Information: Smart Hub Parental Controls not working properly with some browsers

Ben570 · ‎01-08-2024

Hi community,

This is an informative post more than a question. I have been having issues with parental controls not blocking adult websites including those with obvious related words in their names, (e.g. p***hub.com) and EE have been investigating for a number of weeks now.

They have provided a workaround while they are looking for a proper fix, but essentially it comes down to newer versions of browsers like Edge or Chrome having a new experimental feature called TLS 1.3 hybridized Kyber support enabled which breaks the parental controls feature. My loose understanding is that this is because the feature uses a new type of cryptographic algorithm in the browser session that makes it more private and instead of getting the EE banner *Access to this website has been blocked* page, the browser will display its own inbuilt "The connection for this site is not secure" page because EE's parental control systems can't intercept it properly. However, with TLS 1.3 hybridized Kyber support enabled (which it is by default in the latest browser updates) the user can hit the refresh button repeatedly until the browser complies and loads the site that should be blocked.

I am putting EE's workaround here as I understand it is not just my account that is affected, but likely anybody using this the parental controls may be affected. The current workaround is to disable this experimental browser feature as follows:

1. In your browser, type or paste the following setting URL into the address bar and hit enter: chrome://flags/#enable-tls13-kyber

2. Change the TLS 1.3 hybridized Kyber support flag to *Disabled*.

3. Close and re-open the browser.

Best of luck.

Ben570 · ‎12-08-2024

Update: Still no word on a proper fix and EE now say they won't call me unless they have a system update ready which they admit could be some time and cannot give an ETA. It's disappointing that they know and acknowledge their customers using this service are affected and would not necessarily know they are unprotected because the parental control filtering isn't working as expected but yet have not informed those same customers by way of any public communication about it so EE are leaving children and families unprotected and parents with a false sense of security. And of course they still charge the full price of the service each month.

Chris_B · ‎12-08-2024

@Ben570 They’ll not drop the price because of a loophole. It’s the same principal as buying a phone and a security risk has been found and not fixed, the price doesn’t come down until it’s fixed and then goes back up. There will probably always be work arounds a VPN for example or using private browsing from a device are known work arounds. Coding isn’t a 5 minute job and any fix has to make sure it doesn’t affect anything else that should be ok.

To contact EE Customer Services dial 150 From your EE mobile or 0800 956 6000 from any other phone.

Ben570 · ‎12-08-2024

@Chris_B This isn't just a "loophole", the service does not work with the OS and browsers that have a majority share in their default settings, no vpn or proxy needed. It's not a vulnerability that someone can exploit, it's a broken product. Would you be happy paying for your broadband service if say the https protocol specifically was broken and not working, or if DNS lookups were broken (you cannot change the DNS server on the Smart Hub) but you could still reach websites by adding in their IP address into your hosts file first?

Ben570 · ‎06-09-2024

5 weeks since I made this post, and at least 2 months since I reported the problem to EE and parental controls still broken. If you are a parent using this service, know that your children can still access pornography and other inappropriate websites. EE's parental controls do not work and I am drafting a letter to the communications ombudsman about this.

dellybeanhead · ‎08-10-2024

This is a major major issue.
Please can EE escalate this. And can we have access to change the DNS on the router in the interim please.

dellybeanhead · ‎17-10-2024

Did this workaround work for you.
it made no difference to me.
plus a browser based setting is by no means an acceptable fix.

Ben570 · ‎17-10-2024

Hi @dellybeanhead, it seems to have worked for me as long as the device is in the right device group with strict/moderate parental controls and using Edge or Chrome browser on Windows. Not sure about making the change in other browsers or operating systems. I did reboot Windows after making the change too so that I knew the browser would be reloaded for sure and I did check the setting had been saved after rebooting.

Also, you're absolutely right that this isn't an acceptable fix and was only supposed to be a workaround while EE investigated, but they're dragging their feet and it's been 3 months for me now. Have you reported that your parental controls aren't working to them as well?

dellybeanhead · ‎17-10-2024

No I’ve not reported it. I did try but the wait on hold was just too long.

JordanTA · ‎21-10-2024

Hi @Ben570

We're aware of the issue, I've spoken with our broadband team and they expect a fix to be rolled out in a software update soon. Apologies I can't be more specific on a date, but it'll hopefully be sorted soon. If I find out anything else I'll update the thread.

Thanks