Whitelist proxies, such as he's talking about using, are not so weak,

I largely agree with your post, just to clarify, for a whitelist proxy to be effective you need to run it on a separate gateway host which firewalls your network from the Internet (as you say). You also need to

• Drop all egress traffic at the firewall (not just HTTP), and run a filtering proxy for any services you wish to use (e.g. DNS, SMTP, POP/IMAP, FTP)
• Disallow encrypted connections (no HTTPS).
• Be very careful in your list of sites to allow (e.g. no search engines or sites which allow posting of HTML)

At that point you've crippled the Internet connection to the point of very limited usefulness and set yourself up for a whole lot of work (and you're still not 100% secure, those are just the more obvious avenues of circumvention). Internet censorship is really hard, very seldom reasonably justifiable and a really stupid thing to do in the context of a family IMO.

At that point you've crippled the Internet connection to the point of very limited usefulness.

Agreed, this is not something you could use e.g. for setting up a school library computer lab so the children can do research on the internet. They wouldn't be able to get any research done. There are, however, people who just want their kids to be able to access a dozen or so sites they've pre-screened (typically, to play silly little plugin-based pseudo-educational but largely harmless games based on licensed characters), and it _would_ work for that. I was getting the idea this was the sort of thing the original poster had in mind, although I could have been misreading his intentions.

Regarding how the firewall is set up, I was assuming you would block anything you don't specifically need -- that's the only sane way to set up a firewall anyway. I wasn't thinking about proxying DNS though, but come to think of it, there _could_ be proxies out there running on that port, although how the kids would find them without general access to the net is another question.

Internet censorship is really hard, very seldom reasonably justifiable and a really stupid thing to do in the context of a family IMO.

The real issue there is leaving the kids unsupervised. If there were no internet connection at all, and no television either, and no other objectionable content available, there are still plenty of *other* potential problems, many of which are life-threatening. Frankly, if your kids are home alone, the internet is the *least* of your worries. (If they're not home alone, but the internet is someplace where they have privacy, like their bedrooms, then that's the whole problem; put the internet in the living room and suddenly it becomes supervised.)

And yes, there are some few children who by age ten or so are sufficiently responsible and grown up that they can be left home alone for a few hours at a time, but these are unusual, and generally they also can be trusted to go to the public library alone, use the internet alone, fend off telemarketers alone, etc., in other words, they're practically adults. Even then, they should NOT be left to supervise other children alone (because the other children won't think of them as adults, and they don't have the physical size or strength to force the issue if need be).