Forgot your password?
typodupeerror
Security Your Rights Online

Hotmail: Not Safe For Work? 583

Posted by CmdrTaco
from the no-shocker-there dept.
silentknight writes "According to MSNBC, web-based e-mail providers such as Yahoo and Hotmail may not be a haven for your private e-mail anymore. At least not while you're at work. SpectorSoft is introducing eBlaster, which aims to "secretly forward all e-mail coming and going through such Web-based accounts to a spy's e-mail". Corporations will most likely argue that, because of sites like Internal Memos, companies need to keep a tighter grip on the information that flows in and out of their companies. But attempting to spying on private e-mail?? In the words of Homer J. Simpson: "Butt out, Buttinsky"."
This discussion has been archived. No new comments can be posted.

Hotmail: Not Safe For Work?

Comments Filter:
  • eBlaster (Score:4, Funny)

    by tuxedo-steve (33545) on Thursday August 29, 2002 @09:44AM (#4162844)
    That eBlaster software seems like a totally excellent way to increase the amount of spam you receive in your inbox per day.

    Thanks, SpectorSoft.com! You've made my week!
  • To be honest (Score:5, Insightful)

    by ObviousGuy (578567) <ObviousGuy@hotmail.com> on Thursday August 29, 2002 @09:44AM (#4162845) Homepage Journal
    The time you spend at work, you ought to be working, not sending personal email, making personal calls, or anything besides work-related stuff.

    Now this becomes a little tough because we aren't automatons and have lives outside of work that need tending to. However, to expect that what you do within the walls of your company is private is laughable.

    Just assume that everything you do there is under surveillance. Heck, all your thoughts are already belong to them.
    • Re:To be honest (Score:5, Insightful)

      by nagarjun (249852) on Thursday August 29, 2002 @09:47AM (#4162874)
      However, to expect that what you do within the walls of your company is private is laughable.

      That's highly culture specific. For example, most Asian companies usually do not insist that *whatever* you do on company time is teh company's. Heck, I did not even sign a contract to that effect.
      • Re:To be honest (Score:4, Interesting)

        by photon317 (208409) on Thursday August 29, 2002 @10:41AM (#4163310)

        Search perlmonks.org for Tilly's article on the subject a while back. It appears that by most states' labor laws, if you are an exempt, salaried, full-time professional - the company does in fact own all of your output, even when you're not at work, and they don't need a special contract to get these rights. If you work as unix sysadmin, and you develop and patent a new lawn sprinkler on your own time on the weekends, they can take your patent away from you. They certainly in this light own your output during work hours, which means they very well can try to enforce that you don't do things like use hotmail.
    • Re:To be honest (Score:2, Interesting)

      by Anonymous Coward
      >>> The time you spend at work, you ought to be working...

      ... and you shouldn't be thinking about what you will be doing for the weekend, and you shouldn't read a newspaper during your lunch hour, and you shouldn't have personal thoughts while sitting in the chair that the company provided for you. Yup, nothing personal is allowed while you are "on the clock".

      These types of solutions are needed by companies who make work so much like work for their employees. Instead those companies should foster an environment where the employees want to contribute, and not have to be forced to contribute.

      • Re:To be honest (Score:2, Interesting)

        by ObviousGuy (578567)
        companies should foster an environment where the employees want to contribute, and not have to be forced to contribute.

        Is it worth it? [businessweek.com]

        After all, you've already got them by the balls. You don't have to put up with low productivity.
    • by yatest5 (455123)
      Just assume that everything you do there is under surveillance

      I really feel sorry for whoever has the videos of me cracking one off in the toilets then...;-)
      • by Schik (576085)
        Well, you shouldn't be "cracking one off", you should be working. To compensate for your slacking off, your company will take ownership of any an all "output" you create while on the toilet.
    • Re:To be honest (Score:5, Insightful)

      by Mr_Silver (213637) on Thursday August 29, 2002 @09:57AM (#4162954)
      The time you spend at work, you ought to be working, not sending personal email, making personal calls, or anything besides work-related stuff.

      Which is fine until you point out that the flip side of this is that you'll only work your contracted hours and never think about work outside of work hours.

      If a company is going to totally restrict what you do during work hours then they shouldn't expect any favours back - especially when a better job comes along as you'll be the first out of the door.

      It works both ways, they make your working conditions pleasant and you reward them with loyalty.

      • Re:To be honest (Score:5, Insightful)

        by RailGunner (554645) on Thursday August 29, 2002 @11:06AM (#4163510) Journal
        If a company is going to totally restrict what you do during work hours then they shouldn't expect any favours back - especially when a better job comes along as you'll be the first out of the door.

        Quite honestly, you should do that anyways. Company loyalty is a complete farce. Most companies treat people as "human resources" anyways, and in most companies your employment is "at will".

        Quit giving your lives and your hearts and your souls to a company like that. You'll be much happier if you think of yourselves as mercenaries - do honest work for honest pay. If you think a management decision is stupid, as long as it's legal / ethical, then kick back and remember that they're paying you to work, they're not paying you to care. Example: Say some pointy haried boss wants you to implement a horrible User Interface. You know it's a bad idea, that it'll be clunky. GO AHEAD AND GIVE THE PHB WHAT HE/SHE WANTS! Let them deal with any consequences. If a company starts reading your private email, then quit. Find something else.

