Mastodawn

The report is also critical of Internet filtering in schools, given what the perpetrator was able to access.

I am not sure that being tougher on schools is the answer here - they are already massively underfunded, with too much to do in too little time.

Perhaps it would be wise if the DfE was more specific about the requirements, such that schools, local authorities etc. could put more onus on suppliers to deliver a consistently high standard of service?

The author appears to assert that browsing while using a VPN is, in itself, problematic:

> This should include consideration of:
> 1. Concerning patterns of online browsing and purchasing (e.g. change of names and addresses, use of Virtual Private Networks)

Page 232

Hugo Mills 1d ago

@neil And, apparently, moving house...

Dan Sugalski 1d ago

@neil I admit to only having read the first few dozen pages of the report, but the takeaway I'm getting so far is there were *multiple* known, long term, systemic failures involving this kid and therefore it's the internet's fault somehow?

I may have missed something, or possibly there's nuance later.

@wordshaper I don't think the report is saying that it is all the Internet's fault. That's just the section of most interest to me.

Dan Sugalski 1d ago

@neil Fair enough, and giving more of a read I see it's not top-of-list on the recommendations for actions. It does still seem rather disproportionate, though, in what's proposed/pondered compared to the failures/issues with the systems that were actually directly set up to address the potential issues already.

Gerard 22h ago

@neil @wordshaper
It interested me too. I'm not very hopeful about the policies likely to come out of this.
It has had me wondering about where exactly responsibility does lie, but I don't think my thoughts are well-formed enough to post online, especially not at this moment.

Simon Hewison 1d ago

@neil there's mention of an 'industrial strength' sledgehammer. Like anyone wants a sledgehammer that isn't up for some heavy use. Some very sloppy writing and loaded phrases there.

Simon Hewison 13h ago

@neil Here's a thought for #Amazon and other online marketplaces. It should matter not what IP address an order is used to place an order. If you know the person ordering an age-restricted item is based in a country (billing address) where such restrictions happen, OR if you know it's being shipped to a country (delivery address) where such age restrictions happen, those restrictions and appropriate handling should take place. #VPN is a red herring here.

Blake C. Stacey 1d ago

@neil uhhhhhhhhh

'Pa

1d ago

@neil Ah yes, the good old "if I can't see you, you must have something to hide..."
Just like my favourite poster from 2020 (later disavowed by the NCA), which I prefer using as a starter pack, for teaching my kids about 'puters.
https://www.zdnet.com/article/uk-police-distance-themselves-from-poster-warning-parents-to-report-kids-for-using-kali-linux/

UK police deny responsibility for poster urging parents to report kids for using Kali Linux

Updated: Using Discord, too, is apparently a warning sign that your child is turning into a naughty hacker.

ZDNET

anyGould 1d ago

@neil Also, I've never thought the point of filters (in school or work or anywhere) was to protect the user. It's to protect the *provider*. (Either in the "don't go download skeezy things", or the "I don't want you watching this in the public library" senses.)

@anyGould

In some places, that may also be true.

@neil the DfE's filtering / monitoring standards are pretty good now, TBF, although there is always room for improvement. But keeping up with changing guidance is basically a full time job, pretty much no school is meeting their requirements, and no one is really checking.

IMHO, Ofsted would do well to check the docs that schools are expected to produce (but don't), and as you say, schools just don't have the resources to do the work. (And this is their work, not something to contract out)

@steve

Some schools may have the skills etc to do this in-house, but realistically I suspect that many are dependent on their filtering service provider.

@neil there is a lot of stuff that the filtering provider realistically cannot do. E.g. schools are expected to review their filtering/monitoring approach annually (including redoing risk assessments, etc). We do get asked to do the annual review and we tell the school that all we can do is check there is nothing utterly insane configured - we don't know the risk profile of their kids, etc. So cannot do a full review of their approach.

@neil schools are also expected to document what they have blocked/allowed, but in my experience this almost never happens. So when it comes to reviewing block/allow lists, we ask "why did you whitelist blah 8 months ago?" and no one knows. Not really much excuse since our product lets you record notes against individual blocked/allowed URIs, just lazyness and lack of discipline from the schools.

@neil the DfE list who is responsible for each thing, and whilst I think they could be a little clearer, ultimately the DSL is responsible for much of it, but in my experience often won't directly engage with the filtering provider. Fully accept that schools don't have enough resources though.

@steve

> Fully accept that schools don't have enough resources though.

This, exactly.

By all means place the onus on a person within a school, but then *ensure adequate funding for the school to recruit and train the right person to do that*.

Steve Hill 🏴󠁧󠁢󠁷󠁬󠁳󠁿🇪🇺23h ago

@neil the KCSIE also requires safeguarding staff to be adequately resourced... So I guess schools are supposed to cut back in other areas to ensure this is so?

Neil Brown 23h ago

@steve Oh, sure, schools are supposed to support all sorts of things out of their meagre funding.

Paul 23h ago

@neil "I remain concerned that individual schools may lack the technical knowledge to assess whether they have appropriate filtering systems in place"

As someone with friends and family who work in schools, I would delete the word 'may' from that sentence!

If they're lucky, smaller state schools will have a shared IT technician, otherwise it's whichever teacher wasn't in the staffroom when the decision about IT responsibility was made...

Ret 1d ago

@neil just having grepped for vpn in the document(s) and read the relevant bits... I'm not clear on the reason for the recommendation? The VPN didn't facilitate bypassing any AV check here?

@ret We will have to see what is said about this in the next phase.

Jaimie's Erotica 1d ago

@[email protected]
This country actually already has pretty robust arrangements in place to prevent what happened. As the chair of the enquiry said 'it could and should have been prevented'. Where atrocities like this occur it's due to failures in implementation. In this case, parents shockingly abrogating all responsibility and organisations all assuming that someone else was holding the ball and failing to communicate effectively.
Every time I think of those little girls and their families, I well up.

@Jaimieserotica

I had tears running down my cheeks as I read a particular section of the report; it is just horrific.

Jennifer Moore 😷1d ago

@neil

Just spent a chunk of the evening reading it. I wouldn't say it "leads with" the parents. To me it more leads with the theme of: nobody took responsibility for integrating the whole picture of risk.

I once wrote an analysis of Khyra Ishaq's death (child in Birmingham who starved) and this reminds me of aspects of that. Busy professionals, skipping bits they were supposed to do, and then being like "we handed that off, those other people are keeping an eye now".

I was talking specifically about the "online harms" chapter, 6, but I can make that clearer.

Jennifer Moore 😷23h ago

@neil

Ohhh okay! Yeah I hadn't realised that's what you meant. Thanks.

Neil Brown 23h ago

@unchartedworlds I absolutely could have been clearer, so that is on me!