girl with laptop

Kids and the Internet: Why parental controls aren’t enough

Ask a parent of an underage child if they are concerned about their child being exposed to inappropriate Internet content, and most parents will, predictably, say yes. Then ask if they use some type of parental control software to protect their kids online, and the majority of parents will say no. Surprised? I was.

family with laptop

In our global survey of 15 countries, 78% of parents reported being concerned about their kids being exposed to content like porn, violence, racism and drugs online. But only 40% said they actually use software tools that ensure safe Internet use on computers their children use.

As the parent of a toddler, I don’t yet have to worry about such questions, but if my kid were school-age, I certainly would. Software with Internet filters and time controls is an easy way to make sure kids aren’t getting into trouble online. So why the disconnect?

Looking for answers

To get a better understanding of the thinking behind the statistics, I thought I’d ask some parents about their use or nonuse of parental control software. Living in Finland, the country with the lowest number of parents who use parental controls on computers their kids use (only 24%) and being from the US, with the highest number (59%), it made for some interesting conversations. I asked mainly Finns and Americans, but people from a few other countries as well.

What I found was that yes, parents do care about their kids accessing inappropriate content. But approaches for dealing with it range widely. I would loosely categorize my interview subjects into three camps.

First camp: Parental controls a must

One mother of an eight-year-old said she plans to use parental controls on her son’s new laptop, and doesn’t allow Internet access on his mobile phone. A mother of four children under ten uses an Internet filter in addition to accompanying her kids while they’re online. And another mom said in addition to using parental control software, she drove her teenage daughters (now grown) crazy with frequent lectures about the dangers of the Internet.

Second camp: Parental control, but not with software

One parent pointed out that parental control software isn’t the only way to protect kids online. For example, placing the computer in a high-traffic area of the home is a good way to make sure kids aren’t getting into trouble. Similarly, a parent of a five-year-old said she doesn’t use parental control software, but her child isn’t allowed to access the Internet without a parent by his side.

Third camp: The liberal approach

Some parents took a more liberal approach. A father of teenagers said he no longer uses parental controls, instead relying on a trust relationship with his children. A mother of a 14-year-old forgoes parental controls also, since her son doesn’t seem to show interest yet in anything aside from a few online games.

A common thread between these parents was that even if they restrict access at home, their kids could still access bad content away from home. And that restricting access might make forbidden fruit all the more tempting. One father stressed that he is always available to talk to his children should they see something distressing online.

Which approach is best?

Parents’ answer to that question depends on, among other factors, cultural attitudes and the age of their children. My personal conclusion? When it’s time I need to think about it, I’ll err on the stricter side by restricting access time, monitoring usage and just to be extra-safe, use some form of content filter for my child.

To me, there’s way too much bad stuff out there that’s way too easily accessible. A lot of it’s not fit for anyone, let alone kids – case in point, Facebook’s recent controversy over videos of extreme violence. Even if you trust your kids, they may stumble onto harmful content without meaning to. Or they may let curiosity get the best of them and see things their young minds just shouldn’t have to think about.

Communication is key

But even the strictest parental controls aren’t enough. In talking to different parents, whatever their stance, the theme that kept recurring for me was communication. Open, realistic age-appropriate communication between parent and child. About what kind of websites are and aren’t okay. About what kind of behavior online is and is not okay.

So even when the child is away from home, he or she will have a basis for making the best choices. And if a child does happen to see something harmful, you can hopefully find out about it and discuss it.

Plus, not every risky thing your kids do online can be caught by parental control software. The lecturing mom who aggravated her daughters? They are now grateful for the talks because they haven’t made the embarrassing mistakes their friends have made, posting compromising selfies and the like.

Family protection for computers and mobile devices

So talk to your kids. And if you’re looking for parental control software, allow me to recommend F-Secure Internet Security.

F-Secure Internet Security allows parents to filter out websites based on what sort of content they want to protect their kids from:


And it lets parents set browsing time limits:


F-Secure Internet Security also protects computers from viruses and other digital threats and safeguards while banking and shopping.

There’s also protection for kids’ mobile devices. F-Secure Mobile Security, in addition to protecting from digital threats and in case of loss or theft, offers parental controls, with the added feature of shielding kids from inappropriate apps.

And for under one euro per year, parents can install F-Secure Child Safe to iPads and iPhones. Child Safe is a browser that keeps kids safe from harmful content when browsing the web.

What about you – do you use parental control software? If not, how do you make sure your kids are safe online? Let us know in the comments!


