Brief Recommendations

• Place home computers in the family room or kitchen where the screen is in view of a parent for much of the time.

• Supervise! Supervise! Supervise!

• Do not allow children to use adult chat room and instant messaging services such as MSN Instant Messenger, AOL Instant Messenger, Yahoo! Messenger and IRC. Even "child-safe" versions of these services should only be used under parental supervision.

• Do not allow children to use inappropriate handles or ID's for e-mail or chat forums. Anything ending in 69 (very commonly seen) or xxx_name_xxx, for example.

• Do not allow children to have e-mail accounts on Web-based free e-mail services such as Hotmail, Yahoo Mail, Netscape Mail, etc. Restrict e-mail usage to conventional e-mail accounts provided by your Internet service provider.

• Teach children not to pass personal details such as their name, address, school or other information to strangers by e-mail, via Web forms, or in chat rooms.

• Do not allow children to perform Web searches without adult supervision. Use Google, with the Google SafeSearch option turned on.

• Review the history of Web sites viewed in a Web browser, as well as the contents of the "Bookmarks" or "Favorites".

• Do not allow children to register at Web sites without carefully checking the site's privacy policy.

• Do not allow children to download and install programs without parental supervision, virus scanning and knowledge of what the program will do.

• Use good, high-quality, virus-scanning programs (I recommend Norton Antivirus) on all e-mail attachments and downloaded files. Do not open e-mail attachments from unknown senders, and treat all attachments with suspicion.

Introduction

The Internet provides a range of services. In the area of privacy and protection of minors, the most important of these are:

• The World Wide Web
• Electronic Mail (e-mail)
• Instant Messaging and "Chat Rooms"
• Usenet, or "Net News" (less common among children)

Vulnerabilities Considered Here

• Exposure to inappropriate content (pornography, advertising)

• Exposure to privacy infringements (advertising, Spam, online stalkers, or worse)

• Exposure to ethical or moral grey areas (mailing lists, free offers, scams)

• Exposure to technical risks: viruses, worms, etc. which can "damage" home or school computers

• Absence of parental or other adult supervision

In this article I do not consider additional risks, such as the exposure to hackers incurred by "always-on" cable modem and ADSL Internet connections, etc. I also do not discuss addictive or compulsive behaviour, the effect of violent video games, etc.

Internet Access Generally

Teach children about "stranger danger online". Do not allow children to give their name, address, e-mail address or other identifying information to strangers in any way - whether by Web forms, e-mail, chat or discussion forums. Remind them that you have no way of confirming the age, sex, location or other information about people online.

Teach children to be reasonably sceptical about online advertising, free offers and other scams. If it seems too good to be true, it always is - especially on the Internet, where it is easy for offenders to hide.

World Wide Web

The Web is an excellent educational resource, and to an increasing extent, schools are going to have to reflect the reality that much professional and educational research is conducted via the Web. There are many good and safe sites for kids to use, both for education and entertainment, and a good starting point is Berit's Best Sites for Children http://www.beritsbest.com/ Other sites which are designed specifically for children include Yahooligans! http://www.yahooligans.com/.

It is widely known that these attributes have made the Web an ideal mechanism for the distribution of pornography, to the extent that pornographic Web sites are held up as one of only a few examples of successful businesses on the Internet (this is sad, but quite probably true). Pornography Web sites aim to attract users by apparently offering free access but requiring credit card details "as proof of age", although in fact the majority will then bill the credit cards. Some also work by downloading a special dialler program, which will then replace the computer's regular dialler, and will connect to the Internet via an international toll call with added chargebacks.

I consider it unlikely that most primary-school children will have access to credit cards, and unlikely that they will have the ability to download and install a replacement dialler program.

Therefore, the threat comes from two areas:

1. Free pornography sites, and

2. Banner advertising, search engine meta tags and other promotional techniques

Once again, it is unlikely that children will stumble across free pornography sites. In fact, in my daily work, which sometimes takes me into the seamy underbelly of the Internet, even I rarely come across such sites. The real worry is area 2.

One technique used by pornography site operators is to put "keyword tags" at the top of their Web pages, containing many quite inoffensive words that are likely to be used in Web searches. The search engines' robots then come across these pages and index them under the various keywords, so that subsequent searches will turn up the pornography Web sites amongst the useful ones. Our family has encountered at least one quite offensive example of this practice while researching a school project.

