How do you get around censorware?
August 7, 2008 7:03 AM Subscribe
I've started a new job where they use *sense, the well known censorware. To me it's like a tooth ache, I can't stop poking at it. I forwarded my gmail to a 'me@mydomain.com' email account hosted by dreamhost, but a week later web* is blocking it. I set up CGIPROXY on a server, but *sense knows about it. I've tried PHPPROXY, but gmail won't load through it. What is a reliable, invisible, way around the damn thing?
The filter doesn't accomplish what it is supposedly in place to accomplish. I've wasted more time trying to circumvent it than I ever would have checking my email at lunch. I can read MeFi, BoingBoing, and Digg, the three biggest time wasters I know.
It's insulting, I'm not about to pirate movies, download viruses, or browse porn sites. It's inconvenient, I can't download the dev version of tab mix plus because the site that hosts it is blocked. I can download the version available on the Firefox add-ons site, but that doesn't work with Firefox 3.
But mostly it's insulting. Help me thumb my nose at it.
The filter doesn't accomplish what it is supposedly in place to accomplish. I've wasted more time trying to circumvent it than I ever would have checking my email at lunch. I can read MeFi, BoingBoing, and Digg, the three biggest time wasters I know.
It's insulting, I'm not about to pirate movies, download viruses, or browse porn sites. It's inconvenient, I can't download the dev version of tab mix plus because the site that hosts it is blocked. I can download the version available on the Firefox add-ons site, but that doesn't work with Firefox 3.
But mostly it's insulting. Help me thumb my nose at it.
Response by poster: The Websense category "Proxy Avoidance" is filtered.
URL: http://www.torproject.org/
posted by Grod at 7:09 AM on August 7, 2008
URL: http://www.torproject.org/
posted by Grod at 7:09 AM on August 7, 2008
Ok. From home, go to www.torproject.org. Download the Vidalia bundle onto a thumb drive. Bring to work, install.
done.
posted by nougat at 7:12 AM on August 7, 2008
done.
posted by nougat at 7:12 AM on August 7, 2008
You can also tunnel out thru ssh to a home computer. But first you have to install winSSH or something else on your home pc and install Bitvise Tunnelier on your work pc.
posted by nougat at 7:16 AM on August 7, 2008
posted by nougat at 7:16 AM on August 7, 2008
Can you ssh to a server? You could then funnel everything through an ssh tunnel.
posted by zsazsa at 7:17 AM on August 7, 2008
posted by zsazsa at 7:17 AM on August 7, 2008
Intentionally circumventing an employers web filtering could be a grounds for having either access removed, or being fired.... ALL THAT ASIDE.
I personally use FirefoxPortable on a usb stick, and also PuTTY portable and use a SSH tunnel to just past the marshal filter at work.
This only works at one of my places of employment, the other place doesn't work.. i suspect because they've blocked everything but port 80 traffic.
Before using SSH tunnels I used to keep a list of public proxies with me so I could swap out the employer-set proxy server with a public one. This only works if the network is configured in a way the proxy isn't a requirement for accessing the web.
I think what nougat is saying, is that you need to view that site at home, and learn about how to configure tor for proxy usage.
posted by chrisbucks at 7:17 AM on August 7, 2008
I personally use FirefoxPortable on a usb stick, and also PuTTY portable and use a SSH tunnel to just past the marshal filter at work.
This only works at one of my places of employment, the other place doesn't work.. i suspect because they've blocked everything but port 80 traffic.
Before using SSH tunnels I used to keep a list of public proxies with me so I could swap out the employer-set proxy server with a public one. This only works if the network is configured in a way the proxy isn't a requirement for accessing the web.
I think what nougat is saying, is that you need to view that site at home, and learn about how to configure tor for proxy usage.
posted by chrisbucks at 7:17 AM on August 7, 2008
And everyone should preview!
posted by chrisbucks at 7:17 AM on August 7, 2008
posted by chrisbucks at 7:17 AM on August 7, 2008
Response by poster: OK. I was hoping for a solution that was entirely web based and wouldn't require me to install software on a machine that does not belong to me -- seems like a risk. But I bet there's a way to run it all off a thumb drive without installing anything. I'll investigate. I'd still welcome a simple web solution, though.
posted by Grod at 7:18 AM on August 7, 2008
posted by Grod at 7:18 AM on August 7, 2008
PortableApps are designed to leave no registry entries on the host computer, so you're not installing anything.
There are plenty of web based solutions, but they'll all be blocked as proxy avoidance. As you've experienced, WebSense/whichever is able to learn, so no amount of installing *PROXY programmes on remote hosting will work, not to the extent you're wanting anyway.
posted by chrisbucks at 7:21 AM on August 7, 2008
There are plenty of web based solutions, but they'll all be blocked as proxy avoidance. As you've experienced, WebSense/whichever is able to learn, so no amount of installing *PROXY programmes on remote hosting will work, not to the extent you're wanting anyway.
posted by chrisbucks at 7:21 AM on August 7, 2008
Response by poster: Chrisbucks, thanks. I'll give it a go.
posted by Grod at 7:23 AM on August 7, 2008
posted by Grod at 7:23 AM on August 7, 2008
For my GMail when my company was using *sense, I could get through by using the https:// version. Might try that?
posted by deezil at 7:34 AM on August 7, 2008
posted by deezil at 7:34 AM on August 7, 2008
Ok. From home, go to www.torproject.org. Download the Vidalia bundle onto a thumb drive. Bring to work, install.
done.
Keep in mind that corporate AV products can do program restriction reports. I can do it at work and see what games the kids are up to nowadays and. Your work can do the same exact thing for known proxy clients (I've done some testing, and our software will detect blocked apps regardless of it being run off a thumb or hard drive) and see that a program you want to run is being blocked.
posted by jmd82 at 7:49 AM on August 7, 2008
done.
Keep in mind that corporate AV products can do program restriction reports. I can do it at work and see what games the kids are up to nowadays and. Your work can do the same exact thing for known proxy clients (I've done some testing, and our software will detect blocked apps regardless of it being run off a thumb or hard drive) and see that a program you want to run is being blocked.
posted by jmd82 at 7:49 AM on August 7, 2008
Laptop + cellular broadband. Yes, there's a cost associated with it. But it sure is an improvement in my work life. Plus it's useful when traveling.
I realize that's probably not the type of answer you're looking for, but if you have the money it can be a very worthwhile investment.
posted by krisak at 7:56 AM on August 7, 2008
I realize that's probably not the type of answer you're looking for, but if you have the money it can be a very worthwhile investment.
posted by krisak at 7:56 AM on August 7, 2008
Response by poster: deezil, that works. Yet another demonstration of how utterly pointless this thing is.
posted by Grod at 7:58 AM on August 7, 2008
posted by Grod at 7:58 AM on August 7, 2008
Get an iPhone, or blackberry, or whatever, with internet access and check your mail on that.
Running ssh tunnels/tor is way more suspicious than just checking your personal email at work -- if in doubt, I'd recommend against it.
posted by devbrain at 8:05 AM on August 7, 2008
Running ssh tunnels/tor is way more suspicious than just checking your personal email at work -- if in doubt, I'd recommend against it.
posted by devbrain at 8:05 AM on August 7, 2008
@toomuchpete
Or worse, someone from work decides to Google you some day and is successful in linking your name to your screen name and finds this thread.
posted by MarkLark at 8:46 AM on August 7, 2008
Or worse, someone from work decides to Google you some day and is successful in linking your name to your screen name and finds this thread.
posted by MarkLark at 8:46 AM on August 7, 2008
It's not at all uncommon to have to circumvent the censorware in order to do your work, though. "Tab mix plus" is easily work related. (A while ago a coworker had a problem because the main support channel for some software we were using was IRC-based — but our company's upstream ISP blocked all IRC traffic. An ssh tunnel got around that though.)
posted by hattifattener at 9:04 AM on August 7, 2008
posted by hattifattener at 9:04 AM on August 7, 2008
We have *sense at work. I installed LogMeIn at home, then just go to LogMeIn.com everyday and browse my home computer. If you need files locally, just email them to yourself or use filedropper.com or something.