        And this isn't a bad attitude. When you're at work, you should perform your duties to the best of your ability. However, when you're not at work, forget about work. And if someone offers you a better job, then TAKE IT. Start putting yourselves and your families over your jobs. Ultimately, your own self and your family is far more important then a company that's here today, gone tomorrow.

        Look what company loyalty got employees at Enron and WorldCom.

    • Re:To be honest (Score:5, Interesting)

      by pubjames (468013) on Thursday August 29, 2002 @10:04AM (#4163044)
      The time you spend at work, you ought to be working, not sending personal email, making personal calls, or anything besides work-related stuff.

      Stuff that nonsense. This is exactly the kind of crappy mentality that made me become self-employed.

      If my employer feels the need to treat me like a child, then I'll go work for someone else (which is what I have done, now I work for me). Stand up for yourselves people -- don't let your employers treat you like children! It's your
      life!

    • The time you spend at work, you ought to be working, not sending personal email, making personal calls, or anything besides work-related stuff.

      Yep, Jim Beam agrees that you should not be doing anything at work that is not 100% work-related:

      http://abcnews.go.com/wire/Business/ap20020827_1 11 7.html

    • Re:To be honest (Score:3, Insightful)

      I spend about 1.5 hours a day actually doing work. If I were home on a real computer with real software I could do everything I need to do in half that time.

      Yet, somehow I need to spend 9 hours a day at work simply because the phone might ring. I'd be happy to work if I had some. In fact, I actually request more work constantly. By all accounts I would be a model employee. Yet, when I have nothing to do I surf the web. I'm using company resources to do things other than my job.

      So I guess that makes me a bad person.

      *rolls eyes*

      If I do my job appropriately and efficiently then the company should cut me some slack. I'm not wasting company time or resources if I have fulfilled my job duties. If I read a book at work would it be any different?
  • blocked at work (Score:5, Informative)

    by Jucius Maximus (229128) <zyrbmf5j4x@snkmaiFREEBSDl.com minus bsd> on Thursday August 29, 2002 @09:44AM (#4162846) Homepage Journal
    In the large company where I work, all access to Hotmail, Yahoo, etc is blocked at the firewall. This is because too many lusers kept downloading klez, hybris, (random vbs trojan), etc and executing them.

    After this was done, all virus problems on the network dropped from one incident per 2 weeks to maybe 1 incident per 4 months.

    As to the privacy issue, the easy solution is to NOT SEND PRIVATE E-MAIL FROM WORK (or at least use GnuPG or PGP!)

    • Sigh... freaking morons.

      The previous company I worked at did this as well. Pissed the hell out of me, since I could no longer get to my email and I prefer to not give out my work email out over the net to avoid the spam.

      The really idiotic think is that they blocked sites like Sneakemail [sneakemail.com] too, which is just a redirector service.

      I can understand the need to block webmail sites, since there are too many idiots out there, but at least be intelligent about what gets blocked.
    • Re:blocked at work (Score:5, Informative)

      by Nomad7674 (453223) on Thursday August 29, 2002 @10:15AM (#4163120) Homepage Journal
      Another alternative, when e-mail from work is essential, is to get a wireless device capable of sending e-mail without using the work e-mail system. The Kyocera 6035 Smartphone [kyocera-wireless.com] (and the coming-soon 7135 [pdabuzz.net]), Palm's i705 Palm.Net service [palm.com] and Earthlink's various wireless services [earthlink.net] seem like good possibilities.

      Of course, a truly persistent person or corporation can find a way to tap into any technology, given time and money.

    • Re:blocked at work (Score:3, Interesting)

      by bgfay (5362)
      Okay, sure, but what about at a school that won't provide accounts for students to use? I teach at just such a school and would like to communicate with students using yahoo, netscape, hotmail or some other such thing. I could send out assignments, handouts, etc on email and not have to print the damn things on dead trees. Having free email at work would be a huge bonus to us, be much cheaper than getting each kid a hosted account, and be safe considering the machines are all set up with pretty good antivirus software that is updated all the time.

      As for lusers (sic) downloading virus files, well, that's going to happen regardless and we ought to be proactive (plan for these things) than reactive (ooo, no more email for you!).
  • With eBlaster, managers can find out if "the mice play while you're away".

    I'm sure I won't be missed...
  • One word : (Score:5, Informative)

    by M1000 (21853) on Thursday August 29, 2002 @09:45AM (#4162855)
    http://www.hushmail.com
    • eBlocker, like so many other key logger programs, intercepts the email, web sites, etc before it reaches the network. So hushmail won't help.

    • Two Words (Score:3, Funny)

      by Anonymous Coward
      CIA Operated.
    • Won't help you if you are using IE due to this flaw [securityfocus.com] since you can spoof hotmail or any other SSL based site and noone will be the wiser. It allows for a trivial "Man in the middle" attack. Some nice security guys on BugTraq providede a nice tool for spying on all SSL sessions. Note that Microsoft doesn't seem to even care to fix this flaw that basically makes SSL useless as a privacy tool.
  • by SirSlud (67381) on Thursday August 29, 2002 @09:46AM (#4162863) Homepage
    The best way to make people rise up against this is simply to encourage employers to try to apply the goals and reasoning of software like this against traditional communication services.

    How many people you think would be cool with their employer listening in on their personal phone calls, and opening all their personal mail that gets sent to the office?

