Hotmail: Not Safe For Work? 583
silentknight writes "According to MSNBC, web-based e-mail providers such as Yahoo and Hotmail may not be a haven for your private e-mail anymore. At least not while you're at work. SpectorSoft is introducing eBlaster, which aims to "secretly forward all e-mail coming and going through such Web-based accounts to a spy's e-mail". Corporations will most likely argue that, because of sites like Internal Memos, companies need to keep a tighter grip on the information that flows in and out of their companies. But attempting to spying on private e-mail?? In the words of Homer J. Simpson: "Butt out, Buttinsky"."
eBlaster (Score:4, Funny)
Thanks, SpectorSoft.com! You've made my week!
To be honest (Score:5, Insightful)
Now this becomes a little tough because we aren't automatons and have lives outside of work that need tending to. However, to expect that what you do within the walls of your company is private is laughable.
Just assume that everything you do there is under surveillance. Heck, all your thoughts are already belong to them.
Re:To be honest (Score:5, Insightful)
That's highly culture specific. For example, most Asian companies usually do not insist that *whatever* you do on company time is teh company's. Heck, I did not even sign a contract to that effect.
Re:To be honest (Score:4, Interesting)
Search perlmonks.org for Tilly's article on the subject a while back. It appears that by most states' labor laws, if you are an exempt, salaried, full-time professional - the company does in fact own all of your output, even when you're not at work, and they don't need a special contract to get these rights. If you work as unix sysadmin, and you develop and patent a new lawn sprinkler on your own time on the weekends, they can take your patent away from you. They certainly in this light own your output during work hours, which means they very well can try to enforce that you don't do things like use hotmail.
Re:To be honest (Score:2, Interesting)
These types of solutions are needed by companies who make work so much like work for their employees. Instead those companies should foster an environment where the employees want to contribute, and not have to be forced to contribute.
Re:To be honest (Score:2, Interesting)
Is it worth it? [businessweek.com]
After all, you've already got them by the balls. You don't have to put up with low productivity.
Re:To be honest (Score:2, Funny)
I really feel sorry for whoever has the videos of me cracking one off in the toilets then...;-)
Re:To be honest (Score:2, Funny)
Re:To be honest (Score:5, Insightful)
Which is fine until you point out that the flip side of this is that you'll only work your contracted hours and never think about work outside of work hours.
If a company is going to totally restrict what you do during work hours then they shouldn't expect any favours back - especially when a better job comes along as you'll be the first out of the door.
It works both ways, they make your working conditions pleasant and you reward them with loyalty.
Re:To be honest (Score:5, Insightful)
Quite honestly, you should do that anyways. Company loyalty is a complete farce. Most companies treat people as "human resources" anyways, and in most companies your employment is "at will".
Quit giving your lives and your hearts and your souls to a company like that. You'll be much happier if you think of yourselves as mercenaries - do honest work for honest pay. If you think a management decision is stupid, as long as it's legal / ethical, then kick back and remember that they're paying you to work, they're not paying you to care. Example: Say some pointy haried boss wants you to implement a horrible User Interface. You know it's a bad idea, that it'll be clunky. GO AHEAD AND GIVE THE PHB WHAT HE/SHE WANTS! Let them deal with any consequences. If a company starts reading your private email, then quit. Find something else.
And this isn't a bad attitude. When you're at work, you should perform your duties to the best of your ability. However, when you're not at work, forget about work. And if someone offers you a better job, then TAKE IT. Start putting yourselves and your families over your jobs. Ultimately, your own self and your family is far more important then a company that's here today, gone tomorrow.
Look what company loyalty got employees at Enron and WorldCom.
Re:To be honest (Score:3, Funny)
But that's how most of us make up for the time we spend trolling around on slashdot
Re:To be honest (Score:5, Interesting)
Stuff that nonsense. This is exactly the kind of crappy mentality that made me become self-employed.
