Is there any self-hosted version of Microsoft's Family Safety/Parental controls?
I REALLY want to get away from using all Microsoft products. My spouse and I use Linux but not for our kids just simply because I have yet to find anything that does what Microsoft Family does - being able to remotely set time limits, keep an eye on screen time stats, block websites and apps remotely, see what websites they've been using, etc.
So far I've found some disparate apps or methods that can do some of this. But our family situation is complicated, not least of which includes disability and special needs. So basically, yeah, I need to be able to spy on what my kids are doing on their computers but I don't want Microsoft or any other companies being able to do that. I would like to be able to switch the kids laptops/PCs onto Linux as well, but again, the lack of remote parental controls or some sort of centralised access has been preventing that so far.
We don't need a phone app, but would just really like some central place that we can do this from that respects privacy, isn't trying to sell us yet more crap and is preferably FOSS.
monitoring can be done with the network. control can be managed there too, force them through a proxy and route all port 53 traffic to your DNS. don't let anything out that does not go through your proxy and dns.
For the app side of things, technically you can build a Linux install that you manage remotely and the kid doesn't get root access. You can use SELinux to restrict what the kids can do, or even stop a good chunk of code execution by making all the folders they can write to noexec. There will always be the problem of interpreters like Perl/Python just inherently existing on pretty much every system, but if your kid is that far they're probably close to just installing their own distro anyway.
You can set up some rsyslog or similar log shipping to log every app being accessed to a central database. You can monitor network traffic both via DNS (others mentionned PiHole), you can also set up a transparent proxy server so you can log not just the domains but the contents of all traffic including HTTPS, and potentially block based on keywords or just passively log all activity and act on it after the fact. Knowing you're monitored is a decent deterrent in itself.
Depending on your coding skills, screen time can be pretty easy to monitor and configure via SSH. You can configure it like it's a server and use tools like Ansible or Puppet to make the computer automatically pull your scripts and policies.
All of those things involve a certain amount of work though, it's understandable to want to stick with known tools that do the job well. I think the community generally don't like these kinds of tools so very few people make them. I'm also somewhat on the side of educating kids about the risks rather than bubblewrap the tech, but I imagine these days we're talking very young kids going online for YouTube Kids and whatnot. I've personally had unrestricted access to the Internet since ~7 ish and already had Mandrake 9 installed when I was like 9-10, and probably contributed to my self teaching sysadmin and code very early on and had a web dev job when I was 17. I also was definitely exposed to some sketchy adult stuff as a side effect of pirating all sorts of enterprise software to play with, but I think my mom did a good job of teaching me what it was and grossed me out of it so much that unlike my peers I just didn't feel like seeking porn or anything until I was well past the age of legally going to those sites.
That's a tuff ask, and it's been awhile since I looked.
My kids phone is Android, computer is Windows, and I couldn't get away without Googles Family link.
The PC was easier. I use Pihole to primarily block ads, but it can also log DNS requests from my kiddos PC, and I use my switch to kill his internet. It's a desktop and doesn't have wifi. So it's just a Ethernet cable to his room. Kill the port or unplug the cable for dramatic effect. Any OS he's on he'll have restrictions and monitoring as long as he doesn't spin up a VPN or learn how to change the DNS host. But much to my dismay I don't think he'll ever love Linux, or networking.
The phone was harder. Android gives up a random MAC address so blocking him from wifi was difficult, and it didn't matter anyway since he had cell service. Eventually I came to realize that if he's in the Google ecosystem, I have to play with Google if I want parental controls on his phone. It sucked. But, again much to my dismay, he doesn't seem to think a big company knowing literally everything about him matters all that much so... Whatever. Maybe I'm the one that's crazy.
There are a number of apps for android to do the same, each with +/-s but the google one is prbabbly the most solid simply because it can get its hooks into the OS level where most others tey and do things via overlays or similar. One called MMGuardian is pretty solid though, if you set it up along side family link to remove the default messager you can actually force any text messages through the app to CC the parent, as well as white/blacklist phone numbers as I recall.
I use this:
Timekpr-NExT (It's stylized as this way) Here's a decent write up of it:
https://itsfoss.com/timekpr-next/
And the source I think: https://mjasnik.gitlab.io/timekpr-next/
Here's our household need for it and I think most people will not like it, but it's what works for us. I have a special needs adult step daughter which has a TBI from a major traumatic auto accident at the age of 2. For most people who see her, she passes as high functioning but that is on the outside. As a result of the accident and brain injury at age 2, In real life, she has problems with the concept of time and time management. She also lacks the executive functioning that most adults have such as the correct decisions in life to make, just to name a few. Having this on her system (Arch Linux) allows us to at least limit the screen time which is what we were wanting. As for filtering NSFW stuff. She's extremely turned off by the thought of people being intimate so, we are pretty comfortable with unfiltered internet. (I also run a DNS server in which if needed can filter traffic).
Another person mentioned using SELinux - this reminded me of using OpenSuSE - that distro is very tuned toward adminstrative access for even basic things such as modifying the network (Well..at least basic for me LOL ) . I think of it is as an ideal OS for small organizations with a single IT person on staff.