Mixing
Can my employer see websites viewed on personal phone using corporate Wifi?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I have a question that no one has been able to answer properly on the net. If I use a personal iPhone, connected to my company’s guest WiFi, and browse to, say, https://google.com/news, does my employer see/log:
https://google.com(i.e. the/newsis hidden)- the full URL
Some answers have said that HTTPS encrypts part of the URL, others say the full URL will be caught on router log.
Most people who have answered me say that Scenario 1 is most likely ie that the URL detail after the “/“ remains invisible because of the HTTPS connection and therefore not caught on router log. Others say that the network admin can see and record anything (which for me seems to defeat one of the main points of HTTPS? Again, this is a personal IPhone that no one has access to.
router logging https
asked Aug 25 at 19:59
Jim D
42
 |Â
show 2 more comments
up vote
0
down vote
favorite
I have a question that no one has been able to answer properly on the net. If I use a personal iPhone, connected to my company’s guest WiFi, and browse to, say, https://google.com/news, does my employer see/log:
https://google.com(i.e. the/newsis hidden)- the full URL
Some answers have said that HTTPS encrypts part of the URL, others say the full URL will be caught on router log.
Most people who have answered me say that Scenario 1 is most likely ie that the URL detail after the “/“ remains invisible because of the HTTPS connection and therefore not caught on router log. Others say that the network admin can see and record anything (which for me seems to defeat one of the main points of HTTPS? Again, this is a personal IPhone that no one has access to.
router logging https
asked Aug 25 at 19:59
Jim D
42
3
You must assume that the administrators of a network can monitor all the traffic on their network.
– Ron Maupin
Aug 26 at 8:35
Thanks Ron. There are conflicting views on here. Some say the specific web page is hidden (rather than the Domain, which everyone agrees is visible), some say it is not.
– Jim D
Aug 26 at 10:28
Believe me, there are ways that enterprise network administrators can monitor everything that happens on the network, and they are foolish if they do not do that. A business can be sued and have its network seized if it is found to have illegal activity. For example, an employee using it to view child pornography. The Feds will come in and shut down and seize the network. That is why so many businesses now outsource guest networks to companies that will deal with illegal activity and take the risk.
– Ron Maupin
Aug 26 at 15:45
Thanks Ron. Certainly nothing as extreme as that but I take the point!
– Jim D
Aug 26 at 15:56
Most likely, there is not some person watching everything, but there are automated ways to monitor all the activity, and flag to a live person if something seems untoward. There are software and services to which companies can subscribe that is always being updated. My company has such a service, and it (I think) is too restrictive, blocking legitimate attempts to Internet requests, and we must fill out a bunch of paperwork detailing why a site or service is legitimate if it is on the service list.
– Ron Maupin
Aug 26 at 16:07
 |Â
show 2 more comments
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have a question that no one has been able to answer properly on the net. If I use a personal iPhone, connected to my company’s guest WiFi, and browse to, say, https://google.com/news, does my employer see/log:
https://google.com(i.e. the/newsis hidden)- the full URL
Some answers have said that HTTPS encrypts part of the URL, others say the full URL will be caught on router log.
Most people who have answered me say that Scenario 1 is most likely ie that the URL detail after the “/“ remains invisible because of the HTTPS connection and therefore not caught on router log. Others say that the network admin can see and record anything (which for me seems to defeat one of the main points of HTTPS? Again, this is a personal IPhone that no one has access to.
router logging https
asked Aug 25 at 19:59
Jim D
42
I have a question that no one has been able to answer properly on the net. If I use a personal iPhone, connected to my company’s guest WiFi, and browse to, say, https://google.com/news, does my employer see/log:
https://google.com(i.e. the/newsis hidden)- the full URL
Some answers have said that HTTPS encrypts part of the URL, others say the full URL will be caught on router log.
Most people who have answered me say that Scenario 1 is most likely ie that the URL detail after the “/“ remains invisible because of the HTTPS connection and therefore not caught on router log. Others say that the network admin can see and record anything (which for me seems to defeat one of the main points of HTTPS? Again, this is a personal IPhone that no one has access to.
router logging https
asked Aug 25 at 19:59
Jim D
42
edited Aug 26 at 21:03
asked Aug 25 at 19:59
Jim D
42
asked Aug 25 at 19:59
Jim D
42
asked Aug 25 at 19:59
Jim D
42
42
3
You must assume that the administrators of a network can monitor all the traffic on their network.
– Ron Maupin
Aug 26 at 8:35
Thanks Ron. There are conflicting views on here. Some say the specific web page is hidden (rather than the Domain, which everyone agrees is visible), some say it is not.
– Jim D
Aug 26 at 10:28
Believe me, there are ways that enterprise network administrators can monitor everything that happens on the network, and they are foolish if they do not do that. A business can be sued and have its network seized if it is found to have illegal activity. For example, an employee using it to view child pornography. The Feds will come in and shut down and seize the network. That is why so many businesses now outsource guest networks to companies that will deal with illegal activity and take the risk.
– Ron Maupin
Aug 26 at 15:45
Thanks Ron. Certainly nothing as extreme as that but I take the point!
– Jim D
Aug 26 at 15:56
Most likely, there is not some person watching everything, but there are automated ways to monitor all the activity, and flag to a live person if something seems untoward. There are software and services to which companies can subscribe that is always being updated. My company has such a service, and it (I think) is too restrictive, blocking legitimate attempts to Internet requests, and we must fill out a bunch of paperwork detailing why a site or service is legitimate if it is on the service list.
– Ron Maupin
Aug 26 at 16:07
 |Â
show 2 more comments
3
You must assume that the administrators of a network can monitor all the traffic on their network.
– Ron Maupin
Aug 26 at 8:35
Thanks Ron. There are conflicting views on here. Some say the specific web page is hidden (rather than the Domain, which everyone agrees is visible), some say it is not.
– Jim D
Aug 26 at 10:28
Believe me, there are ways that enterprise network administrators can monitor everything that happens on the network, and they are foolish if they do not do that. A business can be sued and have its network seized if it is found to have illegal activity. For example, an employee using it to view child pornography. The Feds will come in and shut down and seize the network. That is why so many businesses now outsource guest networks to companies that will deal with illegal activity and take the risk.
