Dr Peter Saunders

How to protect your kids from internet pornography

Dr Peter Saunders was, until December 2018, the Chief Executive of CMF. Prior to that he was a general surgeon in New Zealand, Kenya and the UK. He is now the CEO of the International Christian Medical and Dental Association (ICMDA), a global movement uniting national Christian medical and dental organisations in over 60 countries,
The views expressed do not necessarily reflect those of CMF.

I have just posted a blog on the report from a committee of MPs which makes recommendations about new measures to protect children from internet pornography.

Most of these are targeted at the ISP industry (and not a moment too soon!) but the real need is for parents to take steps themselves.

If you are interested about how practically to do it here is some advice from a Christian medical colleague (and computer whizz!) that I have gleaned today.

How to protect your kids (and yourself!)

Because of the proliferation of connectable devices having software just on a PC is inadequate – the entire home network needs internet filtering.

The best way to achieve this is for the ISP to do it. Out of the 4 main British ISPs (Virginmedia, Talktalk, BT and Sky) only Talktalk can do this at present.

The main system I use is ‘Covenant Eyes’. This is accountability software that I use with a friend. It monitors internet use and alerts your accountability partner if you are accessing inappropriate websites. Once installed it cannot be removed without your accountability partner being alerted. You probably know about this already but the website gives full details. It would be a brilliant thing to do with teenagers. Although there is little need for this if the OpenDNS service is used (see below), it has the advantage of monitoring a device whether it is used at home or elsewhere – OpenDNS only covers your home network.

Second, most mobile phone networks have the ability to turn on web filtering for smartphone use at a network account level. So as long as your kids have mobile phones on your account you can block the inappropriate use of mobile devices through the 3G network.

Third, and this is the really clever way of doing it, a home user can achieve network-wide site filtering by using a service called OpenDNS. A brief, simple explanation of what a DNS Server does can be found at the end of this post.

To set this up you have to create an account on, tell OpenDNS about the IP address your ISP has given your ADSL or cable modem, and then edit the settings in your router so you use OpenDNS’s DNS Servers rather than your ISP’s. They provide good instructions on how to do this, but it’s a little technical. The service is free. (There is a more feature-rich service that you have to pay for but for most home networks the free bit is all you need).

As long as you keep the usernames and passwords for both your router and your OpenDNS accounts completely secret there is generally no way past this, even for your bright computer-savvy kids.

Check out

What a DNS server does (the technical stuff!)

Every networked device has a unique numerical address – an “Internet Protocol” (IP) address. It is a set of 4 numbers (between 0 and 255) separated by dots. The PC I am typing this on has the IP address “”. My PC at work is “”. When devices communicate over the network they talk to each other using these numerical IP addresses – but they are not very human-friendly! So each device also has a name – my PC is called onhealthy seroquel “Saturn”. At some point the IP address and the name need linking, so when I look at my network and see a PC on it called “Saturn” the software knows “Saturn” = IP address, and vice versa. This name to IP address translation is done through a database called “DNS” – “Domain Name Service”. Every device has to know the address of the computers on their network that hold the DNS database (there’s usually 2 – one main one and one backup). A computer holding the DNS is known as a DNS Server. With me so far? Good!

Now, this is also true on the Internet, with the condition that every device connected directly to the internet has to have a worldwide unique IP address. So the computer called “” (that responds when you type”” into your web browser) has the IP address “” – no other computer exposed on the Internet can ever have this address. When you type “” into your browser your Internet router that connects you to the Internet realises no device inside your home network has this name so it sends out a request to your ISP’s DNS servers which will respond with “the IP address you need is”. Your router can then find this address on the Internet and you can see the Microsoft website. Every ISP provides all their users with the IP addresses of two DNS server so your router knows were to send the request for name to IP address translation to. For example, VirginMedia provides a primary DNS Server IP address of, and a secondary IP address of Everyone using VirginMedia as an ISP will have these 2 IP addresses in the setup of their router so the network knows how to change website names into IP addresses.

A DNS server contains a huge database of website names and IP addresses – billions probably. Every single request to view a website that comes out of any device connected to your home network will go through the DNS server. Here comes the clever bit…

You don’t have to use the DNS servers provided by your ISP. For example Google has a couple of public ones that you can use – their IP addresses are and Program those IP addresses into your router instead of the ones provided by your ISP and all your IP address requests will go through Google’s DNS servers.

A company called “OpenDNS” provides 2 DNS server addresses for public use. They have built into them the ability to block certain website addresses from being passed back to your network. There is a massive classification database available that classifies millions and millions of websites into certain categories – hate, racist, violence, porn etc. The OpenDNS servers use this classification to allow you to filter website requests. So if I type “” into my browser, VirginMedia’s DNS servers would return “” and off I go into the Playboy website. OpenDNS (assuming I have an account with them and have set up the filtering to block porn) will refuse to return an address and say the site is blocked. As you will now understand, any device connected to my network (smartphone, PC, laptop, PS3, XBox etc be they mine or guests in my home) will get the same response – “blocked”.

Posted by Dr Peter Saunders
CMF Chief Executive



By commenting on this blog you agree to abide by our Terms and Conditions. Although we will do our utmost to avoid it, we reserve the right to edit, move or delete any comments which do not follow the guidelines provided.