Ask Slashdot: Dealing With University Firewalls? 582
An anonymous reader writes "My university only provides access to the web, via a restrictive content filter and proxy service. There is no access to the wider internet. I was wondering if this is common, and if anyone has any suggestions on how to go about protesting the issue. I've spoken to the lecturers and they have the same frustrations I do. I've also spoken to the head of the IT department who spouted lines about 'protecting the network.' This is very frustrating, I've seen a number of students making use of 3G/4G dongles to get access to the net and this just seems crazy. The restrictions applied to the web are draconian, with sites such as hackaday, hypberbole and a half, somethingawful, etc being blocked." What would you do to get better access?
It's their bandwidth ... (Score:2, Insightful)
Get over it.
ssh is permitted? (Score:5, Insightful)
In that case buy a ssh shell minimal hosting account for 2-3$/month.
Create a tunnel.
And browse.
If paid public VPN services are allowed, you can also subscribe to such services. Of course, your browsing will be slower.
Grow Up (Score:0, Insightful)
The University probably has policies about Internet Access that the IT Manager is obliged to enforce. Go about it the correct way and see if you can get the policies changed instead of acting like its your right to have access to everything you want, just because YOU want it
get over it (Score:1, Insightful)
Re:It's their bandwidth ... (Score:5, Insightful)
Not an issue here (Score:2, Insightful)
My university doesn't restrict internet access - they, however, ask you to not do anything illegal and log your activities. They give me 1GBit internet connection by cable or 450 MBit/s over WLAN (which I don't know how it is possible) so I can download stuff as quick as my slow laptop harddisk can save it.
However, if they'd restrict access, I'd probably use TOR or some proxies to get full access or I'd set up a VPN connection to my server and access the internet in that way.
Practicality (Score:2, Insightful)
If they're dumb enough to lock down internet access to the point that it becomes unusable for work purposes whilst still allowing their network to be trivially bridged by 3G dongles then you're already fighting a losing battle. Chances are that the people writing the policy don't have the slighest clue what they're doing but have read some stuff about how the internet is bad and so should be blocked; be glad they don't do things like blocking all Javascript from running, which I've seen in some companies, thus breaking just about every site they don't already block (though arguably that's as much the fault of the websites in question as the security policy).
Depending on their application security policies, if you've got a PC somewhere (friends, home, hosted box) with access to the internet proper, run an SSHd listening on a port you can get outbound on from the university network (if there even are any) and proxy all your traffic through that with a copy of Putty and something like Portable Firefox run off a USB key.
Otherwise, you could try organising students and lecturers against the stupid IT policy, but I wouldn't hold out too much hope of getting anywhere.
Get over it (Score:0, Insightful)
Bloody hell, get a life. As other people have said, but missed the point, the University's IT Dept. is there to provide a service. That service does not include catering to your stupid browsing whims. From the sounds of it, they're using a category based filter on web content. So Something Awful will probably be classed as "Adult". Your complaint in a nutshell is that you can't access your stupid cartoons. Man up and do some work. You want to private browse, get a private connection. If the Uni was actively preventing you from studying, you might have a point. Unfortunately the slash-bots on here seem to agree with you so I'm sure you'll at least get some feel-good factor from the hive mind.
Re:get over it (Score:3, Insightful)
You imagine he's going to school for free, do you? I work in university IT and understand the pros and cons and plusses and minuses, and while we don't do this, we do some of our own foolish things. However, I don't think for a second that the students aren't already paying for this connection.
Get into the net as a volunteer (Score:5, Insightful)
In all Universities there is an "Inner Circle" formed by network admins, who are impervious to proxy filtering.
The incantation to enter that select group is:
"Hey, I'd like to help with the university network maintenance. Can I do it as a practice? I'll do it for free."
This psalm recited to the right university demon will get you access to the University's network system. With luck, in 1 or 2 months you will have the relevant network keys/info. Probably you will have the rights to whitelist the pages you want.
Then move out of there.
Re:It's their bandwidth ... (Score:5, Insightful)
Unless the author has a full ride scholarship including room and board... I'd say there is at least a partially legitimate claim to some rights here.
Anyway, yeah, campus networks can be like that. It's bull. It's also, in my experience, rarely something the IT people are terribly fond of; most of them are at least passingly familiar with how the internet works, and ultimately it requires far more work to maintain a ridiculously locked-down network than one with minimal restrictions. Usually, that comes from higher up in the organization, from some old administrator or trustee or something... IT takes order in academia just like they do in business.
