Skip to main content

How can administrators decipher the claims being made by remote learning solutions?

As administrators seek out the best solution for their remote filtering needs, it may be difficult to discern the difference between all of the providers when they all claim to be an ‘any device, anywhere, any browser’ technology. The most popular web content filters offered by the edtech industry include Proxy Auto-Configuration (PAC) files, iOS agents based on Apple’s iOS content filtering API, and Securly’s SmartPAC files. Determining the right solution depends on several factors, including the types of devices to be filtered and ease of use.

With any solution there are benefits as well as challenges, which are covered below:

Nodes forming a circle

SmartPAC

The proprietary technology developed and used by Securly across millions of take-home devices, including iPads, Macs, & Windows. Students are given a unique PAC file with a unique ID number. This PAC file uses the “dnsResolve()” PAC function and a simple custom DNS “A query” of the type user. hostname.ns.securly.com to the default DNS server. Securly’s Authoritative DNS servers determine the use policy for the user, plus the filtering decision for that hostname. The PAC file then enforces this decision on the user’s device. By serving PAC files unique to each student, Securly is able to provide per-student or per-OU policies.

Flowchart depicting how a website request from a student device gets filtered with the Securly platform

Benefits

Icon of tablet and mobile device Any browser, any device

Leverage user-injection of 1:1 devices for an end-user experience without credentials.

Laptop and check mark Allows seamless Google/ Azure/AD authentication

Deploy in minutes to all of your managed devices and not be limited to any browser.

Key icon Zero-touch authentication

Never worry about an OS patch or software update. Install SmartPAC once and you’re done.

Storage server icon Minimal local footprint < 10KB

SmartPAC is 100% managed in the cloud with a local footprint of less than 10KB.

Tablet and mobile device Portable & easily maintained code

Works identically on Windows, Macs and iPads.

Cloud technology icon 100% cloud-based

No software agents can bring down devices on your network with a service pack update.

Document icon Rich reporting

Richer logging including user and search keywords, plus MITM decryption.

Challenges

  • While SmartPAC can be installed manually for small-scale testing, it’s recommended schools use an MDM or Domain Controller to distribute en masse to its fleet of devices.
  • Device Management will also ensure that users are unable to remove filtering themselves.
For administrators looking for a lightweight but dynamic solution for remote filtering, Securly offers the best option from several standpoints, including high-efficiency, low-maintenance, and ease of use.
Mockup of an iPad displaying some code
Few nodes connecting with each other

Traditional PAC files

As used by edtech providers iBoss and GoGuardian

Originally designed for Netscape Navigator in 1996, this solution is almost as old as the internet itself. A PAC file is a JavaScript function that can look at a given URL or host the user requested, and decides whether to Proxy the URL or let it through. Proxying is done when either a requested site is determined to be blocked or there is a need to perform deep packet inspection (for example, if keywords need to be inspected in a web search).

Benefits

  • In the past, devices like iPads relied on the PAC file-based approach simply because there was no filtering API from the iOS system. Today, that is no longer the case.

Challenges

Filetree icon File management - PAC

PAC files require a rinse and repeat approach in terms of what to allow and what to proxy.

Icon of a person with three circles floating above One size does not fit all

Apps that don’t allow proxying or sites that are not logged can be accessed directly.

Filter icon On-prem filtering devices

For remote devices, a port must be left open on the firewall for the inbound proxy traffic creating security concerns. PAC files proxying back to an appliance on average doubles the bandwidth cost of the traffic, slowing down the entire network.

iOS agents

iOS agents

As used in Lightspeed System’s Relay solution

Apple introduced an API for iOS so that content filtering providers could provide filtering natively on an iOS device.

Illustration of a flagged bubble icon above a mobile device, and an individual viewing a blocked icon on a monitor

Benefits

  • Engineered by the very company that designed the device.

Challenges

No logging or reporting No logging or reporting

Intentionally designed so that content-filtering providers are unable to log which website URL any given student accessed or was blocked on, there by limiting the very service the schools are paying for.

Blunt blocking Blunt blocking

No allowance for deep-packet inspections of Google searches, which in turn negates granular safety measures such as bullying or self-harm analysis by AI.

No user authentication No user authentication

Currently, all iPads in a district share the same policy, preventing the allowance of a per-student policy and no way for administrators to determine which users visited which sites.

Get more info

Simply fill out the form and one of our student safety experts will reach out within 48 hours.