Orbi WiFi 7 RBE973
Reply

Re: Parental Control in Linux?

JTLong
Guide

Parental Control in Linux?

So.. I came here to ask what kind of genius goes and develops a Parental Control platform for iCrap (Apple) products, which is built on Linux... without releasing said Parental Control platform on Linux itself? Customer Support suggested I come here and make a suggestion.. but I don't see any developer areas off hand for making a suggestion to.

SO.. now I'm digging around the forum here, and seeing a lot of people saying that Parental Control is busted anyway. Is it busted? Should I just hack my new router and install a FOSS OS on it?

Thanks for any insight!

Model: R7500v2|Nighthawk X4 AC2350 Smart WiFi
Message 1 of 11

Accepted Solutions

Re: Parental Control in Linux?


@JTLong wrote:


SO.. now I'm digging around the forum here, and seeing a lot of people saying that Parental Control is busted anyway. Is it busted?


Parental controls are not "busted". They still work as they always have. What has changed is the way you get at them.

 

Netgear has moved away from using the Netgear Genie on mobile devices to manage routers and has "updated" firmware so that you now have to use the Nighthawk App.

 

This was part of a shift to sell things like Circle and Armor to customers. These cost money and offer much finer control over what a router does. That includes more sophisticated parental controls in Circle.

 

To use the older style of Parental controls you can use the router's graphical user interface (GUI) or the desktop genie app for your operating system. Windows or Mac. Other controls  take you to here:

 

https://netgear.opendns.com/

 

But don't expect much. Parental controls are, and always have been, basic. Anyone who is nerdy enough to be into Linux is likely to be disappointed.

View solution in original post

Message 4 of 11

All Replies
antinode
Guru

Re: Parental Control in Linux?

> So.. [...]

 

   Meaningless filler is seldom a good beginning.

 

> [...] I came here to ask [...]

 

   This discussion might make more progress if you revealed what you're
talking about.

 

> [...] making a suggestion [...]

 

      https://community.netgear.com/t5/x/idb-p/idea-exchange-for-home

 

   But if your "suggestion" there makes no more sense than your question
here, then I wouldn't expect much in the way of results.

Message 2 of 11
microchip8
Master

Re: Parental Control in Linux?

macOS/iOS are not built on Linux but use FreeBSD as their base

Message 3 of 11

Re: Parental Control in Linux?


@JTLong wrote:


SO.. now I'm digging around the forum here, and seeing a lot of people saying that Parental Control is busted anyway. Is it busted?


Parental controls are not "busted". They still work as they always have. What has changed is the way you get at them.

 

Netgear has moved away from using the Netgear Genie on mobile devices to manage routers and has "updated" firmware so that you now have to use the Nighthawk App.

 

This was part of a shift to sell things like Circle and Armor to customers. These cost money and offer much finer control over what a router does. That includes more sophisticated parental controls in Circle.

 

To use the older style of Parental controls you can use the router's graphical user interface (GUI) or the desktop genie app for your operating system. Windows or Mac. Other controls  take you to here:

 

https://netgear.opendns.com/

 

But don't expect much. Parental controls are, and always have been, basic. Anyone who is nerdy enough to be into Linux is likely to be disappointed.

Message 4 of 11
JTLong
Guide

Re: Parental Control in Linux?

Wow.

Maybe instead of posting completely useless fluff about not being able to understand things.. you should go increase your personal comprehension level, instead of wasting other people's time by complaining about how you don't understand things.

I'm just saying.. it MIGHT be more productive.

..but thanks for sharing.

(..not really, I'm just trying to be nice.)

Message 5 of 11
JTLong
Guide

Re: Parental Control in Linux?

Well, I could argue that the Borland code is *nix based as well, and that it's all the same difference.. but honestly, that's news to me. The way I understand it, the new core is basically Debian based, but they threw a ton of crappily coded proprietary encryption stuff in there so that nobody can post an unofficial repository with open source code, without paying the Apple chieftains for the priviledge first.

Thanks for making the point though, it's interesting and valid. It would have been more helpful if you had mentioned WHICH Mac versions were supposedly BSD based, but it's all good. 🙂

Message 6 of 11
JTLong
Guide

Re: Parental Control in Linux?

THANK YOU! That is a clear and succinct answer, and I appreciate it! ..especially these days.

