Parental controls pause internet and bedtime do not work on my son's PC properly
I have set up a profile for my son, with 2 devices, a phone and a PC.
When I pause his internet, certain programs can no longer use the internet, but other ones are not blocked whatsoever! The biggest one is the Brave browser. This is not using a VPN or any other system, it's just the stock browser. He can watch youtube videos no problem (I just discovered this after a few weeks of thinking he was kicked off at a certain time every night).
Even if I reboot the router, it still allows him to connect via Brave.
I can block his device manually, and the internet does go away. But I would really prefer the schedule to actually work. Does anyone know the cause of this? How can a device circumvent the restrictions, since that device should theoretically blocked from all internet traffic? I checked to make sure there is no MAC spoofing happening (and the fact that the Edge browser is blocked leads me to believe it's not an OS thing, but a Brave thing).
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
You are correct in saying that it is the browser causing the behavior; essentially it will be able to mask any website as another form of traffic.
From reading other forums, it may be that your son is using the Private Browser for Brave, which is powered by Tor. Tor is a Peer-to-Peer Web Browser, making it near impossible for a user's traffic to be traced. Brave is actually one of the furthest things from a default browser as the focus for the browser is privacy, VPNs, and Avoiding Content Restrictions; meaning it will be difficult to continue blocking services with the default settings. While the Browser does a great job of masking your network traffic, it also will mask the network traffic from your Router's parental controls.
Fortunately, it appears as though there are additional settings, such as group policies that can be set that disable certain privacy-blocking features, or the Tor version of the Private Browser. I would recommend looking at the Brave Support Site for related forum posts, as their team has provided a few solutions to help with parental controls.
- Copy Link
- Report Inappropriate Content
@Riley_S Nope, not using a private window. I tried it myself. I looked at the Brave settings.
Some websites do come up with the parental block. Sometimes.
Why can't I just tell the router to disable *all* internet traffic for a MAC address? Or even disable the wifi for that device? I know I can block it from wifi, so the capability is there.
Or is it somehow proxying via other systems in my network to connect?
Is there a way to tell how the connection to youtube is occurring (via which hardware)?
- Copy Link
- Report Inappropriate Content
To clarify further, I'm not interested in blocking *some* websites or services, I'm interested in blocking *all* websites and services, and I don't even care if it blocks internal connections on the LAN. I just want him off the computer by a specific time.
- Copy Link
- Report Inappropriate Content
I am trying to go through some of the documentation regarding the privacy features of Brave, but there are a lot to look over. The browser seems to be one of the most feature-packed browsers that I have seen. It seems as though the Brave Browser has a lot of features for masking IP addresses and sending web traffic to their own servers as a proxy, rather than directly to a site. If the Parental Controls feature is looking at the IP address of the request, it's possible that it is not identifying the request as coming from that computer. I would not be surprised to find that if a site is blocked, the browser will route the connection through their own means to access the site.
A quick check for a proxy in the Windows Settings on the PC and the Browser is also worth a check, as these are features that are installed on the browser that can circumvent blocks.
There are even features included by default that randomizes the properties of your PC, such as Screen Size or browser version, in order to circumvent tracking.
Any changes that would alter this behavior would be found in the browser settings, and can potentially be changed with an advanced configuration. While this applies to the TOR private mode, the article linked by the Brave Team details a method of preventing the installation of the browser via non-admin access.
Right now, it appears as though the Bedtime feature is an internet restriction, rather than a network(LAN) restriction.
What I would recommend is looking at the actual parental controls on the PC. Windows provides features for parents for this very situation that would essentially block the network from functioning and can require the user to request an unblock for additional time. When it comes to actively circumventing Parental Controls, your safest and the most reliable bet will be on the device itself. Microsoft has an entire suite of controls available under Microsoft Family.
---
I am still attempting to find the feature that would allow the traffic to pass through the network, rather than be blocked by the router. Please double-check that there are no network settings that have been set to reroute connections through a VPN or Proxy server.
When setting a content block for a site, is the browser still able to access the site?
For a site that you know is working on the computer when it shouldn't be, it may be worth your time to run a tracert from the command prompy to the web address and see where the request is being routed through.
- Copy Link
- Report Inappropriate Content
@Riley_S Thanks, I'll have to take a look at those when I can.
Worth repeating: it's not a system-wide setting such as a VPN or proxy, as other browsers successfully are blocked from accessing youtube. A tracert likely isn't going to help here, since it appears to be specifically the brave browser that is able to circumvent the block (tracert is going to use the OS facilities). I will try it though.
I am not really sure how a VPN should make a difference, since it would still have tunnel through the existing network connection -- through the router. It shouldn't be using any separate MAC address or IP address. The bedtime feature should block *all* internet traffic, no? In any case, there is no VPN set up unless Brave does it by default.
I'm a bit surprised that IP addresses matter at all. In order for the device to communicate to the router, it needs to use its MAC address. The router should know from the MAC address that this is traffic coming from the PC (and indeed, when I block that MAC manually, it is cut off).
It appears that the bedtime feature is using the same mechanism as the web filter, and just setting everything (well, obviously not everything, just everything it knows about) to blocked. Does it only block web requests on certain ports? Is there a way to log the traffic? does tp-link have some sort of wire-shark like mechanism? I might just install wireshark on the PC to look at it and change the SSID so only that device is on it.
I don't want to prevent usage of the browser, this is the browser I *want* him to use (it's better, faster, blocks ads, etc). I did not expect it to be able to do this though.
- Copy Link
- Report Inappropriate Content
I will look into the questions, but I just finished a conversation with our IT department, and they think that a device may have been set up on the network that the traffic may be getting routed through alternatively. If possible, try connecting the PC to the guest network. From the control panel on the router, there are two options for allowing devices to see each other, and an option to allow devices on the guest network to see the devices connected to the main network. This way, you can see if there are any devices connected that you were unaware of that may have been connected to the network and not under the profile.
I believe that brave used to enable a VPN by default, but moved that to a paid feature and now uses its own proxies by default.
I do not know how thorough the traffic monitor and system log is in the Tether App, however, the WebGUI of the router has both a Traffic Monitor that needs to be enabled and a System Log that may help identify how the traffic is being sent. Other users have definitely been able to diagnose the network behaviors that they are experiencing with the PC version of WireShark, so it is worth a try if you are willing.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1026
Replies: 6
Voters 0
No one has voted for it yet.