– Ron Maupin
Aug 26 at 15:45
Thanks Ron. Certainly nothing as extreme as that but I take the point!
– Jim D
Aug 26 at 15:56
Most likely, there is not some person watching everything, but there are automated ways to monitor all the activity, and flag to a live person if something seems untoward. There are software and services to which companies can subscribe that is always being updated. My company has such a service, and it (I think) is too restrictive, blocking legitimate attempts to Internet requests, and we must fill out a bunch of paperwork detailing why a site or service is legitimate if it is on the service list.
– Ron Maupin
Aug 26 at 16:07
3
3
You must assume that the administrators of a network can monitor all the traffic on their network.
– Ron Maupin
Aug 26 at 8:35
You must assume that the administrators of a network can monitor all the traffic on their network.
– Ron Maupin
Aug 26 at 8:35
Thanks Ron. There are conflicting views on here. Some say the specific web page is hidden (rather than the Domain, which everyone agrees is visible), some say it is not.
– Jim D
Aug 26 at 10:28
Thanks Ron. There are conflicting views on here. Some say the specific web page is hidden (rather than the Domain, which everyone agrees is visible), some say it is not.
– Jim D
Aug 26 at 10:28
Believe me, there are ways that enterprise network administrators can monitor everything that happens on the network, and they are foolish if they do not do that. A business can be sued and have its network seized if it is found to have illegal activity. For example, an employee using it to view child pornography. The Feds will come in and shut down and seize the network. That is why so many businesses now outsource guest networks to companies that will deal with illegal activity and take the risk.
– Ron Maupin
Aug 26 at 15:45
Believe me, there are ways that enterprise network administrators can monitor everything that happens on the network, and they are foolish if they do not do that. A business can be sued and have its network seized if it is found to have illegal activity. For example, an employee using it to view child pornography. The Feds will come in and shut down and seize the network. That is why so many businesses now outsource guest networks to companies that will deal with illegal activity and take the risk.
– Ron Maupin
Aug 26 at 15:45
Thanks Ron. Certainly nothing as extreme as that but I take the point!
– Jim D
Aug 26 at 15:56
Thanks Ron. Certainly nothing as extreme as that but I take the point!
– Jim D
Aug 26 at 15:56
Most likely, there is not some person watching everything, but there are automated ways to monitor all the activity, and flag to a live person if something seems untoward. There are software and services to which companies can subscribe that is always being updated. My company has such a service, and it (I think) is too restrictive, blocking legitimate attempts to Internet requests, and we must fill out a bunch of paperwork detailing why a site or service is legitimate if it is on the service list.
– Ron Maupin
Aug 26 at 16:07
Most likely, there is not some person watching everything, but there are automated ways to monitor all the activity, and flag to a live person if something seems untoward. There are software and services to which companies can subscribe that is always being updated. My company has such a service, and it (I think) is too restrictive, blocking legitimate attempts to Internet requests, and we must fill out a bunch of paperwork detailing why a site or service is legitimate if it is on the service list.
– Ron Maupin
Aug 26 at 16:07
 |Â
show 2 more comments
3 Answers
3
active
oldest
votes
up vote
5
down vote
There is more than just HTTP to consider here...
WiFi
WiFi by it's very nature is an incredibly open technology. Anyone with an antenna and radio in your proximity can collect traffic.
The WiFi network itself can be encrypted, but there are many ways to get around this. If you're connecting to a company network, then it's probable that others nearby also have the password.
Capture and Archive
Remember - the network administrator can see all traffic that passes on their network, and there is nothing to stop them from capturing and archiving it.
If a weakness was discovered in a "secure" session, then any collected data could be compromised and potentially decrypted.
If computing power advances sufficiently, brute-forcing could be a viable option to get the plain-text data.
It's unlikely that an average company would log significant accounts of "on the wire" traffic.
Attribution
Traffic can be tied directly to your phone, based on your device's MAC address.
"MAC Address Randomisation" has been provided more recently... however in some cases this is not enough to properly anonymize the traffic.
DNS
For a standard phone setup, DNS queries are easily visible to the network operator and your neighbours. For example, your phone asking for the IP address for google.com, or mail.google.com.
It's possible, but I'd suggest unlikely that a company would log DNS queries - unless they are of a reasonable size.
IP Addressing
Communicating with another system on the network / internet requires that packets are directed accordingly using the remote system's IP address.
In many cases this will identify the site, or the company that you're communicating with directly (i.e: Google servers only host Google services). However many smaller sites use shared hosting (i.e: multiple websites on a single server), making it less implicit which website you were browsing.
HTTP (no SSL)
Typically the actual web traffic will be encrypted using SSL / HTTPS. But remember that there are still websites that don't enforce or even provide HTTPS support, so in these cases, all traffic can be "seen".
HTTPS
For websites using HTTPS (ignoring the DNS information above), it's now possible to host multiple domains on a single server using Server Name Indication. This permits the server to respond to the handshake with the correct SSL certificate, depending on which domain the client requested information from.
In this case, the hostname is still sent in plain-text as part of the handshake and is therefore visible.
Man in the Middle
In the case where HTTPS is used, there are still possibilities for the network operator to decrypt your traffic. Many companies run a proxy, installing a certificate on employee devices (laptops, phones, etc...).
In this case you are vulnerable to a "Man in the Middle" attack - your employer can decrypt all of the traffic, offer proxy-type services (e.g: content filtering, caching, etc...), and then potentially forward your request on to the destination server using the "correct" certificate.
This is unlikely for a personal device.
This is also somewhat mitigated by DNS Certification Authority Authorization... unless the operator spoofs the DNS responses for this too. I don't know if browsers cache the DNS CAA responses at all...
VPN
If you're using a VPN, with everything configured correctly, then it's probable that only the VPN server's DNS record will leak locally (presuming you're not using a direct IP), but my statement above about captured and archived traffic still stands. You also need to trust your VPN provider.
However, if your VPN setup isn't configured correctly, then DNS queries can still leak quite easily.
