I work at an office typing numbers into a computer. It gets quite boring sometimes, so I go on Netflix while using their WiFi on my phone.
Can they tell what apps I'm using, based on network traffic?
Asked
Active
Viewed 7.4k times
23
-
64Yes they can. Use your own Internet connection. – Simon Oct 09 '15 at 13:17
-
Get a VPN then all they can see is that you're connected to some random (to them) server. – Dean MacGregor Oct 09 '15 at 17:40
-
22Honestly, streaming video is pretty easy to spot using traffic analysis (sustained transfers at fixed bitrates), and Netflix is on the harmless end of the scale (not porn, not illegal). The same through a VPN would probably put up more flags. – drxzcl Oct 09 '15 at 18:40
-
6http://security.stackexchange.com/questions/65183/can-my-workplace-view-my-tor-traffic/65195#65195 – Ben Oct 10 '15 at 20:11
-
2@user88793 : In my country this is even a legal requirement for companies to eavesdrop communication of their staff. Otherwise, If a staff member post a comment containing racial hate speech, the company will be in troubles. – user2284570 Oct 11 '15 at 22:28
-
7Am I the only one thinking the OP should be doing the job they've been paid to do? – JamesRyan Oct 11 '15 at 23:59
-
@user2284570: would you mind precising the country? (out of curiosity) – WoJ Oct 12 '15 at 09:33
-
@WoJ France. In practice, this is find to not do this; until the day someone use the company's internet connection to do somethng illegal, like posting racial speech on a forum. but there are some limitations on what should be watched. This is why sysadmins need a strong legal formation *(takes a part of my studies)*. Firering a staff member attempting to bypass this is common practice. – user2284570 Oct 12 '15 at 13:28
-
1@JamesRyan - they probably should, but frankly I don't consider it any of my business how others conduct their lives/businesses. We aren't here to judge. – Jon Story Oct 12 '15 at 13:39
-
@user2284570: I am surprised, I know very well the French law in that matter. You may want to have a look at the position of CNIL about that: http://www.cnil.fr/documentation/fiches-pratiques/fiche/article/le-controle-de-lutilisation-dinternet-et-de-la-messagerie. In particular "La Cour de cassation a affirmé, dans un arrêt du 2 octobre 2001 (...) qu’un employeur ne saurait prendre connaissance de messages personnels d’un employé sans porter atteinte à la vie privée de celui-ci (article 9 du code civil) et au principe du secret des correspondances ". Snooping on SSL in France is a red flag. – WoJ Oct 12 '15 at 13:57
-
@WoJ : In fact I am student for becoming a future professional system administrator. Your citation is quite old ; there were a number of cases precising the legal scope of what should be considered personal data. That’s why it’s quite difficult to do it right, even more if you don’t want needing a ᴄɴɪʟ authorization. That’s also why a large part of my ʙᴛꜱ lessons are dedicated to teaching legal facts as well on what technical measure to use for this. – user2284570 Oct 12 '15 at 15:40
-
1@user2284570: this is **not at all** a case of private communication snooping from an employer here, either through phone, phone on IP, E-mail, instant messaging, SMS… – dan Oct 12 '15 at 16:27
-
I feel this question shouldn't be accepted here: this is not at all a question which purpose is to improve the security of a company, or of an employee of a company. – dan Oct 12 '15 at 16:45
-
1@danielAzuelos : a company can eavesdrop e‑mails under various conditions. Some of them include the fact the employee accepted it *(charte informatique)* and the e‑mail address is offered to the employee by the company for professional uses. Similar things applies for company’s mobile phones (ꜱᴍꜱ ᴍᴍꜱ…). – user2284570 Oct 12 '15 at 17:30
-
@JonStory you arn't here to judge, but you are here to help them commit fraud against their employer? – JamesRyan Oct 12 '15 at 18:05
-
I have no idea if it's fraud. For all I know they're a salaried worker who is working above their contracted hours: possibly against policy, but not fraud. – Jon Story Oct 12 '15 at 18:16
-
4@drxzcl "Netflix is on the harmless end of the scale" This is not entirely true. There are other factors to consider. We don't know if any business critical processes are using the Wi-Fi. We don't know how much bandwidth is available via the Wi-Fi link. A situation could occur where the link is saturated with streaming Netflix traffic if other employees adopted this same approach to combat boredom, creating a DOS scenario. – k1DBLITZ Oct 13 '15 at 14:53
7 Answers
66
Short answer is yes. If there is any logging on their WiFi router they might not be able to see exact apps, but they'll be able to see the server domain/hostnames that you're connecting to.
