Of course, that means you can’t use the school’s Wi-Fi since now every site with https won’t let you pass.
Just install the cert on one device (either school issued or Firefox on a BYOD device since it keeps its own cert store that doesn’t affect the rest of the system) and use that for browsing on school Wi-Fi if your paranoid. In my experience, school IT has other things to do than to watch what your browsing without cause.
(Yes, this practice sucks. But it’s the only way for them to implement the legally mandated filtering in a way they can guarantee it is working.)
I'm curious what loophole will remain if/when ESNI/ECH + DNS-over-https starts becoming widespread. I guess they will have to install client-side snooping software.
Just install the cert on one device (either school issued or Firefox on a BYOD device since it keeps its own cert store that doesn’t affect the rest of the system) and use that for browsing on school Wi-Fi if your paranoid. In my experience, school IT has other things to do than to watch what your browsing without cause.
(Yes, this practice sucks. But it’s the only way for them to implement the legally mandated filtering in a way they can guarantee it is working.)