Is my livejournal now visible to my employer because my friend accesses livejournal from work?
November 12, 2008 6:33 AM   Subscribe

You could get instant peace of mind if you copied your LiveJournal contents, closed it down, and moved it to some other account. I do think you have some cause for concern, since the traffic can always be logged, but the more time that passes without access to your LJ account the less of a big deal this will be due to the likelihood of people only bothering to look at recent stuff.
posted by crapmatic at 6:48 AM on November 12, 2008

I put a nice little disclaimer on my profile page (before deciding that I was done with blogging for good). It's a pretty standard disclaimer that people append to emails that they send. It's something of an ass-cover, but mostly just a peace-of-mind thing which looks official and scary and will probably prevent anyone from taking any action should they potentially find your blog.

"The information contained herein is intended only for the persons or entities explicitly listed as "friends" and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient(s) is prohibited. If you receive this in error, please contact the sender and delete the material from any computer. The views expressed in this electronic document are those of the author and not necessarily those of any organization to which he belongs. Additionally, ownership over all intellectual property created and published in this format does not and can not pass to any third party without the documented consent of the author."
posted by greekphilosophy at 6:52 AM on November 12, 2008 [2 favorites has favorites]

She's definitly not right about using Lotus Notes. All http traffic can be logged without users detecting it. There's commercial products for this which removes virus from web pages, censores text, etc.
posted by flif at 6:53 AM on November 12, 2008

Second flif. The only way to bypass work monitoring is to use a secure tunnel to a remote proxy, and send all internet traffic through that proxy. It doesn't matter what client you use to connect to the internet on your PC, if your work controls the uplink, they can see any traffic that is unencrypted.
posted by knave at 6:56 AM on November 12, 2008 [1 favorite has favorites]

Example of Linux based invisible http logger/proxy: cookbook.
posted by flif at 6:56 AM on November 12, 2008

Take a deep breath, it's not nearly as bad as you think.

First of all, your friend is totally wrong, as others have pointed out. Now, questions about workplace monitoring are often asked, and the broad consensus among people who have worked in corporate IT (myself included) is that they don't care nearly as much as you think about the specifics of your surfing, as long as it's not obviously porn or hate speech. If you have "friends only" security, no one is going to take the time to try to access your site using her credentials. Honestly, even if your security was wide-open, odds are pretty good that no one in IT would take the time to visit your (and I mean this in the most objective, non-judgmental way) insignificant website anyway- it's just not on their radar. They're concerned only about (a) the volume of web traffic someone has overall and (b) domains that are specifically flagged as badbadbad.
posted by mkultra at 7:34 AM on November 12, 2008 [4 favorites has favorites]

knave writes "The only way to bypass work monitoring is to use a secure tunnel to a remote proxy, and send all internet traffic through that proxy."

Even that isn't proof as the business owns the client (in both senses) and could be monitoring everything she types and clicks on.
posted by Mitheral at 8:15 AM on November 12, 2008

It's something of an ass-cover, but mostly just a peace-of-mind thing which looks official and scary and will probably prevent anyone from taking any action should they potentially find your blog.

It's unlikely that a disclaimer like that will have any effect whatsoever.
posted by grouse at 8:18 AM on November 12, 2008

As I said, grouse, mostly just a peace-of-mind thing, but also a general "willing suspension of disbelief" type disclaimer that may well have no legal force, but may prevent a lowly IT person from proceeding and risking a potential unsightly mess. It only has the power that people choose to give it, but I wouldn't be surprised if it was pretty effective at keeping people at bay. Nobody likes legalese.
posted by greekphilosophy at 8:25 AM on November 12, 2008

Monitoring for unauthorized use of network resources is our job - but taking an employees personal credentials for a non-work service and using them would completely and totally unethical, and would very likely get the IT person fired. It's also illegal.
posted by TravellingDen at 8:35 AM on November 12, 2008

What mkultra said. As someone in IT, I can safely say that we mostly don't care and/or have way more important things to worry about.
posted by joshrholloway at 8:45 AM on November 12, 2008

And as I said, greekphilosophy, it probably won't do any of those things. But enjoy your peace of mind.
posted by grouse at 8:49 AM on November 12, 2008

I can look at any screen on my network. It doesn't matter what proxy or workaround is being used, I'm visually watching the screen on my desktop....

