Surfing at Work

Sometimes I write e-mails using a web based format (yahoo). When the e-mail
is of a personal issue I use megaproxy because it is SSL. Our PCs at work
have Windows 2000. Is it safe to assume that my e-mails are kept private
from my employer since they are sent using SSL? Does Winodws 2000 Server
have monitoring tools built in or would our employer have to purchase such
monitoring tools seperately?

Also, its my understanding that using a keyboard log program is illegal.
Is this correct?

Thanks

HB2

"HB2" <> wrote in message
news:Lll6d.275208$Fg5.251822@attbi_s53...
> Sometimes I write e-mails using a web based format (yahoo). When the
> e-mail is of a personal issue I use megaproxy because it is SSL. Our PCs
> at work have Windows 2000. Is it safe to assume that my e-mails are kept
> private from my employer since they are sent using SSL? Does Winodws 2000
> Server have monitoring tools built in or would our employer have to
> purchase such monitoring tools seperately?
>
> Also, its my understanding that using a keyboard log program is illegal.
> Is this correct?
>

Let me start with your last question. I'm not 100% sure the legalities of
using a keystroke logger but it is definately an unethical practice. Your
best bet is assume that your computer and its data transmissions are being
watched. Using a web mail like yahoo etc. is certainly within bounds of
most employers and the preferred method by many admins./company execs. Of
course there is always a darker side of things, such as very curious admins
that have no business in your personal email - but are still looking at it.
SSL will prevent much of this sort of thing and is always a sure bet.
Generally employers will need to buy third party software in order to get a
clear view of your internet activities, but there is always open source
software that can be used for this as well. Windows 2000 doesn't have
anything that will track your activites - not known publicly at least!

Mr. Babco

In article <Lll6d.275208$Fg5.251822@attbi_s53>,
says...
> Sometimes I write e-mails using a web based format (yahoo). When the e-mail
> is of a personal issue I use megaproxy because it is SSL. Our PCs at work
> have Windows 2000. Is it safe to assume that my e-mails are kept private
> from my employer since they are sent using SSL? Does Winodws 2000 Server
> have monitoring tools built in or would our employer have to purchase such
> monitoring tools seperately?
>
> Also, its my understanding that using a keyboard log program is illegal.
> Is this correct?

The simple answer is that your employer owns everything that crosses
it's network and has a right to inspect anything on the network. Your
employer also has the right to fire you for theft of company resources
and turning in false time reports.

Actually, in addition to the above, it's very easy to SEE you connected
to the proxy service through the firewall. Since there is little reason
for you to have an outbound SSL connection you abuse of company policy
will stand out like a red beacon in the night.

All versions of Server have monitoring tools, but it's a lot easier to
monitor the firewall to catch abuses like yours.

--
--

(Remove 999 to reply to me)

Leythos

In article <Lll6d.275208$Fg5.251822@attbi_s53>,
says...
> Also, its my understanding that using a keyboard log program is illegal.
> Is this correct?

Amost forgot to address this - it's their computers, their network,
their company, they can do anything they want with it and don't have to
tell you squat (at least in the US).


--
--

(Remove 999 to reply to me)

Leythos

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

HB2 wrote:
| Sometimes I write e-mails using a web based format (yahoo). When the
e-mail
| is of a personal issue I use megaproxy because it is SSL. Our PCs at work
| have Windows 2000. Is it safe to assume that my e-mails are kept private
| from my employer since they are sent using SSL? Does Winodws 2000 Server
| have monitoring tools built in or would our employer have to purchase
such
| monitoring tools seperately?
|
| Also, its my understanding that using a keyboard log program is illegal.
| Is this correct?
|
| Thanks
|
|
Actually, there is a good reason for them to be even more suspicious if
they find you doing it - how do they know you're not using it to send
confidential company data off site? Rather than try to be underhand
about it, why not just ask them what their policy is?


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBWsa9qmlxlf41jHgRAk6zAJ4kostj4MZZ+IVklUFyXN AxQnq17gCePkuj
wRB14n5vlygUShXPr7I6Mlk=
=1R0Y
-----END PGP SIGNATURE-----

andy smart

HB2 wrote:

> Sometimes I write e-mails using a web based format (yahoo). When the e-mail
> is of a personal issue I use megaproxy because it is SSL. Our PCs at work
> have Windows 2000. Is it safe to assume that my e-mails are kept private
> from my employer since they are sent using SSL? Does Winodws 2000 Server
> have monitoring tools built in or would our employer have to purchase such
> monitoring tools seperately?
>
> Also, its my understanding that using a keyboard log program is illegal.
> Is this correct?
>
> Thanks
>
>
If you are doing something that you feel your employer would rather you
didn't then you shouldn't be doing it. Do you walk into friends houses
and take over their TV and video recorders for your own purposes? Of
course you don't, so why take liberties with your employer's time, money
and equipment?

If you are writing emails that you would not like your employer to read,
don't do it at work dummy!

