this post was submitted on 24 Aug 2024
100 points (87.9% liked)

Privacy

32400 readers
209 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Hi everyone,

I'm currently facing some frustrating restrictions with the public Wi-Fi at my school. It's an open Wi-Fi network without a password, but the school has implemented a firewall (Fortinet) that blocks access to certain websites and services, including VPNs like Mullvad and ProtonVPN. This makes it difficult for me to maintain my privacy online, especially since I don't want the school to monitor me excessively.

After uninstalling Mullvad, I tried to download it again, but I found that even a search engine (Startpage) is blocked, which is incredibly frustrating! Here’s what happened:

  • The Wi-Fi stopped working when I had the VPN enabled.
  • I disabled the VPN, but still couldn't connect.
  • I forgot the Wi-Fi network and reset the driver, but still no luck.
  • I uninstalled the Mullvad, and then the Wi-Fi worked again.
  • I tried to access Startpage to search for an up-to-date package for Mullvad, but it was blocked.
  • I used my phone to get the software file and sent it over, but couldn't connect.
  • I searched for different VPNs using DuckDuckGo, but the whole site was blocked.
  • I tried searching for Mullvad, but that was blocked too.
  • I attempted to use Tor with various bridges, but couldn't connect for some unknown reason.
  • I finally settled for Onionfruit Connect, but it doesn't have a kill switch, which makes me uneasy.

Ironically, websites that could be considered harmful, like adult content, gambling sites and online gaming sites, are still accessible, while privacy-tools are blocked.

I'm looking for advice on how to bypass these firewall restrictions while ensuring my online safety and privacy. Any suggestions or alternative methods would be greatly appreciated! (If any advice is something about Linux, it could be a Problem, since my school enforces Windows 11 only PC's which is really really igngamblingThanks in advance for your help

edit: did some formatting

edit2: It is my device, which I own and bought with my own money. I also have gotten in trouble for connecting to tor and searching for tor, but I stated that I only used it to protect my privacy. Honestly I will do everything to protect my privacy so I don't care if I will get in trouble.

edit 3: Thanks for the suggestions, if I haven't responded yet, that's because I don't know what will happen.

you are viewing a single comment's thread
view the rest of the comments
[–] hperrin@lemmy.world 18 points 3 months ago* (last edited 3 months ago) (3 children)
  1. Sign up for Digital Ocean.
  2. Get the cheapest VM (called Droplets on DO) you can get.
  3. Install Ubuntu on it.
  4. SSH into it and open a SOCKS proxy (ssh -D 8080 <yourdropletip> on Linux, use PuTTY on Windows).
  5. Configure Firefox to use localhost:8080 as a SOCKS5 proxy.
  6. Win.

Bonus points if you set up Cockpit to manage everything over the web (localhost:9090 over your proxy), that way you don’t need to learn all about sudo apt whatever.

[–] fmstrat@lemmy.nowsci.com 8 points 3 months ago (1 children)

Highly identifiable. Do not do this. Will it get you through the firewall? Yes. Will it get you in trouble when they see all your traffic going to one place? Also yes.

[–] hperrin@lemmy.world 1 points 3 months ago* (last edited 3 months ago) (2 children)

It’s an open WiFi network. They’re probably not even able to identify which device is used by which person. Even if they could, why would they be monitoring everyone’s traffic looking for users who only visit one resource? That’s an extremely unlikely scenario.

The worst they’d see is that this device is using a lot of SSH traffic. There’s nothing suspicious about that. SSH is perfectly normal.

[–] 0x0@programming.dev 2 points 3 months ago (1 children)

There’s nothing suspicious about that. SSH is perfectly normal.

In a business? Sure.

In a school? Not so much.

[–] hperrin@lemmy.world 1 points 3 months ago

It very much is. I used it regularly in both high school and college. In high school it was just how I connected to other machines. One of my teachers taught me how to use it. In college we were told to use it by the professor, so at least one entire class was using it for every assignment. That’s pretty normal in any school that has programming or networking courses.

SSH is usually used for work, so it just looks like someone working. Tor is used for nefarious purposes, so it will always look suspicious. VPNs are used to bypass content restrictions, so they will always look suspicious.

[–] fmstrat@lemmy.nowsci.com 1 points 3 months ago (1 children)

Again these are all assumptions. These are risks that do not need to be taken when there are better methods.

