Question to the tech geniusus (that means your Muman) and others too-

[Tag-MehirTzedek]

  If you use your private email say at work, or you visit websites such as JTF or any other website does the employer get to know about it?
 1) See the websites you visit
 2) Get access to any passwords one puts on to log on (either websites or personal email address).
 
 I'm not only talking about legally but if practically it is possible? 

[Tag-MehirTzedek]

*you

[muman613]

Shalom Tag,

The simple answer to your question is, Yes your employer can monitor your internet usage. At the company I work at we sign a document which outlines the companies policies concerning use of the net. In general all internet traffic can (and probably is) monitored by the IT staff to ensure that Intellectual Property is not transferred outside the companies premises. My company works closely with Chinese companies and thus there is reason to make sure our servers are secure, and that the bandwidth being used is for company business. If you are concerned about them getting your password you can make it harder by using the HTTPS (secure socket layer SSL) protocol which encrypts all network traffic.

Regardless of this policy i have had no problem with using JTF. I am rather close to the IT personnel to boot...

 

[Tag-MehirTzedek]

What about AOL passwords and such ? If I log onto my email can they get access to it? Should I then change my passwords?

[South Korean Zionist]

Every website you visit places a cookie on your computer, it lets other websites know what websites you frequent so they can place ads appropriately. You ever do a search for something like cars or chinese food and suddenly the only ads you see online are for cars and chinese food? This is cookies working in action. Ever see your password filled in automatically? This is because your password is saved in your forms list. Ever seen a webpage load suspiciously fast? It's because the html is already saved(cached) in your browser.

So simply, delete all cookies, forms, and cached webpages, and browse through https both before and after you visit JTF, and you shouldnt raise any flags. That being said, using someone elses internet is FUNDEMENTALLY insecure, but someone would noy try or care to see what you are doing unless they have a personal grudge against you and 2+ years in IT to back it up.

[Tag-MehirTzedek]

Every website you visit places a cookie on your computer, it lets other websites know what websites you frequent so they can place ads appropriately. You ever do a search for something like cars or chinese food and suddenly the only ads you see online are for cars and chinese food? This is cookies working in action. Ever see your password filled in automatically? This is because your password is saved in your forms list. Ever seen a webpage load suspiciously fast? It's because the html is already saved(cached) in your browser.

So simply, delete all cookies, forms, and cached webpages, and browse through https both before and after you visit JTF, and you shouldnt raise any flags. That being said, using someone elses internet is FUNDEMENTALLY insecure, but someone would noy try or care to see what you are doing unless they have a personal grudge against you and 2+ years in IT to back it up.

 What about putting your password unto something. Logging on. Like I said earlier- logging on to your email address and if one already has done so, can they (not only legally but practically) view the password you put in. And if yes and one has done so, should they then change their passwords? I'm talking about one's private email and such and not anything related to the company.

[South Korean Zionist]

Yes, they can read this info, however like I said it would take an IT guy to do it. If you are this concerned, you can encrypt the traffic you send through a VPN. Witopia and strongVPN offer services like this, they are however paid. At that point however, its best to just not use it at work rather than spend 1 or 2 months learning how to stay secret on someone elses network.

[muman613]

The original question had nothing to do with the issue of cookies. Cookies are a way of allowing the network client (browser) to identify itself to the server using a local database of cookies. Regardless of whether you delete your cookies or not, any network system manager can snoop on packet traffic and see plaintext passwords and unencrypted data. This is why it is encouraged to use the HTTPS secure socket layer for all web browsing (making it more difficult for those sniffing network packets from extracting the information).

Regarding legality, we are not permitted to run our own Virtual Private Networks (according to employee handbook). The company provides us with a VPN to connect to the work network when we work from home.

[muman613]

What about putting your password unto something. Logging on. Like I said earlier- logging on to your email address and if one already has done so, can they (not only legally but practically) view the password you put in. And if yes and one has done so, should they then change their passwords? I'm talking about one's private email and such and not anything related to the company.

If you don't use HTTPS protocol all network traffic can be intercepted and your personal info can be extracted.

If you use POP or IMAP for email it is very insecure and certainly any network manager can snoop on your passwords and credentials. But if you use a secure version of IMAP or POP (with SSL secure layer) you are more secure.


For info about 'packet sniffers' or 'protocol analyzers' see: http://en.wikipedia.org/wiki/Packet_analyzer


Learn about various network protocols:

http://en.wikipedia.org/wiki/Post_Office_Protocol
http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol
http://en.wikipedia.org/wiki/Transport_Layer_Security
http://en.wikipedia.org/wiki/HTTP_Secure

[Tag-MehirTzedek]

Got it, thanks. Already changed my password (that I logged into).

[muman613]

Anyone interested in learning about packet 'sniffing' or 'analyzer' I would recommend the free program WireShark..

http://en.wikipedia.org/wiki/Wireshark

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, in May 2006 the project was renamed Wireshark due to trademark issues.[4]

Wireshark is cross-platform, using the GTK+ widget toolkit in current releases, and Qt in the development version, to implement its user interface, and using pcap to capture packets; it runs on GNU/Linux, OS X, BSD, Solaris, some other Unix-like operating systems, and Microsoft Windows. There is also a terminal-based (non-GUI) version called TShark. Wireshark, and the other programs distributed with it such as TShark, are free software, released under the terms of the GNU General Public License.

I use this sniffer at work to help debug network issues (when the network gets slow, etc.)... It can reveal packet floods and other disruptions to the network. Also if it is run at the network switch level it can be used to snoop on all net communications.

https://www.wireshark.org/