Hello,
does using the httpS version of websites (e.g. httpS://gmail.com) mean that when I read and compose gmail, the company/employer/IT dept can't snoop in and read the email?

Does httpS mean safety from snooping?

The s in https stands for secure, which means that it will keep most people out of what you're doing. However if you are using a computer that is monitored by your IT department,then they may have access to see what you are doing... so be careful.

I think using https you can still be vulnerable to some types of man-in-the-middle (http://en.wikipedia.org/wiki/Man-in-the-middle_attack) attacks. However there is no reason for your employer to do such a thing. It would be far easier for them to say, install a keylogger on your computer.

The bottom line is really, if you want complete security you'd better hand deliver your message in invisible ink. Or better yet, just keep it to yourself.

https is loads better than http though.

EDIT: for an idea of what https is and isn't, and what it can and can't do, just see the wikipedia page (http://en.wikipedia.org/wiki/Https)

My normal reply on things like this? If you're doing something you don't want your employer to see, then you'd best not do it at work. Simple as that.

Unplug computer off net. write the letter, use encryption program to encrypt it, plug computer on, send the encrypted file. there are even encryption programms out there that don't need to be installed.

or if they don't snoop arround your desktop or use keylogger, then plugging it off the net is not necessary,

Https means the data you send to a website is encrypted, if your employer has network monitoring software installed they will know you’re on a Gmail but won’t be able to see the what data your sending.

If you want to hide your traffic from your employer you can make a secure tunnel look here (http://www.the-tech-tutorial.com/?p=626) or you can use a web proxy such as surfmo (http://surfmo.com).

I should say both of these are not full proof and IT departments have ways around them, e.g. key loggers. So only use them in moderation or just wait till you get home from work.

tyleruk and rtlustyo seem to give contradictory info.
rtlustyo says company can snoop. tylerek says httpS prevents snooping. I went to the wikipedia page but I don't know whether it gives a deciding answer to this issue.

Most companies archive all sent and received emails for up to 1 year or more. If they suspect you are doing something you are not supposed they can open all of your emails.

As for https:// that's a secure website page and has nothing to do with hiding your emails.

Loosing your job for wrong doing on the job just isn't worth it. Especially in today's depressed job market..

If you want to do something that would violate company rules do it at home on your own computer..

there is no wrongdoing. It's just for checking one's non-work email during lunch break or something. Just seeking privacy.

Hello,
does using the httpS version of websites (e.g. httpS://gmail.com) mean that when I read and compose gmail, the company/employer/IT dept can't snoop in and read the email?
You know Google scans your emails.


My normal reply on things like this? If you're doing something you don't want your employer to see, then you'd best not do it at work. Simple as that.
+1


there is no wrongdoing. It's just for checking one's non-work email during lunch break or something. Just seeking privacy.
Is checking your private email on company time / company equipment against the rules?

Hello,
does using the httpS version of websites (e.g. httpS://gmail.com) mean that when I read and compose gmail, the company/employer/IT dept can't snoop in and read the email?

Does httpS mean safety from snooping?
no.
most companies will plant something on your computer so that they are able to see your screen.

Https means the data you send to a website is encrypted, if your employer has network monitoring software installed they will know you’re on a Gmail but won’t be able to see the what data your sending.

If you want to hide your traffic from your employer you can make a secure tunnel look here (http://www.the-tech-tutorial.com/?p=626) or you can use a web proxy such as surfmo (http://surfmo.com).

I should say both of these are not full proof and IT departments have ways around them, e.g. key loggers. So only use them in moderation or just wait till you get home from work.


+1 this is my understanding. Normal network monitoring tools will identify the site you are on but will not be able to decipher any data sent or received. Of course a key logger mounted on your computer gets around this.

Companies clearly have the authority to monitor network traffic and/or install key loggers on their equipment (networks, computers, laptops etc.) Some don't care if you utilize their assets for personal use, others do. If they don't explicitly allow personal use just assume that they are monitoring all computer use. In that case you are probably better off accessing personal sites with a data phone or wait till you get home.

https will, however, go a long ways.

It depends on what extent your workplace goes to intrude on your privacy.

If you are concerned with the possibility, just do not check emails at work.