Hotmail: Not Safe For Work?

silentknight writes "According to MSNBC, web-based e-mail providers such as Yahoo and Hotmail may not be a haven for your private e-mail anymore. At least not while you're at work. SpectorSoft is introducing eBlaster, which aims to "secretly forward all e-mail coming and going through such Web-based accounts to a spy's e-mail". Corporations will most likely argue that, because of sites like Internal Memos, companies need to keep a tighter grip on the information that flows in and out of their companies. But attempting to spying on private e-mail?? In the words of Homer J. Simpson: "Butt out, Buttinsky"."

Our only hope is

[Dirk Pitt]

that the market will take care of these privacy invasions, and people just won't work for companies that get a rep for doing BS like this.

I mean, legally, I have to side with the companies. Their machines, their time, their liability. The can do what they want.

BUT...it does suck, and I'd hate to work for anyone that would think they needed to read my private mail. My only hope is that more and more people will leave companies that do that to work for smaller companies, or start their own, and that these smaller companies will begin to resist the temptation of corporate assimilation. I see it beginning to happen now, there are some fairly large, privately held consulting companies that foster a great atmosphere for their people. The more I see big companies doing things like this, the more hope I have that this renaissance of the small business will grow.

Solution?

[f00Dave]

Use ssh or WinVNC (like I do) or somesuch to remotely access your home system, and run your personal stuff THERE. At work, the only non work-related software I run is WinAMP, WinVNC client and a web client. At home, I run an email client, IRC, ICQ, Kazaa, etcetera....

So long as the employer doesn't mind you connecting to your home machine (and you can encrypt that connection, somehow), then what you do with it is your own business.

Of course, you can still paste memos over VNC/ssh, so this just defers the problem somewhat. ;-)

Re:To be honest

[Anonymous Coward]

>>> The time you spend at work, you ought to be working...

... and you shouldn't be thinking about what you will be doing for the weekend, and you shouldn't read a newspaper during your lunch hour, and you shouldn't have personal thoughts while sitting in the chair that the company provided for you. Yup, nothing personal is allowed while you are "on the clock".

These types of solutions are needed by companies who make work so much like work for their employees. Instead those companies should foster an environment where the employees want to contribute, and not have to be forced to contribute.

Re:To be honest

[ObviousGuy]

companies should foster an environment where the employees want to contribute, and not have to be forced to contribute.

Is it worth it? [businessweek.com]

After all, you've already got them by the balls. You don't have to put up with low productivity.

Well done, but not needed.

[mwjlewis]

Why shouldn't a company monitor your personal email? I really don't see any problem at all with it. Ask yourself this: WHY ARE YOU THERE, WHY ARE THEY PAYING YOU? *To Do your Job*.

Why are you doing your personal matters on their network, computers, bandwidth?

At one of the offices I Admin, I have two terminals set up in the breakroom with access to the public email sites (yahoo, hotmail, various popular ISP's), and only from those IP's (on their own subnet /30) can they get to those sites. Those workstations are also locked down, but have games and other break related software on them. All the users know that they are monitored on the "business" network for the sites they browse and the communications they make. Everyone is content with this. There is the option to use the break room computers, and if they want to do it on their machine (yahoo, hotmail, etc) they just plain can't. (unless you ssh/telnet(sniffed)/rdp/ica/pc-any to another computer off the network.)

Hotmail safe? What a joke.

[October_30th]

"Hotmail is phenomenal if you get there within the right time frame," said Kevin Mandia [washingtonpost.com], a former Air Force investigator now working as a consultant with Foundstone Inc. "You can actually see people as they travel, checking messages from different computers. You can really track people effectively."

You Bet Your Ass We Monitor!

[DnemoniX]

I am an IT manager for a local government agency. We monitor all internet usage on a regular basis. for the most part it is rather boring. This also means that if sombody uses Hotmail or some such at work it gets logged. By state statute here all documents that are created on our equipment, i.e. you type an e-mail. It becomes public record. that means any Joe Blow off the street can send in a request for copies of any and all e-mails that we have on our system. This causes a few interesting problems. So I do a couple things. 1. I do not backup the e-mail system. All users are aware of this. 2. Zero retention on deleted e-mail. 3. A signed Acceptable Usage poilicy for each user. They are all aware of the possibility of being monitored. Does this stop people, no! We have had to take action on abuses several times. Like the guy that wouldn't stop surfing porn at work, he worked in the cube and there are several women that work in that office. Bad judgement. Last week things got worse. I noticed a user surfing a little porn so I checked the logs, I was a little surprised, he was accessing a Sex Offender Database. He was looking himself up! Turns out this guy is a registered sex offender in the neighboring state. I looked up what he was convicted of and it was RAPE. Also 90% of the workers in my building are female. We would have never known any of this without monitoring our system. Our lawyers are working on what to do with him now. People can bitch all they want about Big Brother, but ever consider sometimes this is bigger than one person feeling bad? Think about how you would feel if your sister or mother worked in that office and something happened. Wouldn't you have wanted us to do something about it? Take off the blinders and step off the soap box, because until you are the one responsible you don't know shit.

