Getting around snooping at work (was: Web Filtering)

Lonnie Olson lists at kittypee.com
Mon Apr 8 09:45:29 MDT 2013


On Fri, Apr 5, 2013 at 11:58 PM, Tod Hansmann <plug.org at todandlorna.com> wrote:
> First, it's your webmail, but not your internet connection.  How its
> used is their business and their right to allow you to do X or Y with
> it.  From that perspective it's not creepy unless they're reading your
> email for other purposes (which you have to allow them to do, by
> accessing your email from their network).  You don't have to do those
> not-at-all-work-related things at work, regardless of what excuse you
> come up with that makes it inconvenient for you that you think makes
> their paranoia unjust.  In other perspectives, just about every small
> company is one lost-lawsuit-as-a-result-of-a-printed-porn-image away
> from ceasing to operate.  Again, ultra-paranoid, but if we can go to one
> extreme, we can go to the other just as easy.

I understand your point, and agree with you up until it includes MITM
of SSL connections.
That kind of thing is problematic for both parties (business and employee).
* Very difficult or impossible for users to actually verify the
source.  (Verification is at least 50% of what SSL is for)
* Opens additional legal liability options for businesses.  If you can
read/monitor it, you are responsible.
* Creates technical issues with some financial software that can't
verify SSL certs.
* Increases the threat and damage of other attacks: dns spoofing, dns
cache poisoning, compromised hosts files, etc

Don't screw with SSL in your company, unless you have an army of
lawyers, security engineers, and force every employee to sign enormous
contracts.  It's much more dangerous and problematic than it is worth.

As far as tips for getting around company firewalls, I would suggest
extreme caution.  These tips can actually get you into more trouble
than even browsing porn.  Using any of these tips can qualify you for
prosecution under the overly broad Federal Computer Fraud and Abuse
Act.  Instead I would first recommend getting approval for firewall
exceptions, or second, be positive that your company isn't the evil
vindictive type (including the mgmt, HR, and legal types), or third,
bring your personal laptop with a cellular connection.


More information about the PLUG mailing list