this post was submitted on 24 Aug 2024
104 points (88.8% liked)

Privacy

31866 readers
312 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Hi everyone,

I'm currently facing some frustrating restrictions with the public Wi-Fi at my school. It's an open Wi-Fi network without a password, but the school has implemented a firewall (Fortinet) that blocks access to certain websites and services, including VPNs like Mullvad and ProtonVPN. This makes it difficult for me to maintain my privacy online, especially since I don't want the school to monitor me excessively.

After uninstalling Mullvad, I tried to download it again, but I found that even a search engine (Startpage) is blocked, which is incredibly frustrating! Here’s what happened:

  • The Wi-Fi stopped working when I had the VPN enabled.
  • I disabled the VPN, but still couldn't connect.
  • I forgot the Wi-Fi network and reset the driver, but still no luck.
  • I uninstalled the Mullvad, and then the Wi-Fi worked again.
  • I tried to access Startpage to search for an up-to-date package for Mullvad, but it was blocked.
  • I used my phone to get the software file and sent it over, but couldn't connect.
  • I searched for different VPNs using DuckDuckGo, but the whole site was blocked.
  • I tried searching for Mullvad, but that was blocked too.
  • I attempted to use Tor with various bridges, but couldn't connect for some unknown reason.
  • I finally settled for Onionfruit Connect, but it doesn't have a kill switch, which makes me uneasy.

Ironically, websites that could be considered harmful, like adult content, gambling sites and online gaming sites, are still accessible, while privacy-tools are blocked.

I'm looking for advice on how to bypass these firewall restrictions while ensuring my online safety and privacy. Any suggestions or alternative methods would be greatly appreciated! (If any advice is something about Linux, it could be a Problem, since my school enforces Windows 11 only PC's which is really really igngamblingThanks in advance for your help

edit: did some formatting

edit2: It is my device, which I own and bought with my own money. I also have gotten in trouble for connecting to tor and searching for tor, but I stated that I only used it to protect my privacy. Honestly I will do everything to protect my privacy so I don't care if I will get in trouble.

edit 3: Thanks for the suggestions, if I haven't responded yet, that's because I don't know what will happen.

you are viewing a single comment's thread
view the rest of the comments
[–] fmstrat@lemmy.nowsci.com 0 points 2 months ago (1 children)

You, as a network engineer, at a business, where SSH is normal. This is not your realm, as schools look for very different signals. They are rarely actively monitored, but when they are, SSH will 100% look suspicious, and this individual already has a flag on them for tor, so yes they go beyond MAC and can identify them. You haven't even asked what kind of school it is, how they access school content when on the network that could identify their machine, or what the risks are for getting caught, yet you want to push a method when others have provided better8 options for obscurity. I am looking out for this kid's (or adult's) well being.

Yes, your method works to bypass a firewall, I have even used it myself many times. But it is absolutely not the best option here. And before you ask for credentials again, yes, I have network security experience in multiple domains, including corporate provided POC exploits for software you would know the names of, threat modeling for highly sensitive data, and organization and management of certified systems, along with knowledge of school network infrastructure.

[–] hperrin@lemmy.world 0 points 2 months ago* (last edited 2 months ago) (1 children)

I helped out with my high school network and SSH absolutely would not have looked suspicious. I can’t say for this school, but that was a regular part of the curriculum in mine. Even if it wasn’t, what are you gonna do as a net admin? You have zero evidence that a student is doing something malicious.

I feel like you’re a script kiddy who got called out for being overly confident online, and now you’re grasping at straws. I literally gave you two outs, and you doubled down every time. There is nothing suspicious about SSH traffic, even in a high school network, let alone a college network, and if you think there is, you’re 100% brand new to the industry.

You still haven’t given any alternative that would look any less suspicious than SSH traffic, and you still haven’t given any method a net admin could use to identify your machine from the countless others that connect to an open WiFi network.

In fact, let’s test you. There’s something that old versions of Firefox will expose, even through a SOCKS proxy. What is it, and what did Firefox introduce to prevent that?

[–] fmstrat@lemmy.nowsci.com 0 points 2 months ago (1 children)

He literally said he had already been identified. Read.

[–] hperrin@lemmy.world 0 points 2 months ago* (last edited 2 months ago) (1 children)

They said they got in trouble for Tor, they didn’t say their machine was identified. Even if it was, yet again, there’s nothing suspicious about SSH traffic. SSH traffic looks like work (because it usually is).

And I’ll ask you again, since you avoided the question, what better way is there? What would look more innocent than SSH?

[–] fmstrat@lemmy.nowsci.com 0 points 2 months ago (1 children)

I guess they magically knew it was them? And there you go again with "work." Shadowsox has already been mentioned for randomized https traffic. Feel free to learn from the other comments.

[–] hperrin@lemmy.world 0 points 2 months ago* (last edited 2 months ago)

I mean, they could have used their eyeballs, but we don’t know, because he didn’t say.

Shadowsocks would work, but I feel like bare stream ciphers over TCP are a dead giveaway that you’re bypassing content restrictions. Especially if they probe that host and see it running. But, what do I know? It’s just my job five days a week.

See: https://lemmy.world/comment/12008875