0

I was given a laptop by my company. I reinstalled everything and now I occasionally open Whatsapp web in the background to reply to messages. Most of the times my laptop is connected to the Company's Wifi. I wanted to know if they can see my Whatsapp texts or not?

Note: They've provided me an OpenVPN to access the Database server, which I often use while working. However, I also have an option to use Amazon Workspace instead of that VPN. Which option will suit me best in terms of security?

My major concern is that if they can read my text, emails and if they can track my location.

MUHAMMAD QASIM KHAN
  • 1
  • 1
  • 3
    If it's provisioned with [Out of band management](https://security.stackexchange.com/a/240851/118310) they can execute arbitrary code in host OS. – defalt May 02 '21 at 10:29
  • 2
    I don't know the expectations of your company, but reinstalling everything like that (removing whatever monitoring or security the company had installed so that you can use the laptop for personal activity) could be considered grounds for being fired. They are legally *entitled* to know what you are doing with their resources (laptop, WiFi, VPN, or cloud). While they likely can't break https encryption, they would certainly be able to tell what URLs you are accessing at a minimum. The best solution is never to use company resources for personal activity. – pmdba May 02 '21 at 13:05
  • 1
    Does this answer your question? [https: Is my company connection intercepted?](https://security.stackexchange.com/questions/201096/https-is-my-company-connection-intercepted) – mentallurg May 02 '21 at 14:58
  • *...I reinstalled everything ...* . Does this include the OS, and if so where did the OS come from, meaning was it supplied by the company or did you independently purchase it? – user10216038 May 02 '21 at 16:09
  • *... if they can track my location ...* . If you connect to them, they know your IP rough location. – user10216038 May 02 '21 at 16:13
  • @user10216038 I purchased my own OS, formatted the disk, and reconfigured everything. But I asked them first if I can reinstall OS and it was fine with them. – MUHAMMAD QASIM KHAN May 02 '21 at 17:23
  • 1
    If they were fine with that, then they probably (never say never) aren't super interested in tracking everything that you do with it. That said, you should always assume that some level of network monitoring is in place if you are using the company wifi or vpn. – pmdba May 03 '21 at 00:10

1 Answers1

3

There are two questions here.

First of all, just because you reinstalled everything (that is, format the disk and reinstall the OS) doesn't guarantee that the computer will be free of any persistent rootkit (think Computrace).

Besides, the computer may be connected to a corporate domain, meaning that when you're logging in to that domain, policies may kick in and install stuff in the background as part of the normal corporate software update/provisioning scheme.

Most of the times my laptop is connected to the Company's Wifi. I wanted to know if they can see my Whatsapp texts or not?

As long as you are visiting HTTPs sites the traffic is encrypted so they can't see the messages in clear. But they still can see lots of things, plus many types of traffic like DNS are typically unencrypted so anybody who is sniffing on the wire can figure out the patterns of your online activity, like what sites you visit.

If you are curious you can install Wireshark on your computer and sniff your own traffic to better understand the data that is flowing out of your network interface.

Kate
  • 6,967
  • 20
  • 23
  • Also if it's necessary to install a Corporate Certificate to access the general internet at large, that's a strong indicator they are running a MiTM (*like BlueCoat*) and can see most things. – user10216038 May 02 '21 at 16:02