Protecting your Facebook privacy at work isn't just about passwords

hamba

Inactive User
Joined
May 24, 2005
Messages
8,704
Reaction score
1,345
Location
Down Here
Protecting your Facebook privacy at work isn't just about passwords

If your employer gets to control the software on your computer it could be snooping on you at all times


An-immigrant-walks-past-g-008.jpg

Facebook users need to be protected from employer snooping. Photograph: Yannis Behrakis/Reuters



Facebook has threatened to sue companies that force their employees to reveal their Facebook login details. As laudable as this is, I worry that it will fail to accomplish its primary objective – protecting Facebook users from employer snooping.


Increasingly, firms configure the computers and devices on their internal networks to trust "self-signed certificates". These cryptographic certificates are the same files used by your browser to establish secure, eavesdropping-proof connections to websites and to validate software updates, and to generally validate the identity of remote machines and guard the files they send you from tampering and spying.


Firms have legitimate (ish) reasons to install these certificates. Many firms treat the names of the machines on their internal networks as proprietary information (eg accounting.sydney.australia.company.com), but still want to use certificates to protect their users' connections to those machines. So rather than paying for certificates from one of the hundreds of certificate authorities trusted by default in our browsers – which would entail disclosing their servers' names – they use self-signed certificates to protect those connections.


But the presence of your employer's self-signed certificate in your computers' list of trusted certs means that your employer can (nearly) undetectably impersonate all the computers on the internet, tricking your browser into thinking that it has a secure connection to your bank, Facebook, or Gmail, all the while eavesdropping on your connection.


Many big firms use "lawful interception" appliances that monitor all employee communications, including logins to banks, health providers, family members, and other personal sites. Even firms that don't require self-signed certificates in their employees' computers may use keyloggers, screenloggers, and other spying tools to watch what you do and capture your passwords. If your employer, school or institution gets to control the software on your computer, you can't know that it's not snooping on you at all times. Just ask the kids in the Lower Merion School District, whose school-issued laptops were loaded with software that let school administrators covertly watch students at home and at school through the computers' webcams.

Some may argue that employees who don't want to be spied upon should not use company premises for personal business. There's a grain of truth to this, but it's a small grain. After all, America is "the land of the 55-hour work-week", where personal time to conduct personal business is most often found in snatches between work at your employer's premises.


Besides, there are plenty of contexts in which "company property" would not excuse this level of snooping. If you met your spouse on your lunchbreak to discuss a private medical matter in the break room or car park, you would probably expect that your employer wouldn't use a hidden microphone to listen in on the conversation – even though you were "on company property". Why should your employer get to snoop on your private webmail conversations with your spouse during your lunch-break?


This was what I was getting at in my essay What's Inside the Box?: if we totalise property and elevate it above human rights, privacy and dignity, we end up in a situation where many of the devices in our lives, from the thermostats that have the power to freeze us or cook us, to the lease-purchase prostheses that let us live our lives, to the contract-subsidised mobile phones that have the power to watch our every move and record our every breath, are all designed to lock us out from controlling them – or even knowing what they're doing.



Cory Doctorow
guardian.co.uk, Tuesday 27 March 2012 16.45 BST
© 2012 Guardian News and Media Limited or its affiliated companies. All rights reserved.
Protecting your Facebook privacy at work isn't just about passwords | Technology | guardian.co.uk
 
I wouldn't be silly enough to use a works computer for anything private.
 
I suppose it goes without saying that this would be the same for wi-fi access provided by workplace as well as those like mucky d's etc. If you use the service they are providing for free, then I guess they can use what ever info they can capture on these networks. I only ask because my work have recently setup a free wi-fi access and I am asking the question why, when if your at work your supposed to be working. Surely they are not dumb enough to believe that workers will only use it at break times etc. Perhaps it would also be cause for disiplinary procedures at a guess. Unions and the general working public need to be made aware of issues surrounding the offer of free wi-fi and general Inet access at work. The number one age old rule that apply's here I think is...."NOTHING COMES FOR FREE IN THIS WORLD.":bangshead:
 
Back
Top