Slashdot Mirror

← Back to Stories (view on slashdot.org)

Instant Message, Instant Transcript

Posted by timothy on from the better-part-of-valor dept.

shams42 writes: "Although the internet has been far from private for some time now, it seems that public awareness and concern over this issue is mounting. This article at CNN discusses the issue of companies monitoring instant messages for cyberslacking or leaking company secrets. There is also the possibility of them being included as evidence in court cases."

20 of 330 comments (clear)

  1. Jabber + SSL by finkployd · · Score: 4, Insightful

    Jabber over SSL would solve this problem.

    Finkployd

    1. Re:Jabber + SSL by Anonymous Coward · · Score: 1, Insightful

      "but now it comes with VNC built in so from our server we can monitor the screen of any computer."

      This could sort of be like a house of mirrors. The watcher watching the watched watch the watcher. Or better yet, what happens when the student gets caught observing the principal perusing pr()n.

    2. Re:Jabber + SSL by Anonymous Coward · · Score: 1, Insightful

      The Trillian client also has built-in encryption which works with other ppl using trillian clients.

      But I trust in freeS/WAN and irc, it's still the best :)

    3. Re:Jabber + SSL by Fulcrum+of+Evil · · Score: 2, Insightful

      That may get you in trouble with IT - they usually take a dim view of users reinstalling their workstations.

      --
      "We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
  2. Re:The simplest thing to do... by finkployd · · Score: 2, Insightful

    That is fine, except all of the messages go over the network in cleartext.

    Finkployd

  3. This kind of boss gets his own punishment by Provincialist · · Score: 3, Insightful
    I can see why a financial firm might decide it needs something like this, but in general if this sort of system is used in your workplace it's a symptom of far worse problems. If anyone, let alone a high-level manager or IT director, has the time to be concerned about, and then set up a monitoring system for, instant messaging, then the company is not receiving an adequate return on his salary. This monitoring software is the sort of ridiculous waste of resources for which any manager should be called on the carpet. As scores of others will observe, it is easily circumvented through client-side encryption. Companies that hire managers simultaneously so anal and so clueless are hauling around a lot of dead weight.

    Hopefully within a couple of years we'll get the cheerful news that these monitoring companies have gone belly-up.

    later,
    Jess

    --
    I am programmed for etiquette, not destruction!
    1. Re:This kind of boss gets his own punishment by Provincialist · · Score: 2, Insightful
      There is a skill called management, at which a small number of managers have attained proficiency, and that would entail having some idea what one's reports are doing. I don't mean knowing what they are doing every minute, but rather knowing that this week's tasks are being completed at an acceptable rate. Any employee who is worth access to a computer and all the costs that entails is capable of managing his time at least to the hour, or if not will quickly be found out without such a system.

      This system is a crutch, plain and simple. Effective managers "accept" an amazing number of things, so long as the job gets done.

      later,
      Jess

      --
      I am programmed for etiquette, not destruction!
  4. Companies have AUPs for a reason by Zeddicus_Z · · Score: 4, Insightful

    People think Instant Messages are like phone conversations - no record is kept, they can say pretty much what they like. People used to think the same about Corporate email too.

    Nearly every company today has an Internet Acceptable Use Policy. Said policy covers allowed surfing habits (work related only, etc), as well as appropriate email useage (no sexist jokes, spamming of jokes). Once companies realise that IM traffic is essentially the same as email, they will need to incorporate policy on usage into their existing AUP.

    Naturally there's privacy concerns here. People don't like their every word and action at work scruitinized. However, as Pamela Housley (director of compliance at Thomas Weisel Partners investment banking firm) said in the CNN article,'It's just easier to archive it all. I don't have the manpower to have somebody look at this all day long.' This will hold true in most cases.

    Most companies already archive all email sent/received by work accounts as a matter of course. However, that's not to say people actually read all those emails. They're there with the sole intent of keeping a record to cover the company's ass if something goes wrong - such as a client accusing an employee of doing something they were not asked to do. If said employee can turn around and say 'I was asked to do it via email, and HERE IT IS!', the company is fine.

    Face it - IM traffic sent/received at work will end up being logged as a matter of course. It has to if companies want to keep themselves out of a legal quagmire. However, just because your communication via IM is logged, doesn't mean someone is going to actually violate your privacy by reading it. In fact, most AUPs specifically prohibit the reading of another's work communications without the proper authorisation.

    Keep in mind that you're using work assets. Keep in mind that you can, and will, be held responsible for abuse of said assets. Stick to the AUP, and everything will be rosy.

    --
    Janie took my gun...
  5. IM Use at Work by Renraku · · Score: 2, Insightful

    IM use at work should be monitored only if sensitive information could possibly get out through that route. But if you're going to monitor IMs, why not monitor email, phone usage, have searches upon arival and leaving, and so on? I used AIM when I had a job to communicate and plan stuff mostly, of course I used it for friendly chatting as well, but tech supporting is autonomous to me.

    --
    Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
  6. Re:simple solution by Nonesuch · · Score: 5, Insightful
    IMHO, a 'good employer' does not bother to look unless the employee causes some other problem. The one case I had dealt with was related to using IRC from the office, and the abuser was fired that same day.

    I've not heard of an employer that monitors Port 22, and even if they did, it's encrypted so they can't pick up what you said.
    Every corporate site I have been at, will block port 22 outbound.
    Best program for this is PuTTY (assuming you use NT at work)
    If your employer is nosy enough to be sniffing your IM sessions, they are probably also nosy enough to install LanDesk and/or other software on the desktop for remote screen viewing, keystroke logging, etc.
    The whole thing assumes you are using *n?x at home and can run an SSH daemon on it.
    People that clueful generally have better things to do with their time than instant messaging.

