I want to start with a confession: many of the parental monitoring apps parents install on their kids’ computers are, technically, spyware. They run hidden processes, intercept keystrokes, capture screenshots every few minutes, and upload that data to a server you have no control over. The fact that you installed it doesn’t change the underlying mechanism.
I’m not saying this to be inflammatory. I’m saying it because if we’re going to have an honest conversation about how to actually monitor your child’s computer use, we need to be clear about what we’re avoiding and why — technically, relationally, and sometimes legally.
What Makes Something “Spyware”
Spyware has three defining characteristics:
- Hidden operation — it runs without the user’s awareness
- Exfiltration — it sends data about the user to a third party
- Surveillance scope — it captures more than necessary for the stated purpose
A lot of popular parental monitoring tools check all three boxes. They run invisibly in the background. They upload screenshots, browsing history, and keystrokes to cloud servers operated by companies you’ve never heard of. And they capture everything, indiscriminately, whether it’s relevant to parenting or not.
Beyond the privacy concerns, there’s a practical problem: teenagers figure it out. A 14-year-old who discovers a hidden monitoring process on their laptop doesn’t learn to self-regulate — they learn to hide. They boot from a USB drive. They use their phone. They find a workaround. And the trust damage is hard to repair.
What You Actually Want to Know
Before choosing any monitoring approach, it’s worth asking: what question am I actually trying to answer?
Most parents, when pressed, say they want to know things like:
- Is my child doing homework or gaming when they say they’re doing homework?
- Is gaming taking over — are they losing sleep, skipping meals?
- Are they developing real skills or passively consuming content?
- Is anything worrying happening that I should know about?
Notably, none of these questions require reading your child’s private messages, capturing a screenshot every 30 seconds, or logging every keystroke. They require behavioral context — what applications are running, how long, when, and with what pattern.
This is a much smaller dataset than what most monitoring apps collect, and it’s one that can be gathered with significantly less invasiveness.
The Approaches, Ranked by Invasiveness
1. Network-Level Filtering (Least Invasive)
A DNS-based filter like Pi-hole or Cloudflare’s family DNS blocks requests to known bad domains at the router level. No software on the child’s device. No visibility into what they’re doing — just a category-level block on malware, adult content, or whatever categories you configure.
This is a great first layer. It requires no trust because it’s infrastructure, not surveillance. The downside: it tells you nothing about what your child is actually doing. It’s a fence, not a window.
2. OS-Native Screen Time Controls
Windows Family Safety, macOS Screen Time, and Google Family Link all have built-in parental controls. They’re transparent (the child knows they exist), they’re built into the OS, and they give you per-app time limits and basic usage reports.
These are underrated. For younger children (under 12), they’re often exactly enough. The main limitations: reports are shallow (total time per app, nothing about what specifically happened), and on Windows especially, a determined teenager can work around them.
3. SSH-Based Behavioral Monitoring
This is the approach I’ve built into Leassh, and it’s worth explaining because it’s architecturally different from everything above.
SSH (Secure Shell) is the protocol that system administrators use to remotely manage servers. Every Mac ships with an SSH server. Every Linux box has one. Windows has had a native OpenSSH server since 2019.
If you enable SSH on your child’s computer and configure your own monitoring system to connect, you can query the machine’s running processes, resource usage, and logged-in users without installing any persistent software on the target machine at all. The monitoring happens from the outside, not from inside a hidden process.
Your router runs the monitoring software. Every few minutes, it SSHes into your child’s computer, asks “what processes are running, how much GPU and CPU are in use, who’s logged in?”, then disconnects. No process left behind. The data stays on your home network. Nothing goes to any cloud.
From that process and resource data, you can infer a lot: Fortnite is running at 90% GPU for 4 hours while screen time should be off. Or: VS Code and a browser are active, consistent with coding. Or: the machine has been idle for 2 hours, they’re probably at the neighbor’s house.
4. Transparent Agent-Based Monitoring
For machines where SSH isn’t practical, a small, open-source agent you install explicitly — one that your child knows about and can see running in Task Manager — is the next best thing.
