WFH - porn
July 16, 2020 3:11 PM Subscribe
I did something incredibly stupid - I watched a few minutes of porn (a major popular website) during a down time while on my company's network (a 'big corporation') (work from home) - am I screwed? ughh
Possibly, but probably unlikely. People click links. It's not like clicking a link you shouldn't click once will get you walked out the door the next day. Impossible for anyone to answer completely accurately unless they are your actual IT/Security people and know what and how things are monitored.
posted by so fucking future at 3:16 PM on July 16, 2020 [6 favorites]
posted by so fucking future at 3:16 PM on July 16, 2020 [6 favorites]
Fortune-50 Enterprise IT guy here.
If you were at home on your personal PC (that is, not a work-issued workstation) and connecting via VPN, that web traffic was probably routed through your home network and not logged by your work. As mentioned above, if it wasn't blocked it likely was not logged.
If you used your work-issued computer, the activity may be logged by a local monitoring tool regardless of whether you got porn across your work network or not. But again, if it wasn't blocked it was not likely to trip any alarms, and unlikely to come to anyone's attention unless you become the subject of a specific investigation for other reasons.
posted by BigLankyBastard at 3:23 PM on July 16, 2020 [18 favorites]
If you were at home on your personal PC (that is, not a work-issued workstation) and connecting via VPN, that web traffic was probably routed through your home network and not logged by your work. As mentioned above, if it wasn't blocked it likely was not logged.
If you used your work-issued computer, the activity may be logged by a local monitoring tool regardless of whether you got porn across your work network or not. But again, if it wasn't blocked it was not likely to trip any alarms, and unlikely to come to anyone's attention unless you become the subject of a specific investigation for other reasons.
posted by BigLankyBastard at 3:23 PM on July 16, 2020 [18 favorites]
My Fortune-50 company routes all web traffic through VPN, so that would mean that the traffic goes through the corporate network. I do agree that's uncommon though - my company is the first I've been at that does so. A quick way to tell is to go to a "reverse DNS" website and see if the resultant address changes between your corporate VPN and outside your VPN. If you are familiar with traceroutes, you can see that way as well.
That said, as two data points:
posted by saeculorum at 3:34 PM on July 16, 2020 [2 favorites]
That said, as two data points:
- It's not unheard of for someone at any "big corporation" to have deliberate reason to look at porn or be at porn websites. Porn companies work with large companies for advertising, web hosting, analytics, accounting, legal questions, security, janitorial staffing, corporate-funded benefits, events, etc. It's not as if porn companies are walled off from the rest of the world. Although this is something companies tend to pay attention to, it's not something that is necessarily automatically viewed as a disciplinable offense.
- At a previous company, an IT friend of my strongly alluded to porn access being logged, but that there was a surprisingly high threshold to trigger any action due to the amount of (intentional and unintentional) use. This surprised me, as the cubicles in that office were particularly low and it was quite easy to see the screen of all your coworkers!
posted by saeculorum at 3:34 PM on July 16, 2020 [2 favorites]
Both because of the VPN-routing issue, and because they know that everyone is working from home right now (including the IT staff), I think the chance of this being an actual problem are basically 0, unless you work for a specifically Religious company or something that has very high standards.
You are not screwed, now you can go back to worrying about all the other things :)
posted by JZig at 3:53 PM on July 16, 2020 [10 favorites]
You are not screwed, now you can go back to worrying about all the other things :)
posted by JZig at 3:53 PM on July 16, 2020 [10 favorites]
Apart from the VPN possibly handling all your web traffic depending on the configuration, it's also possible/likely that you're sending DNS requests to a company server while connected. Those are presumably logged, although they might not be monitored or ever reviewed unless someone was trying to fix a problem or trace a breach. But if you visited a particular website, there may be a record of it on a company system from when your computer looked up the domain name.
