Skip to main content

A look into the remote filtering of school devices

How SmartPAC evolved to become the preferred on and offsite filtering solution for thousands of schools worldwide.

Try SmartPAC today

How can administrators decipher the claims being made by remote learning solutions?

As administrators seek out the best solution for their remote filtering needs, it may be difficult to discern the difference between all of the providers when they all claim to be an ‘any device, anywhere, any browser’ technology. The most popular web content filters offered by the edtech industry include Proxy Auto-Configuration (PAC) files, iOS agents based on Apple’s iOS content filtering API, and Securly’s SmartPAC files. Determining the right solution depends on several factors, including the types of devices to be filtered and ease of use.

With any solution there are benefits as well as challenges, which are covered below:

SmartPAC

SmartPAC

The proprietary technology developed and used by Securly across millions of take-home devices, including iPads, Macs, & Windows. Students are given a unique PAC file with a unique ID number. This PAC file uses the “dnsResolve()” PAC function and a simple custom DNS “A query” of the type user. hostname.ns.securly.com to the default DNS server. Securly’s Authoritative DNS servers determine the use policy for the user, plus the filtering decision for that hostname. The PAC file then enforces this decision on the user’s device. By serving PAC files unique to each student, Securly is able to provide per-student or per-OU policies.

No editing of PAC files

Benefits

Any browser, any device Any browser, any device

Leverage user-injection of 1:1 devices for an end-user experience without credentials.

Allows seamless Google/
                            Azure/AD authentication Allows seamless Google/ Azure/AD authentication

Deploy in minutes to all of your managed devices and not be limited to any browser.

Zero-Touch Authentication Zero-touch authentication

Never worry about an OS patch or software update. Install SmartPAC once and you’re done.

Minimal local footprint <10KB Minimal local footprint < 10KB

SmartPAC is 100% managed in the cloud with a local footprint of less than 10KB.

Portable & easily
                            maintained code Portable & easily maintained code

Works identically on Windows, Macs and iPads.

100% cloud-based 100% cloud-based

No software agents can bring down devices on your network with a service pack update.

Rich reporting Rich reporting

Richer logging including user and search keywords, plus MITM decryption.

Challenges

  • While SmartPAC can be installed manually for small-scale testing, it’s recommended schools use an MDM or Domain Controller to distribute en masse to its fleet of devices.
  • Device Management will also ensure that users are unable to remove filtering themselves.
For administrators looking for a lightweight but dynamic solution for remote filtering, Securly offers the best option from several standpoints, including high-efficiency, low-maintenance, and ease of use.
Traditional PAC files
Traditional PAC files

Traditional PAC files

As used by edtech providers iBoss and GoGuardian

Originally designed for Netscape Navigator in 1996, this solution is almost as old as the internet itself. A PAC file is a JavaScript function that can look at a given URL or host the user requested, and decides whether to Proxy the URL or let it through. Proxying is done when either a requested site is determined to be blocked or there is a need to perform deep packet inspection (for example, if keywords need to be inspected in a web search).

Benefits

  • In the past, devices like iPads relied on the PAC file-based approach simply because there was no filtering API from the iOS system. Today, that is no longer the case.

Challenges

File management - PAC File management - PAC

PAC files require a rinse and repeat approach in terms of what to allow and what to proxy.

One size does not fit all One size does not fit all

Apps that don’t allow proxying or sites that are not logged can be accessed directly.

On-prem filtering devices On-prem filtering devices

For remote devices, a port must be left open on the firewall for the inbound proxy traffic creating security concerns. PAC files proxying back to an appliance on average doubles the bandwidth cost of the traffic, slowing down the entire network.

iOS agents

iOS agents

As used in Lightspeed System’s Relay solution

Apple introduced an API for iOS so that content filtering providers could provide filtering natively on an iOS device.

iOS agents

Benefits

  • Engineered by the very company that designed the device.

Challenges

No logging or reporting No logging or reporting

Intentionally designed so that content-filtering providers are unable to log which website URL any given student accessed or was blocked on, there by limiting the very service the schools are paying for.

Blunt blocking Blunt blocking

No allowance for deep-packet inspections of Google searches, which in turn negates granular safety measures such as bullying or self-harm analysis by AI.

No user authentication No user authentication

Currently, all iPads in a district share the same policy, preventing the allowance of a per-student policy and no way for administrators to determine which users visited which sites.

Get more info

Simply fill out the form and one of our student safety experts will reach out within 48 hours.