Don't Forget Your Employer Might Be Looking At Your IMs, Too

from the big-brother dept

It’s pretty common workplace knowledge that many companies keep tabs on employees’ email and web-surfing habits, whether they’re actively policing them, or just saving information for possible future use. While common sense would dictate that a company could track nearly anything that goes across its network or happens on one of its machines, some people don’t use the same discretion in using instant-messaging programs at work as they do when they’re using a work email account. But two recent scandals highlight that IM isn’t as private as many people might perceive it to be, as chat transcripts have played a significant role in both the HP spying fiasco and the controversy surrounding former Congressman Mark Foley, who sent sexually explicit IMs to underage boys. In the HP case, the company’s investigators monitored chats between an employee and a reporter; Foley was exposed after other Congressional pages gave saved chat transcripts to the media. While the methods used differ, they both illustrate that IMs may not disappear into a black hole once a chat session is closed. Of course, that’s not really news, but it might be worth reinforcing to some people — like the Yahoo employees that discussed their plans to jump ship to another company over Yahoo Messenger.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Don't Forget Your Employer Might Be Looking At Your IMs, Too”

Subscribe: RSS Leave a comment
James says:

Uhmmm... duh...

…many companies do this secretly and many have an open policy about it. No surprise…. you should consider anything you type on a company network email, IM or web to be a postcard that anyone could potentially see.

I don’t always agree with it, but, it is THERE equipment and if you do (or send) something inappropriate, well, you probably should’a been doing your job.

Tashi says:

Re: Re: Uhmmm... duh...

Absolutely. People always use terms like “my” desk, my cubicle, my pc and they bring 1001 items from home to decortate their area, but the fact is it’s company property, company network, and the company can do with it whatever they please. Your workplace, in the most strict sense, is not a democracy where you can do whatever you want.

If you’re technically inclined and know what you’re doing, IT may not particularly care what you do, unless IT gets an order from on high to target you. I’ve seen it happen. Those guys are generally very busy with all kinds of different things and they don’t like bothering with crap like this unless they have to. Of course, some of the things they troubleshoot send to discovering things like we’re dicussing now.

In my dept., we all have administrator privledges, but we don’t abuse them either. But they trust us mainly not to ass something up.

There are ways around this, but it’s a throw of the dice and the more you do it the more your chances increase of getting caught because you’re on somebody else’s network and you don’t know what’s going on behind the network. The quick answers are, you’re supposed to be working at work and violating a company policy that could possibly get you disciplined or terminated isn’t worth it.

Stephen Paulger (user link) says:

More private chatting at work

If you want to chat at work you can protect yourself from network spying by using a secure connection to your home PC. I do this using PuTTY on my work computer to SSH to my linux machine at home where I run irssi (a command line IRC client). There are command line clients for almost every IM program out there, a linux box isn’t hard to set up now and many people have always on internet connections, this could easily be an option for anyone not daunted by white text on black backgrounds.

ShellCase says:


Tor, or whatever, will not let you keep your job. Most companies that restrict messaging and other forms of computer use also tend to restrict what you can openly install on thier machines. If they so much as find out that you’re using Tor to bypass thier security messures, you can kiss your job goodbye without a warning.

You’re only so smart until you’re caught with your pants around your ankles. If you are that much of an IM addict and can’t wait to talk to your underage friends until you get home, maybe it’s time to invest in an IM phone and not worry at all about your boss. Until then, I have no pitty for any retard that gets fired for missuing company hardware. In fact, I find it amusing.

PaulM says:

IM scanning and avoidance

postini provide IM scanning and logging tools, so every corporate Big Brother can buy an off the shelf solution

to guard against it, use an IM client which encrypts… however, that means you have to trust the IM server as it decrypts/re-encrypts the message as it passes through

if you don’t trust even the IM server, use an Off The Record plugin such as that for Gaim.

NSMike says:


My company encourages use of MSN Messenger for easy office communications, and I imagine those are at least monitored, and I know they’re logged because I log all of my IM conversations.

But, when communicating outside of work, thankfully many of my friends are on GTalk, and I use the in-gmail chat under a secure session to talk to them, so it’s not likely, unless using key loggers (which would be a STUPIDLY HUGE security risk) that those private IMs are being monitored.