This is different from spyware in a meaningful way: transparency. If your child knows the process is there, knows what it reports, and can see it listed in their system processes, it functions more like a contract than a covert operation. “Here’s what I can see. Here’s what I can’t see.” That conversation is worth having.
What a well-designed agent should collect: running applications, active window time, session start/end. What it should never collect: keystrokes, clipboard contents, private messages, or anything that requires reading the content of what your child is doing rather than the metadata.
Comparing the Options Honestly
| Approach | Invasiveness | Insight Quality | Circumventable? | Data Goes to Cloud? |
|---|---|---|---|---|
| DNS filtering (Pi-hole etc.) | Low | Minimal | Easily (VPN) | No |
| OS-native controls (Screen Time, Family Safety) | Low | Basic | Partially | Minimal |
| SSH-based monitoring (no agent) | Low | Good | SSH can be disabled | No (stays local) |
| Transparent open-source agent | Medium | Good | Agent can be stopped | No (stays local) |
| Hidden monitoring apps (Bark, mSpy, etc.) | High | Mixed | Harder (but possible) | Yes (vendor cloud) |
One thing this table makes clear: the most invasive option isn’t necessarily the hardest to circumvent. A determined teenager who finds a hidden monitoring app will find their way around it. A teenager who has agreed to transparent monitoring and understands what’s being collected has fewer reasons to try.
The Privacy Angle You Might Not Have Considered
When you install a monitoring app that sends data to a vendor’s cloud, you’re not just trusting the software — you’re trusting the vendor’s security team, their data retention policies, their response to law enforcement requests, and their business model not to change in ways that affect your family’s data.
If a monitoring vendor gets breached, screenshots of your child’s computer activity, their browsing history, and potentially their private conversations are in that breach. This has happened. It will happen again.
Keeping monitoring data on your home network — processed locally, never uploaded — eliminates this risk entirely. There’s no vendor breach to worry about because there’s no vendor holding your data.
The Conversation You Have to Have Anyway
Here’s the thing I’ve learned building monitoring systems: the technology is a small part of the answer. The bigger part is the conversation.
Children who know their computer use is being monitored, understand what’s being collected and why, and have agreed to it — even reluctantly — respond differently than children who discover covert surveillance. The former develops some understanding of accountability. The latter develops skills in evasion and a durable lesson that adults can’t be trusted to be honest with them.
“Here’s what I can see: which applications are running, for how long, and whether you’re active. Here’s what I can’t see: what you’re typing, your messages, or what’s on your screen. My job is to understand your patterns, not to read over your shoulder.”
That’s a conversation worth having. And a monitoring approach worth choosing — one that makes it possible to have honestly.
What “Monitoring Without Spyware” Looks Like in Practice
If I were setting this up for my own family today, this is what I’d do:
- Enable SSH on every computer (or install a transparent agent on machines where SSH isn’t suitable — phones, tablets) and tell my kids it’s there.
- Run monitoring software locally — on a home server or even a Raspberry Pi — that queries those machines and keeps data on-network. No cloud account, no vendor holding our data.
- Look at behavioral patterns, not content — what applications are running when, how much gaming versus other activity, are usage patterns changing week over week in ways that warrant a conversation?
- Use the data to start conversations, not to catch them — “I noticed you were on until 1am three nights this week, what’s going on?” is a better conversation than “I have a screenshot of exactly what you were doing.”
This is precisely the philosophy behind Leassh — behavioral understanding from the outside, data that stays in your home, weekly reports that tell you what your child is doing rather than flooding you with screenshots and keylog entries you don’t know what to do with.
It’s not perfect. A kid who really wants to evade any monitoring system can do so. But that’s true of spyware too — and the covert approach costs you something that matters long after they leave home: trust.
Related reading: For guidance on limits and frameworks, see Screen Time Management for Families: Beyond Time Limits in 2026. For an honest look at the commercial alternatives, see Best Parental Control Software 2026: Bark vs Qustodio vs Net Nanny vs Leassh.