Pornography Web sites also place banner advertisements on other Web sites, and these generally seem to be those in the "grey areas" of the Internet where they need the ad revenue: warez sites, hacker sites and the like. These advertisements can be quite explicit, and are very eyecatching (yes, even for kids!).

"Warez" is software - games, operating systems, etc. - on which the copy protection, if any, has been defeated, and which can be freely downloaded. Examples include popular PC, PS2 and other games, Windows XP, Microsoft Office, as well as other content such as music CDs and even DVD movies. Such material breaches the Copyright Act in Australia, and downloading it is illegal in most countries. Hence, the warez sites typically move around, and are willing to accept banner advertising for pornography Web sites to cover their costs.

Hacker sites are those used by computer hackers (crackers, computer terrorists, attackers, call them what you will) to exchange "exploits", which are the techniques used to defeat computer security. These also seem willing to accept pornographic advertising.

It is unlikely that children will visit these sites; however, there is growing interest in Web sites devoted to cheats, which are the undocumented secret commands that can, for example, render one immortal in a GameBoy game. These sites are somewhat borderline, in my opinion, and I consider it possible that a child looking for cheat sites may blunder into warez and hacker sites, and thence the pornography adverts.

Countermeasures

The second approach is to use content filtering at the Network level. This is done by a server called a proxy Web server, which is able to block or allow access to Web sites based upon various rules such as the site name, address, time of day, the user name and, in some cases, the content of the pages. The NSW Department of Education operates such a filter between the outside world and the departmental intranet, and it is fairly effective. Blocking of sites can be done either on a black-list basis - this blocks access to known objectionable sites, but new sites will not be blocked until they appear on the list - or on a white-list basis, which allows access to only known "good" sites, but may be overly-restrictive. However, the use of a proxy Web server is not something available to most home users.

America OnLine (AOL) claims to filter content available to its customers via this method. However, it is a commonly held view that most pornography trading takes place among AOL customers on the AOL Network, and that the primary purpose of AOL's filters is to restrict customers to AOL's premium (i.e. extra-cost) services. I remain unconvinced of the effectiveness of AOL's content filtering.

The third technique is to use a proxy Web server, not to block access, but only to log all sites which are visited. The same information can be retrieved from the "history" files of Web browsers. For Netscape, the history can be seen by simply clicking the down-arrow at the right end of the "Location" bar (it is stored in C:\Program Files\Netscape Communicator\ Users\\prefs.js). For Internet Explorer, recent site URLs can be obtained by clicking on the pull-down arrow at the right end of the "Address" bar, but a much more comprehensive list of site URLs can be retrieved from (at least, under Windows 2000) "C:\documents and settings\ \Local Settings\ History", where it is organized into a series of folders, by age. Internet Explorer preserves a lot more history information than Netscape.

Make it clear to children that you can easily see what Web sites they have visited.

The fourth approach - which I recommend - is the use of a Web search engine which filters out inappropriate material. To date, the best I have seen is Google SafeSearch (see http://www.google.com/help/customize.html#safe). I include this on our intranet home page and highly recommend it, and will put it on our school Web site home page.

The best non-technical countermeasure is adult supervision and involvement in online activities.

Other Miscellaneous Advice

Do not allow children to download and install software such as free demo games, etc. Some downloads, such as the execrable "Bonzi Buddy" are designed to present continual banner advertising while invading your privacy by capturing information about the Web sites that you visit and relaying it to an unidentified third party. Children are, by their natures, excessively trusting, and will happily install virus, trojan horse and worm programs which can cause damage to your computer.

Do not allow children unlimited downloads of music and video - the large size of these files can easily cause you to exceed the download allowance provided by your Internet service provider and inadvertently incur substantial additional charges. In a recent case a colleague reported, a secretary at a small business amused herself by downloading lots of music over her employers' new high-bandwidth ADSL line, incurring a $2,000 surcharge for the first month of operation.

