Can I get away with IMing at work if I stick to Gtalk?
November 28, 2006 8:08 PM   Subscribe

Chat-at-Work-Filter: In my line of consulting I end up working at a number of client sites where the client's IT department has succeeded in convincing management that Instant Messaging is the devil...

I work a LOT and therefore being able to trade a few lines of text with my girlfriend or a coworker / friend on the other side of the planet is sometimes a welcome reprieve, however I also don't want to get my employer in hot water, much less lose my job.

My question is this: how does Gtalk (not the actual stand-alone application but the embedded version, in Gmail) work? Will IT gurus at the client(s) be able to see that I am chatting, or is it different from your normal IM clients (aim, msn messenger, et. al.)?

I've had speculations from friends/co-workers either way, ranging from:

...my guess with gchat is that IT can see packets of data going back and forth from my IP to gmail.com, but since gchat is run on Java, it's not possible to monitor the actual messaging that goes on...

to:

I know that they use the Jabber protocol which would be easily identifiable in a network trace.

Does anyone know how the magic actually happens? Am I safe? Should I avoid it? Any input is appreciated.

cantheyseemechatting at gmail (where else?)
posted by anonymous to Technology (25 answers total) 1 user marked this as a favorite
 
can't directly answer your question, but my friends and I email back and forth on gmail... the way the inbox is set up means it's essentially like chat anyway, but you can get more info in, it's less suspicious (I imagine) and the self-refresh thing means you see incoming messages really easily if you keep an active tab.
posted by Phire at 8:18 PM on November 28, 2006


As a temp, I've definitely worked in offices where gmail was accessible but the chat features were blocked. I don't know how it worked, but it worked. And it stands to reason that if they can block it selectively, they can recognize it.
posted by nebulawindphone at 8:25 PM on November 28, 2006


Short answer: you're probably safe.

Longer answer: Whether or not the IT department knows what you're doing will, naturally, depend on how competent/paranoid the IT department is. The embedded GTalk client uses "asynchronous" HTTP requests to communicate with the server. The Jabber protocol isn't used at all in the embedded client; the traffic it produces looks (superficially, at least) like normal web traffic. If they're specifically looking for the kind of traffic it produces, it's easily detectable, but I'd consider that pretty unlikely. Depending on their level of expertise, they're probably either using commercial firewall software to block the major IM clients, or else blocking the relevant ports (i.e. 5190 for AIM) manually.

That said, another option for getting past simplistic firewalls is Meebo (a web-based IM client that supports the AIM, Yahoo and ICQ networks). It works similarly to the GTalk client, but its traffic will be more detectable, simply because of the recognizable domain name. Another level up in sophistication is to use an anonymizing proxy server (easily configurable via the connection settings in Firefox) when accessing these web based clients.
posted by gsteff at 8:43 PM on November 28, 2006 [1 favorite]


The person who said the thing about Java has no idea what they are talking about. Don't listen to them. The messages are plainly visible.

The in-browser chat client connects to a few places, one after the other, depending on whether they work or not. I blocked the chat on my personal machine, and it took some time. My HOSTS file looks like this:

#127.0.0.1 talk.google.com
#127.0.0.1 talkx.l.google.com
#127.0.0.1 chatenabled.mail.google.com

The usual askme consensus is that you should avoid chatting because it's easily detectable and because it's a risk. You may work a lot now but that little message may cause you to have no work at all.

I heartily recommend the email chat method. With Gmail internal messages are wicked-fast, and it is chat-like enough to satisfy the chatty urge without getting you in any kind of trouble.
posted by fake at 8:46 PM on November 28, 2006


I am in IT, just two words - be careful. There are packet filters on a lot of corporate networks and they monitor email and IM traffic. I just heard a story about a workplace goofball who jokingly "threatened" to "kill" a co-worker and security came along and hussled him out the door.
posted by Deep Dish at 8:47 PM on November 28, 2006


Cool, I retract my guess that you're probably safe. Also, be aware, that many settings, IT staff have the ability to view what's actually on your screen, making virtually all attempts at obfuscation moot.
posted by gsteff at 8:52 PM on November 28, 2006


Access gmail with the following URL and everything will be encrypted by SSL.

https://mail.google.com
posted by dcjd at 8:54 PM on November 28, 2006


Using dcjd's url will prevent IT staff from monitoring the content of your chatting, but will do nothing to prevent them from detecting that you are chatting.
posted by gsteff at 8:56 PM on November 28, 2006


Oh, also, what about SMS or SMS-chat? That's completely outside their network and they can't control it.
posted by fake at 8:58 PM on November 28, 2006


As mentioned above, its easily detectable, and its almost certainly being logged. Its not uncommon to allow restricted traffic (of whatever type) to pass through and not actually be blocked, even if its limited by HR policy, since in the long run you cant solve a personel problem via technology. But its all getting logged, and it certainly can be used as a strike against you if someone wanted to.