The best bet for getting a change on this is actually o complain to higher administration, and perhaps as well to school and/or local publications. Putting things in writing usually works well. Bring up issues of censorship and academic freedom, and be sure to mention how this new-fangled internet thing is a really important part of the future. Keep in mind that the details of what is or is not filtered is, largely, irrelevant... it's easy to lose a non-techie audience by getting into the weeds. The point here is to engage them on the emotional level: these decisions are not made because there are clear-cut rational arguments for them, they are made because somebody doesn't like ______ which they believe to be on the internet. Again, getting too logical or specific will just make eyes glaze over, so keep it rhetorical and abstract.
Re:get over it (Score:3, Insightful)
I am also in university IT. The students are NOT paying for a free unlimited Internet connection. They are paying for their degree, and can expect Internet access relevant to their degree, nothing more. Since a large amount of University funding comes from tax payers, why should they/we foot the bill for students to waste terabytes of data on Youtube and torrents?
Didn't you know this going in? (Score:5, Insightful)
As a /. reader, I can only assume you're rather technical. Isn't this something you discovered before going there?
Frankly, I wouldn't go to a school that did this. And I didn't. Thankfully, my first choice doesn't do anything like this. Traffic is unmonitored, but for legal reasons you have to register your MAC address to your university credentials to get out of the VLAN. This happens automatically with authentication to the wireless network, or manually through a captive portal for Ethernet.
As required by law of all ISPs, they will use this to forward DMCA notices, which happens pretty frequently. I can't exactly fault them for that. They'll also notice if you're really hammering the network with worm traffic or something, in which case they'll kick you off until you get the system cleaned up, which I can't fault them for either.
But other than that, they're pretty much out-of-the-way. They definitely view themselves as more of an ISP than anything academically-relevant, which is good. The university structure also places them at the same level as the individual schools (liberal arts, engineering, business, etc), and each school has its own school-specific IT that runs their own email and webhosting and so on, all of which helps keep them pretty much service-oriented. They pretty much provide internet access and server space to any university department that wants it (and pays for it, in one of those interdepartmental money-shuffling schemes), and otherwise back off from content management. Individual schools are free to filter whatever they want, but only in the school-managed network. In practice, none do. Even if they did, the dorms are separated out from that.
Not to mention the university is almost as liberal as they come in terms of information freedom.
But in any case, the university is your home for the time you're there. I wouldn't live somewhere that did this, and I wouldn't go to a school that did this. Not even because of the inconvenience - think about what that suggests about how they view academic and intellectual freedom.
Re:Just use 3G (Score:5, Insightful)
Unfortunately, 90% of the headache of running a network is the userbase. Even in a small secondary school it can be difficult to keep people from abusing the connection (hell, I know I abused my uni's connection when I was there, not to mention their storage, FTP, CPU time, etc.) without policies like this.
They are providing you the service for things related to your work. Those sites you mention are not related to your work. Even if they were, the abuse of people using for things NOT related to their work is a burden that the IT department will be able to statistically measure. Otherwise they wouldn't bother with the hassle from students, staff, and technical problems associated with limiting your access.
It's not a question of "experts vs students", it's a question of different priorities. Even if you escalated it to the Dean themselves with the aid of staff, you would all end up sitting in a room with the IT guys who would explain exactly how much traffic that system cuts out, how many lost hours, how fewer abuse complaints they receive, how many more PC's they'd need to cope with the extra demand because of people hogging the computers for personal use, etc. and all for something that - if a site is genuinely vital to your work - they would gladly adjust to make sure it didn't interfere with your studies.
And then either you or the Dean would end up basically agreeing that what's in place isn't actually that draconian after all, and standard practice for most places for SEVERAL, very good, measurable, verifiable reasons. And every year you'd have the students/staff make the same argument and every year since the 90's it's been less of an issue because - as you point out - if you want unfiltered Internet for personal use, you can get it for next to nothing. And hell, in any university town I've ever been in, every cafe has free Internet to draw students in.
You have paid the uni, indirectly, to support your studies. If they are not supporting your studies, you can complain. But you can't complain that they aren't other personal Internet services to all X thousand students on their campus without paying the difference it would cost.