Girl with laptop image courtesy of Clare Bloomfield /

Parents with kids image courtesy of photostock /

More posts from this topic


Why Cameron hates WhatsApp so much

It’s a well-known fact that UK’s Prime Minister David Cameron doesn’t care much about peoples’ privacy. Recently he has been driving the so called Snooper’s Charter that would give authorities expanded surveillance powers, which got additional fuel from the Paris attacks. It is said that terrorists want to tear down the Western society and lifestyle. And Cameron definitively puts himself in the same camp with statements like this: “In our country, do we want to allow a means of communication between people which we cannot read? No, we must not.” David Cameron Note that he didn’t say terrorists, he said people. Kudos for the honesty. It’s a fact that terrorist blend in with the rest of the population and any attempt to weaken their security affects all of us. And it should be a no-brainer that a nation where the government can listen in on everybody is bad, at least if you have read Orwell’s Nineteen Eighty-Four. But why does WhatsApp occur over and over as an example of something that gives the snoops grey hair? It’s a mainstream instant messenger app that wasn’t built for security. There are also similar apps that focus on security and privacy, like Telegram, Signal and Wickr. Why isn’t Cameron raging about them? The answer is both simple and very significant. But it may not be obvious at fist. Internet was by default insecure and you had to use tools to fix that. The pre-Snowden era was the golden age for agencies tapping into the Internet backbone. Everything was open and unencrypted, except the really interesting stuff. Encryption itself became a signal that someone was of interest, and the authorities could use other means to find out what that person was up to. More and more encryption is being built in by default now when we, thanks to Snowden, know the real state of things. A secured connection between client and server is becoming the norm for communication services. And many services are deploying end-to-end encryption. That means that messages are secured and opened by the communicating devices, not by the servers. Stuff stored on the servers are thus also safe from snoops. So yes, people with Cameron’s mindset have a real problem here. Correctly implemented end-to-end encryption can be next to impossible to break. But there’s still one important thing that tapping the wire can reveal. That’s what communication tool you are using, and this is the important point. WhatsApp is a mainstream messenger with security. Telegram, Signal and Wickr are security messengers used by only a small group people with special needs. Traffic from both WhatsApp and Signal, for example, are encrypted. But the fact that you are using Signal is the important point. You stick out, just like encryption-users before. WhatsApp is the prime target of Cameron’s wrath mainly because it is showing us how security will be implemented in the future. We are quickly moving towards a net where security is built in. Everyone will get decent security by default and minding your security will not make you a suspect anymore. And that’s great! We all need protection in a world with escalating cyber criminality. WhatsApp is by no means a perfect security solution. The implementation of end-to-end encryption started in late 2014 and is still far from complete. The handling of metadata about users and communication is not very secure. And there are tricks the wire-snoops can use to map peoples’ network of contacts. So check it out thoroughly before you start using it for really hot stuff. But they seem to be on the path to become something unique. Among the first communication solutions that are easy to use, popular and secure by default. Apple's iMessage is another example. So easy that many are using it without knowing it, when they think they are sending SMS-messages. But iMessage’s security is unfortunately not flawless either.   Safe surfing, Micke   PS. Yes, weakening security IS a bad idea. An excellent example is the TSA luggage locks, that have a master key that *used to be* secret.   Image by Sam Azgor

November 26, 2015
Secure Wordpress site, mobile blogging, tablet by the bay

This is why you need to protect your WordPress username and password

If you run a Wordpress site, you know that criminals around the world would love to use it to spread malware. Last month, F-Secure Labs spike in "Flash redirectors" that automatically redirect the visitor to a site with the goal of infecting them with malware, in this case the Angler exploit kit. The source was compromised websites -- specifically Wordpress sites. This isn't a new find for the Labs but what is unique is one of the tactics of the attack -- seeking out Wordpress usernames. Why? "After obtaining the username, the only thing that the attacker would need to figure out is the password," Patricia from The Labs explains. "The tool used by the attacker attempted around 1200 passwords before it was able to successfully login." If you happen to have one of those passwords, bam. You site is serving up malware, which is not only harmful to your visitors, it can cost you tons of traffic as Google delists you. Keeping your server and plugins up to date is essential for avoiding most attacks. Beyond that, this attack points to the need to both protect your Wordpress username AND always use a unique, strong password. "Furthermore, in order to defend against this kind of WordPress attack, you should not use a WordPress admin account for publishing anything," Patricia notes. You can also protect your server from enumeration attacks that discover the usernames of your bloggers. To see how to do that, visit our News from the Labs blog. It's pretty amazing what people can figure out about you with just your login and password. But when you're running a website, which can be part or all of your livelihood, the only way to keep from handing criminals the key to your front door is to make sure your password can't be figured out by anyone but you. And turn on two-step authentication if you haven't already. Cheers, Jason

November 26, 2015

POLL – Is it OK for security products to collect data from your device?

We have a dilemma, and maybe you want to help us. I have written a lot about privacy and the trust relationship between users and software vendors. Users must trust the vendor to not misuse data that the software handles, but they have very poor abilities to base that trust on any facts. The vendor’s reputation is usually the most tangible thing available. Vendors can be split into two camps based on their business model. The providers of “free” services, like Facebook and Google, must collect comprehensive data about the users to be able to run targeted marketing. The other camp, where we at F-Secure are, sells products that you pay money for. This camp does not have the need to profile users, so the privacy-threats should be smaller. But is that the whole picture? No, not really. Vendors of paid products do not have the need to profile users for marketing. But there is still a lot of data on customers’ devices that may be relevant. The devices’ technical configuration is of course relevant when prioritizing maintenance. And knowing what features actually are used helps plan future releases. And we in the security field have additional interests. The prevalence of both clean and malicious files is important, as well as patterns related to malicious attacks. Just to name a few things. One of our primary goals is to guard your privacy. But we could on the other hand benefit from data on your device. Or to be precise, you could benefit from letting us use that data as it contributes to better protection overall. So that’s our dilemma. How to utilize this data in a way that won’t put your privacy in jeopardy? And how to maintain trust? How to convince you that data we collect really is used to improve your protection? Our policy for this is outlined here, and the anti-malware product’s data transfer is documented in detail in this document. In short, we only upload data necessary to produce the service, we focus on technical data and won’t take personal data, we use hashing of the data when feasible and we anonymize data so we can’t tell whom it came from. The trend is clearly towards lighter devices that rely more on cloud services. Our answer to that is Security Cloud. It enables devices to off-load tasks to the cloud and benefit from data collected from the whole community. But to keep up with the threats we must develop Security Cloud constantly. And that also means that we will need more info about what happens on your device. That’s why I would like to check what your opinion about data upload is. How do you feel about Security Cloud using data from your device to improve the overall security for all users? Do you trust us when we say that we apply strict rules to the data upload to guard your privacy?   [polldaddy poll=9196371]   Safe surfing, Micke   Image by  

November 24, 2015