If my employer feels the need to treat me like a child, then I'll go work for someone else (which is what I have done, now I work for me). Stand up for yourselves people -- don't let your employers treat you like children! It's your
life!
Re:To be honest (Score:3, Insightful)
Backwards thinking again. If you don't like their rules, you should go work for someone else. If then can find another idiot that doesn't mind being treated like a kid then that's fine by me.
what about smoking crack on company time ? would u agree with that?
Erm. No. I wouldn't agree with that. I expect to be treated like an adult because I can act like an adult. If a company employs idiots and potheads then they deserve everything they get.
Re:To be honest (Score:2)
Yep, Jim Beam agrees that you should not be doing anything at work that is not 100% work-related:
http://abcnews.go.com/wire/Business/ap20020827_
Re:To be honest (Score:3, Insightful)
Yet, somehow I need to spend 9 hours a day at work simply because the phone might ring. I'd be happy to work if I had some. In fact, I actually request more work constantly. By all accounts I would be a model employee. Yet, when I have nothing to do I surf the web. I'm using company resources to do things other than my job.
So I guess that makes me a bad person.
*rolls eyes*
If I do my job appropriately and efficiently then the company should cut me some slack. I'm not wasting company time or resources if I have fulfilled my job duties. If I read a book at work would it be any different?
blocked at work (Score:5, Informative)
After this was done, all virus problems on the network dropped from one incident per 2 weeks to maybe 1 incident per 4 months.
As to the privacy issue, the easy solution is to NOT SEND PRIVATE E-MAIL FROM WORK (or at least use GnuPG or PGP!)
Re:blocked at work (Score:3, Funny)
The previous company I worked at did this as well. Pissed the hell out of me, since I could no longer get to my email and I prefer to not give out my work email out over the net to avoid the spam.
The really idiotic think is that they blocked sites like Sneakemail [sneakemail.com] too, which is just a redirector service.
I can understand the need to block webmail sites, since there are too many idiots out there, but at least be intelligent about what gets blocked.
Re:blocked at work? Roll your own (Score:2)
One day I'll drag the name of that webmail provider out of you!
Why do you need it?
Become your own webmail provider.
I use fetchmail to grab mail from remote sites. I also point the primary MX for my own domain to my home box. This consolidates most everything into one email address.
At that point, you can use imap(s) and horde/IMP [horde.org] to create your own webmail service... or just SSH in and start up your favorite mail program remotely. (I've even done it with Netscape/mozilla .. It's slow, but it works).
20MB max?? HA! how big is your /var partition?
The biggest problem I currently have is that, with Mozilla, the SSL Certs for my web server and imaps server collide. If I save the cert for one, the other claims that it's invalid.
Re:blocked at work (Score:5, Informative)
Of course, a truly persistent person or corporation can find a way to tap into any technology, given time and money.
Re:blocked at work (Score:3, Interesting)
As for lusers (sic) downloading virus files, well, that's going to happen regardless and we ought to be proactive (plan for these things) than reactive (ooo, no more email for you!).
Re:blocked at work (Score:2, Informative)
You are encrypting to send to someone else. No private key is required. If you really need one, generate a new key for work purposes.
farewell, slashdot, I knew ye well (Score:2)
I'm sure I won't be missed...
One word : (Score:5, Informative)
Won't work. (Score:2)
Two Words (Score:3, Funny)
Re:One word : (Score:2)
Make all changes retroactive, technology-wise (Score:4, Insightful)
How many people you think would be cool with their employer listening in on their personal phone calls, and opening all their personal mail that gets sent to the office?
Apply it to everything, and people will understand that this is an encroachment on what we currently have, not a reasonable measure for dealing with a newish technology.
Re:Make all changes retroactive, technology-wise (Score:4, Insightful)
In our employee handbooks, we reserve the right to monitor calls. We never have, but we can. We allow a few calls (lots of mothers in my office. Lots of calls to/from the office to make sure the kiddies got off the bus okay) which is no big deal. Same thing with... A million little things. People are more productive, like you say, if they don't have to stay at home to wait for a package, to order a repair of their appliance, etc. But some people abuse the privelage.
It's a balance that has to be struck. What seems to work is when we suspect someone of abusing the phone, we just remind them that we allow limited personal calls, and that we can monitor their calls to see if they are abusing the privelege. The offending behavior stops within hours:)
And to the naysayers who say 'ignore company loyalty'. I've got news for you: it's a chicken and egg problem. I'll extend loyalty. We've got employees working for us who were around in the Ford administration. Until they retired, there were a couple of employees who changed my diapers. They gave their loyalty. We reciprocated. Need 2 months off for back surgery and recovery? No problem. Hope you get better. We'll keep your chair warm for you. OTOH, you think we're only good for a paycheck? Well, screw you. When times get tight, you'll be first on the chopping block. We'll find a way to save the person who stayed late to finish up some work.
Loyalty works both ways. I think some of the children on slashdot forget that.
Re:Make all changes retroactive, technology-wise (Score:3, Insightful)
this can be monitored already (Score:3, Informative)
Our only hope is (Score:4, Interesting)
I mean, legally, I have to side with the companies. Their machines, their time, their liability. The can do what they want.
BUT...it does suck, and I'd hate to work for anyone that would think they needed to read my private mail. My only hope is that more and more people will leave companies that do that to work for smaller companies, or start their own, and that these smaller companies will begin to resist the temptation of corporate assimilation. I see it beginning to happen now, there are some fairly large, privately held consulting companies that foster a great atmosphere for their people. The more I see big companies doing things like this, the more hope I have that this renaissance of the small business will grow.
Re:Our only hope is (Score:2, Insightful)
Well, you get the idea. There are good reasons for the existince of fair practice standards in labor laws...
Heh (Score:4, Insightful)
Their network.
Their time.
Their money.
'nuff said.
Re:Heh (Score:5, Insightful)
1. Pay for all my work clothes.
2. Pay for my fuel expenses going to work.
3. Pay me for all the unpaid overtime spent in the office *and at home*.
4. Pay me rent for using my home as temporary office space (see item 3).
5. Pay my cable modem/DSL bill for VPN'ing over the weekends.
Re:Heh (Score:2)
1) You'd need clothes anyway. OK, maybe not if you live in a nudist colony, but what colony would take your average geek? If you need specific clothing for the job (i.e. uniform, safety gear, etc), the company SHOULD defer the cost somewhat, if not provide it for you.
2) You'd be free to walk, ride a bike, etc. at your discretion. Cost savings there. Maybe if you're lucky, the company would buy you a new pair of running shoes each year. Commuting is generally accepted as the cost of having a job.
3) I agree 100% on this one, but if a set-in-stone salary is a part of the negotiated contract, you're pretty much screwed. On the other hand, when labor rates dive into the toilet, a firm contract can be your benefit as well.
4) You'd have to live there anyway. If you needed special facilities to work from home (see response to #5 below), it would not be unreasonable to ask for cost deferrment, but having a house isn't required to have a job. (An address or residence, yes, but not a house/apartment. Hell, it's usually OK to have a PO Box as your primary address and live on the streets.)
5) Yes. If you are required to have DSL or cable to do work from home, the company should cover at least a portion of the bill.
However, the company's computers/network connection/etc exist solely for their corporate benefit. Just because there's a picnic table in the courtyard doesn't mean employees are permitted to spend all day sitting there BS'ing. Just because there's a water faucet on the building doesn't give me the right to fill up a large truck with water to fill my pool. The company has a right to control the usage of its resources. In the examples above, worker productivity and straight-out theft (respectively) are the situations at hand.
If your company doesn't compensate you for the things you mention (namely gas and clothes), those are expenses you need to consider when calculating your NET salary. "If I take a lower paying job that's 15 miles closer to home, is there a benefit?" is a good question to ask. Hell, maybe it's a tie for money, but the time regained from not being in traffic makes it worth the change to you.
Oh well... Again, I agree with the underlying sentiment, but some of the points are a bit unreasonable.
Rights vs brains (Score:5, Insightful)
There are two types of workers, those who WLL get the work done regardless of distractions and those who will NOT get the workdone even if placed in a locked room. Hire and trust good people! Big brother tactics just makes the productive people less productive and won't fix the duds.
Re:Heh (Score:5, Insightful)
Still think you don't deserve any privacy?
Re:Heh (Score:2)
Re:Heh (Score:5, Funny)
Re:Heh (Score:2)
Re:Heh (Score:2)
This isn't a war, with a whiteline in the middle with an us and a they. We are us, and its sheep thinking such as yours, devoid of any true analysis of the reality of the situation that does us a disservice and simply ensures apathy reigns supreme.
For that matter, can I bring in my own computer to work? Should they get to spy on that? Consider what you say carefully, because you sound like you're simply regurgitating a way of thinking that doesn't have to be a part of our lives if we dont want it to be.
Re:Heh (Score:2)
For that matter, can I bring in my own computer to work? Should they get to spy on that?
Given that the vast majority of all attacks and break ins of corporate networks are internal in nature rather than external, a company policy that you cannot use your own PC within the company network is valid. A company policy that you can bring your own PC in, but it has to be checked out by the desktop support and security admins before you can use it, and after that it has to conform to corporate PC standards, is all right. I see nothing at all wrong with that.
Run a keylogger or a sniffer against your personal PC that they allowed you to bring in? Only if they do it with all PC's in the network. If yours is being singled out, no.
I have done a bit of security consulting, mostly firewalls and intrusion detection, and in my mind sniffing hotmail or logging keystrokes is something you only do when you have a reasonable suspicion that they employee is breaking the rules. If the government were to do this to all hotmail and yahoo users on the assumption that terrorists use those services and that justifies their action the whole country would howl. I think monitoring employees across the board falls in the same category, not to mention it's a horrible waste of resources that could be focused on something else that is more productive and less controversial.
the system (Score:5, Insightful)
Your words could apply just as well to someone justifying plutocracy as the logical system of government for a nation -- the wealthy landowners get to make the decisions, because they literally own the country. Somehow, in these modern times, we've decided that that's just not acceptable anymore. Why do we still put up with it at work?
Re:Heh (Score:2)
I don't really buy the "the company can do whatever the hell they want" argument. There are certain recognized freedoms, such as freedom from sexual harassment, to which an employee is entitled. Certain of these freedoms extend into the arena of privacy. A company can't for example, monitor your personal telephone calls (Watkins v. L.M. Berry & Co., 704 F.2d 577, 583 (11th Cir. 1983). The basic point here is that if a company operates in such a way as to require your presence at a staffed facility, certain human provisions must be made for your occupation. Everything from exit marking to bathrooms and building codes revolve around this fundamental understanding. As evidenced in the above citation, this understanding extends, at least in part, to your privacy rights.
Therefore, a company's insistence upon intruding into your private communications can and should be resisted.
IANAL YMMV
Re:Heh (Score:2, Insightful)
Their computers wasting cycles without an employee using it.
Their network sitting idle without employees working.
Their time wasting without employees.
Their money not growing without employee talent.
You forgot that a business without an employee goes nowhere, and an employee is a person who deserves more respect than a little bit of bandwidth.
I'm a human being and deserve some respect - respect for life outside of work, respect for privacy, respect for talents. When they prefer to use iron fisted policies that treat me as a simple machine in the system, I no longer feel the need to respect their corporate secrets or work hard.
It's a pretty easy equation. Respect me and acknowlege I have a life, and I'll respect the company and want to help it grow.
