Web content filtering at work + paranoia!
September 5, 2014 9:56 AM Subscribe
Trying to understand what IT is doing with my workstation right now. Near-constant prompts to log in to Outlook (I am already logged in) and suddenly, for the first time, most websites (but oddly, not social media) are being blocked with EdgeWave iPrism. What's going on, and should I worry? Details inside.
At my (white-ish collar professional) job, I am both very productive and a very heavy browser of various social media, news, pop culture, etc sites. I think of it as giving my brain a break between tasks, and I keep my web browser minimized when coworkers are around. I see other coworkers posting to Facebook during work hours, so I assume we all do it to some extent, but nobody talks about it--so I can't ask any of my coworkers if they're being similarly blocked or if (shudder) it's only me.
The greater corporation we work for is fairly small, a few thousand people. I generally figure IT has enough to do instead of monitoring my web browsing activity. But I have a paranoid feeling that someone's been paying attention every time I hit refresh on twitter, every time I comment on MeFi, etc. I keep all my unsavory web use, medical gross-out stuff, and other private matters on my personal devices. So I'm not doing anything really egregiously wrong, but I'm now thinking back to every time I've complained about work on Gchat, every time a NSFW image scrolls up on tumblr, and imagining an IT guy sadly shaking his head at me and hitting "install" on the iPrism software.
What I do know about our IT policies, though, are that they can/do monitor our screens--but that information cycles into the trash unless a supervisor requests a report. I get along well with my supervisors, meet my deadlines, and as far as I know there hasn't been a sense that I'm slacking or that my brain-break web browsing is an issue. But now I'm recalling a phone call my boss made yesterday with his door closed, which is rare, and oh man I'm feeling paranoid.
What is likely going on here? And should I take this as a wake-up call--do other professionals do this kind of web browsing at work, or am I rationalizing?
At my (white-ish collar professional) job, I am both very productive and a very heavy browser of various social media, news, pop culture, etc sites. I think of it as giving my brain a break between tasks, and I keep my web browser minimized when coworkers are around. I see other coworkers posting to Facebook during work hours, so I assume we all do it to some extent, but nobody talks about it--so I can't ask any of my coworkers if they're being similarly blocked or if (shudder) it's only me.
The greater corporation we work for is fairly small, a few thousand people. I generally figure IT has enough to do instead of monitoring my web browsing activity. But I have a paranoid feeling that someone's been paying attention every time I hit refresh on twitter, every time I comment on MeFi, etc. I keep all my unsavory web use, medical gross-out stuff, and other private matters on my personal devices. So I'm not doing anything really egregiously wrong, but I'm now thinking back to every time I've complained about work on Gchat, every time a NSFW image scrolls up on tumblr, and imagining an IT guy sadly shaking his head at me and hitting "install" on the iPrism software.
What I do know about our IT policies, though, are that they can/do monitor our screens--but that information cycles into the trash unless a supervisor requests a report. I get along well with my supervisors, meet my deadlines, and as far as I know there hasn't been a sense that I'm slacking or that my brain-break web browsing is an issue. But now I'm recalling a phone call my boss made yesterday with his door closed, which is rare, and oh man I'm feeling paranoid.
What is likely going on here? And should I take this as a wake-up call--do other professionals do this kind of web browsing at work, or am I rationalizing?
What is likely going on here? And should I take this as a wake-up call--do other professionals do this kind of web browsing at work, or am I rationalizing?
I work as an IT dude. IME most other professionals surf a bit at work, and largely, nobody cares so long as it is low key, not offensive, and they get their job done. I have worked at places that were more stringent and asked me to implement whitelist software to certain websites or types of websites.
But, look, what other people do at other places isn't your problem. Theoretically, any personal use of a business supplied computer or connection is NOT PRIVATE and should not be considered private. You should exercise due caution and act as though they are snooping in on or can otherwise determine everything you do on the internet from work.
That being said, most problem users will know they are considered problem users before more serious action takes place. If they haven't had that chat with you, then odds are pretty good you aren't in any trouble. I'd chalk it up to just being paranoid and relax.
