Ask Slashdot: What's Your Take On HTTPS Snooping?

First time accepted submitter jez9999 writes "I recently worked for a relatively large company that imposed so-called transparent HTTPS proxying on their network. In practice, what this means is that they allow you to use HTTPS through their network, but it must be proxied through their server and their server must be trusted as a root CA. They were using the Cisco IronPort device to do this. The "transparency" seems to come from the fact that they tend to install their root CA into Internet Explorer's certificate store, so IE won't actually warn you that your HTTPS traffic may be being snooped on (nor will any other browser that uses IE's cert store, like Chrome). Is this a reasonable policy? Is it worth leaving a job over? Should it even be legal? It seems to me rather mad to go to huge effort to create a secure channel of communication for important data like online banking, transactions, and passwords, and then to just effectively hand over the keys to your employer. Or am I overreacting?"

You have no right to privacy at work

[vinn]

You have zero expectation of privacy at work. Do you think it's fair to sit on Facebook all day while at work or even pay your bills?

Mostly I hear questions like this at work from people who are just getting their first job and who seem to think they have this sense of entitlement with regards to everything. Face it, the job market sucks right now and for anyone just entering it, you're at the mercy of employers who have the luxury right now of many more qualified applicants than open positions. If you're using their computer and their network, you play by their rules. You are a wage slave just like all the other people in your building.

With regards to whether you should quit your job, only you can answer that. I can tell you there are plenty of good places to work that don't do anything like that, but only you can answer whether or not it's worth working at one of them.