You can also look at these question and answers:
Is there a way for my ISP or LAN admin to learn my Gmail address?
Can an employer see cellular network traffic routed through company-owned device?
Long Answer
Secure WiFi only encrypts traffic up to the Access Point. It's decrypted, and the traffic can be monitored. If it's an enterprise router it's more than capable of logging specific types of traffic. If your work has a firewall in their network then it's even more likely that your employer has the capability to monitor traffic. These do have to be configured, and your employer has to care, but it's very possible.
Domain Name Server (DNS) requests contain the domain hostname that you're trying to reach, and these requests are sent before an SSL/TLS channel can be established and secure.
If you're using SSL/TLS it's possible to see the hostname of the server that you're connecting to in two ways. First is the server's certificate. The common name generally needs to match the domain name that you're browsing to.
Can they link this back to you? This really depends on a lot of factors. If they're really adamant they'll be able to track down the MAC address of your device, IMEI, and other mobile phone identifiers. This is a lot of work, and in the end still might not link you to the traffic.
In all honesty, if they care it's just easier to block the traffic than it is to try and track you down.
-
1Depending on how they are doing this and if the site uses SSL/TLS, all they are going to see is the Server's IP, no actual URLs. – rbialon Oct 09 '15 at 12:53
-
14@rbialon In TLS the certificates sent by the server will contain the domain name of the website you're visiting, and DNS requests are still sent out in the clear. – RoraΖ Oct 09 '15 at 12:57
-
@RoraZ You're right with this one. I've just seen your edit and agree with your answer. – rbialon Oct 09 '15 at 13:20
-
@rbialon I actually just edited my answer to reflect that. Thanks for pointing that out! – RoraΖ Oct 09 '15 at 13:20
-
1Perhaps it's more accurate to sey that they can see that *someone* is using Netflix on their phone using their wifi, but not easily link it to a particular person - as is the case from doing the same from a work computer. – Peteris Oct 09 '15 at 14:43
-
@Peteris, You're saying that identifying a work computer _is_ easy right? Because they know your MAC and the IP of the computer you logged into. – JPhi1618 Oct 09 '15 at 17:07
-
2@JPhi1618 Yes and No. They're probably not using static IPs on the clients nor are they recording all the MAC addresses of their computers (or rather individual NICs.) Instead they probably rely on their domain controller to know who is doing what. – Dean MacGregor Oct 09 '15 at 17:29
-
2Logging wouldn't *have* to be in the WiFi router/access point - it could also be anywhere between that and the connection to the ISP. – nobody Oct 09 '15 at 22:25
-
Dynamic IP's can be assigned from the server (I haven't assigned a static IP for anything except the primary router in a Lan yet this century). Also machines can indicate a 'preferred' address when reaching out for DHCP assignments and as a result will regularly get the same address most of the time even if the IP is not assigned or set. – James Snell Oct 12 '15 at 09:47
-
@Peteris - finding out would be trivial. Block the mac address of the device and wait for a complaint – James Snell Oct 12 '15 at 10:59
8
Depending on what they have set up as regards logging and monitoring, yes - this is something they could do.
If you have a policy against using the wifi for such things, I'd suggest not doing that, but I guess you could ask. They might not want you doing it when you should be working, however...
Rory Alsop
- 61,367
- 12
- 115
- 320
1
Yes, they can. It’s as simple as that.
If you want a solution, though, if your network allows it in the office, set up a small Raspberry Pi and Swan VPN at home. Connect your phone to the wifi and tunnel out your connection. Problem solved.
