Comment by Wowfunhappy
15 days ago
I work for a school. My traffic is not MITM'd, but the kids' traffic is, because we don't want them using their school-issued laptops to play games or go shopping, and you can't adequately block stuff if it's all encrypted.
Whitelists instead of blacklists?
This is really hard to do in practice: for example, if you block YouTube.com you just broke a ton of lesson plans which rely on students watching things like scientific materials from NASA, HHMI, etc. It turns your approval process into a source of political blowback unless it’s really fast, and it’s usually not a good idea to be in your users’ minds negatively all the time.
I'm pretty sure we'd still need to break TLS. Domain-level just isn't granular enough.
I still find that dumb that you even need to do that. Machines especially for schools should be able to have software policies set directly on them to limit such sites.
I don't know how much chromeOS is configurable and if you can e.g. force it to only use specific network and network interface, or if a student can connect it to a different network somehow, because it would be kinda pointless otherwise.
1 reply →
I can't imagine the headache as a school when parents come yelling "why did you allow my child on site XXX?!"