It’s summer, my office is finally cleared out and Phlosphr discovers he’s been hacked! So this is a debate on honesty.
Not necessarily hacked but told that my every keystroke was recorded. Nothing was found to be erroneous so I was given my report to do with what I wanted.
I’m an instructor at a college. I had no clue anyone was doing this to me on the server. This is the first year they instituted it, and I bet there are certain people that would love to get their Grubby Little Hands on my report.
Luckily the man overseeing the new operation is a close friend of mine and deleted the report. I not only feel violated, but someone with Grubby Little Hands wanted my stuff. Luckily still, I normally use my laptop, and are rarely hooked to the server.
What is the Grubby Little Hands fallacy you ask?
Someone wants to see what another is utilizing their computer for on one day, and they expect said person will be utilizing that computer the next day. Many of us use laptops. Why the administration is looking into such things as deceitful computer using in my department is almost unfathomable. There are only 10 instructors in the department and 1 chair. several of us have T.A.'s working for us, but come on now. They are thoroughly reviewed before entering. I tell ys if it is one of mine, I’ll be pissed come fall.
Luckily I am off this summer, no teaching summer session etc…etc… so I can not do much about it.
Honesty. Some say it can be figured as a religion, I say it is merely an attainable state when one is ready to be responsible for ones own actions. I am, so I feel I can be a little miffed at the admin for instituting something like this on our server.
What other kinds of undermining, dishonest/honest backdoor systems have you seen. People spying on people.?
I use a university server too.
I wonder if there is a similar policy. how did you find out?
I’d definitly be pissed if I found out that such a thing was happening, (to me). not that I do anything but read the SD all day long, but still…
You use a university server Simon? Are you faculty, staff, student? It makes a difference.
I am faculty, so I found out because I am close friends with a direct collegue in the IT department. So I do not know how you would find out otherwise. It is a good Q though.
If this were simply a corporate setting, I’d say they’re totally within their rights to keep whatever records or surveillance on server traffic they wish to.
Since it’s a university, though, I’m less sure of the moral standing of such a policy. Yes, the U owns the servers as much as the corp owns theirs, but the use policies are looser, from my experience. Most universities act as general ISPs for their students/faculty/whatevers, which differs from corporate strictures on use. Especially if the connection is done on the person’s own resources (i.e., not a Uni-owned computer, which is one of a limited number in a limited number of heavy-demand computer labs).
Note that the university-as-ISP is second-hand information, so quite subject to inaccuracy. I left college in 1993, at least a year before this Interweb contraption thingy caught on.
The only right I can imagine is the right to totally own an employee’s ass simply because there are no adequate privacy protections in place (yet?). I consider it equally inappropriate to spy on someone’s computer, monitor their phone calls, search their desk drawers, and go through their snail mail.
In fact, in the name of striking a blow against these fucking snooping low-lifes, can anyone recommend good anti-spy software?
Except, Abe, that the computer, the server, the voice-mail, and the internet connection are all the property of the corporation, which, under normal circumstances, does not guarantee or even offer privacy in their use. If the company policy is that employees are not to use the phone lines, computers, or internet connections for personal business (barring emergency phone calls), then the company is entitled to make sure that those devices are used in precisely that manner. If you’re caught playing solitaire, posting to the SDMB, or having phone sex with your boyfriend on company time with company property, then you deserve to be fired.
And installing your own software on company property is just as bad as any of the above activities. Especially if it’s software that is designed to thwart the company’s perfectly legal monitoring of your work (or lack thereof).
Precisely what I mean: a lack of protection that permits the invalidation of workers’ privacy – a right that, because it is not explicitly stated, no longer exists the moment an employee steps into the office (at least according to what you wrote, jayjay.
Particularly easy to abuse, if you know anything about corporate culture (hint: bad news if you’re a hot chick). I’m not aware of laws that explicitly protect from such abuse, but does that mean abuse is permissible?
Now, if you think that employees have no rights to any privacy simply because they are using the company’s tools that’s all well and good, but I consider it my right to protect myself against any possible abuse on the part of the corporation as it goes about “supervising”.
It just seems like common sense, though I am no expert on privacy laws.
Before getting some kind of anti-spyware you need to know what sort of setup you are on. Do you do your typing on a university machine that is connected to a server? Or do you use a laptop that you plug into the net when you come into work? If you are using a laptop, what operating system is on it? If you are running Win 2000 or NT on your local machine, what level of account do you have?
Depending on the answers to some of those questions, it mght be possible to simply encrypt the stuff you upload to the server using PGP or other, heavy-duty encryption package. This would require you to be running NT or 2000 and have an admin account on the local machine. Of course, whether this works or not would depend on what is supposed to happen with the docs you U/L to the server.
Testy I am running Win 2000 on my laptop and 2000 at work. I use an Airprime wireless internet card most of the time I am undocked which is very often. I use HAL - a.k.a work computer - for grading and keeping records of students. This is the main reason I think our computers are being watched. So there is no tampering. I do not know the level of security other than detecting and storing keystrokes.
