Sophie – my 6 year old daughter – is on holiday from school at the moment and has spent a little time online playing on her favourite websites. Sometimes she gets asked for an email address to sign up for some kind of club. Today that happened and it lead to a conversation between Sophie and her mum which included questions like:-
“Why do you have an email address and I don’t?”
“Why do we use your email address for clubs I want to join?”
“Isn’t it like a letter, you hand me my letters, and I open them, isn’t email like that?”
..and so on.
Clare suggested that Sophie should speak to me (given I deal with all things technical in the house) which she’s not done yet. I wondered what other people did about online accounts for their children. Now of course being a geek I can easily setup an account for Sophie and give her access however there’s a bunch of issues here.
Firstly I don’t want random people emailing her so I’d need some kind of whitelist so that I can control who can mail her. This makes it difficult for her to sign up to web based services because I don’t know ahead of time where the mail will come from.
I could use greylisting with very long delays and watch the logs myself to see where the mail comes from and then manually whitelist accounts, but if she wants to sign up for something there and then she’s out of luck unless I happen to be there.
The fly in the ointment is that I use Google Mail for Domains for my personal mail. So I don’t have quite the same control over the configuration as I would if I hosted it myself and used postfix/exim/sendmail/whatever.
I could switch back to hosting my own mail but I flat out don’t want to, so that’s kinda out of the question. I could register a separate domain for Sophie but that seems messy. I could forward the gmail to another box which does the whitelisting perhaps?
Of course I could use the dismissive “you’re too young to have an email address” but I’d really rather not.
What do other parents do? Comments/input/suggestions very welcome.
Update: One suggestion made by my very good friend Adrian was that I should teach her to ‘tag’ her email addresses when signing up. That is, adding “+bbc” to the user-part of the address when she signs up at BBC sites for example, and +c4 at Channel4 sites.
Adrian also suggested that I setup a Gmail account for her, but that she doesn’t access that directly, instead I use fetchmail to my own box containing the whitelist, and Sophie should pick up mail from that box. That way I offload most of the spam workload to Google, and can easily implement a whitelist. I like this idea.
48 Comments
I was about to suggest a Hotmail / Windows Live address – the parental controls on those are good. If you lock the account down, then the child can’t send outgoing mail (or recieve mail) except for approved contacts.
You can allow the child to manage their own contact list if you wish. Unfortunately, that doesn’t help for signing up to websites, since a lot of sites don’t tell you exactly what email address the confirmation email will come from.
Could you set up a mail alias for her, then have all mail going through that address get CCed to you? Between that and some careful filtering (and maybe blocking of images in her mail client), that should stop adult content spam concerns, and stranger danger.
I can understand if you don’t want to filter all of her mail, though. It’s decisions like that (the line between protection and spying), that make me glad I’m not a parent.
I could certainly setup a rule in her email which forwards anything she gets to me. I don’t want to be the oppressive Dad, but I do want to make sure someone so young doesn’t get exposed to internet crap too soon. It’s not that I don’t trust her, it’s that I don’t trust every other person on the net.
She get her web access restricted to certain sites, so chances are that the only things she’ll sign up for are BBC and associated stuff, which I feel I should have some trust in.
That’s what I do. My daughter’s email address automatically CCs all her email to me (using a gmail filter). The important thing is that she’s aware that she can’t go off and look at stuff in private, and therefore she moderates her inclinations. I have a pretty liberal attitude to this, though; specifically, I think that getting Viagra spam won’t kill her, and it offers the opportunity for an explanation of what spam is and how to avoid it. However, my daughter’s 10 and yours is 6, and that’s quite a big difference.
(oh, and I don’t restrict her access. She wants to look at stuff on the net, she’s welcome to do so. Her restrictions are social, not technical, since social restrictions almost always work better than technical solutions do.)
I just went to look at my spam folder in gmail. Ironically the wordpress notification email for this comment was in there
I caved in and set up email accounts for my kids on Google Apps. I know their passwords and so can (and do) check occasionally what is in their inbox/sent items etc. It ain’t perfect I know but with Dansguardian I’m pretty sure it will filter any unsuitable content as it is all web based access for now.