Sanguine Dream says:

Just tell them straight up...

don’t bother trying to be clever or sneaky about monitoring policies. Just say, “We monitor what you do on your work stations.” and a lot of people would think twice before trying to use restricted programs. And for the ones that think they can surpass the monitoring, those are the ones you make an example out of…

Networkadmin says:

I've Personally Fired You

So far I’ve personally been responsible for 6 people losing thier jobs for just the same thing. 2 of those people were actually using Tor and thought they could get away with thier activities. If you know what you’re doing as an admin, you can catch anyone. It’s that simple. And yes, it’s our job to HUNT YOU, not passively monitor what you’re doing with our machines.

Unfortunately for most companies, they have completely useless admins fresh from highschool. I guess you get what you pay for huh?

Lay Person says:


Yup…Give me a secure IM platform and I’ll tell you who said what, when.

It’s that simple. For all the geniuses telling these people how to subvert corporate security efforts, good luck.

People, I personally believe that people telling you how to avoid detection, really don’t know what they are doing.

For every example above, I have a very simple method to discover their secrets. So what I’m saying, in short:

There are no secrets from knowledgable Network Admins…GUARANTEED.

Anonymous Coward says:

Re: #15

Yeah but not technically speaking, if you have a safe location and you aren’t at that location, you are not secure until you get inside that location.

What am I saying? No matter how safe your safhaven is, it is not safe until you are inside and close the door behind you. All the while, especially as you are entering your safehaven, you are THE MOST VULNERABLE.

The very act of getting to your secure location exposes you the most, thus rendering any and all security as unsafe.

Networkadmin says:

You Bet

I even said it’s our job. Yes, I enjoy my job. If you break the rules, be prepared to pay. That simple. Why shouldn’t I enjoy busting morons that want to take thier personal activities to work? They’re obviously useless employees and this is just one exscuse to can them before they do something else to waste the companie’s time.

I will also continue to enjoy doing my job. No loss of sleep here. Don’t do the crime unless…. eh, just do the crime so I can have another fun day at work 🙂

Anonymous Coward says:

Re: You Bet

wow.. First off you sound like an 18yr old power hungry punk..!

But, yes, you are correct, any good admin will be able to monitor and log all transactions that happen on your network. We do the same, and we also ensure that people know this. Everyone is required to sign a disclosure agreement that warns them that we monitor and log everything they do. Now the difference is, that we do not actively sit in front of our screen “looking” for people to break the rules to get them fired. Many people do occasionally surf the net or chat on IM for both personal and business related things, but in my eyes, if the person is getting their work done and not sitting on ebay all day, then leave them alone and let them go on with life. Just my 2 cents

Networkadmin says:

Day Off lol

It’s my day-off you tool. Stop trying to justify your actions by passiing blame to someone else. I guess you can’t say much though, snice you obviously don’t understand the concept of RULES.

So, go please get drunk, take a drive and pick up some children from a school. Only because people tell you it’s wrong doesn’t make it so in your head, apparently. I love your types, you only complain once you’re busted. Go smoke another joint you hippy sack of crap.

xxl3w says:

Re: Day Off lol

Getting a little ticked off I see? Your job must not be as fun as you brag or maybe the enjoyable life of a geeky network admin isn’t winning the social crowd over your way? I thought network admins are suppose to secure the network of outside intruders and not spy on workers all day? You just don’t seem like a great network admin to me.

Pro-Admin says:

I Agree Here

This is pretty logical reasoning here. Employers know thier employees are simple folk. They also know that Americans can’t stop talking, gossiping and rumoring through the day, and will try anything to keep thier habbit. Hence the workplace IMs and Email.

I have friends that have been fired from work (they assumed they couldn’t be caught as well) for sending only a couple of IMs. I can’t say I feel sorry for them, because they knew it was wrong, just like every employee that gets busted now days. They knew it was wrong when doing it, but they did it anyway. They MADE THE CHOICE to risk thier job over a simple IM or Email. Sounds to me like they knew what they were doing and deserve anything that follows.

If you don’t understand why they deserve it, you have your head in the sand.

bubba proton says:

Give me my IMs damnit...

You people are all lame. busting poople for Ims at work? GET A LIFE ASSHOLES!

I only say this because I want to continue to pick up small children using my work’s network. I feel safer doing this at work because it’s not my computer. I will also defend every stupid thing I do, because it’s my right to do it!

I only work at TacoBell though, so I guess I don’t understand anything you people are saying. I get paid minimum wage, I weigh 375lbs and I live with my parents. I have a sad outlook on life and I tend to spend my time-off playing online mmorpgs, because it’s easier to make digital friends than real onces. I only have one testicle and can’t find my penis without my dad’s help.

