Edit request for https://help.ubuntu.com/community/ParentalControls

Sat Mar 19 18:20:08 UTC 2016

I created an account just to be able to edit this page, but I found it blocked from editing.

Since I cannot edit this wiki page, could someone do it for me?

The issue here is that, among other options, you recommend some Firefox add-ons to do parental control.

Well, I tried one of them - FoxFilter. And I found it easily bypassable by anyone with rudimentary technical knowledge or simply some wits1.

Also, obviously, the very idea to use browser add-ons to enforce parental control seems insecure. The kid may simply install and use a different browser.

I think it worthy to put a notice in the "Broswer Based Content Control" paragraph of the https://help.ubuntu.com/community/ParentalControls wiki page that this method to enforce parental control is insecure and cannot be relied upon.

==================================================================

1FoxFilter can be bypassed by at least four ways:

1) Sites that should be blocked via body content filtering will be 
displayed anyway if you middle click a link to them enough times. For 
some reason, when you open such sites in tabs simultaneously only the 
first tab tends to get blocked. URL filtering, on the other hand, seems more robust.
2) Go to your extensions profile directory and remove the foxfilter at inspiredeffect.net.xpi file.
3) Create a new profile via the profile manager.
4)
 Open prefs.js file in your profile directory. You can read your 
FoxFilter password there, which is stored in plain text. Didn't try it 
yet, but it seems very possible that by editing this file you may also 
modify FoxFilter settings, such as removing sites from the blacklist or 
even switch off the add on completely.

The fun fact is that InspiredEffect (the company behind this add-on) actually charges money to enable, quoting from the add-on's description page on addons.mozilla.org, "password-protected settings and security features to help prevent it 
from being bypassed, uninstalled or disabled". And I was stupid enough to actually pay them this money.

I'm not an expert, by perhaps this add-on could be secured up IF InspiredEffect fixes problem 1) I listed, stores the password hashed and not in plain text, and the add-on is installed as described here https://developer.mozilla.org/en-US/Add-ons/Installing_extensions rather than in the default way. Right now, however, with the default setup, the extension offers hardly any security.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-doc/attachments/20160319/31f941ea/attachment.html>