this post was submitted on 24 Aug 2024
99 points (87.8% liked)

Privacy

31981 readers
266 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Hi everyone,

I'm currently facing some frustrating restrictions with the public Wi-Fi at my school. It's an open Wi-Fi network without a password, but the school has implemented a firewall (Fortinet) that blocks access to certain websites and services, including VPNs like Mullvad and ProtonVPN. This makes it difficult for me to maintain my privacy online, especially since I don't want the school to monitor me excessively.

After uninstalling Mullvad, I tried to download it again, but I found that even a search engine (Startpage) is blocked, which is incredibly frustrating! Here’s what happened:

  • The Wi-Fi stopped working when I had the VPN enabled.
  • I disabled the VPN, but still couldn't connect.
  • I forgot the Wi-Fi network and reset the driver, but still no luck.
  • I uninstalled the Mullvad, and then the Wi-Fi worked again.
  • I tried to access Startpage to search for an up-to-date package for Mullvad, but it was blocked.
  • I used my phone to get the software file and sent it over, but couldn't connect.
  • I searched for different VPNs using DuckDuckGo, but the whole site was blocked.
  • I tried searching for Mullvad, but that was blocked too.
  • I attempted to use Tor with various bridges, but couldn't connect for some unknown reason.
  • I finally settled for Onionfruit Connect, but it doesn't have a kill switch, which makes me uneasy.

Ironically, websites that could be considered harmful, like adult content, gambling sites and online gaming sites, are still accessible, while privacy-tools are blocked.

I'm looking for advice on how to bypass these firewall restrictions while ensuring my online safety and privacy. Any suggestions or alternative methods would be greatly appreciated! (If any advice is something about Linux, it could be a Problem, since my school enforces Windows 11 only PC's which is really really igngamblingThanks in advance for your help

edit: did some formatting

edit2: It is my device, which I own and bought with my own money. I also have gotten in trouble for connecting to tor and searching for tor, but I stated that I only used it to protect my privacy. Honestly I will do everything to protect my privacy so I don't care if I will get in trouble.

edit 3: Thanks for the suggestions, if I haven't responded yet, that's because I don't know what will happen.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 24 points 2 months ago* (last edited 2 months ago) (3 children)

What worked for me at my old school was using a ShadowSocks proxy. ~~Basically what this does, is it takes all your traffic and just makes it look like random https traffic (AFAIK).~~ ShadowSocks is just a proxy. The description fits the Cloak module, mentioned below.

I believe multiple VPNs support this, for me with PIA VPN it's in the settings under the name "Multi-Hop" (PIA only supports this on the Desktop App, not on mobile).

This technique is pretty much impossible to block, unless you ban every single VPN ShadowSocks Proxy IP. If that is the case for you (chances are practically 0), you could also selfhost ShadowSocks in combination with the Cloak module, however this method is a lot more complicated.

[–] [email protected] 2 points 2 months ago* (last edited 2 months ago) (1 children)

Shadowsocks doesn’t look anything like HTTPS traffic. It looks like a bare stream cipher over TCP connections to one host with bursts of traffic. HTTPS starts off with a TLS handshake (a client hello, a server hello, the server certificate, then a cipher negotiation and key exchange) before any ciphertext is exchanged. Shadowsocks just starts blasting a ciphertext stream. Even if you run it on port 443, it looks nothing like HTTPS.

Without any sort of cipher negotiation and key exchange, it’s obvious that it’s a stream cipher with a pre shared key, so this would be automatically suspicious. There’s also not really any plausible deniability here. If they probe your Shadowsocks host and see it running there, that’s all the proof they need that you’re breaking their rules. With a VPN, you could at least say it’s for a project, and with SSH, you could say you’re just transferring files to your own machine.

[–] [email protected] 1 points 2 months ago

Yep my mistake, I confused ShadowSocks with Cloak.

[–] [email protected] 3 points 2 months ago

And if you host your own VPN, it's identifiable as a single destination for your connection.

[–] [email protected] 13 points 2 months ago (1 children)
[–] [email protected] 6 points 2 months ago (1 children)

Yea, IIRC XRay is the most advanced solution for that now.

[–] [email protected] 1 points 2 months ago* (last edited 2 months ago) (1 children)

This seems to say it is blocked in China and Russia as well though

[–] [email protected] 1 points 2 months ago

Seems like there is nuance though.