Slashdot Mirror

← Back to Stories (view on slashdot.org)

Web-Based E-mail Isn't Safe From Corporate Eyes

Posted by timothy on from the just-so-you're-clear-on-that dept.

Ant points to this CNET story, a snippet from which reads thus: "[S]ecurity experts say many employees would be surprised to know that Web-based email services also offer little privacy. Messages sent via a Yahoo or Hotmail account, or through instant messaging products, such as ICQ or America Online's Instant Messenger (AIM), are just as accessible to nosy employers." I know some people who this ought to make nervous;)

6 of 212 comments (clear)

  1. The CEO's wife by xant · · Score: 4

    That's why, when I send my love letters messages to the CEO's wife, I wait until my boss goes to lunch and use his computer. And sign it with his name.
    --

    --
    It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
  2. Serves them right by lkaos · · Score: 4

    I work in as a consultant for the government and it pisses me off to see so many employees goofing off at work. If people did what they are supposed to do, then the government wouldn't need to hire consultants. It doesn't bother me that people read personal email but people will spend all their time online and NOT get their work done. It just really pisses me off.

    --
    int func(int a);
    func((b += 3, b));
  3. Re:Not really . . .. by darf · · Score: 5

    I'll assume by your post that you are in a university environment. Well I'll tell you that the corporate world is very different.

    For starters, many, many companies still use hubs for their networking. If you are plugged into a hub then you can hear anything on your subnet. I have personally worked with small to medium sized companies, with tens to thousands of users, who still link end stations to the LAN with hubs. In these cases snooping by the boss is actually less of a threat than your neighbor running an SMB sniffer and cracking your clever M$ password of "password".

    Second, with the proliferation of intrusion detection system it is becoming less and less possible for your traffic to not be examined. Large organization use IDS not only on their Internet connections, but on their internal networks as well. This is because a majority of security viloations occur on the inside of a network. By definition, an IDS system must hear everything that happens on a segment it is to protect.

    Third, bosses may not be technically capable of setting up a sniffer, but they are very aware that the opportunity exists. They will order the use of sniffing technology if they believe that they must use it to accomplish something. In practice, they will only do this if there is a significant reason to do so because of legal liability.

    Fourth, something like 60% of US companies actively monitor their employee's use of Internet resources. They may not look at each payload, but if you are spending 50% of your day going to Hotmail with your browser, chances are that they already know about it.

    Remember that in the US the current opinion is that if you are using a company's computer then the company owns the data input into or produced from that computer. If you are doing something that might be a no-no, you'd better not do it.

  4. The ineptitude of management by Ergo2000 · · Score: 5
    An open letter to managers the world over

    Any management that thinks auditing is an effective way of encouraging good work ethics is insane and grossly inept and should be fireed immediately. Any manager that sees low productivity or low morale and thinks the solution is to start snooping on employee activities should give up and become a basket weaver. I am not kidding.

    The only true measure of an employees worthiness is output and nothing but. This is a very important concept as we move to more telecommuting/contract type employment anyways (and boy will the lines get blurry when employers are monitoring employees in their own home). The vast majority of us in this business get paid by salary, not by punching a card in a clock, and while there are some general expectations regarding hours, generally the salary structure is based upon perforance not time. For our salary we are expected to contribute a certain amount of worth to the company versus the salary that we are receiving. If an employee doesn't contribute that worth then firstly examine the management structure and corporate supports to determine if they are the problem, and if not FIRE THEM. That is the only way to manage effectively in the information age. If you've got some company outcast sitting in a room packet scanning whether someone is using hotmail then you've got your priorities totally messed up : There are a million ways of wasting away time and if you think you're creating a super efficient workplace by totalitarianistic network policies then you are completely ignorant of the real world.

    If you have a worker that you think might be dicking away a lot of time simply set goals and performance requirements and you should have a system in place that measures metrics (not keystrokes as that is worthless, but some other metric). Reward exceptional performance and punish under performance. The time an employee needs to accomplish that goals is irrelevant. Obviously if someone is sending offensive mail from a company email address that is poor judgement and should be punished, however if someone is sending emails to friends on Hotmail you really shouldn't give a shit if you have the performance metrics and good measurement systems. If you think you will improve the worthiness of your company by instituting superficial monitoring systems then you are will soon be out of a job as your company will be out of business.

    BTW : For the corporate outcasts that feel the supreme justice of being the one's "in charge" of monitoring employees : Firstly these systems are never unbiased -> It is usually targetted at whichever persons these losers feel a dislike towards recently. Secondly there is no justification based upon what I was saying above (except for a few positions which are more time based : i.e. answering phones). Pathetic claims about "company resources" and the like are ridiculous. Do you abscond from drinking lest you use the sacred company water pissing? Do you partake of company provided refreshments? Do you happily request a 14" monitor over a 19" because really netmon runs just as good at 800x600? If not then shut up : The "wear and tear" on a computer system for someone to visit hotmail is rather minimal and of minimal costs.

  5. Use hushmail by bradams · · Score: 5

    HushMail.com uses strong encryption end to end. It's the strongest web based email that i know of...

    --
    I like to build things and wire stuff together.
  6. If this surprises anyone... by meckardt · · Score: 5

    then they probably deserve what they get.

    If it goes over a company network, there is always the chance that the company can intercept it. Live with it.

    Do I let it worry me? Well, if the company wants to listen in to my IM conversation between my wife and myself, they are welcome to hear all about who's turn it is to pick up the kids, or who has to stay late. If they want to tap my email, they can read all they want about my opinions about some book, show, or event in some mailing list or other. I am very careful to not post anything that would be considered undesirable from work, and fairly careful to limit "ok" emails.

    You want to send inflammatory material? Do it from home.