For a very liberal school we are quite secure…
I am assuming (maybe a bad one) that you use MS Office on your laptop and store the resulting files on HAL. If I were you, I’d have the laptop disk formatted and reload with a known clean source. Add yourself as a power-user or run as admin if you are comfortable with that. This should take care of any keystroke loggers that are on your system. Encrypt any documents you produce using PGP and then upload them to HAL. If the uni wants to try cracking PGP, then let them give it their best shot. One word of warning on the heavy-duty encryption. If you lose the keys, not even God can get the data back.
You may consider it your “right”, but it’s not a protected right, and you may very well be fired over it if you exercise it without any legal repercussions. Most large corporations will send someone to investigate if they see your workstation is not accessible to their software anymore, and the company is legally allowed to discipline any policy infractions. IANAL, but I’ve seen this happen.
Look, I hate people spying on me as much as the next guy, but when I’m at work, I’m on my employer’s terms while I’m here, since they’re paying for my time. They CAN (and do) go through my files, check my desk, do bag checks at the door, monitor phone use, store all email sent, record internet usage, and otherwise check up on what I’m doing with their resources. This is clearly stated in most corporate policies, and while IANAL I’d have to imagine it’s supported by law in most (if not all) states. My “right to privacy” is only absolute at the edge of my skull, and that’s debatable if I’ve signed an intellectual property provision that states otherwise. Installing countermeasures is a fast way to piss off the people who are paying you, and I have to ask, why would you do that? More to the point, why in hell would you expect such activity to be understood?
If you’re so worried that a little SDMB (or what have you) at work is going to get you in trouble then either knock it off or find a place to work that better suits your work style.
Not the case, you misunderstand me. I am in no danger of being fired or disciplined, and my activities at work have a certain latitude. But I would consider it a lovely message for certain intrusive snoopers, of which I know at least one in my company. Nosy fellow, and a terrible gossip too.
Now that combination is an instance of abusing the right to monitor company property. Not a rare combination either, in my experience.
Testy, thank you, I think I know what you mean (been using PGP for a while, I tend to encrypt sensitive e-mails).
Well, to be fair, what you’re talking about is usually considered a violation of most policies as well. Freelance “investigation” by individuals will get you in hot water at most places I’ve seen, since forensic analysis of resource usage should be done by qualified and accountable staff. If that’s not the case with you, then you’re right, I misunderstood. There’s a difference between protecting yourself from the guy in the next cube and trying to thwart the company’s security team…
Good to hear you’re using PGP, I love that stuff. The best thing I know for keeping the “grubby little hands” off whatever I’m doing. For Internet access can you use an anonamizer service? Some of these set up an encrypted link between yourself and their site. You basically use them as a proxy. That stops snoopy people from monitoring your net usage. Fortunately or unfortunately, many corporate proxies block anonamizer sites.
I really dislike people monitoring me. S Phlosphr
Possibly I misunderstood you. You have two different computers? One on your desk and the other is a laptop? Does the laptop belong to you? If so, then just format and reload that beast from trusted media. As long as you control what goes onto it there should be none of this keystroke logging business.
As Ed so rightly pointed out, the internal network security team might get a tad peevish about any of this. S
al lot of stuff can be found by hitting ctr/alt/delete and then hitting the task manger button. Under ‘processes’ you’ll see a bunch of .exe’s. Go to groups.google.com and search on those exe’s and you’ll see what they are for. I look periodically for weird crap.
Key stroke tracking software is just one of many ways to monitor you. Some applications will actually take screen shots of your screen and send them to a particular party at various time intervals. There’s also just monitoring of the proxy…they look for certain file types, certain key words, etc. And yes, message boards are usually going to raise a red flag if you are spending too much time there.
From my experience, most people abuse the internet policy in one way or another…stock quotes, sports scores, various news, etc. Usually there is a “business use” rule. Where I work, as long as you get your work done on time and stick to mainly news sites, you’ll be fine…porn is the big no no.
Yes, Testy I have two seperate computers. My laptop which I own, has a dock next to my computer in my office which the College owns. They are linked, meaning, I can check email from home, and I share files with Hal… But as far as I know they can not check out my laptop because it is not on their server.
If you do this, bear in mind that if you’re going through a proxy your usage can still be tracked unless it’s SSL encrypted (as suggested). So instead of seeing http://www.somepornsite.com they’ll see http://www.anonymizer.com/?site=www.somepornsite.com. Not a huge help. Keep in mind that anonymizers are primarily to mask your source, not your destination. If you can find a site that will do SSL you’re better off, but then, as noted by Testy, good luck finding one that’s not blocked. If it’s not encrypted, don’t fool yourself. They’ll still see everything you’re doing.
Phlosphr, if you’re using a remote terminal for entering grades and such, which it sounds like you may be, there’s absolutely nothing you can do to mask your keystrokes. You’re using their system, just remotely.
Is Ed right? Are you using an alpha terminal to enter data? If so, I’ve got to agree with him, you’re stuck with the monitoring. I had completely forgotten about those things.
