Linewize

[Ben Durham]

Hi all,

We are looking into possibly implementing linewize into our school for school managed devices, BYOD devices wont be monitored unless they are logged into their school account (Which installs the chrome extension). 

Just wondering what everyones honest thoughts are regarding linewize?

[Alistair Baird]

We use it, great for teacher control of student sessions (via Classwize) and great granular control of apps. Works great for BYOD, even when they are off prem. Gives a really good browsing history of users when you need it, no matter what device they use.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/85bfd587-1c5d-4d5c-ab59-39394bedf58fn%40googlegroups.com.

--

Kind regards,
Alistair Baird
IT Manager

P  06 354 4198 stpeterspn.school.nz   @stpeterspn 1 Holdsworth Avenue, Milson Palmerston North, 4414

[Vern Dempster]

Hi

We are a very positive user of Linewize and Classwize and its usefulness. - for a long time

We had real times of internet overload until we got access to the fortigate graph and found that in the morning students opening their device started a huge update download that caused us to peak at 1000 or more. By using the linewize filter to block updates and App stores during class periods meant we now hover around 400-500 each period all day

MTCW

Ngā mihi nui

Vern

[Blake Richardson]

My experience with Linewize wasn't good and I personally wouldn't recommend it. If you are an N4L customer then you are most likely using a Fortigate which will do everything you want to achieve. 

Vern mentioned blocking access to the app store, this is easily done on a Fortigate using an iPv4 policy on a schedule. 

[Simon Wright]

Take those blocks off, if you max out your bandwidth N4L will upgrade you to hyperfibre 😉

Regards,

Simon Wright

To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/e6cba183-ebdc-48c9-b76c-e66fe73025c4n%40googlegroups.com.

DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.

[Craig Knights]

We used it for years, we did use Classwize some, but it wasn't quite easy or slick enough for most teachers.  We looked at Classwize again more recently and for it to work we needed to load software on each device, I forget exactly what type of software, but it just wasn't going to happen on our students BYOD devices.

To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAEJps9r%2BbOg%2BxP1kMNRTw4Wf49ifFz47f-M7j%3DzaoSG9a%3DApVg%40mail.gmail.com.

[Andrew Hood]

Vern,

I would be worried that by blocking OS and App updates on student devices during school hours, students who only use their devices in school hours will not be getting any patches. I know that this probably would not impact student mobile phone devices, but a lot of unpatched Windows and ChromeOS student BYOD laptop may give you other security or operational issues.

Andrew

On Wednesday, June 5, 2024 at 8:23:29 AM UTC+12 Vern Dempster wrote:

[Alistair Baird]

Just yesterday had a group of young boys turn up saying their internet was blocked. Looked at the screen and it was Linewize and said "Your Teacher has blocked your internet". When i asked who their teacher was, I knew he was off site looking after sick kids, so I rang him and he said yes, he was watching what they were doing and they were off task, so he blocked it and sent emails to the dean and DP to call past and help out the reliever!

To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/6df6259e-dad5-4983-8187-6c0a65758332n%40googlegroups.com.

[Craig Knights]

For Apple an update caching server is pretty much install and forget.  An old ish Mac with a big drive.

For windows I believe they share in P2P manner on your LAN?

Craig

To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/6df6259e-dad5-4983-8187-6c0a65758332n%40googlegroups.com.

[Adam Alexander]

We use it in a primary setting, and I second Alistair's rundown. We only use the cloud product (don't have the on-premise device), so do have some issues controlling BYOD Windows and Mac. Because this might be 1-2 devices any given year, it's not really an issue we see the need to fix.

We think it's well worth the investment and a great classroom tool for teachers to dull down the noise of what kids can be accessing. It's also a laugh to see what some kids Google 🤣 that come through blocked - the blue-footed booby being a favourite.

[Craig Knights]

I once rang to see why my Google search wasn't working..

What did you Google they said?

Naked Broadband.

Oops, bye.

To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/b82423b8-4529-4785-8984-ab5a16238d37n%40googlegroups.com.

[Julian Davison]

Ah, the old Scunthorpe trick again 

To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAMueQa3e2e6SFZ_0aiiPpXa0Z_r_spWEQGuFtu61pXzd%3D76tyg%40mail.gmail.com.