    Apply it to everything, and people will understand that this is an encroachment on what we currently have, not a reasonable measure for dealing with a newish technology.
    • by gmhowell (26755) <gmhowell@gmail.com> on Thursday August 29, 2002 @01:57PM (#4164842) Homepage Journal
      Ditto some of the other replies. NO mail gets delivered in my office until it is opened. Even stuff that says "personal and confidential" is opened. It's a safety issue. There have been a couple of death threats throughout the years. It's also my facility. I paid for the person opening the mail, I paid for the post box. Trust me, I have no interest in reading a subpoena from your divorce attorney. I really don't. But if that's a death threat, I owe it to you AND THE OTHER EMPLOYEES to tell the cops.

      In our employee handbooks, we reserve the right to monitor calls. We never have, but we can. We allow a few calls (lots of mothers in my office. Lots of calls to/from the office to make sure the kiddies got off the bus okay) which is no big deal. Same thing with... A million little things. People are more productive, like you say, if they don't have to stay at home to wait for a package, to order a repair of their appliance, etc. But some people abuse the privelage.

      It's a balance that has to be struck. What seems to work is when we suspect someone of abusing the phone, we just remind them that we allow limited personal calls, and that we can monitor their calls to see if they are abusing the privelege. The offending behavior stops within hours:)

      And to the naysayers who say 'ignore company loyalty'. I've got news for you: it's a chicken and egg problem. I'll extend loyalty. We've got employees working for us who were around in the Ford administration. Until they retired, there were a couple of employees who changed my diapers. They gave their loyalty. We reciprocated. Need 2 months off for back surgery and recovery? No problem. Hope you get better. We'll keep your chair warm for you. OTOH, you think we're only good for a paycheck? Well, screw you. When times get tight, you'll be first on the chopping block. We'll find a way to save the person who stayed late to finish up some work.

      Loyalty works both ways. I think some of the children on slashdot forget that.
  • by prisen (578061) on Thursday August 29, 2002 @09:47AM (#4162878)
    Not really anything new here; "The Man" can see what I'm doing right now, where I'm going, whether or not I'm logged in to a site (including my username and password), how long I've been on a certain page, etc etc etc - And he doesn't need a kiddie script to do it. That's just part of working for the DoD or any other institution that has full monitoring instilled in their computer use policy, I guess.
  • Our only hope is (Score:4, Interesting)

    by Dirk Pitt (90561) on Thursday August 29, 2002 @09:49AM (#4162886) Homepage
    that the market will take care of these privacy invasions, and people just won't work for companies that get a rep for doing BS like this.

    I mean, legally, I have to side with the companies. Their machines, their time, their liability. The can do what they want.

    BUT...it does suck, and I'd hate to work for anyone that would think they needed to read my private mail. My only hope is that more and more people will leave companies that do that to work for smaller companies, or start their own, and that these smaller companies will begin to resist the temptation of corporate assimilation. I see it beginning to happen now, there are some fairly large, privately held consulting companies that foster a great atmosphere for their people. The more I see big companies doing things like this, the more hope I have that this renaissance of the small business will grow.

    • by jonatha (204526)
      that the market will take care of these freedom issues, and slaves just won't work for plantations that get a rep for...

      Well, you get the idea. There are good reasons for the existince of fair practice standards in labor laws...
  • Heh (Score:4, Insightful)

    by zapfie (560589) on Thursday August 29, 2002 @09:49AM (#4162891)
    Their computers.

    Their network.

    Their time.

    Their money.

    'nuff said.
    • Re:Heh (Score:5, Insightful)

      by Rude Turnip (49495) <valuation&gmail,com> on Thursday August 29, 2002 @09:54AM (#4162929)
      OK, then the following changes will take place:

      1. Pay for all my work clothes.

      2. Pay for my fuel expenses going to work.

      3. Pay me for all the unpaid overtime spent in the office *and at home*.

      4. Pay me rent for using my home as temporary office space (see item 3).

      5. Pay my cable modem/DSL bill for VPN'ing over the weekends.
      • I understand your sentiment, but I think there are a few holes...
        1) You'd need clothes anyway. OK, maybe not if you live in a nudist colony, but what colony would take your average geek? If you need specific clothing for the job (i.e. uniform, safety gear, etc), the company SHOULD defer the cost somewhat, if not provide it for you.
        2) You'd be free to walk, ride a bike, etc. at your discretion. Cost savings there. Maybe if you're lucky, the company would buy you a new pair of running shoes each year. Commuting is generally accepted as the cost of having a job.
        3) I agree 100% on this one, but if a set-in-stone salary is a part of the negotiated contract, you're pretty much screwed. On the other hand, when labor rates dive into the toilet, a firm contract can be your benefit as well.
        4) You'd have to live there anyway. If you needed special facilities to work from home (see response to #5 below), it would not be unreasonable to ask for cost deferrment, but having a house isn't required to have a job. (An address or residence, yes, but not a house/apartment. Hell, it's usually OK to have a PO Box as your primary address and live on the streets.)
        5) Yes. If you are required to have DSL or cable to do work from home, the company should cover at least a portion of the bill.

        However, the company's computers/network connection/etc exist solely for their corporate benefit. Just because there's a picnic table in the courtyard doesn't mean employees are permitted to spend all day sitting there BS'ing. Just because there's a water faucet on the building doesn't give me the right to fill up a large truck with water to fill my pool. The company has a right to control the usage of its resources. In the examples above, worker productivity and straight-out theft (respectively) are the situations at hand.

