Bypassing Blocked Sites at College..

[AmestrisXServe]

Really? A school blocking Google because it has the ability to find "adult content" is asinine. Search engines have revolutionized the way scholarly materials are shared and open students up to ideas and research they would not have found otherwise. In all honesty it sounds more like lazy network admins than any type of school policy.

I say by-pass away, if they kick you out for navigating to an educational resource via a Google search then so be it. Take your story public and let them explain why they ruined a young students life over a Google search.

There are lots of ways to bypass the restrictions, the easiest being to use a proxy server and/or VPN. Given the fact that the admin was to lazy to block specific content and instead chose a blanket fix, it's likely they were to lazy to properly block those connection types as well.

However, if they did block those options, another solution(that is relatively new and over looked by security admins) is DNS Tunneling. I won't go into the exact details [plenty of documentation on the technique, try Google ;-)] but basically you need a computer of site connected to the internet that will act as a DNS server and accept dns queries. Your computer sends an encoded http request disguised as a dns request, a program on your "dns server" decodes the request, gathers the data, encodes it as a dns response, and sends it back to your computer for you to decide and read.

I have to agree here: Blocking useful academic tools, Google and YouTube included, as a singular is absurd. I can see more of the point of YouTube, as 99.9% of the content is useless, but Google is absolutely needed for any practical use of the Internet at our present point in time.

What they should do is block specific google URL types, if they are majorly worried about adult content, but to be honest, we aren't speaking of a campus where anyone hasn't seen any of this in their lives, and viewing naughty photos on google images versus. needing to do research is a simple, flat, equation. The need for a viable search protocol outweighs the possibility of using it with non-academic intent.

I suggest TOR for you in any regard. You may also wish to consult with the system administrators for your college and ask why they are blocking legitimate Internet facilities, and not providing a suitable substitute.

Will they block Wikipedia next, because it has information on topics they don't appreciate? How about the Cambridge websites, in case anyone wants to research middle-english swear words?

Where do you draw the line?

Have you discussed this at all with those in control of the service?

One thing that analysis of that profile file may give you is the name of their SSID, and any login details (that you may need to decrypt), that would allow access without the .profile document, so that you can use a different device to bypass security, running macchanger, in the eventuality that they find that you have been using the system 'inappropriately'; whereby you can show on your primary device that you are not, and keep all workarounds on a second system that they don't know about, or on the same system, on a USB boot device, etc..

If their security system uses MAC address recognition in an allow/deny list, and not basic encryption, then you have a different problem, as once you change the MAC address, your system will not be able to connect to the network.

In an ideal situation, MAC allow/deny authentication is far more secure than WPA2, and if youwant to use WWAN/WLAN, it is wise to use both WPA2 and MAC filtration. Either can be broken, but it is easier to BF decrypt a WPA2 key, using a simple four-way handshake, than it is to do that in addition to needing the correct MAC address for that key.

It is likely they aren't using the finest tools to do this, and that the configuration, being new, is using default parameters. That is one good reason to visit whomever is in charge of this department and schedule a meeting with them to discuss your concerns. I would target legitimate, academic uses if you do this.

 

[northernmunky]

My local library has similar restrictions, actually most of the links to my coursework are blocked their filtering is so strict so just do what I do...

Get a 4G capable phone iPhone5 or 5S with an unlimited data tarriff. (I'm on Three on a $15 p/month contract - unlimited data). Tether that your your laptop/iPad and you're home free.

 

[kristofv]

get a $5 VPS @ digitalocean, setup an OpenVPN service that tunnels over port 443 (https).

They have to have pretty advanced security measures to detect that, since it will just look like encrypted traffic (like https). If they employ DPI they could potentially discover that the packets being sent are atypical for an https connection. But it is HIGHLY unlikely that any college/university/company does this.

Unlike the advice of others in this thread: don't stand for blocked internet. It's an affront. There's absolutely NO reason why they should be blocking it. If they want to make sure that most bandwidth is available for usage other than netflix/youtube/porn/... they should be using QoS traffic shaping.

PS: rotate the VPS' ip (they are billed by the hour, so you can easily set up new ones all the time) to prevent them from seeing your traffic is always being routed through the same IP.

source: I'm a software engineer currently living in China, I have experience with circumventing crazy network policies

 

[mcnallym]

It is a very hot topic in schools and other education establishments here in the UK now regarding explicit material. These aren't public wifi hotspots but private networks albeit an education establishment rather than a private company.

