Work can check on you

Most contracts these days will usually have something in that employers can monitor your emails etc. Webmail would include hotmail, gmail etc… Not that I have anything to worry about but this does seriously suck!

You have been warned

http://www.bbc.co.uk/news/technology-35301148

I know that in every employment contract I’ve ever had, they have said that if you use the companies property to-do something personal it’ll be monitored (same for actual work.) Now if you’ve used your own property to do something within work hours, that’s something a bit different, and what I understand from that article, he was using the companies computers for this…so i’m not surprised in a way.

its never really bothered me

the company im with at the moment monitor my web usage & im on here lol

my boss is a keen biker

Companies have been monitoring traffic going over their network for decades. Nothing new there. The fact that the a European court has upheld a verdict in the company’s favour doesn’t mean much. Most people either don’t even realise their traffic is being monitored, or don’t care.

Sites that use HTTPS to encrypt the data in transit such as hotmail, outlook.com, gmail, yahoo, facebook, londonbikers (there’s a growing trend towards encryption) would ordinarily give you privacy over the content of the traffic, i.e. what you post or view (but not the url’s, they’re sent for all to see) but there’s no guarantees when you’re using a computer that someone else controls over a connection someone else controls.

The best way to protect yourself is to use your own device on your own connection (3G, etc). Then only the government are listening, and they probably don’t care about your LB posts :slight_smile:

isn’t HTTPS still vulnerable to man-in-the-middle attacks, and since companies normally require the use of their gateway proxy - it’d be easy to snoop on such ‘secured’ traffic…

my understanding of the law was, although you are using the work equipment they were only allowed to “monitor/look” at work related emails for example. If your wife sends you a birthday suit pic for example that would be considered private to you and the company should not be snooping. even if it is to your work domain

> Companies have been monitoring traffic going over their network for decades. Nothing new there. The fact that the a European court has upheld a verdict in the company’s favour doesn’t mean much. Most people either don’t even realise their traffic is being monitored, or don’t care.

That it got to court suggests it does mean something. It’s long been felt that a right to an expectation of privacy trumps an employer’s right to find out what their employees are doing, but this is a test of that that’s come down on the side of the employer.

>Isn’t HTTPS still vulnerable to man-in-the-middle attacks, 

Not in itself. It’s still, generally, predicated on a trust store that’s shipped with browsers and OSes, and if a company puts their certs into the store on all company machines, then they can effectively MITM all the SSL traffic. That’s not a vulnerability, though, so much as working as intended. It’s a flaw with the trust model, not SSL/HTTPS. But, yes, it’s best to assume that any SSL from a company-issued PC is broken.

You can tell if you’re being MITM’d by looking at the certificate chain of trust in your browser. Compare it to the chain from a trusted machine/connection. If you see additional certificates not normally present then that’s a big give-away someone is snooping on HTTPS traffic.

So my understanding is that he was using Yahoo chat messenger for work and Personal messages, I can’t see the problem and agree with the court. 

yes, forgot about certificates + signed keys… without, you can’t verify the key pair, you only know that you communication is secure to the endpoint, just not what that endpoint is. I also wonder how vulnerable https would be to a known plaintext attack, since the http protocol is pretty standard (only ask as people seem to know things here :slight_smile:

You can perform a MITM attack whilst displaying a valid certificate and valid certificate chain to the victim, if you splash enough cash you can even purchase a fancy certificate with a green address bar and padlock :slight_smile: Check out SSL Strip 

I’d be more worried about the IT department snooping on your internet traffic than the actual company :wink:

I am the one who watches, and I really don’t give a shit what people are doing on work internet as long as they’re not using up all the bandwidth.

I watch the watchers! and I also couldn’t care less

I bet Alfie’s web sites are boring

@Wise - yup usually computer game websites…

I am the one who watches, and I really don't give a shit what people are doing on work internet as long as they're not using up all the bandwidth. ILikeTurtles
Yep.  This.

You mean can read everyone’s email?  Yes but with the archives as well there are in excess of 5TB of emails, I do not have the time, motivation or the inclination to be reading your crap, I don’t that the time, motivation or inclination to read half of the crap I get.

@The Sleeper, it depends on what your companies contract of employment/employee handbook/IT polices states.  Where I work the company reserves the right to monitor what you do on company equipment, and therefore the right to privacy is moot.  As for birthday suit images, we have had several of those over the years, and we have a image filter that looks for skin tones and therefore inappropriate images.  Several people have fallen foul of that. 

One company that I worked for, to prevent any problems actually installed an Internet Café in the building for anybody to use for private internet usage.  Where I am now we install a wifi system that is not connected to the corporate systems so that people can use that instead.

Do people often get fired for this stuff though? I must admit I have clicked on some NSFW stuff accidentally while browsing Reddit in the past. Or the ads on a website might be slightly NSFW “buy a Chinese/Russian bride”. Wonder if just typing" NSFW" flags some sort of notification with IT.

In some companies yes, mainly if it’s a repeated offence. Though Reddit would normally be already on the list of blocked sites.

There’s nothing that just scans for you visiting things that self-identify as ‘NSFW’ - that’s there just so you know that if you click on them you might end up with a massive picture of a nazi on your screen or something. Normally nobody really cares - unless they’re particularly awful people your IT department gives zero fucks what you’re doing on the Internet outside of what they’ve been told to enforce as a business need. That’ll generally be a block on what you’re doing (so making the things you shouldn’t be doing impossible to do), and occasionally be a search for some evidence to back up a wider claim of laziness or incompetence. It’s never likely to be just the list of sites you’ve visited that’s used to fire you, you normally have to have actually demonstrably not done your job, or done it wrongly, first.