[Craig Knights]

Experts exchange?

To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAC8vjdwuLMuWF-dfJzgP0UEeOvEw4VoAJep%2BmEGPh0LUT%3Dwf7g%40mail.gmail.com.

[Pete Mundy]

Video titled "Why Web Filters Don't Work: Penistone and the Scunthorpe Problem":

https://www.youtube.com/watch?v=CcZdwX4noCE

[Julian Davison]

Web filters: trapping harmless content since last century (when all we had was plain text regex) 

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAJtKfy7ew586tFkmNrsRH8MBmRePw53%2BBnEyfgE44R1cDK5-HQ%40mail.gmail.com.

[Andrew Hood]

I have been battling this problem since I worked for BT Internet in 1996. That Tom Scott video does a really good job of highlighting the issue. Next time you are annoyed at a false positive or false negative in a filtering or security system remember that being 99.9999% accurate still gives problems when you do something millions of times a day. 

On a side note, I grew up about 20km from Penistone and yes it caused school boy sniggers on class trips and would agree there are very few reasons to go to Scunthorpe.

Andrew

[Yvette Ireton]

Interesting article here in the NZ Herald yesterday regarding internet safety in schools - N4L and Linewize web filtering discussed.

We currently use Linewize with backup policies from N4L for our filtering.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/bbd1270d-4137-4d23-8580-d5381f1ba39cn%40googlegroups.com.

--

Network Manager
Te Waka Kura o Mohua - Golden Bay High School 

12 Waitapu Road, Takaka 7110
Ph:  03 525 9914

I am in school on Monday, Tuesday and Thursday

[Ben Durham]

Thanks for the article - Also forgot to make an update post in here. 

We have been trialing 3 of linewize's modules over the last 30 days (Monitor, School Manager, Classwize). And are loving it. We are definitely going through with it for next year and would highly recommend their services. We havent had any major issues except for teachers misconfiguring their google classrooms.

If anyone is on the fence about linewize im happy to discuss our experiences with it in more detail

Ph: 027 238 7426

[Julian Davison]

Given the headline

> Harmful content accessed on primary school iPads despite $33m safety spend

We can at least be thankful it's pointed out in the article that the 33M$ isn't just on safety.

I'm always slightly wary of the old "here's a bunch of stuff we found, panic!" approach. Along with "Oh no, 5 year olds are searching 'pornhub'!"

Obviously pornhub is a wildly inappropriate site for a school, and shouldn't be accessible. But curious kids searching terms they've heard their older siblings talk about isn't the same as 5-year old kids looking for porn (as in seeking the content, rather than searching a word).

It's a big, not entirely new, problem of ensuring kids aren't accessing inappropriate material while at school. I think the Linewize quote:

> “We can’t block our way to a safer internet but there needs to be a lot more that’s done than basic level filtering. And one of the key things is visibility,” he said.

is the actual key. It requires visibility, and someone to be looking at what is visible. If for no other reason than to see where the holes are, and look at patching them. In a world with hotspots and mobile devices it's still impossible to keep it all out, but seeing what is actually happening is a big part of the answer.

And stats like this is meaningless:

> Moore said in the past year N4L blocked 12.6 billion attempts to access websites deemed inappropriate or distracting by schools.

To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAJtT%3DCBb9PQRikQvxS5_%2BxKdyD0NPTHzn%2BiTACfAfxoQYsFbGA%40mail.gmail.com.

[Yvette Ireton]

Yes Ben we like Classwize too but unfortunately for BYOD devices it really only works for Chromebooks - students with BYOD windows or MacOS devices do not show up and can not be managed by the teacher.  

An agent can be installed on Windows devices but on any BYOD device a student can easily uninstall the agent.  

On school managed devices the agent can be deployed to both Mac and Windows but we have not done this as the only managed student devices we have are Chromebooks.

To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/463d2459-0f0e-45a6-a679-459a582e82c0n%40googlegroups.com.

[Dion McGovern-Allen]

The Fortigates definitely have the ability to do more than what the base level is.

They can do keyword blocking on individual sites and pictures - assuming their filename contains the word.