I install/manage firewalls and the biggest concern at the moment when talking with education establishments is explicit/unsuitable material being blocked. They simply cannot have it being displayed. I suspect is being driven from above, another one of Dave's great idea's.

Here in the UK then schools, colleges etc are deploying software at the firewall level to block access to explicit material.

TOR - can block
dnscrypt - can block
surfeasy - can block
jap - can block
openvpn - can block

In terms of blocking specific URLs then go and look at how Google returns images for searches. All of the search returns are simply from http://www.google.com /.co.uk etc. The image is embedded into the return page. So unless you actually block http://www.google.com then can get explicit images displayed in the search results.

enabling safesearch in google stops the explicit images as the safe search excludes the images from the search results, but can either be changed at the client, or normally the firewall requires https inspection since google moved to a https system.

Now if google did it like bing where the images are linked to explicit.bing.com and you can thus block the URL then the argument for blocking specific URLs will work, however currently Google doesn't do this and simply embeds the images into the html of the search page results and serves from http://www.google.com.

RM, Research Machines, one of the biggest IT resellers into Education uses Smoothwall for it's Content Filtering for education establishments. This can do HTTPS Inspection so even if you try and tunnel via https then can identify.

Smoothwall can even determine within things like iPlayer to allow access to the iPlayer but block access to what the BBC considers unsuitable for minors.

In general smoothwall is very popular at the moment in the Education Sector, and it sits as a Firewall, so you can't route around it, as it is inline.

Pretty much most commercial firewalls these days can do some form of application control where identifies the traffic as opposed to simply looking at the port, and https inspection where can look inside the https packets and see what is being sent. Look up Next Generation Firewall and will see that this is pretty standard stuff these days if you choose to implement it. URL filtering just doesn't cut it anymore. Remember the early days of URL filtering with the issues for Essex and Scunthorpe being caught by URL Filtering and blocked.

As you login to the network then it grabs your username on the network, your IP address and so where you access/try to access is logged against your userlogin, not an anonymous IP address.

Sophos even make this type of software available for free to home users ( limit is 50 IP addresses behind the firewall ) though with no technical support, so if you are feeling particularly vindictive you can even install this type of protection at home these days if you want.

All that Meru Networks do is provide the Wireless and then Wireless Security in terms of logging into the Wireless. It doesn't have capability for blocking access to applications or sites so the college will be using something else. As such you won't circumvent the filtering by getting rid of the profile, that is simply allowing you to connect to the Wireless Network in the first place.

Of course once you start doing https inspection then think of all that lovely information you can be gathering from looking inside that https stream, so you have to be careful when implementing it. I suspect that rather then going through the work of doing the https inspection and doing properly simply being lazy and blocking access completely.

I remember when I was at college then the IT staff used to complain as the IT Students figured out how to access the software controlling the printers. As such when did any printing would simply jump into the print software, pause everyone else's print, get my print done then unpause everyone elses print job. We said stop us being able to do it then,and 2 years later was still doing it as they didn't bother taking away the ability to do it from our accounts.

 

[ShaneBunting]

Here's the screenshot of what I mean by the way.. same for http://www.google.co.uk , http://www.google.com too.

 

[keysofanxiety]

Here's the screenshot of what I mean by the way.. same for http://www.google.co.uk , http://www.google.com too.

What about Bing? I know, 'ha ha', but its Adult material is better anyway

Seriously though, you tried different search websites, or it it just Google that's blocked?

 

[ShaneBunting]

With whatever outdated proxy they use, Bing, and other search engines like Yahoo are extremely slow. Even on my Mac on my home network, other search engines are a pain in the ass in regards to speed.. (maybe I'm just used to Google?)

And to the guy who said to use Tor, tried that yesterday. Before opening the Tor browser, the loading bar for when it tries to connect to the Tor network would just come to a standstill

 

[alphaod]

I say you transfer to another school and have everyone else do the same.

 

[joyrida12]

With whatever outdated proxy they use, Bing, and other search engines like Yahoo are extremely slow. Even on my Mac on my home network, other search engines are a pain in the ass in regards to speed.. (maybe I'm just used to Google?)

And to the guy who said to use Tor, tried that yesterday. Before opening the Tor browser, the loading bar for when it tries to connect to the Tor network would just come to a standstill

Try setting up the dnsTunnel, it may superior you how well it works.

