Block images in search engine that are taken from porn sites.

Comments

25 comments

  • Avatar
    rotblitz

    If the images are hosted at a blocked site, then they will never appear.

    If images still apear, then the hosting domain is not blocked with your settings, and blocking the domain may have undesired effects that you can't access the search engine of your choice at all. Therefore OpenDNS is not the way to block this. A DNS service can block based on domain names only. You don't send any further information to OpenDNS.

    Normally the search engines themselves provide the tools for such kind of content filtering. In case of Google this is the SafeSearch option.
    See also:
    https://support.opendns.com/entries/21920385-How-to-block-images-with-nude-content-on-google-image-search-
    https://support.opendns.com/entries/22160220-2nd-Blocking-sites-by-keyword

  • Avatar
    acd123

    Hi Rotblitz.. unfortunately Google is an exception... The thumbnail images, mostly, are served from 'gstatic.com' addresses, easy to block.

    data-src="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRG1g96EvfrazcsxhzPtcTDWQw_MZ4Mk7T8erwQVvd_nAjtnUFF" name="FY7kYqBk9M-kRM:" style="width:181px;height:181px;margin-left:0px;margin-right:0px;margin-top:0px" src="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRG1g96EvfrazcsxhzPtcTDWQw_MZ4Mk7T8erwQVvd_nAjtnUFF&reload=on"></img>

    'gstatic.com' can therefore be blocked using Open DNS and thumbnail images are blocked.

    ** BUT ***  the first 16 thumbnails are served from an obscure 'src'.

    src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBhISEBUUEhQWFBUUFRcVFRcVFBQUFRQUFBQVFBQUFRQXHCYeFxkkGRQUHy8gIycpLCwsFR4xNTAqNSYrLCkBCQoKDgwOGg8PGikcHx8pKSwpKSksLCksKSksKSwpKSkpKSksKSkpKSwsKSksLCwsLCwpKSksLC0pLCwpNSwsLP/AABEIALcBEwMBIgACEQEDEQH/xAAcAAABBAMBAAAAAAAAAAAAAAAGAgMEBQABBwj/xAA9EAABBAAEAwYDBgUEAQUAAAABAAIDEQQFITESQVEGImFxgZETMqEHFEJSsdEjgsHh8BVykvGyFjNDU2L/xAAaAQADAQEBAQAAAAAAAAAAAAACAwQBAAUG/8QAKxEAAgICAgICAQIGAwAAAAAAAAECEQMhEjEEURNBYSKBMnGRodHwBRUz 

    ----------------------------- 8< SNIP  ------------------------------------------------------------------------------

    This is so random it can't be blocked by anything and is not a proper URL so nameservices can't intercept it ...  deliberate? ... Hmmmm....!

    Google Safesearch is next to useless. It only works if logged in (Doh!) and can easily be disabled by ... disabling it ..!  It has to be configured individually per device,  which is a management nightmare (our house has about 20 internet enabled devices!) Once Safesearch has been disabled, there is a default safe return of content ... except this can be easily overridden by .... typing what you are searching for ... e.g.   'women' will return safe images. 'naked women' won't!  Any young lad, or lass, will work that one out pretty quick.

    The answer ...

    Google need to follow the Yahoo/Bing example of serving dubious content from a specific URL (explicit.bing.com) .. Google could have ... erm .... explicit.google.com   - then OpenDNS can work for Google too. Until then ...

    So for now ... Block google domains completely... all their services are available elsewhere pretty much at a lower privacy cost. So .. Boycot Google until they 'Do No Evil'  :-)

  • Avatar
    rotblitz

    "The thumbnail images, mostly, are served from 'gstatic.com' addresses, easy to block."

    If you look into the old forum, I know this gstatic.com and embedded image stuff.  Because of the embedded images blocking gstatic.com is no longer recommended and successful if you want to block Google images.

    "This is so random it can't be blocked by anything and is not a proper URL so nameservices can't intercept it"

    Embedded images are proper URLs, but OpenDNS can't block URLs anyway, just domain names.  And embedded images are not related to a domain, but to the document (web page) only, or better to the domain the web page is hosted on which is not gstatic.com or a subdomain of it.

    "Google Safesearch is next to useless. It only works if logged in (Doh!) and can easily be disabled by ... disabling it ..!"

    No, and no.  You need to read Google's documentation again.  And right, if you have to block it on so many devices, then an internal proxy server is your only viable solution.  This can force Google SafeSearch without the need to configure every device.

  • Avatar
    chrishi5

    what about the key-words in Google.co.uk like PENIS COCK the pictures still come up on the screen, how is this protecting our children?

  • Avatar
    mattwilson9090

    Did you read the previous discussion? How exactly do you think OpenDNS, in providing a DNS service and various DNS filtering options is not "protecting our children"? What exactly do you think OpenDNS should be doing differently to "protect our children"?

    And no, I am not an OpenDNS employee, I am merely an OpenDNS customer and IT professional who is trying to understand your issue and what you think should be done about it.