It’s only my 9 year old who uses email and so far his use is very light. As with Sophie it sounds, he is mainly using it for signing up to on-line kids game/club sites.
If you get a better solution do share it with us
For 6 year olds, I don’t know. But 9 years (first comment)? At that age, especially today, it shouldn’t be really neccessary to control the account anymore. I don’t know why so many people believe children couldn’t understand what’s good and what’s not so good to them, at that age they’re definitly smart enough.
It’s less about what they are smart enough to sign up for, and (for me at least, I can’t speak for Alan Lord who posted that comment) more about the unsolicited crap she’ll get. I really don’t want to be answering questions about porn/viagra just yet.
If she doesn’t register in just about every forum on the internet just yet, chances are she won’t experience a lot of spam. Chances are also before this would happen, she will probably be interested herself and do some googling, at the very last at the age of 8 when sexuality is discussed in school for the first time in detail (at least here in Germany).
If you feel uncomfortable with that, then for what it’s worth check her mail account every now and then, but to think about complex software based solution is a bit of an overreaction I think.
I disagree. Spammers send speculative mail to $firstname@domain.com where $firstname is a massive list of popular names – of which she has one. When I ran my own mail server I used to get lots of mail for people who have never existed on my domain. I am certain that within days (if not hours) of me creating her account she’d get spam.
I think you might be wrong about that. My daughter doesn’t get any spam, speculative or no. I was mildly surprised about this myself, but it is so.
I used to have my main address set up as a catchall for that domain, and I got a lot of spam. It was directed at firstnames, as Popey says, and at $fandomKeyword@domain, so it looked like the spammers do at least some homework.
I did manage to remove 90% of that spam with Postfx / RBL filtering, but some does still get through.
I have ~6000 mails in my spam folder which gets cleared of anything older than 30 days. Much of it is money/software/scam related, but there’s a fair amount of viagra type stuff too.
Maybe I’m over-thinking it, and she’ll be fine with a bit of dad-based education and a gmail account
I agree that she’s unlikely to get spam if she’s not signing up for things with poor security (and I rather expect the BBC to be large enough to know what they’re doing). But I add the caveat: make it something non-obvious. A common way to come up with addresses to spam is to simply take a common last name, and try it. Then try it with an initial (all 26 possible ones) tacked onto the front. Things like that. You can generate large quantities of plausible email addresses that way (in a corporate environment, if you list some employees’ names online… that just reduces the set you need to go through, fun fun!) So “spope” or “sophie” or something else simple and dictionary-able going before the @ is something to avoid.
I get tons of spam nowadays, but my email address is all over changelogs and mailing lists online, so I expect that
I got my first email address when I got a computer at age 9. It was an AOL one, and I think my mom had my password.
Not sure how long that one is going to fly.
If she is using OSX have you looked at the parental controls in that? My 6 year old has an e-mail address but the first time she sends or recieves something from a new address, it comes to me first for approval. I guess Mail.app sends some special headers back to her account that her mail client picks up on. I haven’t sniffed the traffic specifically, but it works very well and is transparent to her.
I didn’t realise it did that, thanks!
heh. Answering that question without appearing like the biggest hypocrite ever is gonna be hard, dude
My wife caught my 4 year old trying to sign in under the username “daddy”. THAT’s why I don’t let them know MY password!
Hah. Sophie discovered that the guest account has no password (intentional) and has no parental controls – oops!
That one was easy for me. When my son wanted to change his password he chose a pretty good one after a bit of discussion about good passwords. I then needed to keep a copy of it on file in case he forgot it – of course I have the power to reset it, but that’s a whole different discussion. I need to be able to unlock the account to shut the machine down if he’s forgotten to as I don’t like forcing application closes if I don’t have to.
He’s full of very good questions, but seemed satisfied with the answers he got. Yesterday for example we followed a train of thought from how to pay for a new car when the old one was written off, through how to get a loan, on to who makes the rules and finally on to kings and queens stepping aside for their children to take the thrown!!
Popey is right. I am more concerned about the crap that will end up flooding in as it does for most of us on daily basis. Google’s junk filter is pretty good from my experience and with DG blocking any content I’d rather he not be exposed to yet I feel I have a reasonable solution.