Re:To be honest

[pubjames]

The time you spend at work, you ought to be working, not sending personal email, making personal calls, or anything besides work-related stuff.

Stuff that nonsense. This is exactly the kind of crappy mentality that made me become self-employed.

If my employer feels the need to treat me like a child, then I'll go work for someone else (which is what I have done, now I work for me). Stand up for yourselves people -- don't let your employers treat you like children! It's your
life!

Good and Bad

[chill]

The last place I worked, I had to do something like this. We had a problem with an employee who was suspected of leaking company trade secrets to a competitor.

It turns out she was using a Yahoo e-mail account to send CAD files of complete circuits to her "ex" boyfriend at a competitor. She was doing this from computers at work, and yes she had authorization to access the CAD files in her job.

Because we were able to monitor the activity, the company knew what/when/where the files went. She was fired for cause and we contacted the competitor and waved the evidence. They had little choice but to fire the person on the other end and we watched them close to see if they introduced any "new" products over the next year or so that were based off of our designs.

* * *

Fast forward to my new company -- a once major telecom giant -- they now block all webmail sites they can find via their firewalls.

Simple fix? Squid proxy on your home computer running on port 443 (HTTPS) and requiring a username/password.

Re:blocked at work

[bgfay]

Okay, sure, but what about at a school that won't provide accounts for students to use? I teach at just such a school and would like to communicate with students using yahoo, netscape, hotmail or some other such thing. I could send out assignments, handouts, etc on email and not have to print the damn things on dead trees. Having free email at work would be a huge bonus to us, be much cheaper than getting each kid a hosted account, and be safe considering the machines are all set up with pretty good antivirus software that is updated all the time.

As for lusers (sic) downloading virus files, well, that's going to happen regardless and we ought to be proactive (plan for these things) than reactive (ooo, no more email for you!).

Hotkey sequence

[sdxxx]

From the FAQ [spectorsoft.com]:

11. So, if eBlaster does not show up anywhere, how do I get into it?

... if you do need to open eBlaster to change some settings, you simply type a Hotkey combination, which is 3 keys pressed simultaneously followed by a fourth key. (Nobody would ever accidentally type those 4 keys, so they won't accidentally discover eBlaster is present.)...

So does anybody know what those four keys are?

Re:To be honest

[photon317]

Search perlmonks.org for Tilly's article on the subject a while back. It appears that by most states' labor laws, if you are an exempt, salaried, full-time professional - the company does in fact own all of your output, even when you're not at work, and they don't need a special contract to get these rights. If you work as unix sysadmin, and you develop and patent a new lawn sprinkler on your own time on the weekends, they can take your patent away from you. They certainly in this light own your output during work hours, which means they very well can try to enforce that you don't do things like use hotmail.

Re:Ooh, goody...

[Mr. Slippery]

you are free to either a) ask for more money so that you are content with your job or b) quit and go find another place of employment that does a better job of providing for your interests.

In theory, yes; in practice, rarely. When wealth and power are concentrated under the control of a few, the rest of us end up with little choice.

Or i suppose if your just anti-capitalist in general you could do c) go buy a cabin in the mountains somewhere and live as a hermit for the rest of your life.

Why in the world do you associate opposition to a fundamentaly broken system with a desire to be a hermit?

Re:blocked at work

[Anonymous Coward]

Still another possibility is to not use web-based email. Instead, ssh into your own offiste systems (e.g. at home), and handle all email transactions there. The company certainly has the choice of blocking this sort of access entirely, but due to the DMCA (:-P) doesn't seem to have the legal option of intercepting it (IANAL, etc.).

Re:To be honest

[voncheesebiscuit]

I only wish I could mod this higher, very well said.

The unforunate thing is, a mutually loyal company/employee relationship is better for all parties, but its so often an "all take and no give" relationship by my employer that I get fed up and end up with the completely mercenary attitude.

I'd probably get more done if I thought my company cared about me, but once they make the choice to treat me as nothing more than a resource, my morale declines and so does my efficiency.

Possible abuses

[necrognome]

I can only imagine the mischievous ends the following can be put to (from the FAQ [spectorsoft.com]):

18. I do not have physical access to the PC I wish to monitor. Does
eBlaster support remote installation?

If you purchase the eBlaster Remote Install Add-On, you may be able to send the program installation file to another email address.

Assuming that the receiving email client will allow the receipt of a .EXE file attachment and that the user opening the email clicks on the file attachment, then eBlaster will automatically install itself on that computer. Once installed on the remote computer, eBlaster will send recordings from that computer to your email address.

VERY IMPORTANT: You MUST be the owner of the computer to which you are remotely installing eBlaster. If you are NOT the owner, or have not received permission from the owner to install eBlaster on that computer, you could be in violation of state or local law by monitoring the activities of property that does not belong to you.

For more details on whether the eBlaster Remote Install Add-On is right for you, click here.

Re:Hmmm....phone home E.T.

[Anonymous Coward]

Knoppix, DemoLinux, DyneBolic or any number of other bootable CD or floppy-based distros and a modem are dandy workarounds if your BIOS isn't password protected. The addition of an appropriate Windoze screen cap as wallpaper would complete the BOFH simulation of work for passers-by. :)