Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Can companies
- Thread starter themainevent
- Start date
- Sort by reaction score
I have my own iPhone (not owned by the company I work for in any way) and wanted to know if my employer can track my usage while browsing the web on my personal 3G connection. I know that it using the company wi-fi on any device is fair game, but what about my personal 3G connection when not connected to their wi-fi?
Not that I'm doing anything wrong/illegal, I just like to take breaks from time to time and browse the web on company time and wanted to know if I could do so in privacy
Thanks for any help.
Nope. And what you do on your phone at work is none of our business
I have my own iPhone (not owned by the company I work for in any way) and wanted to know if my employer can track my usage while browsing the web on my personal 3G connection. I know that it using the company wi-fi on any device is fair game, but what about my personal 3G connection when not connected to their wi-fi?
Not that I'm doing anything wrong/illegal, I just like to take breaks from time to time and browse the web on company time and wanted to know if I could do so in privacy
Thanks for any help.
Why the hell would you think they could? Even if you have a basic fundamental understanding of the Internet you can reason that the obvious answer is no.
If you weren't, you wouldn't be concerned.
Luckily for you, they can't see/ track usage of a private phone over cell.
As said, if you are on their network, there is probably some information logs somewhere.
On 3G - unless they purposely try to spy on you with some fancy and illegal stuff, nope.
I'm sure he didn't knowingly ask on a forums if he wasn't sure. No need to be rude.
As for the question ...
No, they cannot track your connection when you are using internet provided by your carrier. Just keep WiFi off, and you're good.
If anyone has a basic knowledge of the internet (like you), you would know that servers all over the place create all kinds of logs with tons of information.
My apologies.
There's no way is work can monitor his web usage over 3G, legally at least. Simple as that.
Nope. And what you do on your phone at work is none of our business
Actually it is there business in the aspect of any time that an employee spends diddling with their cell phone is time not spent working.
Also depending on the business, industrial espionage is possible with someone's personal phone.
At the location I work at, we are not allowed to bring in our personal cell phones past a certain point (they must be checked in a locker or left in your car) for this very reason.
Did you actually read what I wrote?
1) I didn't say it wasn't his company's business
2) It's not our (we forums users) business what he does
3) Congratulations on working for a top secret company
He asked a question and I answered it. In return, you added nothing to the conversation.
I have my own iPhone (not owned by the company I work for in any way) and wanted to know if my employer can track my usage while browsing the web on my personal 3G connection. I know that it using the company wi-fi on any device is fair game, but what about my personal 3G connection when not connected to their wi-fi?
Not that I'm doing anything wrong/illegal, I just like to take breaks from time to time and browse the web on company time and wanted to know if I could do so in privacy
Thanks for any help.
No.
They can see that you're using carrier data on your bill but not what you're using it on exactly, the cant see what app like safari, email, pandora and not what sites you're visiting either.
But like you said if you're on their wifi they can see all that.
But not when you're on a carriers connection.
as a research project I have made a 2G 'IMSI catcher'
The 'IMSI catcher' gives a fake 2G GSM nano-cell which can be called anything and can easily route iPhone radio traffic through to a network with 100% man-in-the-middle data/voice/text capture and logging. That's 2G MITM for $700.
For 3G, I've bought version 2 of the Vodafone 3G nanoBTS. I'm still looking for version 1 of the Vodafone 3G nanoBTS as the root password and all secrets of 3G are available with this particular older device. If the OP's company has a version 1, then they have complete 3G MITM for around $200. (More info at GSMA - which has now gone so redirect to a blog http://blog.quintarelli.it/files/fcg0510.pdf
There are the usual 'security' company devices from Rhode & Schwarz, DATONG etcetera which can also give full elint/sigint/comint on nearby phone systems. These would start around $80K and quickly get more expensive...
It's certainly NOT safe to assume that any data use is 'private'.
The entry level costs are becoming absurdly low for sigint!
The threat of attack is directly proportional to the value of your business/secrets. If you have or are a high value 'target' then YOU ARE being or about to be man-in-the-middled via your cellphone traffic... Radio Prague report
Paranoia aside, you should be able to assess the technical skills of your environment/adversary and see if they've ever heard of GNURadio or Asterisk or OpenBTS? I think the time is ripe for an emergency worldwide rush rollout of LTE to replace the completely out-of-date security of 2G (and 3G which is still basically the 2G network model) Where is my secure LTE network and terminal?
The 'IMSI catcher' gives a fake 2G GSM nano-cell which can be called anything and can easily route iPhone radio traffic through to a network with 100% man-in-the-middle data/voice/text capture and logging. That's 2G MITM for $700.
