digg

Facebook Connect Join Digg About

Bolster Your Browsing Privacy At Work

lifehacker.com "The internet has become an inextricable part of contemporary life, both in terms of how we get things done at work and how we get things done in our everyday lives. The problem is, sometimes our personal use of the internet conflicts with what the bossman has in mind."...

Who dugg this? Made popular Jan 16, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

52 Comments

show profanity settings
expand all
  • inactive, on 10/12/2007, -0/+19Or move into the IT department and do whatever you want!

    Fun experience last night:
    I posted about 9 things on Craigslist last night for free/sale.

    I got a few replies over the night, but the bulk of them started up after 9am from work email addresses, with corporate signatures attached...
    Don't people WORK anymore?


    (says the guy who was checking his personal email on work time)
  • j10s, on 10/12/2007, -6/+21then get off digg and go back to work.
  • mjh41, on 10/12/2007, -1/+14I'm at work right now. Just look at the productivity.
  • Charlotte_Web, on 10/12/2007, -2/+14A squeaky-clean browser is also a red flag. I used to be a corporate IT manager, and I could always tell who was browsing the porn sites by who had the cleanest cache folders, or had one of those "cache cleaner" programs installed. After all, people with nothing to hide have no reason to always clean up after their browsing.

    Also, the amount of traffic you receive to your computer is a huge red flag. I remember many days of sitting in the server room and watching huge amounts of traffic going to people who's jobs only involved sending around Word and Excel files. The streaming video of a porn server is ridiculously efficient at saturating bandwidth.

    You know what? You're just not going to fool a savvy IT manager, so it's probably best not to even try if you value your job.
  • monergism, on 10/12/2007, -9/+20As someone currently behind a firewall (and one who use to administer them) I find that these subversion articles make me mad.

    Our proxy, as required and enforced, is a good thing. Granted, I'd prefer to have full net access but I am not paying for ANY of the equipment or service.

    I have no right to Internet. I'm at work. Now, I multi-task and that's why I can do this. I still make my obligations while at work.

    As for any of these tips, they wouldn't work "here". We have competent admins.
  • pirana0, on 10/12/2007, -0/+11Another tip is extracting Portable Firefox to a USB drive if you can't install software.
  • se7en11, on 10/12/2007, -1/+10Chances are your company logs all outgoing traffic anyways. So regardless if you clear your browser's history/cache/whatever or not they should have a complete list of where your IP has gone. (if the logs are long enough)
  • armbar, on 10/12/2007, -1/+9Article summary: don't let your browser track your history. I learned this after my first day on the Intarwebs.
  • wvdavis, on 10/12/2007, -0/+7http://www.mozilla.org/support/firefox/tips#oth_usb
    or http://portableapps.com/apps/internet/firefox_portable

    Another suggestion is to put the portable app in a truecrypt volume so if you loose the usb thumb drive....
  • forcedfx, on 10/12/2007, -1/+8You should see how many of our users use their work email for selling on eBay.
  • Charlotte_Web, on 10/12/2007, -0/+6A clean browser isn't evidence to convict. But it may be a red flag to investigate further. Where's there's smoke, there's fire, as they say.

    Let's face it; if I suspect someone of misbehaving online while at work, as the IT manager, I have complete control over the systems and can remotely view that person's desktop at random times during the day without their knowledge. And all with management's blessing.

    It's important for employees to know what sort of web browsing is acceptable at work, and leave the rest at home. A good admin is going to have a firewall set up, anyway, to block all the stuff the bosses don't want in the office, anyway.
  • tokyomonster, on 10/12/2007, -0/+5Caution about using Torpark. I work for an internet security company that sells a product that monitors companies firewall activity, and if we notice a bunch of random inbound/outbound connections, as using tor will create due to the way it operates, we will catch you.
  • airencracken, on 10/12/2007, -1/+5SSH tunnels to a VPN
  • chincopanda, on 10/12/2007, -1/+5Another tip:
    Don't sit with your back to a window where your computer screen is reflected for any bypasser to see (especially when it gets dark).
  • scrubadub, on 10/12/2007, -1/+5@se7en11
    That's why you use Tor
    http://tor.eff.org

    @Charlotte_Web
    A clean browser might be a red flag but without evidence you can't prove much
  • apocelo42, on 10/12/2007, -0/+4khag7

    The real problem is that when a work e-mail address is used the automatic signature often says what company the address is associated with. This can be a liability to companies as people might assume that the person is acting on behalf of the company. So if someone using a work e-mail rips someone off on eBay the person that got ripped off may be able to go to the company an get them in trouble.

