Hacker News new | past | comments | ask | show | jobs | submit login

If you're using their metal then it is already game over. They could be watching you right now utilising a dozen different remote admin/monitoring tools. So if you really want personal privacy then use personal equipment.

They may have non-HTTPS sniffing reasons for installing an internal CA, and it is highly recommended in an AD-connected environment. So while they may start hijacking traffic, you might be jumping the gun.

I will say that to avoid hijacking you need a clean DNS server. If you have local admin you could try and see if you can just change to 8.8.8.8/8.8.4.4, but if they're competent they're likely blocking DNS going through the firewall for exactly that reason.

I'd recommend you just bring in a personal laptop, buy one of those tiny battery operated mobile WiFi hotspots "MiFi" (cellular to WiFi bridge), then just access the internet for personal usage entirely off of their equipment and network, it will cost less than $20/month with a pre-existing cellular plan.

e.g. T-mobile Z915 + $10/month




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: