For Kids: Covering a visitor's tracks?

[WarKirby]

Hi everyoe, this seemed the best place.

 

I work for www.roshni.org.uk, a children's charity located in scotland. We're looking at setting up a website for children, with links to resources to help recognise and report child abuse.

 

One potential problem is that children rarely own their own PC. Usually they'd be using their parents'. And in an abusive household, if a child is caught browsing such a website it would not be good for them.

 

So what we're looking at doing is adding a button on the site, that allows a one-click method for the child to hide it and get rid of evidence if thery hear their parents coming up the stairs or similar.

 

Application theory seemed like the best place for this. I'm looking for any technical methods we can implement to help achieve it. At it's simplest, making the button direct somewhere innocuous like google is a good start, but it leaves other problems like the browser's back button, or the browsing history.  Are there any methods for a web application to remove these, such as deleting a user's history (and of course never using cookies). Maybe rapidly redirecting them through a series of sites to obscure the history as much as possible ?

 

I'm not too experienced in this area, so any advice would be appreciated.

[salathe]

Forgive the concise answer but it is, no.  The things that you ask for are predominantly outside of your control.

[Mchl]

You should rather teach them how to use browser's incognito mode and always browse with fingers on Alt-F4 (that's what we all do when browsing non kid-friendly sites at work)

[WarKirby]

So it's looking like education is the answer?

I guess that's what it'll have to be.

 

Are there no tricks that can be done with redirection perhaps? like linking to a page that redirects to google, to put an un-passable page in the browser's back history so one can't simply click back ?

[Mchl]

Security through obscurity? Do not even think of going that way. Such methods give only false sense of security.

[ignace]

So it's looking like education is the answer?

 

Yes and that education would be:

 

1) use the popular browser supported incognito mode

2) or History > Browse History > Search: by domain name and delete all instances

3) or as a last resort remove all history

 

That's the order you should follow, the last one is the only most noticeable.

[WarKirby]

Security through obscurity? Do not even think of going that way. Such methods give only false sense of security.

 

Very far from true, actually. Security through obscurity is quite effective unless the attacker knows what they're doing. Of course it's a bad idea against professional virus writers, hackers, et al.

But the average parent is probably not an IT expert, security through obscurity would help nicely. And when it's all you've got, what choice is there ?

[WarKirby]

Security through obscurity? Do not even think of going that way. Such methods give only false sense of security.

 

Very far from true, actually. Security through obscurity is quite effective unless the attacker knows what they're doing. Of course it's a bad idea against professional virus writers, hackers, et al.

But the average parent is probably not an IT expert, security through obscurity would help nicely. And when it's all you've got, what choice is there ?

 

If you close a door, even if it's left unlocked, the majority of people are far less likely to go through it.

[Pikachu2000]

So you're willing to take the chance that security through obscurity is stronger than an abusive, paranoid, OCD parent with too much time on their hands?

[GuardianGI]

So it's looking like education is the answer?

 

Yes and that education would be:

 

1) use the popular browser supported incognito mode

2) or History > Browse History > Search: by domain name and delete all instances

3) or as a last resort remove all history

 

That's the order you should follow, the last one is the only most noticeable.

 

well assuming they have to go to the site to learn about incognito mode in the first place an interesting feature most (recent) browsers have is 'delete recent history' which would cover that part.

As for a 'button' on the site like has been said keeping your fingers on alt+f4 is the more popular way to go (and something I'd recommend including in the 'education') and u could have a window.onkeypress event with javascript rather then that button if you do decide on doing something in some event.

 

just one last thought it might be nice (in the hypothetical situation that the abusive parents know their child is using the PC but don't know what they are using it for) is to have a way of (after removing the browser history, cookies,temp files etc manually!!!!!!) generating a 'fake' history like visiting wikipedia for school related stuff(yea right...) or random game sites like armorgames.com and some games on there. however you can't do stuff like that when using a browser incognito mode which IMO is still the best way of hiding this kind of stuff (we all want to hide what we browse every now and then ey    )

 

anyway it is generally hard to hide this kind of stuff from the client itself (because that is something you generally prefer your browser to tell you...)

and I'd recommend those kids to just not use their home pc for this stuff in the first place (getting caught watching well u know what is just awkward but this could lead to serious harm).