Slashdot Mirror
Instant Message, Instant Transcript
shams42 writes: "Although the internet has been far from private for some time now, it seems that public awareness and concern over this issue is mounting. This article at CNN discusses the issue of companies monitoring instant messages for cyberslacking or leaking company secrets. There is also the possibility of them being included as evidence in court cases."
Jabber over SSL would solve this problem.
Finkployd
Ah, yet another story that makes me happy about my 50% purchase of CarrierPigeons.com!
------
Today's Top Deals
That is fine, except all of the messages go over the network in cleartext.
Finkployd
I really don't have to worry about this, since I'm the 'IT' guy at my company. hehehe
will spy on anyone if they think they can get away with it.
Video Game cheats, hints a
will screw off on the internet if they think they can get away with it.
will spy on the internet if they think they can get away with it.
I have nothing to allude to, and I am alluding to it.
Why would anyone be using any sort of instant messanger at work? I really am curious. Do these people have nothing better to be doing?
sic transit gloria mundi
Since the IM clients, as well as most other things you do at the office are so easy to monitor. I've always made it a personal policy not to discuss any thing over IM that I'd be embarassed to have to explain to a judge in court some day. And in case they were monitoring it I'd always add an "Hi Sysadmin, I know you are reading this" every once in while to my messages just to let them know I knew they were there ;)
Hopefully within a couple of years we'll get the cheerful news that these monitoring companies have gone belly-up.
later,
Jess
I am programmed for etiquette, not destruction!
The text-interface equivalent is 'tethereal', which provides realtime decoding of AIM messaging traffic, and supports logging raw packets to a file.
One of the most common ways for AIM to work through a firewall is by pretending to be a SSL connection to the AOL 'oscar' server, and tunnel through a HTTP/SSL proxy. But in reality, that session is still cleartext, easily intercepted.
I am not sure if any similar software currently exists for MSN, Yahoo or ICQ. IRC is trivial, and Jabber's XML doesn't take much to extract to human readable dumps.
Even Jabber's SSL support only offers minimal protection, as (despite repeated requests to have the feature added) none of the Jabber client software implementations include any checking of the server certificate, so all Jabber clients are vulnerable to 'man in the middle' attacks.
I do not deploy Linux. Ever.
Use SSH link to your PC at home to run text based IM client and/or web browser from your home address.
I've not heard of an employer that monitors Port 22, and even if they did, it's encrypted so they can't pick up what you said.
Best program for this is PuTTY (assuming you use NT at work)
The whole thing assumes you are using *n?x at home and can run an SSH daemon on it.
OF course best of all is to not shout from the rooftops what should be said in private.
If my call is important, why am I talking to a recording?
Trillian has support for encryption. I believe that they call it SecureIM. Now I can't attest to its strength, but it sure seems like it would be better than plaintext being sent over the net.
I don't who should be more ashamed, you or your employer.
I am programmed for etiquette, not destruction!
People think Instant Messages are like phone conversations - no record is kept, they can say pretty much what they like. People used to think the same about Corporate email too.
Nearly every company today has an Internet Acceptable Use Policy. Said policy covers allowed surfing habits (work related only, etc), as well as appropriate email useage (no sexist jokes, spamming of jokes). Once companies realise that IM traffic is essentially the same as email, they will need to incorporate policy on usage into their existing AUP.
Naturally there's privacy concerns here. People don't like their every word and action at work scruitinized. However, as Pamela Housley (director of compliance at Thomas Weisel Partners investment banking firm) said in the CNN article,'It's just easier to archive it all. I don't have the manpower to have somebody look at this all day long.' This will hold true in most cases.
Most companies already archive all email sent/received by work accounts as a matter of course. However, that's not to say people actually read all those emails. They're there with the sole intent of keeping a record to cover the company's ass if something goes wrong - such as a client accusing an employee of doing something they were not asked to do. If said employee can turn around and say 'I was asked to do it via email, and HERE IT IS!', the company is fine.
Face it - IM traffic sent/received at work will end up being logged as a matter of course. It has to if companies want to keep themselves out of a legal quagmire. However, just because your communication via IM is logged, doesn't mean someone is going to actually violate your privacy by reading it. In fact, most AUPs specifically prohibit the reading of another's work communications without the proper authorisation.
