In a year or two, the filters will gradually be relaxed and eventually removed, and the user will be added to the sudo group. Ideally, by then the kids should have developed the media literacy and critical thinking skills necessary to handle all kinds of content responsibly.

I keep hearing that a kid gets “left out”… no idea who started that rumor. If the kids don’t have a smartphone, they’re supposedly excluded. If they don’t have TikTok, they’re excluded… nonsense. That’s typical fear logic: “If a kid doesn’t consume exactly what everyone else does, they’re left out.” A kid who, for example, doesn’t play Roblox but is friendly, helpful, and socially engaged (drawing, playing sports, telling jokes, listening) is not excluded. They simply say: “I don’t know that, show me,” and suddenly they’re part of it.

The setup isn’t meant to shut the kids off from the world; it’s meant to create a protected, thoughtful, distraction-free space at home, nothing more, nothing less. Parents should only control what happens on their own devices. What the kids do at school on other devices or in conversations with friends is outside their responsibility and that’s good. This way, they experience both worlds: the values at home and the reality outside.

And if they really want access to something like Roblox, let them earn it by bypassing the restrictions. If they succeed, I want to know how, and then they can do whatever they want with the computer, because any new restrictions will also be bypassed. If their interest fades, that’s fine. Maybe they’ll start creating games instead. Who knows.

And if they still want to spend all day on Roblox, go ahead. Waste your time. Maybe someday they’ll realize they’re capable of more. Maybe not. That’s life.

"Adult sites" are filtered via OpenDNS FamilyShield. Social media including YouTube, Roblox, as well as Super RTL/Toggo (German garbage channels) are blocked through the hosts file.

The NetworkManager is secured, and nftables is configured so that all DNS requests to other resolvers are blocked. In addition, almost all non-standard WAN requests are blocked. In the LAN, the kids can, for example, play Minecraft multiplayer together, while connections to external servers are prevented, regular internet still works perfectly fine.

Firefox is locked down via policies: no DoH, no external proxies, and no add-on installation except for the ones I preinstalled (e.g., uBlock for an ad- and tracker-free browsing experience).

They have programs for math, vocabulary, geography, as well as kid-friendly programming environments, from Scratch to Thonny and Geany. Windows games can be installed via Bottles if needed. Screen time is controlled via Timekpr-next: the PC is only usable at certain times, and each child has a daily time quota.

The system is also optimized to make sure the old 5400 RPM HDD doesn’t become a major bottleneck, using zram, tuned swappiness, and filesystem tweaks like noatime and commit=60 to reduce unnecessary disk I/O.

Too restrictive? Nope. Anyone who just wants mindless consumption stays out. Anyone curious will find a way and ideally ends up on Invidious, getting YouTube without algorithms and without influencer trash in the feed.

This setup is designed to empower the kids to understand the internet, how it works, how to navigate it safely, and how to make informed choices.

The Fediverse is, of course, open and let’s be honest: I even deliberately gave them access to instances with "adult content". Because whoever seeks, finds.

And the book I used for size reference? It was just lying nearby, but maybe this setup will help them someday follow someone like Lisa Randall on their own…