Whitelist vs. Blacklist & Remote vs. Local Internet Filtering

Home Forums Computers / Electronics / Online Whitelist vs. Blacklist & Remote vs. Local Internet Filtering

Viewing 15 posts - 1 through 15 (of 15 total)
  • Author
  • #603545

    What is most effective vis-a-vis internet filtering: whitelist or blacklist; and remote (ISP level) or local (PC level) filtering?

    What are the advantage and disadvantages of each, and what are the differences between them?

    Are there any remote/isp level filtered internet services available from non-Jewish providers? Are they any different than the Jewish ISP’s? What do such services cost per month? Is there any reason to utilize a filtering service with a monthly fee as opposed to one that costs a one-time purchase and is installed directly on your computer?

    What software-based filters are available (in addition to K9)? How are they different from each other?

    How can internet-accessible phones be filtered? How is it different between smartphones (android, iphone, blackberry) vs. dumbphones that use a pre-installed web browser (like java based, opera, etc.)? Are they filterable?

    not a tircha

    I am by no means an IT person, but I will to try to answer your questions to the best of my knowledge. Others can chime in to correct me if I am mistaken.

    The most effective filter depends on how you define effective. The most restrictive will probably be a whitelist program that works on the ISP level. What type of filter you get should depend on you internet needs and the ages of those that use your computer.

    White list filers allow access only to sites that are deemed to be “good”, while blocking everything else. Black list filters allow access to everything but denies access to sites that are deemed “bad”. Most blacklist filters have a list that is regularly updated on sites that have content that need to be disallowed.

    ISP filters do the filtering at(as you guessed) the ISP level. So any devices trying to connect to your internet line will be filtered. This includes all computers, tablets and ipads you may have, as well as nosy neighbors. Local filters will only work on the device you install them on.

    To receive ISP filtering you need to get your internet from a provider that will filter your internet. Most ISP’s offer such a service. Check with your provider for price and exactly what is filtered. Then compare to Jewish filters and again decide which is better suited for your needs.

    There are numerous filters on the market, too many to name. Some off the top of my head are: NetNanny, SafeEyes, and K9. Also most antivirus programs have filtering capabilities as well, so you don’t need two programs running on your computer.

    Smart phones pose a unique challenge for filtering programs do to the nature of the mobile websites and the amount of memory in the phone. Some companies will give you a special browser that will only allow certain sites. I’m not sure how well they work.

    Hope this helps!

    not a tircha

    Sorry for some of the spelling mistakes. Please replace do with due in the last paragraph.


    Is there any reason to utilize a filtering service with a monthly fee as opposed to one that costs a one-time purchase and is installed directly on your computer?

    Filtering makes mores sense as a subcription based service because you are constantly using their resources and they are constantly updating their lists or algorithms.


    I use a filter made by Windows called WIndows Live Family Safety. Google it.

    It is brilliant – you can customize it and change it whenever you log in, but you need the password (obviously). I don’t know how much it costs, cos my dads company gave it to me. But you cannot access any other website – on my user, only YWN and DEBKA (Israeli Military News) are available. I cannot click on links, on ads, I cannot do anything that isn’t registered. you can even register GMAIL without Google. And anything i try to do is sent to my Dad’s user with a ‘Request’, and if he enables it, i can go on. There is no way around it.


    Blacklisting is ineffective since you will never be able to comprehensively block all inappropriate sites by maintaining a blacklist. You need to ONLY allow access to pre-approved sites, that were verified as kosher, on a white list.

    As far as filtering on the personal computer versus filtering on the provider level, filtering on the provider level is certainly preferable and far more effective. In addition to it being much more difficult to bypass the filter, you need to consider the fact that if you are only filtering directly on your computer that you yourself can bypass the filter with the filters administrative password. Plus, you can hookup a different laptop or tablet to your internet router or wireless connection, thus bypassing the filter. And, finally, a provider-level filter has the additional protection that you must go through a third-party to request any bypassing or adding additional sites to the approved list.

    One other vital protection is to insure you have setup that a third-party, preferably a Rov or friend who will keep on top of you, receives an automatic periodic e-mailed list of all the websites that anyone on your computer went to.

    Anyone failing to take these basic precautions is akin to giving matches to a 3-year old to play with unattended.


    Whitelisting is stricter. Use blacklists if you need broader access. Server side filtering is the only way to go if you are worried about your kids getting around the filter. I beg everyone not to use K9 as it is not a torahdik filter. It is utterly useless and hatorah chassa al m’monam shel yisrael.

    Just Smile

    The major problem with ISP filtering that people seem to brush over is that it only works while using your computer/internet device at home. As soon as you walk out of your home with your laptop/iPod/tablet etc etc and hookup to a different wireless network you are completely unfiltered. In addition, if you (or any one else in your house) can get the wireless from your neighbors who don’t have ISP filtering (or live in a city like Miami Beach that has free open wifi throughout the city), you can easily get unfiltered internet. In all the above situations if the filter was on your device you would still be filtered. Obviously there are many limitations from having a filter on your device as well (look at above comments).

    Ultimately, people have to understand that “just installing a filter” is not only not so simple, it’s very often very easily bypassed one way or another. You might not know how to get around it, but trust me your nine year old does.


    Regarding ISP-side filtering, although in practice I think that all the Jewish services require human intervention to modify the filter, theoretically the ISP could setup a simple administrative password-based login to add sites to the filter. But even in such a case, it would still be more difficult for a non-administrator to hack around the filter compared to beating a local system based filter. Though as far as self-discipline for the admin himself, it would be all-too-easy to allow oneself past the filters via the administrative access.

    ☕ DaasYochid ☕

    To state the obvious:

    A device based filter is needed if the device will access the web through an unfiltered connection.

    An ISP (or at least router) based filter is needed if any unfiltered device will access that connection/router.

    In many cases, both will be needed (be careful, though they are not always compatible).

    No filter is 100% foolproof which is why it’s better to have no access where feasible, and one reason why nobody ever claimed that filters, or even lack of access, is a substitute for yiras shomayim and proper chinuch. They can be, however, an effective compliment.


    ISP-level would be best. But the moment you use a VPN (either your company’s VPN or a commercial VPN service) and/or connect to some remote desktop (RDP, TeamViewer, LogMeIn, Live Mesh or whatever) – you’ve fully unprotected and unfiltered. Unless, of course, your internet is so filtered that nothing except a handful of allowed sites are accessible and all the rest is not.


    You could configure your router not allow VPN by blacklisting ports. That is obviously not an option for IT people.


    Having something like WebChaver (I think that’s what it’s called), or an equivelent program, that sends a report to someone else of all your web history, internet traffic and computer usage, is an essential component in addition to and on top of whatever filtering is utilized.


    Chassidishe Gatesheader – can I ask you this?

    If a person would work from home and need to use remote desktop, etc. wouldn’t the best option be to have a filter at the ISP level, and one installed on their computer locally as well?

    Would a local filter help when connecting with remote desktop, or logmein, teamviewer, gotomypc, etc?


    You could configure your router not allow VPN by blacklisting ports. That is obviously not an option for IT people.

    Outbound port blocking isn’t gererally used. Most modern VPNs aren’t tied to a specific port, many of then can make the connection through ports 80/443.

Viewing 15 posts - 1 through 15 (of 15 total)
  • You must be logged in to reply to this topic.