I’m a sad, sad person, but I will still piss on your rules if you give me the chance. It’s all I have in life! muwahahahahahaha

xxl3w says:

I'm not crying

I’m not crying. If a business feels like they need to fire me. Let it begin. My skills qualify me for other jobs in my area. I forgot to put something on my last post. This network admin guy reminds me of the geek of How High. The independent Hall Monitor that gave those guys tickets? Seriously, sitting around monitoring someone’s actions all day sounds like a totally different job than network admin. Are you sure you aren’t just doing bitch-work for the boss?

Anonymous Coward says:

Stupid Americans doing stupid stuff at work? NEVER!

Jesus, do you see now why us other countries make fun of you? Do you people not realize how sad you look, trying to defend your right to abuse your work’s network?

I hope your entire economy tanks, I hope you all lose your jobs and I hope your families starve. I love watching stupid Americans lose at ‘The American Dream’ for the sole reason of not following the guidelines. You people fail in the most spectacular ways!

Anonymous Coward says:

Re: Re:

That’s not a particuarly bright thing to wish for. Americans spend a lot of money. It’s a consumer economy. So, because Americans buy so much stuff, including imports, that spending actually supports, other economies. If America tanks, it’ll probably take a lot of other countries’ economies with it.

Nothing particuarly wrong with that. Americans as a whole just need to learn to save more.

Lay Person says:

It's simple

It’s simple really. No need to get the undies twisted up.

Thedr are good employees and there are bad employees.

Good employees do their Inet garbage during lunch, breaks, etc…Bad employees, well they’re just that, they do their Inet junk at any, and all times of the day. It takes only one bad employee to ruin it for the rest of the employeesbecause even as an admin I have to apply rules evenly. Yes my endusers are grouped into bad and good. Really, my Active Directory literally has two groups: Good and Bad. Bad, is restricted from IM (and other filters), only avilable for half hour lunch time. The Good group has more priveledge. I allow Bads to become Goods after about a year of punishment.

Sadist? No

Nazi? No

What then? My company sets these poilicies based on a thourough assessment and understanding of the problem.

SomeRandomGuy says:

Admin's Job

As a Network Admin I can tell you two very Important things that it seems a lot of people here just don’t seem to understand.

A Network Admin doesn’t have the power to fire anyone…. only bring the atention of someone who can to someone’s missdeeds and yes they are missdeeds. The company that owns the network and pays your paycheck has every right to say you are not allowed to do this, this and this on company time. It not only costs them what they are paying you while you goof off but bandwith isn’t free either.

Second is that you don’t seem to understand what our job is all about. It’s about keeping the network secure and running smooth. The number one risk to any network is the end user and not some hacker trying to crack in. Yes we do need to secure and guard against that but it’s a fact that the bigest danger to a network is from the people in the network.

Oh and by the way i don’t need to sit at a screen all day to catch people doing things they shouldn’t…. just take a half hour a day and check the log’s. Quite easy and a part of every Network Admin’s day.

Anonymous Coward says:

here’s a question. what’s the difference between checking stock quotes or personal email on a computer, and taking that extra 5 minutes in the shitter to read the paper/blackberry?

remember the old “water cooler” stereotype? hang out at the coffee table or whatever and bs for 5 minutes every 90 minutes or so? or what about the people who stay late? only get “paid” for 8 hours, but may stay 10…

and i think dilbert said it best
On Telecommuting:
“Am i required to work a full 8 hours? or Is it ok to put in just the 2 hours of real work i do at the office?” ~Dilbert (Scott Adams)

Jeremiah Coleman says:

I'm so glad I work for a decent company

I’m in the IT department of a middle size business (some 500 poeple), and I thank God I’m not required to monitor what people do on the net. In fact, we’ve been told not to waste our time monitoring too closely. I keep track of network traffic, and we do stop web-radio, etc, that eats bandwidth, but couldn’t care less about people’s emails or chats.

Of course this is a “as long as the job gets done on time, and it doesn’t cause problems, I don’t really care what else you’re doing or how you’re doing it” sort of company. I really feel for those who have to work for other types.

Just my thoughts…

Lay Person says:

Re: I'm so glad I work for a decent company


It depends what type of business your company does. Some businesses, especially those involved with government contracts, may bill according to hours. If auditors walk through and see people clowning on the Inet, this could cause all work (and pay) to stop.

