Schools battle anonymous proxies as pupils find ways around filtering

Web filtering under strain as proxies multiply

Many schools are dedicating valuable IT resources to countering the anonymous proxies that have become a popular way to evade web content filtering systems, a survey of UK and US institutions has found.

Carried out for filtering firm Bloxx in 200 schools with pupils between the ages of 5 and 18, two thirds of IT staff said they had an issue with proxies, with 13 percent believing it had become a serious or very serious problem.

Around 20 percent said the problem had got worse compared to a year ago with the same number saying they now spent more time on the issue than before.

In 95 percent of cases, the time consumed by proxies was two hours or less per week.

Proxies are servers which act as innocent staging posts for people to visit blocked websites or content types. They aren't hard to find and there is plenty of anecdotal evidence that they have been widely used in schools and universities to bypass filtering for some time.

The most common reasons for using them in the UK or US would be to visit file sharing P2P sites or to view porn but in other countries they are used to get round content censorship.

Filtering lists circulate to block the proxies but it is almost impossible to keep them up to date. Increasingly, proxies are bundled as a service whereby a client connects to a list of ever-changing proxies.

The main concern expressed by 38 percent of respondents was that proxies were a distraction that sapped time spent on education with 30 percent worried about access to "inappropriate content," a catch-all euphemism for pornographic or extreme content of various types. Slightly fewer were worried about general security threats such as malware.

It's not entirely clear whether some schools even bother to actively manage proxies so the problem could be understated. A key issue is how long it takes staff to block new proxies with the commonest answer being a matter of hours. That left a third taking up to a week to achieve the same result.

There seems to be plenty of ignorance with respondents saying that only one in ten non-IT staff had a clue what they were.

"This [web filtering] is no easy task as every day thousands of new anonymous proxies are launched, leaving schools, colleges and their students susceptible," commented Bloxx CEO, Charles Sweeney.

"A lack of awareness amongst teaching staff is a cause for serious concern. If teachers and lecturers don't understand the risks then they could be unwittingly exacerbating the situation and failing to protect students from a whole host of online nasties," he said.

Exactly the same issue confronts ISPs required to filtering content under the UK Government's 'pornwall' scheme to require broadband subscribers to opt in to receive certain kinds of content.

The idea has been heavily criticised on a number of counts, including inadvertent censorship of legitimate websites, but others question whether it will even work.

Using proxies is getting easier and easier; last month a Chrome filter called 'Go Away Cameron' (GAC) designed to bypass the UK ISP restrictions received plenty of free publicity. There are many other tools like it.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal TechsecurityBloxx

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place