The issue is that it requires deep SSL inspection to be enabled.
N4L will help schools with this and don't charge for the additional service.
BUT there is a convenience cost to this - that either you or your IT provider will pick up.

Namely as you'd need to install the filtering certificate onto ALL devices.
For managed ones, its easy and for the most part can be automated.
BYOD is the issue, as its a manual per device setting.
But the good thing is that for parents, this means it won't be active when they are at home.

They could then run reports on blocked terms and with the appropriate configuration, would be able to identify the individual users.

I remember that whole article about parents being concerned about Family Zone when they could block / filter traffic when it was at home.
https://www.nzherald.co.nz/business/we-not-spyware-after-school-controversy-family-zone-hits-back/FTZQSDXUNRRAJTVGZAWYR6FLJE/

Take away the option for parents to parent and well... 

On the flipside, the insights that you can gain from Linewise around self harm or students at risk due to their google searches.

Flag it for follow-up with a counselor.

The Fortigates aren't designed to be as comprehensive as what Linewize offers as they have different feature sets and goals.

I remember being on the helpdesk for N4L and dealing with that Momo statue years ago and Youtube videos supposedly having it encourage viewers to self-harm or worse.

It ended up being false but there were a few calls from concerned primary schools.

Course if they wanted to block the keyword, then they'd need deep inspection.

Search for string in a google image search and see that it offers up yarn, and other items related to it.
A great example of why HTTPS browsing is a pain for filtering reasons!
The Fortigate knows you are at google.com but anything done inside?

Its only when they try to go to a porn website or blocked category that it can say - nuh uh!

It is best effort and at a minimum, not a free for all, no bars access.
Which is what students get at home!

On Thursday 29 August 2024 at 09:37:41 UTC+12 Yvette Ireton wrote:

[Julian Davison]

> A great example of why HTTPS browsing is a pain for filtering reasons!

I'd hope so, given half the reason people advocate for HTTPS is so people can't read the content of their web pages.

If you want to inspect the content of https traffic it should be a pain, and it should be Really Clear to the users that it's happening.

J,

To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/2662770e-35f6-4013-907d-b7fde4979a06n%40googlegroups.com.

[Dion McGovern-Allen]

Oh for sure, its encrypted to protect the data in transit.
I wouldn't want my internet banking to be compromised etc.

Things like Googles QUIC protocol and encrypting DNS to anonymize traffic is also a hindrance.

Browsers are very good with HSTS and complaining to users when google.com is not google.

As an IT Admin at school, my view point on this is that while on the school network, you are subject to the terms of the school.

So things like filtering are okay as long as its within line with the policies at the school.
When a device is at home on the other hand, well its not in my care!

Alternatively, should you not want the filtering, then you can use alternative methods - and students will!
Mobile data these days is cheap - if you want to get access to social media during classtime.

Although I would prefer students to be on the network - for stopping access to inappropriate sites while onsite.

Another way to put this, as adults working in our respective jobs.
I wouldn't expect it to be appropriate to view adult content while on the job.
What you do in your own time in your private premises though is up to you.
I imagine that some of the large corporates have rules around what is appropriate at work!

Another item on this is that I am proactive enough but I am not going to scour through 1600 odd students worth of browsing.
The defaults are refined as needed and cover most of the bad stuff.
If something gets through, then appropriate action is taken and processes improved upon.
If there is a better way of providing protection then I am open to working towards it.

If you go looking for trouble you are most likely going to find it.
For instance copyrighted content on staff machines! stuff from torrenting websites rather than school owned DVD/Blu-rays.
If I see it, then I'll have a word to the member about it and will give assistance with taking copies from school owned media.
If they rename YIFY-The-Milford-Example-1080P-H264.mkv to The Milford Example, I wouldn't know to act.

As a tangent to this topic..
I remember back when I did a semester on security and that the lecturer mentioned that certificates are a race to the bottom.
Given that you could get a trusted CA to sign your certificates and then hand out more.
The trick is that you'd sell yours for less and make money on the volume.
Or that anyone can get a trusted certificate - it doesn't mean that the site you are visiting are trustworthy!

Of course, certificates and CA trusts can be revoked.

Maybe one day we'll switch to IPv6 and have trust on first use.
Since every device could have a public IP that identifies them!