22 replies to this topic

[someuser]

I just read this article http://bits.blogs.ny...?pagewanted=all about workplaces monitoring/taking snapshots of workers computer desktop. Is there any way to know if I have something like this going on my work laptop?


Thanks in advance.

[EdmundM]

The tool hijackthis generates a good log file of all the stuff going on. Then googling the unknown processes and services lets you find out pretty quickly whether there are any threats.

[Telastyn]

Not if the software is smart/good or if you've got limited rights on the machine. The quickest and easiest way is to ask. If your manager doesn't trust you enough to have open communication... then you know.

[UltimaX]

I'm still not 100% sure because that would defeat the purpose of it. If hijackthis could pick it up then the administrator could simply block that program via group policy; problem solved.

We do this to some (very minor) extent when we are asked to, but it's through a server. The fire stations use VPN for now (until they get fiber ran to them) and they have to RDP into the fire stations main server to run the software for their reporting. When this happens you can simply interact with their session and do it in view only mode. This allows you to watch them in real-time and they have no clue they are being watched. I'm sure there are plenty of other ways, but this has worked so far from what was needed. So it is possible to do it without being detected both locally and remotely when needed.

[someuser]

Not if the software is smart/good or if you've got limited rights on the machine. The quickest and easiest way is to ask. If your manager doesn't trust you enough to have open communication... then you know.

I asked. He said he doesn't know and I believe him, he is a good man.

I'm still not 100% sure because that would defeat the purpose of it. If hijackthis could pick it up then the administrator could simply block that program via group policy; problem solved.

We do this to some (very minor) extent when we are asked to, but it's through a server. The fire stations use VPN for now (until they get fiber ran to them) and they have to RDP into the fire stations main server to run the software for their reporting. When this happens you can simply interact with their session and do it in view only mode. This allows you to watch them in real-time and they have no clue they are being watched. I'm sure there are plenty of other ways, but this has worked so far from what was needed. So it is possible to do it without being detected both locally and remotely when needed.

You're right about hijackthis. I can't even install this kind of stuff. But where can I found more info on your "method"?

[Malal]

There are lots of ways to monitor your activity without needing anything installed on your machine, mailboxes can have access rights changed to allow admin/managers to view your emails, if your company uses a proxy server then they can see where people and probably who is viewing which sites.

I think it unlikely that you are being monitored unless you have given your company a reason to suspect you need to be

[Tachikoma]

This may not be a reliable method, but see if you can monitor graphs on your machine. Look out for unusual, but regular load spikes in network activity and CPU usage.

Process Explorer lists processes loaded on the machine, although it may not reveal rootkit based monitoring applications.

TCPView gives you a list of processes that either listen or communicate through a network port.

Running Wireshark might be an option, although I can't remember whether it requires admin privileges to capture network traffic.

If you have browsing access to the Program Files dir, you could see what's installed, and google up stuff that looks suss.

[someuser]

I think it unlikely that you are being monitored unless you have given your company a reason to suspect you need to be

I think too I'm not. But I prefer to be in control of what's going on my computer. I want to know if to limit my gmail reading, skyping and etc. . These things don't reduce my productivity and I dont have terrible secrets, but I dont want someone else to look on it.

[frob]

workplaces monitoring/taking snapshots of workers computer desktop ... But I prefer to be in control of what's going on my computer. I want to know if to limit my gmail reading, skyping and etc.

Does it matter? You should always assume they are.

You absolutely should limit your work activities to things that are work related or to activities that have explicit or tacit approval from your employer.




Actual law depends on location, but for most of the world employees have very few privacy rights with anything involved at work.

Employers can generally search their employee's cubicles, desks, and personal possessions kept in the office, much like you can search any room in your home or go through your child's backpack. Corporate objects belong to the company and they have no expectation of privacy. Personal objects you leave in the office have very little expectation of privacy.

