0

My organization uses cyberoam firewall. They are monitoring all activities including my search text in Google, Wikipedia etc. So recently i changed to HTTPS versions and now using HTTPS connections of Google and Wikipedia, that is https://www.google.co.in and https://en.wikipedia.org. So the query strings and the data is not traceable.

But if search my result contains images, especially when searching for something the page contains images from other pages and the same thing with image search also. The image is hyperlink to their corresponding page. Is that URL is traceable if i didn't clicked the image? because that image will be from other HTTP connections. Is that tracable?

sujeesh
  • 464
  • 2
  • 4
  • 10

1 Answers1

1

Anything you do through http is obviously traceable. In addition, if your organisation uses a proxy/MITM for looking at connections (ie you connect to the proxy over https and it connects to the site over https, but the data is in the clear on the proxy) then they can obviously see anything there as well.

In your specific case, your browser may pre-load links (for speed/performance) - this is most likely to be links to other pages, but could include images. If these are through http connections, then obviously they will show up in the clear.

Simple answer - do not do anything through your work connection that you would be concerned at your employer discovering!

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
  • How do I know they are having proxy? And if there is, then how to hide these contents? – sujeesh Jan 21 '13 at 08:32
  • You can check by comparing SSL certificates in your browser, but realistically - if they enforce a proxy, and enforce which applications you can have on your desktop, you **cannot** easily hide these contents. – Rory Alsop Jan 21 '13 at 08:36
  • Do you mean my browser encrypts contents with public key of proxy server and proxy server verifies contents and it encrypts with receiver public key then sends to the receiver? – sujeesh Jan 21 '13 at 08:40
  • yep - have a read of http://security.stackexchange.com/q/16293/485 – Rory Alsop Jan 21 '13 at 08:44
  • when i am browsing https://en.wikipedia.org i have checked the certificate from the address bar in Firefox. It says this certificate is issued to *.wikipedia.org. So can i make sure that there is no proxy server in between Wikipedia and my browser? – sujeesh Jan 21 '13 at 09:23
  • @Rosy Aslop please comment me about the above doubt. – sujeesh Jan 21 '13 at 11:26