 

[LV426]

I thought I would chime in on this:
We expel about 2 or 3 students a year for violating the internet usage policy they sign before they are given access.
...
I agree with the above poster. We DO allow access to google. We of course attempt to filter out the images and do not allow our own laziness to get in the way of student research. Our filter page pops up a warning and a link that users can click to let us know that this should be whitelisted. We do a quick review and approve or deny based on content.

Why don't you let your students just view what they want to view? If they waste all their time watching porn they will get bad grades. That's hard cheese for them. If they watch porn some of the time and still get their work done, they're happily mixing business and pleasure. If you block porn access, they will just get annoyed at you and waste time trying to get around your rules.

I don't buy into censorship, even for kids.

 

[mcnallym]

Why don't you let your students just view what they want to view? If they waste all their time watching porn they will get bad grades. That's hard cheese for them. If they watch porn some of the time and still get their work done, they're happily mixing business and pleasure. If you block porn access, they will just get annoyed at you and waste time trying to get around your rules.

I don't buy into censorship, even for kids.

Perhaps you will "buy into" paying the legal fee's and fines that the college gets involved with when someone who finds what is being looked at offensive and sues the college for being offended. Yes apparently people have won such court cases, which is one of the reasons why people actually started putting in filtering in the first place. Not so much that wanted to restrict people's access, but simply don't want to get a court case.

Not to mention dealing with the parents of the student who is getting bad grades taking the college to court over the fact that got bad grades because spent too much time watching porn/being in touch with people on Facebook etc instead of studying.

Whilst it would be nice to live in a world where you could have full unrestricted access to the internet without censorship and then is down to individuals taking responsibility for there own actions, sadly that isn't this world.

We are where we are today with the Internet and filtered access due to users of the Internet. Administrators don't do this because they "get a kick out of it" but that they have been forced down this route by actions of some users of it. As is always the case some Administrators are better at there jobs then others. You can block access to porn on Google search results but requires more work due to privacy issues raised when you intercept the HTTPS traffic, so you need to be careful about your implementation of HTTPS inspection.
Of course if Google hadn't gone default to HTTPS and left at HTTP then could enforce Google Safesearch at the Gateway without having to worry about HTTPS Inspection.

We also shouldn't need passwords on our computers/accounts just our username, run anti-virus on our computers if other people didn't make us do this by writing/developing viruses/malware etc. We also shouldn't need locks as should be able to leave our property around without having to worry about someone else taking it.

In the UK then the issue of Railway Level Crossings has reared it's head again. We used to have full length gates that would block all access, but then idiots that would try and beat the closing gate got stuck on the crossing ( yes you got it, they blamed the railway company for this ) so they put in half gates to allow people to get off the crossing but not enter. Guess what you got instead, Yes thats right people would deliberately drive onto the wrong side of the road to go around the gate and then swerve onto the correct side to get off the far side ( if not rammed by the train going through for which the gates had been closed ) Apparently again this is the railway companies fault not the drivers. The railway company made them try and beat the gate or swerve around the gates to beat the train. Not only can the drivers/passengers of the vehicle be killed, it isn't exactly a picnic for the train driver either!

Now be warned that some people may find the next bit controversial

Read this article first

http://www.dailymail.co.uk/news/art...led-teenage-cyclist-texting-jailed-years.html

Whilst I want to make 100% clear I am NOT condoning or excusing the driver of the car, and NOONE should have to go through what the cyclists family has been through.

1.) Driver is breaking the law twice - once by speeding, the second by texting whilst driving.
2.) The cyclist went through a red light which the judge acknowledges.

BOTH sides were at fault here, with tragic consequence that someone lost there life, and two families are affected.

IF the driver hadn't been speeding and distracted then would have seen the cyclist.
IF the cyclist had obeyed the red light and wasn't crossing the road at the time then they wouldn't have been hit

At NO POINT do the family of the cyclist acknowledge that partially the responsibility of the cyclist here.

The Mother of the cyclist is all for bringing drivers that think is ok to text and speed round to see the effects of there actions, I don't read there about bring round cyclists that think is ok to cycle through red lights to see the impact it can have on their families when they are killed from there action.

I would like to point out here that I cycle as well as drive, and I don't cycle up the inside of vehicles at junctions or go through red lights. I have no desire to get knocked off my bike by being in someones blindspot when then they turn left, or knocked off by someone not spotting me after cycled through a red light. I have even less desire to by killed in such an event, especially when I can take steps myself to avoid being in that position.

