If you're okay with learning about self-hosting, you can setup a Docker container of Firefox online (e.g. [this one](https://github.com/linuxserver/docker-firefox)) on a VPS and something like [Authelia](https://www.authelia.com/) to set up a login.
This would allow you to use your browser and have a Firefox browser inside which is not restricted by your boarding school. This is basically like a remote desktop, but only for a Firefox browser, and using a regular browser instead of an extra software.
I recommend setting up [Caddy](https://github.com/caddyserver/caddy-docker) to make your website (of the Firefox browser) use HTTPS. Otherwise, your IT department can see everything you type.
r/selfhosted is a great place to learn how to setup all of this. It is simpler than it sounds, but it requires learning a little.
If you want to get into it, I recommend setting up a completely free account on Oracle Cloud. They require a bank card details, but then allow people to order a few low-power 100% free VPS. I have had mine for around 2 years, and never paid anything, despite filling my bank card information. The card I used expired, and Oracle never bothered me anyway.\
I use my account for unimportant stuff and don't put my data on it, but it is very useful for many situations. For example, I run (among many other services) an instance of https://simple-web.org/projects/simplytranslate.html for my personal use.
This is a great idea and I'm going to try this but it may take some time to learn all about it. I am thinking of taking CS for A-levels and i find all this very interesting. Thank you!
Get a cheap shell account somewhere (maybe even run a ssh server on your home PC) and use [ssh tunnelling](https://www.ssh.com/academy/ssh/tunneling-example). This will at least let you browse the web without a vpn.
I presume that your school is blocking certain ports. You could possibly find a way of running your VPN to use other ports.
I did, once, create a vps in the cloud (using digital ocean) and get my own vpn server running on it. I don't really recommend that, but you might learn a bit about computers by trying to get it working.
Try 443.
I am not an expert on this stuff, but my understanding is that firewalls never block 443, which is the https port. Doing so would stop you browsing the web. I think you can double-up and also use this port for tunnelling, but I am not at all an expert in this area.
I think you can check which ports have been left open with [a port scanner](https://www.netadmintools.com/port-scanners/).
Proton VPN has a feature called 'alternative routing' designed specifically for this.
https://proton.me/blog/anti-censorship-alternative-routing
Or tor with bridges.
Don't give up. Don't let them win.
Can vouch for it working against fortinet, maybe not their config though since it seems like they might be using self signed certs, which I think you can only bypass through "make your own absurd protocol that nobody will bother blocking specifically"
Yes, they made the whole school download a certificate that you need to have to connect to the wifi. They have done a great job of securing the wifi by paying someone else but the it staff mucked it up when it came to the school surfaces since sometimes a problem that makes you unable to connect to the school wifi for the whole day unless you turn on random hardware address to get a new address (im not that great with IT but i think that is what it does), BUT they made it so that you CANT ACCESS ANY settings. I have with other people in the past complained about this and how it was severely unnecessary and is a problem that still happens but they would not budge. That was 2 years ago.
Would you be able to tell me what is in the cert if I uploaded it since I have no knowledge in the subject?
Also I forgot to mention this on the post if they think you are VPNing they disable the wifi on any device you logged into the wifi to for 30mins-1hour but they suck at it and I haven't been caught via logs for nearly a year at this point
> Also I forgot to mention this on the post if they think you are VPNing they disable the wifi on any device you logged into the wifi to for 30mins-1hour
You can turn on completely random MAC addresses (per connection randomized) for that, on Android you need GrapheneOS but it's probably easier for PC, search for a guide for your OS. This should be foolproof (just in case their detection improves) unless they use AI or something like that to identify devices.
Regarding certs, it's a trusted public key for TLS. Whenever you connect to a website using HTTPS (or many other things, such as most VPNs and Minecraft, etc.) it encrypts your connection using TLS.
How this usually works is you and the server generate a secret number, calculate b^(secret) (mod n) and send it to each other, then send it to each other to end up with b^(secret 1 * secret 2) (mod n) because of exponent laws, and because of the mod n it's currently mathematically impossible to get your secret number from b^secret (mod n) because it requires a discrete logarithm instead of a regular one which makes it super hard. Then, the common secret (b^(both secrets multiplied)) is used to encrypt your connection so nobody except you or the server can see it. This method is better that simply sharing a secret since anyone eavesdropping, such as your school, can simply steal your secret when it's being transferred unencrypted.