The majority of IT departments arent blocking or restricting access to something just to be a pain. There's generally a reason for it. In the case of IM, there are a variety of security risks with the common IM clients, but the real problem is it's so casual that people IM work-inappropriate comments, which can lead to lawsuits and firings (even more so than with email, which is bad enough with the work-inappropriate messages)
posted by Spurious Packets at 9:01 PM on November 28, 2006


The person who said the thing about Java has no idea what they are talking about. Don't listen to them. The messages are plainly visible.

It's true that the person quoted doesn't know what they're talking about, but it is possible to hide the content of the chat (though not, perhaps, the fact that you're chatting) by going to https://gmail.com instead of http://gmail.com.
posted by IshmaelGraves at 9:29 PM on November 28, 2006


Google's Help system has a page about embedded Gchat:


I am a network administrator, and need to disable Gmail's chat features on my network.


Have you considered using something like Meebo? I'm not sure whether it would be detectable , but I have used it in the past when the AIM ports were blocked.
posted by mikeyk at 9:46 PM on November 28, 2006


but it is possible to hide the content of the chat (though not, perhaps, the fact that you're chatting) by going to https://gmail.com instead of http://gmail.com.

This isnt 100% reliable method for hiding your content if all the internet traffic goes through a proxy server that also logs. Not an overly common setup but its hard to tell.
posted by Spurious Packets at 10:02 PM on November 28, 2006


Your best bet is to setup or get access to a shell account on a remote linux server, SSH into it and NAIM to chat.

SSH will encrypt your traffic (although Im not a security expert but thats what I understand) and NAIM will allow you to use messaging via the command line. Its a pretty decent workaround. I use it all the time and most companies dont block outbound SSH that Ive seen.
posted by skrike at 10:17 PM on November 28, 2006 [1 favorite]


<off-topic>
This isnt 100% reliable method for hiding your content if all the internet traffic goes through a proxy server that also logs. Not an overly common setup but its hard to tell.

Just curious, I don't claim expertise in this area, but wouldn't you be able to see that the certificate didn't originate from Google in this case?
</off-topic>

posted by IshmaelGraves at 10:55 PM on November 28, 2006



Oh, also, what about SMS or SMS-chat? That's completely outside their network and they can't control it.
posted by fake at 11:58 PM EST on November 28
[+]
[!]


SMS can be expensive, depending on what plan you have... plus it's rather evident that you're not working, which is bad - especially in cubicle offices.
posted by Phire at 12:17 AM on November 29, 2006


Considering the levels of supervision some IT departments have, including keyloggers and worse, I'd suggest not trying to get around IM blocking at all. If you have a legitimate professional reason to use one of these programs, document how it's saving you time (as opposed to extra hours of consultation fees), and you're good to go. If not, you're pretty much out of luck if you want your posterior covered totally.

If you can come up with any reason that IM will assist your performance, that's your best bet by far. After all, when they give you their blessing, who needs a workaround?
posted by Saydur at 12:35 AM on November 29, 2006 [2 favorites]


Avoid use of the customer LAN whenever possible.

Many consultants have actually moved entirely to EVDO. They have their laptop for corporate stuff, and the customer PC for customer touching stuff. USB is used to bridge the two.

If EVDO is not an option, use a VPN. Drop to something like HotSpotVPN if need be, though it's generally much better to go to an address that reverse DNS's back to you.

Failing that, use Meebo.
posted by effugas at 12:40 AM on November 29, 2006


Spurious Packets: "[HTTPS] isnt 100% reliable method for hiding your content if all the internet traffic goes through a proxy server that also logs. Not an overly common setup but its hard to tell."

