IT departments are party poopers. Nerds with control freak tendencies working for corporate misers wanting to ruin everyone’s fun and stop them talking to friends and slacking off in office hours. Its time someone redressed the balance in favour of the good guys. If you’re a bit technical like myself, you know very well how to get round all the annoying barriers they put in. I enforce blocking on this site and many other places for a few specific people who aren’t allowed access to my life.
To get round any of it, you need to have a basic understanding of how web censorship and control works. Either that or give one of the IT nerds a covert blowjob in the server room.
When you’re using a Windows-based computer in an office, the username and password you log into it with are generally controlled by a central server, and you are part of a network domain. The central computer stores all your settings, details and privileges, so you can log into any PC anywhere and get all the information you need. If you’re working at home, you often have to set up a VPN tunnel that lets you have secure access to the office network over the public internet.
In the office, your internet browsing is usually through Internet Explorer, and your mail through Outlook. The latter also is a system retrieving email stored centrally in an Exchange server, so the mail, calendar, task etc themselves are never on your PC. Whatever you do in Outlook is accessible to IT personnel and management in the server room. Moral? Don’t do anything in Outlook you wouldn’t spray on the office wall with paint. Internet Explorer is tied into Windows so intimately that everything you do in it is tied to your network username and password. 2nd moral? Don’t do anything in IE you wouldn’t pass round to everyone on A4 paper.
Any computer you use to access the internet gets an identifying number when it connects onto the Internet itself, called an IP address which is a set of numbers separated by dots (e.g. 192.168.0.1). Every computer has one - every website, every email server, even mobile phones. Whatever you do on the net involves a transaction where your computer identifies itself to another one by giving it its IP address. A web address (like www.example.com) is simply an easy to remember name that corresponds to the IP address of a computer somewhere on the network. Its also called a domain name, or a host name.
All web browsing software (like Internet Explorer, Firefox, Safari, Opera etc) has to describe and identify itself to any website it visits, and is known as a “user agent“, so anyone you communicate with can easily find out what software you’re using to look at sites on the web. For example, Internet Explorer’s user agent string looks like “Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)“. When you build websites you can test for what software someone is using and send them pages that are specifically designed to work perfectly on their computer.
Information sent over an office computer network and/or the public internet is known as network traffic, and it comes in many different flavours according to what software is sending and/or receiving it through any one of up to 100,000 specific ports. The flow of traffic is policed by specialist computer equipment like firewalls, switches and routers that have rules about what can go these ports where, and when. These machines have many weaknesses, and the 2 biggest issues for them is that they must always allow websites (through ports 80 and 443, although they will also allow more, like 25/110 for email), and they can’t look inside encrypted traffic to see what it is, and so usually allow it to go through without question. Many of these tricks are used legitimately by software developers to get their products to work inside restrictive computer networks.
So the sassy amongst us would have realised that the quickest way to get round the nerds’ little rules are to a) use non-standard software, b) run things through ports 80/443, and c) to encrypt the traffic. But we also have another trick up our sleeves if that doesn’t work, which we’ll look at later. But also as we’ll find out, doing this is a game of cat and mouse with the party-pooping nerds downstairs in the IT room.
Right, let the war begin.
How to use MSN Messenger (or other IM) if it’s banned
Use a web-based IM client on a website to send and receive messages, such as MSN Web Messenger, eBuddy, or the fantastic Meebo. MSN is recognised and blocked according to the ports it uses and the type of traffic it sends and receives. Because web-based messengers are just web pages running through port 80/443, there is no way for the network to understand what you are doing, although they will eventually block the web address of the messaging site, at which point you move to another one.
How to browse websites your IT department has blocked access to
For this, we use a very simple but powerful tool, called a proxy server. The IT department bans websites according to their host address (e.g. myspace.com) or their IP address, so when you try to visit them your request is intercepted and stopped. A proxy server is a computer that goes and fetches the website for you on your behalf. All your web browsing records end at the proxy server, so its impossible to see what you are looking at - all it looks like is that you are making requests to the same place, when you’re looking all over the net. Proxies also conceal your IP address from the destination website, so it can’t identify anything about you in any way, like your browser software, IP address or physical location. There are thousands of free and open proxies all over the net (google for “free public proxy”) that anyone can use. If you need to log into a website like Hotmail, MySpace or Facebook, you will need a CGI proxy that can handle it.
