Changes to Google SSL and
RM SafetyNet

To find out more call us free on 0808 172 9532 or email esafety@rm.com

Important issues affecting your filtering service - requires your attention and action

On 23 June 2015 the Google search services moved all search results behind SSL encryption. This means that all search results are now served using 'https', with the secure padlock shown in web browsers.

What is the impact on how RM SafetyNet filters these search results?

This makes it impossible for cloud-based filtering products such as RM SafetyNet to continue to effectively filter search results in the way it did before (i.e. by inspecting search queries and results) without first intercepting the secure connection, which means that some inappropriate results may appear if care is not taken to search accurately and sensitively.

Unless you take action, Google search results will not be filtered by RM SafetyNet.

If for any reason you don't take action, we can ensure that Google SafeSearch is applied to search results; however this doesn't offer the level of filtering that you receive through RM SafetyNet. You will therefore run the risk of inappropriate search results, including images, being displayed to your users.

Does this represent a safeguarding issue for our learners and other users?

It could do as it means it is likely that inappropriate material could appear in search results e.g. inappropriate links, thumbnail images etc. Whilst there has always been a slight potential for this to happen in the past (as no filtering system is 100% secure) the changes Google will make means that the possibility for inappropriate content to pass by filters has increased enough for us to be concerned.

What are we doing about it?

RM Education took the decision as a result of the recent Google announcement to develop and add additional functionality to RM SafetyNet that provides a way to filter inappropriate Google search results. This new 'SSL interception' functionality means that we can intercept and filter Google search results after Google implement their change. This will also allow us to subsequently address existing issues with other Google services like YouTube that have already moved to SSL.

For further information on YouTube SSL changes view the RM Tech Article.

Do schools need to do anything? 

Yes. In order to perform 'SSL interception', schools need to make changes to the devices that use RM SafetyNet (as it needs to decrypt, analyse, and then re-encrypt all traffic using a security certificate).

This certificate must be deployed to all computers and devices that browse via an RM SafetyNet filtered connection.

There will also need to be changes made to browsers that access the Google search engine.

We are providing the certificates for download, and support documentation which includes a guide to deploying the certificate to common network configurations and devices, as well as changing your proxy address after the certificate is deployed.

This requirement to distribute a certificate to all devices is similar to the approach used by other filtering appliances that offer SSL interception.

We have also developed a clear policy detailing what SSL traffic will be intercepted with regards to private transactions. Download our SSL Interception Policy

You may wish to discuss this process with your technical support team, and ensure everyone is aware of the steps you have taken to ensure the continued protection of your learners and staff.

To find out more call us free on 0808 172 9532 or email esafety@rm.com

Downloads

SafetyNet certificate

Download

Windows networks

RM SafetyNet certificate deployment script for Windows networks

Download

Deployment instructions

Apple OSX and iOS

RM SafetyNet certificate installer for Apple networks

Download

Deployment instructions

Android and Google Chromebooks

RM SafetyNet certificate for GAFE networks (zip)

Download

Deployment instructions

Test your certificate installation

To check your browser(s) to see if the RM SafetyNet Certificate is correctly installed please visit http://ssltest.rm.com/

If you have followed the instructions and your browsers are displaying one of the attached screenshots, please contact your support provider.

back to top button Let's talk