Threat Model: Parents

Gadit Bielman thetransintransgenic at
Sun May 31 10:17:47 PDT 2015

On Sat, May 30, 2015 at 10:24 PM, Gadit Bielman <
thetransintransgenic at> wrote:

> Hi.
> I'm trying to help (probably badly, but..) a friend deal with parents that
> they expect are spying on them.
> I know that in general, it's impossible to secure a computer that you
> can't trust and don't necessarily have administrator privileges to.
> But their parents are not exactly the NSA -- any spying that's happening
> is almost definitely some sort of product, plus basic things like maybe
> looking through their history. (I don't know much about they're situation
> -- maybe they know more, so
> well-if-you-know-they-do-this-then-you-could-do-this type advice would
> still be helpful.)
> Would antivirus be able to detect spy-on-your-kids products? Would they be
> able to scan their computer with like Immunet or something, even if they
> didn't have administrator privileges?
> Tor would probably help -- unless the monitoring was looking at the RAM or
> something for website names, which would be way overkill on a commercial
> product, no? Or (more likely) if it was taking screenshots at regular
> intervals, which would also break running a VM or something. (Is there any
> way to detect taking screenshots?)
> I know probably the best thing would be running TAILS as a LiveCD -- the
> problem with that is that it's REALLY obvious over-the-shoulder.
> Um, thoughts about any of those?
> Any other things about parents as a threat model in general?
> I know this is pretty far from what is usually discussed on here, but I'm
> really interested in what you think/it would potentially help a lot of
> people.

Okay so I've gotten a few responses to this, so just to clear a few things

-- I don't know this person IRL -- I'm giving them advice over online, so
can't look at their computer, give them anything, etc.
-- I don't know what spyware program is being used, that is one of the "can
someone/how can someone do this" questions I am asking

And one major thing, which forgive me for getting kind of annoyed but
literally everyone has either directly suggested this or ignored the issue:
Parents monitoring/spying on their kids is VERY OFTEN part of an abusive or
nearly abusive relationship.
If "Just talk to them" was an option, I can GUARANTEE they would already
have taken it to the best of their ability.
"Just talk to them and install linux -winkyface-" is NOT a workable answer.
Parents have a HUGE amount of coercive power and are NOT shy about using

And for that matter, "wipe it and install linux" is really unlikely to work
either. Rubberhose Cryptoanalysis is in full play here -- a PRIMARY goal is
"hide it from your parents as much as possible", because confiscating your
computer for arbitrary periods of time is ALWAYS AN OPTION. If they find
something password protected, they are totally capable of just saying
"haha, stop playing around, you're grounded and we're confiscating the
computer until you stop being unreasonable and give us the password".
Also, an arbitrary kid at home isn't gonna be able to just install Linux.
Linux requires you to /know what you're doing on Linux/, and these kids
have their hands full dealing will everything else their parents overbear

Thought outline::
-- Find out or narrow down the ways their parent might be monitoring them
---- Is there Spyware installed on the computer itself?
------ detecting: is there a list they can look through "My Programs" to
see if any matches? Would doing a full scan with a free antivirus detect
them as spyware, or would there be "this is a commercial product for
parents" exception to the lists?
------ assessing: if they can find which spyware is being use they can just
look up the capabilities. But if they can't? What capabilities do most
child-spyware products have? Is it possible to narrow down by price-range
for what they can afford?
---- Is there spyware running on the network? Traffic monitoring and stuff?
------ That's harder to find, but using the Tor Browser should completely
negate that
---- bypassing softwarewise-things:
------ depends entirely on the capabilities. At the most simple, they can
be bypassed by just not using the normal browser. More complicated and I
can totally imagine a Superfish-like-thing monitoring all internet traffic
-- even HTTPS -- for keywords. Is constant screencapture a common feature
that we need to worry about?
-- Non-software-based things:
---- Manually looking through browser history: again, Tor Browser doesn't
keep history
---- Demanding access to email account: use one for school/parent-friendly
stuff, and create a secret one.
---- What else is there?

e.g.: Here's the parental controls/monitoring built into Windows 8:
(For the specific case that I'm asking about, I don't think they have
Windows 8, but other versions of Windows probably have similar capabilities)
And here's a top-ten comparison for child-spying software:

Would that be able to track the websites visited by the Tor Browser?

So specific questions to start:
What if any free antivirus, running with user permissions, would detect
commercial spy-on-your-child-ware?

If they're running a LiveCD/LiveUSB (you're right, probably USB -- faster,
more common, easier to excuse for, and persistence), how well can it be
disguised as the original operating system? How much of that work can be
done by people who aren't the child, so that the child can have as much of
a plug-and-play experience as possible?

Besides actively taking screenshots, are there any other potential issues
for the Tor Browser? e.g. is looking at RAM (unlikely for a commercial
parent-spy software?), scanning throughout the entire filesystem looking
for bookmarks (Also seems over the top if the Tor Browser is kept in a
not-completely-obvious location?), other capabilities?

Again, I don't know them at all IRL, so I can't look at their machine, help
them install/inspect things, etc.

And in general, I think it would be really valuable if we can create
will-work-for-70+%-of-people tactics that a kid/teen online can take to get
around their parents, so it would be great if we mapped out more a general
threat model for parents, and possible responses to that.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 8838 bytes
Desc: not available
URL: <>

More information about the cypherpunks mailing list