Keep in mind that you're using work assets. Keep in mind that you can, and will, be held responsible for abuse of said assets. Stick to the AUP, and everything will be rosy.
Janie took my gun...
Generally slackers will abuse IM just like they will abuse 'free' phone calls -- to stay in touch with friends and family, make plans to go out after work, or just idle chat.
It can be difficult to implement a technical ban on instant messaging, webmail, etc. There are two many different services using different protocols and different servers to easily create firewall or filter rules to block them all.
AOL Instant Messenger is an interesting example. The AIM client is very persistent in trying to establish connectivity with their servers. First it tries the 'official' OSCAR protocol on port 5190, but if that fails, it tries a high port, and also FTP, SSL, and other protocols that many firewalls permit unrestricted outbound client access.
I do not deploy Linux. Ever.
After every questionable comment you might make in a message just put ;-). Problem solved.
;-)
For real though, I really don't care if people see my IMs. 99% of it is just jibber-jabber anyway, so who cares.
If your are dumb enough to write messages like "My boss is an asshole" over IM, then that is your own fault if your get busted.
But you would be wrong.
The problem is that none of the Jabber clients implement the SSL protocol fully, and are vulnerable to 'man in the middle' attacks. They do not take the most basic precautions that you would find in any web browser (except Lynx, Lynx has this problem too).
I explained the vulnerability in a presentation at JabberCon 2001, and the client developers have still not taken the basic step of including some mechanism for validating the server certificate, much less added support for client certificates.
Jabber is interesting, and perhaps an improvement over other IM protocols, but the security is only halfway there.
IM use at work should be monitored only if sensitive information could possibly get out through that route. But if you're going to monitor IMs, why not monitor email, phone usage, have searches upon arival and leaving, and so on? I used AIM when I had a job to communicate and plan stuff mostly, of course I used it for friendly chatting as well, but tech supporting is autonomous to me.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
One solution could be to just setup jabberd (on any machine) to run on *only* your local network. Very easy to do.
just b/c you encrypt your convo's does NOT mean you will not get in trouble for what you say.
.02
I seriously suggest that anyone who IMs at work should stop. If you know your company monitors email, etc, I could only imagine that you encrypting your sessions would raise their suspicions even higher.
If you are that worried that you feel you should have to encrypt, you probably shouldn't be doing it at all.
Just my worthless
I would think that tunnelling via SSH would solve most of the problems.
I currently SSH tunnel for IRC, but for IM related software, I can't seem to SSH tunnel and get the relevant ports forwarded.
Anyone have a good idea for doing this?
But I'd think that my IRC connections are rather well encrypted.
First of all, the only reason I use IM these days is for work-related purposes with co-workers on an internal Jabber server. Okay, we do our share of chatting that's not exactly work-related, but who doesn't have f2f conversations with people at work about things that have nothing to do with work?
In any case, why I consider the instant transcript a "feature" is because my co-workers and I do tech support. We talk to each other frequently about customer issues. These transcripts often contain useful troubleshooting information. It seems awfully silly to type something more than once, so once a conversation is done, it's copied straight from Jabber into a case note. We usually do not make those kinds of notes viewable to customers, but they are good for internal documentation.
For those of you who have issues with your employer "snooping" on what you're doing, I would not expect any sort of privacy with respect to your computer usage at work. However, your employer needs to tell you your computer usage is subject to monitoring. Employers who fail to notify employees of monitoring are subject to serious trouble if they decide to take advantage of any information they find out as a result.
-- PhoneBoy
The views expressed herein are not necessarily those of anyone, including the poster.
Privacy at the work place...
You are in a building that you don't own..
You are sitting in a chair that you don't own
You are using a computer that you don't own
You are using a network that you don't own
You are using bandwidth that you don't own
Why do you have any expectation of privacy?
It's simply a given.... If I am talking on my cell phone in the middle of the IT department I have no expectation of privacy...
If I am 'yelling' my conversations over the network why do I have expectation of privacy...
