While the internet can be an immersive, educational resource of high value to young learners, it is important to ensure that the such users are not accessing harmful or age-inappropriate content.
Endless OS offers some optional protection against inappropriate content on the web, as documented below.
Please note that with due to the massive amount of content available online, solutions such as the ones used here are imperfect. They are not guaranteed to block 100% of unsuitable content, and may also block content you might consider suitable. You can consider them only as the first line of defense.
Open the Terminal app
Type in the following commands, pressing Enter after each one:
systemctl enable eos-safe-defaults.service
pkexec eos-safe-defaults enable
You will be prompted for your user account password twice, or an administrator account's password if you are logged in as a standard user.
If successful, you will see the following messsages:
Created symlink /etc/systemd/system/multi-user.target.wants/eos-safe-defaults.service → /lib/systemd/system/eos-safe-defaults.service.
eos-safe-defaults: Enabled family-safe default configuration.
Reboot the system to apply the configuration.
You should ensure that any young learners who have access to the PC have their own Standard user accounts without access to any Administrator accounts. That way, they cannot undo the changes made here.
Open the Terminal app
Type in the following commands, pressing Enter after each one:
systemctl disable eos-safe-defaults.service
pkexec eos-safe-defaults disable
You will be prompted for your user account password twice, or an administrator account's password if you are logged in as a standard user.
If successful, you will see the following messsages:
Removed /etc/systemd/system/multi-user.target.wants/eos-safe-defaults.service.
eos-safe-defaults: Disabled family-safe default configuration.
Reboot the system to apply the configuration.
systemctl is-enabled eos-safe-defaults
You will see the word enabled
or disabled
in the Terminal window.
The Safe Defaults configuration offers the following protection in Endless OS 4.0.1 and newer:
The DNS servers are adjusted to use OpenDNS Family Shield for all connections if possible. This DNS server blocks domains with adult content.[1]
The Chromium and Chrome web browsers are configured to always use Google SafeSearch.[2] When active, you should see safe=active&ssui=on
in Google search URLs.
The Chromium and Chrome web browsers are configured to use OpenDNS Family Shield via DNS over HTTPS, in case the internet service provider prevents using the DNS servers directly.[3] You can confirm that this is active in Chrome or Chromium by navigating to Settings → Privacy and Security → Security, and noting that Use secure DNS is checked and cannot be modified.
Older versions of Endless OS implement similar functionality, without DNS-over-HTTPS.
At a technical level, Network Manager is configured to use a local DNS resolver /usr/share/eos-safe-defaults/nm-use-dnsmasq.conf
and dnsmasq is configured to query OpenDNS Family Shield first, and fall back to the ISP's DNS servers if that fails /usr/share/eos-safe-defaults/dnsmasq-opendns-family-shield.conf
. ↩︎
See /usr/share/eos-safe-defaults/chrome/policies/managed/chrome-safe-search.json
for technical details. ↩︎
See /usr/share/eos-safe-defaults/chrome/policies/managed/dns-over-https.json
for technical details. ↩︎