Safe Search DNS locking for IT administrators

kirwan_safesurfer

Google, Bing, and DuckDuckGo all support enforcing Safe Search filtering through a CNAME DNS record. This helps IT administrators and parental controls providers prevent explicit content, such as pornography, from appearing in search and image results. Kagi already has options available for Safe Search and Image Safe Search, so it would be great to see Kagi support DNS locking like the major search engines, too. Performing this would both enable and enforce the Safe Search and Image Safe Search toggles for clients using either a family or corporate DNS solution.

As an example, IT administrators can set a CNAME DNS record for duckduckgo.com to safe.duckduckgo.com so that explicit content can be filtered. Kagi could perform something similar, such as supporting the setting of a CNAME record for kagi.com to safesearch.kagi.com. This would help protect users, such as minors, from accidentally seeing explicit content.

anotherhue

Hey folks,

Thinking through this request a little, it seems the DNS based solution is mostly required by other engines because they have public access. As you know Kagi requires a subscription to access.

How would you feel about the account owner/controller having the option to lock safe-search mode on for the sub-accounts?

Is there a use case you're considering that that solution wouldn't address?

kirwan_safesurfer

Hi @anotherhue , thanks for your reply. This feature would be particularly useful for IT administrators in school and work environments (in addition to parental controls providers like us) who want to make sure that the Safe Search filter system can't be turned off regardless of account settings—this greatly helps prevent explicit material from being accessible in certain situations.

A good example could be that a workplace is OK with employees who prefer to use Kagi (rather than something else), but they want to ensure that they're not using it to access any explicit content on-site, regardless of their account settings.

We've seen a number of our users who want to be able to use certain services, but they need extra help with online safety. Having a CNAME DNS system enables us to provide this functionality in a highly effective way.

nobodywasishere

Hey @kirwan_safesurfer,

I think this is a good idea but I don't know how practical it is. Given the rise of DNS over HTTPS (and it being default for Firefox users), and the ease of using a VPN, a DNS solution may be easily bypassed, rendering it useless for those intentionally seeking out explicit material. Is there another method you can think of for implementing this?

kirwan_safesurfer

Hi @nobodywasishere ,

Thanks for that. We actually happen to deploy filtering to a lot of our customers by way of DNS over HTTPS (which we've invested a lot of time in doing for iOS/iPadOS, Windows, and macOS devices through apps and configuration profiles). We enforce DNS resolution over a custom encrypted link installed for individual devices, or home Wi-Fi routers that support DNS over TLS. There are various ways that we guide our users to avoid workarounds, such as VPNs. We can block VPN apps on Android, and on Windows and macOS, our users are instructed to change the user account settings on PCs to prevent VPN apps from being used (where we also try to block their networking). On PCs, we automatically disable built-in DoH features for most web browsers (including Firefox) through enterprise policies as a precaution.

We've had a lot of success with enforcing Safe Search for our customers by way of a CNAME DNS record. We've taken advantage of Google, Bing, and DuckDuckGo all supporting CNAME DNS record settings. In addition, Qwant and Yandex support CNAME records, and Ecosia have just added support too.

anotherhue

Thanks Kirwan. We'll look into this, who is your account manager at Kagi that we can sync with?

kirwan_safesurfer

anotherhue Pretty sure I don't have one. I've just made an account under my work email (after your post) if that makes any difference.

hello_world123

This would be so helpful

Nition

There's some earlier discussion on the same request here: https://kagifeedback.org/d/601-safe-search-dedicated-ips