There are monitoring tools that can record an entire data stream however
fragmented, reassemble it and play it back. You wouldn't know wether
your employer had these tools until it was too late (Probably at the
point you are sacked)


--

------------------------------------

Real email to mike. The header email is a spam trap and you will be
blacklisted,
submitted to anti-spam sites and proably burn in hell.

Mike

In article <Lll6d.275208$Fg5.251822@attbi_s53>, HB2 wrote:
>Sometimes I write e-mails using a web based format (yahoo). When the e-mail
>is of a personal issue I use megaproxy because it is SSL.

http://groups.google.com

and search for the "Surfing at Work" You'll find this covered very
well - and even find postings from wankers who have been fired for
this, whining that the employer had no right to do that to them.

>Is it safe to assume that my e-mails are kept private
>from my employer since they are sent using SSL?

Do you honestly think that because your SSL session (trivial to detect)
can't be decoded, the employer is going to ignore it? You are either
extremely stupid (and should be fired as unsuitable for the job) or are
on drugs. If they are prescription drugs, contact your doctor immediately.

>Does Winodws 2000 Server have monitoring tools built in or would our
>employer have to purchase such monitoring tools seperately?

You're joking, right? And you haven't seen ANY posting in this group
about stuff that runs on the firewall.

>Also, its my understanding that using a keyboard log program is illegal.

Don't ask for "legal" opinions on Usenet - they're worth less than what
you paid for them. Consult your own lawyer. And this has also been
covered many times on Usenet.

>Is this correct?

You're posting from an IP address allocated to Illinois. IF you can prove
to a judge that you were never warned that your use of the computer may
be monitored, you might get a finding in a "Wrongful dismissal" case. Do
let us know.

Old guy

Moe Trin

On Tue, 28 Sep 2004 22:12:59 GMT, "HB2" <> wrote:

>Also, its my understanding that using a keyboard log program is illegal.
>Is this correct?

Whose laws are we talking about.

Who owns the computer.

Who is paying you to surf the net?

Does your company have a policy. Some might
terminate you for doing these things.


--
Jim Watt
http://www.gibnet.com

Jim Watt

"HB2" <> wrote in message
news:Lll6d.275208$Fg5.251822@attbi_s53...
> Sometimes I write e-mails using a web based format (yahoo). When the
e-mail
> is of a personal issue I use megaproxy because it is SSL. Our PCs at work
> have Windows 2000. Is it safe to assume that my e-mails are kept private
> from my employer since they are sent using SSL? Does Winodws 2000 Server
> have monitoring tools built in or would our employer have to purchase such
> monitoring tools seperately?
>
> Also, its my understanding that using a keyboard log program is illegal.
> Is this correct?
>
> Thanks
>
>

My $.02 worth. I am in Australia. Our corporate security policy disallows:
- Web based email. Reason: The mail and its attachments do not pass through
our firewall (as email) or antivirus.
- Unauthorised encryption of email including smime and pgp. Reason: Again
the difficulty is with checking content for fraud, theft or malware.
- Unauthorised inspection of email by IT admins. Reason: Its a people
problem and only HR can authorise inspection.

It does allow reasonable personal use of email - this discourages (but
doesn't cut out) abuse.

One other thought I've had is that the use of Baysean Inference for Spam
filtering could be extended for other purposes like automated checking for
commercial espionage, fraud and other abuses without human inspection. Once
alerted an admin/HR person could manually check.

Last thought, "Do you have an Internet connection at home?"

David Fosdike
dfosdike at nospam(leave this out and change 'dots' and 'at') dot elders dot
com dot au

David Q F

On Tue, 28 Sep 2004 23:56:12 GMT, Leythos <> wrote:

>In article <Lll6d.275208$Fg5.251822@attbi_s53>,
>says...
>> Sometimes I write e-mails using a web based format (yahoo). When the e-mail
>> is of a personal issue I use megaproxy because it is SSL. Our PCs at work
>> have Windows 2000. Is it safe to assume that my e-mails are kept private
>> from my employer since they are sent using SSL? Does Winodws 2000 Server
>> have monitoring tools built in or would our employer have to purchase such
>> monitoring tools seperately?
>>
>> Also, its my understanding that using a keyboard log program is illegal.
>> Is this correct?
>
>The simple answer is that your employer owns everything that crosses
>it's network and has a right to inspect anything on the network. Your
>employer also has the right to fire you for theft of company resources
>and turning in false time reports.

You make some false assumptions. First, privacy laws and employee
rights vary by country. The EU, for instance, is much more protective
of employee privacy than the US, even when the employee is using
company resources on company time.

Second, I for instance do not fill out a time report as I am a
salaried employee. The OP may not do a time report either.

As far as theft of company resources, what is "stolen"? It may be more
accurate to say "unauthorized use" of company resources, which is
certainly a different concept than theft. While unauthorized use can
be grounds for discipline or termination based on violation of company
property, it is not a criminal act like theivery.

Mark Landin