Allow for Parents to block explicit images on Google Searches
OpenDNS has an opportunity to add a feature to their HomeShield product. It involves allowing there to be a specific change in the DNS directory by entering in a CNAME that switches off SSL for google, and appending a "safe=active" toggle to any google search via a proxy server. Given the number of exasperated comments about this on your website, this seems like a possible solution you can add as pay feature.
From Google's own website this is how they instruct schools to do this:
See https://support.google.com/websearch/answer/186669?hl=en
To disable SSL search for your network, configure the DNS entry for www.google.com (or any other Google country domains your users may use) to be a CNAME for nosslsearch.google.com.
We will not serve SSL search results for requests that we receive on this virtual IP address (VIP). If we receive a search request over port 443, the certificate handshake will complete successfully, but we will then redirect the user to a non-SSL search experience. The first time a user is redirected, they will be shown a notice that SSL has been disabled by the network administrator.
Utilizing the NoSSLSearch VIP will not affect other Google services outside of Search. Logging into Google Apps and authenticating to different services will continue to work (and will occur over SSL).
Then
To enable SafeSearch throughout a school network, you’ll also need to use a a proxy server to append &safe=active directly to all search URLs.
Google sends search queries along URL paths like google.com/search?, google.com/images?,google.com/s?. Schools that activate SafeSearch with a proxy should keep their filters updated to include /search, /s, and /images URLs.
Examples:
- http://www.google.com/search?q=foo&safe=active
- http://images.google.com/search?q=bar&safe=active
- http://www.google.com/s?q=baz&safe=active
-
Agreeing with rotblitz, but providing a bit more response.
Basically what you are asking OpenDNS to do is to abandon their entire business model and the service they provide to offer something different.
Despite all the additional features and features that have been added on, all OpenDNS services are still at their heart a DNS recursive service. This means that there is no way to add a CNAME entry anywhere for any DNS entries. This needs to be done either at the authoritative server for a domain, or at a local DNS server that uses forwarders to do internet lookups.
Just about any school that I can think of is already going to have their own server infrastructure, so they would also likely have their own local DNS servers, so that would be the appropriate place for them to add the CNAME record.
As for the proxy server, OpenDNS doesn't even offer anything close to that. It's not even DNS related. Again, the school would need to set those proxy servers up on their own network, or perhaps use a cloud based service that provides proxy services, but that's not something that OpenDNS does.
What you are offering OpenDNS in this message is not an opportunity to add a new feature to a product, but rather an opportunity to destroy their current business to pursue an entirely different line of business.
-
Why do you ask this in a thread about "Allow for Parents to block explicit images on Google Searches"? This doesn't seem to fit...
But well, see here: https://support.opendns.com/entries/55425230-Google-Fiber-Router-Configuration
-
-
rotblitz and mattwilson9090, actually OpenDNS has set up their Intelligent Proxy to deal specifically with Security issues in a way that breaks out of Recursive DNS altogether, so it's not unreasonable to ask them to modify their Intelligent Proxy in such a manner. I personally would like to see the Intelligent Proxy set up in such a way as to allow end-user access to the proxy settings, so rather than relying solely on Security Graph to drive the requests through the proxy, you could have user-created domain "gray lists" that allow users to choose which sites they would like to be proxied so that you could block or filter at a URL level for sites that aren't always "bad" or always "good" like search engines or reddit.
-
I am trying this... Block all these sites. Be careful though (gstatic.com) If you block this, it will make many google sites such as classroom or sites inoperable.
encrypted-tbn0.google.com
encrypted-tbn1.google.com
encrypted-tbn2.google.com
encrypted-tbn3.google.com
encrypted-tbn.l.google.com
tbn.l.google.com
gstatic.com
-
And, was this with success "to block explicit images on Google Searches"?
Else, this is the only right approach by now: https://support.opendns.com/entries/57304954-How-to-Enforcing-Google-SafeSearch
(I know, it was said above already, but doesn't seem to be evident enough.) -
Rotblitz. I have been unable to block explicit searches. My problem was when I blocked images.google.com, unappropriate material was still getting through.
If I blocked gstatic, most was removed. However this rendered other google services useless.
I will try the method here. I thought that it was asking users to manage the client browser but see that a host file can be used.
-
The Google feature is merely to be used on an own DNS server although the hosts file trick is a workaround for people without DNS server capabilities.
Here's the original Google KB article: https://support.google.com/websearch/answer/186669?hl=en (Option 3)
Please sign in to leave a comment.
Comments
13 comments