Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Can your boss read your emails and check your online activities?

H

hajime

macrumors G3
Original poster
Jul 23, 2007
8,134
1,394
Hello, I asked a colleague to order something for me online. She told me that she has to do it after work because the workplace has some kind of tracking software to track online activities.

My mac at work is owned by the university but they only manage the Windows partition. Under the Mac OS, I can only use the browser. I cannot even connect to the printer nor network drives. My questions are:

1. If I send/receive emails on my laptop, can my boss read the messages:
a) if I use work email account
b) if I use private email account (e.g. yahoo, hotmail) that has been logged on using this work computer at work

2. If I browse the internet and use the mac on the workplace network

3. Is the only secure way is to use my private computer and a private email account (not logged in under the workplace network) on a non-workplace network?
 
The answers to your question depends on how things are configured further down the pipe so to speak, but in general, yes - employers can and do have the ability to monitor and restrict all forms of traffic. You need to ask the IT department about what their policies are, but with private email I can tell you that they cannot read the messages themselves - they don't have access to the servers. Corporate email, yes, private generally no. They can check for traffic on private email but unless they have a specific policy against it, they won't bother.

Question 2 is yes they can monitor web traffic. Lots of companies do it and there are lots of ways to do it.

Question number 3 isn't a question of security but of privacy. That your employer can monitor traffic is to be expected - you don't own the pipe and therefore you don't get to dictate terms. They stuff your employer does can be done on your own network. That doesn't make it any more or less secure since these measures are by design. If you are concerned about privacy don't use your employers internet pipes to do things. If you have any questions about what is allowed or not, ask a manager of your IT department or HR.
 
pdjudd said:
with private email I can tell you that they cannot read the messages themselves - they don't have access to the servers. Corporate email, yes, private generally no. They can check for traffic on private email but unless they have a specific policy against it, they won't bother.
Click to expand...

If I logon to my private email account (e.g. yahoo, hotmail) on a computer (be it private or company owned) under the workplace network, they can get the password and userid as these information need to be sent to the remote yahoo/hotmail server. So, they can read the messages. Am I wrong?

If I want to talk about bad things about the IT department and my boss with my friends, which is the most secure way?
 
hajime said:
If I logon to my private email account (e.g. yahoo, hotmail) on a computer (be it private or company owned) under the workplace network, they can get the password and userid as these information need to be sent to the remote yahoo/hotmail server. So, they can read the messages. Am I wrong?
Click to expand...

No, they cannot intercept your credentials assuming they are sent using SSL. They cannot get into your private mailbox that way unless the host is not using basic security. They can tell what sites your go to, but they can't read specific emails or anything. They can tell that you may be accessing Gmail for example, but they cannot tell that you are emailing your mom. They would have to break several laws to break into a third party company.

If I want to talk about bad things about the IT department and my boss with my friends, which is the most secure way?
Click to expand...

Sorry. As an IT professional, I am not going to tell you any methods that are going to be secure at work. Do it on your own time and your own dime. I can tell you that IT departments are concerned about enforcing your policy and we have rules too, but if I had good cause to think you are creating a hostile work environment , I would still report you to HR - but I wouldn't do it by spying on you without just cause. Not only is that unethical, it would get me into trouble as well. If you think it's not appropriate to to verbally, don't use company resources to do it.

And word to the wise, badmouthing any employee is just going to get you into trouble in some fashion. Most employers do not take kindly to such things.
 
pdjudd said:
No, they cannot intercept your credentials assuming they are sent using SSL. They cannot get into your private mailbox that way unless the host is not using basic security. They can tell what sites your go to, but they can't read specific emails or anything. They can tell that you may be accessing Gmail for example, but they cannot tell that you are emailing your mom. They would have to break several laws to break into a third party company.
Click to expand...

They can absolutely get into his personal inbox if they're using a keylogger. Or they could be using a screen recorder to see what he's doing. This would be an extreme and I wouldn't want to work for a company that did that sort of thing, but it's not impossible.

If I want to talk about bad things about the IT department and my boss with my friends, which is the most secure way?
Click to expand...
Use a personal phone or computer that the IT department hasn't touched. Or do it in person.
 
yg17 said:
They can absolutely get into his personal inbox if they're using a keylogger. Or they could be using a screen recorder to see what he's doing. This would be an extreme and I wouldn't want to work for a company that did that sort of thing, but it's not impossible.


Use a personal phone or computer that the IT department hasn't touched. Or do it in person.
Click to expand...

You mean a computer that has not been on the company network as well?
 
yg17 said:
They can absolutely get into his personal inbox if they're using a keylogger. Or they could be using a screen recorder to see what he's doing. This would be an extreme and I wouldn't want to work for a company that did that sort of thing, but it's not impossible.
Click to expand...

They could do that, but IT departments tend not to do that sort of things unless they actually have just cause since it can expose themselves to serious legal threats. I work in a pretty heavily regulated company and we don't even do that. We just block any mail services but our own via a firewall. That is way easier to do that.

Installing a keylogger is kinda pointless - we just control what they can and cannot get at. Far easier. Screen recording would't be done without cause though - most IT folks have better things to to than playing big brother. I was trying to be realistic based on what a company is likely to be using.

My only advice to the OP is if they want to badmouth the IT department, don't do it at work period. Not only is it likely to be against an HR workplace policy, it's just a stupid idea in general to do it on the companies dime.
 
hajime said:
You mean a computer that has not been on the company network as well?
Click to expand...

Just your own personal computer they haven't done anything physically to. They would still know what websites you visited or that you accessed email. Just not what exactly.

If you want to be even more secure you could use a VPN service with your personal computer like AirVPN. That way as far as the work is concerned you are just connected to that one VPN. All traffic between the VPN and your laptop is encrypted.

You could also just get a 4G hotspot or card for your laptop. Then you can browse the internet without using the schools resources.

Although since you work at a university. I'd wager that the IT department is way too busy to give a rat's ass about what you are doing on the computer and record your activity. They've got thousands of students constantly accessing the internet.
 
How do I check if they have installed keylogger or a screen recorder under Mac OS?
 
hajime said:
How do I check if they have installed keylogger or a screen recorder under Mac OS?
Click to expand...

The point of such applications dictates that they be invisible, you won't be able to tell.

Typically, in order to gain access to network resources of any kind, one needs to agree to an AUP (acceptable use policy) which spells out what you can and can't do while utilizing those resources. It would also spell out what the company or employer reserves the right to do with regards to monitoring activity.
 
hajime said:
How do I check if they have installed keylogger or a screen recorder under Mac OS?
Click to expand...
It's not really worth an employers' time and effort to monitor all their employees' internet usage -- that's a lot of man hours.
It's much more likely that they will have a proxy server, preventing access to FaceBook etc, and they will make you sign an agreement about acceptable usage, as already mentioned.

If you really want to find out what the company is doing, buy one of the Techies a drink.

Otherwise: if you want to do something and you don't want the company to know about it, don't use their resources to do it.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back