Skip to content

Blocking For Parents

How do you control the content your kids are watching, when they can access that content, and can they bypass you?

The only solutions I really see are scary invasive and I don't think should be trusted. How would you do this privately? If you look around there are guides on setting up projects like Pi-hole, or having isolated guest networks for devices but this is bypassed with cellular.

I think the only real answer is enrolling these devices in a MDM platform. I'm not saying you need to have this massively complex setup workflows with huge restrictions just like a corporate device. But use a MDM platform to enforce two settings really. First is always on VPN that blocks all connections when not active, and to restrict application installs to software like tor and side loaded apps. If you have a very technical user disable developer tools from the MDM too so they cant unlock the bootloader and wipe the device to bypass you.

Lock Down Youths

The devices in your house really should just be enrolled in a MDM if you are technical enough to follow my rambling notes here. Backup -> factory reset -> update -> enroll in MDM you control. Treat your kids and partners as rouge agents that need to be managed for security and compliance. The best time to do this is upgrade / new device time since everything will be fresh already.

Honestly if you control the network already you aren't breaching peoples security any more. In fact, you are giving everyone security and speed... But also the ability to nuder devices on schedules like study time or bed time.

MDM it

A single device for a point and click MDM management solution in the cloud for android is about $20/year and headwind is one of those platforms. You just need to support Knox security module, and its only Android. This option is a bit limited.

Googles Cloud Identity seems like a rock solid way manage most devices from a simple point and click dashboard, compatibility list here. That covers iOS MacOS Linux Chrome OS Windows but will run you $8 per device / month. Seems cheap to enforce your network and app protection rules though.

With enforced VPN (that cant be disabled), defined DNS within your VPN network (the VPN doesn't have to be tailscale. As long as you control DNS within the network), you could quite literally kill the internet for just your kids devices at bed time, and you keep humming along in the living room. All this + privacy + ad / scam / phishing protection + content protection based on your kids age WITH NO CORPORATION watching this traffic or spying app installed? Ummmm yes please?

Lets talk about the onion in the room, tor. Yes always an option to bypass your settings. Lots of major adult content and social sites are blocking tor due to abuse issues but this will bypass the settings since everything is being done at the DNS level.

This is where the second enforced rule is needed from within your mobile device management platform. You need to restrict apps that utilize tor and disable side loaded apks reliably.

Setting Up

Will fill section once I obtain a device to test.