IshmaelGraves: "Just curious, I don't claim expertise in this area, but wouldn't you be able to see that the certificate didn't originate from Google in this case?"

SP is wrong. I have never (ever) seen an https proxy that decrypts the payload and inspects it before passing it to the server. All the server (and thus IT) can see or log is the fact that your client is sending a hell of a lot of traffic to google.com over https. Anyhow, a company that has the means and desire to log the data in every single http or https request is not a company you should want to work for. At that point they've started concentrating on oppressing their employees more than satisfying their customers.
posted by Plutor at 5:10 AM on November 29, 2006


If they allow ssh traffic, you might want to look into tunneling your traffic. It'd be a dead giveaway if someone noticed the large amount of traffic, although you could always claim you are connected to a system at your home company and transferring files over sftp as all ssh traffic looks similar.
posted by mikeh at 6:55 AM on November 29, 2006


As a general rule anything you do on the lan is detectable. The nonsense about Java is amusing but not true. At a certain point everything is just packets.

The real question here is are you using their computer or your own computer. There's a real technological and social difference between 'we got a guy here using our equipment' and 'we got a consultant here using our internet connection.' The latter is probably not as monitored, or monitered at all. The former could easily have "asset tracking" software which will tells the admins what software is installed on there, whats running, when its running, and even stuff like keylogging and random screenshots.

If this is your own machine I would think an ssh solution would be okay at most places. Or a remote desktop/vnc solution to your home computer. Anything thats encrypted.
posted by damn dirty ape at 7:15 AM on November 29, 2006


I agree with the recommendations for ssh. Just make VERY sure that you're not creating a security hole into your client's network by tunneling out of it. Log all your own traffic, etc.
posted by wzcx at 9:39 AM on November 29, 2006


SMS can be expensive, depending on what plan you have... plus it's rather evident that you're not working, which is bad - especially in cubicle offices.

The SMS idea is worth reconsideration. The above two objections can be met:

1) Most carriers offer an unlimited SMS plan
2) There are software tools, like Bluephone elite which I use, which allow you to send/receive SMS on your computer.
posted by vacapinta at 12:27 PM on November 29, 2006


If you're unsure of the level of logging and how strict they are about the chatting policy, then simply don't do it. Why not just send emails back and forth or text each other on your phones? That would take, what, like 5 or 10 seconds longer? It never ceases to amaze me how much time and effort people spend trying to do things that could get them fired.

As for what could be tracked, the one thing I've learned working in IT is that almost anything is possible. Maybe unlikely, but possible if enough money and skill are thrown at the problem. Traditional IM can be very easily captured, but you're probably fairly safe with web chat if they didn't block the page (i.e. messaging.myspace.com). Not because they can't catch you, but because they probably don't care that much if they didn't block the page.

Everybody can state their opinions about whether it's oppressive or not, but one thing is clear: you're knowingly circumventing the network policy. That's a fact that can't be disputed. While something like SSH might work, you would have absolutely no defense if you were caught. At least if you were using something like GMail Chat or Meebo you could claim ignorance and say you didn't know any better. The more elaborate your scheme, the more trouble you'll be in if you're detected.

And for the record, I don't block any chat on my network and quite a few staffers abuse the hell out of that privilege (and getting paid to IM is a privilege, not a right). We have a lot of young employees and most of their friends are logged in during the workday so of course they're going to have messages popping up all day. I choose not to block it because I wouldn't want to be blocked myself (although I don't personally use IM), however, I have no issue with companies that choose to block it.
posted by bda1972 at 10:25 PM on November 29, 2006 [1 favorite]


Can I tag a question on to this one? I have a company supplied laptop that has 2 'sides' to it. When turning on, my local side comes up that I can get on the net, etc. I then use a desktop icon to log onto our server (work side). That brings up my business software, email etc. I can then alt-tab between sides to surf the net or whatnot. If I'm Iming on the local side, are my IM's readable and/or traceable? It is connected through my company internet connection at all times. One of the girls at work keeps trying to IM me slightly inappropriate messages (talking about other employees, etc) and I'm concerned about the repercussions. Thanks!
posted by goodeetwoshews at 2:43 PM on January 26, 2007


« Older Crazy fuzzy slippers needed for crazy, fuzzy guy   |   Movies At Christmas, but Not About Christmas? Newer »
This thread is closed to new comments.