As others are saying, this might not be an actual problem.
posted by figurant at 4:02 PM on July 16, 2020
As others are saying, this might not be an actual problem.
posted by figurant at 4:02 PM on July 16, 2020
FWIW, in our HR manager training, the discussion of porn revolves around creating unsafe work environments. If you were accidentally screensharing porn during a meeting, I would say that's a pretty serious problem on those grounds. But if IT came to me with this story based on some automatic flag, I would roll my eyes and send you an email saying "be careful, don't make it a pattern" and forget about it.
posted by heresiarch at 4:14 PM on July 16, 2020 [5 favorites]
posted by heresiarch at 4:14 PM on July 16, 2020 [5 favorites]
Do you live with anyone else? If my work came to me and asked if I had looked at porn while logged into the network, I'd automatically assume my teenager did something while I was logged into the VPN. I don't see how/why they would fire me for that.
posted by tacodave at 4:35 PM on July 16, 2020 [1 favorite]
posted by tacodave at 4:35 PM on July 16, 2020 [1 favorite]
I'd automatically assume my teenager did something while I was logged into the VPN.
I'd be careful with this line of reasoning, at least anywhere I've worked, *this* would be the more concerning/fireable event, letting someone else have access to your machine.
posted by CrystalDave at 4:39 PM on July 16, 2020 [40 favorites]
I'd be careful with this line of reasoning, at least anywhere I've worked, *this* would be the more concerning/fireable event, letting someone else have access to your machine.
posted by CrystalDave at 4:39 PM on July 16, 2020 [40 favorites]
Yeah, don't blame someone else. I agree your story is "clicked link by accident" — and, if it turns out they have data on how long you were watching, "clicked link by accident and then got a call / got up and made tea / was busy in another window for a while before I noticed."
posted by nebulawindphone at 5:00 PM on July 16, 2020 [3 favorites]
posted by nebulawindphone at 5:00 PM on July 16, 2020 [3 favorites]
The smart way to configure a VPN is technique called split tunneling. When the VPN is set up that way, only the traffic destined for a secured resource (i.e. your company's internal server[s]) is sent over the tunnel. All the other traffic just takes the most direct route to the internet. Nobody here can guarantee your employer has split tunneling configured, but in today's age of endless video meetings and everybody streaming everything all the time, it is almost network suicide not to use split tunneling. When my wife first started working from home in March her employer's VPN totally fell down the first couple days, but I'd be willing to bet the IT people found out what that configuration meant and turned it on. Now she's on Zoom all the time and everything works just fine.
I wouldn't sweat it.
posted by fedward at 5:02 PM on July 16, 2020 [1 favorite]
I wouldn't sweat it.
posted by fedward at 5:02 PM on July 16, 2020 [1 favorite]
Every company is going to have different policies and approaches; where I work everything is logged, but it takes either something really bad (like child porn), repeated/ongoing issues that attract IT attention (like watching porn all day, every day), or someone complaining (the hostile work environment mentioned above) before it would be elevated into an administrative issue. And even then (child porn aside, that would get a direct referral to law enforcement), it would just get the person an embarrassing write-up and discussion about why they shouldn't keep doing that.
If I ever had to deal with this with someone I supervised, I'd totally expect for them to say "I clicked by accident." Then all we'd have to do is talk about how it is important to watch where you are clicking and agree it won't happen again on the work laptop.
posted by Dip Flash at 5:07 PM on July 16, 2020 [5 favorites]
If I ever had to deal with this with someone I supervised, I'd totally expect for them to say "I clicked by accident." Then all we'd have to do is talk about how it is important to watch where you are clicking and agree it won't happen again on the work laptop.
posted by Dip Flash at 5:07 PM on July 16, 2020 [5 favorites]
I'd be careful with this line of reasoning, at least anywhere I've worked, *this* would be the more concerning/fireable event, letting someone else have access to your machine.
Definitely this - especially if you have any kind of access to Personal Identifiable Information or other sensitive data.
The smart way to configure a VPN is technique called split tunneling. When the VPN is set up that way, only the traffic destined for a secured resource (i.e. your company's internal server[s]) is sent over the tunnel. All the other traffic just takes the most direct route to the internet.
That's not a smart way to configure it - it's a sometimes useful way. It lightens the load on the VPN servers, but it means that the enterprise's ability to inspect and defend the system are massively weakened.
