Hi everyone,

I’m currently facing some frustrating restrictions with the public Wi-Fi at my school. It’s an open Wi-Fi network without a password, but the school has implemented a firewall (Fortinet) that blocks access to certain websites and services, including VPNs like Mullvad and ProtonVPN. This makes it difficult for me to maintain my privacy online, especially since I don’t want the school to monitor me excessively.

After uninstalling Mullvad, I tried to download it again, but I found that even a search engine (Startpage) is blocked, which is incredibly frustrating! Here’s what happened:

  • The Wi-Fi stopped working when I had the VPN enabled.
  • I disabled the VPN, but still couldn’t connect.
  • I forgot the Wi-Fi network and reset the driver, but still no luck.
  • I uninstalled the Mullvad, and then the Wi-Fi worked again.
  • I tried to access Startpage to search for an up-to-date package for Mullvad, but it was blocked.
  • I used my phone to get the software file and sent it over, but couldn’t connect.
  • I searched for different VPNs using DuckDuckGo, but the whole site was blocked.
  • I tried searching for Mullvad, but that was blocked too.
  • I attempted to use Tor with various bridges, but couldn’t connect for some unknown reason.
  • I finally settled for Onionfruit Connect, but it doesn’t have a kill switch, which makes me uneasy.

Ironically, websites that could be considered harmful, like adult content, gambling sites and online gaming sites, are still accessible, while privacy-tools are blocked.

I’m looking for advice on how to bypass these firewall restrictions while ensuring my online safety and privacy. Any suggestions or alternative methods would be greatly appreciated! (If any advice is something about Linux, it could be a Problem, since my school enforces Windows 11 only PC’s which is really really igngamblingThanks in advance for your help

edit: did some formatting

edit2: It is my device, which I own and bought with my own money. I also have gotten in trouble for connecting to tor and searching for tor, but I stated that I only used it to protect my privacy. Honestly I will do everything to protect my privacy so I don’t care if I will get in trouble.

edit 3: Thanks for the suggestions, if I haven’t responded yet, that’s because I don’t know what will happen.

@hperrin@lemmy.world
link
fedilink
1
edit-2
3M

It’s an open WiFi network. They’re probably not even able to identify which device is used by which person. Even if they could, why would they be monitoring everyone’s traffic looking for users who only visit one resource? That’s an extremely unlikely scenario.

The worst they’d see is that this device is using a lot of SSH traffic. There’s nothing suspicious about that. SSH is perfectly normal.

There’s nothing suspicious about that. SSH is perfectly normal.

In a business? Sure.

In a school? Not so much.

It very much is. I used it regularly in both high school and college. In high school it was just how I connected to other machines. One of my teachers taught me how to use it. In college we were told to use it by the professor, so at least one entire class was using it for every assignment. That’s pretty normal in any school that has programming or networking courses.

SSH is usually used for work, so it just looks like someone working. Tor is used for nefarious purposes, so it will always look suspicious. VPNs are used to bypass content restrictions, so they will always look suspicious.

fmstrat
link
fedilink
13M

Again these are all assumptions. These are risks that do not need to be taken when there are better methods.

@hperrin@lemmy.world
link
fedilink
0
edit-2
3M

These aren’t assumptions. OP states it’s an open WiFi network in their post, and unless you name your computer after yourself, all the network admins can see is your MAC address. And what is suspicious about SSH traffic? And what better way is there? VPN traffic will look more suspicious.

What do you do for a living? I’m a software and network engineer, so this is in my realm of expertise. All the network admins will see is OP’s MAC and that they’re sending a lot of SSH traffic to a Digital Ocean IP (if they even bother to sniff their traffic). This is how I, as a network engineer, have personally bypassed content filters.

fmstrat
link
fedilink
03M

You, as a network engineer, at a business, where SSH is normal. This is not your realm, as schools look for very different signals. They are rarely actively monitored, but when they are, SSH will 100% look suspicious, and this individual already has a flag on them for tor, so yes they go beyond MAC and can identify them. You haven’t even asked what kind of school it is, how they access school content when on the network that could identify their machine, or what the risks are for getting caught, yet you want to push a method when others have provided better8 options for obscurity. I am looking out for this kid’s (or adult’s) well being.

Yes, your method works to bypass a firewall, I have even used it myself many times. But it is absolutely not the best option here. And before you ask for credentials again, yes, I have network security experience in multiple domains, including corporate provided POC exploits for software you would know the names of, threat modeling for highly sensitive data, and organization and management of certified systems, along with knowledge of school network infrastructure.

@hperrin@lemmy.world
link
fedilink
0
edit-2
3M

I helped out with my high school network and SSH absolutely would not have looked suspicious. I can’t say for this school, but that was a regular part of the curriculum in mine. Even if it wasn’t, what are you gonna do as a net admin? You have zero evidence that a student is doing something malicious.

I feel like you’re a script kiddy who got called out for being overly confident online, and now you’re grasping at straws. I literally gave you two outs, and you doubled down every time. There is nothing suspicious about SSH traffic, even in a high school network, let alone a college network, and if you think there is, you’re 100% brand new to the industry.

You still haven’t given any alternative that would look any less suspicious than SSH traffic, and you still haven’t given any method a net admin could use to identify your machine from the countless others that connect to an open WiFi network.

In fact, let’s test you. There’s something that old versions of Firefox will expose, even through a SOCKS proxy. What is it, and what did Firefox introduce to prevent that?

fmstrat
link
fedilink
03M

He literally said he had already been identified. Read.

@hperrin@lemmy.world
link
fedilink
0
edit-2
3M

They said they got in trouble for Tor, they didn’t say their machine was identified. Even if it was, yet again, there’s nothing suspicious about SSH traffic. SSH traffic looks like work (because it usually is).

And I’ll ask you again, since you avoided the question, what better way is there? What would look more innocent than SSH?

fmstrat
link
fedilink
03M

I guess they magically knew it was them? And there you go again with “work.” Shadowsox has already been mentioned for randomized https traffic. Feel free to learn from the other comments.

@hperrin@lemmy.world
link
fedilink
0
edit-2
3M

I mean, they could have used their eyeballs, but we don’t know, because he didn’t say.

Shadowsocks would work, but I feel like bare stream ciphers over TCP are a dead giveaway that you’re bypassing content restrictions. Especially if they probe that host and see it running. But, what do I know? It’s just my job five days a week.

See: https://lemmy.world/comment/12008875

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3K Posts
  • 75.4K Comments
  • Modlog