•
Listen to the podcast: Can my employer
track what I'm doing on the internet?. 
Transcript
This is Leo Notenboom for askleo.info.
An incredibly common theme for questions I get has to do with privacy. How to maintain it, how to break it, and when it's reasonable to expect it.
This week I got, once again, the question: "Can my employer track what I'm doing on-line?".
The answer? "Of course they can".
So can your ISP at home. Or your school. In fact, anyone providing your internet access can, if so inclined, peer into your surfing, IMing, gaming, or other on-line habits. It's not even that hard if you have the level of access that your these service providers have.
They key is that phrase: "if so inclined."
Now, most of us are not nearly as interesting as we might think we are. By that I mean that while your employer, school, or ISP could snoop in on you... would they really bother? Most of us just aren't that interesting.
Of course there are a couple of exceptions. If you're doing something illegal, for example, the government could force your provider to trace or snoop on you. We've seen illegal music downloaders get caught this way.
The work place has an extra level of concern as well: because you're using their equipment and connectivity, they have every right to restrict and monitor what you do even if what you're doing is perfectly legal. The most common monitoring is probably to verify that you're not goofing off on company time. But if you're doing something against company policy, for example, they might also notice. They might see that you're emailing the competition or maybe using certain internal code names in external communications. It's even perfectly legal for them to install spyware on the machine that they own but that you use in order to monitor what you do on your computer.
So how do you maintain some semblance of privacy if your provider can watch?
First off, be realistic. Just because they can watch you doesn't mean they are. In a sea of thousands upon thousands of customers, your data is probably just so much noise to your service provider.
Second, live up to your employer's or school's expectations. If they have a policy against non-work or school related internet use then save that for your own time.
If you are concerned about your privacy you really have only two choices: don't do things that you'd be concerned about using providers you don't trust, or try and hide what you're doing using techniques such as encryption. Unfortunately in the latter case, your provider may not see what it is you're hiding, but they will be able to tell that you're hiding something.
I'd love to hear what you think. Visit askleo.info and enter 11479 in the go to article number box to access the show notes and to leave me a comment. While you're there, browse over 1,100 technical questions and answers on the site.
Till next time, I'm Leo Notenboom, for askleo.info.
Related:
Ask Leo! - Can my ISP monitor my internet usage?
Ask Leo! - Just how secure is email, anyway?
Article C3023 - May 13, 2007
I'll give the same answer as Leo - Yes employers can track your activity. I sell what is know in the trade as 'content filtering software'. Its stops end users doing anything that is non business on company machines and company time. For web filtering the product works from a database of millions of categorized URL's. From this they can grant access to business related sites and stop non business related sites from being requested. It will actively block and report, on individual users, groups or domains activity and can be scheduled to send reports to heads of depts, HR etc. It even has a catagory for proxy avoidance for the hardened end user. Obviously rules and policy can be set to allow users to surf during their dinner if they require, as long as the sites visited do not cause offence to anyone, porn etc, to a colleague or compromise the integrity of the network, spyware and viruses etc.
Posted by: Tony Webb at May 18, 2007 10:05 PMThanks for your answer.
Posted by: Tina at September 11, 2007 7:40 PMCan the employer retrieve my old emails once I have trashed them?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Yes. An employer could certainly set things up to retrieve your deleted emails.
Most commonly, I would guess, by capturing them all before you even see them.
Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFG6CeUCMEe9B/8oqERAgs3AJwLWK4XuEy/gKAN6KKUS0GW797aCwCfTxL+
Posted by: Leo A. Notenboom at September 12, 2007 10:53 AMQvGBun83ZJS4osAPWRndiWg=
=x86c
-----END PGP SIGNATURE-----
can my employeer read my yahoo,aol,msn, etc, emails?
Posted by: pedro at June 30, 2009 1:17 PM