False sense of security from school filters?
I received a pingback on Teach42 today that led me to a blog post mentioning "Meebo School". I'd never heard of that before, so I jumped right over to Google to see what I could find.
If you've never heard of Meebo, it's among my favorite Web 2.0 websites. It's a web based universal IM client. If I'm on a computer at the library, I can pull up Meebo and have instant access to all of my IM contacts, whether they're on AIM, Yahoo, MSN, or even Google Talk. Very handy for those that rely on IM (everyone at Discovery Education lives on Yahoo IM). Since most schools block IM clients, Meebo tends to be blocked pretty often too. In an informal TwitterPoll, about 2/3 of the teachers that responded reported that Meebo was blocked in their district.
So that means that students can't get access to Meebo from school, right? Hardly. When I did my Google search for "Meebo School", I didn't find anything new from Meebo, but I did find a plethora of ways that students were bypassing their school's firewalls and filters to get access to it anyway. The first site I visited listed two different ways.
The first method was just to trick the firewall into thinking that it was a secure website by adding an 's' to the URL. Instead of http://meebo.com, it would be https://meebo.com. That might work for some filters, but I wouldn't think that would shake too many.
The second method was to just visit it through a public proxy. A proxy is basically a website that will re-display a web page for you, but with a completely different URL so the filter doesn't know it. One example is Proxify. Just go to Proxify, type in a URL that's normally banned at your school, and whamo, it'll take you right to it.
Of course, your school may be blocking access to known proxy's. Students can't use Proxify if your school blocks access to it. Which leads me to a method that's pretty much fool proof: setting up your own proxy.
It's not all that difficult to set up a proxy server. If a student sets up a proxy server on a home computer and uses that to funnel their web traffic, there's really no way for the filters to catch that. It'd take a human being to realize student 'Ima Hacker' has been spending all of her time surfing on http://imahacker.com. While it isn't TOO difficult to do this, it does take some technical know-how and determination.
Unless of course a website tells you how to do it and provides you with an application to make it easier. Check out Meebo Repeater. The folks over at Meebo have provided a program and instructions to teach you how to set up your own personal proxy that will give you access to Meebo despite your school's or workplace's best efforts.
Shocked? So was I. How long will it be before YouTube offers a custom proxy server allowing people to get access despite filters and firewalls? Or Flickr? Or Facebook and MySpace? Not hacks that users have created, but fully sanctioned and supported means for bypassing security measures that schools spend thousands of dollars on every year.
I share these methods, not so you can bypass your school's filters, but to make you aware of these issues so that you can act accordingly. I'm sure that quite a few students will wind up finding this post through their searches for ways around their school's filters (if you're a student and reading this, go ahead and say hello in the comments). If they didn't find it here, they'd find the information in the next site down in the Google search.
The bigger question is, if our expensive filters are insufficient for keeping students off websites we'd like to block, how do we teach our students to navigate these sites in a safe and appropriate way? Something to think about as we enter into a new school year.
So what do you think. Are your filters actually doing as well as you think they're doing?
Comments
What do I think? I hope very few students read your post at TechLEARNING. Perhaps you should retitle the post as: Letting the Genie out of the Bottle, or Giving away the keys to the Car.
:)
Posted by: David Jakes | August 22, 2007 8:57 PM
I'm a student in Community High School District 99, Downers Grove, IL (who also happen to employ the author of the above comment--hehe). While our district users extensive filtering on web sites that we students can access, even the most basic users know how to get around them by using any one of thousands of web proxies (we're blocked from accessing the Internet Explorer settings that we could potentially alter to use our own traditional, home proxies). However, web proxies are a dime a dozen these days. And for every one our administrator blocks, a hundred more spring up. And like you said, if a user sets up their own domain name and web proxy (and doesn't brag about and share it with friends), chances are they'll get away with using it indefinitely. That is, unless the student's network account is under constant monitoring... heh.
While the school's network administrators do everything in their power to block web sites, there are technical limitations to how far their filters can go. Aside from a strict whitelist of web sites--which would be disastrous for a learning environment--there's not much they can do that students can't get around with extreme ease.
Sorry to be so pessimistic, admins, but we're just *that* clever. ;-)
Posted by: Kevin Walter | August 22, 2007 9:11 PM
Hey Kevin: what about if we just deleted you from our system? Just kidding of course, thanks for the comment!
Posted by: David Jakes | August 22, 2007 9:48 PM
I am not sure publicizing this info is in a student's best interest. As a sysadmin we are well aware that some students know how to get around filters. So, we block all proxies by default and let through only those that are legitimate. But, now you've let them all in on that secret particularly at schools and districts where there filtering is not as tight
It is posts like this that drive a wedge between Educational Technologists and Information Technologists. When a student uses this technology to get around the filters and then kidnapped by a predator it is not you who will be out of a job but a IT person.
Posted by: Martin Williams | August 22, 2007 11:31 PM
Martin: As mentioned by the commenter above you, my point with the article is that the only person I'm letting the cat out of the bag for is educators who believe their filters are being effective.
Do me a favor. Do a Google search for yourself. Keywords? Try just about any search phrase you can think of. I tried, "Get around school filters" and found hundreds of links.
