Don't just filter and forget
An interesting discussion grew out of a techLEARNING blog post by Steve Dembo the other day. He had just discovered the Meebo Repeater, an official tool from the makers of Meebo, an in-browser, multi-protocol IM client, that sets up a web proxy server on the user's home computer to bypass any school or work filter that attempts to block access to Meebo. Furthermore, he raises the bigger question of whether school filters provide a false sense of security for school administrators who believe that students are being stopped cold when they try to access a site deemed inappropriate.
He is absolutely correct, and I commented and said as much:
I'm a student in Community High School District 99, Downers Grove, IL. While our district uses extensive filtering on web sites that we students can access, even the most basic users know how to get around them by using any one of thousands of web proxies. However, web proxies are a dime a dozen these days. And for every one our administrator blocks, a hundred more spring up.
While the school's network administrators do everything in their power to block web sites, there are technical limitations to how far their filters can go. Aside from a strict whitelist of web sites--which would be disastrous for a learning environment--there's not much they can do that students can't get around with extreme ease.
Sorry to be so pessimistic, admins, but we're just *that* clever.
Ignoring Dave Jakes' joking reply suggesting they just ban me from the network (he's the educational technology guru for my school district), another user had quite a confrontational response to the post:
I am not sure publicizing this info is in a student's best interest. As a sysadmin we are well aware that some students know how to get around filters. So, we block all proxies by default and let through only those that are legitimate. But, now you've let them all in on that secret particularly at schools and districts where there filtering is not as tight
It is posts like this that drive a wedge between Educational Technologists and Information Technologists. When a student uses this technology to get around the filters and then kidnapped by a predator it is not you who will be out of a job but a IT person.
Quite a shock for me. I wasn't sure how to respond at first (although the OP did a pretty nice job). First of all, publicizing this info is nothing new. Meebo Repeater has been around for well over a year (I remember thinking how neat it was when they first announced it on their corporate blog).
Secondly, it is not just "some" users who get around filters: it is the majority. And it's no big "secret" on high school campuses across the country. There is no cabal of elite computer users at my school who are the only ones who know how to hack their way around the district's filtering technology (well okay, there kind of is... but we don't even have a secret handshake). Case in point: take Student Matt, a classmate of mine in English last year. A student who I worked with on a group digital storytelling project, wherein I held his hand through the entire process of using Microsoft Photo Story, quite possibly the most user-friendly software Microsoft has ever developed (besides Notepad). A student who, when we were given class time with the mobile laptop cart, watched music videos on Yahoo! Launch the whole period. Not exactly an expert when it comes to things of a computer nature. However, a short time later in the year while working in a school lab, I witnessed him access a web proxy (that he obviously knew from using before), type a few keystrokes, and was logged into his MySpace profile in the blink of an eye.
Continuing my dissection of the above comment, I sincerely doubt the commenter's district blocks all proxies. Unless they're using technology from the future that I'm not aware of, from a technical standpoint, there is no reliable way to block 100% of web proxies. Unless of course, they have a whitelist system set up, as I mentioned.
Finally, what ticked me off the most was his last paragraph that just feeds into the moral panic of online predators. Yes, we've all seen Dateline's "To Catch a Predator," and yes, Internet predators do exist. But the mainstream media has blown this problem way out of proportion. Every MySpace user over 30 did not join to meet underage boys and girls. But they are out there. And students need to be taught to recognize them. I've preached on and on about how dumb my peers can be when it comes to revealing personal information. This needs to stop. Then maybe IT people won't lose their jobs, because the predators won't have anyone to prey on.
Because I'm the first person to relentlessly criticize when people complain about a problem without offering a solution, here's a few ideas:
- Develop an informative program or seminar for students on the dangers of online predators. Make it interesting, hands-on, and relate to them. Don't give them story after story about kids who get attacked because they put their phone number online. Conduct such a seminar in a school computer lab, and encourage everyone to actually log into their MySpace profiles and take an objective look at what information they posted online. Also in this boat: don't spend $84 million on a filtering system that an enterprising student could crack with one hand tied behind his back.
- Explain the permanent connectedness of the Internet. Show them the Wayback Machine. Explain that just because they remove an incriminating photo or story from their social networking profile doesn't mean it's gone forever. Explain the logic that comes from easy, passive access to information. If you post your AIM screen name on your MySpace profile, don't put your cell phone number in your away message. (That last one happens ALL THE TIME.)
- Give a good reason for why web sites are blocked. This seems pretty straightforward, and it is. But my district doesn't do it. (Software limitations, I know...) Don't just say "it's for your own good"--even if it is. Rhetoric like that just makes me want to defy your lame filter.
- If you monitor students' social networking profiles, don't try to hide it. I was hesitant to put this, but I think it's important to understand you won't gain much from posing as a fellow student or reading the public version of a profile. If you pose as another person, besides violating that site's terms of service, you instill a deep distrust in the students that you as educators are supposed to serve. And most public versions of profiles, if any, are sterilized. The pictures from last night's party are only available to people on their friends list.
As for me? Yes, I have bypassed filters at my school in the past. I'm not trying to brag, or incriminate myself, but in each case I sincerely felt the site I wanted to access was wrongly blocked, and I had a legitimate reason I wouldn't mind explaining if asked. I don't do it routinely, and I don't have Meebo Repeater or any other proxy set up for using at school. Besides, 80% of the people on my IM buddy list are in school at the same time I am, so what's the point?
Educators, don't rely on filters to do your job for you. And if you do implement my ideas, I'll teach the seminar myself.