Those who think they are circumventing corporate security through the use of proxies, etc... nope, they still know...

I'll skip the lesson about not posting anything online that can be attributed to you, that you wouldn't want your mother, your spouse, your children, your boss, your clergyman, or the police to know about.
posted by HuronBob at 8:51 AM on November 12, 2008

You are in the clear. Work doesn't care about your live journal.

Your friend could be in trouble. What she's doing in no way gets around any work 'net monitoring. In fact it would be pretty obvious to any observer that she's deliberately trying to get around the monitoring system. In most places this is a worse violation than what she's doing with it. She's known to deliberately attempt to go around company policy, which makes her a risk to the company.
posted by Ookseer at 1:13 PM on November 12, 2008

Yes, your friend is wrong. Lotus Notes is a (crap) browser, just like IE or firefox or opera. Unless your corporate IT is completely braindead with their implementation, all http access going out will be logged regardless of browser. It's trivial to do.

Also, another IT guy who runs the filters in my workplace saying - don't worry about it. We really do have better things to be doing than snooping on your livejournal page. To be honest, my ethics would stop me using her access on external sites anyway, and it would certainly prevent me passing on anything personal I learned by accident (you'd be amazed the stuff people just email forward to me unintentionally)

As far as livejournal goes, the password login is secured with https, and safe from anything but local system keyloggers, but there's ways of exploiting cookies - and there's always the logs or screencaps.

That your friend is spending her workdays browsing livejournal may be of interest to management, since they're the ones usually reading the summary reports, but I very much doubt even they'd want to pull up that level of detail of what she's reading - the URL summary is more than enough as a rule.

If it really worries you - remove her from your livejournal friends list if she won't stop reading your private material at work.
posted by ArkhanJG at 1:39 PM on November 12, 2008

I'm afraid greekphilosophy, that none of the IT places I've worked at pay the slightest attention to that kind of disclaimer. In almost all cases, they're not worth the bytes they're printed with, with the legal force of a wet duck.

In those handful of cases they would be enforceable - after stealing a login account, and prior to viewing the content - I'd already be breaking the law, and a lot of ethics codes to boot. Some pansy disclaimer is not going to make me sweat any more than they prospect of a decade in jail for breach of wiretap laws.

But as grouse says, enjoy your peace of mind.
posted by ArkhanJG at 1:56 PM on November 12, 2008

may prevent a lowly IT person from proceeding and risking a potential unsightly mess

I'm a lowly IT person, and my instant reaction to your disclaimer is a Nelson Muntz HA-HA.
posted by flabdablet at 2:01 AM on November 13, 2008

I'm concerned because my security is friends-only (and she is on my friends list)

LiveJournal, FaceBook, MySpace - and, for what it's worth, Metafilter - these are all built for the express purpose of sharing stuff. And since a secret shared is no secret at all, if you're putting anything up on any of these sites that could cause you grief if it became generally available: stop doing that.

If I were one of the OP's lowly IT people (I'm probably not, for what it's worth) I would probably be thinking about amusing myself by spending a little time technical- and social-engineering my way into their LiveJournal right about now. IT people love knowing where the bodies are buried.

I don't get why people fail to understand that stuff they publish on the net stays around, and I don't get why people are surprised when stuff they publish on the net reaches readers they didn't expect it to. Both of these things are just the nature of the net.
posted by flabdablet at 2:32 AM on November 13, 2008

« Older Career-shifting to alternative...   |   What are some actions/appointm... Newer »

This thread is closed to new comments.