Summary: Using a computer at work puts you at the mercy of your workplace IT policy. It's technically possible that your work could track all your activities.
If I connect to my home computer from work, can they track what I do on my home computer? I know they are able to see what internet web pages I browse at work, but if I were to do things on my home computer using remote desktop, can they track what I do on that too?
•
Can they?
Sure.
Do they?
Maybe. It's easy to do, but it's hard to manage. It really depends on just how you connect to your home machine and how aggressive your company is about tracking you.
•
Off the top of my head, I can think of at least two ways your company could be tracking what you're up to as you remote access your machine at home.
1. Keystroke logging.
If your machine at work has a keystroke logger installed, then it doesn't matter what you're doing or who you're connected to - your keystrokes can be recorded. Couple that with screen image capture and your workplace could record a fairly accurate record of your session, including whatever it was you were doing at home.
It's fairly unlikely that they'd do this unless they had a really strong reason to. It can be fairly data and labor intensive to go through all the collected data to see what you were up to.
But it could be done.
2. Proxy/Intercept
Remote desktop is encrypted and secure by design. Additional alternatives, like VPNs or other VNC remote access tools are similarly typically encrypted as well. So one would think that the actual data stream was safe from sniffing, yes?
Maybe not.
There are techniques I've recently heard discussed that work like this:
-
Remember that you don't really control your work computer. So hidden proxies, alternate certificates, and other tools could be installed by your company's IT department.
-
When you attempt to make a remote desktop connection to your home computer, that's transparently intercepted by a proxy that sits between you and your home machine.
-
That proxy is able to decrypt the data, examine, or log it, and then re-encrypt it on its way to your home computer. The same applies in the reverse path.
-
Except perhaps for a little slowness, you'd never know without examining the characteristics of your connection very closely and knowing what to look for.
This approach is technically complex, so again I wouldn't expect a company to necessarily set it up unless they had serious reason to or were particularly paranoid.
But the short answer is that it's possible.
•
So the bottom line is that yes, absolutely it's quite possible. Not necessarily easy, but it can be done.
Only you can judge how likely it is that your company is doing it, or whether what you're doing would be "against the rules" if they were.
Related:
-
Ask Leo! - Can my company monitor my IM conversations at home?
-
Ask Leo! - Can my ISP monitor my internet usage?
Article C3190 - October 23, 2007
Quote: "Can they track what I do on my ***home*** computer"
Isn't the question about whether the HOME computer can be watched rather than the work computer?
Answer:
It is unlikely that your computer could be tracked from your workplace if you connect via Remote Desktop. However, there are some ways that your workplace could track it...
1) In the remote desktop client there is a way to let your own drives appear on the remote computer as network drives (under the advanced tab). If you do this, someone near the computer could possibly look through your drive.
2) When you connect, it is possible for your IP address to be tracked back to you (e.g. via packet sniffing as mentioned above). Although this would not allow anyone to read the packets (due to encryption), it could allow them to exploit a vulnerability on your computer. This shouldn't be a problem as long as you have a decent firewall...
There may be other possibilities but I now have to go...
--
Posted by: Tek at October 29, 2007 2:04 AM-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
"Isn't the question about whether the HOME computer can be watched rather than
the work computer?"
Yes, of course. But to access the home computer you're doing it THROUGH a work
computer. The article describes how by monitoring what happens on the work
computer you can monitor what you're doing on your home computer.
Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFHJkzSCMEe9B/8oqERAtShAJ9l/CGs0mhibRSP1vxneNEjvk8YwgCbBvbl
Posted by: Leo A. Notenboom at October 29, 2007 2:12 PMhhZ/8f0PRG58DrAB4IO+i78=
=Ny4Y
-----END PGP SIGNATURE-----
What it really boils down to is does your company have a policy in place that restricts this kind of "idle" screwing around, and what the penalties are and did you sign the piece of paper agreeing not to utilize company assets for personal gain etc. If you cannot justify acessing your home computer and the above is true, it doesn't matter whether they can track you, they just have to prove you used work equipment for "joysurfing" (for lack of a better term) and that makes you liable for the consequences of the action. They don't have to know what you did specifically, they just have to be able to show you were somewhere, doing something that you agreed not to.
Posted by: Matt Taylor at November 5, 2007 11:09 AMhow do I stop my computer from being track by anyone and how do I know when they are doing it at all
Posted by: chris at July 12, 2009 6:52 PM