In summary, assume that:
- A network operator (and anyone nearby) can see all traffic.
- A network operator can definitely see the IP address of the remote server you're communicating with.
- It's almost certain that the network operator can see the hostname of the site you're communicating with (e.g:
google.com).- The hostname will leak via DNS.
- The hostname will probably leak via SNI too (part of the SSL handshake)
- The schema can be inferred (e.g:
https://). - It's very possible that corporate devices have their traffic decrypted at a proxy. It is otherwise unlikely that others can easily "see" your decrypted traffic.
- Any captured data could be valuable in the future - encryption is really a temporary measure - until a vulnerability is found, or computing power advances enough to make brute-forcing trivial.
answered Aug 25 at 20:21
Attie
8,54231934
Thanks. So should my base assumption be that they have seen the full URL? I accidentally connected for a short time to a NSFW twitter page without realising my personal phone was connected to the guest Wifi at work.
– Jim D
Aug 25 at 20:37
I would presume that you're fine... just be careful not to do it again. Especially as this probably breaches their usage policy.
– Attie
Aug 25 at 20:38
Thanks. You are very helpful. Are you saying it should be “fine†because the URL is buried in thousands of others, or because there is a chance they can’t see the full URL ie nothing after twitter.com?
– Jim D
Aug 25 at 20:48
1
Downvoting as this answer is not only overly complicated it doesn’t answer the question and suggests several other “possibilities†that are either completely irrelevant or are so unlikely it’s not even worth mentioning.
– Appleoddity
Aug 26 at 1:26
1
@NordlysJeger a very specific question was asked. Basically, can my employer see the information after the domain name? Covering all this extra stuff is not inaccurate, but only leads to confusion as most of it doesn’t even apply to the very specific question. You can see it confused the OP who indicated he still doesn’t understand.
– Appleoddity
Aug 26 at 1:50
 |Â
show 6 more comments
up vote
0
down vote
To answer your specific question assuming you have zero workarounds... after connecting to GenericCo's guest wifi, you open a browser and attempt to navigate to https://google.com/news.
A) A DNS request is sent out in the clear, asking the DNS server what the IP address is. DNS is not typically encrypted, so a snoopy sysadmin with WireShark can see it easily. This visible DNS request occurs for all domains and subdomains, so that mail.google.com and google.com are visible as two separate requests.
B) An HTTPS connection request is sent to that IP address. Handshaking occurs and your computer attempts to download that specific page /news. Theoretically, you have a secure HTTPS connection at this point, so it's much harder for a snoop to see it.
In general, assume that your employer can see anything that you do on their network. It is their Internet connection after all. You can obfuscate it using VPN and other methods that will show up in other answers. However, be aware that other individuals besides your employer may be able to see it too. Using a VPN will reduce the amount of snooping that nearby people will be able to do, but then you have to trust the VPN provider.
answered Aug 25 at 23:41
Christopher Hostage
2,235422
Thanks. Does this mean you (generally) agree with my scenario 1 ie there is a DNS request that is just google.com and then a handshake and only the receiving server sees the request for “/newsâ€� Ie the “/news†is not logged on router logs?
– Jim D
Aug 26 at 6:07
Maybe. Familiarize yourself with WireShark and other tools, and see what the actual packets leaving your PC say. I just tried it in Chrome and Firefox on PC and Mac to confirm that scenario #1 appears to be the case. But don't take my word for it - test it yourself using multiple tools. Look into the Mac/*nix tool "dig" as well. And mind my original answer - assume that your employer can see everything.
– Christopher Hostage
Aug 27 at 16:53
add a comment |Â
up vote
0
down vote
The simple answer to this question is that your scenario 1 is correct.
The connection is HTTPS, nobody can see what is entered after the domain name portion of the URL, except you and the other party you’re connecting to. Your employer only knows the following information:
- Your device name, your MAC address and IP address
- The AP you’re connected to and approximate location of your device.
- Your sign in name if you had to enter it to connect to WiFi
- The domain names of sites you access and when and for how long
- All details of traffic that is unencrypted.
This assumes you have not allowed your employer to install anything on your device. And, it assumes your employer has actually taken the extra steps necessary to actually gather some of this info. Finally, yes, these 5 items do suggest that they may not even know who’s phone it is that is on their network.
This amount of information does allow your employer to deduce a lot of things about the model of your phone, apps installed on your phone and your internet behavior.
With that said, the obvious disclaimer here is that you shouldn’t use your employer’s WiFi to do things that violate company policy. So, if you’re concerned just stay off the company WiFi.
answered Aug 26 at 1:44
Appleoddity
6,20021024
Thanks, Apple. That’s very helpful. So the company’s router wouldn’t “see†and therefore log anything after the domain name?
– Jim D
Aug 26 at 6:30
@JimD yes, that is correct.
– Appleoddity
Aug 26 at 13:35
Thanks. This is helpful and sets my mind at rest (somewhat). Does the analysis change if the company is using a web proxy?
– Jim D
Aug 26 at 14:25
add a comment |Â
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
5
down vote
There is more than just HTTP to consider here...
WiFi
WiFi by it's very nature is an incredibly open technology. Anyone with an antenna and radio in your proximity can collect traffic.
The WiFi network itself can be encrypted, but there are many ways to get around this. If you're connecting to a company network, then it's probable that others nearby also have the password.
Capture and Archive
Remember - the network administrator can see all traffic that passes on their network, and there is nothing to stop them from capturing and archiving it.
If a weakness was discovered in a "secure" session, then any collected data could be compromised and potentially decrypted.
If computing power advances sufficiently, brute-forcing could be a viable option to get the plain-text data.
It's unlikely that an average company would log significant accounts of "on the wire" traffic.
Attribution
Traffic can be tied directly to your phone, based on your device's MAC address.
"MAC Address Randomisation" has been provided more recently... however in some cases this is not enough to properly anonymize the traffic.
DNS
For a standard phone setup, DNS queries are easily visible to the network operator and your neighbours. For example, your phone asking for the IP address for google.com, or mail.google.com.
It's possible, but I'd suggest unlikely that a company would log DNS queries - unless they are of a reasonable size.
IP Addressing
Communicating with another system on the network / internet requires that packets are directed accordingly using the remote system's IP address.
In many cases this will identify the site, or the company that you're communicating with directly (i.e: Google servers only host Google services). However many smaller sites use shared hosting (i.e: multiple websites on a single server), making it less implicit which website you were browsing.
HTTP (no SSL)
Typically the actual web traffic will be encrypted using SSL / HTTPS. But remember that there are still websites that don't enforce or even provide HTTPS support, so in these cases, all traffic can be "seen".
HTTPS
For websites using HTTPS (ignoring the DNS information above), it's now possible to host multiple domains on a single server using Server Name Indication. This permits the server to respond to the handshake with the correct SSL certificate, depending on which domain the client requested information from.
In this case, the hostname is still sent in plain-text as part of the handshake and is therefore visible.
Man in the Middle
In the case where HTTPS is used, there are still possibilities for the network operator to decrypt your traffic. Many companies run a proxy, installing a certificate on employee devices (laptops, phones, etc...).
In this case you are vulnerable to a "Man in the Middle" attack - your employer can decrypt all of the traffic, offer proxy-type services (e.g: content filtering, caching, etc...), and then potentially forward your request on to the destination server using the "correct" certificate.
This is unlikely for a personal device.
This is also somewhat mitigated by DNS Certification Authority Authorization... unless the operator spoofs the DNS responses for this too. I don't know if browsers cache the DNS CAA responses at all...
VPN
If you're using a VPN, with everything configured correctly, then it's probable that only the VPN server's DNS record will leak locally (presuming you're not using a direct IP), but my statement above about captured and archived traffic still stands. You also need to trust your VPN provider.
However, if your VPN setup isn't configured correctly, then DNS queries can still leak quite easily.
In summary, assume that:
- A network operator (and anyone nearby) can see all traffic.
- A network operator can definitely see the IP address of the remote server you're communicating with.
- It's almost certain that the network operator can see the hostname of the site you're communicating with (e.g:
google.com).- The hostname will leak via DNS.
- The hostname will probably leak via SNI too (part of the SSL handshake)
- The schema can be inferred (e.g:
https://). - It's very possible that corporate devices have their traffic decrypted at a proxy. It is otherwise unlikely that others can easily "see" your decrypted traffic.
- Any captured data could be valuable in the future - encryption is really a temporary measure - until a vulnerability is found, or computing power advances enough to make brute-forcing trivial.
answered Aug 25 at 20:21
Attie
8,54231934
Thanks. So should my base assumption be that they have seen the full URL? I accidentally connected for a short time to a NSFW twitter page without realising my personal phone was connected to the guest Wifi at work.
– Jim D
Aug 25 at 20:37
I would presume that you're fine... just be careful not to do it again. Especially as this probably breaches their usage policy.
– Attie
Aug 25 at 20:38
Thanks. You are very helpful. Are you saying it should be “fine†because the URL is buried in thousands of others, or because there is a chance they can’t see the full URL ie nothing after twitter.com?
– Jim D
Aug 25 at 20:48
1
Downvoting as this answer is not only overly complicated it doesn’t answer the question and suggests several other “possibilities†that are either completely irrelevant or are so unlikely it’s not even worth mentioning.
– Appleoddity
Aug 26 at 1:26
1
@NordlysJeger a very specific question was asked. Basically, can my employer see the information after the domain name? Covering all this extra stuff is not inaccurate, but only leads to confusion as most of it doesn’t even apply to the very specific question. You can see it confused the OP who indicated he still doesn’t understand.
– Appleoddity
Aug 26 at 1:50
 |Â
show 6 more comments
up vote
5
down vote
There is more than just HTTP to consider here...
WiFi
WiFi by it's very nature is an incredibly open technology. Anyone with an antenna and radio in your proximity can collect traffic.
The WiFi network itself can be encrypted, but there are many ways to get around this. If you're connecting to a company network, then it's probable that others nearby also have the password.
Capture and Archive
Remember - the network administrator can see all traffic that passes on their network, and there is nothing to stop them from capturing and archiving it.
If a weakness was discovered in a "secure" session, then any collected data could be compromised and potentially decrypted.
If computing power advances sufficiently, brute-forcing could be a viable option to get the plain-text data.
It's unlikely that an average company would log significant accounts of "on the wire" traffic.
Attribution
Traffic can be tied directly to your phone, based on your device's MAC address.
"MAC Address Randomisation" has been provided more recently... however in some cases this is not enough to properly anonymize the traffic.
DNS
For a standard phone setup, DNS queries are easily visible to the network operator and your neighbours. For example, your phone asking for the IP address for google.com, or mail.google.com.
It's possible, but I'd suggest unlikely that a company would log DNS queries - unless they are of a reasonable size.
IP Addressing
Communicating with another system on the network / internet requires that packets are directed accordingly using the remote system's IP address.
In many cases this will identify the site, or the company that you're communicating with directly (i.e: Google servers only host Google services). However many smaller sites use shared hosting (i.e: multiple websites on a single server), making it less implicit which website you were browsing.
HTTP (no SSL)
Typically the actual web traffic will be encrypted using SSL / HTTPS. But remember that there are still websites that don't enforce or even provide HTTPS support, so in these cases, all traffic can be "seen".
HTTPS
For websites using HTTPS (ignoring the DNS information above), it's now possible to host multiple domains on a single server using Server Name Indication. This permits the server to respond to the handshake with the correct SSL certificate, depending on which domain the client requested information from.
In this case, the hostname is still sent in plain-text as part of the handshake and is therefore visible.
Man in the Middle
In the case where HTTPS is used, there are still possibilities for the network operator to decrypt your traffic. Many companies run a proxy, installing a certificate on employee devices (laptops, phones, etc...).
In this case you are vulnerable to a "Man in the Middle" attack - your employer can decrypt all of the traffic, offer proxy-type services (e.g: content filtering, caching, etc...), and then potentially forward your request on to the destination server using the "correct" certificate.
This is unlikely for a personal device.
