Websense avoidance

This whole crap with NZ and Australia has made me even more aware of the kinda shit big tech, ISPs, and government can do to try to silence you and track you.
I know a lot of anti-SJW types that still use Chrome even though it tries REALLY hard to integrate with your Google account and store everything about your browsing habits in their cloud. I'm actually kinda surprised how a lot of the big names/e-celeb types are actually very bad at tech.
For me I know that if you wanted to go full-blown Alex Jones you'd be behind a VPN and Tor and be running NoScript and AdBlocking extensions to mitigate how you can be tracked, but I'm looking for a reasonable amount of protection without having to pay for shit or making things not work.
So what do you all do?
For one, my "daily driver" browser is Pale Moon, a spinoff of Firefox 20-something, because the dev, even though he's a bit of an asshat, is very concerned with security and eliminates as many "tracking"/telemetry stuff that gets attached to each subsequent build of the Firefox main branch. Lots of extensions don't work and/or have to be reprogrammed to work with Pale Moon but I'm willing to deal with the headaches.
I WANT to use Chrome because things "just work" with it but I don't think Google really has our best interests in mind with the browser, and the fact that a lot of the UI changes it's made and its accelerated update schedule was what was responsible for making Mozilla adopt it kinda makes me salty. Call me tin foil hatty but I really want to know what kind of phoning home it does.
I obviously run uBlock Origin and have the anti-tracking lists turned on. I also run this extension that whitelists cookies called "Cookie Whitelist". It breaks some websites but it lets me control which websites stores cookies and which only keeps it for the session.
When websites let me login I avoid using the "Use Google/Facebook" to login option, and I opt out of most tracking cookies from that WebSense ad thing. I try to use duckduckgo to search but if I have to use Google, I use a Greasemonkey extension that modifies the link so when I click on it there's no tracking URL (it's a clean link that has no referrals in it).
With Facebook I removed almost all of my interests and left a lot of Facebook 'fan' groups. My name is still there with just very basic info.
I store almost everything locally on my phone because I don't trust the cloud and make my own backups. The only cloud function I use at all are cloud saves for games, which IMO is actually the only "good" thing I can think of regarding the cloud as an individual.
At this point it really feels like I'm fighting an uphill battle against big tech since EVERY piece of software you want to use wants to know your location and all that crap.

Found this excellent comment in this Peerlyst article.
This provides a broad outline for what is probably the primary career path for many people getting into security, as discussed in my previous post The two main tracks for "getting into cybersecurity".

Basically do this - 5 years in a complex IT environment as a sys admin, DBA, network engineer. Excel and outgrow the role. Be flexible and eager to learn new technologies. Develop an attack mindset (there are different ways to do this). Get into security as an analyst but avoid the usual specialisations because these are too thin. Aim for a thicker specialisation - a decent approach is to take your IT experience into security and consider "fat" spaces - these are large complex areas such as operating systems, networking, databases, appsec, and penetration testing. Take two or more of these as your specialisations. And most important - don't develop the nasty habit of dismissing folk who call themselves 'generalist' - keep an open mind.
The following are not specialisations - Websense, Splunk, Alienvault, IDS, SIEM, TVM, IDAM, forgerock. Ok they are specialisations but so is making toast.

This is more of the hands-on security engineering path, as opposed to the compliance and auditing path. Remember though there are no hard boundaries in this field so an English major could turn out to be the best engineer you ever meet while someone who spent a decade in the sys admin trenches could be tired of it and move to compliance.

We're a Canadian SME that's in the market for a new firewall. Currently we're operating behind a Sonicwall NSA4500 appliance that does a relatively good job, but bogs down once we start enabling the Gateway Security services (in particular IPS/Web Filtering/DPI-SSL). To avoid the Sonicwall bogging down, we've invested (previously) in a Websense Triton for Web Filtering, which does an OK job but has caused complexity with the SSL inspection and thus we've temporarily abandoned this goal.
Our rated ISP link is a 500/500 line, and realistically we'd like to keep as close to that as possible once enabling the IPS/Anti-Malware and other features (where possible). Budget wise, all three are in the We've been dealing with our VAR who has suggested the following for us... 1. PAN-3020 2. Cisco ASA 5525-X w/ Firepower Services
Reading through the majority of posts that I can find through the search bar has listed that the PAN device can pretty much handle the rated throughput w/ all services enabled; but in other cases I've read that this is more of the case until DPI-SSL is enabled, and then it takes a hit. On the other hand, everyone (including Cisco) has told me that the 5525 pretty much takes a hit right away once you start enabling IPS and AMP. If DPI-SSL is enabled you're pretty much down to 20-30% of the rated throughput; so it's better to start doing SSL offloading to a F5 or something else (which is not in budget).
Has anyone had any (good) experiences with the 5525-X w/ FirePower when enabling the IPS/AMP - how bad does it kill your throughput? Is the PAN sales 'kool-ade' of it not receiving performance hits when IPS/AntiMalware/WebFiltering/SSL too good to be true?
Hoping for any (and all) insight, good or bad on each.

I'm looking into purchasing a new web filter for the office (500-1000 users), and I'm looking for suggestions. Ideally, I'd like something that integrates with AD, can do some bandwidth throttling of questionable content, and can do granular blocking (such as not allowing facebook games, but allowing facebook logins; allowing reddit.com, but not /gonewild, etc).
When I google it, I come up with a ton of names: Barracuda, BlueCoat, Untangle, Smoothwall, websense, webtitan... Do any of you use any of these, and what are your experiences? Are there any vendors to avoid, or who are grossly overpriced?

Reddit, I,m at school, and the school blocked half the sites we need to do research, such as certain wikipedia pages. I use Chrome, but the school somehow blocked Incognito windows! Help me!

I'm at school and I can't open any imgur links. Nor any other links to games etc. Any help?

Over the past few weeks, our traffic has reached the point that when we make a change to our static files (such as the site's CSS or Javascript), our static file server had trouble keeping up with the demand for the new versions. To solve this problem once and for all, we decided to move our static file hosting to Amazon S3. In the process, we made some additional changes to the static files to help improve page load times:

• Cache expirations are set much higher now, so your browser will need to re-fetch unchanged static files much less frequently.
• Static files are now served from redditstatic.com. By not being part of reddit.com, your browser will not send your cookies along with the requests for static files. This means that the static files will load faster, especially on slow or high latency connections, as less time will be spent telling the server what you need.
• A bunch of images that weren't added to the CSS sprite sheet are now part of it, including the default reddit.com header image. This means fewer images need to be loaded when you visit the site.
• The sprite sheet itself was reorganized to waste less space which resulted in a ~10% decrease in file size.
• Static files are now properly prepared for HTTPS, bringing us one step closer to site-wide SSL support.

EDIT We've temporarily pointed the static files directly at S3 to avoid Websense issues while we talk to them about fixing the lists. It appears that our new domain was caught in a phishing filter or something similar.
EDIT2 Websense has recategorized redditstatic.com. When their updates get deployed we'll switch back to redditstatic.com.
See the code for these changes on GitHub