If I want to chat personally or sell company secrets I will do it at my home where I DO have privacy... But, not at work
I've worked at a certain big investment bank over the summer. Internet access there was completely firewalled away except for a port 80 HTTP proxy server. Now, one could tunnel IM programs through this successfully but even then, the company has a zero-tolerance policy that bans any use of IM programs.
There is a very good reason for this. Apart from the usual virus problems, it is often *mandatory* by law for investment banks to log all communications between employees and clients, just like the article says. It is well known that all telephone calls are recorded for this reason. All proxy requests are naturally recorded and scanned for port and external mail use (also against company policy). Allowing IM would equally thus be in violation of company policy and legal requirements. Unless of course... if a system was introduced where all messages could be reliably logged and traced.
If you still aren't convinced about these policy issues, consider this. In a IB, if your phones are tapped, all web access is logged and you know it, then perhaps consider that logging IM isn't such a big extra step.
The last place I worked was a dying publicly owned company on the Canadian Stock Exchange. As one of 3 IT guys in this software company of 100 high-high-maintenance clients, I spent a lot of time monitoring my fellow employees for news of the companies impending doom.
I discovered that the 'promised-management-positions' crowd was keeping close tabs on their fellow employees as well. Monitoring exactly how long each of us worked, took breaks for, (and of course) never mentioning the major overtime we put in.
It's funny, because between them monitoring us and talking all day with numerous online boyfriends - the management hardly did any work. We on the other hand managed to keep 100 clients happy, fix the "Interactive Unix" network so that it didn't die each and every day, *and* format all of their MSN chat logs for easy reading off a floppy disk when the inevitable day came that we would quit.
and man, those chat logs were good!
Once we left, we started our own Software Company and are almost ready to release software exactly for companies like that. Network Security & Productivity monitoring software. I wish we had a package like this when we were there, but don't get me wrong - NGREP worked pretty well too.
NGREP src 192.168.10.3 or dst 192.168.10.3 -ql "MSN-IM-Format" >log.log
I am assuming that you are competent with *nix and nt, so installing a keystroke sniffer or VNC wouldn't go unnoticed. This works for offices with people who don't care what you are doing...
:)
Now, to avoid those pesky little spyware, you can always bring your laptop to work. (best some exotic, like an iBook running MacOSX) From there, you can usually hook it up to the company network - ask your system admin before you do though and be so kind to find out his or her birthday and send him a card or give him a present, a long time before you ask
Now, being allowed to run your laptop on the company network either use SSH to connect to your home computer like another post suggested (btw, ssh does not HAVE to run at port 22 and some port on the network is likely not to be blocked). Or you can always use your favorite instant message client with SSH tunneling, or if you want to be extremely cool, you can use something like KDX which has a secure connection built in. Or you could use HXD...
As long as you are just a bit careful about what you do and dont start slacking at work, I doubt anyone will object to you being logged into an IM thing anyway.
The famous workplace, where your freedom is checked at the door.
For people so concerned with freedom, it is astonishing that the entirety of a person's basic rights are handed over like a movie ticket once the workday begins.
And to top it all off, everyone DEFENDS this by saying, "well, they sign your paycheck."
Newsflash: signing a paycheck != control someone's life.
Here are people who tell you what to do 40, 50, 60 hours a week. What time to sleep. How long to spend eating. What kind of house you can buy. Where you must live. What to say. How to dress. How many phone calls to make. What web sites to visit. And so on. It's worse than grade school. If you don't like it, you're "downsized."
Personal life is not to interfere in the workday. No personal activities of any kind are to be conducted at work, unless you're a manager and you have kids. Then you can "take the afternoon off" or leave early on Friday any time you feel like it. All time off is given begrudgingly, even if it is pre-approved.
Now they'll just help themselves to every word typed or spoken during the workday. Excuse me, but why is the workplace exempt from a person's inalienable rights? Why are companies allowed to treat people this way? Why is a paycheck carte blanche to control someone's life?
If it isn't company business, PAYCHECK OR NOT, it isn't company business. Period. People should be given the freedom to be people before corporate drones.
...method!!!
