Corporate IT folks: How much can you see of what users send?
August 22, 2016 2:07 PM Subscribe
I assume a network admin can tell if someone is torrenting Game of Thrones or actively watching pornography. But if I Slack someone in private "Man, Brian is the fucking worst," is that readable to you guys (I know, I know, none of you would ever care to—but is it possible?). If I send an email from my personal Gmail account over a work network, same deal is that readable? Again, I know most corporate IT folks would rather do almost anything rather than eavesdrop on what the idiots in marketing are emailing each other—just curious if it's possible.
Yes, absolutely it's possible. Whether they could be bothered is another matter. And it depends upon how the network is set up. But I would refrain from betting your life that it isn't possible it's happening.
posted by tillsbury at 2:12 PM on August 22, 2016 [1 favorite]
posted by tillsbury at 2:12 PM on August 22, 2016 [1 favorite]
Both Slack and Gmail encrypt their data in transit, so it would be harder than just looking at network traffic. Other sites, like MetaFilter, do not. But if your computer is controlled by your workplace, they could be logging every keystroke for all you know!
posted by beyond_pink at 2:15 PM on August 22, 2016 [3 favorites]
posted by beyond_pink at 2:15 PM on August 22, 2016 [3 favorites]
Response by poster: So if Slack and Gmail encrypt, how much harder is it to break? Like an afternoon or a week or months with brute forcing it?
posted by Peemster at 2:17 PM on August 22, 2016
posted by Peemster at 2:17 PM on August 22, 2016
Too hard for most people to bother. They would just log keystrokes. Send private mail from your phone with an encrypted app if you need to send private messages at work.
posted by tillsbury at 2:20 PM on August 22, 2016 [4 favorites]
posted by tillsbury at 2:20 PM on August 22, 2016 [4 favorites]
When I had a corporate job, there was "no expectation of privacy." As noted above, they can log every keystroke, if they desire. While I was still there, the company I worked for added software for screen sharing. The intended goal was to make it easier to get help with questions -- to collaborate via intranet without having to physically have someone come to your desk and look over your shoulder. My boss did not hesitate to use it as a spy tool. I know because she would do this and then send out team emails crabbing at people about the contents of their private conversations.
So, yeah, she could read it when you were typing your email because she could see your screen. This is a thing that is possible.
posted by Michele in California at 2:21 PM on August 22, 2016 [2 favorites]
So, yeah, she could read it when you were typing your email because she could see your screen. This is a thing that is possible.
posted by Michele in California at 2:21 PM on August 22, 2016 [2 favorites]
Best answer: I've been involved in investigations of employees as the investigating IT person. Things like Gmail which are encrypted in transit are not hidden at all. One employer used a screen scraper that took full screenshots every x seconds/minutes or when a new window was opened. This was used to see exactly what was on the screen to catch things that weren't easy or possible to log. Though extreme and used only for employees whose supervisor had a reason to be looking, there were a surprising number (25% maybe) of employees being watched. It was very difficult to know if the screenscraper was running on a machine to the point that I didn't know if it was running against me and I administered an installation of it.
posted by Clinging to the Wreckage at 2:23 PM on August 22, 2016 [10 favorites]
posted by Clinging to the Wreckage at 2:23 PM on August 22, 2016 [10 favorites]
Yeah, it's not them cracking encryption, it's them installing something to watch/capture your displayed output. It's trivial to have that going on without the average enduser knowing it's there or anything's happening, especially in managed installations where they have this ability as part of the normal suite of "remote administration" tools for all workstations.
Also, obviously anything you communicate in writing to another person is *also* visible on their end, including any screenshots or forwards they chose to make.
posted by Lyn Never at 2:27 PM on August 22, 2016 [2 favorites]
Also, obviously anything you communicate in writing to another person is *also* visible on their end, including any screenshots or forwards they chose to make.
posted by Lyn Never at 2:27 PM on August 22, 2016 [2 favorites]
if Slack and Gmail encrypt, how much harder is it to break?
Bigger businesses (and security aware smaller ones) install interception certificate authorities on the users' systems, such that while the data is encrypted, they can read it before it leaves the network.
Endpoint->Web Proxy->Public Internet
The security group has control over the encryption that covers the endpoint to web proxy, so they could watch/log that traffic. In reality, it's mostly flowing through Data Loss Prevention software that's looking to see if someone's e-mailing out SSNs, not looking for gossip.
posted by Candleman at 2:36 PM on August 22, 2016 [3 favorites]
Bigger businesses (and security aware smaller ones) install interception certificate authorities on the users' systems, such that while the data is encrypted, they can read it before it leaves the network.