(a major popular website)
If you mean something obviously naughty like PornHub, I would not go with lying and say you accidentally clicked on a link, because no place you should have been browsing on a work computer will be linking to that. Lying to me is going to irritate me a whole lot more than just fessing up, to the point I just might take the effort to prove you incorrect.
If you were on the VPN and if your traffic was going through an outgoing web proxy (if you look at the proxy settings, you'll see whether you were or not), almost all corporate proxies have some kind of categorization for obvious adult content so there's probably going to be a record of it some place and it will probably exist for at least a year.
If it's a one time thing, it is likely that no one is going to care. The biggest thing security cares about in this case is that porn sites are renown for having malware either on them directly or in their ads.
But that record is probably going to linger for a while - at my big corp, it would be 3+ years. So you've given ammunition if they want to get rid of you for some other reason, so I'd make sure to be on really good behavior in all ways going forward.
posted by Candleman at 5:19 PM on July 16, 2020
Definitely this - especially if you have any kind of access to Personal Identifiable Information or other sensitive data.
The smart way to configure a VPN is technique called split tunneling. When the VPN is set up that way, only the traffic destined for a secured resource (i.e. your company's internal server[s]) is sent over the tunnel. All the other traffic just takes the most direct route to the internet.
That's not a smart way to configure it - it's a sometimes useful way. It lightens the load on the VPN servers, but it means that the enterprise's ability to inspect and defend the system are massively weakened.
(a major popular website)
If you mean something obviously naughty like PornHub, I would not go with lying and say you accidentally clicked on a link, because no place you should have been browsing on a work computer will be linking to that. Lying to me is going to irritate me a whole lot more than just fessing up, to the point I just might take the effort to prove you incorrect.
If you were on the VPN and if your traffic was going through an outgoing web proxy (if you look at the proxy settings, you'll see whether you were or not), almost all corporate proxies have some kind of categorization for obvious adult content so there's probably going to be a record of it some place and it will probably exist for at least a year.
If it's a one time thing, it is likely that no one is going to care. The biggest thing security cares about in this case is that porn sites are renown for having malware either on them directly or in their ads.
But that record is probably going to linger for a while - at my big corp, it would be 3+ years. So you've given ammunition if they want to get rid of you for some other reason, so I'd make sure to be on really good behavior in all ways going forward.
posted by Candleman at 5:19 PM on July 16, 2020
It's impossible to know what's specifically going to happen at your company, but my experience is that IT is unlikely to know or even care about your activity, unless it's actively something that actually affects them. Which would be the case in these scenarios, none of which probably apply here:
- you're using all their network capacity in some way
- you've accidentally downloaded malware and it poses a threat to the company
- you're doing something illegal which they have to report
IT departments are usually made up of people who just want to do their jobs, and policing people's internet usage usually is not a desired part of that job. And if they wanted to do something about it, they'd have to formally start a conversation with your manager, who is more likely to defend you, and it becomes a bunch more work, so they don't bother.
Some companies just install software which automatically blocks access to sketchy sites, which isn't the case here. Others will log all network traffic, but just because something is logged doesn't mean that they have time to look at it or take any actions on it.
posted by meowzilla at 6:18 PM on July 16, 2020 [1 favorite]
- you're using all their network capacity in some way
- you've accidentally downloaded malware and it poses a threat to the company
- you're doing something illegal which they have to report
IT departments are usually made up of people who just want to do their jobs, and policing people's internet usage usually is not a desired part of that job. And if they wanted to do something about it, they'd have to formally start a conversation with your manager, who is more likely to defend you, and it becomes a bunch more work, so they don't bother.
Some companies just install software which automatically blocks access to sketchy sites, which isn't the case here. Others will log all network traffic, but just because something is logged doesn't mean that they have time to look at it or take any actions on it.
posted by meowzilla at 6:18 PM on July 16, 2020 [1 favorite]
You looked at porn, briefly, because even though you're working from home, you aren't really accustomed to working from home. You're at home, had a bit of down time, unthinkingly did some stupid browsing, stopped promptly when you realized. Even if your manager is looking for a way to get rid of you, in most companies this would be a stretch in the current environment.
posted by theora55 at 6:33 PM on July 16, 2020 [5 favorites]
posted by theora55 at 6:33 PM on July 16, 2020 [5 favorites]
While my company was smaller than yours, I used to work in an IT department and there would have been two possibilities:
1, and most likely: we wouldn’t even notice, for all the reasons meowzilla enumerated.