3 043.html
http://www.guerrilla.net/reference/biological/rfc
Try logging that! Then again, the company could shoot the birds down or fire you for having birds in the office. Or to make matters worse, the bird getting hurt along the way (like flying into a window while trying to send the packet).
There are several programs that encrypt instant messages. For example, see Simp which is an open source IM program using Blowfish to encrypt all communications. You can download it and recompile it yourself to extend the key bitlength.
while companies may archive e-mail, I think many more have a policy of distroying e-mail and all bakups after a certain retention period. Critical messages are explicitly archived, along with other documents.
They destroy e-mail archives because they don't want it to be used against them later. The roasting Microsoft got over internal e-mail has put the fear into them (if they didn't have it already).
The same will likely hold for IM traffic, but it is still safe to assume that it will be logged and retained for some period of time.
-Me- No.
-Boss- Why?
-Me- Because I've got better things to do with my time than set up big brother stuff so you can make sure you're employees are working.
-Boss- But you're playing UT
-Me- No.
-Boss- Yes you are, I can see you doing it right now.
-Me- You are mistaken. This is a highly advanced network troubleshooting tool. See, thats a Windows box emitting smb traffic, that red flag. I've come to kill it.
-Boss- So you're not going to implement this thing for me?
-Me- Correct.
Boss wanders off annoyed
This Conversation is paraphrased, but did happen. The moral of the story is, arent *we* the network admins. If we cant push our boss around like I used to be able to (the company went backrupt in the
.
This may sound strange, but if a company is recording your chat sessions, instant messages, or e-mail communications, you can sue them for copyright infringement.
:-)
Sure, it would get all the merit of some of the recent patent lawsuits, but it's perfectly legal. At work, you have no expectation of privacy and often you even explicitly waive these rights by AUPs, as others have mentioned, so you have no legal high ground.
However of all the AUPs I have seen, none mention the property transfer of your communications, which are effectively your thoughts and are unique to you. This is called your "likeness". You are expressing it in your messages and chat transcripts, and by your employer snooping on you and storing records, they are effectively "copying" your copyrighted material, which you can claim copyright to.
Unless you're in a contract situation, the only works your company owns are those, which it has commissioned. Despite popular belief, it doesn't own everything you do at work -- only the work from your assigned tasks/projects/whatever.
I am no legal expert by any means, but at lunch with a lawyer friend I brought this issue up, and he said if he had a client in this situation he would have whatever logs found non-admissible due to copyright infringement. He then told me about likeness and how it can be used against an employer and possibly even to be on the plaintiff side of a suit. I found it interesting he would challenge this privacy issue from this interesting angle.
I guess you're best actually doing work while at work. If you must have security, use the various methods of encryption. Don't be stupid.
"I'll just chip in a bit for RedHat: I actually have that installed on my university machine." - Linus, '95
In the late 1990s companies started to monitor their employees' electronic mail, in case anyone was not working, or was not towing te corporate line.
Then they started to watch where people surfed. After all, employees were not executives, they could not be trusted.
In 2002 they started to monitor Instant Messages and to log them all.
In 2004 software to trnascribe telephone calls became common, and these too were logged.
By the end of 2010 and the unbiquity of the thought transponder, the slavery of the employee was complete, and all human spirit was destroyed in the never-ending quests for profit and longer golf sessions.
All employees dressed identically, lived in identical houses with identical husbands, and wore identical corporate socks.
Is this the future we want?
How do we tell the corporate world that life is about people, not profit? The joy of sharing, of living in a community, of being alive, that is what matters. Take off those corporate socks and be free!
(is your postal mail is being monitored too? did you have rights, once?)
It's easy to say, this seems reasonable. It's hard to take a stand for what seems right. Do it anyway.
--
Live barefoot!
free engravings/woodcuts
but it could be applied to almost any job, as long as other people do not strictly depend on you (eg nurses)
if we all were not organizing our jobs to a nine-to-five time-schedule, we'd be a lot more relaxed. i think that it's much more motivating to focus on getting a task done. if that means working 12 hours straight the one day, and taking off the other day, it's no problem.
of course i'm speaking as someone who has the freedom to choose his working hours, but i do get the job done. quite efficiently compared to most of my 9-5 oriented co-workers actually.
actually, i've been reading "the hacker ethic" form pekka himanen last month, and he has some very interesting things to say about the current "protestant work ethic" vs an alternative, not so time-oriented work ethic. the book's a "must buy" IMHO
I currently SSH tunnel for IRC, but for IM related software, I can't seem to SSH tunnel and get the relevant ports forwarded.