This is also somewhat mitigated by DNS Certification Authority Authorization... unless the operator spoofs the DNS responses for this too. I don't know if browsers cache the DNS CAA responses at all...
VPN
If you're using a VPN, with everything configured correctly, then it's probable that only the VPN server's DNS record will leak locally (presuming you're not using a direct IP), but my statement above about captured and archived traffic still stands. You also need to trust your VPN provider.
However, if your VPN setup isn't configured correctly, then DNS queries can still leak quite easily.
In summary, assume that:
- A network operator (and anyone nearby) can see all traffic.
- A network operator can definitely see the IP address of the remote server you're communicating with.
- It's almost certain that the network operator can see the hostname of the site you're communicating with (e.g:
google.com).- The hostname will leak via DNS.
- The hostname will probably leak via SNI too (part of the SSL handshake)
- The schema can be inferred (e.g:
https://). - It's very possible that corporate devices have their traffic decrypted at a proxy. It is otherwise unlikely that others can easily "see" your decrypted traffic.
- Any captured data could be valuable in the future - encryption is really a temporary measure - until a vulnerability is found, or computing power advances enough to make brute-forcing trivial.
answered Aug 25 at 20:21
Attie
8,54231934
Thanks. So should my base assumption be that they have seen the full URL? I accidentally connected for a short time to a NSFW twitter page without realising my personal phone was connected to the guest Wifi at work.
– Jim D
Aug 25 at 20:37
I would presume that you're fine... just be careful not to do it again. Especially as this probably breaches their usage policy.
– Attie
Aug 25 at 20:38
Thanks. You are very helpful. Are you saying it should be “fine†because the URL is buried in thousands of others, or because there is a chance they can’t see the full URL ie nothing after twitter.com?
– Jim D
Aug 25 at 20:48
1
Downvoting as this answer is not only overly complicated it doesn’t answer the question and suggests several other “possibilities†that are either completely irrelevant or are so unlikely it’s not even worth mentioning.
– Appleoddity
Aug 26 at 1:26
1
@NordlysJeger a very specific question was asked. Basically, can my employer see the information after the domain name? Covering all this extra stuff is not inaccurate, but only leads to confusion as most of it doesn’t even apply to the very specific question. You can see it confused the OP who indicated he still doesn’t understand.
– Appleoddity
Aug 26 at 1:50
 |Â
show 6 more comments
up vote
5
down vote
up vote
5
down vote
There is more than just HTTP to consider here...
WiFi
WiFi by it's very nature is an incredibly open technology. Anyone with an antenna and radio in your proximity can collect traffic.
The WiFi network itself can be encrypted, but there are many ways to get around this. If you're connecting to a company network, then it's probable that others nearby also have the password.
Capture and Archive
Remember - the network administrator can see all traffic that passes on their network, and there is nothing to stop them from capturing and archiving it.
If a weakness was discovered in a "secure" session, then any collected data could be compromised and potentially decrypted.
If computing power advances sufficiently, brute-forcing could be a viable option to get the plain-text data.
It's unlikely that an average company would log significant accounts of "on the wire" traffic.
Attribution
Traffic can be tied directly to your phone, based on your device's MAC address.
"MAC Address Randomisation" has been provided more recently... however in some cases this is not enough to properly anonymize the traffic.
DNS
For a standard phone setup, DNS queries are easily visible to the network operator and your neighbours. For example, your phone asking for the IP address for google.com, or mail.google.com.
It's possible, but I'd suggest unlikely that a company would log DNS queries - unless they are of a reasonable size.
IP Addressing
Communicating with another system on the network / internet requires that packets are directed accordingly using the remote system's IP address.
In many cases this will identify the site, or the company that you're communicating with directly (i.e: Google servers only host Google services). However many smaller sites use shared hosting (i.e: multiple websites on a single server), making it less implicit which website you were browsing.
HTTP (no SSL)
Typically the actual web traffic will be encrypted using SSL / HTTPS. But remember that there are still websites that don't enforce or even provide HTTPS support, so in these cases, all traffic can be "seen".
HTTPS
For websites using HTTPS (ignoring the DNS information above), it's now possible to host multiple domains on a single server using Server Name Indication. This permits the server to respond to the handshake with the correct SSL certificate, depending on which domain the client requested information from.
In this case, the hostname is still sent in plain-text as part of the handshake and is therefore visible.
Man in the Middle
In the case where HTTPS is used, there are still possibilities for the network operator to decrypt your traffic. Many companies run a proxy, installing a certificate on employee devices (laptops, phones, etc...).
In this case you are vulnerable to a "Man in the Middle" attack - your employer can decrypt all of the traffic, offer proxy-type services (e.g: content filtering, caching, etc...), and then potentially forward your request on to the destination server using the "correct" certificate.
This is unlikely for a personal device.
This is also somewhat mitigated by DNS Certification Authority Authorization... unless the operator spoofs the DNS responses for this too. I don't know if browsers cache the DNS CAA responses at all...
VPN
If you're using a VPN, with everything configured correctly, then it's probable that only the VPN server's DNS record will leak locally (presuming you're not using a direct IP), but my statement above about captured and archived traffic still stands. You also need to trust your VPN provider.
However, if your VPN setup isn't configured correctly, then DNS queries can still leak quite easily.
In summary, assume that:
- A network operator (and anyone nearby) can see all traffic.
- A network operator can definitely see the IP address of the remote server you're communicating with.
- It's almost certain that the network operator can see the hostname of the site you're communicating with (e.g:
google.com).- The hostname will leak via DNS.
- The hostname will probably leak via SNI too (part of the SSL handshake)
- The schema can be inferred (e.g:
https://). - It's very possible that corporate devices have their traffic decrypted at a proxy. It is otherwise unlikely that others can easily "see" your decrypted traffic.
- Any captured data could be valuable in the future - encryption is really a temporary measure - until a vulnerability is found, or computing power advances enough to make brute-forcing trivial.
answered Aug 25 at 20:21
Attie
8,54231934
There is more than just HTTP to consider here...
WiFi
WiFi by it's very nature is an incredibly open technology. Anyone with an antenna and radio in your proximity can collect traffic.
