Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can my employer track what I'm doing on the internet?

If you have to ask, you probably don't want to know.

Become a Patron of Ask Leo! and go ad-free!


Transcript

This is Leo Notenboom for askleo.info.

An incredibly common theme for questions I get has to do with privacy. How
to maintain it, how to break it, and when it's reasonable to expect it.

This week I got, once again, the question: "Can my employer track what I'm
doing on-line?".

The answer? "Of course they can".

So can your ISP at home. Or your school. In fact, anyone providing your
internet access can, if so inclined, peer into your surfing, IMing, gaming, or
other on-line habits. It's not even that hard if you have the level of access
that your these service providers have.

They key is that phrase: "if so inclined."

Now, most of us are not nearly as interesting as we might think we are. By
that I mean that while your employer, school, or ISP could snoop in on
you... would they really bother? Most of us just aren't that interesting.

Of course there are a couple of exceptions. If you're doing something
illegal, for example, the government could force your provider to trace or
snoop on you. We've seen illegal music downloaders get caught this way.

"Just because they can watch you doesn't mean they
are."

The work place has an extra level of concern as well: because you're using
their equipment and connectivity, they have every right to restrict and monitor
what you do even if what you're doing is perfectly legal. The most common
monitoring is probably to verify that you're not goofing off on company time.
But if you're doing something against company policy, for example, they might
also notice. They might see that you're emailing the competition or maybe
using certain internal code names in external communications. It's even
perfectly legal for them to install spyware on the machine that they own but
that you use in order to monitor what you do on your computer.

So how do you maintain some semblance of privacy if your provider can
watch?

First off, be realistic. Just because they can watch you doesn't mean they
are. In a sea of thousands upon thousands of customers, your data is probably
just so much noise to your service provider.

Second, live up to your employer's or school's expectations. If they have a
policy against non-work or school related internet use then save that for your
own time.

If you are concerned about your privacy you really have only two choices:
don't do things that you'd be concerned about using providers you don't trust,
or try and hide what you're doing using techniques such as encryption.
Unfortunately in the latter case, your provider may not see what it is you're
hiding, but they will be able to tell that you're hiding something.

I'd love to hear what you think. Visit askleo.info and enter 11479 in the go
to article number box to access the show notes and to leave me a comment. While
you're there, browse over 1,100 technical questions and answers on the
site.

Till next time, I'm Leo Notenboom, for askleo.info.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

14 comments on “Can my employer track what I'm doing on the internet?”

  1. I’ll give the same answer as Leo – Yes employers can track your activity. I sell what is know in the trade as ‘content filtering software’. Its stops end users doing anything that is non business on company machines and company time. For web filtering the product works from a database of millions of categorized URL’s. From this they can grant access to business related sites and stop non business related sites from being requested. It will actively block and report, on individual users, groups or domains activity and can be scheduled to send reports to heads of depts, HR etc. It even has a catagory for proxy avoidance for the hardened end user. Obviously rules and policy can be set to allow users to surf during their dinner if they require, as long as the sites visited do not cause offence to anyone, porn etc, to a colleague or compromise the integrity of the network, spyware and viruses etc.

    Reply
  2. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    Yes. An employer could certainly set things up to retrieve your deleted emails.
    Most commonly, I would guess, by capturing them all before you even see them.

    Leo

    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.7 (MingW32)

    iD8DBQFG6CeUCMEe9B/8oqERAgs3AJwLWK4XuEy/gKAN6KKUS0GW797aCwCfTxL+
    QvGBun83ZJS4osAPWRndiWg=
    =x86c
    —–END PGP SIGNATURE—–

    Reply
  3. Thanks, Leo.

    I’m glad you made the main point. It deserves repeating:

    Your employer owns the computer, with all its capabilities, you use at work. Therefore, your employer has every right to monitor it for any reason or no reason at all.

    It may be a PC, but it’s not your personal computer.

    Reply
  4. If your employer is paying for the computer, and the Internet access, is it not reasonable that they expect it will be used for work? Also where you are allowed personal access, is it not reasonable that the employee will not visit sites which may bring negative publicity to the firm? Think of two recent examples, the McQaurie bank employee accessing pictures of a nearly naked supermodel on his computer, while behind him, a fellow employee is doing the nightly financial news broadcast, so instantly this is broadcast Australia wide. Secondly the whole world now knows that one of the large financial houses were doing porn on the Net while the GFC was in meltdown around them – Nero fiddles while Rome burns? Is that a place you would feel safe for your money? If you don’t want your employer to monitor your computer use, use your home one, and visit what you like, where you like, when you like.

    Reply
  5. It is worth mentioning that companies most often have privacy policies or general IT policies that are shared upfront with all employees who, in return, are obligated to sign on these in agreement before start of employment. Such policies would admit to these “snooping” behaviors or “the right to snoop” in the event of suspected employee behavior. Bosses must be clear about this however because it pre-warns employees and deters them from misusing company resources.

    Reply
  6. Just use http://www.anonymizer.com if you feel you absolutely must handle some personal business on your work computer. Yes, your employer will be able to see you went to the anonymizer site, but everything you visit through the anonymizer portal will be invisible to your boss.

    Reply
  7. Its ok that the facility is being provided by the employer and so on,but is not the fundamental priviledge for the user to get his data safe for his use.is it not a sort of enchroachement in some bodies privacy.
    Kindly suggest some means to check such intrusion.And what should be checked on the machine to confirm such intrusions.

    You cannot conclusively check for or rule out monitoring, you must simply assume that your computer and your communications can be tracked.

    Leo
    27-May-2010

    Reply
  8. This sort of answers my question but not fully. What about if you are using your personal computer at work? I am using the company’s internet, which is allowed after business hours, since we actually live on site. I am wondering if my employer can see what sites I’m visiting even though they have no access to my computer?

    Reply
  9. Employers CAN track you; but if you are allowed to surf personal things, keep it strictly to “clean” stuff, like news websites, PCPro magazine, the local newspapers, AutoTrader (as examples).

    However, be aware the logs are deleted after a fair period of time, usually 6 or so months, but it varies.

    Reply
  10. If you work from home over a VPN (virtual private network) using your own computer, can the company track what you are doing when you are not connected to the VPN? My understanding is that for company laptops, once you connect back to the company network, it will download all activity that was on that laptop. Just was not sure if something similar was the case for personal computer when you connect to the vpn. Is this still the case if you delete the internet history and cache as well?

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.