Skip to content


Tips to freedom on a restricted computer environment

For security reasons and for easier maintenance, network administrators usually lock your computer quite a lot. But what makes the job easier for them (ppl can’t get viruses easily nor mess up with the settings and break the configuration) makes it harder for you: you can’t install this software you need, you’re stuck on MSIE 6 while you’d like to use Opera 10.x or Firefox 3.6pre, sometimes you can’t even visit some sites, and anyway your whole traffic is being logged. Here are some tips and solutions that may work to make your life easier:

Want to install a specific piece of software?

Think portable. More and more software is available in a portable version. Notably, PortableApps.com has an ever growing collection of them (and they’re most if not all free as in free speech). With some portable software and in some environments, you’ll want to rename setup files to some other name not containing the word “setup” (yes, there are some administrators who think they can prevent you from installing stuff by blocking executables named “setup” or “install”). Some software isn’t distributed in a portable version but can still be made portable: for instance R can’t be found as a portable package, but if you install it at home and copy/paste the folder where you installed it, you’ll have a perfectly working R for your USB stick… or for work.

Need this cool Visio/[insert any commercial software there], but it costs money and needs a long request that may never succeed anyway?

Think Open Source Alternatives. For instance Osalt.com is a directory of commercial and open source software, which for every piece of commercial software lists the commercial counterparts. For instance you’ll find that Microsoft Visio can be replaced by Dia, StarUML or even… OpenOffice Draw. And the great thing is, most of these exist as portable apps (see previous chapter).

Want to keep your privacy when browsing around the internet?

This part is a bit more complicated. First you need a proxy with an encrypted connection. For this you can set up OpenSSH at home on Windows or on Linux, or for a faster connection on a dedicated server. Anyway we won’t detail this part (for instance on Ubuntu server you should have everything already properly set up right after installation) and we’ll assume you managed to get this proxy with SSH support. Now we’ll see how to connect to it, from Windows:

  1. Get PuTTY
  2. Launch it using a command like putty -D 9990 -P 22 150.127.5.5 where 150.127.5.5 is the IP of your proxy (it can also be a domain name resolving to this IP) and 22 is the port on which OpenSSH is listening on your proxy. You should create a batch file with this command to make it faster for the next times.
  3. Now configure your browser (e.g. Firefox portable edition) to connect through socks proxy 127.0.0.1:9990
  4. If using Firefox, in about:config configure network.proxy.socks_remote_dns to true (the default, false, means that any domain name you query will be sent unencrypted over your company’s network…)
  5. Everything should be set up and working now, but you may want to check your IP to be sure you’re going through your proxy.

We’ll see in a later post how to configure PuTTY in the case where your company forces you to go through an HTTP proxy. For the moment, that will be all, folks.

… but, remember

You’ll still be vulnerable to key or screen loggers, and also your network admin will be able to see that you’re surfing through SSH, even though he won’t see what’s inside it. So stay reasonable!

Update on 2024-07-28

The unbelievable has happened. In the latest Firefox patch notes, for version “128” (ah, this post also reminds me of the good old times before they adopted their moronic version numbering… thanks again Google retards for bringing that to the world with your poisonous Chrome), I found this:

Firefox now proxies DNS by default when using SOCKS v5, avoiding leaking DNS queries to the network when using SOCKS v5 proxies.

Good job Firefox, it only took you 15 YEARS to change the default value to something that makes sense!

Posted in privacy, web filtering.

Tagged with .


0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.

Sorry about the CAPTCHA that requires JS. If you really don't want to enable JS and still want to comment, you can send me your comment via e-mail and I'll post it for you.

Please solve the CAPTCHA below in order to fight spamWordPress CAPTCHA