Thereâs so much more to your computer, as well as your activity history, than just cookies and whatever tools like CCleaner can clean.
So much more.
Iâll review a few of the more obvious ways employers can recover or collect information about your activity. Realize, though, itâs not with the intent that you be able to hide what youâre doing, but to illustrate the futility of even trying.
Become a Patron of Ask Leo! and go ad-free!
Cookies and CCleaner
Cookies are, effectively, small data files left on your computer by some of the websites you visit. As you might imagine, while the contents of the files might not be useful (theyâre specific to each site), the fact that there exists a cookie from a specific site means your web browser has at some point fetched a page from that site. In other words, itâs one way to see where youâve been.
Tools like CCleaner can easily and quickly clear cookies.
In addition, such tools also clear other traces of activity, like your explicit browser history, temporary files, the contents of your browserâs cache, and much more. Iâll refer to them as an interesting first step to removing some traces of your activity.
But theyâre in no way complete or foolproof.
Resurrecting data
The easiest thing to overlook is the fact that deleting a file doesnât delete its contents. Unless the data is actually overwritten by subsequent writes to the disk, thereâs a possibility it can be recovered and restored. This is what âundeleteâ is all about â the attempt to recover files that have been deleted.
Simply clearing your cookies or history or whatever else data-cleaning tools might remove does nothing more than delete the file(s) containing the information. Thereâs a chance the files could still be recovered with an undelete tool.
The only way to avoid this is to ensure that the data is overwritten after itâs been deleted. CCleaner and similar tools have something called a âfree space wipeâ which does exactly that: it overwrites all the free space on your hard drive with random data, rendering what was there practically1 unrecoverable.
That may still not be enough to erase all of your tracks, however.
Data youâre unaware of
Windows is an incredibly complex operating system, as are many of the applications that run on it, including web browsers. It stores information in places you might not know about, or in places you know about â like the registry â but have no way to remove. Even so-called registry cleaners only remove or correct certain types of information, and are more about the health of your system than removing evidence of your activities.
Even the paging or hibernation files could be analyzed by someone knowledgeable to collect or infer information about what the computer was used for, where you visited, or what you did.
Thereâs simply no way to know that there isnât some amount of evidence of your activities left somewhere.
So, honestly, the only way to truly remove all evidence of your activity from your computer is to erase it completely. There are two approaches: using tools like DBan to literally erase the hard disk, or to reinstall Windows from scratch, ensuring you do a reformat of the hard disk as part of the process, and a free space wipe when the install is complete.
Both of those things are likely to trigger warning signs from an employer.
Besides, they may still not be enough.
Your computer isnât needed to keep tabs on you
When we think about tracking and evidence of our activities, we immediately think of all the data thatâs stored on our device.
While Iâm sure your company would love it if you left all your tracks on the machine, itâs very possible that they donât need âem.
Remember, they provide you with your internet connectivity and local networking. That means they can monitor where you go, what you do, and what you access from another computer, such as their internet gateway.
They donât need access to your machine; all they need do is monitor your online activity through the devices they control.
And itâs not your computer, to boot
Finally, itâs important to realize that when you use a computer provided to you by your workplace, itâs not your computer. In most jurisdictions2, you donât have a right to privacy on workplace-provided equipment.
The most obvious implication is that your employer has a right to snoop on what youâre doing by examining your computer or monitoring your internet traffic.
More concerningly, though, your employer could install spyware on your machine, or interfere with the âprivacyâ implied by https secure web sites. That means that even if you completely erase whatâs on your computer, they may have already collected information about your activity and sent it to their own servers for storage and analysis.
Trust. Itâs complicated.
Honestly, it really all boils down to trust.
You may or may not trust your employer not to spy on you, but itâs important to realize that they can. Much of how you use their equipment could be recovered forensically.
Similarly, they may or may not trust you to use their equipment according to their rules and guidelines. Once again, itâs important to realize that they have ways of verifying their trust in you.
I canât say how much invasive spying or forensic analysis is common, and I certainly canât say how much is ethical or justified. What I can say, though, is that itâs possible, and that if you have any concerns at all, you should act as if your employer can monitor every little thing you do with their equipment. Itâs by far the safest thing to do.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Podcast audio
Video Narration
âEven so-called registry cleaners âŠ..and are more about the health of your systemâ â Perhaps the word âallegedlyâ should be used somewhere in that sentence :P
True dat. Leo has written an article supporting that point.
Whatâs the Best Registry Cleaner?
That statement is pretty much the bottom line. Some companies install key-loggers which is apparently legal for them to do. With those, every keystroke including deletions and corrections, and more such as screen-shots, are recorded and sent on to them. So thereâs absolutely nothing you can do after the fact because they may already have all of the data.
