Ever since CIPA was enacted in 2001, school districts have been using web filters to keep their students safe online. And ever since filters have been implemented, students have been trying to get around them.
Trying to knock down and prevent circumvention techniques such as VPNs can feel frustrating at best, futile at worst. As soon as you find one way students are circumventing the filter, they find another. It’s almost like playing a game of whac-a-mole.
Don’t give up though, there is hope.
Web filtering has come a long way since 2001. In those early days of CIPA, blocking certain URLs and relying on reputation-based web filtering was enough to block out the worst of what students might come across online, unintentionally or otherwise.
But, no matter how advanced your web filter, some students will do their best to find holes or workarounds. Students are also more technologically savvy than they’ve ever been. Understanding how they typically do that—and how to prevent it—can go a long way towards improving the efficacy and longevity of your web filter.
Wondering how students keep sneaking past your filter? Here are five of the most common ways.
One of the first ways students learned how to get around web filters back in the good old days (the late '90s) was through proxy websites. Two decades later, it still remains one of the top methods. Proxy websites act sort of like a “browser within a browser.” Students search for them online and use them to access sites anonymously. They change rapidly, though, so blocking individual sites isn’t enough.
Students can download VPNs or virtual private networks on Google Play, and use them to bypass the filter at school. With so many VPNs coming up each day, it’s tricky to pinpoint which are being used to get around the filter.
Another way USBs can be used is to smuggle in Firefox and run it on school devices without the web filter recognizing it. A sort of Trojan Horse for search engines, all students need to do is bring in the aptly-nicknamed thumb drives and plug them in wherever they’re working (or not working).
The most old-school—but no less serious—way students are getting around filters is by snagging WiFi and other passwords from teachers or staff. While it may be tempting to store passwords somewhere easily accessible, students have sharp eyes and it’s best practice to encourage the teachers in your district to keep their passwords protected.
Good luck getting students to give up their phones, but like it or not, they’re here to stay. And with them? Unfiltered web access. Wherever students bring their phones, they have the internet at their fingertips. With cell phone jammers being illegal (and for good reasons, including safety), technology may not be the answer here.
If these sound insurmountable, rest assured there are some strategies you can implement to significantly reduce web filter workarounds. You might not be able to catch every single one, but there will be fewer students exposed to distracting—and potentially dangerous—online content.
With things like VPNs and proxy websites, blocking URLs simply isn’t enough. You’ll want to use technology that has machine learning built in it to identify the common behaviors of circumvention. For instance, VPNs use brute force—if one URL is blocked, it tries another. Smart filters can identify this behavior and block the VPNs before students are able to use them.
DNS filters are quite easy to trick with simple processes such as IP access. Additionally, chrome VPNs are very prevalent on bring-your-own-device (BYOD) networks. Full Layer 7 filtering is necessary to prevent circumvention. CIPA compliant filters today need to have visibility across all ports on TCP and UDP.
When it comes to VPNs or USBs with TOR or something similar on them, though, denying or limiting port access can go a long way towards preventing their use. Options include locking access to ports without a teacher’s permission, and/or limiting the use of specific ports (eg. one could be used just for email, etc.)
A more advanced technique to prevent students from getting around the web filter is using real-time monitoring to see what exactly students are up to on their devices. A tool that gives classroom management control over to teachers can help prevent filter workarounds.
It might sound like common sense, but the only way to prevent students from getting passwords for getting around filters is to prevent them from finding them in the first place. Make sure all staff has sufficiently secured passwords, and that they’re stored safely and updated often.
Ultimately, one of the best things any school can do when it comes to their web filters is to foster a culture of internet safety. This can include continued education for the IT department and teachers alike, lessons for students on internet safety, and investing in a comprehensive and integrated tool for your school(s) to manage their web filtering safely and effectively.
The Linewize web filter leverages its AI technology to identify and stop circumvention use among students. Read our whitepaper to get a more in-depth look at how our platform does this.
District IT leaders are tasked with fishing through an ocean of the latest sleek and shiny EdTech products to pull out a winning pearl for ...
(Updated 2/10) On December 21, 2020, Congress passed the Coronavirus Response and Relief Supplemental Appropriations Act, 2021 (CRRSA). It ...