stfu - miracles do happen!
apk definitely won and macraig the troll stfu
macraig talks big! How come he's "eating his words" after this http://yro.slashdot.org/comments.pl?sid=3053749&cid=41036617 ?
don't play innocent: you started with apk days ago macraig http://slashdot.org/comments.pl?sid=3053649&cid=41019341
Hahahaha ("chow time")
Did apk make ya eat yer words for dinner again troll? Haha http://yro.slashdot.org/comments.pl?sid=3053749&cid=41036617
now how difficult's that when macraig's a known trolling douche? Hahaha
Apk ya know macraig-troll can't. All he has is downmods of yer posts.
funny part's how many mod points macraig's blowin to hide that fact.
how bout downmoddin ya? macraig's busy doing it to hide things.
I had a Facebook. Back in 99, when you had to have a valid college email address just to sign up. Back when it was what it was designed to be...EXCLUSIVE. Now anyone can have a profile. Dogs, Babies, Sunglasses, you name it.
Facebook is a complete joke for narcissistic losers with no actual life who need the illusion just to look at young girls in bikinis and act like they have friends. I stopped using it YEARS ago, and I've got more connections, more friends, more social interaction every single day than ANYONE I know who uses it. IPO is a joke, Zuckerberg is a snake, and they offer no real service you cant get anywhere else. Mark my words, it will die out within 5 years.
Lmfao pathetic, this poor admin is trying to find a way so that users can use Facebook in school. Since you know, they cant get social interaction any other way. This is at a college of all places! Get outside and talk to people!!!
I've seen this handled a few different ways. There's a tendency to let the technology staff dictate website appropriateness since they're in direct control of the filters. However, what seems to work best is to leave these decisions up to the curriculum department. They may in turn leave it up to the teacher's discretion. I see my role as an adviser. Let the people in charge of what goes on in the classroom know the risks, and what our tools are capable of, then let them decide. (I'd suggest these decisions be in email/writing, to cover your ass.) Now, as for the tools, there's some pretty slick filters out there that can block certain elements of Facebook, such as games/third party apps, chatting, etc. without blocking the entire site. We used Palo Alto firewalls for this, but I know there are other products out there that can do the same. Good luck! Just let me know if you have any questions.
Kids are getting Samsung Galaxy 3 phones and with it comes wifi, and data. Via data, they can do everything that is possible, as if the school has no firewall.
I would block facebook, except for lunch hours. Ditto for the other sites.
Leslie Satenstein Montreal Quebec Canada