    Here's a tip for using the Internet at work:
    Don't go anywhere that you wouldn't go if your grandmother was watching.
  • libertao, on 10/12/2007, -0/+4Believe it or not, it is possible to be part of a group while disagreeing with it's policy.

  • jetsetgo, on 10/12/2007, -0/+4If you can't install software, search for a torrent called 165 standalone programs, or 120 standalone programs. Burn it to a CD.

    The idea is, have a bunch of programs accessible on your computer, but never have to install them. There's some loser's in there but some of the programs are great to have.
  • libertao, on 10/12/2007, -6/+9Wow, you have an amazing gift for hypocritical rationalization. Impressive stuff.
  • Azap, on 10/12/2007, -0/+3He is at least partialy right, at least about the functional stuff. My school uses a filter that blocks ports and reports to the admins on which accounts are using proxies. Most proxies are blocked, even their https alternatives. Smart admins can lock a system down by systematically eliminating the loopholes. I have been in a constant battle, but so far the best alternative I have found is an unsecure wireless network that overlaps with the school.
  • lrdscruffybttm, on 10/12/2007, -2/+4I can't stop laughing long enough to finish a complete post to this response. Our IDS is nice enough to notify us by e-mail. So, we don't have to just sit there and monitor it. I've got a friend in an IT department where HR was the only one to access the terminal monitoring software and they dumped all packets and had the ability to watch video of everything on the desktop for up to an hour previous. You can try and say that how dare I say what people can and can't surf. But plain and simple. I'm responsible for both the secuirty of the company network and the proper operation of all our computers. I'll block whatever I feel is a risk or a continual drain on our bandwidth. Like it or not. When Digg becomes a risk of virus transmission or sucks down as much bandwidth as a site like MySpace. I'll block it too.
  • osbjmg, on 10/12/2007, -0/+2@Charlotte_Web - The way I see it, passing around word and excel files should be off limits as well. That's a quick way to fill an inbox. I hate seeing powerpoint, or images at all for that matter, in my inbox. Also, I saw a bit of a typo in your comment - "You know what? You're just not going to fool a savvy IT manager," replace manager with grunt ;)

    @scrubadub - Ditto.
  • aeoo, on 10/12/2007, -0/+2Of course air connections can be adminned too. The only real way is to tunnel through a normal-looking protocol.
  • Yorn, on 10/12/2007, -0/+2I think what this guy is saying is it is ok for your company to block access to certain sites: Ebay, Amazon, etc. because it's a good thing, and that people shouldn't try to get around those blocks. I agree with the statement, but I still like to make purchases over the noon hour and occasionally check home email.

    Where I work they use a blocking software that has on at least two occasions prevented me from being redirected to porn sites. IMHO, that's a good thing. Several of the links I run into are hacks for specific issues with specific products and once you hit informational sites in other languages it can get very confusing. I guess it's customary in Germany to link to questionable material on a website about configuring an MSI installer for Symantec.
  • lrdscruffybttm, on 10/12/2007, -1/+3Bah foolishness. Our proxy is in place for a reason. To limit access to sites that are considered more of a risk. I'm perfectly happy with keeping my users off of Friendster and Myspace all hours of the day. We've reduced out total bandwidth usage by just blocking those two sites. Putting out articles on how to bypass your work security is a great idea. I even suggest you try it. Then I hope you get caught and fired. You can call me a hypocrite if you want. But Digg uses an 1/8th the bandwidth of a site like myspace. I'm also doing it on my break. People get to comfortable with their work computers. Anyone who thinks they're entitled to privacy on a work computer is a fool. You want to sell your couch on craigslist. Get a personal e-mail account. While I don't like limiting users access to the intertubes. Some people are too childish to manage themselves in an adult manner.
  • monergism, on 10/12/2007, -0/+2I worked at one company that had a normal Internet usage policy. They didn't enforce it via proxy/firewall. Now, I was asked (as a network admin) to see what the guy was doing. I did some very basic work and found he spent X amount of the day surfing. The supervisors then used this information to terminate him.

    Lesson learned: Follow the rules when paid by someone else.

    Like it or not, the reality is you don't have a right to do as you please. Subversion is 10x worse because you KNOW you are doing something you aren't allowed to.

  • stupidfathead, on 10/12/2007, -0/+1None of those suggestions will fully cover your tracks on a heavily administered network (authenticated MAC ADDRESS requests etc). Get a hand held and an air card and surf your ass off.
  • jetsetgo, on 10/12/2007, -0/+1Would you be able to catch it if someone used an ssh tunnel to their proxy web server at home with all traffic on port 410?

