Block images in search engine that are taken from porn sites.
When my kids search for a image/photo in a search engine, the 'images' button on the page will display hundreds of photos pertaining to their search. Sometimes, pornographic images are not filtered. I'd like to see images displayed there blocked if they are taken from one of the blocked sites.
-
If the images are hosted at a blocked site, then they will never appear.
If images still apear, then the hosting domain is not blocked with your settings, and blocking the domain may have undesired effects that you can't access the search engine of your choice at all. Therefore OpenDNS is not the way to block this. A DNS service can block based on domain names only. You don't send any further information to OpenDNS.
Normally the search engines themselves provide the tools for such kind of content filtering. In case of Google this is the SafeSearch option.
See also:
https://support.opendns.com/entries/21920385-How-to-block-images-with-nude-content-on-google-image-search-
https://support.opendns.com/entries/22160220-2nd-Blocking-sites-by-keyword -
Hi Rotblitz.. unfortunately Google is an exception... The thumbnail images, mostly, are served from 'gstatic.com' addresses, easy to block.
data-src="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRG1g96EvfrazcsxhzPtcTDWQw_MZ4Mk7T8erwQVvd_nAjtnUFF" name="FY7kYqBk9M-kRM:" style="width:181px;height:181px;margin-left:0px;margin-right:0px;margin-top:0px" src="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRG1g96EvfrazcsxhzPtcTDWQw_MZ4Mk7T8erwQVvd_nAjtnUFF&reload=on"></img>
'gstatic.com' can therefore be blocked using Open DNS and thumbnail images are blocked.
** BUT *** the first 16 thumbnails are served from an obscure 'src'.
src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBhISEBUUEhQWFBUUFRcVFRcVFBQUFRQUFBQVFBQUFRQXHCYeFxkkGRQUHy8gIycpLCwsFR4xNTAqNSYrLCkBCQoKDgwOGg8PGikcHx8pKSwpKSksLCksKSksKSwpKSkpKSksKSkpKSwsKSksLCwsLCwpKSksLC0pLCwpNSwsLP/AABEIALcBEwMBIgACEQEDEQH/xAAcAAABBAMBAAAAAAAAAAAAAAAGAgMEBQABBwj/xAA9EAABBAAEAwYDBgUEAQUAAAABAAIDEQQFITESQVEGImFxgZETMqEHFEJSsdEjgsHh8BVykvGyFjNDU2L/xAAaAQADAQEBAQAAAAAAAAAAAAACAwQBAAUG/8QAKxEAAgICAgICAQIGAwAAAAAAAAECEQMhEjEEURNBYSKBMnGRodHwBRUz
----------------------------- 8< SNIP ------------------------------------------------------------------------------
This is so random it can't be blocked by anything and is not a proper URL so nameservices can't intercept it ... deliberate? ... Hmmmm....!
Google Safesearch is next to useless. It only works if logged in (Doh!) and can easily be disabled by ... disabling it ..! It has to be configured individually per device, which is a management nightmare (our house has about 20 internet enabled devices!) Once Safesearch has been disabled, there is a default safe return of content ... except this can be easily overridden by .... typing what you are searching for ... e.g. 'women' will return safe images. 'naked women' won't! Any young lad, or lass, will work that one out pretty quick.
The answer ...
Google need to follow the Yahoo/Bing example of serving dubious content from a specific URL (explicit.bing.com) .. Google could have ... erm .... explicit.google.com - then OpenDNS can work for Google too. Until then ...
So for now ... Block google domains completely... all their services are available elsewhere pretty much at a lower privacy cost. So .. Boycot Google until they 'Do No Evil' :-)
-
"The thumbnail images, mostly, are served from 'gstatic.com' addresses, easy to block."
If you look into the old forum, I know this gstatic.com and embedded image stuff. Because of the embedded images blocking gstatic.com is no longer recommended and successful if you want to block Google images.
"This is so random it can't be blocked by anything and is not a proper URL so nameservices can't intercept it"
Embedded images are proper URLs, but OpenDNS can't block URLs anyway, just domain names. And embedded images are not related to a domain, but to the document (web page) only, or better to the domain the web page is hosted on which is not gstatic.com or a subdomain of it.
"Google Safesearch is next to useless. It only works if logged in (Doh!) and can easily be disabled by ... disabling it ..!"