2: we would notice, have a laugh about it amongst ourselves, and move on. I can remember one instance where an employee was constantly using his work computer to access porn, and that did get kicked up to management. But a one time hit? I wouldn’t worry about it.
posted by nancynickerson at 7:13 PM on July 16, 2020
1, and most likely: we wouldn’t even notice, for all the reasons meowzilla enumerated.
2: we would notice, have a laugh about it amongst ourselves, and move on. I can remember one instance where an employee was constantly using his work computer to access porn, and that did get kicked up to management. But a one time hit? I wouldn’t worry about it.
posted by nancynickerson at 7:13 PM on July 16, 2020
Nthing that I think you're borrowing trouble. I wouldn't worry about it, they're unlikely to do anything about it especially if it's a one-off occurrence like this.
posted by Aleyn at 7:32 PM on July 16, 2020
posted by Aleyn at 7:32 PM on July 16, 2020
Are you actually forbidden from doing it? I don't believe I've ever been told not to, not that I would do intentionally.
Aside all the other comments: if the link was HTTPS, it's likely your company can only see the IP address of the site you visited from inspecting what went over the VPN - and IP addresses don't typically uniquely identify sites.
I can think of a few roundabout ways around this that your company is highly unlikely to be doing, but by and large an https connection is end to end encrypted and watching the traffic fly by tells you nothing.
Your machine would have conducted a name lookup, too, but looking up a DNS name is hardly an offence (It proves nothing about why it happened or what you did with the information) and if you're lucky your browser may be doing DNS over HTTPS, which is starting to roll out and encrypts that lookup and sends it to a non corporate server.
All in all, a more technical 'don't worry' vote from me. They have better things to do.
posted by How much is that froggie in the window at 7:36 PM on July 16, 2020
Aside all the other comments: if the link was HTTPS, it's likely your company can only see the IP address of the site you visited from inspecting what went over the VPN - and IP addresses don't typically uniquely identify sites.
I can think of a few roundabout ways around this that your company is highly unlikely to be doing, but by and large an https connection is end to end encrypted and watching the traffic fly by tells you nothing.
Your machine would have conducted a name lookup, too, but looking up a DNS name is hardly an offence (It proves nothing about why it happened or what you did with the information) and if you're lucky your browser may be doing DNS over HTTPS, which is starting to roll out and encrypts that lookup and sends it to a non corporate server.
All in all, a more technical 'don't worry' vote from me. They have better things to do.
posted by How much is that froggie in the window at 7:36 PM on July 16, 2020
I wouldn't worry about it, but every company's policies vary... some data points.
Presumption of responsibility falls on the company. E.g. if an employee does something wrong and causes harm, it's the company who would be the first in line of sight for not putting the proper fail-safes in place. I struggle to conceive of a scenario where the IT team know a list of popular porn sites, then instead of blocking them (trivial) they specifically code the system to scan for and flag anyone who accesses it so they can manually review and get them in trouble. That's crazy. If the company doesn't want people visiting porn sites, the system will preemptively block users from accessing them, end of story. If a new porn site pops up? The reaction will be to simply add the porn site to the list, my bad for not adding it earlier. Of course the best security practice is to run a white-list instead, so a new access to a domain will be met with a "if you need access to this site, please click here to email IT to white-list". As someone mentioned earlier, it's possible that the porn site you visited could have been white-listed for some random reason and therefore explicitly allowed by the company...
