[bnjms]

This is exactly reverse of the right idea. If parents need to censor things the solutions are the same as corpos are going to. Put the censors at the device or “mitm” the connection, either actually with a proxy, or maybe with a browser and curated apps - which is again on the device.

[ndriscoll]

This brings us back to "sure you can use my guest wifi, just install my root CA/enroll in MDM".

I do agree though that it should be illegal for device manufacturers or application developers to use encryption that the device owner cannot MitM. The owner should always be able to install their own CA and all applications should be required to respect it.

[pocksuppet]

Why would you want to censor based on network? You don't want to censor based on network, you want to censor based on device. If your 8yo kid is blocked from pornhub, that doesn't mean everyone on your network is blocked from pornhub, and you having the ability to even know if someone on your network is browsing pornhub is a security risk.

[ndriscoll]

Because consumer devices are barely if at all capable of even setting policy, are basically incapable of enforcing it, and are generally adversarial. It's also easy to apply different policies to different clients at the network level.

[pocksuppet]

The new California and Colorado laws force consumer devices to be capable of setting and enforcing policy.

[ndriscoll]

They do not. Here's the California bill[0]. Here's the Colorado bill[1]. They're short. Nowhere is there something about letting me set policy (e.g. blocking applications/services, presenting plaintext traffic to filtering software, setting time-of-use restrictions, etc.). In fact, it requires my operating system to give any application developer PII about me and requires the application to collect it, even when it's irrelevant (functionality is not age-restricted).

Or did you have some other laws in mind?

[0] https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...

[1] https://leg.colorado.gov/bill_files/112795/download