  • Avatar
    jmerichards
    I've decided to block all Google sites (except maps) and use Bing as the default search engine, as Bing allows filtering of adult images at the domain level. This seems about the best solution I could come up with using a DNS product. Of course, ensuring users do not have admin privileges on machines is also helpful, as is key word filtering on your router (if it supports that).
  • Avatar
    blocky

    Per google at https://support.google.com/websearch/answer/186669?hl=en

    if a proxy server appends:   &safe=active     to all searches, safe search shouldn't be able to be turned off

    OpenDNS, please offer this option!!

  • Avatar
    rotblitz

    Sorry, how could OpenDNS offer this?  This is far nothing to do with their DNS service.  OpenDNS is not a proxy.  URLs are not seen by OpenDNS, because you do not send it to them.  Connections, URLs, images, keywords and such objects are not part of DNS.

  • Avatar
    mmathis7777

    @Blocky Thanks, I just posted that on a new suggestion... guess I should have read more first here is my post

    I think it is possible for OpenDNS to offer an option to force Google Safe Search using option 3 at the DNS level from these instructions https://support.google.com/websearch/answer/186669?hl=en The requirements are creating a specific DNS entry that tells Google not to apply https and secondly to apply a proxy service to append search names to include &safe=active.  I don't mind blocking the other search engines to avoid the same issue but blocking Google is not optional.

  • Avatar
    davidlev

    Can someone name a kid- or family-friendly search engine? Something where vagina or sex won't show image results of the same.

  • Avatar
    davidlev

    I've blocked google so that won't work rotblitz ;-)

  • Avatar
    adam255

    If you have a NetGear router, you can use keyword filtering. Just block Google and only allow Bing. If you want, you can keep Google Maps and Gmail enabled by whitelisting the appropriate domains.

  • Avatar
    prestaul

    This can be done through DNS using the method linked by mmathis7777. Please provide this option!

  • Avatar
    mattwilson9090

    Yes, it can be done through DNS, meaning your own DNS server, but it cannot be done by OpenDNS.

    At it's heart OpenDNS is a recursive DNS provider which means all of the DNS queries it answers come from the authoritative DNS servers that are used by Google. A recursive DNS provider does not change the responses it gets, nor does it substitute a CNAME for them. Those kind of things need to be done by a different type of DNS server.

    The method referred to by mmathis7777 specifically requires a DNS server on the network that is being protected, so that a CNAME can be added there. It is not something that OpenDNS, or any recursive DNS service can do.

    If you are not able to setup a DNS service of your own then your best option is to block www.google.com via OpenDNS and use a different search provider.

  • Avatar
    rotblitz

    Also, mmathis7777's proposal is no longer up to date and not the only option.  Google released something else later on.

    See https://support.opendns.com/entries/57304954-Enforcing-Google-SafeSearch

  • Avatar
    jonathanhg

    This is possible, translating any Google domain (www.google.com/supported_domains) to the following IP 216.239.38.120

  • Avatar
    mattwilson9090

    How is this possible? What do you mean by "translating"? In all of the years I've worked in IT and with DNS I have never come across the term "translating".

    I think what you are referring to are the instructions posted here and at Google multiple times that state you need to set up your own DNS server (I believe even DNSMasq will work as well) on your own network or networks. The reason you need your own DNS server is that an *authoritative* DNS server is needed to do this. However OpenDNS is essentially a *recursive* DNS service so they cannot do this without completely redesigning their entire service for the sake of a feature supported on someone else's service.

    If you know of a different way to do this please let us know how to do it.

  • Avatar
    rotblitz

    I believe that @jonathanhg meant that it is possible with an own DNS server only as explicitly documented even by Google.

    From https://support.google.com/websearch/answer/186669?hl=en :

    To force SafeSearch for your network, you’ll need to update your DNS configuration.

    This is all pretty clear, isn't it?  They definitely didn't think about recursive DNS services like OpenDNS, else they would offer this for their own recursive Google DNS service, but - they don't!  (This would be the minimum to combine their SafeSearch with their own recursive DNS service, isn't it?)  Also, all other filtering recursive DNS services don't offer an option to force Google SafeSearch either.  They know why not!  (Or do you know one offering this option?)

  • Avatar
    mattwilson9090

    Aw, ok. I'd read it differently - as yet one more person demanding that OpenDNS do something that they can't do with their current business and technology model.

    Good comments regarding other recursive DNS services. I hadn't even considered that Google doesn't offer that for their own service either.

    And no, I don't know of any other recursive DNS service that does this. Technically, I'm not sure how any other DNS service could do this. And I'm not sure any authoritative DNS service would even consider offering it, unless it was Google themselves. Which is why Google says to do it via your own DNS service

  • Avatar
    mattwilson9090

    A second spam or scam posting by this same user.

  • Avatar
    coolio13

    I would like to see youtube added to this type of blocking as well. Even though they require a login to actually view the video the thumbnails of the videos are there for viewing.

  • Avatar
    rotblitz

    Why just "like to see"???  Simply use it, it's there already!
    https://support.google.com/youtube/answer/174084?hl=en

Please sign in to leave a comment.