Anyway based on my very minor experience in IT if this issue fell into my lap it would be seen as our problem - either IT didn't have sufficient protections / blocks in place, and we don't want to get grilled on why our blacklist was out of date, or now we have to go create new protocols to protect the company... extra work we don't need. It's overwhelmingly likely that IT would avoid calling attention to this and certainly not get anyone in management / HR involved at all. Sure, if HR or management came to us saying "pull all logs from user X" we'd do it but there's no reason to rat a user out unless it was plainly something illegal (we had users store pirated content on their network drive...) or was impacting our performance in some way (a user pulling gigabytes of download and slowing our network...)
posted by xdvesper at 8:08 PM on July 16, 2020 [2 favorites]
Presumption of responsibility falls on the company. E.g. if an employee does something wrong and causes harm, it's the company who would be the first in line of sight for not putting the proper fail-safes in place. I struggle to conceive of a scenario where the IT team know a list of popular porn sites, then instead of blocking them (trivial) they specifically code the system to scan for and flag anyone who accesses it so they can manually review and get them in trouble. That's crazy. If the company doesn't want people visiting porn sites, the system will preemptively block users from accessing them, end of story. If a new porn site pops up? The reaction will be to simply add the porn site to the list, my bad for not adding it earlier. Of course the best security practice is to run a white-list instead, so a new access to a domain will be met with a "if you need access to this site, please click here to email IT to white-list". As someone mentioned earlier, it's possible that the porn site you visited could have been white-listed for some random reason and therefore explicitly allowed by the company...
Anyway based on my very minor experience in IT if this issue fell into my lap it would be seen as our problem - either IT didn't have sufficient protections / blocks in place, and we don't want to get grilled on why our blacklist was out of date, or now we have to go create new protocols to protect the company... extra work we don't need. It's overwhelmingly likely that IT would avoid calling attention to this and certainly not get anyone in management / HR involved at all. Sure, if HR or management came to us saying "pull all logs from user X" we'd do it but there's no reason to rat a user out unless it was plainly something illegal (we had users store pirated content on their network drive...) or was impacting our performance in some way (a user pulling gigabytes of download and slowing our network...)
posted by xdvesper at 8:08 PM on July 16, 2020 [2 favorites]
Asked my IT guy spouse about this - he echoed CrystalDave and Candleman's comment that porn sites are notorious for malware; he doubted that anyone on the IT side would be concerned about the actual porn, but definitely concerned about the integrity of your network's security. He suggested calling your IT help desk to ask about checking your computer for anything nasty it might have picked up from the site.
Many years ago I worked in HR at a large consulting firm and someone did get fired for viewing porn, but it was for multiple, um, viewings for a longish period of time, and also while at a client site. Can't say for certain about your company's policies, but hopefully you'll be fine? Good luck.
posted by sencha at 8:12 PM on July 16, 2020
Many years ago I worked in HR at a large consulting firm and someone did get fired for viewing porn, but it was for multiple, um, viewings for a longish period of time, and also while at a client site. Can't say for certain about your company's policies, but hopefully you'll be fine? Good luck.
posted by sencha at 8:12 PM on July 16, 2020
As a manager—
I would consider one time an accident- and would be surprised if it was brought to my attention at all.
Our IT might send a few extra trainings your way about the risk of malware while working from home.
If it rose to the rate of wasting time, not doing your work, AND putting the network or data at risk then you would be disciplined.
posted by calgirl at 8:44 PM on July 16, 2020
I would consider one time an accident- and would be surprised if it was brought to my attention at all.
Our IT might send a few extra trainings your way about the risk of malware while working from home.
If it rose to the rate of wasting time, not doing your work, AND putting the network or data at risk then you would be disciplined.
posted by calgirl at 8:44 PM on July 16, 2020
When we moved to WFH I mentioned to all of my staff to remember that their work PC is not for non-work activities and don't install games or look at porn.
The reason I did this is because *lots* of people forget they're on their work PC after long day and I wanted them to get into the habit of doing all the non-work stuff on non-work kit.
You won't be the only one and a few minutes won't even hit the top 100 for that given month/week/day.
Don't sweat it and don't do it again is my advice.
If you do get asked then just be honest, it was an absent-minded mistake and you were shocked enough that you are now obsessive about separating work and non-work activity.
posted by fullerine at 1:55 AM on July 17, 2020 [1 favorite]
The reason I did this is because *lots* of people forget they're on their work PC after long day and I wanted them to get into the habit of doing all the non-work stuff on non-work kit.