The WiFi network itself can be encrypted, but there are many ways to get around this. If you're connecting to a company network, then it's probable that others nearby also have the password.
Capture and Archive
Remember - the network administrator can see all traffic that passes on their network, and there is nothing to stop them from capturing and archiving it.
If a weakness was discovered in a "secure" session, then any collected data could be compromised and potentially decrypted.
If computing power advances sufficiently, brute-forcing could be a viable option to get the plain-text data.
It's unlikely that an average company would log significant accounts of "on the wire" traffic.
Attribution
Traffic can be tied directly to your phone, based on your device's MAC address.
"MAC Address Randomisation" has been provided more recently... however in some cases this is not enough to properly anonymize the traffic.
DNS
For a standard phone setup, DNS queries are easily visible to the network operator and your neighbours. For example, your phone asking for the IP address for google.com, or mail.google.com.
It's possible, but I'd suggest unlikely that a company would log DNS queries - unless they are of a reasonable size.
IP Addressing
Communicating with another system on the network / internet requires that packets are directed accordingly using the remote system's IP address.
In many cases this will identify the site, or the company that you're communicating with directly (i.e: Google servers only host Google services). However many smaller sites use shared hosting (i.e: multiple websites on a single server), making it less implicit which website you were browsing.
HTTP (no SSL)
Typically the actual web traffic will be encrypted using SSL / HTTPS. But remember that there are still websites that don't enforce or even provide HTTPS support, so in these cases, all traffic can be "seen".
HTTPS
For websites using HTTPS (ignoring the DNS information above), it's now possible to host multiple domains on a single server using Server Name Indication. This permits the server to respond to the handshake with the correct SSL certificate, depending on which domain the client requested information from.
In this case, the hostname is still sent in plain-text as part of the handshake and is therefore visible.
Man in the Middle
In the case where HTTPS is used, there are still possibilities for the network operator to decrypt your traffic. Many companies run a proxy, installing a certificate on employee devices (laptops, phones, etc...).
In this case you are vulnerable to a "Man in the Middle" attack - your employer can decrypt all of the traffic, offer proxy-type services (e.g: content filtering, caching, etc...), and then potentially forward your request on to the destination server using the "correct" certificate.
This is unlikely for a personal device.
This is also somewhat mitigated by DNS Certification Authority Authorization... unless the operator spoofs the DNS responses for this too. I don't know if browsers cache the DNS CAA responses at all...
VPN
If you're using a VPN, with everything configured correctly, then it's probable that only the VPN server's DNS record will leak locally (presuming you're not using a direct IP), but my statement above about captured and archived traffic still stands. You also need to trust your VPN provider.
However, if your VPN setup isn't configured correctly, then DNS queries can still leak quite easily.
In summary, assume that:
- A network operator (and anyone nearby) can see all traffic.
- A network operator can definitely see the IP address of the remote server you're communicating with.
- It's almost certain that the network operator can see the hostname of the site you're communicating with (e.g:
google.com).- The hostname will leak via DNS.
- The hostname will probably leak via SNI too (part of the SSL handshake)
- The schema can be inferred (e.g:
https://). - It's very possible that corporate devices have their traffic decrypted at a proxy. It is otherwise unlikely that others can easily "see" your decrypted traffic.
- Any captured data could be valuable in the future - encryption is really a temporary measure - until a vulnerability is found, or computing power advances enough to make brute-forcing trivial.
answered Aug 25 at 20:21
Attie
8,54231934
edited Aug 26 at 8:42
answered Aug 25 at 20:21
Attie
8,54231934
answered Aug 25 at 20:21
Attie
8,54231934
answered Aug 25 at 20:21
Attie
8,54231934
8,54231934
Thanks. So should my base assumption be that they have seen the full URL? I accidentally connected for a short time to a NSFW twitter page without realising my personal phone was connected to the guest Wifi at work.
– Jim D
Aug 25 at 20:37
I would presume that you're fine... just be careful not to do it again. Especially as this probably breaches their usage policy.
– Attie
Aug 25 at 20:38
Thanks. You are very helpful. Are you saying it should be “fine†because the URL is buried in thousands of others, or because there is a chance they can’t see the full URL ie nothing after twitter.com?
– Jim D
Aug 25 at 20:48
1
Downvoting as this answer is not only overly complicated it doesn’t answer the question and suggests several other “possibilities†that are either completely irrelevant or are so unlikely it’s not even worth mentioning.
– Appleoddity
Aug 26 at 1:26
1
@NordlysJeger a very specific question was asked. Basically, can my employer see the information after the domain name? Covering all this extra stuff is not inaccurate, but only leads to confusion as most of it doesn’t even apply to the very specific question. You can see it confused the OP who indicated he still doesn’t understand.
– Appleoddity
Aug 26 at 1:50
 |Â
show 6 more comments
Thanks. So should my base assumption be that they have seen the full URL? I accidentally connected for a short time to a NSFW twitter page without realising my personal phone was connected to the guest Wifi at work.
– Jim D
Aug 25 at 20:37
I would presume that you're fine... just be careful not to do it again. Especially as this probably breaches their usage policy.
– Attie
Aug 25 at 20:38
Thanks. You are very helpful. Are you saying it should be “fine†because the URL is buried in thousands of others, or because there is a chance they can’t see the full URL ie nothing after twitter.com?
– Jim D
Aug 25 at 20:48
1
Downvoting as this answer is not only overly complicated it doesn’t answer the question and suggests several other “possibilities†that are either completely irrelevant or are so unlikely it’s not even worth mentioning.
– Appleoddity
Aug 26 at 1:26
1
@NordlysJeger a very specific question was asked. Basically, can my employer see the information after the domain name? Covering all this extra stuff is not inaccurate, but only leads to confusion as most of it doesn’t even apply to the very specific question. You can see it confused the OP who indicated he still doesn’t understand.
– Appleoddity
Aug 26 at 1:50
Thanks. So should my base assumption be that they have seen the full URL? I accidentally connected for a short time to a NSFW twitter page without realising my personal phone was connected to the guest Wifi at work.