Endpoint->Web Proxy->Public Internet
The security group has control over the encryption that covers the endpoint to web proxy, so they could watch/log that traffic. In reality, it's mostly flowing through Data Loss Prevention software that's looking to see if someone's e-mailing out SSNs, not looking for gossip.
posted by Candleman at 2:36 PM on August 22, 2016 [3 favorites]
Some companies are obliged to record and monitor all communications (email, chat, everything) and circumventing this can be a disciplinary offence. All email and all chat traffic gets sent to some enormous vault somewhere that can later be picked over by lawyers if necessary. I've also seen the thing where they intercept, decrypt, and re-encrypt all SSL/TLS traffic (by installing their own certs on your machine) - although this was mainly for the purpose of stopping malware getting in or private data getting out, they absolutely have the technical ability to read your "encrypted" gmail. Check the little padlock symbol in your browser, and look carefully at the certificate signing chain.
It's unlikely that anyone will be looking for "Brian is the worst"-type traffic; it's possible that it might get noticed while something else is being looked for - if the person you sent that message to is accused of, I dunno, running an insider trading ring with Brian, and all their chats mentioning Brian are searched, then your comment will probably come up.
posted by doop at 2:54 PM on August 22, 2016 [2 favorites]
It's unlikely that anyone will be looking for "Brian is the worst"-type traffic; it's possible that it might get noticed while something else is being looked for - if the person you sent that message to is accused of, I dunno, running an insider trading ring with Brian, and all their chats mentioning Brian are searched, then your comment will probably come up.
posted by doop at 2:54 PM on August 22, 2016 [2 favorites]
I used to work at a place using a non-Slack group chat and at one point someone told me that the higher-ups were regularly reading all the activity including private conversations because they were worried about morale and looking for people who might be leaving. They could do this easily as super-admins for the chat service.
posted by bleep at 2:55 PM on August 22, 2016 [1 favorite]
posted by bleep at 2:55 PM on August 22, 2016 [1 favorite]
Both Slack and Gmail encrypt their data in transit, so it would be harder than just looking at network traffic. Other sites, like MetaFilter, do not.
MetaFilter will too! But it's opt-in. Preferences -> Use Secure Browsing. FAQ entry
posted by rouftop at 3:26 PM on August 22, 2016 [2 favorites]
MetaFilter will too! But it's opt-in. Preferences -> Use Secure Browsing. FAQ entry
posted by rouftop at 3:26 PM on August 22, 2016 [2 favorites]
The critical piece is - as suggested above - that the IT department can install a certificate on your machine that allows an intermediate device to de-crypt all data, look into it, and then encrypt it again. Firewalls, such as the Dell Sonicwall series, allow Deep Packet Inspection, DPI.
How else could the firewall inspect incoming email for malicious attachments?
You can check in your Certificate Manager - Win-Key + R and type certlm.msc
Under Intermediate Certification I can find a certificate for my sonic wall.
But I wouldn't trust the lack of a certificate either. (I am sure there is a MAC equivalent . . . )
posted by nostrada at 3:40 PM on August 22, 2016 [4 favorites]
How else could the firewall inspect incoming email for malicious attachments?
You can check in your Certificate Manager - Win-Key + R and type certlm.msc
Under Intermediate Certification I can find a certificate for my sonic wall.
But I wouldn't trust the lack of a certificate either. (I am sure there is a MAC equivalent . . . )
posted by nostrada at 3:40 PM on August 22, 2016 [4 favorites]
If somebody else is an admin on your machine, they can do anything.
posted by LoveHam at 5:57 PM on August 22, 2016 [2 favorites]
posted by LoveHam at 5:57 PM on August 22, 2016 [2 favorites]
Regardless of keystroke logging or custom certs - message exports (including private channels and direct messages) is a feature of Slack if your organization pays for it and is approved. Users would know if this was happening, however. See https://get.slack.help/hc/en-us/articles/204897248
posted by mustardayonnaise at 8:50 PM on August 22, 2016
posted by mustardayonnaise at 8:50 PM on August 22, 2016
With the corporate slack license, data retention policies are totally a thing that can and should be configured by your corporate IT department. Assume if you have a slack corporate account your chats are capable of being stored and read.
I am a network security engineer by trade and I was part of the team that performed the security assessment of the corporate/enterprise version of slack for the company I work for. If it's the free version then I'm not sure how readable they are.
posted by Annika Cicada at 10:16 PM on August 22, 2016
I am a network security engineer by trade and I was part of the team that performed the security assessment of the corporate/enterprise version of slack for the company I work for. If it's the free version then I'm not sure how readable they are.
posted by Annika Cicada at 10:16 PM on August 22, 2016
This thread is closed to new comments.
Things like streaming are a bit different as it can affect the bandwidth of the company and slow down corporate activities. Bigger companies have 'packet shaping' devices that automatically throttle or block streaming sites.
posted by CoffeeHikeNapWine at 2:11 PM on August 22, 2016 [3 favorites]