Note: I recommend several products throughout this post. These represent my own personal views based on trial, error, and experience, and in no way represent the views of any organization or company with which I’m affiliated (and none of the links are affiliate links).
As a parent of three, I know it can be hard to protect your kids in an increasingly technology-heavy world. And as an Information Security Engineer at Palantir, I know just how quickly bad actors can take advantage of weaknesses in security. Fortunately, my work at Palantir has also taught me how to get ahead of those bad actors.
One of our team’s objectives is to “make the world safer,” and we do occasional talks to help our colleagues and fellow community members defend against infosec threats. Recently, I’ve been giving a talk about how I’ve incorporated some of our team’s principles into my parenting. This post shares my recommendations for an information security strategy that helps families manage device usage and equip kids for success.
A multi-layered approach
I first became passionate about bringing infosec into my family life when my son stayed up late one night playing the video game Fortnite. When I asked him the next morning how that had possibly happened, he responded simply, “It just let me play.” I decided to prevent that from happening again by creating a multi-layered approach for parental controls.
Enterprise networks like Palantir’s never rely on any single security layer. Instead, they implement controls at every layer and provide back-up defenses to ensure security even if one layer is compromised. Your home network should use the same strategy, building in infosec controls that strengthen and reinforce your entire security posture.
The layers you can include in a home network are physical, network, OS, console, phone, smart home, and education. Below, I recommend how to bolster each layer.
The first step is to set up your kids’s device. If you hand them a new device and they set it up by themselves, you’ve already lost the game.
Let’s start with the network layer. You want a network with an easy-to-use mobile interface, because you won’t take advantage of features you can’t use from your phone. Your network should also be agentless, meaning you don’t need to install anything on your computer — it should just work. You should use the network to set universal screen-time controls that track usage across all devices, because you don’t want your kids to be able to circumvent screen time restrictions by just switching devices. If possible, adding an active Intrusion Detection System (IDS) will help stop malware, intrusive ads, and phishing attempts from even hitting your devices.
My preferred router is the Norton Core Router, though it was unfortunately discontinued earlier this summer. (For now, you can still purchase the Norton Core at a heavily reduced cost and the service still works, though it will soon be replaced by another model with similar functionality.) The Norton Core isn’t the fastest router out there, but has the best and easiest to use parental controls I’ve found. Others just stop enforcing parental controls, enforce them on everyone (including me!), or require an agent, but the Norton Core allows you to set up age-restricted controls as well as device-specific controls that tally any time spent on one particular device.
Every OS has different parental controls, but you should look for one with a couple of key features. The most important is that the OS supports a child or restricted user mode, but you also want screen-time controls, application whitelisting, and content filtering. (In general, internet filtering is better done at the network layer.)
For younger kids (ages seven to nine), I typically recommend Chromebooks, which have a locked-down interface because there are no apps to install (instead, apps live in the cloud). You can set the Chromebook to a whitelist-only mode so your child can only visit pre-approved websites, and any restrictions you set on the Chromebook will apply to your kid’s other Android devices. It also preserves browsing history for parental review. However, there are no screen-time controls for now.
For older kids (10+) who need an operating system that supports coding, I recommend Windows 10. Although this OS has fewer controls available than Chrome, Windows will provide parents with weekly reports and allow you to control your children’s screen time. Windows also permits some age-based controls, for example parental notifications for app downloads. Additionally, any restrictions you set on Windows 10 automatically apply to the Xbox as well, although the reporting will distinguish between time spent on each device.
For tablet users of any age, I typically recommend the Amazon Fire Tablet, Kids Edition. The Fire has predefined web categories and content based on age, has a work-before-play feature that forces children to read for a selected amount of time before they can access their games, and allows multiple children to use the same device with different restrictions. Perhaps most crucially, it also has a childproof two-year warranty that covers user error — including flushing the tablet down the toilet! — with no questions asked.
Comparing OS layer options
Like me, my children are all video game junkies, so I’ve needed to develop a system of parental controls for our consoles. As with the other layers, you want the ability to set screen-time controls and filter internet content, but there are also some console-specific guidelines to follow. In particular, you want the ability to block certain games based on their rates and to limit or entirely restrict purchases. You also want a console that reports on browsing history or allows you to entirely disable web browsing.
