Parental Controls – The Power of the Hostname

I recently joined a technology group on Facebook with 10s of thousands of people in it that focuses on parenting and the use of technology. One of the questions I saw asked if it was okay for their 11 year old boy to use a specific app on Oculus that has chat functionality.

The answer is a firm no, it’s not safe. His age will be obvious. I know I stood out playing World of Warcraft at 14, with comments saying my balls had not dropped yet, cursing, singing about plastic Jesus, and so on. It wasn’t the safest of environments because I had to play with the 20+ crowd. There was only one other person my age out of 40+.

With that said, I strongly believe that they should still be able to use the technology just without the chat functionality. While some apps are heavily integrated due to it being a core component of the game play (working together, for instance), not every app works this way.

Let’s say it’s not a core component. This is where self-hosting comes into play. Ideally, self-hosting would allow private servers for the kid and their family or friends (set up by parents) to play in a safe and secure environment. Unfortunately, self-hosting in this way is rare and takes away from the real experience. It’s also usually community supported and developed, so it has no official support. While ideal, it’s probably not feasible on a large scale any time soon. Maybe in 8-12 years that may be different.

So what can we do now? If this was sitting on Biden’s desk and he had to come up with a solution, what could he do? Thanks to SSL certs being restricted on mobile devices (due to bots / spam, a direct product of a leaked protocol, which is the conversation between your device and their servers) it isn’t exactly easy to restrict content. It’s difficult to say that every company is required to offer parental controls too, as they are extremely expensive to implement, often requiring a multi-user family account system and a policy system.

There is another solution though, and it could be done relatively easy. The solution? DNS.

DNS is cheap to have multiple. It requires minimal development time and the resources itself don’t cost anything in this situation as it would be using subdomains. So what is DNS? You use it all the time already, it’s domain name services and it’s what turns into an IP address like

I propose that a standard be set so that different categories of functionality require different subdomains. The subdomain precedes the dot in subdomains.regulardomain.tld. By using a subdomain, you would easily have the ability to block select features. For example, sharing your location on Snapchat could report to In this case, by blocking this domain, the functionality ceases to work.

In the Oculus example, it may be that needs to be blocked. These blocks can be toggled on and off and done through parental DNS software such as openDNS, in an enterprise firewall, or even the self-hosted PiHole that does the exact same thing for advertisements. By designing the software with the ability to block select services in mind, parents stand a chance at protecting their children online. It also opens the products up to be used in an education environment.

Some of this may be doable already, and it would likely take an enterprise firewall’s logging capabilities to help you assess what is being used and apply a block to it, but if the legal system encouraged a method of running app infrastructure that allowed for this it would be guaranteed. It’s no more difficult of a request than the age verification for adult websites, and comparative in usefulness, if not better, as the site functionality can be singled out and blocked outright.

If you were wondering, I use Arista, formerly Untangle, for my enterprise firewall in the home. Full disclosure: I’m actually a partner. It runs about $150/year and can run in a virtual machine or on some old hardware. OpenDNS’s DNS based protection can be set up on the devices as well, either via broadcast through your router or set manually.

Of course the DNS can often only be set for WiFi networks and not cellular, but that could change with a bill. Hopefully Americans can handle this one without Europe for a change. It could even double as an ad blocking bill for children as it’s the same technology.

Edit: Android actually lets you set the DNS using the Private DNS feature. This could be used in conjunction with OpenDNS for family web filtering on a child’s mobile devices. At least until they figure it out. Learn more here:

Leave a Reply

Your email address will not be published. Required fields are marked *