Hotmail: Not Safe For Work? 583
silentknight writes "According to MSNBC, web-based e-mail providers such as Yahoo and Hotmail may not be a haven for your private e-mail anymore. At least not while you're at work. SpectorSoft is introducing eBlaster, which aims to "secretly forward all e-mail coming and going through such Web-based accounts to a spy's e-mail". Corporations will most likely argue that, because of sites like Internal Memos, companies need to keep a tighter grip on the information that flows in and out of their companies. But attempting to spying on private e-mail?? In the words of Homer J. Simpson: "Butt out, Buttinsky"."
blocked at work (Score:5, Informative)
After this was done, all virus problems on the network dropped from one incident per 2 weeks to maybe 1 incident per 4 months.
As to the privacy issue, the easy solution is to NOT SEND PRIVATE E-MAIL FROM WORK (or at least use GnuPG or PGP!)
One word : (Score:5, Informative)
this can be monitored already (Score:3, Informative)
Re:blocked at work (Score:2, Informative)
You are encrypting to send to someone else. No private key is required. If you really need one, generate a new key for work purposes.
you missed something (Score:4, Informative)
Re:blocked at work (Score:5, Informative)
Of course, a truly persistent person or corporation can find a way to tap into any technology, given time and money.
Free Webmail-over-SSL: mail2web.com (Score:3, Informative)
-Mark, unaffiliated with mail2web, but a happy user
Examples of privacy at work (Score:4, Informative)
Contrary to the large contingent of "company can do whatever it wants on its property" boosters, there in fact seem to be all kinds of legal protections and privacy expectations established for workers in corporate offices.
The fascist model that says otherwise is not only frightening, it's untrue.
The full quote from the lawyer in the article (in reference to the 1986 Electronic Communications Privacy Act):
Spyware like that produced by SpectorSoft and competitor WinWhatWhere Corp. has not yet faced a definitive courtroom test. But David Sobel, general counsel of the Electronic Privacy Information Center, equated private Web-based e-mail account with an employee receiving a personal letter through the company mailroom. The contents of such a letter are protected by U.S. mail regulations.
"The question is: Is there a reasonable expectation of privacy? I would argue that if a company.com account is provided to me for company business, I can assume it might be subject to monitoring
[from the FAQ] (Score:3, Informative)
Re:Ooh, goody... (Score:1, Informative)
I can totally recommend FastMail [fastmail.fm].
Though of course, if you are using IE, you are shot anyway.
Simple, OpenSSH-tunnel work arround (Score:2, Informative)
I installed Squid (the proxy server) on my box at home (which has a cable connection) and then use this simple one-line SSH command to create a SSH tunnel, which forwards all my web browsing to my proxy server at home, across an encrypted channel.
ssh -o ProtocolKeepAlives=15 -q -f -N -C -g -L 45855:localhost:3128 myusername@MY.HOME.IP.ADDRESS
Then I just have a copy of Opera on my machine away from home, set to use a proxy server on localhost port 45855. Works beautifully for web browsing that a company can't sniff.
Note that I used the "-g" option of SSH, which allows other machines to connect to my locally forwarded ports (i.e. they can use the proxy server back at my home by connecting to the local port on my machine.) Take it out if you don't want this.
With this, no help to encrypt your connections! (Score:3, Informative)
Encrypted communications will not help here, as the software is a "trojan" installed on your PC, logs every keystroke, and intercepts content of email after it has been decrypted.
Basically, if you cannot trust the PC that you are running your HTTPS browser on, you should assume that the encryption is not giving you any protection against the owner of that PC, or anybody else who "0WNZ" that PC...
Personally, I bring my personal laptop to the office each day, run a local firewall on that laptop, connect it to the office LAN, and never install any company-provided binaries on that laptop.
The company provides a corporate-owned business desktop, and I use that machine solely for messages and network traffic that I would not have any problem with the helpdesk people reading -- since the corporate standard is to install LanDesk, I have to assume that the HelpDesk people can and do have access to anything on that machine.
Keep your business life as distinct from your personal life as you possibly can.