Assuming you have a recent version of OpenSSH, follow these instructions:
1. Run ssh -D 1080 hostname. This causes ssh provide a SOCKS v4 proxy services when connecting to localhost on port 1080.
2. Set your IM client to use your SOCKS v4 proxy server and point it to localhost on port 1080. Most IM clients support the SOCKS proxy protocol.
3. Chat.
My car gets 40 rods to the hogshead, and that's the way I likes it!
what constitutes permission for fair use?
evanchik.net
So far all of the posts have become: "Oh no my boss will catch me using an instant messager." What about your instant messages being logged by companies who will then in turn use your information to make a profit (either through advertising, private investigation, etc.) Personal data can be stored and later used for blackmail. I know that it is very improbable but after years of using instant messaging don't you think you will say 1) something incriminating and 2) something about your personal life that you probably wouldn't want others to know to a trusted source (family members, best friend, significant other). There is also the issue of instant messages being used in court. Now, more than often instant messages are being used as evidence. Most of the time there are hard copies of conversations on the hard drive that are used. Who is to say that "intercepted" messages won't be used in the future. Some of the encryption suggestions I read are interesting. It would definitely help to protect your privacy. It's not a matter of having something to hide it's the principal of not letting others have a window into your life.
My father used to tell me stories of when he was stationed in WWII in the Aleutian Islands, preparing as a SeaBee for the invasion of Japan. One of the stories that continued to amaze him was the deployment of Native Americans to handle communications, now populary referred to as Code Talkers.
... if it just wouldn't be too expensive if we not only encrypted our transmissions, but perhaps had an IRC in which we could roll our own dialects via tools like Bison in which only you, and your buddy on the other end would possess the necessary grammar file.
... but perhaps the process would become so expensive that they'll just move onto hammering the putz down the hall who continues to spew open text.
Not only did they transmit messages in code, but they added a nice little touch, all transmissions were forwarded in their native dialects. Both my father and I would chortle at the prostpect of some enemy intercept trying to figure out Cherokee.
It makes me wonder, especially when you consider the costs of snooping everone's transmissions
Sure, I'm sure the employer and their lawyers could still crack it
healyourchurchwebsite.com - WWJB?
What's next? X10 cameras in the workplace? :-)
Say, all the productivity benefits of 'computerization' couldn't have been due to the freedom people using them found to work at their own pace, could it? It's unthinkable that a guy is *more* productive for next two hours after a 2 minute IM conversation with his girlfriend, I guess. Nah, let's watch over every damn move they make. Make 'em think before they pick their own nose. That'll improve productivity, all right!
Props to all BOFHs. You have a long and prosperous future ahead of you.
Our company's policy is as follows:
1) the computers and networks are company assets
2) company intends for employees to use computers and networks for company business
3) company may review or monitor any activity on the company's computers and networks.
So don't do non-business stuff at work. What's so hard about that?
Even when you encrypt your traffic, it will not protect you from traffic analysis.
.xls spreadsheets from an server in Poland and all the URL's have /..%20%20/ in the path, I give that user a call.
I happen to be the dude in between management and the users on my site. I refuse to eavesdrop on my users. Not all of my users realize it, but we've got a pretty liberal policy (don't break the law, don't be offensive to others, don't use excessive bandwidth during business hours; that basically sums it up).
Some of my users know me for cracking down on porn or MP3 downloads, and think I'm reading their every keystroke. Because if I wasn't, then how would I know that they were doing stuff that they weren't supposed to do?
The reality is, when I get complaints about Internet performance, I run some quick scripts on the logs to find out who is hogging the system. If, after eliminating the obvious business use connections, I'm left with a top ten and number two is downloading a gazillion of
Usually, the user will accept the lecture that his contractual obligation to stick to the corporate guidelines is not optional. I sometimes learn through the grapevine that such a user thinks I'm a fascist. So be it. If other people can't work because of egregious abuse, I have to intervene.