>> at that age they’re definitly smart enough
hmm I am a bit astonished by such a statement. Actually I know many adults (from their 20s until there 60s) which are definitively not smart enough for this kind of things. I still remember when at work we sudenly received these “I love you” message and that so many colleagues – even talented one – opened the file.
And sometimes, eventhough one can be pretty smart, the trick is that someone smarter is waiting for you out-there! How many adults get tricked on the internet by sending cash money to unknown users?
Last winter I was looking for an apartment (renting) and for an electronic device on some quite well known web sites. In both case, I got almost tricked (though the one about the electronic device seemed obvious to me). Some of these guys out there are extremely smart!
One of their pattern is they enter first in a trust and safe relation, so that you think it’s a deal, when suddenly they (fake) a problem on their side (sometimes many days after concluding to a safe agreement) and ask you for a less-secure deal. The trick is first hoping that you do not dare to say no (by politeness or because of the increased desire that you have almost reached your goal) and second as you might have closed other possibilities you won’t change your mind and still proceed. These are high psychological (=powerful) tricks! Trust me!
Thus, if this is that difficult for adults, this is definitively too difficult for kids and even teens!
My uncle is 49 years old and has been using the internet for about six years or so. He isn’t smart enough to see the difference between spam and real emails. In fact, a big part of the adults I know don’t ever get what’s happening on their computer, while I see 5th grader (9/10 year old) in my school laughing about how bad the fake mail from Blizzard asking for their World of Warcraft password is when they sit in the computer room. I was always someone who thought children knew more than people thought, but even I am surprised at just how well a lot of them understand computer related stuff at a very early age nowadays. And regarding the problem of people sending cash, well chances are your children do not have a bank account to send money or buy things online anyway.
Willl you all stop equating it with smarts? It’s completely unrelated!
It’s a matter of training. It’s about awareness. It’s experience. It has nothing to do with intelligence! There is a weak link to age, but *only* to the age at which the person started using the computer and internet. If they started using it at a young age, then they’re accustomed to having to think about such things. If they started at age 40, they have not had as much relative time to get used to thinking about such things. It’s a matter of when it becomes second nature, and things you learn as a kid do that a bit easier.
There are people who are 50 and very good with computers because they’ve been on the cutting edge of tech their whole lives…ham radios, Altair computers, C64, Apple ][, Win 3.1…they’ve seen it all are used to adapting and understand technology’s limitations and how humans might abuse technology.
There are people who are 50 and terrible with computers because they only very reluctantly started using them 5 years ago when the boss forced them too, and all they know is that computers cost money and if they don’t follow the directions *exactly* it might break, and then it’s going to cost them *extra* money to get it fixed, so they better not try anything other than what the directions say. They’re more likely to just assume that if someone could figure out how to send them an email without them even having to tell the other person what their email address is…well, that person must know what they’re talking about, so they should do what they say. And this is why chainletters get forwarded. (Yeah, right, Microsoft is tracking the sending of email and Bill Gates will send you $5,000,000 if you forward this to 20 friends)
What the people you’re describing need is a class on how to detect spam and fraudulent emails. It’s not something everyone necessarily picks up over time (it heavily depends on whether they’ve received such emails and whether they’ve heard people talking about then, for instance), so user education is the only way.
It’s not smarts, but it’s not just experience either. I can point out many middle aged people who have been using computers daily for many years, that still just don’t grok it. What they know they know by rote, not any kind of understanding. They recognize that, but can’t get past it, even the ones that want to. Education isn’t going to make much headway here. It might be related to ability to learn new things, but I don’t think so.
Look, I could spent 20 years trying to become a painter, and I’d never do it. I just don’t have the small motor skills & artistic whatever to accomplish that. I’ve seen grade two students who are more talented now than I ever could be. Pretending everyone is capable of becoming good enough in the IT field to recognize the subtle differences between spam an ham is a fantasy I think.
I would just use google and forward a copy of each email to your account (or set up IMAP to hers). In 95% of the cases you will notice the email before she does and will be able to react if needed (not that likely either IMO).
