I work on a corporate laptop that has an infamous root CA certicate installed, which allows the company to intercept all my browser traffic and perform a MITM attack.
Ideally, I’d like to use the company laptop to read my own mail, access my NAS in my time off.
I fear that even if I configure containers on that laptop to run alpine + wireguard client + firefox, the traffic would still be decrypted. If so, could you explain how the wireguard handshake could be tampered with?
What about Tor in a container? Would that work or is that pointless as well?
Huge kudos if you also take the time to explain your answer.
EDIT: A lot of you suggested I use a personal device for checking mails. I will do that. Thanks for your answers!
If you’re on linux, run your browser in a container. Mount the X socket to have it like a normal window.
The issue with the Root CA is that TLS sessions could be MITMed, because your system trust the CA. By running in a container, you remove this certificate (without touching your company settings).