I mean goddamn, I've worked shit jobs for rednecks who understood that treating employees like shit gets you nowhere.
They're welcome... (Score:5, Funny)
yes, they can do whatever they want (Score:2, Insightful)
Of course this article is quite irrelevant for slashdotters. We should have our certificates, machines we can VNC to, encrypting proxy servers, etc.
But, ironically, it'll probably be the arrival of widespread wireless (be it 3G, a mesh network of 802.11, etc.) that provides a little privacy. Imagine, if you want to send a private email, just change your Wireless connection to be your public ISP-type network, send your mail, and voila. You use your ISP's network instead of the corporate one. Both parties are happier.
Private e-mail ? (Score:2)
Likewise, the bandwidth I use is restricted to those activities necessary for me to carry out my duties.
I have specifically agreed to limit my use of thecomputer and network in this manner as a term of my
continued employment. Why would I expect any kind of privacy in this case?
Interested to know what people think about this.
Solution? (Score:5, Interesting)
So long as the employer doesn't mind you connecting to your home machine (and you can encrypt that connection, somehow), then what you do with it is your own business.
Of course, you can still paste memos over VNC/ssh, so this just defers the problem somewhat.
Bad management... (Score:2, Insightful)
Far more often than having your boss actually read your personal email every day, companies snoop to archive this sort of information so that if they need to they can review and use it later. This possibility for abuse in this regard is endless.
Great. (Score:2)
My present client simply blocks all web based mail sites at the firewall. So I just send whatever I want through their corporate email system. Even mail relating to my other clients or negotiations for other contracts. If I really need security, I'll use encryption or simply give them a call. If they don't like what they'r reading or how I'm using their email system, they can either provide me with access to my yahoo email account or bite me.
It's just like my house. Anyone can look through my windows. But I can't be responsible if they're horrified by what they see.
Make sure you don't use the phone either... (Score:3, Insightful)
Blocking or intercepting email is more or less the same as listening in on a phone conversation. Yes, I know this horse has been beaten to death here but it's still ridiculous.
If you're not allowed to make personal phone calls then I can understand them not allowing or even monitoring personal computing use but for communications, email should be a protected medium.
What gives you the right to privacy? (Score:2, Redundant)
There is no such thing as a "right to privacy" in the United States. Check out the Constitution and the Bill of Rights. You won't find find it along with other "rights" people say they have like, 'right to free health care', 'right to Social Security' and the often touted, 'right to party!!!'.
Re:What gives you the right to privacy? (Score:2, Insightful)
you missed something (Score:4, Informative)
Re:What gives you the right to privacy? (Score:2)
Yes, that keeps the police from walking into your house/searching your car, etc... without probable cause.
How does that apply in this instance? The hotmail account is mine, I signed up for it, I use it for personal reasons.
The fact that I access it electronically is besides the point. Would you want your employer to know what the contents of your bank account are just because you did a little online banking from work? How about the contents of your safe deposit box because you went there during lunch hours? Are they allowed to fire you for the contents of your car while its parked in their parking lot? (Ok, bad example, they probably could if you had explosives or naked pictures of the boss as a windshield sun shade) But how about the trunk?
What if you and some co-workers decide to play some network games after hours?
Companies usually reserve the right to terminate you for inappropriate behavior. Fine, thats their right. But I believe that I do have a right to privacy in this country and any company that intends to read my email had better tell me that they reserve the right to do it. That way at least I can make the choice of wether or not to work there.
Well done, but not needed. (Score:2, Interesting)
Why are you doing your personal matters on their network, computers, bandwidth?
At one of the offices I Admin, I have two terminals set up in the breakroom with access to the public email sites (yahoo, hotmail, various popular ISP's), and only from those IP's (on their own subnet /30) can they get to those sites. Those workstations are also locked down, but have games and other break related software on them. All the users know that they are monitored on the "business" network for the sites they browse and the communications they make. Everyone is content with this. There is the option to use the break room computers, and if they want to do it on their machine (yahoo, hotmail, etc) they just plain can't. (unless you ssh/telnet(sniffed)/rdp/ica/pc-any to another computer off the network.)