You won't be the only one and a few minutes won't even hit the top 100 for that given month/week/day.
Don't sweat it and don't do it again is my advice.
If you do get asked then just be honest, it was an absent-minded mistake and you were shocked enough that you are now obsessive about separating work and non-work activity.
posted by fullerine at 1:55 AM on July 17, 2020 [1 favorite]
if the link was HTTPS, it's likely your company can only see the IP address of the site you visited from inspecting what went over the VPN - and IP addresses don't typically uniquely identify sites.
Most "big company" sized orgs use an outgoing web proxy with TLS termination and inspection.
posted by Candleman at 5:08 AM on July 17, 2020
Most "big company" sized orgs use an outgoing web proxy with TLS termination and inspection.
posted by Candleman at 5:08 AM on July 17, 2020
One time just looking, nah no worries. Repeatedly for weeks looking at freaky shit or downloading stuff? You might be getting a phone call to come to the office. It's not hard to accidentally click on something pornographic. No one is going to give you grief for one time.
posted by Patapsco Mike at 5:11 AM on July 17, 2020
posted by Patapsco Mike at 5:11 AM on July 17, 2020
+1 to the thought that a one-time event is not going to get you fired. If you are called out on it, I would try to be as honest as possible and not make things worse. I.e., yeah, I clicked on something when I wan't really thinking, it was really dumb and I closed out. I've never done this before and will never do this again.
I am sure that if you are at a big company the server logs are full of all kinds of random one-time clicks that went to something inappropriate. I've clicked on mystery links (stupidly) and had stuff jump on my screen.
posted by Mid at 10:33 AM on July 17, 2020
I am sure that if you are at a big company the server logs are full of all kinds of random one-time clicks that went to something inappropriate. I've clicked on mystery links (stupidly) and had stuff jump on my screen.
posted by Mid at 10:33 AM on July 17, 2020
It seems that a lot of more techy-folk have responded negatively to my suggestion.
The original question doesn't mention using work hardware, just being on the work network. I have always assumed that if I am using my personal PC working from home and I am logged into the work network via VPN, if my son is doing something on his phone or tablet in another room his traffic could be seen by my work. Is that not correct? I'm definitely not an IT person.
(Yes, I know that's technically a new question, but it fits with the original one, I think...)
posted by tacodave at 9:01 PM on July 20, 2020
The original question doesn't mention using work hardware, just being on the work network. I have always assumed that if I am using my personal PC working from home and I am logged into the work network via VPN, if my son is doing something on his phone or tablet in another room his traffic could be seen by my work. Is that not correct? I'm definitely not an IT person.
(Yes, I know that's technically a new question, but it fits with the original one, I think...)
posted by tacodave at 9:01 PM on July 20, 2020
I believe that's not the case, Tacodave. The only way that could happen is if somehow the router was configured to connect to the VPN, but I haven't heard of anybody recommending that outside of rare cases (and you'd know if that were what were happening).
If you have a computer logged into the work network, it would only route that computer's traffic through the VPN. (And even then, people above mentioned split tunneling where only some of the traffic goes through the VPN)
Alternate way to think about it, companies recommmend a VPN when doing sensitive work on a coffee-shop Wifi (if you need to be doing sensitive work in a coffee-shop, of course). If setting that up made the entire coffee shop connect to your work, that would be a nightmare security-wise.
posted by CrystalDave at 9:54 PM on July 20, 2020 [1 favorite]
If you have a computer logged into the work network, it would only route that computer's traffic through the VPN. (And even then, people above mentioned split tunneling where only some of the traffic goes through the VPN)
Alternate way to think about it, companies recommmend a VPN when doing sensitive work on a coffee-shop Wifi (if you need to be doing sensitive work in a coffee-shop, of course). If setting that up made the entire coffee shop connect to your work, that would be a nightmare security-wise.
posted by CrystalDave at 9:54 PM on July 20, 2020 [1 favorite]
This thread is closed to new comments.
And I'm not sure there's anything that can be done at this point. What's done is done. Try to put it out of your mind and forget about it?
posted by hydra77 at 3:14 PM on July 16, 2020 [7 favorites]