Do I even look at the stuff they're downloading? Not if I can avoid it. The only times I look at what they're downloading is when they start yanking my chain, giving me the go around that there is no law against downloading Warez or porn. Maybe there isn't, I've got no clue. I do know what's in their contracts though.
Most of these issues are dealt with amically. People sometimes don't realize how big their impact on the corporate network is, and even if they do I usually let them get away with it if the abuse stops. They're usually pretty happy when I tell them I've got no clue what they were downloading, but could find out when forced to.
Over the last year, IM became a bit of an issue because of the way their stupid tools communicated (if only they used persistent connections they'd fly right under the radar). At some stage, 30% of our proxies capacity was used to serve a few dozen IM sessions and it really started to hurt web performance.
It's always funny when they let it escalate to management level, and I can at that stage let them rant about the invasion of their presumed privacy, and then drop the bombshell that I didn't even look at what they were downloading, and that it was trivial traffic analysis that gave them away, and that the reason they were in that meeting was because they incriminated themselves.
Bert Driehuis -- All I asked was a friggin' rotatin' chair. Throw me a bone here, people.
I wonder how long it will be until someone creates a client for AIM or ICQ etc, that encrypts the traffic going over the network using something like PGP so that even if your boss DOES have your or the other person's public key it will be impossible to read.
It's kinda hard to monitor when all you see is GHYP FPTHG FTHGF EGGEEG going by.
Or, I could create one using ROT13 encryption and then sue the pants off of the first company to "hack" my advanced confidential encryption system <sarcasm>thanks to the DMCA of course...</sacrasm>
Just my $0.02
-RickTheWizKid
This is totally untrue. Companys pay employees to work and provide a certain function, they *DO NOT* own them. This was discussed on Slashdot a few weeks back. Just because you are getting paid to do task A, and you do task B doesn't mean the employer owns whatever B is. At best it means you are a poor employee.
Now they can own everything you do when you are under a contract that specifically states this (although it's rare and hardly inforceable, similar to contracts that force you to waive rights in sexual harrasment areas in favour of company appointed arbitration).
It helps if you think of companies as people, which is kind of what they are legally. If I hire you to paint my house, and you instead work on a product that ends up selling millions, I would have no claim to that product. I WOULD have a claim to any damages I lost as the result of your working on this other task and for whatever I paid you if I can prove you didn't do your job.
"I'll just chip in a bit for RedHat: I actually have that installed on my university machine." - Linus, '95
I always thought that it would be a nice feature for some of the open source AIM Clients to include automatic public key encryption as an option for those clients that support it.
If you have a server you control, and wish to be able to get an SSH session through a firewall that blocks the "standard" SSH port, place your SSH server on port 443 (https) - both are SSL, and most firewalls will happily let you establish the connection.
/., Freshmeat et. al. while waiting for a recompile is one thing, burning huge amounts of bandwidth downloading crap it another.
That said - It's not spelled Foxtrot Uniform November, it's Whiskey Oscar Romeo Kilo - if you want to download porn or waste lots of time IM'ing, then do it at home. A quick scan of
www.eFax.com are spammers
Trillian allows users to connect over AIM and ICQ using a 128bit SSL.
Companys pay employees to work and provide a certain function, they *DO NOT* own them. This was discussed on Slashdot a few weeks back.
The discussion a few weeks back was about work created outside the office. If it's related to your job, or it's done on company time, chances are it's owned by your company.
If I hire you to paint my house, and you instead work on a product that ends up selling millions, I would have no claim to that product.
That's not an employer-employee relationship, thus it's subject to different rules.
Contractors by default have their works owned by them. Employees by default have their works owned by their employer.
Just use Trillian and SSL encryption. Fixes that problem.
13 year old white supremacists are shitty web designers.
Unless I use your paintbrushes and paint to come up with the new invention, which is normally the case with these "you created X on our time". You are using company resources to do create this magical product. Its one thing to do it on your own time on your own machines, a completely other to do it on your employers time on your employers machines.
