Blog

Archive for the ‘spy on network users’ tag

Jul 14, 2019

Can I Check Web Sites Visited by my Kids/Staff?

Posted by in categories: computing, internet, policy, privacy, security, software, surveillance

Early this morning, I was asked this question at Quora. It’s a pretty basic request of network administrators, including parents, schools and anyone who administers a public, sensitive or legally exposed WiFi hot spot.

Is there a quick and easy way to view, log, or otherwise monitor the web sites visited by people on your home or office network?

Yes. It’s free and and it is pretty easy to do.

It gets a bit trickier, if the individual on your network is using a VPN service that they have configured on their device.[1] A VPN does not stop you from logging their browsing, but all of their activity will point to the VPN address instead of the site that they are actually visiting. In that case, there is another way to monitor their activity. See note #1, below.

Before getting into this, I should mention that I believe that using covert methods to monitor a family member’s online activity is a terrible method of parenting. In my opinion, there are better ways to deal with the issue—parenting techniques that don’t undermine trust as they deal with safety.

I can think of at least three methods for logging the websites that people on your network visit. In the explanation below, we will focus on #2. For more information, dig into the notes at the bottom of this answer.

You can either…

  1. Configure your router to store logs of visited IP addresses [2]
  2. Set your router to use the DNS server at opendns.com, instead of the default server offered by your internet service provider. This involves a simple setting available in all routers. (Replace default DNS server addresses with 208.67.222.222 and 208.67.220.220)
  3. You can set up a proxy which redirects web traffic to one of the computers in your house or a third-party service. This is how the monitoring software for parents and custodial services monitor or block web traffic.

In the remainder of this quick tutorial, we focus on method #2..

Once you configure your router to use the two DNS servers at OpenDNS.com, create a free account on their web site. Then, enable the logging feature. It not only shows you visited domains, it maps them into actual domain names and subdomains—making it easy to search, sort or analyze traffic.

You can download a spreadsheets and sort by number of visits or by the domains visited. Logs are maintained for only two weeks. So, if you wish to maintain a history, you will need to visit OpenDNS and download them regularly. (Check their user forum. Someone has created a safe, single-line DOS command that downloads these activity logs to your PC).


[1] VPN, Onion Routing and Encryption

If an individual in your home or office is using a Virtual Private Network [VPN], they are effectively covering their tracks with method #3, above. You can see their connection to the VPN service, but that service is either trusted to destroy logs of visited web sites, or anonymize traffic, by routing it through a chain of users that have no way to back-trace and identify the requester’s address.

Since their traffic originates on your network, there are other things you can do to monitor their activities. For example, if they are not using end-to-end encryption, you can use method #3 yourself, to route data in and out through your own PC or service.

[2] Logging the IP address or domain of visited web sites is not a feature of all routers. I have three recent model routers — and only one of them has a feature to log traffic in and out of the network.

[3] OpenDNS cannot discriminate the individual device in your home or office that has accessed websites that it logs. The logs include the traffic for all HTTP access that originates through your internet service subscription.

But some remarkable feature of OpenDNS (other than it being completely free):

a) It speeds up your overall internet experience noticeably! Like Google’s free DNS service, it is more robust and more redundant than the default DNS settings recommended by your internet service provider.

b) It maps every IP address into a domain name. So when you log in to check your logs and statistics, you don’t need to figure what the numbers mean. You view a list that makes sense. You can even search for certain words or web sites.

c) It permits you to block websites based on a very rich set of 100 criteria, including violence, adult content, hate speech, etc.

d) It offers graphs of your network access including overall volume. An example is shown here: