I broke this thread out as it doesn't really deal with USB-C and is an important topic. Mods feel free to merge if required...
Originally Posted by
Visconti
Got it. This is very helpful. Sometimes, I have sensitive financial portals, apps and websites that I must access for long periods of time when away from home and office. While I couldn't care less who knew I'm on those sites, my concern is if any of the information or access becomes compromised, I'd have a problem on my hands. Oh, and, many years ago our IT person observed that I seemed to be on espn.com more than any other website, which caused a chuckle with those in the room. So, all things being equal, while I never go anywhere exotic, I'm one of those stubborn Americans who are zealous about his privacy,
So there are others on this board that are way way smarter and better informed than I am about this topic. But that said... If you see https in the address bar, the contents (in general) are encrypted and protected from whoever is the internet provider (hotel, coffee shop, airline). They can see where you went (and what time and for how long and other meta data) but not the contents (unless they have broken the encryption). If you add a VPN, the internet provider is now the VPN company. The hotel/coffeeshop/airline only sees you have an encrypted connection to them. They won't know where you went. If you use something like TOR, same thing, the hotel/coffee shop/airline only knows you went to a TOR entry node. In the case of the VPN, they know where you went, but not the contents (unless they broke the encryption). Most VPNs claim that they don't log connections, but there are some that do due to laws/regulations and won't admit to it. Regardless,
Your IT guy might have found out depending on how your internet connection was structured... most likely a proxy of some sort (on premise or remote depending on when this was). Most companies don't look at the logs, but many will filter based on risk (mostly reputational but could also be "physical").
Now, to answer about sensitive portals/sites... It really depends on the client. Some of them have layer upon layer upon layer (and so on and so forth) of protection as the data is critical and could compromise a lot of people. For them, the most likely compromised place is sitting between the chair and the keyboard. There's phishing, keyloggers, people who don't like passwords (especially multiple passwords) and so on and so forth (that discussion would take a REALLY long time). Best thing when I'm asked is to question everything and have good computer hygiene. Keep your system up to date (as much as certain people think it's a great inconvenience...wait until they get compromised) and keep any anti-malware stuff up to date. Keep different passwords and always enable multi-factor authentication. If you archive stuff, make sure it's encrypted (if online) or taken offline (eg, USB keys or some other removable media). There are tools out there that can help you.
There are more things you can do depending on how paranoid you are... but let's keep this nice and simple (so far).