The outlook thing is weird and probably not related. Maybe. It could be malware causing connection resets or somesuch. Or it could be any number of other issues. I don't think it is significant of any snooping on the part of your employer - they run the servers, they don't need your client.
posted by Pogo_Fuzzybutt at 10:06 AM on September 5, 2014 [4 favorites]
I work as an IT dude. IME most other professionals surf a bit at work, and largely, nobody cares so long as it is low key, not offensive, and they get their job done. I have worked at places that were more stringent and asked me to implement whitelist software to certain websites or types of websites.
But, look, what other people do at other places isn't your problem. Theoretically, any personal use of a business supplied computer or connection is NOT PRIVATE and should not be considered private. You should exercise due caution and act as though they are snooping in on or can otherwise determine everything you do on the internet from work.
That being said, most problem users will know they are considered problem users before more serious action takes place. If they haven't had that chat with you, then odds are pretty good you aren't in any trouble. I'd chalk it up to just being paranoid and relax.
The outlook thing is weird and probably not related. Maybe. It could be malware causing connection resets or somesuch. Or it could be any number of other issues. I don't think it is significant of any snooping on the part of your employer - they run the servers, they don't need your client.
posted by Pogo_Fuzzybutt at 10:06 AM on September 5, 2014 [4 favorites]
Outlook is horrible.
I have to log in every ten minutes or so if I haven't actually been using it. So I don't think that is related. Can you view your Outlook mail as webmail and avoid that issue?
posted by vickyverky at 10:15 AM on September 5, 2014
I have to log in every ten minutes or so if I haven't actually been using it. So I don't think that is related. Can you view your Outlook mail as webmail and avoid that issue?
posted by vickyverky at 10:15 AM on September 5, 2014
At the risk of being paranoid, are the people you're talking to just voices on the phone claiming to be IT, or are they people you have met in person and you know are with the company? Social engineering by outsiders can be pretty ballsy sometimes.
If your company and department are being run effectively (and it's your call as to whether that's the case), then an IT interaction should not be your first awareness that there's some disapproval about your internet usage.
As for outlook, time the password prompts. I bet it's taking exactly the same amount between prompts, which is the frequency at which Outlook is set to check for mail. Whatever's blocking your websites may also be blocking outlook on its first try every time.
posted by Sunburnt at 10:15 AM on September 5, 2014 [2 favorites]
If your company and department are being run effectively (and it's your call as to whether that's the case), then an IT interaction should not be your first awareness that there's some disapproval about your internet usage.
As for outlook, time the password prompts. I bet it's taking exactly the same amount between prompts, which is the frequency at which Outlook is set to check for mail. Whatever's blocking your websites may also be blocking outlook on its first try every time.
posted by Sunburnt at 10:15 AM on September 5, 2014 [2 favorites]
Here's an idea: Ask.
If your employer has a problem with incidental personal use then doing it is probably a bd idea. If they don't, then stop being paranoid.
The IT policies shouldn't be a secret, nor should how they are enforced be a secret.
Most IT people will give you the official policy and the unofficial policy. My last company had a prohibition against gambling sites, porn sites, etc., but reality was unless someone saw tits or dick pics on your screen no one in IT cared. We didn't monitor without a complaint.
Your IT department should also be articulating any changes to their users. If they are implementing new technologies doing so in secret is probably not a good idea. I could write an essay on why this is so, but no one wants to read that.
EmpressCallipygos's advice is fine, but a day isn't going to give you a clean history on anything. If they care and you're being bad the damage is done. A day isn't going to matter, so if you want to know, then ask.
The Outlook thing is probably a completely different issue, but just cache your credentials already and stop needing to reenter them.
posted by cjorgensen at 10:26 AM on September 5, 2014 [4 favorites]
If your employer has a problem with incidental personal use then doing it is probably a bd idea. If they don't, then stop being paranoid.
The IT policies shouldn't be a secret, nor should how they are enforced be a secret.
Most IT people will give you the official policy and the unofficial policy. My last company had a prohibition against gambling sites, porn sites, etc., but reality was unless someone saw tits or dick pics on your screen no one in IT cared. We didn't monitor without a complaint.
Your IT department should also be articulating any changes to their users. If they are implementing new technologies doing so in secret is probably not a good idea. I could write an essay on why this is so, but no one wants to read that.