So rules and regulations do vary for some institutions.

teknosapien (profile) says:

power hungry admind

I’ve been in the field for over twenty years now. I use IM clients on a regular basis. Why because I like to keep in touch with my family and tech friends. There is nothing more satisfying than being able to confer with your buddy the perl monkey and ask him for a reference on a particular problem. I find that yes, I could google the issue and take a few hours or I can ask him and get a line of code in a matter of moments, and he will ask of me the same. For the admins that say they are looking for my type of tech — I say why don’t you work on your sloppy networks fix your security holes .Yes most of them are sloppy and the reason for the no IM policy in most places. You would rather just block something you don’t know how to protect rather than get down and do some real work. Remember with out those “Customers” you are trying to get fired –(personally know of one company that cant get any new tech to work for them do just this type of hard handed admin position. they are reviewing the policies but they fear the damage is done) who’s network you are protecting a you would not have your current job or do you think we should just hand them stone tablets. Most people will, when not able to message just pick up the phone and call I think this is more distraction than a few lines .


Network Monitoring Systems Engineer

Lay Person says:

Re: power hungry admind


Look, I’m already on your network:)

Could you please elaborate on your tireless genius for the rest of us lazy admins?

I don’t care whether it’s a secure or an unsecure session, it can be breached. IM clients are notoriously poorly written and are even less secure. In fact one known breach is to simply have a session of IM open followed by a simple buffer overrun. This allowed just enough of an opportunity to install a ~200k keylogger with IRC capabilities through a browser.

PhysicsGuy says:

Day Off lol

You are exactly the type of admin whose network I’d like to have fun with. I can tell by your arrogant, self-centered attitude that you think you know it all. Oh, the hypothetical joy i’d have if i could get a picture of the look on your face when your boss questions you because I found an exploit in your setup and let your him know how much of an incompetent twit you really are.

GP (profile) says:

People from the generation before that internet th

As some of the last few posts have pointed out, what is the difference between 5 quick lines on IM to your wife about groceries/dinner tonite and using 10 minutes on the toilet sms’ing the same thing forth and back or even reading the newspaper? I look forward to the day when those old school fellas are long gone, and everybody knows that internet is a good thing, not a bad thing. Guns don’t kill people, people do; Internet doesn’t steal a workers time, the workers own laziness do.

When reading all you network admins’ posts, I wonder if any of you ever read and understand many of the topics here on techdirt?

I see a parallel to kids internet usage at home: parents shouldn’t block and constantly monitor their kids internet usage, they should rather teach their children what dangers are out there, and how they can avoid them. ( )

Likewise, my boss should not monitor what pages i surf and what IMs i write, he should look at what i produce for him.

teknosapien (profile) says:

re :power hungry admin

I never stated that the session was either encrypted or not.What I did say is that your networks are sloppy if your allowing malicious traffic on to them and dont know how to sniff packets and content then you need to go back to school or RTFM . and yes my network is very secure – -security through obscurity, all traffic that passes through my network is passed through a FreeBSD firewall logged sniffed and if necessary stored/blocked . The main point is that you have to give up the notion that everything is evil. if the person using the client is evil then his intent will be evil and you blocking the use of certain software will not stop him from hacking your network. all in all most of the things that have been developed were done so for a perfectly valid reason and can be used as tools. Why dont you try and educate your users. I ‘ll bet if you do a you’ll get a very positive response. personally I dont care if they look at what I’m saying.

one more thought why do I do the network monitoring like I do. simple I have a 14 year old daughter and I wanna see who’s knocking on her door

NMS Engineer

Stephen Paulger (user link) says:


To the person trolling Americans, I do “stupid” things at work sometimes and I’m British.

To the other people complaining about my previous post, actually the company where I work doesn’t have a computer usage policy, so I imagine they can’t fire me for running a program that they know I am running (PuTTY, not Tor).

As for people saying that you’re not protected from keyloggers, correct, chances are a company won’t use keyloggers on all their machines though. You might notice I never claimed it protected you from that.

As for concerns that a so-called “network-nazi” could get you fired for using putty or tor, you could always use a web front-end on a webserver with HTTPS, then it would be difficult to differentiate it from many other websites.

If you’re good at your job I can’t imagine most companies would mind the use IM.

Gina says:

monitoring or peeping toms?

I cant beleive some of the ideas and comments here! lol Whoever requested the death by starving for children need not only an attitude adjustment, but a new heart..possibly inserted rectally.
New Mexico is one of the few states that still allows cameras in public bathrooms. Big brother still lives. I am wondering what these “admin. people are hoping to find when they view these tapes? Perhaps they should have cameras watching them…watching other people use bathroom facillities. Think these peeping admin. guys come to work with a tub of crisco and breakaway speedos?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...