    A little trick I gleaned after working in the industry for a while. Sends all web traffic to your computer encrypted and looks like encrypted e-mails because of the port. I'm curious to know whether you're software could detect that.
  • stormlifter, on 10/12/2007, -6/+7If your worried... try these things if they allow it
    1) proxy out
    2) VPN to your home computer
    3) Install Firefox with Stealther extension
    4) Use Tor w/ FoxyProxy, or another Tor FireFox extension
    5) work while at work ;)
  • com1n4u, on 10/12/2007, -0/+1i've always been curious... can any IT guys share their corporate policies re: monitoring internet usage.. for example, does IT only monitor and report when there is a complaint or request from somewhere else.. or do some IT depts. generate a list of all employee's, time on internet, address of pages accessed.. etc. (i.e. top 10 internet users on company time)

    what happens when an employee attempts to access a blocked site? it there a min. # of times or does a report automatically generate each time? how about remote monitoring? do some IT guys just randomly watch user's desktops or is permission always required?

    i know every company is different, but i've never heard what any corporations do. enlighten me!!
  • jetsetgo, on 10/12/2007, -0/+1Remote control connections are obvious to the IT staff though. Remote desktop even has it's own official protocol, and eventually the IT staff is going to check on why the network is slowing down.

    graphical remote computing programs generate large volumes of traffic.

    they might not know what you are doing, but they will be able to tell you are doing something you probably shouldn't.
  • lrdscruffybttm, on 10/12/2007, -1/+2How is protecting the company playing petty tyrant? I don't single out specific users to block all their sites. I simply have blocked sites that I have proved are both a waste of company bandwidth or a security risk. I've not completely shut off their internet. I haven't locked them into surfing during specific hours. I can't because they need to be able to surf to certain sites for images at any time during the day. The only sites I've blocked are ones that have been a habitual problem. I've targeted no single one employee and if there's a valid complaint. I'm more than happy to whitelist any neccessary site. My problem is that this article is about circumventing a company's interent policies so that people can surf for whatever they want on company time and computers. I've never ratted anyone out for internet usage that didn't come as a request from someone higher up than me. All I do is act in the guidelines of the policy given to me. If I find a user surfing a site that falls into the guidelines of inappropriate traffic. It gets blocked, plain and simple. You want to sell your couch on craigslist? go get a personal yahoo, aol, gmail, hotmail or whatever account. Don't be using company resources to sell that couch. How is that tyrannical?
  • GaffleSnipe, on 10/12/2007, -0/+1Worked like a charm, thanks
  • EdgeTX, on 10/12/2007, -0/+1@ratdk

    Finally someone who gets it. It's amazing what people think they can get away with at work. Ignorance is bliss to most that think they are safe. Besides all the client side information gatherers, think about the infrastructure (IDS, Sniffer, Port monitor, Proxy, etc.) pieces that see everything. The posts on this article are just astounding to me (IT Security 10+ years now). People really think by clearing their browser cache, using an onion proxy program (Tor is blocked by most smart IT managers BTW), or other method of cleaning their "CLIENT" machine, that there is no trail of activities.
    And like "ratdk" said, corporate security and IT use policies are always a way for the company to take care of any suspicious computer use at work.
    Wake up people. Big brother has ALWAYS been watching and usually is watching without your knowledge. Go ahead though and think that you are safe from prying eyes.

    -EdgeTX
  • khag7, on 10/12/2007, -3/+4I don't see the issue with using the work email address. Who cares what address it is. I use my college address for non-college things. But if you do it on work time, thats a problem. If you get email in your inbox thats not work related, you should ignore it. I'm not saying I would, but you SHOULD ignore it. The problem isnt with using the work email address. The problem is not being able to ignore personal or non-work-related emails until after work. Thats the problem.
  • se7en11, on 10/12/2007, -0/+1As a web designer, I'd say it's more than a right. You could argue that I could just setup a local webserver, but I can't count how many times a day I'm on Google or PHP.net looking for answers. Fortunately digg has some PHP related articles or else I would never come here. ;-)
  • DiggsOnlyNeoCon, on 10/12/2007, -2/+1Boy! I wish I worked at YOUR company!
  • stupidfathead, on 10/12/2007, -0/+0@aeoo
    True enough. I was thinking in terms of a company with no wireless access where a separate air card through a separate ISP would be anonymous. Tunneling assumes you have sufficient knowledge and privileges to pull it off, which 99% do not (thank goodness) ;-)
  • planck0, on 10/12/2007, -0/+1Is accessing the Internet while you're working a right or a privilege? I always thought it was a privilege.