– Jim D
Aug 25 at 20:37
Thanks. So should my base assumption be that they have seen the full URL? I accidentally connected for a short time to a NSFW twitter page without realising my personal phone was connected to the guest Wifi at work.
– Jim D
Aug 25 at 20:37
I would presume that you're fine... just be careful not to do it again. Especially as this probably breaches their usage policy.
– Attie
Aug 25 at 20:38
I would presume that you're fine... just be careful not to do it again. Especially as this probably breaches their usage policy.
– Attie
Aug 25 at 20:38
Thanks. You are very helpful. Are you saying it should be “fine†because the URL is buried in thousands of others, or because there is a chance they can’t see the full URL ie nothing after twitter.com?
– Jim D
Aug 25 at 20:48
Thanks. You are very helpful. Are you saying it should be “fine†because the URL is buried in thousands of others, or because there is a chance they can’t see the full URL ie nothing after twitter.com?
– Jim D
Aug 25 at 20:48
1
1
Downvoting as this answer is not only overly complicated it doesn’t answer the question and suggests several other “possibilities†that are either completely irrelevant or are so unlikely it’s not even worth mentioning.
– Appleoddity
Aug 26 at 1:26
Downvoting as this answer is not only overly complicated it doesn’t answer the question and suggests several other “possibilities†that are either completely irrelevant or are so unlikely it’s not even worth mentioning.
– Appleoddity
Aug 26 at 1:26
1
1
@NordlysJeger a very specific question was asked. Basically, can my employer see the information after the domain name? Covering all this extra stuff is not inaccurate, but only leads to confusion as most of it doesn’t even apply to the very specific question. You can see it confused the OP who indicated he still doesn’t understand.
– Appleoddity
Aug 26 at 1:50
@NordlysJeger a very specific question was asked. Basically, can my employer see the information after the domain name? Covering all this extra stuff is not inaccurate, but only leads to confusion as most of it doesn’t even apply to the very specific question. You can see it confused the OP who indicated he still doesn’t understand.
– Appleoddity
Aug 26 at 1:50
 |Â
show 6 more comments
up vote
0
down vote
To answer your specific question assuming you have zero workarounds... after connecting to GenericCo's guest wifi, you open a browser and attempt to navigate to https://google.com/news.
A) A DNS request is sent out in the clear, asking the DNS server what the IP address is. DNS is not typically encrypted, so a snoopy sysadmin with WireShark can see it easily. This visible DNS request occurs for all domains and subdomains, so that mail.google.com and google.com are visible as two separate requests.
B) An HTTPS connection request is sent to that IP address. Handshaking occurs and your computer attempts to download that specific page /news. Theoretically, you have a secure HTTPS connection at this point, so it's much harder for a snoop to see it.
In general, assume that your employer can see anything that you do on their network. It is their Internet connection after all. You can obfuscate it using VPN and other methods that will show up in other answers. However, be aware that other individuals besides your employer may be able to see it too. Using a VPN will reduce the amount of snooping that nearby people will be able to do, but then you have to trust the VPN provider.
answered Aug 25 at 23:41
Christopher Hostage
2,235422
Thanks. Does this mean you (generally) agree with my scenario 1 ie there is a DNS request that is just google.com and then a handshake and only the receiving server sees the request for “/newsâ€� Ie the “/news†is not logged on router logs?
– Jim D
Aug 26 at 6:07
Maybe. Familiarize yourself with WireShark and other tools, and see what the actual packets leaving your PC say. I just tried it in Chrome and Firefox on PC and Mac to confirm that scenario #1 appears to be the case. But don't take my word for it - test it yourself using multiple tools. Look into the Mac/*nix tool "dig" as well. And mind my original answer - assume that your employer can see everything.
– Christopher Hostage
Aug 27 at 16:53
add a comment |Â
up vote
0
down vote
To answer your specific question assuming you have zero workarounds... after connecting to GenericCo's guest wifi, you open a browser and attempt to navigate to https://google.com/news.
A) A DNS request is sent out in the clear, asking the DNS server what the IP address is. DNS is not typically encrypted, so a snoopy sysadmin with WireShark can see it easily. This visible DNS request occurs for all domains and subdomains, so that mail.google.com and google.com are visible as two separate requests.
B) An HTTPS connection request is sent to that IP address. Handshaking occurs and your computer attempts to download that specific page /news. Theoretically, you have a secure HTTPS connection at this point, so it's much harder for a snoop to see it.
In general, assume that your employer can see anything that you do on their network. It is their Internet connection after all. You can obfuscate it using VPN and other methods that will show up in other answers. However, be aware that other individuals besides your employer may be able to see it too. Using a VPN will reduce the amount of snooping that nearby people will be able to do, but then you have to trust the VPN provider.
answered Aug 25 at 23:41
Christopher Hostage
2,235422
Thanks. Does this mean you (generally) agree with my scenario 1 ie there is a DNS request that is just google.com and then a handshake and only the receiving server sees the request for “/newsâ€� Ie the “/news†is not logged on router logs?
– Jim D
Aug 26 at 6:07
Maybe. Familiarize yourself with WireShark and other tools, and see what the actual packets leaving your PC say. I just tried it in Chrome and Firefox on PC and Mac to confirm that scenario #1 appears to be the case. But don't take my word for it - test it yourself using multiple tools. Look into the Mac/*nix tool "dig" as well. And mind my original answer - assume that your employer can see everything.
– Christopher Hostage
Aug 27 at 16:53
add a comment |Â
up vote
0
down vote
up vote
0
down vote
To answer your specific question assuming you have zero workarounds... after connecting to GenericCo's guest wifi, you open a browser and attempt to navigate to https://google.com/news.
A) A DNS request is sent out in the clear, asking the DNS server what the IP address is. DNS is not typically encrypted, so a snoopy sysadmin with WireShark can see it easily. This visible DNS request occurs for all domains and subdomains, so that mail.google.com and google.com are visible as two separate requests.
B) An HTTPS connection request is sent to that IP address. Handshaking occurs and your computer attempts to download that specific page /news. Theoretically, you have a secure HTTPS connection at this point, so it's much harder for a snoop to see it.