I'm sure lots and lots of people would argue that having Netgear muck around and pull their tools out of the router is 'breaking them'.
Personally, I've got zero interest in paying Netgear for services. They're actually trying to convince me that the router I just bought off of Amazon new.. was pre-owned, and my warranty was expired before I got it. ..but they'll happily support it for $230 for 3 years!
NOPE.
I was considering hacking it and adding one of the open source GUIs due to that fact. I actually already use OpenDNS to filter stuff for my kids, so.. I don't see ANY sense in paying the clowns at Netgear for the priviledge. ACTUALLY.. somebody should tell Cisco what they're doing. I've got a funnty feeling that Cisco would be more than happy to sue Netgear out of existence once and for all.
I think you've tipped the scales for me. I'm going to go ahead and start figuring out which FOSS GUI is more stable on this exact router and just get all of the network services I could ever want, WITHOUT the clowns at Netgear trying to charge me and log my activities.
Thanks again, really appreciate it!

Message 7 of 11

Re: Parental Control in Linux?


@JTLong wrote:

Personally, I've got zero interest in paying Netgear for services.

 

That makes at least two of us. But it does seem to be the way the industry wants to go. It doesn't sell hardware any more, it charges a subscription for a service that runs on that hardware.

 

With software suppliers doing the same thing, you and I will soon be seen as dinosaurs.

 

Then again, some people need protecting from themselves.

Message 8 of 11
schumaku
Guru

Re: Parental Control in Linux?

@JTLong I'm afraid, almost everything wrong, strange assumptions, ideas, or readings.

 

The legacy Parental Control is based on OpenDNS. Netgear has added some control to override the enforced OpenDNS settings on the router and made it available as a part of their legacy Netgear Genie App where we were able to configure an bypass account (on the router). By default, the OpenDNS profile selected is in place; the bypass account to select a different DNS "profile" bypassing the OpenDNS profile in place. Almost all administration features were lost along with the Genie App (available for Android, iOS, and Windows - but never for MacOS [ @YeZ we need history roll-up!]) becoming obsolete. Correct is: There was never a Genie App for Linux.. You might not like it: Linux desktops were and still are is a neglectable market in the consumer world. Last but not least the Linux "market" is by far to cluttered - to many distros, to many platforms, to many installers. Simply not worth to be approached.

 

What remains is the ability to use OpenDNS on [most] routers which came with the legacy Netgear/OpenDNS Parental Controls: The required registrar on the routers where the feature was available is still in place, the Netgear environment  https://netgear.opendns.com/  remains in place (probably bound to a product lifetime contract, available as long as the routers last or until further advise).

 

Keep in mind that OpenDNS was acquired by a competitor, well possible they asked for more money than what Netgear - and finally we as the customers - were willing to pay as part of the router product. 

 

So as long as your Linux systems use the DHCP supplied DNS IP (the router LAN address), the OpenDNS filter profile will be in place. Always was. On this part, the Parental Control was a platform independent design.  

 

The complete feature is busted - even if (depending on the scope) 80% or 51% or 49% or 20% of the feature remains workable. It's obsolete, Netgear has given it up, new routers don't have that feature anymore, on some Netgear router models the support might have been removed [not sure, e.g. R7000/R6900?] to free up resources for Circle resp. the "new" Netgear Parental Control [niked Circle 2.0 here in the community, but I don't know if this is true].

 

If taking the helicopter view, one might know that the trend does go towards secured (end to end encrypted) DNS, and to make things even more difficult random MAC on the clients (hyped by the tin hat community, named "Private Wi-Fi addresses in iOS 14, iPadOS 14, and watchOS 7 - but available for years on Android or Windows 109 so the last control to "identify" the systems is gone for the moment. Granted, there could be ways to identify these Random Locally Administered Unicast MAC Address and denying any access, providing e.g. a notification that the tin hat must be taken to gain access to that specific network.

 

A lot of things are required to keep this kind of Parental Control products remaining effective and manageable. 

 

This is it.

Message 9 of 11
JTLong
Guide

Re: Parental Control in Linux?

