Track kids browsing history even when they know how to clear it manually

13

7

I have a colleague with two teenage boys (yes, cue cliche's about 'I have this friend see...') He's currently having issues with them browsing pr0n and wants to do a little spying on their browsing (I'm staying clear of the philosophies/ethics on this.) The kids are savvy enough to clear their browsing history when they're done. As I'm his goto for IT he has asked me if there is a way to keep a hold of the browsing history.

The family uses Macs, and the kids surf with Safari. I know that browsing history is kept here ~/Library/Safari/History.plist. I figure there should be a way to write either an AppleScript or other script (Python/Ruby/Bash) that can backup this file to a different location (/opt/local/history, etc.)

Since the kids know to clear their history when they're done should the file be periodically backed up with something similar to a cron job or something like Hazel? While that could work it seems like it would create a ton of little incremental backups.

Or is it possible to 'watch' ~/Library/Safari/History.plist and incrementally add changes to a backup file (saving a diff so to speak) but not lose any data?

Any ideas/solutions appreciated.

UPDATE/EDIT: Got the word from concerned dad that the oldest uses Firefox on a different PC, so the OpenDNS solution (preferably at the router level) is the best answer so far as it would capture usage for the whole house.

Darren Newton

Posted 2009-10-10T14:08:57.087

Reputation: 1 228

As this is probably Flash-related: after surprising yourself at http://www.macromedia.com/support/documentation/en/flashplayer/help/settings%5Fmanager06.html, see the introduction of "How to automatically remove Flash history/privacy trail? Or stop Flash from storing it?" at http://superuser.com/questions/1627/how-to-automatically-remove-flash-history-privacy-trail-or-stop-flash-from-storing-it

– Arjan – 2009-10-10T15:30:41.397

How is this flash related? – Darren Newton – 2009-10-10T17:18:59.167

Most video sites use Flash, as far as I know. – Arjan – 2009-10-10T17:24:24.507

Yes, but pr0n is not limited to video. – Darren Newton – 2009-10-10T17:28:02.770

Correct, but I wasn't trying to say it was. (Otherwise, I might have posted the comment as an answer instead...) – Arjan – 2009-10-10T19:17:47.523

7Whatever solution you pick, if those kids get annoyed by their parents keeping such a strict eye upon them, then they will start browsing somewhere else. A friends place, a library, whatever. If kids don't want you to know something, they'll be very creative in hiding it! Educate them, talk with them, trust them! (And use OpenDNS, as suggested.) – Wim ten Brink – 2009-10-11T21:51:18.653

> the OpenDNS solution (preferably at the router level) is the best answer   And you can then take it a step further by using third-party firmware on your router (if it supports it) to give you even more logging/blocking capabilities. – Synetech – 2012-11-20T01:42:00.857

Answers

20

Easiest solution would be to open an account on OpenDNS and log the history through that. They won't be able to delete it.

If he finds it is a big problem, sites can also be blocked on OpenDNS.

Josh K

Posted 2009-10-10T14:08:57.087

Reputation: 11 754

Excellent solution, and one I hadn't thought about. Will also capture any shenanigans with browsers other than Safari. – Darren Newton – 2009-10-10T17:21:37.867

4Note, though, that if the boys wise up to OpenDNS they can still bypass it by changing the local DNS settings. – hyperslug – 2009-10-10T22:43:45.003

Good point hyperslug - guessing that if he does it at the router level and used a little information theory in his chats with the kids might at least keep them off the trail for a bit. But ya know, it won't take them long to discover a proxy or some other circumvention if motivated. – Darren Newton – 2009-10-11T20:15:34.913

One more thing to note is that if his ISP keeps giving him different IP's he'll have to use some kind of dynamic DNS service. OpenDNS is supports these. – hyperslug – 2009-10-12T00:10:51.850

@hyperslug, Could always use the HOSTS file in /etc to route anything going to the gateway/router address to the OpenDNS specified... – Lizz – 2013-01-25T06:51:24.683

13

This sounds like a good suggestion to prevent bypassing DNS:

Here's the setting of my router:

  • IP: 192.168.2.254
  • DNS: 208.67.222.222 208.67.220.220
  • IP Filter: Blocks port 53 UDP
  • A very strong password for its admin page

Here's what nslookup is like. First I try use the router's IP as the DNS:

 > server 192.168.2.254
Default server: 192.168.2.254 Address:
192.168.2.254#53 > google.com. Server: 192.168.2.254 Address:
192.168.2.254#53

Non-authoritative answer: Name:
google.com Address: 64.233.187.99
Name: google.com Address:
64.233.167.99 Name: google.com Address: 72.14.207.99

Now I try use something other than my router's IP... like OpenDNS's IP!

 > server 208.67.222.222
Default server: 208.67.222.222
Address: 208.67.222.222#53 >
google.com. ;; connection timed out;
no servers could be reached

So now I can't use anything else but the router's IP as my DNS server... and the router has been locked to only use OpenDNS.

He's making his router the only device permitted to make DNS requests. All other network devices must use the router's DNS settings. The theory sounds good; I'll have to test it myself. Remaining workarounds:

  1. disconnect router and use internet directly from Cable/DSL modem
  2. accessing websites via IP address

You can address #1 by placing the DSL modem in a closet and locking it. This may require some rewiring and attic work. You can address #2 with a full content filtering router/proxy solution, which could be pricey or complex to set up.

And finally, these are only deterrents. If they can find a hotspot or a friends house then this is moot. The root of the problem - carnality, I suppose - will need to be addressed.

hyperslug

Posted 2009-10-10T14:08:57.087

Reputation: 12 882

Pretty nice solution for locking down the router. I think all he needs is a deterrent and some evidence to initiate 'the conversation' - but this is a nifty trick none the less. Got my upvote. – Darren Newton – 2009-10-11T21:19:19.903

3I just confirmed it worked for me using DD-WRT: Set up a rule to disable all UDP 53 traffic. Make sure it applies to all LAN users, wireless and wired. Put an OpenDNS server as a Local DNS (otherwise it just grabbed the default ISP DNS). Manually assign your router as the DNS server on each PC. I had to modify and test several times b/c networking is too tricky for me. Use ipconfig /flushdns, reset your router between changes, and close and reload the browser just to be sure. – hyperslug – 2009-10-11T23:15:26.800

1

if you go with dns solution have a look at ScrubIT (http://www.scrubit.com/), it's a free dns service which mantains a blacklist of websites which are not safe for family browsing.

pqnet

Posted 2009-10-10T14:08:57.087

Reputation: 468

0

If you really can't trust your kids, I would suggest OpenDNS. But before doing that, try to gain their trust and just make them stop going to bad sites without OpenDNS. Try using Windows live parental controls or Mac parental controls to check their history and bad sites. If they still go to those, then use OpenDNS.

otherguydude

Posted 2009-10-10T14:08:57.087

Reputation: 1

-2

Go in to browser properties and set up a password for clearing the browser history.

edgars

Posted 2009-10-10T14:08:57.087

Reputation: 1

Asked: 2009-10-10T14:08:57.087

Viewed: 127 475 times

Active: 2013-08-05T09:53:21.393