EmpressCallipygos's advice is fine, but a day isn't going to give you a clean history on anything. If they care and you're being bad the damage is done. A day isn't going to matter, so if you want to know, then ask.
The Outlook thing is probably a completely different issue, but just cache your credentials already and stop needing to reenter them.
posted by cjorgensen at 10:26 AM on September 5, 2014 [4 favorites]
You can legitimately complain about Outlook and see what you find out. It should not be doing that.
A common scenario is that IT installs a new firewall, which is a normal thing to do, but it's come set with all these dumb defaults and since they didn't actually test it before rolling it out now they're going to have to scramble to chill the settings down.
Another common scenario is that someone high up who knows jack about technology got a bug up his butt and made IT install filters, and they'll need to document the shitstorm of complaints in order to chill the settings down so people can work. So you'll be helping them out by reporting your email trouble, and if you can cite a benign website you can't get to do that as well.
It's not impossible that they are actually looking for internet time-wasters, but that is not the simplest explanation.
posted by Lyn Never at 10:27 AM on September 5, 2014 [2 favorites]
A common scenario is that IT installs a new firewall, which is a normal thing to do, but it's come set with all these dumb defaults and since they didn't actually test it before rolling it out now they're going to have to scramble to chill the settings down.
Another common scenario is that someone high up who knows jack about technology got a bug up his butt and made IT install filters, and they'll need to document the shitstorm of complaints in order to chill the settings down so people can work. So you'll be helping them out by reporting your email trouble, and if you can cite a benign website you can't get to do that as well.
It's not impossible that they are actually looking for internet time-wasters, but that is not the simplest explanation.
posted by Lyn Never at 10:27 AM on September 5, 2014 [2 favorites]
I monitor employee web traffic, though from a security perspective instead of HR/policy. Generally, if a user is being investigated, they wouldn't show their hand by suddenly blocking traffic to a bunch of sites. The logs are already saved and if they care about your traffic those logs are saved for a long time.
Is there a blocked site that you have a legit business purpose for that you can call your help desk about? I also truly doubt that the Outlook issue has any relation whatsoever.
posted by hey you over in the corner at 10:30 AM on September 5, 2014 [1 favorite]
Is there a blocked site that you have a legit business purpose for that you can call your help desk about? I also truly doubt that the Outlook issue has any relation whatsoever.
posted by hey you over in the corner at 10:30 AM on September 5, 2014 [1 favorite]
Outlook periodically goes nuts like this for me (and a lot of people I work with). I think it's just buggy. It's one of those problems that can often be fixed with the old "Have you tried turning it off then turning it on again?".
IT policy should be in your employee handbook (which might just be a pdf on a server somewhere). You might be relieved if you find that it makes allowance for reasonable personal use that doesn't interfere with work.
You can also find a website that is relevant to your work that is blocked with iprism, then when you ask an IT guy (face to face) about iprism, you've got a legit reason if you need to reach for one, but you shouldn't need one - if they're not busy they're probably happy to talk about how things are done.
posted by anonymisc at 10:48 AM on September 5, 2014
IT policy should be in your employee handbook (which might just be a pdf on a server somewhere). You might be relieved if you find that it makes allowance for reasonable personal use that doesn't interfere with work.
You can also find a website that is relevant to your work that is blocked with iprism, then when you ask an IT guy (face to face) about iprism, you've got a legit reason if you need to reach for one, but you shouldn't need one - if they're not busy they're probably happy to talk about how things are done.
posted by anonymisc at 10:48 AM on September 5, 2014
I would just ask the IT guys what's going on. I mean, I'd also mention it to a co-worker I'm friendly with/share office gossip with and see if they are having any of the same issues -- but you don't sound willing to do that. IT, on the other hand, probably gets these questions a lot. You don't have to say "Are you spying on me?" but you can mention the stuff that may impact your job, like the Outlook thing and if they are blocking websites you use for work.
I personally stick to Twitter on my cell phone. Any other personal google searches go through my phone. When I'm reading news/articles, I use my work computer. Facebook is locked so even though they may be able to read your screen, they can't go back and read all your stuff so I'd do that on a work computer too. I'd personally be careful about logging into accounts that are public where they can go back and see everything you've said.