        If your company doesn't compensate you for the things you mention (namely gas and clothes), those are expenses you need to consider when calculating your NET salary. "If I take a lower paying job that's 15 miles closer to home, is there a benefit?" is a good question to ask. Hell, maybe it's a tie for money, but the time regained from not being in traffic makes it worth the change to you.

        Oh well... Again, I agree with the underlying sentiment, but some of the points are a bit unreasonable.
        • Rights vs brains (Score:5, Insightful)

          by MountainLogic (92466) on Thursday August 29, 2002 @12:34PM (#4164213) Homepage
          Sure, it's the company's system, but any smart manager knows that allowing employees to take an occasional personal phone call or email is going to make for more productive worker. Someone stewing about a sick child because they can't get a call from a caregiver is far less productive than a worker getting a quick email every hour with the childs temp.

          There are two types of workers, those who WLL get the work done regardless of distractions and those who will NOT get the workdone even if placed in a locked room. Hire and trust good people! Big brother tactics just makes the productive people less productive and won't fix the duds.

    • Re:Heh (Score:5, Insightful)

      by Dan Crash (22904) on Thursday August 29, 2002 @09:54AM (#4162932) Journal
      Their toilets.

      Still think you don't deserve any privacy?
    • by SirSlud (67381)
      Funny, I'd like to see how they (and what you really mean is us) can afford computers without my work? Its ironic, because I thought one of the tenants of capitalism was that by investing my work and effort into something (the company in this case) I can claim instrinsic ownership of the fruits of that labour, which would seem to include a partial ownership of the tools we use to achieve our goals (doubly and doublessly more legally so if you own stock in your company, right?)

      This isn't a war, with a whiteline in the middle with an us and a they. We are us, and its sheep thinking such as yours, devoid of any true analysis of the reality of the situation that does us a disservice and simply ensures apathy reigns supreme.

      For that matter, can I bring in my own computer to work? Should they get to spy on that? Consider what you say carefully, because you sound like you're simply regurgitating a way of thinking that doesn't have to be a part of our lives if we dont want it to be.
      • For that matter, can I bring in my own computer to work? Should they get to spy on that?

        Given that the vast majority of all attacks and break ins of corporate networks are internal in nature rather than external, a company policy that you cannot use your own PC within the company network is valid. A company policy that you can bring your own PC in, but it has to be checked out by the desktop support and security admins before you can use it, and after that it has to conform to corporate PC standards, is all right. I see nothing at all wrong with that.

        Run a keylogger or a sniffer against your personal PC that they allowed you to bring in? Only if they do it with all PC's in the network. If yours is being singled out, no.

        I have done a bit of security consulting, mostly firewalls and intrusion detection, and in my mind sniffing hotmail or logging keystrokes is something you only do when you have a reasonable suspicion that they employee is breaking the rules. If the government were to do this to all hotmail and yahoo users on the assumption that terrorists use those services and that justifies their action the whole country would howl. I think monitoring employees across the board falls in the same category, not to mention it's a horrible waste of resources that could be focused on something else that is more productive and less controversial.

    • the system (Score:5, Insightful)

      by mattdm (1931) on Thursday August 29, 2002 @10:02AM (#4163012) Homepage
      So it's feudalism at work; democracy on your own time.

      Your words could apply just as well to someone justifying plutocracy as the logical system of government for a nation -- the wealthy landowners get to make the decisions, because they literally own the country. Somehow, in these modern times, we've decided that that's just not acceptable anymore. Why do we still put up with it at work?
    • I don't really buy the "the company can do whatever the hell they want" argument. There are certain recognized freedoms, such as freedom from sexual harassment, to which an employee is entitled. Certain of these freedoms extend into the arena of privacy. A company can't for example, monitor your personal telephone calls (Watkins v. L.M. Berry & Co., 704 F.2d 577, 583 (11th Cir. 1983). The basic point here is that if a company operates in such a way as to require your presence at a staffed facility, certain human provisions must be made for your occupation. Everything from exit marking to bathrooms and building codes revolve around this fundamental understanding. As evidenced in the above citation, this understanding extends, at least in part, to your privacy rights.

      Therefore, a company's insistence upon intruding into your private communications can and should be resisted.

      IANAL YMMV

    • Re:Heh (Score:2, Insightful)

      by derch (184205)

      Their computers wasting cycles without an employee using it.

      Their network sitting idle without employees working.

      Their time wasting without employees.

      Their money not growing without employee talent.

      You forgot that a business without an employee goes nowhere, and an employee is a person who deserves more respect than a little bit of bandwidth.

      I'm a human being and deserve some respect - respect for life outside of work, respect for privacy, respect for talents. When they prefer to use iron fisted policies that treat me as a simple machine in the system, I no longer feel the need to respect their corporate secrets or work hard.

      It's a pretty easy equation. Respect me and acknowlege I have a life, and I'll respect the company and want to help it grow.

      I mean goddamn, I've worked shit jobs for rednecks who understood that treating employees like shit gets you nowhere.

  • by Zathrus (232140) on Thursday August 29, 2002 @09:49AM (#4162893) Homepage
    ... to read each and every one of the 300+ spam emails I get daily to my Hotmail account.
  • The company owns the bandwidth, PCs, internet gateways, etc. etc. If the company doesn't trust or can't trust (because of legal liabilities) their own employees, then some IT fool will buy this thing.

