A couple of months ago I was given a review unit of The Clean Router, a decently powered WiFi-N router (for free,) or a WiFi AC router (for $199,) with a $12.99 a month service behind it that claims or aims to keep the Internet G-Rated. There’s also a pro version which is $19.99 a month and includes a few more features.
Apologies to the people who sent it and had to listen to my excuses, I really was sick. Also yes, I’m cross posting this from ITB.
The Clean Router also includes the ability to keyword block, disable and enable internet for any device based on time, and receive daily reports of any visited or blocked sites delivered right to your mailbox daily.
Setting it up is easy if you’re comfortable with routers. Just plug it in, follow the directions, you should be able to get it up and running in about two minutes. It has a wizard that will ask you questions and get you running.
The summary up at the top
Below this section you’ll find out how I attempted to break The Clean Router, and how I broke through the filtering on the default settings by actively trying.
It should be noted I’m a computer technician, worked at an internet service provider, a network technician, and do minor security for several companies. I believe this probably puts me in quite a different class than a kid who knows every site they visit is going to be emailed to the parents.
“Why son, what’s this xHamster site you were trying to visit?”
“Gee dad, it’s for people who want to hug hamsters obviously. Gah, you’re so out of touch.”
enters site unblocking password
“Uh, this is not two hamsters hugging”
That said, the tenacity of a 13 year old looking for porn may outclass my 20+ years experience.
The service is $12.99 a month or $155.88 a year, does an effective job of blocking accidental porn, and removing the ability to go to several places that can have the MPAA/RIAA sending you a $5000 notice to pay up or be sued for your kid downloading a movie that’s still in theaters.
It’s significantly more full featured than using DNS to block porn sites as it forces Google search into a safe mode and you can knock off devices by hour if you don’t want kids playing around after midnight.
If you’re attempting to keep your kids safe from accidentally clicking into a porn filled site, this pretty much does the job. It’s great at blocking most unsafe advertising and will prevent your kids from hanging around 4chan or thePirateBay.
If you’re trying to stop a porn addict, or a very tech savvy kid, this isn’t going to do it in its current incarnation.
At this point it’s up to you – you’ll need to decide if you’re willing to pay $155 a year to prevent accidental viewing and accessing sensitive/illegal materials or porn.
Everything below this line is a computer tech with 20+ years experience, and an Android/gadget reviewer with 6 years or so, attacking a consumer grade filtering device.
The claims are not quite right
In their features list they call themselves the Superior Alternative to Software Filters and list themselves up against filtering software, filtering device, and mobile software.
They don’t list what the software, device, or mobile software they’re comparing to are. Having worked with a bunch of them in the past I have some disagreements.
One claim is that filtering software doesn’t have customizable keyword filtering…. errr. No, that is incorrect. That filtering device doesn’t have remote access. No, that is also incorrect. None of them have time restrictions? What? What about the Amazon fire Kids freetime which also includes a filtered browser, time restrictions, app restrictions, etc? Software doesn’t have 5-minute install? What? They claim nothing else filtering on the market has an easy override? Er no.
I’d say ignore the claims that chart makes until they list what products they’re comparing.
My life on the filtered internet
I plugged my Windows 10 laptop into The Clean Router. In the wizard setup I’d set it to as filtered as I could, although I didn’t block YouTube. There are considerably more options for filtering than there are in the five minute setup, I’m working out of the box. I attempted every site with Microsoft Edge as I don’t use that so it should be as stock and fresh as possible and also would skip any data compression proxies I have installed in Chrome (which I have two).
In addition to the subscription Clean Router managed blacklist, it comes with a built in search engine blacklist that you can modify easily if you want. By default The Clean Router pretty much restricts you to Google and jams safesearch on.
I tried with three different browsers and safesearch was always stuck on. Even when I used a VPN I had preloaded on the testing laptop safesearch was jammed on. If you’re interested, you can read how that’s accomplished here. Yes, even with a VPN it’s evidently possible to force Google into Safe Search.
The long and short of it was I was stuck using Google’s safesearch, and all the other search engines I could think of were blocked (until VPN).
I checked the list of filtered sites and search engines that are preloaded on the router and noticed the Pirate Bay and Victoria’s Secret were both listed there. One in search engine blacklists, one in the normal blacklist.
Time to break it
I should preface this with I’m a network technician, worked at an ISP for a while, and have been doing minor security and various computer related setups for the past 20 something years. Obviously I’m not as tech savvy and dedicated as a 13 year old trying to get to porn. The settings were also set to the default Clean Router settings and as such I might have been prevented from some of my hackings with non-default settings.
“Hrmm,” thought I. While the Pirate Bay used to be the number one pirate search engine on the planet, the current top ones were not listed. Sure enough I was on two of TorrentFreak’s 2016 top 10 list within a minute. Each had a XXX section, and each allowed me to get there and click a magnetic link which launched my torrent client and would have downloaded a movie.
I did a little back tracking to see whether I could have downloaded a torrent client on Windows, and the web pages of the torrent clients I know about were blocked. So assuming there was no prior loaded torrent client, at this point you were still probably good. I only tried a few as a note, so don’t take this as an end-all “they’re all blocked” statement.
OK, so that’s something they can add on their back end list judging by my interaction with someone in The Clean Router’s chat, and you’ll also be getting an email later on that indicates your kid was on a torrent site, so that is fixable.
Victoria’s Secret was an easy target – go to the site, it’s blocked, requires a password you’ve predefined to enable access to it. I have Google Image Search stuck in safe mode, and I check it and bam, pretty much all the pictures from Victoria’s Secret web page. So that filter is effectively useless.
It should be stressed that I’m dealing with this out of the box. You can raise or lower sensitive categories.
One VPN to break them all?
It should be noted that the VPN sites I went to for a Windows VPN were universally blocked, so getting the software would be problematic. Once on a VPN though I had complete access to the entire internet minus Google Safesearch, which was still jammed on.
Really impressive that.
Random sites blocked
Twitter was the first site I noticed that was broken (blocked at the router, could be bypassed if I wanted). Facebook was not. VPN sites were blocked but TOR was not. Instructions on how to use a proxy to defeat censorship were blocked but information on using various tools to defeat The Clean Router were not. Also the download of the tools was not.
Twitter’s blocking made my other project look weird. Not sure what was up with that other than our twit embed.
I don’t know what that is, but I’m pretty sure it’s not G rated
Before I commenced my assault on The Clean Router I wanted to see what all could be accessed by Safesearch, and while Safesearch isn’t part of The Clean Router, the less than safe results generally were blocked by Clean Router.
Within a minute of targeted image searching and clicking I’d spotted a person of dubious clothing status that was not blocked. While nudity I don’t consider obscene, trust me. This was not safe for kiddos or work. And I don’t see a way to report it. Two clicks in and nope. That could only be considered an artistic nude if the art they were attempting was pornography.
The Clean Router people tell me to send support an email.
…and I broke it (Windows)
I downloaded a commonly used program off of a website of a project that’s been there for 10+ years and completely sidestepped all filtering. At this point the internet was open to me.
Very surprised TOR wasn’t blocked.
…and I broke it (Android)
Should be noted here if the parents block the Play Store or require a PIN that would probably stop that. All APK mirrors I found were blocked so trying to install a VPN from elsewhere would be problematic.
And I saw things I cannot unsee
While searching for something that would allow me to install the app Private Internet Access from a different source (which is blocked by The Clean Router,) I got an advertisement on a sidebar that was CGI characters doing it.
Site was relatively clean, their advertising network was not. That’s problematic.
How do you bypass The Clean Router?
Near as I can tell the following are the ways to get around a default setup if you’re intentionally trying to:
- VPN – I had no problem bypassing Clean Router when I had a VPN running. Sites I visited after connecting were not logged. The two VPNs I tried for Windows were not blocked by IP, so there doesn’t appear to be anything preventing you from bypassing The Clean Router if you’re actively trying.
- TOR – TOR is a free VPN-ish thing that they don’t block downloads of, nor do they block connections to the TOR network. Once connected there are no restrictions, not even the weird SafeSearch one I mentioned earlier.
- Torrent client – as several pirate sites are not blocked, and most of these carry eighty four craploads of pornography, you can download full length movies. I will say that every torrent client I tried to download on Windows was blocked, however the Play Store had no such restrictions. Also if you connected to a VPN or TOR you could download a torrent client without any hassle.
- Go to the room with the router and plug a laptop into the cable modem. By far the easiest work around unless you’ve got the internet connection secured.
- Play Store – as long as a kid has access to the Play Store chances are they can get a tool of some sort to work around the problem.
- USB stick (to bring in copies of a VPN client, a TOR client, a torrent client,etc)
Is there a way to solve the above?
VPNs and TOR can be blocked with rules as I’ve seen in hospital networks. If they blocked the IPs of the major VPN providers, or the ports most VPNs use, you’d be unable to connect to a VPN. This is something they should be able to do on Clean Router’s side.
Blocking torproject.org by default would prevent downloading of the app. This can be done user side by adding it to the blacklist although I imagine they’ll probably do it server side at some point. Not sure if blocking TOR is possible with what they supply after it’s installed however.
There are ways to restrict access in the Play Store and iTunes. This is doable at the device, but not via Clean Router. There are also ways to restrict a laptop from being able to install stuff of of a USB stick your kid got from a friend – also not part of The Clean Router.
Should you actually worry that your kid is coming in at night with a laptop and plugging directly into the internet connection, well, you’ll need to talk to your ISP about that but most decent modems will allow you to only talk to a single MAC address to prevent this from happening. That said, MAC addresses are spoofable, and the Clean Router MAC is printed on the bottom of the router.
What’s your recommendation random guy on the internet who stands to make money off of most links on his site?
While it does a pretty good job, and I think it can be made to block most of the ways I’ve pointed out, it fails out of the box at stopping an active attempt, and the fact that I got a porn ad on a non-blocked site is troubling.
I like the interface, think most of the issues I pointed out are surmountable with a software update (block a couple of sites, block some IPs, block some ports, that’s 90% of the holes in the product).
I’d say wait, give it a couple of months and see if they address those issues (I’ll revisit in September 2016.) Also check and see if your ISP has something similar as many do have a kid-safe option these days.
No hate, just wait… and see