If people aren't prepared to take personal responsibility when they could be killed, what chance do you think we have when something less important.

Yes the points are extreme, which I intended them to be however I intend them to show why we are unfortunately at the point where we are today.

 

[LV426]

Oh yeah, I forgot to mention you really need to sort out your ridiculous litigation system and live in the kind of world where people aren't scared to help someone in distress for fear of being sued.

 

[joyrida12]

Perhaps you will "buy into" paying the legal fee's and fines that the college gets involved with when someone who finds what is being looked at offensive and sues the college for being offended. Yes apparently people have won such court cases, which is one of the reasons why people actually started putting in filtering in the first place. Not so much that wanted to restrict people's access, but simply don't want to get a court case.

Not to mention dealing with the parents of the student who is getting bad grades taking the college to court over the fact that got bad grades because spent too much time watching porn/being in touch with people on Facebook etc instead of studying.

Whilst it would be nice to live in a world where you could have full unrestricted access to the internet without censorship and then is down to individuals taking responsibility for there own actions, sadly that isn't this world.

We are where we are today with the Internet and filtered access due to users of the Internet. Administrators don't do this because they "get a kick out of it" but that they have been forced down this route by actions of some users of it. As is always the case some Administrators are better at there jobs then others. You can block access to porn on Google search results but requires more work due to privacy issues raised when you intercept the HTTPS traffic, so you need to be careful about your implementation of HTTPS inspection.
Of course if Google hadn't gone default to HTTPS and left at HTTP then could enforce Google Safesearch at the Gateway without having to worry about HTTPS Inspection.

We also shouldn't need passwords on our computers/accounts just our username, run anti-virus on our computers if other people didn't make us do this by writing/developing viruses/malware etc. We also shouldn't need locks as should be able to leave our property around without having to worry about someone else taking it.

In the UK then the issue of Railway Level Crossings has reared it's head again. We used to have full length gates that would block all access, but then idiots that would try and beat the closing gate got stuck on the crossing ( yes you got it, they blamed the railway company for this ) so they put in half gates to allow people to get off the crossing but not enter. Guess what you got instead, Yes thats right people would deliberately drive onto the wrong side of the road to go around the gate and then swerve onto the correct side to get off the far side ( if not rammed by the train going through for which the gates had been closed ) Apparently again this is the railway companies fault not the drivers. The railway company made them try and beat the gate or swerve around the gates to beat the train. Not only can the drivers/passengers of the vehicle be killed, it isn't exactly a picnic for the train driver either!

Now be warned that some people may find the next bit controversial

Read this article first

http://www.dailymail.co.uk/news/art...led-teenage-cyclist-texting-jailed-years.html

Whilst I want to make 100% clear I am NOT condoning or excusing the driver of the car, and NOONE should have to go through what the cyclists family has been through.

1.) Driver is breaking the law twice - once by speeding, the second by texting whilst driving.
2.) The cyclist went through a red light which the judge acknowledges.

BOTH sides were at fault here, with tragic consequence that someone lost there life, and two families are affected.

IF the driver hadn't been speeding and distracted then would have seen the cyclist.
IF the cyclist had obeyed the red light and wasn't crossing the road at the time then they wouldn't have been hit

At NO POINT do the family of the cyclist acknowledge that partially the responsibility of the cyclist here.

The Mother of the cyclist is all for bringing drivers that think is ok to text and speed round to see the effects of there actions, I don't read there about bring round cyclists that think is ok to cycle through red lights to see the impact it can have on their families when they are killed from there action.

I would like to point out here that I cycle as well as drive, and I don't cycle up the inside of vehicles at junctions or go through red lights. I have no desire to get knocked off my bike by being in someones blindspot when then they turn left, or knocked off by someone not spotting me after cycled through a red light. I have even less desire to by killed in such an event, especially when I can take steps myself to avoid being in that position.

If people aren't prepared to take personal responsibility when they could be killed, what chance do you think we have when something less important.

Yes the points are extreme, which I intended them to be however I intend them to show why we are unfortunately at the point where we are today.

If all that is the case then as a country y'all deserve to be treated as children.

I mean honestly, y'all should consider going full on North Korea and block all communications not explicitly deemed appropriate by her majesty.

