Join 3,415 readers in helping fund MetaFilter (Hide)


How can I tell if my internet browsing at work is being monitored?
December 19, 2003 6:22 AM   Subscribe

I've always thought of myself as somewhat computer savvy, but apaprently I'm not, considering how clueless I am with the following question. Somewhat on the same vein as this previous thread, short of raising any suspicions by directly asking our IT guys, how can i tell if my internet browsing on my work computer is being monitored? And if it is, are there any steps I can take to counter the software, so that I may continue to waste away unproductively, with confidence?

I am on a Windows XP Pro machine, without Admin access (I can't install anything or overwrite important files.). Here is screen grab of my task manager. From what I've looked up, VPTray.exe, Rtvscan.exe, and Defwatch.exe are all Norton Antivirus-related. IE 6 is the only browser installed on all of the machines, I think, though I may soon be using Firebird and Opera if I can get it approved when I start working on our site redesign. The company I work for is mid-sized with about 300 employees at our branch. We have 2 guys who work full time in our IT/support department.

Thanks in advance, for any advice or information.
posted by lotsofno to Computers & Internet (12 answers total) 1 user marked this as a favorite
 
It depends. If they have a router/server-based package, or a proxy, then it's impossible for you to tell (as far as I know) if you are being watched because there won't be anything on your computer to tip you off.

What you might want to do is find out if your company has an acceptable use policy. Courts have ruled that employers can monitor to their heart's content, but they have to inform you that they are doing so.
posted by adampsyche at 6:26 AM on December 19, 2003


They don't need something on your computer. In fact there isn't much they'd gain by having something on your computer. What they'll be looking for is packets going over the network making requests to ebay, porn sites, non-business email, IM, etc. In which case it's debatable (IANAL) whether they're monitoring you or if they're just monitoring the network.

And if the network is being bogged down by MetaFilter requests, and those requests happen to have your IP address.........

Bottom line, without anything on your computer, and without you knowing about it, they can easily read your emails, log your web visits, and watch your file downloads. And since many computer hacks now involve tunneling through http it makes a great deal of sense for sys admins to closely watch network http traffic.

In other words, they know exactly what you're doing.

You can encrypt email, and browse only ssl pages, but that's pretty suspicious. And even then they'd be able to see the addresses.
posted by y6y6y6 at 7:01 AM on December 19, 2003


Well, the likely scenario is some combination of the following:

- If you work at a company that employs at least one full-time sysadmin, then you're pretty much guaranteed to be running a piece of hardware that logs all outgoing requests.

- If you *can* get to a NSFW site, you're probably not being "actively" monitored.

Basically, this means that if you can get anywhere there probably aren't red flags going off as you do so. BUT, if you ever get busted, and someone decides to push the issue, odds are that they'll be able to pull up everything you've looked at in the past X months (depending on how long they keep log files).

Aside from NSFW stuff, your IT department probably doesn't care what you're doing (they've got much better things to do), so your employer won't know how much time you spend on MeFi unless he/she sees you doing it.

The best, and probably only, thing you can do is to keep your browser history purged.
posted by mkultra at 7:03 AM on December 19, 2003


If you're friendly with your IT staff, why don't you casually ask? Bring it up as a side-note in a conversation, something like, "Speaking of this-and-that, do we monitor Iternet traffic?"

Anyway, if you officially ask, they have to tell you. Otherwise, I would say just assume that they do some level of monitoring just to establish a legal safety net for themselves in anticipation of all those what-if situations.

In larger places, I would say they definely would. I go to a school of 4,000+, and I know for a fact that IT keeps a database of every URL that every student has ever visited.
posted by tomorama at 7:07 AM on December 19, 2003


One more thing (I work in IT, so I can prattle on about this...)- if your IT is monitoring traffic, they're most likely doing it as a CYA move to clear their liability if you're doing anything illegal (looking at kiddie porn, downloading warez) or wind up in a sexual harassment lawsuit because you look at so much porn while women are walking by.