Fair point. The only time she’d probably get it first is if she signed up for something and checked the mail there and then. Gmail is pretty quick at delivering mail to the inbox. I suspect thought that she’d be doing that whilst mummy is around and I’m at work. So less of an issue. Worth considering though, thanks.
I’ve had a fair bit of success in a similar situation. All of my kids have had GMail accounts for a few years. For the older two (13 and 16), I ensure I know their passwords and check their accounts occasionally (once a week or so). The youngest is 10, and I have her Gmail account set up such that I get a copy of all incoming email in my own inbox, which I monitor regularly.
Google has done a good job of filtering spam and I’ve never seen anything meant for adult eyes in any of the three inboxes. I get lots of “so-and-so commented on your facebook page” and tons of stuff from DragonFable and some Disney sites. For all of the kids, email is really just how they talk to the grandparents and a few old friends, and get updates from various web sites. Facebook seems to have taken over as the de riguer form of communications for the under-18 set. 6 is a bit young for a FB account, but by 10 years old, the pressure to let her have one will be pretty strong.
As for the password discussion, they’re never too young to learn the “my house, my rules” mantra. The only right to privacy my children can expect from me is the right to their bodies (I don’t intrude in their bathroom, and knock before I go into their rooms if they’re in there). All correspondence, phone logs, web traffic, etc is an open book. Even my 16 year old daughter accepts this as the Law. We also buy into the “There are surprises, but no secrets” philosophy.
Good luck. She’ll be a joy for another 4 years or so, then be prepared for your little girl to morph into something you’ve never seen before.
Hah, thanks for those words of wisdom! Much appreciated.
you could try:
http://zilladog.com/
http://www.zoobuh.com/
http://www.kidsemail.org/
I think the best solution is hosting it yourself. That’s the only way you can be sure that she is safe, not being sold to marketers, and not being brainwashed by the likes of Disney.
Its horrible to think that Children are 2nd class citizens but it seems that everyone responding is treating their children as such.
I suggest educating your children on the Internet and email. Then provide them with an email address just as you would your spouse.
If you monitor their email, you are abusing their right to communication and are no better then the government spying on its citizens.
How does this effect the psychology of your child? When your child finds out that you are monitoring/spying on them, how will this effect your relationship?
The King of the castle mentality can have a very negative psychological effect on children and will often times convince them to rebel against their parents when they grow older.
I was wondering how long it would take before I got a reply like this. I fully plan to explain things to my daughter, I wasn’t suggesting that I abdicate responsibility for that, merely asking for technical solutions to limit the problems that can occur when I am not nearby to help.
I completely disagree with your assertion that I am ‘spying’ on my kids, and to equate it with some kind of 1984 government spying is just bollocks.
“I completely disagree with your assertion that I am ’spying’ on my kids, and to equate it with some kind of 1984 government spying is just bollocks.”
+1
How old are you kids?
I’m not a parent, so this doesn’t count for much, but I’d just like to lend my opinion. My little sister has her own e-mail account that she uses (she’s a similar age to Sophie) without monitoring, and as far as I am aware has never had any trouble with it.
You appear to be a slightly more concerned parent than mine, but I think that the earlier you start giving children some element of responsibility the better, as they can learn how to deal with this maturely – and an e-mail account that you can passively monitor is a great way to do this. With Google’s spam filters I suspect she’d get little to no spam, and you can easily have it set up to forward to an account that you monitor for anything dodgy (which you can then use as a potential learning experience) until you feel she is old enough to have privacy from you in that respect (the sooner the better IMO, but that’s a personal choice).
Given the stories you’ve told me in the past about your parents and siblings, hell yes I take a different approach!
I do like the idea of a hands-off approach, but the fact is she will likely get spam at some point. It’s not just the spam that is a problem. Once people figure out her email address she can get disturbing mail from people who aren’t spammers, but are just people she doesn’t know. What happens if someone sends my 6 year old some hard core pornography via email? That’s not spam, it’s just unwanted.
If you are going to do what people suggested in here, to give her an email address without her real name, then I think the statement that she will get spam at some point is just not true. And do you honestly ever heard of someone in your environment getting mails by foreigners who have nothing better to do than to send them pornography etc.? That’s the stuff television series are made of.
