If you can proxy HTTPS then you can scrub the content....or at least as
well as you can with HTTP.
I talked to Trustwave about a content filtering system, and they were
very clearly stating that it would work with HTTPS. If you have big
numbers then it might make sense financially.
I played with Router Limits, and that worked well enough. Very low
barrier to entry on that one. I think it was free if you're giving it
free to the customer, but if you're charging for it then they want a
piece of the action.....or something like that.
In general I'd agree with Eric Kunke that I don't want to be involved,
but as a possible revenue stream I felt I had an obligation to research it.
My notes on Router Limits are below. I had to do an NDA with Trustwave
so I don't want to copy/pasta my notes on that.
/Router Limits basic filtering is free as long as we don't charge the
customer for it (?!!). Some ISP's choose to charge for it, but Router
Limits will then insist on getting something for it. Premium Service is
$5.50/month/user our cost, suggested retail is $10-15/month./
/Basic Filtering: A cloud system manages accounts. A device on customer
premises does the filtering. The device can be a supported router model
from ReadyNet, TPLink, TrendNet, and others, or the device can be the
Router Limits mini filter....this is $49 our cost. The mini filter
hangs off the LAN port of the router and uses ARP spoofing to intercept
outgoing requests before forwarding them (MT hotspot does this too),
gets filtering rules from the cloud system. This is free, and seems
pretty effective. You can block categories like porn, violence, guns,
drugs, etc. Can block specific sites. Can restrict search engine and
force search engine to safe mode. The user portal is straightforward and
allows each customer to create multiple rulesets to apply to different
devices (e.g. an unrestricted profile for Dad's computer, a no porn or
drugs profile for kid's tablet, a default profile for guest devices). If
the filter device is offline for more than 15 minutes then account
holder gets an automatic email about it./
/Premium Filtering: An application on the device creates a "VPN loop".
All traffic is routed through a VPN where the VPN client and server are
on the same device. The app then can filter traffic using rules as
defined in the cloud. Uninstalling the app using normal means requires a
PIN. Deleting the app prevents it from checking in with the cloud. If
app fails to check in with the cloud system for more than 15 minutes
then account holder gets an automatic email about it. Basic service
covers the home, Premium service follows the device around. //
/
On 9/14/2018 9:33 AM, Seth Mattinen wrote:
On 9/13/18 7:28 PM, Chuck McCown wrote:
Yeah, simple to comply. Just give them a list of resources.
I don't see how an ISP could even consider doing content filtering
these days. It's not the year 2000 anymore where only one or two sites
are HTTPS.
~Seth
--
AF mailing list
[email protected]
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