Instead of whining about the problem why not try fixing it? Reform your tort laws then the next time an overly sensitive sissy complains because he/she saw a nipple on someone's computer tell them to shut up and leave.

 

[mcnallym]

Oh yeah, I forgot to mention you really need to sort out your ridiculous litigation system and live in the kind of world where people aren't scared to help someone in distress for fear of being sued.

If all that is the case then as a country y'all deserve to be treated as children.

I mean honestly, y'all should consider going full on North Korea and block all communications not explicitly deemed appropriate by her majesty.

Instead of whining about the problem why not try fixing it? Reform your tort laws then the next time an overly sensitive sissy complains because he/she saw a nipple on someone's computer tell them to shut up and leave.

Yep sadly our country has caught up with America.

A nation that has to have warnings about not using Paint Strippers as Hair Dryers, and has to told that hot drinks may scald you if you spill it on you as apparently it is hot. ( In the UK McDonalds won the case by the way )

I am not the one complaining about the situation, I am merely explaining to the thread starter and others here about WHY he is getting Google Blocked.

 

[960design]

Why don't you let your students just view what they want to view? If they waste all their time watching porn they will get bad grades. That's hard cheese for them. If they watch porn some of the time and still get their work done, they're happily mixing business and pleasure. If you block porn access, they will just get annoyed at you and waste time trying to get around your rules.

I don't buy into censorship, even for kids.

I agree with you; I don't believe in censorship of any kind. Unfortunately federal law does not. If we were a private institution the laws are little more relaxed, but not much.

 

[960design]

get a $5 VPS @ digitalocean, setup an OpenVPN service that tunnels over port 443 (https).

They have to have pretty advanced security measures to detect that, since it will just look like encrypted traffic (like https). If they employ DPI they could potentially discover that the packets being sent are atypical for an https connection. But it is HIGHLY unlikely that any college/university/company does this.

Unlike the advice of others in this thread: don't stand for blocked internet. It's an affront. There's absolutely NO reason why they should be blocking it. If they want to make sure that most bandwidth is available for usage other than netflix/youtube/porn/... they should be using QoS traffic shaping.

PS: rotate the VPS' ip (they are billed by the hour, so you can easily set up new ones all the time) to prevent them from seeing your traffic is always being routed through the same IP.

source: I'm a software engineer currently living in China, I have experience with circumventing crazy network policies

Two to three people think exactly as you do. I find you almost immediately and sniff your traffic until I have enough information to prosecute you. I really enjoy learning your patterns of life to prepare the authorities ( even Homeland Security as in one case ) to walk in on you the minute you logged on. It's fun, stuff to see the cops walk in ask for the persons laptop. Have me bypass your device's security in 30 seconds to display the evidence to you and the police.

You are correct, most companies/universities don't have people that enjoy their job as much as I do.

I completely agree, I hate any sort of filtering for anyone. Unfortunately federal law does not agree with us.

 

[kristofv]

Two to three people think exactly as you do. I find you almost immediately and sniff your traffic until I have enough information to prosecute you. I really enjoy learning your patterns of life to prepare the authorities ( even Homeland Security as in one case ) to walk in on you the minute you logged on. It's fun, stuff to see the cops walk in ask for the persons laptop. Have me bypass your device's security in 30 seconds to display the evidence to you and the police.

You are correct, most companies/universities don't have people that enjoy their job as much as I do.

I completely agree, I hate any sort of filtering for anyone. Unfortunately federal law does not agree with us.

There's no proof tho. All you see is that there is openvpn traffic going to some IPs. Which is encrypted. The server which hosts the VPN is outside of US jurisdiction and is completely scrambled upon deletion. It is also completely encrypted, just in case.

The harddrive in my laptop is completely encrypted and most files are in containers with deniable encryption (encrypted container within an encrypted container) to prevent rubber-hosing. On top of that, if someone comes in, there are several very quick ways for me to 'lock' my PC that immediately removes the temporary access key from memory, thus effectively rendering the running device useless without the decryption passphrase. The passphrase is a random sentence with no relation to my person.

I send all files and mails pgp encrypted, so only the intended person can get it. And I do not send it directly to that person, but to a public share, where it is hard to see/prove who accessed it.

I'm not saying I can't be checked out or cracked, but it's probably considerably harder than most. I have nothing to hide, but it's the principle of privacy that I want to defend. Most people don't take it very serious, while they should.

 

[gavinstubbs09]

My high school blocks nearly every site imaginable...