I often recommend the Xbox One for the simple fact that it shares parental controls with Windows 10, allowing you to manage controls from a single portal. You can set screen-time controls and parental controls, as well as view reporting on the time spent on the device. Importantly, you can also set purchasing controls so your kids can’t, for example, buy a digital copy of Madden when you already own the disc.
The Nintendo Switch is great for managing what content kids see, because it lacks many of the less child-friendly features of other consoles, like web browsers, YouTube, or voice chatting. The Switch provides easy daily reporting on usage and lets you override parental restrictions without an internet connection, which is handy when you’re traveling and want to give your kids additional screen time.
The Sony Playstation 4 has less straightforward parental controls than the Xbox or Switch — it has fewer features, has poor reporting, and is harder to set up. However, it does allow for VR controls, which will become increasingly important as VR proliferates.
Unlike with the OS layer, I don’t have recommendations for age restrictions on the consoles — I simply recommend that families set whatever restrictions on use they feel comfortable with.
Comparing console layer options
There’s a lot of debate about kids and cell phones. Parents often can — and do — have differing opinions on what age is right, what the right device is, and how much is appropriate to spend. As with video game consoles, that decision is between you and your family. Personally, my wife and I have given our older son and daughter a phone so we can keep track of their locations. They sometimes use it to entertain our youngest child, who’s two, on long car trips, which is an added benefit.
If you’re not yet ready to commit to a phone plan for your child, you can try prepaid options from Cricket Wireless or T-Mobile’s Metro line for a few months. Otherwise, the iPhone and iPad are good options because you can program them to require parental permission for app downloads. They also have pretty slick screen-time and content controls.
However, it’s difficult to control iPhones from Android phones, so if you have an Android, I recommend getting them one as well. (The reverse isn’t an issue — you can control Androids from any phone system.) Helpfully, Chrome restrictions also apply to Androids, so you don’t need to reset any of the filters. It also allows you to do whitelist internet searches and will notify you when your child leaves a certain geographic area.
Smart home layer
As smart homes proliferate, you may also want to consider a smart home layer. The Ring Doorbell and Nest Hello are great because they let you know when your kids get home (or try to sneak out). It also allows your kids to contact you without a cell phone.
The Amazon Cloud Cam and Nest Cam Indoor are great baby monitors. Most of the baby monitors I tried had poor picture quality or, more worryingly, sent private information back to China, where the devices were manufactured. The Cloud and Nest have night vision and motion detection that alerts you when the baby moves. They also provide two-way audio, which means you can use it as an intercom to communicate with your older children.
The Amazon Echo Kids has a number of educational benefits, including spelling words and reading stories, and allows you to restrict the Echo capabilities to certain functionalities, like timers for timeout or brushing teeth. It also prevents your children from purchasing items and allows you to limit the devices they can control, so they can turn off their own bedroom lights but not yours (for example). Similarly, smart lights like Philips Hue allow you to control your children’s lights so you can automatically turn them off at bedtime.
There are also a number of other features like smart locks and smart smoke alarms that can be nice to have.
Perhaps the most important thing I’ve done, though, is talk to my children about their technology use. Without that education, putting all these restrictions in place can create a hostile, untrustworthy situation. By using this opportunity to start a dialogue with my children, I’ve been able to explain the dangers — and advantages! — of using technology.
In particular, I recommend starting conversations about stranger danger when your children are old enough for online communications. You should also talk about passwords and emphasize why they need to be personal and secret. I tell my kids passwords are like underwear: don’t leave them on your desk, change them often, and don’t share them with anyone. Cyberbullying is important to touch on as well — too many people don’t realize there are real people on the other end of their online interactions. I’ve made sure to let my kids know that there are real-world repercussions to online actions.
My family also reviews their internet use reports together. I don’t keep it hidden that I know what they do online. We have discussions roughly once a month to discuss whether they’re using the internet productively or whether they should spend more time on educational activities like reading, art, or instructional videos on YouTube.
As tech becomes an increasingly integral part of our daily lives, it’s crucial we teach our children to use it responsibly. After all, our kids will embrace tech regardless. The challenge is to ensure they can use it in age-appropriate ways, and that they understand the potential dangers of their use. A multi-layered approach to parental controls helps ensure our children can experience all the advantages of modern tech without falling victim to its potential pitfalls.