As they are the owners of the computer you use, they have the right to install any application they want to, including key-loggers and any other monitoring application or devices.
âŠbut⊠they should also inform every employee of the fact.
Forwarned is forearmed to the employee.
The upshot is, unless stupidity reigns supreme with an employee, less problems and less to see by the employer (usually the IT team though)
I call that a win/win. Employee is less likely to go to sites they shouldnât (but remember there ainât no cure for stupidity) therefore less chance of pernicious malware on the system. Employer therefore has less issues to deal with and time savings is $ savings.
Can you please tell me why the word âthroughâ was thrown into the sentence: âMore concerningly, through, your employerâŠâ? It doesnât seem to fit the intent of the sentence.
Typo. It should be âthoughâ.
Good catch. Itâs fixed now.
My employer tracks what I do on my computer ⊠and they make it known. As you log in to Windows, they put up a message box to tell you. But then, my employer has a lot of information that should not be disclosed, either on purpose or accidentally.
I appreciate my employer making it known that they monitor my actions. While they do have the right, I donât think employers should do it surreptitiously.
I agree⊠let it be known and you stop a whole lot of problems before they start. Makes eminent sense.
I found this article on the rights of employers to monitor employeesâ activity in the workplace and while using company-owned equipment.
WORKPLACE PRIVACY AND EMPLOYEE MONITORING
And remember that this applies to the USofA. Other jurisdictions, i.e. countries, will have different laws. Some better, some worse, some totally diabolical.
Donât forget automated backups.
If your employer is serious about safety, he should have automated backup at least on a daily schedule.
Add all the logs kept on each computers as well as router logs and server logs.
Your activity traces are not only on the computer that you use, they are all over the companyâs systems.
Our company for a time used Spector CNE now called something different but i dropped the practice due to little or no enforcement after breaches of policy and sometimes law, we commenced using it due to a few staff stealing critical information. Itâs an interesting dilemma. The software recorded EVERYTHING, screenshots every 30 seconds, key strokes , sites visited, facebook and other chat systems all recorded. We used to put up a warning message as you logged in to the workstation or laptop that informed the user that everything was recorded, i even showed people what we could see and capture.. Yet still people would download porn, set up drug deals, spend the day on gambling sites , unbelievable but sadly true. As is said we stopped using it costly and little benefit with no enforcement.
I have read that even if you âdeleteâ a file and then overwrite it with another file or random data, the original file can still be recovered by forensic analysis. I find this a little hard to believe but am just curious (nothing to hide) about how true this is?
When data is written to an HDD, it doesnât write it in exactly the same location. It can be off by a tiny offset. Sometimes forensic analysis can find those tiny traces and determine what has been overwritten. Thatâs why some wiping programs overwrite up to 30 times. SDDs canât be retrieved that way but thatâs not saying someone wonât come up with a method to retrieve overwritten data in some other way.
Hi Leo or Mark,
Leo I hope you are feeling better! Rest and get better!!! And get the 2 pneumonia vaccines recommended by the CDC!! And Mark you have been a great help also!!!! Note: This is my PC. Iâm retired so no employer!
What do you do when your PC canât see the printer driver?
Running Windows 7 Home Premium 64 bit on a Dell XPS 8500 Tower PC
I have the correct printer driver on my Desktop.
Listed below are the steps that I took to update the printer driver:
> Control Panel
> Devise Manager
> US Bus Controllers
> Right click âUSB Printing Supportâ and select âUpdate Driver Softwareâ
> A new Window Pops up â Select âBrowse My Computer for Softwareâ
> click âBrowseâ and select âDesktopâ
> Scroll down and the driver does not show.
Now I even put it into a folder â the folder does show but then the driver in the folder does not show. So how can you install this driver?
Your Friend,
Mike Wilhelm :-)
Download the file from the printers website that will install it.
I would download it from the manufacturer. TYPICALLY the manufacturer also includes a setup program that will automate this whole process as well.
Boot Linux from a flash drive and you donât have to worry about deleted files or key loggers. Router logs could still be a gotcha.
Many companies use hardware keyloggers which canât be bypassed that way. And standard company security usually blocks booting from anything but the installed OS. Use your phone and access the internet via your mobile carrier. Donât go through the companyâs network to access the internet and you should be safe.
Router logs, proxy logs, and hardware keyloggers, at a minimum, could all still be a problem. Just donât do it.
It ainât your computer.
You can also be blamed for your computer usage while you are away from your computer. Never ever leave your computer while you are logged in. Entering a password after every break is easier than finding a new job.
As far as the ability of the employer to do something like this, itâs a sad commentary. In my working life, I always had one rule when I hired someone: âIf you donât trust the people you hire, hire people you CAN trust.