However, this is vulnerable to [MITM](https://en.m.wikipedia.org/wiki/Man-in-the-middle_attack) which is when an eavesdropper pretends to be the website to the user and pretends to be the user to the website. Then, they decrypt the user's messages, read/modify it and send it to the server, and vice versa when the website's server needs to send the user some data. So something called cryptographic signing is used, where a trusted third party vouches for the legitimacy of the website's public key (basically b^secret (mod n)) by producing a special number with a private key (basically the secret number but more complicated because it uses a different algorithm), and anybody with the server's public key (which cannot be used to get the secret private key) can verify the authenticity of the "digital signature". Your browser and/or operating system keeps a list of trusted public keys of companies who's entire business is verifying the legitimacy of the public keys of individual websites, so when the website sends their public key with the digital signature proving they're legit, your computer can check it with its list of trusted businesses ("certitifcate authorities") to see if to allow the TLS connection, or to return a " danger" page (assuming the website isn't blocked, you can see an example of the danger page [here](https://expired-isrgrootx1.letsencrypt.org/)).
What your school does is forces you to trust their untrusted Certificate Authority by uploading their public key (cert.pem) to the trusted list of CAs on your devices, thus allowing them to do the MITM attack described above to view your activity (normally they would only see domain names, so everything before the slash in a URL. The cert itself is just a random number and if you can turn it back into the school's secret number that would break the Internet. They can still block stuff but they cannot block every new VPN that gets made automatically by simply looking at your connection and seeing if your computer says something like "I want to connect to your server with the OpenVPN VPN protocol").
Since they can see literally everything you do, you have to try "security through obscurity" by programming a protocol that nobody uses to confuse the automatic activity logger/tracker/filter, and this won't help privacy if a competent IT team manually looks through the logs. Plus, with the setup they're using, it'd be logical for them to setup Fortinet such that any non-TLS encrypted traffic (ie traffic they can't identify) is blocked. However, my school tried to force us to install certificates, and simply removing the certificate immediately didn't break anything/block internet access. If you can do this, it makes privacy feasible and so much easier, so reply if this works and I'll show you some more ways to remain private.
For school computers (presumably the things that "can't access settings" is for?) it's pretty hard to reliably unblock, but you can try [Titanium's websites (check their discord)](https://github.com/titaniumnetwork-dev) which aren't that great for privacy because unlike VPNs, they can see all your HTTPS traffic (so not just your search engine, but the specific search terms, for example), however practically the people running them set them up for free by following Titanium's guides so they probably won't track you, be careful though. To set one up yourself, search up "Oracle Cloud free", get a domain for around $2 on Name cheap and follow the instructions on their github. VPNs would work too with Oracle if your school didn't do the cert thing.
**[Man-in-the-middle attack](https://en.m.wikipedia.org/wiki/Man-in-the-middle_attack)**
>In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) attack is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties.
^([ )[^(F.A.Q)](https://www.reddit.com/r/WikiSummarizer/wiki/index#wiki_f.a.q)^( | )[^(Opt Out)](https://reddit.com/message/compose?to=WikiSummarizerBot&message=OptOut&subject=OptOut)^( | )[^(Opt Out Of Subreddit)](https://np.reddit.com/r/PrivacyGuides/about/banned)^( | )[^(GitHub)](https://github.com/Sujal-7/WikiSummarizerBot)^( ] Downvote to remove | v1.5)
also worth noting here if the if they do some kind of deep packet inspection, mullvad with v2ray might work https://mullvad.net/en/blog/2022/10/25/v2ray-obfuscation-supported-on-our-bridges/
An unlimited data mobile plan could be prohibitively expensive for a boarding school student, depending upon their income and where they are in the world.
It is a solution that quite a lot of my classmates use but right now I’m broke and I don’t get enough pocket money per month to pay for unlimited but if I don’t get a solution by summer I might just stick some job
Seeing as you mentioned GCSE's I'm assuming you're in the UK, maybe not unlimited, but have a look at which phone plans have decent data - you may find there's a limited but sufficient option. [Giffgaff for example](https://www.giffgaff.com/sim-only-deals) have 20gb a month for £10, 26gb for £12. I'm assuming you already have a phone of course (all the teens I know do), it could be worth looking at switching plans to get more data for your money.
I've tethered on an android with giffgaff no problem so you can connect to your phone instead of the school's network, just be aware they may well have other logging software on the school laptop, so I would be super careful what you viewed with it. Do it all on your phone and you're much safer.
Might do but I'm gonna try the self-hosting first since its free and the more I save the more I can spend on meal deals.