E-mail Services

Threats and Defences

Do not create e-mail accounts for children based upon their real names. Always make up a "screen name" or "handle" that is not directly traceable back to the child, but take care to avoid inappropriate connotations or age references, e.g. "biker_man171", "hotlips69","hottiexxx", etc.

If children (or adults) are receiving Spam (unsolicited commercial e-mail) do not reply to any suggested "Remove" address! Replying merely informs the spammer that a human read the e-mail, which shows the e-mail address to be "live" and therefore more valuable (a process known as "list-washing"). Once they know this, your level of Spam will rapidly increase.

To deal with SPAM, register with a service like SpamCop http://spamcop.net. This will allow you to paste the complete e-mail - including the headers which are normally not displayed - into a Web form, where SpamCop will then analyse the header information and automatically generate complaint e-mails to the upstream Internet Service Provider of the spammer. The e-mail does not identify you, and the ISP should close the account of the offender (who will then simply move on to the next ISP, typically on a 30-day free trial basis).

There is no service which can automatically deal with Spam of a pornographic nature. In serious cases, the appropriate agency to contact is obviously the Police Service.

Instant Messaging and "Chat Rooms"

Instant messaging software can be a terrific resource, especially for travelling parents. I have a small Webcam attached to my notebook so that I can "video-conference" with my family when travelling, and it is also great for chatting to distant family members.

Threats and Defences

Spammers and others appear to collect user IDs (and the associated e-mail addresses) from chat rooms, and users then become the recipients of unsolicited commercial e-mails. In addition, it seems to be common practice for operators of pornography Web sites to use "robots" (these are actually programs, although they display some characteristics of human users, hence the name) to direct solicitations and invitations via personal messaging or instant messaging to users who are in a chat room at the time. Example: "hottieamy44444: Heya! My name is Amy and my friends and i just made our own adult site with free pics and videos on it so please check it out and reply and tell me what ya think just click here -> http://www.amysnaughtysite.com Thanks!! - Amy the Hottie "

Ethical issues: only today I witnessed a quite amazing diatribe about the Holocaust and the Jesse Owens affair at the 1936 Berlin Olympics, conducted in a Yahoo! chatroom by what I later discovered was a somewhat precocious 16-year-old. Regardless of one's personal beliefs, one might not wish one's children to be exposed to debates about religion, race, etc. before they are able to form a proper appreciation of the arguments involved.

It has been suggested that chat rooms are the most likely places for paedophiles and child pornographers to attempt to ensnare kids. That seems quite probable, although I have never seen any evidence of this kind of activity, I am not a major user of chat rooms and have never explored the kinds of rooms where such activity might be conducted.

All of these threats are inappropriate for children, and so children should not be allowed to use such chat rooms. The only defence I can see is to ban their use.

Some service providers, e.g. Yahoo!, provide an instant messenger and chat room service specifically for children (e.g. "Yahooligans!", http://www.yahooligans.com. However, I am informed that this is not widely used, and kids will prefer more open (and adult-oriented) systems.

One local "chat room" (actually a Web forum) which has appropriate controls is the ABC Children's "Link Up" project at http://www.abc.net.au/children/linkup. Click on the "Ongoing Forum" link to continue from there. This Web forum requires only a Web browser (no special software) and all posts are reviewed for appropriateness by an adult moderator before being made public. No names or other identifying data are permitted. This seems to be a particularly appropriate way for primary-aged children to communicate online.

Note as of 16th August 2002: The "Link Up" site has now closed, but has been replaced by two new ABC moderated sites: "shout" http://www2b.abc.net.au/children/shout/ and "chatterbox" http://www2b.abc.net.au/children/chatterbox/.

Usenet

While newsgroups may be useful and interesting, there is minimal support for content filtering, and children should generally not be permitted to use newsreader programs such as Microsoft News or Netscape Newsgroup.

About the Author
Les Bell has been online since 1982, and is a Certified Information Systems Security Professional.

Copyright Notice

Copyright © 2004, Melbourne PC User Group Inc and individual authors. Except where otherwise stated, all material is the copyright of the author. Material in this magazine may be copied by nonprofit PC User Groups without fee provided that there is no restriction published with the article, the copies are not used for commercial advantage, and the origins of the material and this permission to copy are acknowledged in the reprinted item.

For more information on the Tulsa Computer Society click here