My wife tells me not to send any really “personal” messages to her at her hotmail account, because if she opens them at work, her employer can read them too. Is this true? I was under the impression they would know that you accessed the hotmail site, but wouldn’t be able to access the actual emails unless you were under direct computer surveillance. Anybody got any answers to this one?
QtM
If she’s logging into the hotmail site from work, then her employer can tell that but he wouldn’t be able to read the email unless she’s downloading the email to her machine or having it forwarded to her work email. Well I guess they could technically read her email if they wanted to capture the data stream but really that’s just getting paranoid. Now it is possible to have monitoring software installed on her computer that would allow her employer to see everything that comes on your wife’s screen. I haven’t used such software. Does you wife have reason to suspect they might be doing this?
I doubt you can do this with hotmail as it is seperate from the company’s network, unless your wife keeps her password in her cookies in which case her employer could log on as her and use her cookies (that’s assuming that they can find out her work password [if they have them], which is usual in most companies just in case people forget their passwords)
As your wife does not say how her employer would do this, I assume that she just thinks that all employers monitor their employee’s emails. It would of course be possible that the employer has surveillance software to check what their employees are doing on the internet.
No. She just thinks that since she brings up her hotmail and yahoo accounts and opens certain emails on them, her employer can see the data. I told her I didn’t think so, but could not verify. She just reads them and closes them. It’s kinda cut down on our flirting during work since she told me to knock it off.
What about Telnet stuff? My school account is telnet-based, and I did use that account while at my summer job. Could the company read those?
Unless her employer is a nazi bastard and installed software similar to those listed on this page, then I’d say she’s being paranoid. To be sure, she should flirt with the network administrator though. 
I think actaully reading the email is too carnivore-ish and not something a small to medium business would spend the money & resources on. It would be easier for them just to record the key-clicks from the keyboard and save that to a text file. That is sort of like removing the ribbon from a typewriter and studying the punched-out letters to see what keys were pressed.
Most employers don’t have time for anything but surface checks of employee surfing habits. Anything dodgy is likely to be picked up by keyword or fleshtone searches (althought I’ve heard, but never seen, anyone use the latter type of search). Excessive use of Hotmail or other web-mail accounts might earn you a slap on the wrists, but most employers won’t actually install software to read the emails unless they suspect you of something fraudulent.
Would a temp folder have the pages? One time someone was using my PC to access his email via Outlook Web Access. He was with another company. I found the messages he read in a temp file as an html document.
It might. Always select the “increased security for public/shared computers” button before logging into Hotmail. This, IIRC, is supposed to delete cache & temp files from the local disk when the user logs out of Hotmail.
Everything that crosses the network can be viewed by someone in between, barring SSL encryption or some sort of VPN. It’s likely your wife’s computer at work is on a LAN which has a gateway providing access to the Internet. This gateway/firewall is logging everything that passes. Many will only log basic stats, but they can potentially log complete copies of every packet that passes in or out, which would allow a network adminstrator to review all the content of your wife’s activity.
This kind of thing is neither “nazi” nor paranoid from the company’s standpoint. Many companies log traffic and do keyword scans on log files to track whether sensitive data is being transmitted off a secure network. This applies to trade secrets, proposals, and financial data, not just super-secret classified stuff. Some companies also monitor keywords to look for harassment and sex/race discrimination evidence so they can demonstrate that they take a proactive stance toward preventing that type of thing.
If they’re using Microsoft’s System Management Server as a network management tool, yes. SMS can either capture the data stream or look at/take control of your desktop at any given time.
Ours is configured to let you know when we take control of your system, but we don’t have to ask your permission. And don’t worry about your private stash of JPEGs and GIFs, I already got the ones I wanted…in case you’re worried, they’re NOTHING compared to the ones I got off the HR director. 
As to your e-mail, see Attrayant’s post. It’s possible, but not generally very likely. Unless your company deals in cutting-edge research, Dept of Defense activities, or high-level financing.
Geez, we don’t even monitor surfing habits unless somebody’s manager complains.
At my previous place of employment (I left about a year ago) they didn’t really actively monitor all the network traffic, but they did log everything. When an employee was caught forwarding unacceptable emails, they went back and checked the logs and ended up firing about 20 additional people. The scary part is that they went back a full year to find some of the evidence.
I’m an employer. (In fairness, I’m far more technical than most, and my area of expertise is network security). Recently, I had very good reason to believe an employee was stealing a lot of money from the company. So I dug into their hard disk. First problem was that they had erased all the temporary files. That was easy; there are plenty of undelete programs out there. Second, I had to figure out how hotmail (in this case) stored messages in the temp directories, but that didn’t take much effort either. All of my activity was done over the corporate network, while he was in possession of his computer. I got the evidence I needed.
Long story short: If someone really wants to, they can get at your info. You have to got to some great lengths to hide everything.
Now, no rational employer would go to that effort if he suspects you’re doing unauthorized surfing on your lunch hour or some other silliness. But if you have something to hide, it’s not that hard to discover it.
Thanks for all the responses. Since my wife works for our local public schools in our small community, perhaps I’d better just forego suggesting what I’d like for us to do later that day over the email. Sad, but each day the world becomes more and more of a golfish bowl.
That’s goldfish. my bad.
A Freudian slip, Dr. Qadgop?
Way back in DOS days, when I administered a company LAN, we had some software that allowed us techies to view the ENTIRE SCREEN of ANY user on the LAN. Designed for tech support (much better than trying to guess what the user is Looking At Now), it certainly could be used for spying.
I don’t know the name of any current software that allows the same function over Windows, but I’m sure it exists. Technologically, it is simple.
However, it would be pretty unethical for a boss to use it without the employee’s knowledge. Still, it’s not paranoia if they’re really out to get you.
We use VNC for this. It allows you to connect to a machine that has a routable IP just as if you were local. You can watch what the user is doing or do things for them. It’s a lifesaver when configuring machines for users who can’t even spell “DSN”. It would certainly allow you to snoop, but it’s overkill if you’ve already got a packet filter or a “network monitor” (read: sniffer).
The best thing to do QM is just ask the boss if they can. If her comp has an IS or IT department ask them. Also, check the office Acceptable Use Policy for her computer use. Im pretty sure they have a right to read her email but it would depend on the state.
You should try download.com & find a more secure email program, something with encryption