Re:Well done, but not needed. (Score:2)
Hotmail safe? What a joke. (Score:2, Interesting)
Stop that! (Score:2)
Slashdot isn't safe for work.
Stop. You! In the cubacle - stop reading. You're being logged and will be delt with. Soon.
-Your Loving Managment
You Bet Your Ass We Monitor! (Score:5, Interesting)
Blocking hotmail (Score:2)
I block all web-based e-mail from our proxy - like another poster said, it prevents users from downloading viruses. I work in the medical field and we have to protect patient data so there's also the added risk of someone sending confidential material out of the company through a webmail account without our ability to take corrective action because of the lack of proof. Originally, I had to block hotmail because MS Proxy Server used to crash whenever someone accessed Hotmail so our company policy was actually born out of protecting our proxy server.
Is hotmail selling my Email address? (Score:2)
They all seem to keep it in their hotmail and yahoo address books.
Is that the spam leak?
Re:Is hotmail selling my Email address? (Score:3, Insightful)
Many spammers just try random user names and hope they reach an inbox. And even if you open just one random spam with HTML 'phone come' code embedded in it, you are exposed and the spam starts rolling in.
Privacy is far from a right in the workplace (Score:2)
You send email via Outlook and your company's Exchange server. It's logged (or at least monitored), for legal reasons.
You Web-browse on your company Workstation during lunch. It's logged (or at least monitored), for legal (and HR) reasons.
You send IM traffic across the company network to an external friend via ICQ. It's logged (or at least monitored), for legal reasons.
You send email via Hotmail using a company Workstation, out a company NIC, across the company Cat5, through the company switches and routers, out the company gateway and upstream to you company's service provider. It's logged (or at least monitored) for legal reasons.
Personal use of company assets on company time. Unless you have an absoultely rockin' Acceptable Usage Policy (from the employee's point of view), you're "up shit creek without a paddle".
You can bitch and moan about this kind of thing all you want, but it comes down to one thing. Is use of Web-based mail against the AUP policy you signed when you commenced work? If it is, and you do it anyway, you're screwed.
Sheesh, you'd think it was rocket science or something...
Internal Memos Website (Score:4, Funny)
Man, that site is hilarious! You can't make stuff like this up [internalmemos.com] :-)
Re:Internal Memos Website (Score:2)
For those looking for a ssh client in windows (Score:2)
I just use ssh (Score:2)
I ssh into that and use pine while at work, and then when I am home I use pop3 to yank it down.
this has worked well for me and I'm gonna stick to it. it isn't free like hotmail, doesn't have a slick web interface... or at least a web interface - but I like it well enough.
(it is like free to me because I would have this account whether I were using the e-mail or not)
In the famous words of thousands upon thousands (Score:3)
I know that Slashdot tends to be anti-MS... (Score:2)
Additionally, that e-Blaster software even traps and logs the keystrokes of the workstation: not even SSH or any other software that requires typing your password will help you here. If you're using your company's computer, and you are subject to their rules. ***END OF THE STORY***
Good and Bad (Score:5, Interesting)
It turns out she was using a Yahoo e-mail account to send CAD files of complete circuits to her "ex" boyfriend at a competitor. She was doing this from computers at work, and yes she had authorization to access the CAD files in her job.
Because we were able to monitor the activity, the company knew what/when/where the files went. She was fired for cause and we contacted the competitor and waved the evidence. They had little choice but to fire the person on the other end and we watched them close to see if they introduced any "new" products over the next year or so that were based off of our designs.
* * *
Fast forward to my new company -- a once major telecom giant -- they now block all webmail sites they can find via their firewalls.
Simple fix? Squid proxy on your home computer running on port 443 (HTTPS) and requiring a username/password.