-
Or just setup VPN on any cheap VPS hosting provider. – R.. GitHub STOP HELPING ICE Oct 09 '15 at 15:00
-
Docs to set-up your own PPTP VPN: https://www.digitalocean.com/community/tutorials/how-to-setup-your-own-vpn-with-pptp – hd. Oct 09 '15 at 15:26
-
11In this case, setting up a VPN doesn't help much. When they see 3+ Mbps of constant traffic going to your phone, they're going to be suspicious, regardless of whether it's encrypted or not. Furthermore, streaming content (whether video or, especially, VoIP) has quite unique traffic signatures that make it rather easy to detect, even when the traffic itself is encrypted. Lots of research has been done in this field (including some by myself) and the classifiers are actually quite good. – reirab Oct 09 '15 at 20:39
-
1For a recent-ish survey paper of the topic, see [Gomes, et al., 2013](http://www.di.ubi.pt/~mario/artigos/2012-CS.pdf). (This is not my work, by the way.) – reirab Oct 09 '15 at 20:43
-
yea use a VPN or VPS provider, but a rasp pi cost 35 currency. also identifying the traffic and the amount... so what? the whole point is hiding the specifics lol plausible deniability is what the point is here. – TheHidden Oct 10 '15 at 17:22
-
1^ "plausible deniability" only works to a v limited extent. (Setting aside more basic rules like bandwidth limits,) If an employer can't specifically prove you're doing something that goes against acceptable use, they might hedge their bets, and out you go. Employers aren't subject to the rules of science, law, or w/e when deciding whether to keep someone on. – underscore_d Oct 11 '15 at 12:35
-
@underscore_d I do see your point, but for something like this I think a vpn would be acceptable (else get a 4g unlimited sim lol) – TheHidden Oct 12 '15 at 08:06
-
1@silverpenguin there are a lot of employers who will fire you even more likely for using a "shady" VPN than Netflix. I mean someone transfers data and doesn't want the company to see what they are doing? Either he is downloading malware or transferring out trade secrets. – Josef Oct 12 '15 at 12:29
-
@Josef, an individual may also just be concerned about his/her privacy: https://en.wikipedia.org/wiki/Nothing_to_hide_argument – Michael Oct 12 '15 at 13:03
-
1@Michael He might. But the probability is quite high he is not even allowed to use company resources for personal pleasure and if he still does that, trying to hide it makes it worse! I am not against using a VPN in a free wifi network or your own network or whatever, but inside a proper company network, that's just asking for trouble. Just try to see the perspective of an network admin there. In his IDS a alert pops up, that massive unknown encrypted data is transferred. What do you think he will do? – Josef Oct 12 '15 at 13:06
-
@Michael I hate this argument so much lol... I have nothing to hide but out of principle I want to hide everything. – TheHidden Oct 12 '15 at 13:32
-
1@silverpenguin, well, that's a matter of opinion. I just wanted to stipulate the fact that it is not a ground truth that using a VPN automatically means you are downloading malware or transferring trade secrets. Many people use it for privacy purposes. – Michael Oct 12 '15 at 13:44
0
Yes they can. If you do not want them to see what IP you connect to, use a VPN service, they will only be able to see the VPN IP and not know where the connection was intended for.
Zack
- 101
- 3
0
Yes they can see it, but depending on your country you might be protected by law or not... So you should ask if they can use that info against you or not... In some countries usage of that information will violate privacy laws.
Hugo
- 1,701
- 11
- 12
0
Yes they can see the traffic, but maybe not the specific apps you are using. Just the traffic. Depending on the setup, they may have already tracked this. Sometimes they will not be able to tell who did it, but sometimes they will also be tracking the device's name (e.g. "Phil's iPad") depending on certain things.
So while it may be true that a company largely will not know if it's you even if they see the traffic, and they may not know specifically that you are using a particular app to generate the traffic, the fact is they COULD know you are the person generating the traffic to and from netflix servers, if your device's name is a dead giveaway or if anyone kind of already knows your device's name. (They could also know if there is anyone in your office who you have chatted with about this issue).
If you haven't been approached yet in any way, or if use of the network for Netflix or large downloads hasn't come up in some way you know about, chances are pretty good that they don't currently care. However you may also want to not risk it in the future, and instead use your own data plan for things like that.
TomT64
- 1
- 1
-1
Yes they can.
(As a fighter of full disclosure I won't disclose here how they can. In full agreement with myself :), since in this case I won't give a key advantage to the bad against the good.)
In most law context it is lawful for your employer to investigate this abuse of its company resources: you are here using resources provided and maintained to permit work of all employees, your colleagues. The key exception to this right to stop a resources abuse is the case were resources are explicitly provided as a convenience for private use. For example if your wireless network is named "Rest area" or "Recreation area".
dan
- 3,033
- 14
- 34