No, and no. You need to read Google's documentation again. And right, if you have to block it on so many devices, then an internal proxy server is your only viable solution. This can force Google SafeSearch without the need to configure every device.
-
Did you read the previous discussion? How exactly do you think OpenDNS, in providing a DNS service and various DNS filtering options is not "protecting our children"? What exactly do you think OpenDNS should be doing differently to "protect our children"?
And no, I am not an OpenDNS employee, I am merely an OpenDNS customer and IT professional who is trying to understand your issue and what you think should be done about it.
-
I've decided to block all Google sites (except maps) and use Bing as the default search engine, as Bing allows filtering of adult images at the domain level. This seems about the best solution I could come up with using a DNS product. Of course, ensuring users do not have admin privileges on machines is also helpful, as is key word filtering on your router (if it supports that). -
Per google at https://support.google.com/websearch/answer/186669?hl=en
if a proxy server appends: &safe=active to all searches, safe search shouldn't be able to be turned off
OpenDNS, please offer this option!!
-
@Blocky Thanks, I just posted that on a new suggestion... guess I should have read more first here is my post
I think it is possible for OpenDNS to offer an option to force Google Safe Search using option 3 at the DNS level from these instructions https://support.google.com/websearch/answer/186669?hl=en The requirements are creating a specific DNS entry that tells Google not to apply https and secondly to apply a proxy service to append search names to include &safe=active. I don't mind blocking the other search engines to avoid the same issue but blocking Google is not optional.
-
-
-
Yes, it can be done through DNS, meaning your own DNS server, but it cannot be done by OpenDNS.
At it's heart OpenDNS is a recursive DNS provider which means all of the DNS queries it answers come from the authoritative DNS servers that are used by Google. A recursive DNS provider does not change the responses it gets, nor does it substitute a CNAME for them. Those kind of things need to be done by a different type of DNS server.
The method referred to by mmathis7777 specifically requires a DNS server on the network that is being protected, so that a CNAME can be added there. It is not something that OpenDNS, or any recursive DNS service can do.
If you are not able to setup a DNS service of your own then your best option is to block www.google.com via OpenDNS and use a different search provider.
-
Also, mmathis7777's proposal is no longer up to date and not the only option. Google released something else later on.
See https://support.opendns.com/entries/57304954-Enforcing-Google-SafeSearch
-
This is possible, translating any Google domain (www.google.com/supported_domains) to the following IP 216.239.38.120
-
How is this possible? What do you mean by "translating"? In all of the years I've worked in IT and with DNS I have never come across the term "translating".
I think what you are referring to are the instructions posted here and at Google multiple times that state you need to set up your own DNS server (I believe even DNSMasq will work as well) on your own network or networks. The reason you need your own DNS server is that an *authoritative* DNS server is needed to do this. However OpenDNS is essentially a *recursive* DNS service so they cannot do this without completely redesigning their entire service for the sake of a feature supported on someone else's service.
If you know of a different way to do this please let us know how to do it.
-
I believe that @jonathanhg meant that it is possible with an own DNS server only as explicitly documented even by Google.
From https://support.google.com/websearch/answer/186669?hl=en :
To force SafeSearch for your network, you’ll need to update your DNS configuration.
This is all pretty clear, isn't it? They definitely didn't think about recursive DNS services like OpenDNS, else they would offer this for their own recursive Google DNS service, but - they don't! (This would be the minimum to combine their SafeSearch with their own recursive DNS service, isn't it?) Also, all other filtering recursive DNS services don't offer an option to force Google SafeSearch either. They know why not! (Or do you know one offering this option?)
-
Aw, ok. I'd read it differently - as yet one more person demanding that OpenDNS do something that they can't do with their current business and technology model.
Good comments regarding other recursive DNS services. I hadn't even considered that Google doesn't offer that for their own service either.
And no, I don't know of any other recursive DNS service that does this. Technically, I'm not sure how any other DNS service could do this. And I'm not sure any authoritative DNS service would even consider offering it, unless it was Google themselves. Which is why Google says to do it via your own DNS service
-
Why just "like to see"??? Simply use it, it's there already!
https://support.google.com/youtube/answer/174084?hl=en
Please sign in to leave a comment.
Comments
25 comments