People are stupid, they do stupid things. Like send mail to the wrong person or send mail to everyone in their address book.
How much unsolicited non-spam hardcore pornography do you receive in your mailbox? I’ve never got any, and I’m a lot more visible than Niamh is.
(Do not use this as an excuse to send me some.)
You could just use a gmail address and explain to her not to use it on too many unfamiliar sites, or if she’s unsure to ask Dad.
Gmail has pretty decent spam protection – I’ve had my account for a while and my email address is all over the net and I hardly ever get any spam email in my inbox. I would assume for a new email account that isn’t spread around much, there would be even less spam because less bots/spammers and dodgy people would know about it.
When choosing an email address, choose something that wouldn’t give away her name, age or gender.
> Gmail has pretty decent spam protection
I’d say that’s an understatement, in the time i’ve been using my account, i’ve been amazed by how little spam I get, almost none at all.
my sister registered gmail account for my nephew already. My nephew is 21 days old. I’m starting to think of how we are going to hand it over to him
interested to see the rules & setup you have for actually polling gmail into local mail pool.
I don’t think kids should have e-mail proper. I can envisage a cryptographic system that only allows them to see messages whose PGP keys are fully trusted (by the parents). So parents could grant ownertrust to another parent or teacher to help extend your child’s “safe” network. Anything unsigned is held for a parent’s approval, or to spread the load, you could allow another parent you fully trust to approve things for your child.
I’m not quite sure what the problem with signing up on websites is, from my experience it doesn’t matter whether they’ve got their own email or not, the site sends an email to a parental email address for approval before the account is activated.
Both my kids have had email addresses since birth, although neither currently get to use the independently. My youngest gets practically no email as the account has been little used. My eldest, on the other hand, gets tons of junk mail, some of it quite unpleasant. It has never been published anywhere, but people have sent him ecards using it.
If you have an email address there is nothing you can do to prevent it getting out. If it is in somebodies address book, as it will be if you use it, there is the chance it will be harvested from there, and once that has happened it gets around fast.
I’ve not managed to work out the criteria for speculative email spamming is. I have domains that get no speculative email spam, and other domains that get tons. The addresses have never been used, and some are quite strange ones. My best guess is that these have been harvested having been used to send spam, but I’m not sure. I think the best protection from speculative email is to not have a website for the domain, but that is just speculation
Once I’ve reinstated my anti-spam, greylisting, etc. I’ll be looking at the same question. I’ve also got to tweak my Dans Guardian setup, at the moment it doesn’t even like Google if you put in too many search terms!
If she is only signing up for online games with this email address, where’s the harm? My understanding is that it wouldn’t be published in public places; so how would other people get hold of it in public places?
Some of you people are crazy to just let your kids see/read what they want on the net. It’s a nasty nasty place, and there is plentyof time later in life for them to understand it. 9 years old isn’t old enough.
As for “how to answer the questions” about why can you get in their email and they can’t get in yours, the simple answer is BECAUSE YOU’RE THE PARENT. You’re there to look out for them and protect them from things that could harm them. It’s that simple. My kids know that their personal communcations via text and email are subject to checks at anytime by me, period. No deleting internet history, etc. If you’re doing something you’re ashamed of then you shouldn’t have the email account.
I’m glad to have found this post and the comments are very interesting to me. My 9 and 7 year olds have been pestering me to have their own email addresses. I use gmail for my domain, so I’d rather not go back to hosting my own mail service at dreamhost, for example. One thing I did see is that you can turn off services in Google Apps for your domain, but only if you have a premier or education account. For a standard account, all of the services are turned for the entire organization, since you can’t create sub-organizations (I was thinking that I would turn off Talk, for example).
I’m curious about the gmail/fetchmail approach, since I am using Ubuntu at home. I’m alos going to look into the MacOS approach, since we’re looking into upgrading the family computer to a MacBook. BTW, the social part of this equation can’t be understated — we have a single family computer in our kitchen/dining area that the kids use. For now, I’m holding the line on no devices in the rooms, although I know that may change as they get older and I can see that they’ve learned how to use the Internet carefully.