    Of course this article is quite irrelevant for slashdotters. We should have our certificates, machines we can VNC to, encrypting proxy servers, etc.

    But, ironically, it'll probably be the arrival of widespread wireless (be it 3G, a mesh network of 802.11, etc.) that provides a little privacy. Imagine, if you want to send a private email, just change your Wireless connection to be your public ISP-type network, send your mail, and voila. You use your ISP's network instead of the corporate one. Both parties are happier.

  • The computer i use at work is the property of my employer, provided for work-related purposes only...
    Likewise, the bandwidth I use is restricted to those activities necessary for me to carry out my duties.
    I have specifically agreed to limit my use of thecomputer and network in this manner as a term of my
    continued employment. Why would I expect any kind of privacy in this case?

    Interested to know what people think about this.

  • Solution? (Score:5, Interesting)

    by f00Dave (251755) on Thursday August 29, 2002 @09:51AM (#4162903) Homepage
    Use ssh or WinVNC (like I do) or somesuch to remotely access your home system, and run your personal stuff THERE. At work, the only non work-related software I run is WinAMP, WinVNC client and a web client. At home, I run an email client, IRC, ICQ, Kazaa, etcetera....

    So long as the employer doesn't mind you connecting to your home machine (and you can encrypt that connection, somehow), then what you do with it is your own business.

    Of course, you can still paste memos over VNC/ssh, so this just defers the problem somewhat. ;-)
  • Bad management... (Score:2, Insightful)

    by Anonymous Coward
    If employees are spending that much undo time at personal email at work, I think this speaks far more about the poor quality of the managers and the low morale of the company itself, than of problems of the employees. As such, it might even be useful to have a tool to determine if managers should go based on the rise or fall of such email traffic :).

    Far more often than having your boss actually read your personal email every day, companies snoop to archive this sort of information so that if they need to they can review and use it later. This possibility for abuse in this regard is endless.

  • My present client simply blocks all web based mail sites at the firewall. So I just send whatever I want through their corporate email system. Even mail relating to my other clients or negotiations for other contracts. If I really need security, I'll use encryption or simply give them a call. If they don't like what they'r reading or how I'm using their email system, they can either provide me with access to my yahoo email account or bite me.



    It's just like my house. Anyone can look through my windows. But I can't be responsible if they're horrified by what they see. :-)

  • by beamz (75318) on Thursday August 29, 2002 @09:58AM (#4162966)
    While I understand that a computer is company resources, I believe that responsible use should be acceptable and big big brother should not be there listening.

    Blocking or intercepting email is more or less the same as listening in on a phone conversation. Yes, I know this horse has been beaten to death here but it's still ridiculous.

    If you're not allowed to make personal phone calls then I can understand them not allowing or even monitoring personal computing use but for communications, email should be a protected medium.
  • And what's the big deal here? You are at work. You are being paid to do what your employer wants (within the law). You do not have the right to use your employer's equipment for personal business unless you get permission. If you don't like your employers policy, quit.

    There is no such thing as a "right to privacy" in the United States. Check out the Constitution and the Bill of Rights. You won't find find it along with other "rights" people say they have like, 'right to free health care', 'right to Social Security' and the often touted, 'right to party!!!'.

    • It is entirely true that the constitutional right to privacy is not explicitly stated, and may stand on some dubious jurisdiction by the Supreme Court. But the fact that a right is not explicitly enumerated in the Constitution does not mean that people don't have it. That's pretty much exactly what the 9th amendment states.
    • you missed something (Score:4, Informative)

      by mattdm (1931) on Thursday August 29, 2002 @10:12AM (#4163106) Homepage
      The 9th amendment -- for some reason, people who want to restrict the rights of US citizens seem to conveniently forget that one. Here it is:
      The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
      There's my right -- and yours --to an adequate standard of health, to be looked after after a life of contributing to society, and yes, to pursue happiness. Oh, and of course, to live like a free human being, not a corporate slave, even when I'm at work.
    • How about the the protection against illegal search and seizure.

      Yes, that keeps the police from walking into your house/searching your car, etc... without probable cause.

      How does that apply in this instance? The hotmail account is mine, I signed up for it, I use it for personal reasons.

      The fact that I access it electronically is besides the point. Would you want your employer to know what the contents of your bank account are just because you did a little online banking from work? How about the contents of your safe deposit box because you went there during lunch hours? Are they allowed to fire you for the contents of your car while its parked in their parking lot? (Ok, bad example, they probably could if you had explosives or naked pictures of the boss as a windshield sun shade) But how about the trunk?

      What if you and some co-workers decide to play some network games after hours?

      Companies usually reserve the right to terminate you for inappropriate behavior. Fine, thats their right. But I believe that I do have a right to privacy in this country and any company that intends to read my email had better tell me that they reserve the right to do it. That way at least I can make the choice of wether or not to work there.
  • Why shouldn't a company monitor your personal email? I really don't see any problem at all with it. Ask yourself this: WHY ARE YOU THERE, WHY ARE THEY PAYING YOU? *To Do your Job*.

    Why are you doing your personal matters on their network, computers, bandwidth?

