Helping people with computers... one answer at a time.

Using a computer at work puts you at the mercy of your workplace IT policy. It's technically possible that your work could track all your activities.

If I connect to my home computer from work, can they track what I do on my home computer? I know they are able to see what internet web pages I browse at work, but if I were to do things on my home computer using remote desktop, can they track what I do on that too?

Can they?

Sure.

Do they?

Maybe. It's easy to do, but it's hard to manage. It really depends on just how you connect to your home machine and how aggressive your company is about tracking you.

Off the top of my head, I can think of at least two ways your company could be tracking what you're up to as you remote access your machine at home.

1. Keystroke logging.

If your machine at work has a keystroke logger installed, then it doesn't matter what you're doing or who you're connected to - your keystrokes can be recorded. Couple that with screen image capture and your workplace could record a fairly accurate record of your session, including whatever it was you were doing at home.

"... I can think of at least two ways your company could be tracking what you're up to ..."

It's fairly unlikely that they'd do this unless they had a really strong reason to. It can be fairly data and labor intensive to go through all the collected data to see what you were up to.

But it could be done.

2. Proxy/Intercept

Remote desktop is encrypted and secure by design. Additional alternatives, like VPNs or other VNC remote access tools are similarly typically encrypted as well. So one would think that the actual data stream was safe from sniffing, yes?

Maybe not.

There are techniques I've recently heard discussed that work like this:

  • Remember that you don't really control your work computer. So hidden proxies, alternate certificates, and other tools could be installed by your company's IT department.

  • When you attempt to make a remote desktop connection to your home computer, that's transparently intercepted by a proxy that sits between you and your home machine.

  • That proxy is able to decrypt the data, examine, or log it, and then re-encrypt it on its way to your home computer. The same applies in the reverse path.

  • Except perhaps for a little slowness, you'd never know without examining the characteristics of your connection very closely and knowing what to look for.

This approach is technically complex, so again I wouldn't expect a company to necessarily set it up unless they had serious reason to or were particularly paranoid.

But the short answer is that it's possible.

So the bottom line is that yes, absolutely it's quite possible. Not necessarily easy, but it can be done.

Only you can judge how likely it is that your company is doing it, or whether what you're doing would be "against the rules" if they were.

Article C3190 - October 23, 2007 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

6 Comments
Tek
October 29, 2007 2:04 AM

Quote: "Can they track what I do on my ***home*** computer"

Isn't the question about whether the HOME computer can be watched rather than the work computer?

Answer:
It is unlikely that your computer could be tracked from your workplace if you connect via Remote Desktop. However, there are some ways that your workplace could track it...

1) In the remote desktop client there is a way to let your own drives appear on the remote computer as network drives (under the advanced tab). If you do this, someone near the computer could possibly look through your drive.

2) When you connect, it is possible for your IP address to be tracked back to you (e.g. via packet sniffing as mentioned above). Although this would not allow anyone to read the packets (due to encryption), it could allow them to exploit a vulnerability on your computer. This shouldn't be a problem as long as you have a decent firewall...

There may be other possibilities but I now have to go...

--

Leo A. Notenboom
October 29, 2007 2:12 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Isn't the question about whether the HOME computer can be watched rather than
the work computer?"

Yes, of course. But to access the home computer you're doing it THROUGH a work
computer. The article describes how by monitoring what happens on the work
computer you can monitor what you're doing on your home computer.

Leo


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFHJkzSCMEe9B/8oqERAtShAJ9l/CGs0mhibRSP1vxneNEjvk8YwgCbBvbl
hhZ/8f0PRG58DrAB4IO+i78=
=Ny4Y
-----END PGP SIGNATURE-----

Matt Taylor
November 5, 2007 11:09 AM

What it really boils down to is does your company have a policy in place that restricts this kind of "idle" screwing around, and what the penalties are and did you sign the piece of paper agreeing not to utilize company assets for personal gain etc. If you cannot justify acessing your home computer and the above is true, it doesn't matter whether they can track you, they just have to prove you used work equipment for "joysurfing" (for lack of a better term) and that makes you liable for the consequences of the action. They don't have to know what you did specifically, they just have to be able to show you were somewhere, doing something that you agreed not to.

chris
July 12, 2009 6:52 PM

how do I stop my computer from being track by anyone and how do I know when they are doing it at all

lisa
January 30, 2010 4:44 AM

What is the best stealth fully undetectable remote admin tool available for noobs on the market? (ie, turkojan, poison ivy, cerbeurus, zeus....etc)

It seems that he is seeking a way to Rat his home computer

Some Random Dude
October 15, 2010 2:05 PM

I'm connected via RDP from work as I type this :)

And with the crazy fast internet upload speeds now avaible it's quite nice actually.

There is no apparent way to extract what you type or see in an RDP session unless they are running a keyboard sniffer or capturing your screens a session to your desktop.

Yes that RDP traffic goes through the employer firewall, but it it's a giant blob of nothing. Can they see traffic volume from your work desktop to an IP that could be linked to you .. sure. But the volume would the look the same if you had a something updating on the remote monitor.

You are probably safe as long as you get those TPS reports done on time.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.