Can a company use VPN to spy on me?

I'm about to work with a company on a development project, but they first need to set up a pretty complicated environment, and suggested they use VPN to work on my machine to do this. Should I be concerned that somebody can just watch me work? It would be embarrassing, if somebody could witness my work habits (e.g. Asking questions on SO and researching all day is part of my daily work regiment, and makes me feel like a noob, but it keeps me sharp. I also listen to conspiracy videos all day, and RadioLab podcasts, :). Is VPN going to introduce this possibility, and if so, is there a way around it?

EDIT: Also, is there a way I can always tell when somebody is VPNed into my computer?

orokusaki

Posted 2010-12-26T18:10:09.847

Reputation: 1 044

Does "... suggested they use VPN to work on my machine to do this" mean you would enable VPN on your machine and allow them to access it? And if so, would that be one time, for them to do some other kind of setup for you? Or does it mean they set up you machine to all VPN access to their network? In the latter case, they could probably monitor you in whatever ways they monitor their own employees' use of their network. – JRobert – 2010-12-26T18:20:11.790

@JRober - I'm not sure which version they'd do. They said their server admins would setup my environment. I assume this means so that they can install the software they need to get a development environment working correctly. In either case (this, or the network monitoring, etc) will they be able to see the things I do on my computer? Note: I'm remote so I'm not using their network to access the internet, if that's what you're referring to. – orokusaki – 2010-12-26T18:25:20.913

When in doubt don't do anything on your work PC you would not want anyone to see. Yes productivity monitoring is becoming popular with many companies, not actually spying on every little thing you do but monitor your activities on the corporate network, which can harvest a profile of what you spend your time on. Just do your job and don't waste corporate time and there will be no problems. – Moab – 2010-12-26T19:32:22.450

@Moab - I don't waste time, but I prefer for the company to not know anything I do. I'm a contractor, not an employee. Also, I won't be working on their internet. Does this network monitoring still apply? – orokusaki – 2010-12-26T19:34:43.033

If you VPN into their network, they can packet log/sniff everything you do, sifting through this log/packets is a chore but there is probably software to do that for them if they are so inclined. I seriously doubt they will allocate resources to do this. No way to know for sure. Since you are a contractor you can ask then for a reasonable explanation/description of what they are installing/configuring on your PC, then others can answer more appropriately. – Moab – 2010-12-26T19:39:35.033

@Moab - can they do this "sifting", even if I am working remotely (not accessing anything on their network)? – orokusaki – 2010-12-26T19:46:22.763

1If you VPN into their network from anywhere, Yes, otherwise no. – Moab – 2010-12-26T19:54:27.593

Get a second computer for use with them and other companies you do contract work with. Keep your personal computer, your personal computer. Problem solved. Resource segregation, what peace of mind... A VPN connection is to protect their system from the outside world, it's a normal part of telecommuting for any business that plans on staying fully functional in today's security climate. – Fiasco Labs – 2012-01-09T02:39:41.907

Answers

Should I be concerned that somebody can just watch me work

The other way to see it that your company does not want OTHERS to look at what work you're doing.

is there a way around it?

Use proxies, perhaps. Then you raise suspicion even more.

In light of your comments, you seem to have confused VPN for VNC.

Assuming you're talking about VNC:

[...] if somebody could witness my work habit [...] Is VPN going to introduce this possibility, and if so, is there a way around it?

is there a way I can always tell when somebody is VPNed into my computer?

Both, depends on the way the VNC server is setup. It is completely possible to have someone look over your screen, and not. It is possible for you to be notified that someone has connected to your system, or not. As I said, depends on the way the client/server is setup.

Sathyajith Bhat

Posted 2010-12-26T18:10:09.847

Reputation: 58 436

Or just another VPN within a VPN. I'm leaving this as a comment because I don't know if at all, this is possible – Sathyajith Bhat – 2010-12-26T21:43:22.933

@Sathya - I guess I'm confused. I thought VPN allowed them to see my screen, so that they could do things on my computer. I understand that a VPN is a virtual private network, but they said they'd VPN into my computer and set up some software for me. Is this totally incorrect usage of the term VPN? – orokusaki – 2010-12-26T22:01:05.990

@Orukusaki You seem to have confused VNC / Remote desktop for VPN. VPN sets up a secure tunnel from your PC to the destination so that it cannot be intruded upon by others. VNC is an application which allows you to connect to another system and use it from wherever you are. – Sathyajith Bhat – 2010-12-26T22:03:54.607

@Sathya - ah, haha, I thought I was going crazy or something. Ok, does VNC put me in a situation where they could spy then, or is it just during the session? Also, is it easy to detect if a VNC session is active? – orokusaki – 2010-12-26T23:03:34.057

@orokusaki They can have a look at what's going on during your session. About detection, again it's a server side config - have a look at this image ( http://www.realvnc.com/products/free/4.1/images/winvnc4_authentication.gif )

– Sathyajith Bhat – 2010-12-27T00:29:42.290

2Often what will be done is to use a VPN to make a secure connection from your machine to their network, and the VNC can be used to allow remote access to your machine for the admins to setup, manage, etc. NORMALLY most VNC systems will have an icon in the tray which changes colour when there is an active VNC connection (on other words somebody is watching AND DRIVING your machine). Bear in mind your mouse and keyboard are also able to be remotely used, and (depending on how setup) the screen background can change. It's usually pretty obvious if VNC is active. Would their admins have time? – quickly_now – 2010-12-27T00:31:13.677

When it comes down to it, remember that a VPN is (basically) the equivalent of going to their office and sticking a network cable in to their switch and the other end in to your computer.

For some items such as anti virus, domain and a few other features, it is much easier to simply enable VPN access rather than publish these services to the internet and work out authentication/security.

On the other hand, you are correct in saying that a company can spy on you. By connecting to their VPN, you will be using "their" internet, everything will be routed via the VPN endpoint at their office and you will be connecting to their router/proxy/logging service.

As for telling if someone is connecting/connected, it is pretty much the same as being on a wireless hotspot - unless you have a firewall or monitoring program, you will not be able to tell... that being said, they will not be able to "get in" unless you give them administration over your machine, or they have some sort of remote access program on your machine.

If you are worried / paranoid over this, another solution may simply be to set up a virtual machine and do your work/vpn through that.

William Hilsum

Posted 2010-12-26T18:10:09.847

Reputation: 111 572

If you trust them turn VNC on and watch what they are doing on screen and then turn it off completely.

If you don't trust them then just talk to them and set everything up yourself.

Problem solved.

ggustafsson

Posted 2010-12-26T18:10:09.847

Reputation: 1 698

If contracting to a company, the IT people usually set the required standard and have the ability to allow you to connect or not. If you don't cooperate, they'll just slam the door shut. So, there is no choice but to do what they want. Just understand the how and why. – quickly_now – 2010-12-27T00:32:56.060