In my experience, working in schools rather than universities, I wouldn't be surprised if traffic (and therefore costs) quadrupled the second they relax their policy, even if they DON'T announce that they've done so. And those sorts of places usually run HUGE dedicated lines that are the backbone of the Internet - X thousand students accessing junk sites is NOT more important than the chemistry lab pushing a few Gigabytes around the world to their research partner. I assure you.
You have a workaround in the form of your own Internet connection, use it. If you want the uni to provide it, they will charge you MORE for the same thing because they are NOT an end-user ISP.
I Would Also Like To Know Who It Is (Score:5, Insightful)
I agree that it is likely and administrator, rather than the IT department, who is responsible, but don't count on it. That's just worthless guesswork. You can find out.
Whoever is responsible, don't listen to all these wimps who just tell you to cave and pay for ANOTHER internet source when you're already paying for this one. Get hold of EFF, EPIC, the ACLU, and anybody else you can, and tell them your academic freedom is being repressed. Because it is true. But get some help. There are organizations out there who can not only help you find who is responsible, but put pressure on them to change the status quo.
Don't cave and just buy an expensive cell phone data connection (especially with prices going up). Fight the BS. Because that's what it is: BS.
Re:get over it (Score:5, Insightful)
Because youtube and torrents are part of using the internet.
What part of education do you not understand?
Re:get over it (Score:5, Insightful)
"draconian" restrictions are there because someone in IT/management is lazy or has twisted viewes about what moral powers they should have over students. In other words because they are bastards.
Speaking from the other perspective.. (Score:5, Insightful)
As a member of an IT systems admin team for a faculty we've often got specific mandates which services we must restrict, and to what end. What you may also be up against, other than 'unprivileged' access - is politics. Students do Naughty Stuff (tm) - that's just a fact that keeps on proving itself true time and time again. Even if you can speak for you, your friends, or your entire course - I can bet dollars to donuts that there's someone out there trying to do something shifty. Case in point: I was seriously asked to relax the restrictions on banning Steam so a student could "download 10 or 15 gig so i didn't have to do it over dial-up". On-campus living - sure, i can see where restrictions like that may diminish any sort of sanity saving software platform ( Valve fan \o/ ), but I'm not going to open up a faculty network just so you can play games. It's an education facility, not your personal high speed connection to the 'net. If you were a postgraduate student researching something that required access - then by all means get your supervisor to approve your request and I'll be more than happy to make it happen.
That being said - outline a clear case of why you need certain things re-classified and you may have a better case to work with. I am not suggesting that this tactic will work - as there's probably more to the story ( see - plug and play filter lists/software/appliances which remove the need to dedicate an entire FTE to putting classifications on traffic going out ) than you really know, but it will certainly stop you from seeming like a whinging student and more like an intellectual who is using sound reasoning. Hell - if you are able to find clear, repeated examples of wrongful clasification of websites, you may be able to enact a reconsideration of what's being used to deny you access or relax the level in which things are blocked.
Of course, they might not care. Who knows?
Re:get over it (Score:5, Insightful)
Because, funnily enough, important education content like Stanford's machine learning lectures are available exactly via Youtube and torrents: http://see.stanford.edu/see/lecturelist.aspx?coll=348ca38a-3a6d-4052-937d-cb017338d7b1 [stanford.edu]
Re:get over it (Score:4, Insightful)
Would you advocate or approve of similar restrictions on the university library?
What's the difference?
Re:It's their bandwidth ... (Score:5, Insightful)
If I pay to live in your house...
and you have me locked in to that arrangement for four (or more) years...
and you agree to provide internet access, and you forbid me from having Verizon drop a DSL line right to my bedroom...
in favor of charging some insane "Internet access" line item to my bill for 4x as much...
Then yes, I damned well expect you to provide me with real internet access, and you can fully expect me to actively work around whatever attempts you may make to enforce your morality on my net feed.
This doesn't involve either the FP's parents or his employer - He pays a boatload of money every year for housing AND internet access, and his uni has decided they can selectively skip out on the second half of that deal simply because they have a captive audience. If they tried to pull this crap on any userbase that actually had the money to fight it, you can bet this would end up in the courts.