Avoiding web tracking by your IT department
First off, don’t use Internet Explorer. Use another browser that can run without being installed like Firefox, Opera or Mozilla. Most of these also allow you to change the user-agent identification so you can visit websites that try banning you according to the software you use to view them. The content of any web page you visit can be intercepted and stored, including your hotmail or gmail pages. So always use an email service that is done over a secure page like what you would find if you were typing in credit card details to buy something (look for the padlock). The transmission is encrypted and can’t be intercepted and recreated. Use a USB thumb and/or keyring drive to transfer files to and from the computer.
Hiding web browser software when the boss comes round
Lots of software programs have a “boss mode” where all colours and animation are stripped out to make them black and white. The king of cheeky web software is the amazing Ghostzilla. This genius software cloaks itself inside any software program on your screen at that moment, and disappears to become invisible in seconds when you need it to. So if you’re working in Excel, Ghostzilla lets you look at websites from within your spreadsheet. Very cool.
Checking your web-based email (Hotmail, Yahoo, Gmail etc) when its banned
The simplest way for IT departments to ban web email services is to check for the web address you type in (e.g. hotmail.co.uk) and kill it before you get to see the site on your PC. Thankfully, most of these services offer alternative ways to look inside your email that don’t involve going to their websites. The most common is POP3 mailbox access, which is the standard way for email to be delivered and stored. Once you’ve set up your Hotmail, Yahoo or Gmail to enable POP3, you can use a service like Mail2Web or NetVibes to look through your mail until your heart’s content.
Running programs when you don’t have admin rights on the PC
When you install a windows program through a setup file, it will make changes to sensitive parts of your computer like the registry, the “Program Files” directory and the “Application Data” folder. Windows PCs know what you are allowed to do and what you’re not, so as soon as they detect access to one of these sensitive areas, a warning message is triggered and the installation you are trying to do is blocked, complete with a message telling you that you need admin rights on either the whole network and/or the specific machine to carry on. The way around this is to use software than can operate in “standalone” mode that doesn’t need to be installed. Generally you copy and paste a new folder onto your desktop with all the files the program needs in it.
Getting hold of passwords others tap in on your computer
Now this one is very easy and an ethical grey area. Calling someone up and getting them to give you their password over the phone is known in hacking circles as “social engineering“. The other techie way is network traffic snooping, which is more complex. But the ultimately and simplest way is to use a keylogger, which records every keystroke made on a computer keyboard into a log file, recreates conversations like messaging and emails it to you on a schedule you set. These invisible programs are spyware and picked up easily by anti-virus programs, so they must be run as standalone software immediately before the target uses the computer, and turned off after they leave.
Downloading from P2P networks when they’re banned
P2P downloading through software like BitTorrent, Limewire, eMule and Soulseek, is almost universally banned across all office networks for very legitimate and reasonable grounds - they eat up the internet connection, are riddled with viruses and leave companies open to being prosecuted for copyright infringement. They are detected by IT departments and ISPs by the ports they use and what their traffic characteristics look like, and the ongoing battle is disguising those things from detection. First off, use a standalone program that doesn’t need to be installed. Secondly, go through the options and set it to send traffic through the web ports (80/443) and lastly, set the software to encrypt that traffic so it can’t be characterised. Transfer files to free online storage websites, FTP sites or use a USB drive.
Tor: The nuclear option if you’re up against oppressive governments
If you’re dealing with slightly Stalinist-leaning organisations that would throw you in prison for exercising your right to free speech, you need something with a little more umfph. Step forward the concept of “onion routing” and the Tor network. However, when you’re at this stage, you probably need the services of a professional arms dealer 
This website actively blocks access to a few specific people. A good real world example is of one person who uses one of 2 ways to try to look at it - on a PC/laptop through an NTL connection in a specific geographical area (e.g. guildford.ntl.com) and also through an MDA Vario phone. When a request comes through, the site looks at the IP address asking for the page to see where its coming from, and also what software is being used to look at it. If it matches either of those criteria, access is blocked. So if that person was clever enough, they’d use a public proxy to fetch the site (as the proxy address wouldn’t be flagged up) and/or change the user-agent string of the browser on their mobile phone to slip through the net. Thankfully, its going to be a long time til they figure that out.
The hardest situation to bypass is when the IT department have set up the network to process all external traffic through their own proxy server, as that gives them complete control over everything. When that happens, its time to get out the weaponry because you need to mean business…