Back to Help and Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

URGENT WARNING! Vodafone content filtering no longer works for some browsers in "Private" mode.

raimesh
4: Newbie

‎10-01-2024 11:23 PM

It seems that certain browsers (Apple's Safari, Google Chrome) have switched to sending type 65 (HTTPS) DNS requests by default to resolve domain names when the user is in "Private" mode to maximise the security of these protections.

Unfortunately, it appears that VF's Content Control solution only works/is only applied to the more traditional type 1 (A) requests and, as a result, anyone('s teenage children*) can bypass the filters simply by opening a private browsing window on their computer or device.

Without wishing to be a Helen Lovejoy**, I do think this really needs fixing, ASAP!

(* this is the voice of experience speaking)
(** "Won't somebody please think of the children?!")

 

0 Thanks
6 REPLIES 6

Jayach
16: Advanced member
16: Advanced member

‎11-01-2024 12:41 AM

Firefox has used DoH (DNS-over-HTTPS ) for sometime. (and not only in private mode)

Surely it is the parents responsibility to control their children's use of the internet, they shouldn't rely on 3rd parties to do it.

And, if their children are in any way I.T. literate (and whose kids aren't), simple DNS filtering is so easy for them to overcome.

All it does is give the parents a false sense of security.

raimesh
4: Newbie
In response to Jayach

‎11-01-2024 07:06 AM

As much as anything, I'm trying to address the false sense of security by alerting people to the fact.

0 Thanks

Cynric
16: Advanced member
16: Advanced member
In response to raimesh

‎11-01-2024 10:33 AM

@raimesh Then not use MS Edge in its default settings as it ignores loads of stuff the consumer may have setup. But this behaviour in "private mode" is well documented.

raimesh
4: Newbie
In response to Cynric

‎11-01-2024 02:00 PM

I didn't mention MS Edge, but seeing as how you have I've checked and, interestingly, that's one browser that doesn't have this problem on an almost new Win11 build or on MacOS.

But, at the end of the day, VF either need to update their filtering services to take account of the need to filter newer types of DNS requests, or they need to make it clear on their content filtering pages how easy it is to avoid the filters.

0 Thanks

Ripshod
16: Advanced member
16: Advanced member
In response to raimesh

‎11-01-2024 02:12 PM - edited ‎11-01-2024 02:13 PM

You're preaching to the converted here.

Whilst, in an ideal world, an ISP could provide safe filtering, today's browsers provide DoH as their way of helping us stay secure without considering the implications. You want a way to prevent users on your network bypassing security then that's your problem. Vodafone's obligation is just to provide connectivity. 

Cynric
16: Advanced member
16: Advanced member
In response to raimesh

‎11-01-2024 05:32 PM

@raimesh  Yup Edge doesn't have the "problem" as you see it because it has it's own idea of what it thinks is good security. If you like your browser trying to circumvent your personal security plans then use Edge at default settings, otherwise do have a look at all the "wonderful" and "helpful" features that MS thinks you need.