From an IT Admin (Score:3, Insightful)
Re:It's their bandwidth ... (Score:1, Insightful)
The way I see it, your mommy and daddy can pay for cell service if it's that important. Otherwise, the IT dept. at the university is providing a service as a means for students to get an education. If you don't need anything beyond web access to get that education, they are keeping costs down for the university. They don't need to be paying for your Frostwire downloads.
Re:get over it (Score:5, Insightful)
Re:It's their bandwidth ... (Score:2, Insightful)
Locked in? The only lock in I know of is that most/nearly all universities require you are enrolled for the two years prior to getting your BA/BS
You don't have to live on campus, it's an option, not a requirement.
As much as what, the $40/month DSL bill you are lusting after?
How long before you decide to rail against the cafeteria for not offering you the foods you want, prepared how you want, and for a subsidized price too?
Re:get over it (Score:2, Insightful)
Probably the part where you attribute education as equivalent to allowing you to watch youtube and obtain torrents, rather than equating it with learning how to think and solve problems.
For this week's homework assignment, you need to deliver a 5,000 word essay on the effects of social media on the Arab Spring.
And I'm sorry, but some fucking moron in the IT department has youtube, twitter, and facebook blocked because he doesn't consider them "educationally relevant" or worthy of study in a College environment, so despite having paid the required Internet & Computer Lab access fees you'll have to go off campus to do your research.
Re:It's their bandwidth ... (Score:4, Insightful)
Which completely ignores the reality of college as the entirety of students' lives for four years. When you live on campus, the "university life" equals your life. You eat cafeteria food (and thank Zeus for the rare occasions when you get to experience "real" food), you attend uni sporting events (even if you don't like sports - Just something to do), you listen to local garage bands, and, you absolutely depend on what utilities and services the university provides for your living arrangements. Including internet access.
they are keeping costs down for the university.
BS. Telling someone they can't look at porn at 10pm on a Saturday evening amounts to nothing but blatant moralizing; telling someone they can't visit music download sites treats everyone as an a priori criminal.
Or, more functionally, if internet access costs the university so much to provide, why don't they allow students to arrange for their own DSL or cable (and lets not insult each other by trying to pass off $100/mo 2GB/mo 3g as "broadband", a point the FP directly brought up)? Oh, right - Because unis make a fortune charging students an arm and a leg for subpar basic services. Back in my day, basic phone service counted as the big "gotcha" - Cell phones have largely killed that revenue stream, but back when you could get $14.99/mo local-only land lines, the universities charged around $60/mo.
as a means for students to get an education.
Can we all drop the "only there for an education" attitude? No one - And I feel comfortable phrasing that as an unqualified absolute - dedicates themselves to their studies 24/7. Aside from missing out on half (arguably, the more important half) of the "university life", ie the social part, few people need to dedicate that much time to their studies (and those that do won't last long before burning - or flunking - out).
Re:It's their bandwidth ... (Score:5, Insightful)
Besides, why should the tutors care? - If people waste the lessons updating Facebook instead of getting smart, they'll simply fail and thus have wasted their tuition. I hope Facebook was worth it, but the tutors shouldn't care less if the students are that stupid.
Because most teachers go into teaching to get students to learn? Because a lot of institutions tie student performance into their evaluations? Because students that aren't paying attention are more likely to distract their neighbors? etc etc...
Re:It's their bandwidth ... (Score:2, Insightful)
Two reasons actually,
1) Freshman are 18 yo and the university feels to some extent that the younger students are better off in a more controlled environment. Not saying I agree but the uni feels they are and a lot of parents probably agree.
2) The university has a lot of expensive real estate in those dorm rooms and needs to make sure that they are full and paying for themselves.
You can decide for yourself which is more important to the university and the accountants.
Re:Well... (Score:4, Insightful)
Or, possibly, treat the students like students. You know, intelligent inquisitive drunks that want to explore new things, test boundaries, flirt with the law and read somethingawful.com
I really struggle to see why any university student network should be censored. Sure, firewall and lock down the staff network, where student data is held. Provide strong security on shared servers. But locking down all 'net access to filtered HTTP? That's a surefire way to damage innovation and discourage learning.
I went to a university that had no firewalls - you could telnet to the main servers from external servers, and we used that capability to build and maintain internet services. Many people at my uni went on to build companies in the dotcom boom, take on programming jobs, otherwise put their acquired skills and knowledge to use. I would heavily discourage anybody from attending a university that didn't want the same for its students.