If a student learns how to get around their school filters from this article, then either A) They read TechLearning's blog on a regular basis and should be given a merit badge or B) They were doing a Google search for ways to bypass a filter and found this post sandwiched between hundreds of other sets of instructions that weren't written to raise awareness amongst educators.
As to your last statement about a student bypassing filters and endangering themselves, that is precisely why I wrote this article. Filtering websites does not keep our students safe. Educating them does.
Posted by: Steve Dembo | August 23, 2007 1:57 AM
Merit badge? Where do I sign!
Posted by: Kevin Walter | August 23, 2007 2:19 AM
Metal detectors help keep schools safer... not safe. If you put in metal detectors, would you still have other security measures?
Anyone who depends on one method of security is asking for serious trouble. Monitoring of students on computers can not end with a filter. The best preventative measure a school can take is traditional monitoring of students and the use of computer management software.
Posted by: Scott Meech | August 23, 2007 2:21 AM
posted without finishing post... my apologies...
Educating students is very important as Steve mentioned. However, one shouldn't fool yourself into thinking education will solve the problem either.
Smoking is a great example of how education alone will not prevent new smokers...
Posted by: Scott Meech | August 23, 2007 2:25 AM
Hello there.
You raise some very interesting issues.
I run a blog which lists new proxy sites everyday. That is purely to help students access sites which are blocked. Because, in any case, they are going to find out ways to access blocked site.
A couldn't agree more when you said that we are better off teaching them how to surf safely rather then keeping them from surfing.
[URL edited out]
Posted by: Anon | August 23, 2007 4:33 PM
While I appreciate your words of agreement, I don't believe this is a place to advertise your site. Because of this, I edited out the URL to the site.
Scott: Actually, I think smoking is a good point. The best that we can do is make it difficult for them to smoke and educator them why they shouldn't. In the end, it's going to be their own choice. A student who is determined to smoke will find a way, just as a student who is determined to get around filters (no pun intended) will find a way. However, we can make sure that we educate them as to why the filters are in place, and what appropriate use is. Then I guess we hope for the best.
Posted by: Steve Dembo | August 23, 2007 5:12 PM
Completely agree with you Steve... Sometimes I think people read a post as yours and see it as bashing the filtering system which I don't think you are doing.
I read your article's main point as we need to educate our students on surfing properly to stay safe as this is really the way to protect oneself without relying on a filtering system.
I think others missed the point and read that we should get rid of the filters.
Posted by: Scott Meech | August 23, 2007 10:14 PM
Scott, you're absolutely right.
For the record, I just did a Google search for "Bypass School Filter". This blog post shows up on page 11. So if a student doesn't find what they need in the first 100 links, then YES, I will take the blame for teaching them something new.
Posted by: steve Dembo | August 24, 2007 8:15 PM
Martin,
The predator comment is way overused and misinformed....it just doesn't happen in the ways the general public think it does. Also are there any cases where IT folks in schools or others have lost their jobs over this? Love to hear those stories.
Scott,
As for education and smokers I would disagree that education hasn't done anything...stats in Canada show a decline in smoking of about 8% in the last 6 years.
Posted by: Dean Shareski | August 24, 2007 8:39 PM
I would like to read about and hear accounts of IT staff being fired or sued because of issues arising from students accessing objectionable websites. If this has happened in a school, I have not read about it, and you can bet that would make news. Kurt Paccio blogged recently about his fears for liability lawsuits (being personally held liable) if the content filters aren't strict enough:
http://elgg.ciu20.org/Kurt/weblog/296.html
My perception is that these fears are overstated, and we have not seen personal lawsuits against IT directors or members of IT staffs over content filtering issues. Of course, a parent can file a frivolous lawsuit about anything, so this is within the realm of possibility, but I have never heard of a lawsuit like this actually being filed, much less upheld by a court. Additionally, I've never heard of a school district employee responsible for maintaining a content filter being fired because a student accessed a proxy website. Scott (and others) please let us know the links if we've missed these headlines.
Ultimately, like smoking or the use of illegal drugs at school, if students choose to engage in these activities the responsibility for that decision lies with THE STUDENT and not the school or its staff. Educators will continue to make good-faith efforts to provide "safe" environments at schools, but the choices of individuals will continue to challenge that environment. As others have pointed out in this conversation thread, technology cannot offer a complete solution to these issues. I do think, however, it is important in this context as well as others to be guided by facts and reason more than FEAR. Let's get the facts on some of these assertions before we start believing that people are being fired or sued over student misconduct at school.
Posted by: Wesley Fryer | August 26, 2007 2:41 PM
Well done, Steve. For the educators in the group, this is our own teachable moment. If you haven't watched how quickly a geeky student can access your network lately, or bypassed a filter, then you have not lived. Actually, it would be a downright good contest for each of us to run, then hire those kids to help out!
Posted by: Cheryl Oakes | August 27, 2007 12:43 AM
Very good comments across the board, except my comment on smoking is being misunderstood...
I stated: "Smoking is a great example of how education alone will not prevent new smokers..."
Education alone is not enough. I believe education is a huge part of prevention programs across the board and I believe in them wholeheartedly. I think we need to do more education on cyber ethics for sure! I just want to make it clear that having a filter isn't enough!
Posted by: Scott Meech | August 27, 2007 3:05 PM
Cheryl: That hiring students part sounds good to me. ;-)
Posted by: Kevin Walter | August 28, 2007 5:01 AM