webmail
- Thread starter valerian
- Start date
From what I understand they are allowed to monitor use of their systems. It will probably be set out clearly in your company's IT policy. They will probably state "Anything accessed on our network is monitored". However they probably can't/shouldn't read your email on Hotmail.
Worst 'I've been looking at dodgy nudey emails while at work' thread!
They won't be able to see/read your emails unless they were to be stood behind you or failed into your machine via a VNC connection.
As said they'll know youve been on a web mail but that's it.
They won't be able to see/read your emails unless they were to be stood behind you or failed into your machine via a VNC connection.
As said they'll know youve been on a web mail but that's it.
sorry to disappoint u
why would i look at nude emails, at work?
when i can download hardcore porn 24/7 if i wanted to from home
im representing someone in an investigation, and they are worried about there private webmail being read
(i am a union rep btw)
however thanks for the useful bit u added at the end
Some companies employ HTTPS proxies which do break and log the communication. But they're normally the ones who ban all outside email providers anyhow. We're talking finance, defence, central government etc.
Any snooping on an employee's email/web has to be with the cooperation of HR though, or the IT dept can be up for a kicking.
Any snooping on an employee's email/web has to be with the cooperation of HR though, or the IT dept can be up for a kicking.
They can watch your screen remotely, log everything you do, etc. So yes, theoretically they can read your emails. However I fail to see why they would want to. Plus they would be limited to what they could do with the information anyway.
If it is on the screen, it is probably legal to see it. If the email account has been unlawfully accessed that is different, using someone elses login credentials etc.
Work machines generally allow access by the IT dept. for upgrades, fault fixing and it would not be beyond the bounds for a technician to see and record screen data. The machine is the companies property and is for work purposes only usually.
Work machines generally allow access by the IT dept. for upgrades, fault fixing and it would not be beyond the bounds for a technician to see and record screen data. The machine is the companies property and is for work purposes only usually.
haha i was just kidding with the first bit.
I know i have no power to browse through the emails of other users unless i was dialled into their machine with them logged in and clearly this is not allowed.
I suppose i could log into a users account and open their email provider and hope they have the details set to auto login but thats about as crafty as it gets. (obviously i wouldn't condone nor do this.)
An IT guy is going to feel pretty uncomfortable about being asked to snoop, even by HR, he is after all just another employee and doesn't want people to think he's taking sides.
Lots of things go on in companies even at Director level and it's better not to mention that you've noticed anything. Partly because a Director would freak out if they knew what was possible.
Unless it affected the network I wasn't concerned and would only do something if I thought somebody else was going to land themselves in it by being silly.
Lots of things go on in companies even at Director level and it's better not to mention that you've noticed anything. Partly because a Director would freak out if they knew what was possible.
Unless it affected the network I wasn't concerned and would only do something if I thought somebody else was going to land themselves in it by being silly.
This pretty much.
If it's an external email client, then they can't do naff really without breaking some law.
If it's internally hosted (ie a company email account) all the email is monitored and can theoretically be viewed.
Certainly isnt illegal, if theres an IT policy and a HR policy to back it up. It would be illegal for them to access your email account separately, but not for them to monitor an employees web and email usage. HTTPS protects you to a certain extent, but its not a cloak of invisibility.
Debatable...
They could watch your screen remotely
This
Skyripper makes a very important point - Would highly depend on the setup and security nature of the company.
Methods possible basically boil down to Local keylogger (H/W or S/W), screen logger, transparent proxy logging or MITM setup. The last is mostly seen in banking/aerospace & defense/government/legal businesses or businesses who have a lot to lose with the theft of electronic data by their employees and are provided usually a service by a big network name. It's where a "man in the middle" intercepts your encrypted HTTPS traffic and basically allows them to see whatever you're doing over SSL (probably reading letters you sent to your friend about your horrible boss I guess).
The latter requires someone who's good with Networking - any big company will have someone who can do this probably but any smaller company won't unless networking is their business etc... It's rare but is quite possible and almost required in a few industries to make sure employees arn't sabotaging internally.
EDIT: It's worth noting that the last is pretty hardcore and requires a lot of effort so this usually gets cracked out last to give final proof of anything bad being done.
Methods possible basically boil down to Local keylogger (H/W or S/W), screen logger, transparent proxy logging or MITM setup. The last is mostly seen in banking/aerospace & defense/government/legal businesses or businesses who have a lot to lose with the theft of electronic data by their employees and are provided usually a service by a big network name. It's where a "man in the middle" intercepts your encrypted HTTPS traffic and basically allows them to see whatever you're doing over SSL (probably reading letters you sent to your friend about your horrible boss I guess).
The latter requires someone who's good with Networking - any big company will have someone who can do this probably but any smaller company won't unless networking is their business etc... It's rare but is quite possible and almost required in a few industries to make sure employees arn't sabotaging internally.
EDIT: It's worth noting that the last is pretty hardcore and requires a lot of effort so this usually gets cracked out last to give final proof of anything bad being done.
Last edited: