Comment by KoolKat23
2 days ago
This is very interesting thanks.
I agree that ECH is perhaps a stumbling block although as you say MitM, this is indeed possible to pursue considering the whole set up child account on device thing going on with many of these devices.
On the rest of of your points fair enough, but again I ask is it actually proportionate? Are we talking about children or black hats?
The black hats in this case are the software vendors. If your software prevents any ability to inspect any of its traffic (so you can't use external filters), and the OS doesn't offer ways to override/hook into that, and if the inbuilt parental controls are insufficient, you can't do much.
What are you going to do when every application (including web browsers) simply ignores and bypass your DNS filtering "for security" and every site is opaque (e.g. wikipedia looks just like pornhub to your router and every site is using one of a small number of major frontend proxies like cloudflare that's actively specifically working toward traffic opacity)? It happens that every major commercial non-server OS vendor (except Redhat?) is an ad company now, so they all have a reason to block your ability to filter traffic/restrict your configuration to only what they allow. And they're all working toward that.
Good point well made.