    At one of the offices I Admin, I have two terminals set up in the breakroom with access to the public email sites (yahoo, hotmail, various popular ISP's), and only from those IP's (on their own subnet /30) can they get to those sites. Those workstations are also locked down, but have games and other break related software on them. All the users know that they are monitored on the "business" network for the sites they browse and the communications they make. Everyone is content with this. There is the option to use the break room computers, and if they want to do it on their machine (yahoo, hotmail, etc) they just plain can't. (unless you ssh/telnet(sniffed)/rdp/ica/pc-any to another computer off the network.)

    • I just wonder if all phone conversations are monitored as well, if there are video cameras in the bathrooms (to keep people from doing illicit things), if cars parked in the lot are searched, and if employees are regularly checked for clean and sexy underwear. I most certainly hope so. It is the company's right to do these things. After all, they pay those employees and that gives them all the rights anyone could ever ask for.
  • "Hotmail is phenomenal if you get there within the right time frame," said Kevin Mandia [washingtonpost.com], a former Air Force investigator now working as a consultant with Foundstone Inc. "You can actually see people as they travel, checking messages from different computers. You can really track people effectively."
  • You!

    Slashdot isn't safe for work.

    Stop. You! In the cubacle - stop reading. You're being logged and will be delt with. Soon.

    -Your Loving Managment
  • by DnemoniX (31461) on Thursday August 29, 2002 @10:00AM (#4162996)
    I am an IT manager for a local government agency. We monitor all internet usage on a regular basis. for the most part it is rather boring. This also means that if sombody uses Hotmail or some such at work it gets logged. By state statute here all documents that are created on our equipment, i.e. you type an e-mail. It becomes public record. that means any Joe Blow off the street can send in a request for copies of any and all e-mails that we have on our system. This causes a few interesting problems. So I do a couple things. 1. I do not backup the e-mail system. All users are aware of this. 2. Zero retention on deleted e-mail. 3. A signed Acceptable Usage poilicy for each user. They are all aware of the possibility of being monitored. Does this stop people, no! We have had to take action on abuses several times. Like the guy that wouldn't stop surfing porn at work, he worked in the cube and there are several women that work in that office. Bad judgement. Last week things got worse. I noticed a user surfing a little porn so I checked the logs, I was a little surprised, he was accessing a Sex Offender Database. He was looking himself up! Turns out this guy is a registered sex offender in the neighboring state. I looked up what he was convicted of and it was RAPE. Also 90% of the workers in my building are female. We would have never known any of this without monitoring our system. Our lawyers are working on what to do with him now. People can bitch all they want about Big Brother, but ever consider sometimes this is bigger than one person feeling bad? Think about how you would feel if your sister or mother worked in that office and something happened. Wouldn't you have wanted us to do something about it? Take off the blinders and step off the soap box, because until you are the one responsible you don't know shit.
  • We have a very strict standard for e-mail. All e-mail that comes into our network belongs to the company, not the employee. If it's using our servers, it's ours. Granted, we don't allow managers to indiscriminately view an employee's mailbox without HR approval but we will do our best to protect our assets.

    I block all web-based e-mail from our proxy - like another poster said, it prevents users from downloading viruses. I work in the medical field and we have to protect patient data so there's also the added risk of someone sending confidential material out of the company through a webmail account without our ability to take corrective action because of the lack of proof. Originally, I had to block hotmail because MS Proxy Server used to crash whenever someone accessed Hotmail so our company policy was actually born out of protecting our proxy server.
  • I have been getting a lot of spam lately on an address I only give out to my friends.
    They all seem to keep it in their hotmail and yahoo address books.
    Is that the spam leak?

    • "I have been getting a lot of spam lately on an address I only give out to my friends. They all seem to keep it in their hotmail and yahoo address books. Is that the spam leak?"

      Many spammers just try random user names and hope they reach an inbox. And even if you open just one random spam with HTML 'phone come' code embedded in it, you are exposed and the spam starts rolling in.

  • Err, excuse me, but since when have we had the expectation of privacy when using company resources?

    You send email via Outlook and your company's Exchange server. It's logged (or at least monitored), for legal reasons.

    You Web-browse on your company Workstation during lunch. It's logged (or at least monitored), for legal (and HR) reasons.

    You send IM traffic across the company network to an external friend via ICQ. It's logged (or at least monitored), for legal reasons.

    You send email via Hotmail using a company Workstation, out a company NIC, across the company Cat5, through the company switches and routers, out the company gateway and upstream to you company's service provider. It's logged (or at least monitored) for legal reasons.

    Personal use of company assets on company time. Unless you have an absoultely rockin' Acceptable Usage Policy (from the employee's point of view), you're "up shit creek without a paddle".

    You can bitch and moan about this kind of thing all you want, but it comes down to one thing. Is use of Web-based mail against the AUP policy you signed when you commenced work? If it is, and you do it anyway, you're screwed.