Blocked freemail at school (Score:2)
Can anyone give a compelling reason why this should be firewalled or, better for me, a compelling argument as to why it need not be?
I wonder if the CEO reads personal email at work? (Score:4, Insightful)
Of course not! People that high in the organization would never use company time - or company computers, cars, or phones (or money!) - for personal use.
When they are on the golf course, it's not for fun, they are doing BUSINESS. You wouldn't expect them to do business like the rest of us, at a desk, would you?
This NEWS is nothing new, and really no big deal (Score:2, Insightful)
If you are at work, don't be stupid. Set up your own damn computer, and keep as as secure as you can. All you need is some night cleanup guy to install this tool on your pc, and you credit card and bank info is public knoledge.
Why on earth does this article center around Hotmail? who the fuck cares about webmail... this is a keylogger, and much more and is no way specific to hotmail.
The tone of the news item almost seemed like Hotmail.com were the ones forwarding the emails:)
--me
Free Webmail-over-SSL: mail2web.com (Score:3, Informative)
-Mark, unaffiliated with mail2web, but a happy user
lose /. access (Score:2)
The Mobile Phone (Score:2)
The same will happen with email pretty soon - you'll be mailing on your phone (text is already HUGE) and never need to use the email from your desk again.
Now - assuming its your phone, and not their phone, you can expect decent privacy (from your boss at least) on that.
Well Duh (Score:2)
Besides that point, all corporate email should be cryptographically signed and all sensitive email should be encrypted. Period.
Hotkey sequence (Score:4, Interesting)
11. So, if eBlaster does not show up anywhere, how do I get into it?
So does anybody know what those four keys are?
Windows only. Adaware?? (Score:2)
I wonder if Adaware will be updated to kill it. It should be a simple matter to find the dir and delete it tho.
This is why you encrypt your connections (Score:2)
Personally I try to SSH to my mail servers when I need to.
Just remember though. If you are going to rely on SSL to protect your e-mail. Don't use IE (since it would be easy for a company to put a Man in the Middle attack on your IE). Use Mozilla or Something that does SSL properly.
With this, no help to encrypt your connections! (Score:3, Informative)
Encrypted communications will not help here, as the software is a "trojan" installed on your PC, logs every keystroke, and intercepts content of email after it has been decrypted.
Basically, if you cannot trust the PC that you are running your HTTPS browser on, you should assume that the encryption is not giving you any protection against the owner of that PC, or anybody else who "0WNZ" that PC...
Personally, I bring my personal laptop to the office each day, run a local firewall on that laptop, connect it to the office LAN, and never install any company-provided binaries on that laptop.
The company provides a corporate-owned business desktop, and I use that machine solely for messages and network traffic that I would not have any problem with the helpdesk people reading -- since the corporate standard is to install LanDesk, I have to assume that the HelpDesk people can and do have access to anything on that machine.
Keep your business life as distinct from your personal life as you possibly can.
Examples of privacy at work (Score:4, Informative)
Contrary to the large contingent of "company can do whatever it wants on its property" boosters, there in fact seem to be all kinds of legal protections and privacy expectations established for workers in corporate offices.
The fascist model that says otherwise is not only frightening, it's untrue.
The full quote from the lawyer in the article (in reference to the 1986 Electronic Communications Privacy Act):
Spyware like that produced by SpectorSoft and competitor WinWhatWhere Corp. has not yet faced a definitive courtroom test. But David Sobel, general counsel of the Electronic Privacy Information Center, equated private Web-based e-mail account with an employee receiving a personal letter through the company mailroom. The contents of such a letter are protected by U.S. mail regulations.
"The question is: Is there a reasonable expectation of privacy? I would argue that if a company.com account is provided to me for company business, I can assume it might be subject to monitoring
Ain't Nobody's Business If You Do (Score:3, Insightful)
These sorts of issues are very similar to consensual crimes [mcwilliams.com] where the government wants to monitor what you do between consenting adults.