--"Karma is justice without the satisfaction"
Although part of me agrees with you, I feel that if a boss or IT guy is reading my communications without any reason but curiosity, he is the one that should be monitored.
On the other hand, the other day I went to see the IT director for my campus and was sitting in his secretary's office waiting for him to arrive and the entire time, his secretary was talking to somebody online with what looked like AIM. As a tuition payer, I feel my stomach turn knowing that at least a little bit of my money is going to fund that behavior.
SEC regulations require that trading firms keep records of all email and instant messaging. There are severe fines for noncompliance. Any business that falls under these regs really has no choice but to spy on their employees.
If you reply, do so only to what I explicitly wrote. If I didn't write it, don't assume or infer it.
There are a number of companies that plan on coming out with Wireless IM/E-Mail/Web much like RIM does wireless, always e-mail and with VoiceStream you can get Wireless Always on AIM on your cell phone. The Hiptop is one thing that comes to mind. Soon you will be able to IM and E-Mail personal stuff at work all day long and it won't pass over your employer's Network all for $20-40 dollars a month.
... and the stalls, and the seats, but I sure hope you don't think they can/should install webcams there, for the sole purpose of monitoring excessive bathroom breaks, of course.
If we cant push our boss around like I used to be able to (the company went backrupt in the .bomb)
:)
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
For those interested, salon had a simmilar article a few days ago.
"Question with boldness even the existence of a god." - Thomas Jefferson
Do they do the same thing with the telephone?
No?
That, ladies and gentlemen, is a double standard. Also known as hypocrisy.
Oh, they do monitor your phone conversations? Fine: do they "downsize" you if you use the phone for personal use? No? Then lather, rinse, and repeat.
Oh, they "downsize" you if you use the phone for personal use? Who do they think they are, the NSA? What do they think you are, a slave?
If they're going to treat you as a slave at work, then they can fuck off when you're not physically at work: you should refuse to give them the benefit of any thoughts, ideas, or efforts that don't originate at work. And if they press it, then you should be able to bring them up on criminal charges (slavery is against the 13th Amendment of the Constitution, and it doesn't matter whether or not you're being paid: slaves were "paid" in the form of food, too).
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
This seems rather apparent: employees have no right to screw off on the company dime. Although self-evident to anyone with half a brain, I still hear people - mainly younger folks fresh out of college and new in the workforce - complain about their 'rights' at work, or assert that without unmonitored internet access they'd somehow be crippled when it comes to 'creativity'.
First off, employees don't have the 'right' to dick around on the web or IM when they should be working. I pay them to work and I define what 'work' is; and that isn't it. Second, if they truly can't function without wasting *my* money goofing off for part of the day, then they need to get a job someplace else. I can and will replace them with someone who isn't hampered in terms of 'creativity' when they actually have to put in eight solid hours of work a day. Especially in this economy, it's damned easy to fire the whining kid and hire someone with an actual worth ethic.
I don't see what the problem is with a company monitoring things like IM. You're at my business, using my equipment - I'll monitor whatever I please in any fashion I desire. If you want to hold private conversations with friends or surf the web, do it at home on your own time.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
What planet are you from?!
You worry about what your boss tells you to do while on the job.
I'm worried about a boss having the legal right to fire employees because they're gay. Or they're not married. Or because they're married, but don't have kids yet. Or they do have children, but aren't married yet.
You worry about the boss blocking web sites at work.
I'm worried about a boss firing people because he came across evidence that they went into an adult bookstore... or even just an R-rated movie. Or the "wrong section" of a very good bookstore. (Think Tattered Cover in Denver, or even a Border's with a large section on human sexuality or other "controversial" subjects.)
You worry about the boss keeping people from talking politics during their lunch break.
I'm worried about a boss deciding to fire people because they're politically active "for the wrong causes" on their own time.
You worry about employers controlling every word a person types on the job.
I'm worried about employers demanding the IP rights to everything an employee does AT ANY TIME while an employee. Including projects they developed at their own expense on evenings and weekends. This attitude was common a few years ago, then got beaten back in the courts, but seems to be making a rebound.