    Sheesh, you'd think it was rocket science or something...
  • by irix (22687) on Thursday August 29, 2002 @10:05AM (#4163050) Journal

    Man, that site is hilarious! You can't make stuff like this up [internalmemos.com] :-)

  • Putty [greenend.org.uk] is an amazing little win32 ssh client (does telnet and a few other things as well). For me, if I am working on windows and need to check my mail, I ssh out to my linux box and fire up pine. No muss, no fuss. It is worth checking out the license link... Simon, you ROCK!
  • I have a shell where I host my web pages and such... or at least theoretically where I would host them were I to have any.
    I ssh into that and use pine while at work, and then when I am home I use pop3 to yank it down.

    this has worked well for me and I'm gonna stick to it. it isn't free like hotmail, doesn't have a slick web interface... or at least a web interface - but I like it well enough.
    (it is like free to me because I would have this account whether I were using the e-mail or not)
  • Who, is his right mind, ever thought Hotmail was a haven for commercial or otherwise private information, when not a month goes by without a new flaw in their security or a new loophole in their privacy policy comes to light?
  • But the headline pretends that only Hotmail has this problem. This is not new as *ANY* http transmission that is not encrypted via SSL is prone to this problem, since all the boss needs to do is to setup the proxy server/firewall to dump everything passing through, even without this particular software.

    Additionally, that e-Blaster software even traps and logs the keystrokes of the workstation: not even SSH or any other software that requires typing your password will help you here. If you're using your company's computer, and you are subject to their rules. ***END OF THE STORY***

  • Good and Bad (Score:5, Interesting)

    by chill (34294) on Thursday August 29, 2002 @10:15AM (#4163124) Journal
    The last place I worked, I had to do something like this. We had a problem with an employee who was suspected of leaking company trade secrets to a competitor.

    It turns out she was using a Yahoo e-mail account to send CAD files of complete circuits to her "ex" boyfriend at a competitor. She was doing this from computers at work, and yes she had authorization to access the CAD files in her job.

    Because we were able to monitor the activity, the company knew what/when/where the files went. She was fired for cause and we contacted the competitor and waved the evidence. They had little choice but to fire the person on the other end and we watched them close to see if they introduced any "new" products over the next year or so that were based off of our designs.

    * * *

    Fast forward to my new company -- a once major telecom giant -- they now block all webmail sites they can find via their firewalls.

    Simple fix? Squid proxy on your home computer running on port 443 (HTTPS) and requiring a username/password.
  • I teach in the public schools in NY state and we have had all free email sites (yahoo, netscape, etc) blocked by the damn firewall. The reason given is that such things allow for malicious attacks on the network. Is there any truth to this? I imagine that there are better ways to attack out school system's network than My Yahoo (not that I'm looking for those ways). I just want to use my Yahoo account to read mail on my free period and communicate with students.

    Can anyone give a compelling reason why this should be firewalled or, better for me, a compelling argument as to why it need not be?
  • by xyzzy-ladder (570782) on Thursday August 29, 2002 @10:20AM (#4163153)
    Management? The Board of Directors?

    Of course not! People that high in the organization would never use company time - or company computers, cars, or phones (or money!) - for personal use.

    When they are on the golf course, it's not for fun, they are doing BUSINESS. You wouldn't expect them to do business like the rest of us, at a desk, would you?

  • Lets all take a deep breath and realise that keystroke loggers, and packet sniffers are nothing new.

    If you are at work, don't be stupid. Set up your own damn computer, and keep as as secure as you can. All you need is some night cleanup guy to install this tool on your pc, and you credit card and bank info is public knoledge.

    Why on earth does this article center around Hotmail? who the fuck cares about webmail... this is a keylogger, and much more and is no way specific to hotmail.

    The tone of the news item almost seemed like Hotmail.com were the ones forwarding the emails:)

    --me

  • by kriegsman (55737) on Thursday August 29, 2002 @10:26AM (#4163186) Homepage
    If you've already got a POP or IMAP e-mail account somewhere and you want to check it from work, consider using www.mail2web.com [mail2web.com]. They support full-SSL access to their tools, and they even seem to do some nice things to prevent referer-tracking from site you link to from e-mails you receive.

    -Mark, unaffiliated with mail2web, but a happy user
  • We almost lost /. access here because someone mentioned something about the compnay he should not have....that would have royally sucked....
  • How many of you only ever use your mobile for personal calls, where a few years back you'd have been dialing 9?

    The same will happen with email pretty soon - you'll be mailing on your phone (text is already HUGE) and never need to use the email from your desk again.

    Now - assuming its your phone, and not their phone, you can expect decent privacy (from your boss at least) on that.
  • Of course Hotmail is a private form of communication. Doesn't their AUP explicitly say that they own the IP rights to the content mentioned in your email? I remember a big to do over that on /. a while back.

    Besides that point, all corporate email should be cryptographically signed and all sensitive email should be encrypted. Period.

  • Hotkey sequence (Score:4, Interesting)

    by sdxxx (471771) on Thursday August 29, 2002 @10:31AM (#4163225)
    From the FAQ [spectorsoft.com]:

    11. So, if eBlaster does not show up anywhere, how do I get into it?

    ... if you do need to open eBlaster to change some settings, you simply type a Hotkey combination, which is 3 keys pressed simultaneously followed by a fourth key. (Nobody would ever accidentally type those 4 keys, so they won't accidentally discover eBlaster is present.)...

    So does anybody know what those four keys are?

  • According to the FAQ, it has to be installed on Windows. The report can be sent to anything.

    I wonder if Adaware will be updated to kill it. It should be a simple matter to find the dir and delete it tho.

  • Anyone who is skilled will know how to encrypt their outgoing connections. Or even will know a few free e-mail services (hushmail anyone) that can encrypt their connection when they check e-mail.

    Personally I try to SSH to my mail servers when I need to.