[from the FAQ] (Score:3, Informative)
Meeting with my boss... (Score:4, Funny)
"Mr. Wong, we've been monitoring your incoming hotmail and we can only assume you've spent hours of company time sending out hundreds of inquiries requesting information on how you can lengthen your penis by 3-4 inches with some kind of herbal supplement..."
backwards (Score:4, Funny)
So, they want to read my personal email but they don't want to read my ideas on how fix some corporate IT problems?
Perhaps I should put my suggestions in personal emails sent through Yahoo!, that way they might get some attention.
How is this different than a trojan? (Score:3, Insightful)
but that is not the
case.
Spector soft designed the software to periodicly register its serial number with there database. This way if the software is installed in one or more machines they disable your software. Sure a firewall would prevent this communication, but it should also prevent the program from working anyway. I also woant to know what level of trust would one place into a company that can then have total control of your system. Are all those emails marked 'confidential' being sent to the company president also being routed to some other location? In this case security is only as strong as this software company's security. Could someone not take over and then have instant access to hundreds of corporate zombies? Sorry, but I am not about to take that chance.
Attn Yahoo Users (Score:3, Insightful)
https://mail.yahoo.com
This won't stop them from tracking you, but at least your content will be private.
Re:Ok -- (Score:2)
BOFHs everywhere have been doing this for ages using proxy servers and/or ethernet sniffers. POP3, SMTP, IMAP and all those aren't safe either.
Re:Ok -- (Score:2)
If you're using Apache, just set up mod_ssl, and your webmail package shouldn't care if the connection is encrypted or not. The Web server handles that.
Re:Ok -- (Score:2)
I assume their product works by installing a global hook via SetWindowsHookEx(). They probably register to be notified of window messages pertaining to keyboard and drawing.
Sure enough, a google search of 'eblaster dll' turns up URLMKPL.DLL in the first hit. I'd like to dumpbin this DLL to see exactly what they call.
The point is that https: protects the links. It cannot protect the endpoints.
Re:it's their world... (Score:2)
No. Remember you're the one who says because its their PC and their bandwidth (which they can only afford by virtue of the work I do for them, so really, they are mine) that it goes by they're rules. And who's they? Oh yeah, us.
I think you'll have to support your point a little more. There isn't any reason why your point is intrinsically true, especially given that the PC and bandwidth can only be purchased because of the work I do. I'm not going to roll over just because some people mistakeningly equates the ownership of property with absolute power of their use, and doubly so in a corperate envioronment where the equippment has only been purchased because of the employees.
Re:it's their world... (Score:2)
If you want to use the company PC, and the company bandwith, even forgetting company time to forward your friggin' chain e-mails around, I think the company has a right to know about it.
If you want to slack off so bad, open a frigging book. Or bring a Gameboy, if that's too intellectual for you.
I'm not going to roll over just because some people mistakeningly equates the ownership of property with absolute power of their use.
That's funny. Especially in this situation, how is that a mistake?
Re:Ooh, goody... (Score:3, Insightful)
If an employee isn't pulling their weight, warn them and then fire them. It's as simple as that. I understand corporations getting a little annoyed by weenies forwarding internal emails (which is reprehensible and they should be punished), but most justifications are for pathetic, over the shoulder monitoring.
Re:Ooh, goody... (Score:4, Insightful)
When we (meaning the IT department at my company) monitors what users are doing, either on the internet, or anything else, they're not just doing it on company time...
They're doing it with company computers.
Re:Ooh, goody... (Score:2)
Re:Ooh, goody... (Score:2)
running own server = good
And the moral is: Read the links. (Score:2)
Essentially, it doesn't matter if you're using 183903248099041-but SSLv329780132 encryption between your computer and the mail system, because the monitor is ON YOUR COMPUTER and logs the email before it's encrypted.