Filter Bypass Tools: What Schools Need to Know About Psiphon, Ultrasurf, Hotspot Shield & More

A Q&A with Lightspeed Systems VP of Product Development Rob Chambers

Q: What are Psiphon, Ultrasurf and Hotspot Shield?

A: They’re tools designed to bypass internet content filters, designed particularly for use in countries that filter and limit internet access for their citizens.

Q: What are the risks of tools like Psiphon and Ultrasurf in schools?

A: They allow students to bypass their school districts’ content filters. This means students can get to inappropriate content, adult content, malware and security-risk content. All the reasons schools use filters — these are what bypass tools put at risk.

Q: Why are these tools so hard to block?

A: They’re smart, heavily funded, and constantly evolving. They constantly use new URLs and protocols and change so they’re able to see what your filter has blocked and adapt until they get around it. Tools like this have been around a long time, but they’ve gotten more aggressive and difficult to block.

Q: How much of a problem has this been for schools?

A: Almost every district IT employee I’ve talked to — and I talk to a lot — has had challenges with filter bypass tools. They end up spending a lot of time adding new URLs to block lists, but this is a futile effort.

Q: What makes Filter Bypass Controls in Lightspeed Systems Web Filter 3: Longhorn different?

A: One of the things that our Web Filter 3: Longhorn does better than any other filter is analyze and categorize the Web. We’ve been doing it for decades, and our machine-learning database is able to accurately and comprehensively analyze every new URL and determine what it is. In addition, we filter more students around the world than any other company. Because of these things, we have the data and technology to detect suspicious activity and accurately categorize bypass attempts better than any other provider can. Then we shut it down.

Screenshot of Filter Bypass Controls in the Lightspeed Systems Web Filter

Filter Bypass Controls, available in beta in the Lightspeed Systems Web Filter 3: Longhorn

Q: Longhorn disables the device when it detects Psiphon or bypass activity. Why can’t it just block activity and leave the device enabled?

A: If we did that, the bypass tool would just keep running until it found an open route around the filter. By shutting down the device for a configurable amount of time, we shut down the bypass tool completely. This stops the tool and also reinforces to students that if they keep trying to get around the filter, they’ll be locked out of the internet.

Q: So you lock down the device. What else?

A: Well, first of all, the lockout can be configured for any number of minutes between five and 60. The filter can also alert an administrator of the bypass attempt. We also report on these attempts and lockouts to create a historical record.

Q: How does this all help schools?

A: This technology keeps the students filtered, which keeps them safe, and protects the district and network. It also saves time that school IT departments would otherwise spend chasing and fighting these tools.

Q: How would a school not using Lightspeed’s filter know if students were using these tools?

A: It would depend what kinds of tools they’re running. They might see malware and other security risks popping up. They might see students missing from activity reports. But I can pretty much guarantee that every school has some students who use these tools. It’s very common.

Q: Anything else?

A: Filter Bypass Controls are the latest, most powerful piece of Web Filter 3: Longhorn’s multilayered bypass protection. Our solution also allows schools to block P2P and QUIC protocols, unknown URLs, downloads by file extension type, and sites categorized as security/proxy. Together, this gives schools the safety and security they need.

Q: How can schools get it?

A: Filter Bypass Controls are part of Lightspeed Systems Web Filter 3: Longhorn.

Get a demo or more information here.

Ready to learn more or request a demo?

Request a demo

Leave a comment

Your email address will not be published. Required fields are marked *