I work on a corporate laptop that has an infamous root CA certicate installed, which allows the company to intercept all my browser traffic and perform a MITM attack.

Ideally, I’d like to use the company laptop to read my own mail, access my NAS in my time off.

I fear that even if I configure containers on that laptop to run alpine + wireguard client + firefox, the traffic would still be decrypted. If so, could you explain how the wireguard handshake could be tampered with?

What about Tor in a container? Would that work or is that pointless as well?

Huge kudos if you also take the time to explain your answer.

  • SnotBubble@lemmy.mlOP
    0·
    8 months ago

    Yeah, I’ll use my own device, log on to the guest network and start Wireguard on my laptop. Seems a fair choice both for the company and myself.

    • unlawfulbooger@lemmy.blahaj.zone
      0·
      8 months ago

      That seems more sensible.

      But they still can track some of the things you do (same with any untrusted wifi network):

      • all data of http traffic (i.e. non-https)
      • ip addresses you connect to
      • hostnames you connect to (if SNI is not working correctly)