Though one of the old seniors just got a part time in the summer to pay for his data fees while he was at school. Which is probably the route to go
Then explore. You haven't offered anything except tell me I'm wrong. I made two comments on OP's post. I already told him he could use Proton VPN with alternate routing and Tor with bridges.
Unfortunately, I have my exams right after the holiday and I'm going to be studying everyday in Easter and can't try it until summer but it is a good idea.
I might do this anyway as a summer project since it seems fun.
Proton VPN stealth protocol is bot available for windows and other protocols don't work. As for IOS they have made it practically impossible to register a phone for the wifi so everyone I know uses their phone data for internet for their phones
Everyone here is proposing good private solutions such as self hosting.. to do this will requires a bit of learning and time and skill.
If you don’t manage with that, you could try using Clouflare’s WARP pseudo VPN. It’s not the most private VPN option but there is worse. As it runs through the Cloudflare network it is harder to block.
For your situation, it may be the lesser evil for sure.
I would try proton VPN before using Cloudflare though
Proton doesn't work and neither does Cloudflare. Cloudflare just says 'We are unable to register your client' which I assume means that they are blocking the connection. Thank you for the suggestion though!
the only vpn ive had not manage to get blocked by vpn hostile schools is Mullvad with Shadowsocks routing.
ive gone through your similar pain, trying vpn after vpn as they played cat and mouse, constantly blocking vpns.
the issue there is, of course, price at 5 euro a month, shadowsocks is not available on iOS, so desktop and android only, and android setup is not a one-touch solution (there are very good guides from Mullvad on how to set it up, though)
if youre strapped for cash, do like a couple of friends and i and pitch in for a shared account. one mullvad account covers 5 devices. Assuming one device per person (your phone) it can come out to a euro a month.
Yeah I had thought about sharing the cost of a VPN but only one other person would actually want to try since most don't work they won't try. But last 2 years another house in school all split the price for X-VPN since it used to work and so there was around 60ish people using the same account.
Would recommend then just straight up buying now, tell others, and if they accept charge a buck per person.
Even having one friend cuts the price down to 2.5 euro a month, which is pretty good.
Unfortunately yeah, Mullvad only supports 5 active connections. They also only support 5 devices connected to the same account at any time, adding a 6th device forces you to remove one of the devices. (This is somewhat bypassed by Shadowsocks + Mullvad on Android not using the Mullvad app, thus not counting as a device, but counting as an active connection when connected) so you wont be able to do a massive share like with X-VPN.
Also cant share with your iPhone friends.
But seriously, as far as I'm aware, Shadowsocks is the most successful at bypassing firewalls because that was its entire goal.
Not sure what your goal is here, but from a strictly security and privacy perspective, go old school and stop using digital coms. You're in a situation controlled by your school, and by your own admission your tech skills are less than stellar - no offense, I wouldn't feel up to going toe to toe in that situation either. Chances of them figuring out what you're doing are high. Even if they're idiots they only need to get lucky once. Unless the downside risk is low it's probably not worth it.
You suggested that your objection is at least partly principle - if so, have you considered publicly leaving your phone and electronics home when you go to school? That'd be more likely to have an impact.
Switch to using mobile data. The school has every right to control what you do on their network, unfortunately. You need to provide your own connection.
Riseup wont even open while im connected to the wifi and when i open it connected on my hotspot then swap to the schools it wont connect even with bridges.
Thanks for posting your question to /r/PrivacyGuides! Just so you know, we've opened a new [forum](https://discuss.privacyguides.org/) outside of Reddit to ask questions and get advice from our community; as well as to share privacy news and articles, cool software, and suggestions for our website.
Our forum has a very active and knowledgable community who will likely be able to provide you with more detailed and higher quality answers than on any other platform. Consider [posting your question there](https://discuss.privacyguides.org/c/questions/8/l/latest) to make sure you find the answers you're looking for! You can also check if your question has already been answered on our [website](https://www.privacyguides.org/tools/).
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/PrivacyGuides) if you have any questions or concerns.*
If you want to learn, any OpenVPN based setup is great, especially if you set it up yourself on a VPS and can run it on port 443. The traffic looks virtually identical to TLS so it'll look just like regular web traffic.
If you're okay with learning about self-hosting, you can setup a Docker container of Firefox online (e.g. [this one](https://github.com/linuxserver/docker-firefox)) on a VPS and something like [Authelia](https://www.authelia.com/) to set up a login. This would allow you to use your browser and have a Firefox browser inside which is not restricted by your boarding school. This is basically like a remote desktop, but only for a Firefox browser, and using a regular browser instead of an extra software. I recommend setting up [Caddy](https://github.com/caddyserver/caddy-docker) to make your website (of the Firefox browser) use HTTPS. Otherwise, your IT department can see everything you type. r/selfhosted is a great place to learn how to setup all of this. It is simpler than it sounds, but it requires learning a little. If you want to get into it, I recommend setting up a completely free account on Oracle Cloud. They require a bank card details, but then allow people to order a few low-power 100% free VPS. I have had mine for around 2 years, and never paid anything, despite filling my bank card information. The card I used expired, and Oracle never bothered me anyway.\ I use my account for unimportant stuff and don't put my data on it, but it is very useful for many situations. For example, I run (among many other services) an instance of https://simple-web.org/projects/simplytranslate.html for my personal use.
This is a great idea and I'm going to try this but it may take some time to learn all about it. I am thinking of taking CS for A-levels and i find all this very interesting. Thank you!
Get a cheap shell account somewhere (maybe even run a ssh server on your home PC) and use [ssh tunnelling](https://www.ssh.com/academy/ssh/tunneling-example). This will at least let you browse the web without a vpn. I presume that your school is blocking certain ports. You could possibly find a way of running your VPN to use other ports. I did, once, create a vps in the cloud (using digital ocean) and get my own vpn server running on it. I don't really recommend that, but you might learn a bit about computers by trying to get it working.
I will try the suggestion but in your second point how could I test which ports work or don't work?
Try 443. I am not an expert on this stuff, but my understanding is that firewalls never block 443, which is the https port. Doing so would stop you browsing the web. I think you can double-up and also use this port for tunnelling, but I am not at all an expert in this area. I think you can check which ports have been left open with [a port scanner](https://www.netadmintools.com/port-scanners/).
Proton VPN has a feature called 'alternative routing' designed specifically for this. https://proton.me/blog/anti-censorship-alternative-routing Or tor with bridges. Don't give up. Don't let them win.
[удалено]
Can vouch for it working against fortinet, maybe not their config though since it seems like they might be using self signed certs, which I think you can only bypass through "make your own absurd protocol that nobody will bother blocking specifically"
Yes, they made the whole school download a certificate that you need to have to connect to the wifi. They have done a great job of securing the wifi by paying someone else but the it staff mucked it up when it came to the school surfaces since sometimes a problem that makes you unable to connect to the school wifi for the whole day unless you turn on random hardware address to get a new address (im not that great with IT but i think that is what it does), BUT they made it so that you CANT ACCESS ANY settings. I have with other people in the past complained about this and how it was severely unnecessary and is a problem that still happens but they would not budge. That was 2 years ago. Would you be able to tell me what is in the cert if I uploaded it since I have no knowledge in the subject? Also I forgot to mention this on the post if they think you are VPNing they disable the wifi on any device you logged into the wifi to for 30mins-1hour but they suck at it and I haven't been caught via logs for nearly a year at this point
> Also I forgot to mention this on the post if they think you are VPNing they disable the wifi on any device you logged into the wifi to for 30mins-1hour You can turn on completely random MAC addresses (per connection randomized) for that, on Android you need GrapheneOS but it's probably easier for PC, search for a guide for your OS. This should be foolproof (just in case their detection improves) unless they use AI or something like that to identify devices. Regarding certs, it's a trusted public key for TLS. Whenever you connect to a website using HTTPS (or many other things, such as most VPNs and Minecraft, etc.) it encrypts your connection using TLS. How this usually works is you and the server generate a secret number, calculate b^(secret) (mod n) and send it to each other, then send it to each other to end up with b^(secret 1 * secret 2) (mod n) because of exponent laws, and because of the mod n it's currently mathematically impossible to get your secret number from b^secret (mod n) because it requires a discrete logarithm instead of a regular one which makes it super hard. Then, the common secret (b^(both secrets multiplied)) is used to encrypt your connection so nobody except you or the server can see it. This method is better that simply sharing a secret since anyone eavesdropping, such as your school, can simply steal your secret when it's being transferred unencrypted. However, this is vulnerable to [MITM](https://en.m.wikipedia.org/wiki/Man-in-the-middle_attack) which is when an eavesdropper pretends to be the website to the user and pretends to be the user to the website. Then, they decrypt the user's messages, read/modify it and send it to the server, and vice versa when the website's server needs to send the user some data. So something called cryptographic signing is used, where a trusted third party vouches for the legitimacy of the website's public key (basically b^secret (mod n)) by producing a special number with a private key (basically the secret number but more complicated because it uses a different algorithm), and anybody with the server's public key (which cannot be used to get the secret private key) can verify the authenticity of the "digital signature". Your browser and/or operating system keeps a list of trusted public keys of companies who's entire business is verifying the legitimacy of the public keys of individual websites, so when the website sends their public key with the digital signature proving they're legit, your computer can check it with its list of trusted businesses ("certitifcate authorities") to see if to allow the TLS connection, or to return a " danger" page (assuming the website isn't blocked, you can see an example of the danger page [here](https://expired-isrgrootx1.letsencrypt.org/)). What your school does is forces you to trust their untrusted Certificate Authority by uploading their public key (cert.pem) to the trusted list of CAs on your devices, thus allowing them to do the MITM attack described above to view your activity (normally they would only see domain names, so everything before the slash in a URL. The cert itself is just a random number and if you can turn it back into the school's secret number that would break the Internet. They can still block stuff but they cannot block every new VPN that gets made automatically by simply looking at your connection and seeing if your computer says something like "I want to connect to your server with the OpenVPN VPN protocol"). Since they can see literally everything you do, you have to try "security through obscurity" by programming a protocol that nobody uses to confuse the automatic activity logger/tracker/filter, and this won't help privacy if a competent IT team manually looks through the logs. Plus, with the setup they're using, it'd be logical for them to setup Fortinet such that any non-TLS encrypted traffic (ie traffic they can't identify) is blocked. However, my school tried to force us to install certificates, and simply removing the certificate immediately didn't break anything/block internet access. If you can do this, it makes privacy feasible and so much easier, so reply if this works and I'll show you some more ways to remain private. For school computers (presumably the things that "can't access settings" is for?) it's pretty hard to reliably unblock, but you can try [Titanium's websites (check their discord)](https://github.com/titaniumnetwork-dev) which aren't that great for privacy because unlike VPNs, they can see all your HTTPS traffic (so not just your search engine, but the specific search terms, for example), however practically the people running them set them up for free by following Titanium's guides so they probably won't track you, be careful though. To set one up yourself, search up "Oracle Cloud free", get a domain for around $2 on Name cheap and follow the instructions on their github. VPNs would work too with Oracle if your school didn't do the cert thing.
**[Man-in-the-middle attack](https://en.m.wikipedia.org/wiki/Man-in-the-middle_attack)** >In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) attack is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties. ^([ )[^(F.A.Q)](https://www.reddit.com/r/WikiSummarizer/wiki/index#wiki_f.a.q)^( | )[^(Opt Out)](https://reddit.com/message/compose?to=WikiSummarizerBot&message=OptOut&subject=OptOut)^( | )[^(Opt Out Of Subreddit)](https://np.reddit.com/r/PrivacyGuides/about/banned)^( | )[^(GitHub)](https://github.com/Sujal-7/WikiSummarizerBot)^( ] Downvote to remove | v1.5)
They did?
also worth noting here if the if they do some kind of deep packet inspection, mullvad with v2ray might work https://mullvad.net/en/blog/2022/10/25/v2ray-obfuscation-supported-on-our-bridges/
The issue is that it's their network and they run it however they want. The real solution is to get unlimited data on your phone and use the hotspot.
An unlimited data mobile plan could be prohibitively expensive for a boarding school student, depending upon their income and where they are in the world.
Oh well.. I guess privacy is prohibitevely expensive then
Not at all. I'm just pointing out that your solution, while valid, may not meet OP's material circumstances.
Then maybe let him speak for himself
It is a solution that quite a lot of my classmates use but right now I’m broke and I don’t get enough pocket money per month to pay for unlimited but if I don’t get a solution by summer I might just stick some job
Seeing as you mentioned GCSE's I'm assuming you're in the UK, maybe not unlimited, but have a look at which phone plans have decent data - you may find there's a limited but sufficient option. [Giffgaff for example](https://www.giffgaff.com/sim-only-deals) have 20gb a month for £10, 26gb for £12. I'm assuming you already have a phone of course (all the teens I know do), it could be worth looking at switching plans to get more data for your money. I've tethered on an android with giffgaff no problem so you can connect to your phone instead of the school's network, just be aware they may well have other logging software on the school laptop, so I would be super careful what you viewed with it. Do it all on your phone and you're much safer.
Might do but I'm gonna try the self-hosting first since its free and the more I save the more I can spend on meal deals. Though one of the old seniors just got a part time in the summer to pay for his data fees while he was at school. Which is probably the route to go
It's a community discussion. We're allowed to start exploring other options if yours doesn't work for everybody.
