Slashdot Mirror
Instant Message, Instant Transcript
shams42 writes: "Although the internet has been far from private for some time now, it seems that public awareness and concern over this issue is mounting. This article at CNN discusses the issue of companies monitoring instant messages for cyberslacking or leaking company secrets. There is also the possibility of them being included as evidence in court cases."
Trillian has support for encryption. I believe that they call it SecureIM. Now I can't attest to its strength, but it sure seems like it would be better than plaintext being sent over the net.
Actually we use Lotus Sametime in our company quite a lot for instant messaging.
Being a multi-national company, without this we would be spending a lot of money on international phone calls (although I believe we are looking at VOIP for this too)
It also allows you to share your desktop so you can collaborate on a document. Sometimes we use a combination of the instant messenger and the phone for this.
You can also see if the person you are trying to reach is at their desk before you try to reach them.
It is less intrusive than a phone call and more immediate than email.
If my call is important, why am I talking to a recording?
Generally slackers will abuse IM just like they will abuse 'free' phone calls -- to stay in touch with friends and family, make plans to go out after work, or just idle chat.
It can be difficult to implement a technical ban on instant messaging, webmail, etc. There are two many different services using different protocols and different servers to easily create firewall or filter rules to block them all.
AOL Instant Messenger is an interesting example. The AIM client is very persistent in trying to establish connectivity with their servers. First it tries the 'official' OSCAR protocol on port 5190, but if that fails, it tries a high port, and also FTP, SSL, and other protocols that many firewalls permit unrestricted outbound client access.
I do not deploy Linux. Ever.
At my school we are about to setup Imagecast 4.6 by Storagesoft. We already use it to deploy hard drive images of all our computers (greatest product ever and it smokes Ghost), but no we're looking at deploying their small management console. It does all the usual like allow us to send messages to computers, shut them down and all that good stuff, but now it comes with VNC built in so from our server we can monitor the screen of any computer. This isn't even the the products real use. Just a side feature. Just think what real snooping client/server apps are up to.
-Tim
www.newtechhigh.org
Tim Smith - Ramblings from Nerd Land
Yes, but there's a large difference between ICQing a coworker to ask about a business-related issue and jabbering with your buddies on AIM for hours on end. One is a perfectly valid activity while working. The other is slacking off, and will probably get you in trouble. The solution is to avoid the second activity. Do you really care if your employer is recording the IM you sent to Joe down the hall asking if he knew the correct syntax for some obscure Perl command, or when the next meeting was scheduled for?
The company I work for, for instance, uses an internal ICQ server and the corporate ICQ client for interoffice IM, and doesn't allow any other IM clients. This lets people communicate internally without a problem, but keeps them from wasting time on idle chats with outside friends.
DennyK
just b/c you encrypt your convo's does NOT mean you will not get in trouble for what you say.
.02
I seriously suggest that anyone who IMs at work should stop. If you know your company monitors email, etc, I could only imagine that you encrypting your sessions would raise their suspicions even higher.
If you are that worried that you feel you should have to encrypt, you probably shouldn't be doing it at all.
Just my worthless
I would think that tunnelling via SSH would solve most of the problems.
I currently SSH tunnel for IRC, but for IM related software, I can't seem to SSH tunnel and get the relevant ports forwarded.
Anyone have a good idea for doing this?
But I'd think that my IRC connections are rather well encrypted.
The famous workplace, where your freedom is checked at the door.
For people so concerned with freedom, it is astonishing that the entirety of a person's basic rights are handed over like a movie ticket once the workday begins.
And to top it all off, everyone DEFENDS this by saying, "well, they sign your paycheck."
Newsflash: signing a paycheck != control someone's life.
Here are people who tell you what to do 40, 50, 60 hours a week. What time to sleep. How long to spend eating. What kind of house you can buy. Where you must live. What to say. How to dress. How many phone calls to make. What web sites to visit. And so on. It's worse than grade school. If you don't like it, you're "downsized."
Personal life is not to interfere in the workday. No personal activities of any kind are to be conducted at work, unless you're a manager and you have kids. Then you can "take the afternoon off" or leave early on Friday any time you feel like it. All time off is given begrudgingly, even if it is pre-approved.
Now they'll just help themselves to every word typed or spoken during the workday. Excuse me, but why is the workplace exempt from a person's inalienable rights? Why are companies allowed to treat people this way? Why is a paycheck carte blanche to control someone's life?
If it isn't company business, PAYCHECK OR NOT, it isn't company business. Period. People should be given the freedom to be people before corporate drones.
There are several programs that encrypt instant messages. For example, see Simp which is an open source IM program using Blowfish to encrypt all communications. You can download it and recompile it yourself to extend the key bitlength.
This may sound strange, but if a company is recording your chat sessions, instant messages, or e-mail communications, you can sue them for copyright infringement.
:-)
Sure, it would get all the merit of some of the recent patent lawsuits, but it's perfectly legal. At work, you have no expectation of privacy and often you even explicitly waive these rights by AUPs, as others have mentioned, so you have no legal high ground.
However of all the AUPs I have seen, none mention the property transfer of your communications, which are effectively your thoughts and are unique to you. This is called your "likeness". You are expressing it in your messages and chat transcripts, and by your employer snooping on you and storing records, they are effectively "copying" your copyrighted material, which you can claim copyright to.