If this is a work computer you really have no right to anything on it since it isn't yours; courts routinely find that you have no expectation of privacy on work computers, work networks, work email, or Internet access at work. Anything that goes through the corporate network or exists on a corporate computer is subject to inspection and review by the company. It is the company property, you are using it on the company's behalf, for the company's purposes.

They are probably not monitoring everything you do, unless you are working at a casino or other high-security job. They are most certainly logging your email communications; constant risk of lawsuits means mandatory data retention policies for these and other important tidbits. Some companies will have rolling taps for "training and performance monitoring purposes", and in many places they don't need to tell you since it was in your employment contract. Sysadmins can grab a constant live view of what sites you are viewing, what network connections are open, and what resources are in use, and have logs of what everyone does; again this is normally just ignored but when they start using the tools to check it out there is a very good chance the sysadmins will know exactly what you are doing every moment of the day.

You may not feel like it, but the company has some liability for everything their employers do with their equipment. Your employer is unlikely to be monitoring you while you check your gmail, but legally they generally have the right to watch what you are doing on their equipment. They have every right to fire you if you break corporate policy on your personal account if they happen to discover it was done on company equipment or on company time.

Of course, if they use that information to break into your gmail account or bank account or other non-work system, then they have gone too far. That is a different matter.



Just assume your company is monitoring everything if they own the computer. Assume that anything going through the corporate network is also monitored. The company generally has a legal right to do so, and can respond to anything they discover. If you are concerned about computer privacy leave the office and do it elsewhere.

[DarklyDreaming]

Even if they don't directly 'monitor' your workstation per say, they can still log and see pretty much anything you have done in retrospect. So no, it'd be very unwise to ever assume you aren't being monitored -- not that I think an employer monitoring his employees is very healthy; it implies mistrust and that is never good in a working relationship...

[swiftcoder]

Running Wireshark might be an option, although I can't remember whether it requires admin privileges to capture network traffic.

It does, but you don't actually have to run it on the machine in question. Proxy your connections through a second box and run wireshark on that (or make the second box the router for the local network).

[Khaiy]

+1 for frob's comment. It's probably prohibitively expensive to check up on you all that intensely (the risk of your misuse of equipment/data would have to be fairly high to pay someone to track all of your activities). But that doesn't mean that your use isn't being reviewed shallowly and regularly. I think it's also a good idea generally not to underestimate some manager's penchant for allocating resources poorly.

Because it isn't your computer you are only going to have so much ability to control it and what it does. I am consistently annoyed at the limitations on my work computer which prevent me from doing basic maintenance to keep it running well for my work needs, especially since those limitations wouldn't do much to stop me if I really wanted to cause trouble. But since it's theirs, I have to tolerate it.

If you don't want your employer to know that/when/how often you check your personal email or use skype you should use a different computer, one that you own. Your employer probably has the ability to check a log of your activities at any time, at a minimum. Even if you could reliably get around this monitoring, I would advise against it. Going out of your way to avoid having your activities tracked on a work machine will be extremely suspicious and impossible to defend.

[ApochPiQ]

Pfft, nobody's monitoring your life. Your secrets are safe.




But I will say that your wallpaper is a bit over the top. And you might want to stop calling that one woman late at night.


Also: midgets? Really?

[alnite]

Did you attach a monitor to your PC? I assume so. So, yes, your PC is monitored!

[swiftcoder]

When you're done folding your tinfoil hat, you probably ought to line your walls with lead, to prevent EMR snooping of your monitor's contents through the walls.

[Promit]

I have a question. It's been established repeatedly that employees do not have a reasonable right to privacy on their work computers or phones. However, has it been settled whether the employees have a right to know whether monitoring is in place? There's two pieces to that: 1) are you required to notify them actively, or 2) are you required to answer truthfully when asked?

I am honestly curious. I could search the case law I guess, but meehhh.

[RivieraKid]

I think perhaps some things may be wrong here in the thread.

It is illegal in the UK for companies to monitor CCTV in their office without reason. I assume this applies to all personal data. If you are reading your emails they cant read your emails without reason. They can record it but they cant read your emails for a laugh. Its still breach of privacy. Surely if this wasn't the case what is stopping starbucks from reading plain text msn messages on their network. After all its their property, their business and you are there on their behalf.

They can detect you are on gmail.com but they cant go deeper than that,

They have the tools, they dont have the rights. This depends on the law in your country.

[DarklyDreaming]

I think perhaps some things may be wrong here in the thread.

It is illegal in the UK for companies to monitor CCTV in their office without reason. I assume this applies to all personal data. If you are reading your emails they cant read your emails without reason. They can record it but they cant read your emails for a laugh. Its still breach of privacy. Surely if this wasn't the case what is stopping starbucks from reading plain text msn messages on their network. After all its their property, their business and you are there on their behalf.

They can detect you are on gmail.com but they cant go deeper than that,

They have the tools, they dont have the rights. This depends on the law in your country.

But on Starbucks/McDonalds/etc. you are a customer -- at work, you are an employee. There is a large gap between the two. I don't think anyone's saying: "hey, you're at work, so it's totally cool if they take your phone and check your texts" -- which would be an obvious breach of privacy. Rather, I think the message is: "if you're at work, using a computer provided to you by the company to execute work, expect zero-privacy given the 'business' nature of the deal."

[Prefect]

I would hope that the employer is forbidden from breaching your privacy. And, honestly, you shouldn't just cave "because it's a business relationship". I call bullshit on that. Being an employee does not make you a slave to your manager / the business owners. You remain a human being with all the rights that go with that, even as an employee. (This really should go without saying, but it seems like in this day and age, it needs to emphasized again.)

Now, they may have the right to fire you because you checked private email during work hours. But even if they have that right, you should still be able to sue them for compensation if they violate your privacy by reading the private mail you accessed.

At least, that's the "how it should be", from an ethics point of view. Obviously, how it actually is according to the law is going to depend on which country you're in. The differences are surprisingly large.

[frob]

I have a question. It's been established repeatedly that employees do not have a reasonable right to privacy on their work computers or phones. However, has it been settled whether the employees have a right to know whether monitoring is in place? There's two pieces to that: 1) are you required to notify them actively, or 2) are you required to answer truthfully when asked?

I am honestly curious. I could search the case law I guess, but meehhh.

Depends on the location.

In the US there are basically two considerations judges and juries need to consider. They need to ask if there is a "reasonable expectation of privacy", and they need to decide on the balance of the privacy interest of the individual vs the interest of the corporation.


IIf you would normally HAVE an expectation of privacy, then as far as US electronic communications are concerned there is a three pronged test: there must be an established written policy, plus any one of the three conditions (1) one of the parties has given consent, (2) there is a legitimate business reason or (3) the company needs to protect itself.

f you would normally NOT HAVE an expectation of privacy, then they would not need to provide notice. If a normal person would not expect privacy they generally don't need to tell you.

If the policy exists any one other condition is satisfied than US federal law permits archival and reviewing without further notice. If you ask, the federal law requires only that you point them to the written policy saying it is allowed to happen, not that you need to tell them if it is actually happening.

Naturally the state and local laws vary by location; some states require both parties to be notified if the notification route is followed, some states require annual disclosure, etc.

Some groups do not need permission to record things and can lie about it. For example, there was a long-held myth that narcotics officers were required to tell you if they were recording conversations when you asked. It was a very useful myth for police. The drug dealers would ask 'Are you wearing a wire?', the copy would lie 'Nope, and I'm not a cop or I'd have to tell you I was if I wanted it in court', the dealer would sell the drugs, the arrests were made, and the conversation was used in court.

Google has turned up a 100+ page book, "Compilation of State and Federal Privacy Laws" By Robert Ellis Smith, that seems to cover each of the cases about what various groups must disclose, who they must disclose it to, and what the different groups are allowed to lie about. It applies only to the US, but the fact that it is 100 pages of dense type makes me believe any answer will have location-specific and context-specific nuance.