Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!
There are numerous people and programs that can track your internet activities... if you are really that interesting.
Question:
Leo, on the topic of “Can my boss see my mail and instant messages” you wrote, “if using your company’s machine, it’s safe to assume that your boss or IT department could see your emails and instant messages.”
Yes, but there may be an additional cautionary note in my opinion. My son and daughter-in-law are both faculty members at a major university. They have their own privately owned computer at home. However, at home, they use their university faculty email addresses to send and receive email. So, isn’t it true that it’s not who owns the machine but the use of the university’s email system on campus or at home, that opens the door to this kind of access vulnerability?
Actually, it’s both. Or rather, it’s either. And more.
My original article discussed using company provided, or company owned, hardware like a PC. The issue here, of course, is that when the company provides hardware like this, it’s possible, and often quite legal, for them install software or even hardware that enables them to monitor how that computer is being used.
That most certainly could include software to monitor everything from your keystrokes to what you see on the screen; and of course that means any email you send and receive, as well as instant messages or more.
Basically, when you are provided a computer by someone else, there’s really no way to know that they haven’t installed monitoring tools, because some of those tools are virtually undetectable. And companies have been known to do exactly that.
The company that provides your internet connection can, if they have an inclination, monitor the traffic that travels up and down the connection that they’ve provided to you. It’s much like an open Wi-Fi hotspot in that regard, except that your ISP has the legitimate means to do it.
So even when you’re at work or school using your own computer or another computer that you know is secure, if you’re using your work or your school’s internet, then they can absolutely monitor what’s going back and forth on that connection. I’ll talk a little bit about how to mitigate at least some of that below.
Someone else’s online service
The point, which you picked up on, is that the provider of basically any online service that you use can monitor how you use that service.
That means that yes, your email provider can read your email. If that email provider is your school, by virtue of having an email address based on that school’s internet domain, then yes; the school’s IT department could be looking at what you send and then receive.
It’s true for each and every email service provider, and every other online service provider.
But are you interesting enough?
Now, one of the things that I’ve long said that to be honest few people seem to take to heart, is that in general you and I just aren’t that interesting. Your ISP, your school, your company, and your email provider typically have much better things to do with their time than to spend it snooping on your correspondence.
Now, of course, if there is a reason for them to look, they can. But I’ll reiterate: most of us just aren’t that interesting.
What to do?
So, what can you do if you think you are interesting?
When it comes to using someone else’s hardware, not much. When you’re at work, don’t do anything on your work computer that isn’t something you’d want your boss or other’s to know about.
As for the rest (ISPs, email and service providers) it really all comes down to encryption of some sort. If you use a VPN service, then your internet provider can’t see what you’re up to, other than the fact that you’re connected to a VPN. And of course, remember that the VPN service can then see everything you do.
Encrypting email, on the other hand, is difficult but possible. And that’s really the only way to keep your email provider from being be able to read your messages. Your email message cannot be read, but remember that who you’re sending it to, of course, can be.
18 comments on “Can my school see my emails and messages?”
There is a simple rule of thumb here. If an organization such as a school or business gives you an email address only use it for whatever you do for that organization and not for personal emails. Email address are easy to get.
“However, at home, they use their university faculty email addresses to send and receive email.”
I also do this so that I can “work” even when I’m not on my work computer, but I also have personal email addresses accessible on the same computer, for personal communication. Doesn’t make sense giving your friends and family your work email address because you may change your work someday.
No one who’s familiar with webmail should be falling into that trap. I know some people who’re stuck in the old ways of Outlook Express and Microsoft Outlook, who believe an email address is attached to a computer. When they configure an account, that’s the only way they know to do email from that machine, therefore the idea of using different email addresses for different things does not even enter into their reasoning.
If they are faculty members at a public institution, their email account and all its emails could possibly fall under an open records request. So, I would avoid putting anything too personal in an email to that account.
My school uses it’s own domain (@j***s.org) on outlook. They have disclosed that they filter all of the emails coming and going for key words (like drugs or suicide), however, is there a way for me to find out if and when they do look at my emails and to see what key words they may be looking for. I say this because when doing assignments on drugs, alcohol or anything like that the school often gives out punishments without looking at the emails
Great article, thank you very much for writing it.
I have a question, my university gives us an email with a custom domain in G suite, something like “@***.com”, through that email we have access to storage in Drive, Photos, etc. In the same way we have access to office 365 (One drive) whenever we use the institutional mail.
Is it possible that my university can see the things that I save in Drive, Photos or One drive?
And if I log in to Windows or mac OS using my institutional email, is it possible that they can monitor my computer?.
Thank you very much.
Because they can, I would assume they do. It’s the safest assumption. When I send an email using my university account, there is a notice that the communication is monitored. They don’t have time to do it all but they use monitoring software, so I write all my emails with that in mind.
Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.
I want comments to be valuable for everyone, including those who come later and take the time to read.
There is a simple rule of thumb here. If an organization such as a school or business gives you an email address only use it for whatever you do for that organization and not for personal emails. Email address are easy to get.
“However, at home, they use their university faculty email addresses to send and receive email.”
I also do this so that I can “work” even when I’m not on my work computer, but I also have personal email addresses accessible on the same computer, for personal communication. Doesn’t make sense giving your friends and family your work email address because you may change your work someday.
No one who’s familiar with webmail should be falling into that trap. I know some people who’re stuck in the old ways of Outlook Express and Microsoft Outlook, who believe an email address is attached to a computer. When they configure an account, that’s the only way they know to do email from that machine, therefore the idea of using different email addresses for different things does not even enter into their reasoning.
If they are faculty members at a public institution, their email account and all its emails could possibly fall under an open records request. So, I would avoid putting anything too personal in an email to that account.
Can family members see everything i do on my cell phone if we have the same isp?
Typically no, but it really depends on how the account is set up and the technical expertise of the other family members.
So…using my school email to tell my crush I love her is a bad idea then?
Yes because they will be seeing your emails.
My school uses it’s own domain (@j***s.org) on outlook. They have disclosed that they filter all of the emails coming and going for key words (like drugs or suicide), however, is there a way for me to find out if and when they do look at my emails and to see what key words they may be looking for. I say this because when doing assignments on drugs, alcohol or anything like that the school often gives out punishments without looking at the emails
There’s no way to find out.
Can the school still monitor or access an email that I deleted?
There’s no way to know for sure. Depends on too many different things. It’s best to assume that they can.
Great article, thank you very much for writing it.
I have a question, my university gives us an email with a custom domain in G suite, something like “@***.com”, through that email we have access to storage in Drive, Photos, etc. In the same way we have access to office 365 (One drive) whenever we use the institutional mail.
Is it possible that my university can see the things that I save in Drive, Photos or One drive?
And if I log in to Windows or mac OS using my institutional email, is it possible that they can monitor my computer?.
Thank you very much.
My belief, though I have no data to back this up, is that if they provide it, then they can access it.
If I send an email from my personal account to another person’s school account, will my school be able to see it?
You must assume yes. Whether they DO or not, there’s no way to tell.
Can they access things like my gmail when I use their computers on campus?
Can they? Probably. They can at least see what you’re doing. Do they? No way to know.
Because they can, I would assume they do. It’s the safest assumption. When I send an email using my university account, there is a notice that the communication is monitored. They don’t have time to do it all but they use monitoring software, so I write all my emails with that in mind.