>any sort of filtering

This is a rather absurd position if you consider it. To take the absolute simplest example, you really think a school should not be allowed to filter traffic from students specifically launching purposeful attacks on school network infrastructure?

Maybe I should have been more specific. In my mind there is a difference between stopping outgoing ddos attack and blocking/censoring websites.

Now define "outgoing attack". You're trying to keep it defined to "ddos" only but surely you would agree that the school filtering a student actively attempting to hijack school infrastructure to send active shooter threats to the student population should also be filtered yes?

Keep going a few steps and you'll realize that's exactly the problem, there's no level of specificity you can define here that works without some level of subjectivity. Try and see. Good luck.

Suggested reading: https://twitter.com/yishan/status/1586955288061452289

Attacks are a bit different than someone trying to access information, though. Much like it is illegal to punch someone in the face, unless they try to punch you first.

Universities also employ academics (some of whom are outspoken toward CCP).

Possibly Universities are doing this for more than one reason?

For example to protect their staff given the recent articles about tiktok tracking of journalists

Really? Many universities do DNS filtering so I'm not sure where that idea comes from