"Worker productivity" issues are generally left addressed between employees and supervisors in all but very large companies.
posted by mkultra at 7:10 AM on December 19, 2003


ah, thank you all very much for your answers, however disheartening they may have been.

fortunately, my habit isn't really for NSFW sites, but more for just constantly loading up sites in betwen stuff while i work throughout the day, bringing up the total of visited web pages up to a very high number. i make sure to avoid sending personal email, visit sites like amazon and ebay, and using any IM applications, so i should be covered on that front.

i've been hesitant to purge my history because i wasn't sure if that would be something IT would notice and review. but i guess i'll start doing that, just in case.
posted by lotsofno at 7:22 AM on December 19, 2003


'i've been hesitant to purge my history....."

The fact that you're able to do this the very reason IT would never check it. Don't worry about purging your history. At least not for that reason.
posted by y6y6y6 at 8:32 AM on December 19, 2003


I worked in IT for several years, specifically as a network admin. By default, virtually all LAN systems log every network request. That unto itself doesn't mean much, since it's a lot of data. Imagine a huge text file with each line saying something like "node 192.168.10.24 requests http://porn.com/porn.jpg." There's a line for every single item on every single page anyone in the company browses. Most IT departments these days are understaffed on the one hand, and don't really give a damn on the other. Better things to do.

Unless a specific request comes down from the executives to monitor a specific node, the logs just get archived. I was asked to run a grep search for a specific user's IP traffic and I got tons of NSFW sites. We laughed about the names of some of them for weeks. My personal favorite was "grannygasm.com." Mreow.
posted by squirrel at 10:48 AM on December 19, 2003


I see that lots of folks have addressed the "are you being watched/how can they watch me?" question, but no one has mentioned what you can do about it.

There are ways that you can mask what you are doing on the internet. But all of them require a bit of know-how and some outside (the company) resources.

If you have a home computer, always or almost always connected to the internet (preferably broadband), then you can install OpenSSH [1] and use it to securely (encryption) access the internet via tunneling. There's a good guide on this at Hacking Linux Exposed (part 1, part 2). This works for web browsing (http), email (pop/smtp), usenet (nntp), file transfers (ftp), and pretty much any other protocol based on TCP/IP.

Once you get something like this set up, your company/corporate firewall/proxy/tracking devices will only see an ecnrypted stream of traffic from you to your home computer. In essence, your browser would be sending the request to your home computer over the encrypted tunnel, then your machine would forward that request to the web server you're trying to access, its response would go to your home computer, then back up the encrypted tunnel to your work computer.

Hope this helps!

[1] If you're running Windows, then you'll also need Cygwin to be able to run openssh. If you have a flavor of linux, bsd, osx, or others, then you're set!
posted by Lafe at 12:30 PM on December 19, 2003


It won't work for pictures, but if you put this link in your toolbar, it'll route whatever page you're trying to access through Babelfish, "translating" from English to English, which most web monitor software will ignore:

javascript:document.location='http://translate.google.com/translate?u='+document.location+'&langpair=en%7Cen&hl=en&ie=UTF-8&oe=utf-8&prev=%2Flanguage_tools'
posted by mkultra at 12:39 PM on December 19, 2003


tomorama: Anyway, if you officially ask, they have to tell you.

What gave you that idea? We tell end users that the nature, extent and technology of any network surveillance is proprietary corporate information; they can officially ask all they want, but that's the only answer they're going to get. Considering the size of the company I work for, I'd find it pretty hard to believe we're operating illegally...
posted by JollyWanker at 1:58 PM on December 19, 2003


Found this a while back. Don't know if it's for real or not.
posted by stavrosthewonderchicken at 7:27 PM on December 19, 2003


« Older How do I find a lost cat? [mor...   |  I'll soon have a basement, and... Newer »
This thread is closed to new comments.