Unless you're in a contract situation, the only works your company owns are those, which it has commissioned. Despite popular belief, it doesn't own everything you do at work -- only the work from your assigned tasks/projects/whatever.
I am no legal expert by any means, but at lunch with a lawyer friend I brought this issue up, and he said if he had a client in this situation he would have whatever logs found non-admissible due to copyright infringement. He then told me about likeness and how it can be used against an employer and possibly even to be on the plaintiff side of a suit. I found it interesting he would challenge this privacy issue from this interesting angle.
I guess you're best actually doing work while at work. If you must have security, use the various methods of encryption. Don't be stupid.
"I'll just chip in a bit for RedHat: I actually have that installed on my university machine." - Linus, '95
In the late 1990s companies started to monitor their employees' electronic mail, in case anyone was not working, or was not towing te corporate line.
Then they started to watch where people surfed. After all, employees were not executives, they could not be trusted.
In 2002 they started to monitor Instant Messages and to log them all.
In 2004 software to trnascribe telephone calls became common, and these too were logged.
By the end of 2010 and the unbiquity of the thought transponder, the slavery of the employee was complete, and all human spirit was destroyed in the never-ending quests for profit and longer golf sessions.
All employees dressed identically, lived in identical houses with identical husbands, and wore identical corporate socks.
Is this the future we want?
How do we tell the corporate world that life is about people, not profit? The joy of sharing, of living in a community, of being alive, that is what matters. Take off those corporate socks and be free!
(is your postal mail is being monitored too? did you have rights, once?)
It's easy to say, this seems reasonable. It's hard to take a stand for what seems right. Do it anyway.
--
Live barefoot!
free engravings/woodcuts
No one at work is going to be setting up elaborate forwarding systems for man-in-the-middle attacks.
You run into the script-kiddie fallacy here. Nobody is going to go to all the effort to find out what services I'm running on my machine, then look up all the possible exploits on the internet and patiently try each one. Of course not, they're going to download a script kiddie tool that scans entire netblocks and systematically tries all known exploits.
Similarly, companies are going to install 'snoop plugin for NT-firewall/proxy', and automatically snoop. I doubt they wrote the firewall modules they're currently using to snoop IM's, and installing a 'SSL proxy' doesn't take any more effort, just one unscrupulous software developer to produce and sell the plugin.
Of course nobody will bother unless there's enough people using the protocol you're using to sell that plugin - so find an unknown protocol and you'll be (relatively) safe.
My father used to tell me stories of when he was stationed in WWII in the Aleutian Islands, preparing as a SeaBee for the invasion of Japan. One of the stories that continued to amaze him was the deployment of Native Americans to handle communications, now populary referred to as Code Talkers.
... if it just wouldn't be too expensive if we not only encrypted our transmissions, but perhaps had an IRC in which we could roll our own dialects via tools like Bison in which only you, and your buddy on the other end would possess the necessary grammar file.
... but perhaps the process would become so expensive that they'll just move onto hammering the putz down the hall who continues to spew open text.
Not only did they transmit messages in code, but they added a nice little touch, all transmissions were forwarded in their native dialects. Both my father and I would chortle at the prostpect of some enemy intercept trying to figure out Cherokee.
It makes me wonder, especially when you consider the costs of snooping everone's transmissions
Sure, I'm sure the employer and their lawyers could still crack it
healyourchurchwebsite.com - WWJB?
Our company's policy is as follows:
1) the computers and networks are company assets
2) company intends for employees to use computers and networks for company business
3) company may review or monitor any activity on the company's computers and networks.
So don't do non-business stuff at work. What's so hard about that?
"What about your instant messages being logged by companies who will then in turn use your information to make a profit"
they can as they legally own anything you do, write or say on company equipment in company time (it's been proven - do a websearch on the subject)
"Personal data can be stored and later used for blackmail"
What ARE you doing at work and who do you work for - what company would actually do this.
I refuse to argue with Anonymous Cowards - if you want a discussion get an account....
Well, you sound as fun as a barrel of monkeys.
You are also misinformed and/or close-minded about IM having legitimate uses.
For your information, I've been at a client that REQUIRED it's people to sign up with AIM, and put on the company buddy list - there were two offices, and also a deaf programmer. Everyone having AIM greatly facilitated the work processes.
The client I'm at now also has some part-time contractors that I can get quicker responses out of on IM than I would on the phone.
Saying IM has no place in the workplace is about as forward-thinking as someone in the 80's saying email has no business purpose.
And I'd rather starve than work for a company like yours. When people are fretting over things like "company policy" and dress codes and spying on their employees it either shows that they are gasping their last breath of desperation to keep their heads above water, or else it shows that they are incompetent tyrannical jackasses with not a clue about how real management is done. Neither one is a professional environment.
Thanks for your input, though.
Companys pay employees to work and provide a certain function, they *DO NOT* own them. This was discussed on Slashdot a few weeks back.
The discussion a few weeks back was about work created outside the office. If it's related to your job, or it's done on company time, chances are it's owned by your company.
If I hire you to paint my house, and you instead work on a product that ends up selling millions, I would have no claim to that product.
That's not an employer-employee relationship, thus it's subject to different rules.
Contractors by default have their works owned by them. Employees by default have their works owned by their employer.
... and the stalls, and the seats, but I sure hope you don't think they can/should install webcams there, for the sole purpose of monitoring excessive bathroom breaks, of course.