Home / you should know

YSK that employers may very well be tracking your browsing history and making business decisions based on individual traffic patterns

While this has been happening for quite some time, the tech involved for network engineers and sysadmins to inspect your traffic is now readily available and being leveraged by even non IT folks. Like management.

Companies like Cisco, Ubiquiti, Palo Alto, Fortigate and others have long had firewalls capable of matching not only who was going to what website, but also when, and how often-- more recently extra focus is being placed on the why. Deep Packet Inspection (DPI) and Intrusion Detection/Prevention (IDS/IPS) systems are now best practice for admins to gain control over large workplaces. Specialized equipment and techs are often tasked with various responsibilities, which previously were for the sake of protecting company assets and user data. But with the information available to admins, new "insights" and special attention are being paid to user traffic and browsing habits.

Upper management has now realized that if Johnny in accounting has spent at least 20 minutes a day in the last quarter on LinkedIn, Glassdoor and Indeed, he's probably looking for a new job and is now a risk to keep onboard. Or imagine if an employee is caught spending her time on about-to-have-a-baby-readiness sites and the company determines it's cheaper to release that employee rather than pay out the next 9 months of maternity leave. Substance abuse sites, mental health resources, too much Youtube, Reddit, or even no traffic at all can be seen as red flags for the discerning supervisor looking to cut losses or increase profitability.

Knowing this, it's likely in your best interest to completely avoid any and all personal usage at the workplace or on company devices.

For those that just can't help themselves there are a couple things that can be done to potentially mitigate the digital surveillance. Keep in mind that at work or on company gear it is well within your employer's rights to prevent any and all attempts at privacy or obfuscation of traffic.

A Note of Caution: Attempting to avoid detection on the network can/will look suspicious to a discerning admin. Tampering with company equipment may be a quick way out the door.

HTTPS/SSL Encryption -- If possible, install a browser extension like the EFF's HTTPS Everywhere. Assuming your workplace isn't intercepting and decrypting secured traffic, using tools like HTTPS Everywhere will mask your traffic as a generic HTTPS connection that could be anything. It will not prevent your employer from know the endpoints of those connections, but the specific data flowing across the network will be protected.

VPNs -- Commercially available Virtual Private Networks like those offered by PIA, IVPN and others will not only encrypt all of your traffic, but will also conceal the endpoints and tunnel your browsing directly out of the network. This is likely your best option, but again, many businesses look out for known traffic patterns, common ports and traffic signatures that would indicate a users is behind a VPN. Sometimes they'll be outright blocked altogether by shutting off commonly known VPN ports. This can sometimes be worked around by setting your VPN away from a known port like 1194 (OpenVPN) and setting it to port 443, which is a common port used for all encrypted traffic. Your workplace cannot effectively block port 443 as that would interrupt regular web browsing for all users.

Software/Virtual Machines: . Many companies have policies in place the prevent users from installing their own software. This is for a good reason, because the quickest way to infect your network or have a botnet setup camp is to allow Donny in the garage the ability to install and download sketchy software from Pirate Bay. Can't blame'em for this, but you might be able to get around it by installing a lightweight Linux OS on a USB stick and booting your computer from that. Tails (AKA Tor) and Ubuntu are the easiest options here.

Aside from that, if you can install any software on your computer, it might be easier to add a virtual machine and then install your own custom software inside. VirtualBox is a free an easy option with plenty of tutorials on how to install various operating systems.

The takeaway from all of this should not be "how to avoid your company spying on you," it should simply be an acknowledgment that they very likely are or will be in the near future. And again, it's not necessarily a bad thing. Most network/sysadmins are looking to protect both the company and the users. But mostly the company. And it's to be expected that anytime a large amount of data can be collected, it's only a matter of time until it is sorted through and inspected for more revealing insight into that user.

Be smart out there!



YSK that employers may very well be tracking your browsing history and making business decisions based on individual traffic patterns YSK that employers may very well be tracking your browsing history and making business decisions based on individual traffic patterns Reviewed by Unknown on 10:20 Rating: 5

Similar Post

Powered by Blogger.