    I'm not being a troll, I'm genuinely curious as to what sites someone here needs to access ('needs' -- not 'wants') that your particular work place doesn't want you to access.
  • Pondyking, on 02/16/2008, -0/+0question: if you have an aircard (e.g. with sprint) and then browse using that from work, can that be a way to browse the internet privately ? that is, you are not going through the proxy or using the workplace network or whatever,
  • ratdk, on 10/12/2007, -0/+0The misinformation here is amazing.
    Do you really think the admins can't see what you are doing.
    Most (large) firms I know have a proxy, along with some form of content filtering and are blocking all outbound traffic except for 80 and 443 (not 410 like someone suggested up there). The reasons for doing this are thus: In order for a company to succeed or at least retain success, it needs to protect it's assets. These assets are all components of the company, that includes it's computers and like it or not, it's employees and their productivity.
    Protecting the computers is a given, filtering malware and other ***** from of the internet is handled by those controls in place. Before anyone starts whining, "i know what i'm doing". Pls stfu k thnx. I know how to drive, doesn't mean the boss is gonna lend me the keys to his porshe any time soon. bad analogy I know but hopefully you follow.
    Protecting employees, from themsevles and each other, do you know how costly a lawsuit can be when you've upset the Boss' PA cos she finds the stuff you are looking at distasteful. Plus why should she have to see you looking at that stuff, she has the right to feel comfortable at work right. I'm not saying you are going to look at that stuff. But remember this all about utilising the correct safeguards to proect the assets that we in Security are charged with protecting.
    On a technical level, all traffic goes through the proxy right, so if you encrypt it, the admins can't view it? Wrong. Of course they can. They may not be able to view precisely what you are viewing, but they sure as hell know where you are going. Think about it. Whose making the DNS requests here. Same applies to Tor. Still gotta make those DNS requests, and last time i checked Tor was using a non standard http port. IE. not 80 or 443.
    Nowadays it's all about policy and an enterprise with a decent security policy makes sure their arse is covered for all eventualities. It's not your rights we are interested in here. You already get those, in terms of been payed, union representation, lunchbreaks and holiday etc.
    If you want to break or circumvent these controls that's down to you. If you really want to suck it to the man great. Just remember they are the ones paying your salary and more often than not you are more than expendable. I am not for or against any of the arguments here. I couldn't give two *****, although you can probably tell where my interests lie.
    It's just a case of don't think you are been clever when in truth you ain't. If any of you have been to any of the big security conferences, you will know, whatever circumvention you think is failsafe, there is a company out there with a product that will guard against it, and do you think IT are going to tell you when they have implemented it?
  • morriscox, on 10/12/2007, -0/+0Using your work email address for personal use is considered to be theft of resources. That's right, you could be fired or otherwise fined for it. And some places probably would fire someone for that, due to liability and all.

    Using a wireless connection won't save you if the IT admin/dept. is checking for wireless use. Don't matter if you're using your own service, IT can determine where someone is using wireless and go track them down.
  • constantly, on 10/12/2007, -0/+0A few years ago, telephone use at work was an issue. Now that issue has mostly disappeared, because people bring their personal cell phones to work. Internet use may be an issue now, but before long people will be able to bypass their workplace's network wirelessly. Some do it already.
  • Azap, on 10/12/2007, -4/+3Dump the truck
  • G2SF, on 10/12/2007, -4/+2I get all the privacy I want at work by using my mobile phone for visiting Digg, Drudge, checking e-mail or safely searching Google. I don't own an expensive smartphone, I use a regular cell phone with a fairly cheap data plan. The best mobile-friendly portal by far is a1r.mobi (for guys) and a1r.mobi/me (for women). From there, I can easily get to everything I want - fast and everything is mobile-friendly. Plus, unlike my company workstation, I can take my mobile phone to the can to read my personal e-mail or top news stories. Most people with web-enabled cell phones don't even use the feature because they don't know how, or think it may be too expensive (check your carrier plans). The main reason I didn't use my mobile phone at first was prior to finding a1r.mobi, it was too much of a pain to find truly mobile-friendly sites. Most sites took too long to load, looked crappy when they did load, and often just froze. No so any more. Try it out on your own cell phone and see for yourself. You may not go back to using a company computer under corporate IT surveillance.
  • Wootery, on 10/12/2007, -2/+1...whilst watching pr0n.
  • ratdk, on 10/12/2007, -1/+0double post.
  • Fetching more discussions...
    Show 51 - 55 of 55 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.