Is the Kibosh router just a simple DNS filter?

The following is a question we received from a potential customer:


Mrs. Smith: “Thanks for all your help. I I just wanted to confirm everything as I’m not the most technology advanced but my husband is. He is worried that since the Kibosh uses a DNS type filtering system it will be easy to bypass.  We’ve tried open other DNS solutions before, but they were easily bypassed by changing local settings, or using a VPN which allowed you to view whatever you wanted. He is the one I need this filter for, but he says there is no point wasting money if a simple DNS filtering system is so easily bypassed and he can view what he wants.”


Hi Mrs.Smith, your husband is correct, however Kibosh is not a simple DNS filtering solution:

  1. The Kibosh router cannot be bypassed using DNS work-around techniques (like changing local settings).
  2. SafeSearch in enforced, so searching for objectionable content is blocked.
  3. You can block VPNs and illegal proxies using the firewall rule. The rule is easily enabled and can be:
    1. Scheduled to apply after hours for example.
    2. Be applied to specific devices, i.e. devices you are concerned about.
  4. Kibosh routers have an admin lockout feature so that each night the router cannot be accessed and settings overridden by let’s say the administrator. This gives you the ability to configure a very strict Internet experience each night.
  5. You can easily schedule internet access times using the net scheduler.
  6. You can easily manage the WiFi signal using the WiFi Scheduler.
  7. Using our unique DNS blacklist schedule feature (coming in Sep) you can take control over what sites can be accessed by what device. A few examples of what you could do:
    1. Lock any device into a single search engine and apply search term filtering to it..
    2. Schedule access to FB for device xyz.

So yes we use DNS, but it’s only 1/3 of our overall solution.

How to manage YouTube SafeMode.

With a Kibosh router you can manage YouTube SafeMode by:

  • Enabling SafeMode for all devices.
  • Disabling SafeMode for all devices.
  • Excluding devices from SafeMode enforcement.

How to manage YouTube SafeMode:

  1. Log into your Kibosh at
  2. Go to Connection > Web Filter Settings
  3. Towards the bottom you’ll see the YouTube SafeMode section
    • Enabled: YouTube SafeMode will be ON for all devices
    • Disabled: YouTube SafeMode will be OFF for all devices
    • Enabled for All but the Selected IPs: YouTube SafeMode will be OFF for any device IP listed here

NOTE: When enabling or disabling YouTube SafeMode the change happens immediately on the router, however some devices will cling to the old YouTube settings. On these devices you’ll need to clear the browser cache, and reboot to get it working.

How to stay secure and somewhat anonymouse online.

How to stay secure and somewhat anonymous online.

First, use an Internet gateway security appliance like the Kibosh Router, or any router that you can enable the  Kibosh Filtering Service (KFS).  The KFS will block your computer from communicating with known malware, poxy and phishing sites, and provides effective adult content filtering solution that will protect every device on your network.

Currently only the Kibosh Router has this, but coming soon the KFS will be available as a plug-in in Gargoyle Router’s open source firmware (a DIY solution, available to anyone around the world), and then popular SOHO routers.

With the Kibosh Router you get enterprise grade Internet security, i.e. we use the same technology that fortune 500 companies use to protect their users:

In addition to the Internet security the Kibosh Router gives you proprietary content filtering for a very safe overall Internet experience:

  • SafeSearch enforcement
  • Objectionable websites blocked
  • Objectionable search terms blocked
  • Ability to set Internet time controls
  • Ability to block / allow access to certain websites

Second, use a local antivirus solution:

Third, Windows only – use Winpatrol (free) to protect your startup directory, and help block browser drive-by downloads which antivirus doesn’t do very well for some reason.

Fourth – use FireFox:

  • Firefox is fast, reliable, open source and respects your privacy. If you have any concerns about online privacy you should be using FireFox (and enable do-not-track).
  • What about Chrome? Google’s products are built around tracking and gathering information about you so Google can serve you ads. Zero anonymity here, but it’s a great browser.
  • What about Internet Explorer? Surfing the Internet with IE in it’s current form you are almost guaranteed to get pwned. Internet Explorer should only be used for corporate Intranets.

Fifth– use an ad-blocker in your browser.

Sixth – use a password manager. With a password manager you don’t need to know (or write down) the more complex passwords you should be using on sites you bank on for example.


Do you have a list of websites I should be blocking?

By simply plugging a Kibosh in as your primary router hardcore objectionable content on the Internet will be inaccessible from any device, and you don’t need to configure anything to make this happen.

Now that the really bad stuff is blocked, we can focus on the more subjective content like bikinis, drugs, social networks, etc. These you can either block individually by entering the website(s) into your blacklist, or en masse by selecting categories of content to block. All easily done from your Kibosh.

A few sites that are not blocked by default, but you might consider blocking, and why:

  • – (chat category) – with more than 120 million registered users, Kik is one of the most popular messaging apps in the world. Its biggest group of users are young, with around 40% of American teenagers having reportedly tried the service. According to Kik, “porn bots” make up around 1% of the app’s entire message volume each day, suggesting that thousands of them regularly crawl its network.
  • – (blogs/socialnetworks category) – lots of good content, lots of really bad content, and it’s very difficult to filter out the bad.
  • –  (imagehosting/socialnetworks category) – one of the largest hosts of pornographic material on the web, and it’s very difficult to filter out the bad.
  • (image hosting category) – lots of good content, lots of really bad content, and it’s very difficult to filter out the bad.
  • Snapchat – (chat category) – (why)
  • Tinder – (dating / chat category) – (why)
  • Instagram – (chat category) – (why)

A note about messaging apps, or any social connectivity type app – the problem isn’t so much the app itself, generally, but nefarious entities using techniques like ‘porn bots’ to target en masse all of the apps users – which are mostly young and impressionable adults. Porn bots are fake, autonomous programs that more often than not, try to entice users to click on paid-for sites with flirty conversations and the promise of porn.

It’s a dangerous physical world out there, and the Internet isn’t any different. You need protection, you need a Kibosh.

About the WiFi Schedule

The Kibosh’s WiFi Scheduler is a great tool that gives you the ability to easily turn wireless off each night.

Why would we want to do this?

1. To enforce global internet access restrictions.
2. To reduce wifi signal exposure (if you are concerned about that).
3. Added security, wireless networks are a target for hackers and script kiddies.

However, turning WiFi off disables Internet for all wireless devices which might not be what you’re after. To turn the Internet off for specific devices see this how-to guide.



Google SafeSearch

If you use Google search, and most of us do, you may have noticed that the search_term_filter, Web Usage Monitor and block_google_images have stopped working on Google recently. This is due to Google systematically enforcing HTTPS on all of their sites, and HTTPS breaks content filtering.

With our router firmware v2.0 (now on v3.2.2 – get it here) we could enforce SafeSearch on Google by removing HTTPS so that we could apply URL filtering. We did this using a method provided by Google called NoSSLSearch. However Google depreciated NoSSLSearch early 2015 in favor of SafeSearchVIP. SafeSearchVIP allow us to enforce a Google SafeSearch environment which is good, however it does this with HTTPS intact, and again HTTPS blocks additional filtering.

Going forward the only way to apply additional URL filtering to Google’s SafeSearch (i.e. block additional terms, block image search, etc) is to intercept their HTTPS, decrypt it, filter the data, re-encrypt and then send the data along it’s way. We are working on this and will have something by end of year.

In the interim, please note that Google will always be locked into SafeSearch, and YouTube SafeMode. We just can’t apply additional URL filtering at this time.