My fix is to leave a Windows PC on at home, use Teamviewer, and set up unattended access. Works great and I can access it from my iPhone/iPad/MacBook so it all works out! I can finally win those ebay auctions

 

[terraphantm]

I agree with you; I don't believe in censorship of any kind. Unfortunately federal law does not. If we were a private institution the laws are little more relaxed, but not much.

Hm, I went to a public university and I don't remember there being a filter at all. Hell, in the right class, I probably could have done a research paper on pornography lol

 

[Cubytus]

Once the cost of 4G is manageable (i.e. unlimited data for a fair price...) and the speed is good enough (that's debatable) lots of hotspots and Wifi services will become obsolete.

It's typically extremely expensive in the West. There is no such thing anymore as affordable unlimited cellular data.

In an ideal situation, MAC allow/deny authentication is far more secure than WPA2, and if youwant to use WWAN/WLAN, it is wise to use both WPA2 and MAC filtration. Either can be broken, but it is easier to BF decrypt a WPA2 key, using a simple four-way handshake, than it is to do that in addition to needing the correct MAC address for that key.

Easy to break up a WPA2 key? Maybe if you work at a supercomputer facility.

On the other hand, changing a MAC address is easy.

Get a 4G capable phone iPhone5 or 5S with an unlimited data tarriff. (I'm on Three on a $15 p/month contract - unlimited data). Tether that your your laptop/iPad and you're home free.

We don't have such low tariffs here. But I do know China and southeast Asia have dirt-cheap plans.

Why don't you let your students just view what they want to view? If they waste all their time watching porn they will get bad grades. That's hard cheese for them. If they watch porn some of the time and still get their work done, they're happily mixing business and pleasure. If you block porn access, they will just get annoyed at you and waste time trying to get around your rules.

I don't buy into censorship, even for kids.

I'm into the reasonable censorship wagon. More than once I wished our universities blocked Facebook and Youtube in the libraries, both on university's machines as well as on the internal wifi. Why, you may ask? Because I've seen far too many students just sitting there, idling on Facebook and Youtube when seating space is a scarce and valuable resource. Just below chatting in a library, there are few things as infuriating as not being able to find a study spot when most of them are occupied by Facebook-dwellers. Serious students should never be penalized because they couldn't use the library for its intended purpose, namely find books, seat and study in silence.

Conversely, these sites would be open to view outside of the library. I do believe in a zero-tolerance policy when it comes to using scarce university resources.

There's no proof tho. All you see is that there is openvpn traffic going to some IPs. Which is encrypted. The server which hosts the VPN is outside of US jurisdiction and is completely scrambled upon deletion. It is also completely encrypted, just in case.

The harddrive in my laptop is completely encrypted and most files are in containers with deniable encryption (encrypted container within an encrypted container) to prevent rubber-hosing. On top of that, if someone comes in, there are several very quick ways for me to 'lock' my PC that immediately removes the temporary access key from memory, thus effectively rendering the running device useless without the decryption passphrase. The passphrase is a random sentence with no relation to my person.

I send all files and mails pgp encrypted, so only the intended person can get it. And I do not send it directly to that person, but to a public share, where it is hard to see/prove who accessed it.

I'm not saying I can't be checked out or cracked, but it's probably considerably harder than most. I have nothing to hide, but it's the principle of privacy that I want to defend. Most people don't take it very serious, while they should.

Seems like a hardcore security setup.

What VPN provider do you use?
How do you fully encrypt your laptop hard drive without performance penalty?
How do you "immediately" remove your temporary key from memory without corrupting anything or crashing the machine? Do your computer can actually go to sleep?
How can you remember a completely random passphrase?
BTW you can't encrypt emails with PGP if you don't have the other person's public key. And most non-geeks don't have a key.

 

[960design]

My high school blocks nearly every site imaginable...

My fix is to leave a Windows PC on at home, use Teamviewer, and set up unattended access. Works great and I can access it from my iPhone/iPad/MacBook so it all works out! I can finally win those ebay auctions

Now come on. That is making it TOO easy for me to watch what you are doing. I actually have 3 students doing the exact same thing right now. As you know it's against the Acceptable Use Policy to do so. But just running teamviewer in itself, will not get you expelled, only reprimanded. So I wait and log; annoyed that you have opened up our network to exploits.

