Is my employer able to monitor what I do in a personal Gmail or Hotmail account when I’m doing it at work on my work computer, other than knowing that I am, or have been, on the site and how long?
Can they know what I write in an email in real time even if they might not be able to have a record of anything done other than at the moment it’s written?
My prior employer had a screen capture program, so it’s conceivable they could log your keystrokes and periodic screen shots. Most don’t have the manpower/time to effectively monitor all of that information, so it’s unlikely they are actively doing it, but it is possible.
I know there is software that can record everything you type, and record every website you visit. It is legal in most jurisdictions for your emplyer to use it, at their worksites. So I’d say that if you are visiting your personal email site at work, there’s nothing to prevent them from seeing everything you see on your screen, and recording everything you type. Whether they do is another question.
And what they do with the information is still another. For instance, they could record your ID and password to access your private email, but they would probably face some degree of liability if they used that information. Like using it to log in snoop your email, or passing the info to another party.
Technically IT can trace and see whatever they want to but realistically no one has time to do that unless there’s a special reason to do it to a particular person. Different workplaces have different policies but in the last few places I worked there had to be a very high-level request because we weren’t in the business of being electronic babysitters.
That answers my question. They can but probably don’t. But it’s possible IT could record my password. That’s disturbing.
Now that we’ve had some factual responses… in what way is this disturbing? You’ve voluntarily opened up your personal email on a computer owned by your employer, using a network paid for by them, and most likely while on the clock. How is it disturbing that they’re able to monitor what you do on their system?
If you’re worried about it do personal stuff at home and work-related stuff at work.
In general, if you can’t trust a computer not to be running a keylogger, then do not ever type any passwords into it that you don’t wish the keylogger operators to have access to.
As far as the contents of your Gmail being monitored by your network admin, I’d suggest using https:// to connect to Gmail, and setting your preferences there to https:// only.
My company actually had a crackdown on ‘nonproductive time’ last year, and set up the office internet gateway to save reports on what web addresses everybody’s workstation was accessing.
I went on dope withdrawl around that time. 
It is worth clarifying this.
If your IT dept has installed a keystroke logger, they could record your password, and details of messages you type (but it could be difficult to interpret, if the cursor gets moved around), but they would not see the information on screen. They could use screen capture technology to get an idea of what is on the screen, but this is a slow and intensive and is not implemented often.
If your IT dept uses a proxy server, they will see any web pages you visit via http, and could conceivably capture the returned contents of those web pages. However, they cannot do more than capture the URLs of secure web pages (https), and they cannot intercept the details of your communication with the web site, or the information returned.
So ensure that your webmail uses https (you can enable this for googlemail, as noted above).
Si
I’ve always used http for gmail, but just made the switch to https. Why would anybody not want to use https?
I believe it would be illegal for your employer to log into your email account using your password. They do however have the right to view anything you access on their computers over their network. Check your employee handbook.
Speaking as an IT guy - it’s our computer, our wiring, our connection to the Internet. Whatever you do on our computer is ours. You agree to this every time you log in.
Yes, we do have the ability to record your keystrokes. Yes, we do have the ability to see what’s on your desktop. But, we don’t have the time to be bothered with your Gmail account or your activity on the Dope unless your manager has come to us wanting to know why your productivity is so bad, or if you’re being investigated for fraud. With a quarter-million users, there’s simply not enough network bandwidth or server storage space to handle it.
Incorrect.
I have a customer who was having massive employee productivity problems but was having a hard time figuring out what they were actually doing because they always looked busy.
We loaded up all the employees machines with spector This kind of software captures every keystroke, every chat conversation, emails, and takes screenshots every 15 seconds. It was frightening looking at the logs, its like being able to read their mind.
All very true. I worked a place with maybe 300 users and it still would have been too much. Can we look at everything on your hard drive, all your emails, all your web browsing history, all your saved photos? Yes, easily. Do we have the time or interest? No. Not unless there’s a reason.
For example, I see on the Symantec Antivirus central console that your pc keeps getting infected with computer viruses. Then I check the temp directory where they got saved which happens to be set to tile view rather than list. Fetish porn photos pop up in all their glory, on my screen. Hm, I don’t remember those being in your job duties.
Guilty as charged.
Guilty. Wow. Tough room.
Even changing your password often would be of no use. If they want to listen in, they can.
No, he was correct, because his point about them being unable to monitor things sent back and forth was in a section talking only about proxy servers. He discussed keystroke logging in the previous, separate paragraph.
CPU and RAM load from https processing.
Not an issue on a system with 2 GB of RAM and a 3 GHZ processor.
Perhaps a concern on an embdedded device with a 200 MHZ ARM prcoessor and 64 MB of RAM.
As noted all employers are different when it comes to personal use of company assets, specifically internet use. Your hiring package probably came with a document regarding their policy and you signed it.
If you want the ability to surf the net, and check email and the like, your best bet is to cut the company out of the network loop and log in via cellular. Any number of data devices from iPhones, winmo, palm or laptop aircards will work.
Otherwise they own everything
Declan
I use Googe Docs for some work documents but the Google Docs site will have my personal documents as well.
Same with Gmail. I have had to use it for company email correspondence since our Outlook allows some limited number of attachments on incoming email. When the company email won’t let an email through to me with, say, 17 attachments, I give the sender my Gmail address and it does come through.
I keep some work notes on Evernote and Google Notebook but those sites also have my personal notebooks. So it’s interesting to me that these things are not private as I had always assumed.