@schumaku While I DO appreciate the informed response, quite frankly, that makes no damned sense. How about Netgear quits trying to screw the customer by charging them for services provided for free by other entities? (Also, calling Cisco a competitor to Netgear is like calling China a competitor to Hoboken, New Jersey.) Here's a thought! Provide every customer with a free end-to-end encrypted tunnel back to their router. Leave the freaking router settings on the router where they belong? Done. I'm not playing their game. Further, since I can't trust them that far, I can't trust them not to be selling privacy information, tracking information or God knows what to make an extra buck. I intend to happily hack their bloatware out of my router, and unlock it's potential with a trustworthy open source replacement. There are a handful of them out there these days, so the only question is which one works better with THIS router? I don't even WANT to know what their Parental Control 2.0 is doing. I'm betting I don't WANT to know, and I'm not going to bother giving them the chance. Once a developer turns their attention to developing features based on cash flow.. feature sets go out the freaking window, because priority goes to whatever the heck might make them more money the soonest. Hmm.. also means that they're probably not devoting much time to plugging security holes either. Nope, I'm out.
Message 10 of 11
schumaku
Guru

Re: Parental Control in Linux?


@JTLong wrote:
While I DO appreciate the informed response, quite frankly, that makes no damned sense.

Frankly, just with the attempt of catching DNS queries and compare to a pass-fail scheme, you can't win this war. It's a "security" scheme from the last decade. the OpenDNS approach just some kind of base-line security remaining for some simple IoJ today. Fact is that random MAC on any kind of computers, mobile devices, and so on became standard - making it hard to identify individual devices. Fact is that DNS is moving fast from the plain text DNS to protected DNS, so end to end encryption. If your kids go to Kindergarten they learn or already know on how to bypass the OpenDNS based security measures. 

 

It's clear that strict security - at least if you intend to interfere with everything - has moved from the router to the end point. The areas where a device in the data path could do anything are limited. Comprehensive security appliances are required, specific package inspection hardware is built into the data path, and the evaluation is done against big data (read whatever cloud solutions and data collections). AI is making it into the security arena, too - simply because of the "classic" pattern matching is moving towards a behaviour evaluation. 

 


@JTLong wrote:
How about Netgear quits trying to screw the customer by charging them for services provided for free by other entities?

Not sure what you have in mind here. OpenDNS? It might be "free" for you and me, but it isn't if you integrate it into a commercial product. Other consumer router vendors integrating whatever security product maker core features for "free"? There are other sales and marketing ideas behind this. The device makers pay for this feature as they use it for marketing purposes. And finally we pay it with the product price - regardless if we want to use it, or not.  And the security product makers are (ab-?)using the many devices out there to collect ... you guessed it ... big data. That's why there is nothing like a free beer.

 


@JTLong wrote:
(Also, calling Cisco a competitor to Netgear is like calling China a competitor to Hoboken, New Jersey.) 

China is a competitor for sure. Or where are all the goods made today where the materials were delivered to and from the Hoboken harbour? Free Republic of Hoboken! No more state tax, no more tax money flowing to @POTUS. Only Hoboken city tax. And strict enforcement of import fees for all goods. 8-)

 

No doubts, Cisco makes a lot more money than Netgear. In the number of devices and number of Ethernet ports sold worldwide you would wonder....  With sales margins from way beyond of 95% (check the fiber modules and compare with the free market!!!), not inexpensive license fees for what you tend to name free open source industry standard features, 12..20% annual software support fees - there is a lot of money flowing into little blue.

 

The point is if it's worth for Netgear and it's customers (you realize i'm not Netgear!) to go into a renewal for a contract for new hardware models, paying a lot of money ahead, for a technology on it's way out? 

 


@JTLong wrote:
Here's a thought! Provide every customer with a free end-to-end encrypted tunnel back to their router.

You already got two if I'm not wrong:

 

  • https based remote management (by default on port 8443), requires a public routeable address obviously
  • Access Anywhere (former Remote Access [mistakenly abused in the user manaual differently]) at least for the R7500v2 [no idea what was riding Netgear here!], works over carrier grade NAT, too. But no Open Source again.

@JTLong wrote:
I intend to happily hack their bloatware out of my router, and unlock it's potential with a trustworthy open source replacement. There are a handful of them out there these days, so the only question is which one works better with THIS router?

Go or it - the chances are better thanks to the mostly open source friendly IPQ8064 (friendlier than the Broadcom platforms). Still, many things are not open source - all the radio module code, several drivers, .... 

 

 

Message 11 of 11
Top Contributors
Discussion stats
  • 10 replies
  • 3513 views
  • 3 kudos
  • 5 in conversation
Announcements

Orbi 770 Series