On Tue, 10 Sep 2019 at 17:28, James Knott via talk <talk@gtalug.org> wrote:
> On 2019-09-10 05:09 PM, Giles Orr via talk wrote: > > Decrypting and re-encrypting network traffic is becoming more and more > > popular. I think it's an appalling violation of both trust and > > privacy, but corporations seem to feel justified to "protect their > > network" (it's not necessary to explain the logic to me, I get it ... > > I'm just more about individual rights). Or maybe they're just doing > > it to mine your data, depending on the context. > > > > There seem to be two circumstances (this is just about web traffic): > > - a private computer on a shared network, ex. you take your personal > > computer to a coffeeshop > > - a company computer on a company network, ex. you sit down at your > > work computer > > > > I think I understand the latter: with a company computer on a company > > network, all that's necessary is to push a trusted certificate and all > > future communications will be done with that newly trusted cert and, > > well, you're hosed. Everything you send is examined and re-encrypted > > with the receiving site's certificate at the company firewall. Can > > this be detected? Can this be prevented? > > > > It seems that some shared networks (ie. the coffeeshop in the above > > examples) manage to do this to people: is this only possible if they > > convince you to install something, and presumably that install package > > includes a certificate? Or is there another way? > > > > I'm not sure where you're going with this. For example the coffee shop, > "Where I'm going" is to attempt to defend against what I perceive as a violation of my privacy. > it's long been recommended people use a VPN to prevent eavesdropping and > hacking. Is this what you're referring to? Why is that a problem? > Well, because we shouldn't have to do it (although I understand that's a lost cause). But yes, this is one solution. I've never heard of a coffee shop forcing you to install something. I > have, however, come across some restaurants, where you have to register > and then get hit with ads etc. I won't use those ones. As for company > equipment on a company network, well that's entirely the company's > business. > And, I would say, all the employee's business as well. Particularly if the employer hasn't made it explicitly clear that they're doing such a thing. -- Giles https://www.gilesorr.com/ giles...@gmail.com
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