This might not be the ideal solution since you'd probably rather use your local browser, but the idea of my company logging everything I do online made the switch pretty easy.
My company manually started blocking LogMeIn.com so I've recently switch to NTRConnect.com. Not as good, but works.
Also, you could look at setting up your own proxy (Glype or CGIProxy) and connect using No-IP so if *sense blocks, you can just switch the domain name.
posted by Kupo? at 11:13 AM on August 7, 2008
This might not be the ideal solution since you'd probably rather use your local browser, but the idea of my company logging everything I do online made the switch pretty easy.
My company manually started blocking LogMeIn.com so I've recently switch to NTRConnect.com. Not as good, but works.
Also, you could look at setting up your own proxy (Glype or CGIProxy) and connect using No-IP so if *sense blocks, you can just switch the domain name.
posted by Kupo? at 11:13 AM on August 7, 2008
For my GMail when my company was using *sense, I could get through by using the https:// version. Might try that?
This worked for about five minutes at my place of business. Either they run updated versions of WebSense (why the asterisk?) or the software 'learns.'
posted by fixedgear at 12:07 PM on August 7, 2008
This worked for about five minutes at my place of business. Either they run updated versions of WebSense (why the asterisk?) or the software 'learns.'
posted by fixedgear at 12:07 PM on August 7, 2008
The https workaround seems to depend on the particular configuration. It works for me now, but hasn't in the past. Also, when it is blocked you don't get the same "this site is restricted" screen you get with other websites, since the filtering proxy is unable to change the page's contents (that's what https gets you). Instead it seems to just null route everything, so you just get your browser's loading screen.
posted by Horselover Fat at 1:11 PM on August 7, 2008
posted by Horselover Fat at 1:11 PM on August 7, 2008
I think we've been using the asterisk in case it's reading the pages your reading for the word 'websense' and trying to automatically block them. Cause I have seen something like that in practice before.
posted by deezil at 1:47 PM on August 7, 2008
posted by deezil at 1:47 PM on August 7, 2008
Ask your bosses to unrestrict your email.
I personally wouldn't want my personal email floating around my company's network.
posted by gjc at 4:31 PM on August 7, 2008
I personally wouldn't want my personal email floating around my company's network.
posted by gjc at 4:31 PM on August 7, 2008
How easy would it be for network admins to see if you were using something like Torproject's Vidalia? Unless it was virutally impossible to detect, the risks (getting fired) would see to far outweigh the rewards.
posted by jluce50 at 1:48 PM on August 8, 2008
posted by jluce50 at 1:48 PM on August 8, 2008
Response by poster: Nah, the security guy is one of those paranoid types who doesn't understand what it is he's securing. He thinks, for example, that an employee's machine could contract something on an infected blog and that hackers could then access the employee's machine and read her email. These malicious supermen would, after a period of study, emulate the employee's writing style well enough to pass for her without arousing suspicion, enabling them to send an email filled with viruses to the institute director. Along the way all protected data -- patient information etc. -- would be compromised. I'm told he spends his entire day sniffing packets. It's maddening.
posted by Grod at 3:05 PM on August 8, 2008
posted by Grod at 3:05 PM on August 8, 2008
« Older I'd like a dynamic signature in Gmail. Possible? | Post Office snake oil saleswoman? Newer »
This thread is closed to new comments.
It's slow but will get you around that.
posted by nougat at 7:07 AM on August 7, 2008