Many of you have asked me for recommendations on a router (or mesh system) with “excellent Parental Controls.” It’s tricky because I don’t use this feature. (And I’m a dad — a pretty good one, mind you!)
That’s because if you know how things work, you’ll note that even the best home networking Parent Control is not as effective as you’d think. Also, some might even do more harm than good. I’ll explain all that briefly in this post.
Parental Control vs. online protection
While these two sounds like one, they are not. At least in what I mean within this post. So first, let’s get on the same page.
(By the way, the terminologies used here are mine. They are not universal. Among other things, you’ll note that many vendors lump Parental Control and online protection into one or putting one as the subset of the other.)
Router online protection: Keeping everyone safe
Online protection generally applies to the case where you want to keep everyone safe. It’s obvious stuff like phishing, ransomware, malware, or even misinformation, and so on. But you can add more — like social media or pornography — to the list.
It’s the type of protection you want to apply to the entire home network. And that’s the key. It’s the protection or web-filtering mechanism for all. Once turned on, everyone within the network can avoid the content/parties in question.
This type of catch-all protection generally works well. The filtering and blocking use your WAN IP address as the base and apply locally at your Internet gatekeeper — namely, the router itself or a firewall device.
That said, you should always use online protection if that’s available.
Many routers come with this feature. A good example is the Network Protection of Asus routers — it’s part of the free-for-life AiProtection suite.
Keep in mind, though, there’s no complete protection, and you will need to let the party that protects you look at your traffic — privacy risks implied.
In the end, you’re always the last line of defense. But a router with built-in online protection sure helps.
But the point is, online protection is transparent, straightforward, and democratic. All network members are in it together, and therefore all local network devices share the same treatment. It’s also effective since there’s no exception.
Router Parental Control: It relies on the MAC address — questionable effectiveness
On the other hand, Parental Controls are complicated.
That’s because, in this case, you want to let stuff in but keep it from select members of the family. It’s the type of do-what-I-say-but-not-what-I-do kind of enforcement.
Here’s the thing: Even if you can make that works technically and the moral high ground is well-justified, it can still be problematic.
For one, the system doesn’t know the difference between John and Jane as two individuals. It only knows the devices they use. So if you want to block John from something, Jane will also be affected if they share the same machine.
Think about it, how often do you need to borrow your kids’ computer? That’s not to mention the hurt feelings.
But most importantly, it doesn’t always work.
That’s right. The only way for a system to identify a device for parental controlling purposes is via its MAC address, which is supposed to be unique — and it’s indeed unique.
However, you can change your device’s MAC quite easily. Many smartphones randomize their MAC address by default. Also, most Wi-Fi extenders automatically assign a virtual MAC address to a connected device.
Truth be told, pre-teen and older kids can probably figure out how to bypass web-filtering one way or another after a few Google searches.
Younger kids, who don’t know how to use a search engine yet, likely won’t do anything crazy online anyway.
The privacy issues
If you wonder why MAC spoofing is so prevalent and even endorsed by mobile vendors, that’s because it has a lot to do with privacy. Giving somebody your device’s MAC address, and chances are they can spy on you.
Your router gets all the MAC addresses of all connected devices at home, and they generally stay there. However, when you turn on a third-party Parental Control feature — like Circle, which is an add-on software of many Netgear routers — all things break loose.
That’s because, for a third-party service to work, it will also have to handle your network’s DNS, which works as the directory of your Internet access. Effectively, you surrender the online traffic of your entire network or at least the device with the Parental Controls app to the vendor.
Again, that’s the case of all online protection, web-filtering, firewall services — you can’t have a bodyguard without having somebody accompanying or looking at you. There’s no absolute privacy — it’s a matter of degrees.
After that, the software, again, uses the MAC address to apply the filtering. As a result, while the mobile app might look fancy and intuitive, the effectiveness is always hit or miss. But the privacy risks are a sure thing. The whole thing is not a very good trade.
Parental Control: Picking the right hardware and approach
So using an umbrella Parental Control solution for the entire home network is generally not a great idea. But that doesn’t mean you should give up on parenting — not that we ever can.
That said, strictly from the tech point of view, here are my recommendations on this front:
- Set up Parental Controls at the device level. Each device, be it a computer, media streamer, a phone, etc., generally has this option. It’s a bit more work but much more effective.
- Use the online protection feature on your router, if available, and block stuff that’s bad for everyone. If the router has built-in Parental Controls, you can try that, too, but don’t count on it.
- Refrain from using an online service — one that uses a mobile app and a login account. Chances are you’ll pay a lot more for it than the monthly subscription. Most importantly, you can’t count on it, either.
- Set up a family time when no one uses any device.
- Keep devices off the bedrooms.
- Be a role model.
And with that, you know why I’m not big router-based Parental Control features. And I’ve worked with hundreds of networking devices.
The point is, don’t use Parental Controls as a criterion in picking a router. Chances are, you will end up with a Wi-Fi machine designed primarily to make money off of you and your privacy that only gives you the illusion of being in control or a good parent in return.
Online protection, parental controls, and parenting itself are about the nuances and degrees. You can use a mix of what you think is most effective for your situation without going overboard.
Your kid is another human you’re dealing with, not another device.
Instead, get a good router (or mesh system) with an excellent set of networking features and then, if need be, add a firewall device on top of it. I’d recommend Firewalla Gold or Blue Plus, neither of which requires a monthly subscription.