For 3G, I've bought version 2 of the Vodafone 3G nanoBTS. I'm still looking for version 1 of the Vodafone 3G nanoBTS as the root password and all secrets of 3G are available with this particular older device. If the OP's company has a version 1, then they have complete 3G MITM for around $200. (More info at GSMA - which has now gone so redirect to a blog http://blog.quintarelli.it/files/fcg0510.pdf
There are the usual 'security' company devices from Rhode & Schwarz, DATONG etcetera which can also give full elint/sigint/comint on nearby phone systems. These would start around $80K and quickly get more expensive...
It's certainly NOT safe to assume that any data use is 'private'.
The entry level costs are becoming absurdly low for sigint!
The threat of attack is directly proportional to the value of your business/secrets. If you have or are a high value 'target' then YOU ARE being or about to be man-in-the-middled via your cellphone traffic... Radio Prague report
Paranoia aside, you should be able to assess the technical skills of your environment/adversary and see if they've ever heard of GNURadio or Asterisk or OpenBTS? I think the time is ripe for an emergency worldwide rush rollout of LTE to replace the completely out-of-date security of 2G (and 3G which is still basically the 2G network model) Where is my secure LTE network and terminal?
Of course, if your private employer was using such a utility to hack into your cellular service provider's cellular connection, side-stepping the integrity of their network, then they would most likely be guilty of several federal criminal offenses in the USA. The government reserves the right to be capable of tapping into just about any form of electronic communication, but they don't intend for such tapping to be done by any non-governmental entities.
If your employer they tipped their hand that they were doing such tapping on their own, and were planning to use such information as evidence against you in any disciplinary job action, you would probably have grounds to sue.
If people can be allowed to go on smoking breaks, I see no reason why anyone should be crucified for taking a few minutes off every now and then to check macrumours or some other personal stuff, so long as his overall productivity is not impacted.
I can understand the OP's concerns. I do subscribe to a few webcomics and fanfiction sites which while very well-written (nothing pornographic), do contain content of a more risque nature). They likely wouldn't flout any company laws, but can be embarrassing if discovered by co-workers.
I can understand the OP's concerns. I do subscribe to a few webcomics and fanfiction sites which while very well-written (nothing pornographic), do contain content of a more risque nature). They likely wouldn't flout any company laws, but can be embarrassing if discovered by co-workers.
If you're browsing directly on your personal phone over your personal cellular plan, then no. If you're browsing off a company laptop tethering to your personal cell phone over your personal cellular plan then yes it is possible.
You didn't specify if it was the phone or another device that is browsing the internet - just that the connection was your cell phone and not the company WiFi.
You didn't specify if it was the phone or another device that is browsing the internet - just that the connection was your cell phone and not the company WiFi.
Actually they can. I work in the IT department of a financial firm and if the employee has our corporate mail on his device we can directly monitor any data to and from the phone. Because our mail is done through activesync with an exchange server our anti-virus and web filtering agent (Sophos) gets automatically added to our clients smartphones. What this allows us to do is ensure that any files/websites/email attachments from other non-corporate sources can not access our server via activesync. So in essence yes they can see what your doing if they care enough to look. In our case this is purely a preventative measure.
Wrong. The obvious answer is "depends on what machine/browser you use to do your surfing."
Using your own private data connection is only part of the environment. Your employer may have tracking software installed on your company-issued computing device. I do this for all employees because I have a zero tolerance policy when it comes to putting my company at risk. My employees know this, and everything they do on their laptops is monitored. It doesn't matter what connection point they use. If they enter text into a form, it's logged and monitored.
If the OPs employer is more permissive may not be an issue. But if you plan on private surfing, use your own device, with your own bandwidth and on your own time.
And that's possible because you configure their device to connect to your servers.
If it's his own personal cell phone, with no connection to a corporate server, they cannot track him. Period.
False, The employee sets up his own device however as long as activesync is enabled with our servers our ability to monitor and control data flow remains.
Huh? That's what I said. If the device is configured for your activesync servers you can track it.
If his phone is not configured to connect to his work's servers in any way, he is safe.
Activesync provides push synchronization of contacts, calendars, tasks, and email between ActiveSync-enabled servers and devices. Also provides for the manual transfer of files to a mobile device, along with limited backup/restore functionality, and the ability to install and uninstall mobile device applications.
So that is the only info your companies host server will be able to get from his device.
Not his actual safari browsing currently on carrier connection.
Good try though making it sound like you can track him and see everything like enemy of the state