13

I have a colleague with two teenage boys (yes, cue cliche's about 'I have this friend see...') He's currently having issues with them browsing pr0n and wants to do a little spying on their browsing (I'm staying clear of the philosophies/ethics on this.) The kids are savvy enough to clear their browsing history when they're done. As I'm his goto for IT he has asked me if there is a way to keep a hold of the browsing history.

The family uses Macs, and the kids surf with Safari. I know that browsing history is kept here ~/Library/Safari/History.plist. I figure there should be a way to write either an AppleScript or other script (Python/Ruby/Bash) that can backup this file to a different location (/opt/local/history, etc.)

Since the kids know to clear their history when they're done should the file be periodically backed up with something similar to a cron job or something like Hazel? While that could work it seems like it would create a ton of little incremental backups.

Or is it possible to 'watch' ~/Library/Safari/History.plist and incrementally add changes to a backup file (saving a diff so to speak) but not lose any data?

Any ideas/solutions appreciated.

UPDATE/EDIT: Got the word from concerned dad that the oldest uses Firefox on a different PC, so the OpenDNS solution (preferably at the router level) is the best answer so far as it would capture usage for the whole house.

Darren Newton
  • 1,276

5 Answers5

20

Easiest solution would be to open an account on OpenDNS and log the history through that. They won't be able to delete it.

If he finds it is a big problem, sites can also be blocked on OpenDNS.

Josh K
  • 12,990
13

This sounds like a good suggestion to prevent bypassing DNS:

Here's the setting of my router:

  • IP: 192.168.2.254
  • DNS: 208.67.222.222 208.67.220.220
  • IP Filter: Blocks port 53 UDP
  • A very strong password for its admin page

Here's what nslookup is like. First I try use the router's IP as the DNS:

 > server 192.168.2.254
Default server: 192.168.2.254 Address:
192.168.2.254#53 > google.com. Server: 192.168.2.254 Address:
192.168.2.254#53

Non-authoritative answer: Name:
google.com Address: 64.233.187.99
Name: google.com Address:
64.233.167.99 Name: google.com Address: 72.14.207.99

Now I try use something other than my router's IP... like OpenDNS's IP!

 > server 208.67.222.222
Default server: 208.67.222.222
Address: 208.67.222.222#53 >
google.com. ;; connection timed out;
no servers could be reached

So now I can't use anything else but the router's IP as my DNS server... and the router has been locked to only use OpenDNS.

He's making his router the only device permitted to make DNS requests. All other network devices must use the router's DNS settings. The theory sounds good; I'll have to test it myself. Remaining workarounds:

  1. disconnect router and use internet directly from Cable/DSL modem
  2. accessing websites via IP address

You can address #1 by placing the DSL modem in a closet and locking it. This may require some rewiring and attic work. You can address #2 with a full content filtering router/proxy solution, which could be pricey or complex to set up.

And finally, these are only deterrents. If they can find a hotspot or a friends house then this is moot. The root of the problem - carnality, I suppose - will need to be addressed.

hyperslug
  • 13,806
1

if you go with dns solution have a look at ScrubIT (http://www.scrubit.com/), it's a free dns service which mantains a blacklist of websites which are not safe for family browsing.

pqnet
  • 538
0

If you really can't trust your kids, I would suggest OpenDNS. But before doing that, try to gain their trust and just make them stop going to bad sites without OpenDNS. Try using Windows live parental controls or Mac parental controls to check their history and bad sites. If they still go to those, then use OpenDNS.

otherguydude
  • 1
-2

Go in to browser properties and set up a password for clearing the browser history.

random
  • 15,201
edgars
  • 1