Everyone dicks around at work. You're fine. When I walk past my co-workers and catch a glimpse at their screens, most of them are on Facebook or on their personal email gchatting their friends. I got very paranoid about my office installing software that can spy (but is mostly for troubleshooting) and I just uninstalled it. If they asked I was going to say I kept getting errors, but no one has seemed to notice. Haha.
posted by AppleTurnover at 11:09 AM on September 5, 2014
I personally stick to Twitter on my cell phone. Any other personal google searches go through my phone. When I'm reading news/articles, I use my work computer. Facebook is locked so even though they may be able to read your screen, they can't go back and read all your stuff so I'd do that on a work computer too. I'd personally be careful about logging into accounts that are public where they can go back and see everything you've said.
Everyone dicks around at work. You're fine. When I walk past my co-workers and catch a glimpse at their screens, most of them are on Facebook or on their personal email gchatting their friends. I got very paranoid about my office installing software that can spy (but is mostly for troubleshooting) and I just uninstalled it. If they asked I was going to say I kept getting errors, but no one has seemed to notice. Haha.
posted by AppleTurnover at 11:09 AM on September 5, 2014
Speaking from an IT standpoint here. For the firewall, don't complain to IT about an issue unless you need to access the website(s) for work purposes. Seriously, it's not worth it. You can ask a desktop support person, but depending on your company's structure, each website may need to be approved by your supervisor and get an OK from the IT Director.
For the outlook issue, restart your computer. This includes a full shutdown, light turns off, and then the power is turned back on. Bonus: if your IT people are hard to get a hold of, make sure your network cable (usually blue) is connected well to the back of your computer and the jack at your desk.
If it continues, please note for a couple of hours or for a day just how often you are prompted to enter your username and password. It may not be every time it retrieves data, it could be if you close and open outlook, if you lock your workstation or it locks if you walk away, if you log off, etc.
Also take note if you have problems with network printers or access to any shared network drives.
As for uninstalling software on your work computer; My job uses software that monitors network usage, installed software, virus notifications, and other stuff. I would be visiting any employee pretty quickly if it wasn't working on their workstation.
posted by comicgirl001 at 12:02 PM on September 5, 2014
For the outlook issue, restart your computer. This includes a full shutdown, light turns off, and then the power is turned back on. Bonus: if your IT people are hard to get a hold of, make sure your network cable (usually blue) is connected well to the back of your computer and the jack at your desk.
If it continues, please note for a couple of hours or for a day just how often you are prompted to enter your username and password. It may not be every time it retrieves data, it could be if you close and open outlook, if you lock your workstation or it locks if you walk away, if you log off, etc.
Also take note if you have problems with network printers or access to any shared network drives.
As for uninstalling software on your work computer; My job uses software that monitors network usage, installed software, virus notifications, and other stuff. I would be visiting any employee pretty quickly if it wasn't working on their workstation.
posted by comicgirl001 at 12:02 PM on September 5, 2014
Response by poster: I restarted, was locked out, and called IT. Apparently, things went askew at the same time my password expired and I reset it this morning. So the Outlook problem has been resolved, and my best guess for the selective content filtering is...related to my grade within the company? I'd need to re-login to get access to the sites I wanted, and without logging in again I'm limited to only a few approved sites. Which: that is weird, but I get it, because it may be what keeps some employees in our retail outlets (for example) from browsing as much as they want to. I think?
posted by magdalemon at 12:41 PM on September 5, 2014
posted by magdalemon at 12:41 PM on September 5, 2014
At every place I've worked at, nobody cares what you're doing on the web if you're doing your job, and if they did care, they would be very upfront about caring and warn you in advance.
posted by empath at 2:27 PM on September 5, 2014
posted by empath at 2:27 PM on September 5, 2014
The retail thing makes sense. A lot of computers used by multiple humans (point-of-sale systems in retail/dining, employee break rooms, warehouses, conference rooms, etc.), for a single purpose, and/or in clear view of customers do get locked down substantially more than PCs intended to be the primary workstation for a single human in an office.
posted by nobejen at 4:56 PM on September 5, 2014
posted by nobejen at 4:56 PM on September 5, 2014
This thread is closed to new comments.
posted by EmpressCallipygos at 10:02 AM on September 5, 2014