    Just remember though. If you are going to rely on SSL to protect your e-mail. Don't use IE (since it would be easy for a company to put a Man in the Middle attack on your IE). Use Mozilla or Something that does SSL properly.
    • Please read the linked web site before posting.

      Encrypted communications will not help here, as the software is a "trojan" installed on your PC, logs every keystroke, and intercepts content of email after it has been decrypted.

      Basically, if you cannot trust the PC that you are running your HTTPS browser on, you should assume that the encryption is not giving you any protection against the owner of that PC, or anybody else who "0WNZ" that PC...

      Personally, I bring my personal laptop to the office each day, run a local firewall on that laptop, connect it to the office LAN, and never install any company-provided binaries on that laptop.

      The company provides a corporate-owned business desktop, and I use that machine solely for messages and network traffic that I would not have any problem with the helpdesk people reading -- since the corporate standard is to install LanDesk, I have to assume that the HelpDesk people can and do have access to anything on that machine.

      Keep your business life as distinct from your personal life as you possibly can.

  • by dcollins (135727) on Thursday August 29, 2002 @10:36AM (#4163276) Homepage
    From the article:

    ...a personal letter through the company mailroom. The contents of such a letter are protected by U.S. mail regulations.

    Contrary to the large contingent of "company can do whatever it wants on its property" boosters, there in fact seem to be all kinds of legal protections and privacy expectations established for workers in corporate offices.

    The fascist model that says otherwise is not only frightening, it's untrue.

    The full quote from the lawyer in the article (in reference to the 1986 Electronic Communications Privacy Act):

    Spyware like that produced by SpectorSoft and competitor WinWhatWhere Corp. has not yet faced a definitive courtroom test. But David Sobel, general counsel of the Electronic Privacy Information Center, equated private Web-based e-mail account with an employee receiving a personal letter through the company mailroom. The contents of such a letter are protected by U.S. mail regulations.
    "The question is: Is there a reasonable expectation of privacy? I would argue that if a company.com account is provided to me for company business, I can assume it might be subject to monitoring ... but if I take additional step to set up a Hotmail account that I occasionally access from my desktop at work, I think that could be construed as an expression of an expectation of privacy."

  • by sckeener (137243) on Thursday August 29, 2002 @10:40AM (#4163301)
    The problem I have with this sort of monitoring is it requires interpretations on the part of the reviewer. What should matter is whether I am creating a hostile work environment and whether I am doing my job. End of story. Mess up on either of those and you should be out the door.

    These sorts of issues are very similar to consensual crimes [mcwilliams.com] where the government wants to monitor what you do between consenting adults.

  • [from the FAQ] (Score:3, Informative)

    by FuzzyBad-Mofo (184327) <fuzzybad@gmail.FORTRANcom minus language> on Thursday August 29, 2002 @10:54AM (#4163415)
    18. I do not have physical access to the PC I wish to monitor. Does eBlaster support remote installation? eBlaster can be configured to send the program installation file to another email address. Assuming that the receiving email client will allow the receipt of a .EXE file attachment and that the user opening the email clicks on the file attachment, then eBlaster will automatically install itself on that computer. Once installed on the remote computer, eBlaster will send recordings from that computer to your email address. VERY IMPORTANT: You MUST be the owner of the computer to which you are remotely installing eBlaster. If you are NOT the owner, or have not received permission from the owner to install eBlaster on that computer, you could be in violation of state or local law by monitoring the activities of property that does not belong to you.
  • by David Wong (199703) on Thursday August 29, 2002 @11:03AM (#4163480) Homepage

    "Mr. Wong, we've been monitoring your incoming hotmail and we can only assume you've spent hours of company time sending out hundreds of inquiries requesting information on how you can lengthen your penis by 3-4 inches with some kind of herbal supplement..."
  • backwards (Score:4, Funny)

    by spoonyfork (23307) <[moc.liamg] [ta] [krofynoops]> on Thursday August 29, 2002 @12:03PM (#4163906) Journal

    So, they want to read my personal email but they don't want to read my ideas on how fix some corporate IT problems?

    Perhaps I should put my suggestions in personal emails sent through Yahoo!, that way they might get some attention.

  • by DiveX (322721) <slashdotcontact@oasisofficepark.com> on Thursday August 29, 2002 @12:46PM (#4164316) Homepage
    Aren't other trojans like Back Orifice and NetBus marketed as 'network tools'? How long before anti-virus programs either add this to their lists or are somehow convinced (bought out, coerved) to intentionally keep this from their list like that did with the FBI's Carnivore program? If you purchase the software eblaster you would think it is yours ,
    but that is not the
    case.

    Spector soft designed the software to periodicly register its serial number with there database. This way if the software is installed in one or more machines they disable your software. Sure a firewall would prevent this communication, but it should also prevent the program from working anyway. I also woant to know what level of trust would one place into a company that can then have total control of your system. Are all those emails marked 'confidential' being sent to the company president also being routed to some other location? In this case security is only as strong as this software company's security. Could someone not take over and then have instant access to hundreds of corporate zombies? Sorry, but I am not about to take that chance.
  • Attn Yahoo Users (Score:3, Insightful)

    by spacefrog (313816) on Thursday August 29, 2002 @01:39PM (#4164713)
    Just a quick FYI

    https://mail.yahoo.com

    This won't stop them from tracking you, but at least your content will be private.

"In matters of principle, stand like a rock; in matters of taste, swim with the current." -- Thomas Jefferson

Working...