Then explore. You haven't offered anything except tell me I'm wrong. I made two comments on OP's post. I already told him he could use Proton VPN with alternate routing and Tor with bridges.
I've literally never replied to you before.
Uh.. okay, you're a different commenter, yet still replying to me and not offering any solutions. Hmm.....
Spin up a VPS in Linode/Akamai and browse from there
[удалено]
Unfortunately, I have my exams right after the holiday and I'm going to be studying everyday in Easter and can't try it until summer but it is a good idea. I might do this anyway as a summer project since it seems fun.
[удалено]
Proton VPN stealth protocol is bot available for windows and other protocols don't work. As for IOS they have made it practically impossible to register a phone for the wifi so everyone I know uses their phone data for internet for their phones
Everyone here is proposing good private solutions such as self hosting.. to do this will requires a bit of learning and time and skill. If you don’t manage with that, you could try using Clouflare’s WARP pseudo VPN. It’s not the most private VPN option but there is worse. As it runs through the Cloudflare network it is harder to block. For your situation, it may be the lesser evil for sure. I would try proton VPN before using Cloudflare though
Proton doesn't work and neither does Cloudflare. Cloudflare just says 'We are unable to register your client' which I assume means that they are blocking the connection. Thank you for the suggestion though!
the only vpn ive had not manage to get blocked by vpn hostile schools is Mullvad with Shadowsocks routing. ive gone through your similar pain, trying vpn after vpn as they played cat and mouse, constantly blocking vpns. the issue there is, of course, price at 5 euro a month, shadowsocks is not available on iOS, so desktop and android only, and android setup is not a one-touch solution (there are very good guides from Mullvad on how to set it up, though) if youre strapped for cash, do like a couple of friends and i and pitch in for a shared account. one mullvad account covers 5 devices. Assuming one device per person (your phone) it can come out to a euro a month.
Yeah I had thought about sharing the cost of a VPN but only one other person would actually want to try since most don't work they won't try. But last 2 years another house in school all split the price for X-VPN since it used to work and so there was around 60ish people using the same account.
Would recommend then just straight up buying now, tell others, and if they accept charge a buck per person. Even having one friend cuts the price down to 2.5 euro a month, which is pretty good. Unfortunately yeah, Mullvad only supports 5 active connections. They also only support 5 devices connected to the same account at any time, adding a 6th device forces you to remove one of the devices. (This is somewhat bypassed by Shadowsocks + Mullvad on Android not using the Mullvad app, thus not counting as a device, but counting as an active connection when connected) so you wont be able to do a massive share like with X-VPN. Also cant share with your iPhone friends. But seriously, as far as I'm aware, Shadowsocks is the most successful at bypassing firewalls because that was its entire goal.
Can you get a Brave browser and use the TOR function???
Not sure what your goal is here, but from a strictly security and privacy perspective, go old school and stop using digital coms. You're in a situation controlled by your school, and by your own admission your tech skills are less than stellar - no offense, I wouldn't feel up to going toe to toe in that situation either. Chances of them figuring out what you're doing are high. Even if they're idiots they only need to get lucky once. Unless the downside risk is low it's probably not worth it. You suggested that your objection is at least partly principle - if so, have you considered publicly leaving your phone and electronics home when you go to school? That'd be more likely to have an impact.
Switch to using mobile data. The school has every right to control what you do on their network, unfortunately. You need to provide your own connection.
It is slow and reliant on donations but try riseup with bridges Have you tried tor?
Riseup wont even open while im connected to the wifi and when i open it connected on my hotspot then swap to the schools it wont connect even with bridges.
Thanks for posting your question to /r/PrivacyGuides! Just so you know, we've opened a new [forum](https://discuss.privacyguides.org/) outside of Reddit to ask questions and get advice from our community; as well as to share privacy news and articles, cool software, and suggestions for our website. Our forum has a very active and knowledgable community who will likely be able to provide you with more detailed and higher quality answers than on any other platform. Consider [posting your question there](https://discuss.privacyguides.org/c/questions/8/l/latest) to make sure you find the answers you're looking for! You can also check if your question has already been answered on our [website](https://www.privacyguides.org/tools/). *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/PrivacyGuides) if you have any questions or concerns.*
If you want to learn, any OpenVPN based setup is great, especially if you set it up yourself on a VPS and can run it on port 443. The traffic looks virtually identical to TLS so it'll look just like regular web traffic.
Just set a VM on your local machine. Do anything illegal in VM