haniboo

i still do not get this, even after reading some other related threads. please help!

1. on work machine at work, if i READ my yahoo or gmail, can they read it too?
2. if i reply to mail, can they read what i've typed, or what is on the screen?
3. if on work's laptop, can they read my gmail mail?
4. if on work's laptop can they see what is on my thumb drive, aftter i have used it?

thanks

i am not asking about the legal aspects, just if they are able.

Aus_Mal

Never consider any actions on a computer to be secure. Especially when others have access to that machine.

1. Technically yes. Keyloggers/screen grabbers could get this information, and some other ways may be possible based around Internet caches on proxy servers etc.
2. Same answer as 1).
3. Similar to 1). If your password is compromised, then your email is readable.
4. Not really, but in an extreme case they would be able to (if they had remote access to your computer, they could technically copy the data off the key).

There are also other possibilities such as a camera watching you at work, or colleagues sitting behind you being able to see what is on your screen. Not everything is IT related!

stut

If you're using GMail, you have the option to use HTTP or HTTPS (check to see, when you access it, whether the address of the page starts with one or the other).

If you use the former, then anybody on your local network can, in theory, snoop anything you are reading or sending. A simple tool like Wireshark with WinPCap installed will let you do this. This applies whether you use a work PC or laptop on the work network (or, if you use a laptop connected to a VPN without split tunnelling enabled).

If you're using HTTPS, this method can't be used (well, never say never for encryption, but you can assume it's safe enough).

It's also possible to install other 'snooping' software on PCs or laptops (which is why you should be extremely careful in internet cafés) but these are pretty rare in the corporate world (these days, at least).

On a thumb drive, it depends on config, but once it's removed from a PC, you generally can't read it, unless any of the information is written to a temporary storage on the PC, and not deleted immediately.

mauld

In a word YES. As a regional manager for a major financial institution one of my duties was reading thru e mails, private, personal, work related, Bloombergs etc, etc. My company subscribed to a service that would get all communication in/out. It was sift through it for key words "bank, guarantee. promise, guess, names of any other company etc".... It would also pull out random e mails for review. I would be sent these pulled out messages, have to read through them, iniital and respond back that all was ok, if not and I found something wrong (and by that I mean anything from someone supposedly promising a client something, to an off color joke between 2 friends in a personal e mail) I had to submit a report. Some of the stuff I had to read through, was -- how do I say.... 'interesting' Especiallly as we had a bunch of younger guys who would routinely email their friends regarding their weekend exploits.
So, be aware -- everything and anything going through your company's computer can be read AND KEPT by someone other than yourself.

civicmon

Should work in the sense that anything you do on a work PC is not considered to be private.

On their machine, on their network, don't expect privacy.

redreeper

Yup. A friend of mine had a co-worker fired for sending porno through the work email. They watch, mostly for security, but porno gets you fired.

I make sure to let anyone with email/computer security questions know that if someone REALLY wants to see your personal info, etc., they can do it - easily in fact. Keystroke/screen snapshot recorders can be installed on your PC by anyone with a few minutes of access to it, and they can sit somewhere remotely and watch every word you type and every site you visit. Ladies....keep this in mind when leaving a "friend" alone with your home PC - you won't even know the program is on there. Very, very creepy.

lavalyn

Assume all workplace computers are "compromised." It'll do you good.

Please don't go down this path, as the end result will only make life worse for everybody. Except Microsoft, when they decree that "for your safety, only programs signed by a Trusted Application Publisher can be run."

Windows users implicitly trust Microsoft with Automatic Updates. Norton Antivirus users implicitly trust Symantec with virus definition updates. Heck, Geek Squad customers implicitly trust Best Buy with proper computer care. Suggesting that nearby "friends" are the most likely to do something like this is scaremongering.

SmilingBoy

Surely this is illegal if you are actually reading e-mail from private e-mail accounts like Gmail.

Work e-mail is a different story.

lavalyn

On the contrary... if they're using the work Internet connection, there should be no expectation of privacy over email, often characterized as an "electronic postcard." Furthermore, "major financial institutions" have every reason to want to curtail crimes of information, such as insider trading.

Your jurisdiction's laws may differ.

yosithezet

If you are reading this e-mail on company owned equipment then why would you think it is illegal for the company to keep tabs on how that equipment is being used?

GUWonder

The way most people use gmail at work, it's possible for others to read it.

So far, in the jurisdictions which are most relevant to me, email and internet activity doesn't have the privacy protections which may be applicable to phone calls to/from a work telephone line/phone. So while it may be illegal for a company to tap the workplace phones used by employees and record all their calls without prior announcement, it may not be illegal for a company to tapthe workplace computers of employees and record all their activity without prior announcement.

HereAndThereSC

Like everybody said... if it's on company equipment, wires, etc, they are legally allowed to snoop through it.

Get your own laptop, and use a wireless card (sprint, verizon, etc). It's not perfect but at least it's your personal stuff.

JP

ClueByFour

Nope. In the United States, anyway, the ECPA of 1986 gives the employer a ton of leeway in snooping, among other things, their own transmission medium. Most mulitnationals probably also require a privacy wavier (we do it, to keep the EU happy).

As a general rule, don't read it from a work computer or using a work internet connection if you don't want work to know about it.

CrazyOne

Our employees all sign a policy that says we have the right to review anything they're doing on our equipment and/or over our networks. The practical reality is that as a small company we are not spying on everything they do, though. We have certain restrictions (via server or gateway hardware) in place in some cases. And we do occasionally dig into our company email accounts to see what is going on. I too have had to weed through some "interesting" stuff. But that's about it. It's funny how readily people send ridiculous and personal stuff through the company email even when they could easily set up and log into a personal account without attracting much attention.

From a user perspective, unless you know a lot about the structure of your systems, assume anything can and will be noticed. I'd say it's more likely in a larger company vs a small one. The most likely thing to be tracked is the actual web usage itself, not specifically what you are typing, but the latter can indeed be collected as well. Generally a little personal net use is tolerated, but this varies widely by company, position, etc. Also what type of service is allowed or tolerated varies from place to place. (Example: maybe email and a bit of online news or weather is reasonable, maybe blogs or forums or instant messaging more likely to be seen as inappropriate.) But tolerated is not the same as having privacy; it may still be monitored.

Each aspect of this is separate. The technical capabilities are separate from what the company actually has in place which is separate from any legal aspect. The less you know about where the particular company stands, the more cautious you should be. Unless, of course, you *want* to be reprimanded/fired/sued/arrested (depending upon the activities in question).

redreeper

No, not scaremongering. It actually happeed to me, completely unexpected, extremely creepy, and if you let the nice neighbor next door in to water your plants while you're on vacation make sure your home PC is protected before you leave so spy programs cannot be installed. Good advice, free of charge