[–] hperrin@lemmy.world 0 points 3 months ago* (last edited 3 months ago) (1 children)

These aren’t assumptions. OP states it’s an open WiFi network in their post, and unless you name your computer after yourself, all the network admins can see is your MAC address. And what is suspicious about SSH traffic? And what better way is there? VPN traffic will look more suspicious.

What do you do for a living? I’m a software and network engineer, so this is in my realm of expertise. All the network admins will see is OP’s MAC and that they’re sending a lot of SSH traffic to a Digital Ocean IP (if they even bother to sniff their traffic). This is how I, as a network engineer, have personally bypassed content filters.

[–] fmstrat@lemmy.nowsci.com 0 points 3 months ago (1 children)

You, as a network engineer, at a business, where SSH is normal. This is not your realm, as schools look for very different signals. They are rarely actively monitored, but when they are, SSH will 100% look suspicious, and this individual already has a flag on them for tor, so yes they go beyond MAC and can identify them. You haven't even asked what kind of school it is, how they access school content when on the network that could identify their machine, or what the risks are for getting caught, yet you want to push a method when others have provided better8 options for obscurity. I am looking out for this kid's (or adult's) well being.

Yes, your method works to bypass a firewall, I have even used it myself many times. But it is absolutely not the best option here. And before you ask for credentials again, yes, I have network security experience in multiple domains, including corporate provided POC exploits for software you would know the names of, threat modeling for highly sensitive data, and organization and management of certified systems, along with knowledge of school network infrastructure.

[–] hperrin@lemmy.world 0 points 3 months ago* (last edited 3 months ago) (1 children)

I helped out with my high school network and SSH absolutely would not have looked suspicious. I can’t say for this school, but that was a regular part of the curriculum in mine. Even if it wasn’t, what are you gonna do as a net admin? You have zero evidence that a student is doing something malicious.

I feel like you’re a script kiddy who got called out for being overly confident online, and now you’re grasping at straws. I literally gave you two outs, and you doubled down every time. There is nothing suspicious about SSH traffic, even in a high school network, let alone a college network, and if you think there is, you’re 100% brand new to the industry.

You still haven’t given any alternative that would look any less suspicious than SSH traffic, and you still haven’t given any method a net admin could use to identify your machine from the countless others that connect to an open WiFi network.

In fact, let’s test you. There’s something that old versions of Firefox will expose, even through a SOCKS proxy. What is it, and what did Firefox introduce to prevent that?

[–] fmstrat@lemmy.nowsci.com 0 points 3 months ago (1 children)

He literally said he had already been identified. Read.

[–] hperrin@lemmy.world 0 points 3 months ago* (last edited 3 months ago) (1 children)

They said they got in trouble for Tor, they didn’t say their machine was identified. Even if it was, yet again, there’s nothing suspicious about SSH traffic. SSH traffic looks like work (because it usually is).

And I’ll ask you again, since you avoided the question, what better way is there? What would look more innocent than SSH?

[–] fmstrat@lemmy.nowsci.com 0 points 3 months ago (1 children)

I guess they magically knew it was them? And there you go again with "work." Shadowsox has already been mentioned for randomized https traffic. Feel free to learn from the other comments.

[–] hperrin@lemmy.world 0 points 3 months ago* (last edited 3 months ago)

I mean, they could have used their eyeballs, but we don’t know, because he didn’t say.

Shadowsocks would work, but I feel like bare stream ciphers over TCP are a dead giveaway that you’re bypassing content restrictions. Especially if they probe that host and see it running. But, what do I know? It’s just my job five days a week.

See: https://lemmy.world/comment/12008875

[–] Aradia@lemmy.ml 7 points 3 months ago (1 children)

hetzner.com is cheaper, I think.

[–] Deckweiss@lemmy.world 2 points 3 months ago (1 children)
[–] Aradia@lemmy.ml 2 points 3 months ago* (last edited 3 months ago)

That's nice, for 0,50 monthly less you have more hard drive (14GB more) but you lose 2GB of RAM compared to Hetzner.

EDIT: For VPN over HTTP, you don't need more than this.

[–] EngineerGaming@feddit.nl 1 points 3 months ago

There is also sshuttle if you want to route everything through SSH, but not tried personally.