    (Says the guy posting to slashdot in the middle of the night)

    --

    I do not deploy Linux. Ever.
  7. Re:Why? by koekepeer · · Score: 1, Insightful

    > The other is slacking off, and will probably get
    > you in trouble.

    which is plain silly if you ask me. "slacking off" can be just the thing that makes you more relaxed during your workday, and being more relaxed makes it easier to perform well when you actually have to do something.

    i don't understand that a lot of managers still seem to think that the best way to increase efficiency is to shorten any "idle" time, and seem view the worker as a machine-like entity.

  8. I still don't get this.... by Peridriga · · Score: 5, Insightful

    Privacy at the work place...

    You are in a building that you don't own..
    You are sitting in a chair that you don't own
    You are using a computer that you don't own
    You are using a network that you don't own
    You are using bandwidth that you don't own

    Why do you have any expectation of privacy?

    It's simply a given.... If I am talking on my cell phone in the middle of the IT department I have no expectation of privacy...
    If I am 'yelling' my conversations over the network why do I have expectation of privacy...

    If I want to chat personally or sell company secrets I will do it at my home where I DO have privacy... But, not at work

    1. Re:I still don't get this.... by The+Cat · · Score: 5, Insightful

      Why do you have any expectation of privacy?

      Because you're a human being with human rights. One of those rights is freedom of speech, and part of that freedom is the ability to control when, where and to whom to speak. The speech is what should be protected, not the company's stupid network.

      If they don't want to hire people, fine. Let them buy an M$ wizzzzzzzard to set up their databases and sit in meetings. But if they want hard-working, knowledgeable, imaginative people, then they are going to have to accept the fact that they are HUMAN BEINGS, not machines.

      Just because you're in a "building you don't own" doesn't mean you have to hand over control of your entire life to some middle-manager.

      People are people FIRST, then "employees." This "the company rules the universe" routine is getting REALLY fatiguing.

    2. Re:I still don't get this.... by The+Cat · · Score: 3, Insightful

      But these "contracts" are almost never written. They are decrees delivered from the raised dais of management, usually in the form of a memo.

      To expect to isolate someone from all "personal" conversations during the work day is an unjust exercise of control, basically for the sake of control. It really has next to nothing to do with the company or the work.

      It certainly doesn't give the employer the right to the contents of that conversation.

      For most of the people in this country, a job is a necessity. To withhold necessities from people in exchange for their abdication of their inalienable (an important word) rights is to offend those rights to the point of denying them altogether.

      No person, employer or otherwise, should be empowered, either by necessity or choice, to deny the basic rights of another person.

  9. Re:Why would a company NOT ban IM? by York+the+Mysterious · · Score: 2, Insightful

    Tip for blocking AIM on Windows. Deploy all your computers with login.oscar.com in the hostfile and have it point to 127.0.0.1. This is what I have done for my school and it pretty much kills AIM. That or make a static entry in your DNS server that points to some bogus address. There's way to deal with AOL. It is quite good at getting past firewalls, but there are still ways...

    --

    Tim Smith - Ramblings from Nerd Land
  10. Re:simple solution by bmetz · · Score: 3, Insightful

    I work for a very large computer company and I know for a fact they don't block ssh. I think that if you go to the big computer companies they know their employees are very adept at these things. I could tunnel SSH through DNS if I needed to -- so why even bother getting in my way.

    Also, I don't know how the we're-too-cool-for-IM crowd is doing things but in MY software team our internal IM client is very essential for development collaboration. Unless you live in your own little world never speaking to anyone it's a very major tool for tracking people down to ask questions/fix bugs/etc.

    --
    What did you eat today? http://www.atetoday.com/
  11. Re:Why? by The+Cat · · Score: 3, Insightful

    No. Mainly because nine times out of ten, management hasn't the foggiest idea what is going on from day to day. Oh sure, every once in a while there's some frantically organized flailing "initiative" complete with an announcement at an all-hands meeting, but by and large, management doesn't understand a single detail of the work in most companies.

    Then everyone gets laid off. Welcome to the workplace.

  12. Re:simple solution by Stiletto · · Score: 4, Insightful


    That's a slippery slope...

    You might expect employees to clock in in the morning, think and do nothing but work, have no stray thoughts, don't get up to eat, drink, or talk, and then clock out at night, without any second wasted... It's called a robot. Look in to hiring one instead of a human being.

    I don't think I've ever met a collegue that could perform up to that standard.

    You need distractions every once in a while to maintain your creativity.

  13. Re:First email, then URLs, then IMs... by Cid+Highwind · · Score: 2, Insightful

    As long as people buy into the modern advertising myth that happiness is found in the neverending pursuit of More Stuff(tm) they will be slaves to the corporate whim.

    --
    0 1 - just my two bits
  14. Re:Ah yes by ryanvm · · Score: 5, Insightful

    If it isn't company business, PAYCHECK OR NOT, it isn't company business. Period. People should be given the freedom to be people before corporate drones.

    Who are you, Bodhi from Point Blank?

    No one forces you to take a job. When you do, you engage in a contract with your employer. It says I will provide X amount of hours of labor for X amount of wages. If you are fucking off chatting with your warez buddies on AIM, than you are not fulfilling your end of the bargain. You are ripping off your employer. Period.

    If I pay someone to dig holes for me for 1 hour, then I am entitled stand beside him and make sure he digs for that hour. Even moreso if he's using my shovel. Why do you think that because you work with computer equipment that you are special? It's the same thing.

    Excuse me, but why is the workplace exempt from a person's inalienable rights?

    I don't think you understand. You do not have an inalienable right to use other people's equipment to chat on the Internet. If you want to do that - do it at home, where you pay for it.