Finally there's the whole drug-testing issue pushed by the feds. I do not support someone working while high. But I don't see how firing people at random because of false positives (since everyone except the DEA understands that these tests are not perfect), or for going to the "wrong concert" on the weekend (where others are smoking and you pick up some second-hand smoke) will make the workplace safer.
You may think my examples are made up, but they're not. Most states have "hire at will" laws and employees can be fired for any reason, or none at all, without prior notice. Only a handful of reasons can't be used, and it's virtually impossible to prove that the true reason for your termination was one of these excluded reasons.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
1) The various advocates of run FOO over SSL are missing a point. Sure you can encrypt the traffic to make it hard to read, but the messages are still in cleartext in the IM server. So, your boss might not be able to read it... but the person running the server certainly can.
SSL only provides "on the wire" encryption. It doesn't prevent the server operator from snooping on you. We assume that the server operators are not logging our traffic, but do we really know ?
And, even if the server operators are on the level (I have no data to suggest otherwise), you are only really protected if everyone you IM is also doing SSL. If you send something awful using your SSL-amped client to a non-SSL's coworker, your boss doesn't have to decode your transmission, he can just look at your co-worker's transmission.
2) Having said that, users of a TOC (not OSCAR) based AIM client can do SSL quite easily. Get a copy of OpenSSL and stunnel on your system. Configure stunnel to accept a cleartext connection and forward it SSL'd to toc.oscar.aol.com. Then connect your TOC based client to the stunnel program. That works just fine because the AOL TOC/WWW server supports SSL.
3) The only potentially "safe" solution, assuming your keybord/screen/mouse aren't being spyed on is to use end-to-end based encryption. Currently the only major public product out there that does this is Trillian... and I don't think the Trillian encryption code has been objectively reviewed to determine that their stuff really prevents snooping on the wire and at the AOL server.
Cheers,
Fuzz
%SYSTEM-W-ABORT, abort
If you don't like the rules, find another company. If you can't find a company whose rules aren't what you consider draconian, start your own. As others have observed: No-one *owes* you a job, let alone a job you like. If you get a job, great. If you have one you like, so much the better. If you have one you like and get paid handsomely, so much the better. If some of the factors don't apply, then change what is in your power to change or quit whining.
What is your Slash Rating?
Besides, if you want to complain about servitude and lack of rights, why not take on issues where that has meaning (DMCA, for example). Employment has always been about providing the necessities of life, and lately has included frills as well.
Traditionally one farmed the land or ran a private business. If you look at how craft trade businesses ran, I suspect you'd find today's corporations to be benevolent in comparison (e.g., your boss doesn't whip you for being late to work).
Modern corporations have evolved...I doubt anyone sat down and said "let's figure out a way to make the average worker suffer in dumb anguish." Dilbert makes the valid point that most corporate annoyance is a result of personal fiat and stupidity...not as an outright design to enslave you.
My previous point still stands. You didn't offer an alternative, and you were griping about the state of corporate worklife. If you don't like it, there are alternatives out there (such as starting your own business, becoming a Catholic priest, trying to get on Survivor 5, etc).
What is your Slash Rating?
I personally have 3 friends who were all fired from a big five consulting firm for reasons directly related to Instant Messages. They were unsatisfied with their project and having what they thought was a private conversation, making some pretty explicit jokes about their bosses. Little did they know, their bosses were listening. They are unsure if they were being monitored, or if the bosses had people sneek on to their computers at night and read their log files (one or two of them realized, after it was too late, that they had their logging turned on). Either way, it was a pretty crummy thing to do, especially when the company was doing layoffs with severance, they found a reason to fire these guys for cause and give them no severance. They have all moved on, and since found less stressfull, higher paying jobs. But you better believe that none of them use IM at work anymore...
Trillian comes with built-in SSH (*gasp*) and, IMO, does a much better job of handling connections with the various networks (MSN, AIM, ICQ, YIM, IRC) and uses the OSCAR protocol instead of the outdated "public usage" protocol that AOL "provides" (read: was forced to do by court order). Not to say your experience differs, as it probably does, but I've found Trillian to be a breeze and INCREDIBLY nice.
[insert witty comment here]