----------

There's no proof tho. All you see is that there is openvpn traffic going to some IPs. Which is encrypted. The server which hosts the VPN is outside of US jurisdiction and is completely scrambled upon deletion. It is also completely encrypted, just in case.

The harddrive in my laptop is completely encrypted and most files are in containers with deniable encryption (encrypted container within an encrypted container) to prevent rubber-hosing. On top of that, if someone comes in, there are several very quick ways for me to 'lock' my PC that immediately removes the temporary access key from memory, thus effectively rendering the running device useless without the decryption passphrase. The passphrase is a random sentence with no relation to my person.

I send all files and mails pgp encrypted, so only the intended person can get it. And I do not send it directly to that person, but to a public share, where it is hard to see/prove who accessed it.

I'm not saying I can't be checked out or cracked, but it's probably considerably harder than most. I have nothing to hide, but it's the principle of privacy that I want to defend. Most people don't take it very serious, while they should.

I didn't want to write a book, inviting a back and forth discussion about security, but your set up is the way to go. Encrypted home folder makes it impossible for me to view your data 'on the fly'. Actually, it would require a HUGE investment in resources to break into it. Easily done, if required by law, as a one off, but impossible, literally impossible to do it ad hoc.

The rest seems fairly tight except for the PGP. Seeing the level of security taken, I know you understand its weaknesses and have only added it as an additional layer of noise.

 

[960design]

How can you remember a completely random passphrase?

Okay, are you ready. A top secret here. My admin password is based off of a poem.

It's much harder to write about than I thought. So I'll give an example ( haha, not an accurate one, just an idea of how I remember long passphrases ).

Today is 17 March. My password would be based off of the 17 line of the 3rd chapter from the Quran. That line looks something like:

The patient, the true, the obedient, those who spend [in the way of Allah ], and those who seek forgiveness before dawn.

My password for the day would look like:
TpTtToTwsAtwsfbd after every comma I add a number/special character - based on the single digits column and capitalize the following character ( already done ).

Today is a prime, normally I use factors to select the special characters, but this time I only have two ( best day to hack me would be a prime day ).

Tp!Tt&ToTwsAtwsfbd

Easy peasy. A different password tomorrow. To keep from generating a pattern I switch poems on the fly. Basically, whatever is in my mind that morning.

 

[Cubytus]

Okay, are you ready. A top secret here. My admin password is based off of a poem.

It's much harder to write about than I thought. So I'll give an example ( haha, not an accurate one, just an idea of how I remember long passphrases ).

Today is 17 March. My password would be based off of the 17 line of the 3rd chapter from the Quran. That line looks something like:

My password for the day would look like:
TpTtToTwsAtwsfbd after every comma I add a number/special character - based on the single digits column and capitalize the following character ( already done ).

Today is a prime, normally I use factors to select the special characters, but this time I only have two ( best day to hack me would be a prime day ).

Tp!Tt&ToTwsAtwsfbd

Easy peasy. A different password tomorrow. To keep from generating a pattern I switch poems on the fly. Basically, whatever is in my mind that morning.

Granted if you have a outstanding memory and can remember a different poem every morning while making advanced algebra in your head, and thinking about changing your passphrase every day, you're obviously above my league.

I need a good two hours after waking AND large coffee just to get going in the morning.

 

[960design]

Granted if you have a outstanding memory and can remember a different poem every morning while making advanced algebra in your head, and thinking about changing your passphrase every day, you're obviously above my league.

I need a good two hours after waking AND large coffee just to get going in the morning.

A co worker said the exact same thing when I mentioned this. Hilarious. I drink coffee, they have to pry me off of the ceiling. I wake up when I hear the speaker turn on, before the alarm has a chance to sound.

I forgot to mention to our high speed security types out there. Don't use any Windows systems. All of your security can be bypassed in about 30 seconds.

One of our 'hackers' sat there smugly as they handed his laptop to me. Turned it on. Windows7 with a password protection and encrypted home folder. I looked at him, smiled and bypassed his password to get admin access to his computer and home folder in about 30 seconds.

 

[charlituna]

I get it now. And yeah, but they blocked eBay UK as 'shopping' and Google as 'Adult Material'.. It's not even like I'm being unfair lol Hopefully they'll sort it.

I can provide screenshots to prove that too.. I know it's hard to believe :L

Not that hard to believe they might block things, if the net is set up for school use they want to make sure it stays that way. Beware of trying to get around it because if you are caught you could be in trouble for violating use policy or such