In general, assume that your employer can see anything that you do on their network. It is their Internet connection after all. You can obfuscate it using VPN and other methods that will show up in other answers. However, be aware that other individuals besides your employer may be able to see it too. Using a VPN will reduce the amount of snooping that nearby people will be able to do, but then you have to trust the VPN provider.
answered Aug 25 at 23:41
Christopher Hostage
2,235422
To answer your specific question assuming you have zero workarounds... after connecting to GenericCo's guest wifi, you open a browser and attempt to navigate to https://google.com/news.
A) A DNS request is sent out in the clear, asking the DNS server what the IP address is. DNS is not typically encrypted, so a snoopy sysadmin with WireShark can see it easily. This visible DNS request occurs for all domains and subdomains, so that mail.google.com and google.com are visible as two separate requests.
B) An HTTPS connection request is sent to that IP address. Handshaking occurs and your computer attempts to download that specific page /news. Theoretically, you have a secure HTTPS connection at this point, so it's much harder for a snoop to see it.
In general, assume that your employer can see anything that you do on their network. It is their Internet connection after all. You can obfuscate it using VPN and other methods that will show up in other answers. However, be aware that other individuals besides your employer may be able to see it too. Using a VPN will reduce the amount of snooping that nearby people will be able to do, but then you have to trust the VPN provider.
answered Aug 25 at 23:41
Christopher Hostage
2,235422
answered Aug 25 at 23:41
Christopher Hostage
2,235422
answered Aug 25 at 23:41
Christopher Hostage
2,235422
answered Aug 25 at 23:41
Christopher Hostage
2,235422
2,235422
Thanks. Does this mean you (generally) agree with my scenario 1 ie there is a DNS request that is just google.com and then a handshake and only the receiving server sees the request for “/newsâ€� Ie the “/news†is not logged on router logs?
– Jim D
Aug 26 at 6:07
Maybe. Familiarize yourself with WireShark and other tools, and see what the actual packets leaving your PC say. I just tried it in Chrome and Firefox on PC and Mac to confirm that scenario #1 appears to be the case. But don't take my word for it - test it yourself using multiple tools. Look into the Mac/*nix tool "dig" as well. And mind my original answer - assume that your employer can see everything.
– Christopher Hostage
Aug 27 at 16:53
add a comment |Â
Thanks. Does this mean you (generally) agree with my scenario 1 ie there is a DNS request that is just google.com and then a handshake and only the receiving server sees the request for “/newsâ€� Ie the “/news†is not logged on router logs?
– Jim D
Aug 26 at 6:07
Maybe. Familiarize yourself with WireShark and other tools, and see what the actual packets leaving your PC say. I just tried it in Chrome and Firefox on PC and Mac to confirm that scenario #1 appears to be the case. But don't take my word for it - test it yourself using multiple tools. Look into the Mac/*nix tool "dig" as well. And mind my original answer - assume that your employer can see everything.
– Christopher Hostage
Aug 27 at 16:53
Thanks. Does this mean you (generally) agree with my scenario 1 ie there is a DNS request that is just google.com and then a handshake and only the receiving server sees the request for “/newsâ€� Ie the “/news†is not logged on router logs?
– Jim D
Aug 26 at 6:07
Thanks. Does this mean you (generally) agree with my scenario 1 ie there is a DNS request that is just google.com and then a handshake and only the receiving server sees the request for “/newsâ€� Ie the “/news†is not logged on router logs?
– Jim D
Aug 26 at 6:07
Maybe. Familiarize yourself with WireShark and other tools, and see what the actual packets leaving your PC say. I just tried it in Chrome and Firefox on PC and Mac to confirm that scenario #1 appears to be the case. But don't take my word for it - test it yourself using multiple tools. Look into the Mac/*nix tool "dig" as well. And mind my original answer - assume that your employer can see everything.
– Christopher Hostage
Aug 27 at 16:53
Maybe. Familiarize yourself with WireShark and other tools, and see what the actual packets leaving your PC say. I just tried it in Chrome and Firefox on PC and Mac to confirm that scenario #1 appears to be the case. But don't take my word for it - test it yourself using multiple tools. Look into the Mac/*nix tool "dig" as well. And mind my original answer - assume that your employer can see everything.
– Christopher Hostage
Aug 27 at 16:53
add a comment |Â
up vote
0
down vote
The simple answer to this question is that your scenario 1 is correct.
The connection is HTTPS, nobody can see what is entered after the domain name portion of the URL, except you and the other party you’re connecting to. Your employer only knows the following information:
- Your device name, your MAC address and IP address
- The AP you’re connected to and approximate location of your device.
- Your sign in name if you had to enter it to connect to WiFi
- The domain names of sites you access and when and for how long
- All details of traffic that is unencrypted.
This assumes you have not allowed your employer to install anything on your device. And, it assumes your employer has actually taken the extra steps necessary to actually gather some of this info. Finally, yes, these 5 items do suggest that they may not even know who’s phone it is that is on their network.
This amount of information does allow your employer to deduce a lot of things about the model of your phone, apps installed on your phone and your internet behavior.
With that said, the obvious disclaimer here is that you shouldn’t use your employer’s WiFi to do things that violate company policy. So, if you’re concerned just stay off the company WiFi.
answered Aug 26 at 1:44
Appleoddity
6,20021024
Thanks, Apple. That’s very helpful. So the company’s router wouldn’t “see†and therefore log anything after the domain name?
– Jim D
Aug 26 at 6:30
@JimD yes, that is correct.
– Appleoddity
Aug 26 at 13:35
Thanks. This is helpful and sets my mind at rest (somewhat). Does the analysis change if the company is using a web proxy?
– Jim D
Aug 26 at 14:25
add a comment |Â
up vote
0
down vote
The simple answer to this question is that your scenario 1 is correct.
The connection is HTTPS, nobody can see what is entered after the domain name portion of the URL, except you and the other party you’re connecting to. Your employer only knows the following information:
- Your device name, your MAC address and IP address
- The AP you’re connected to and approximate location of your device.
- Your sign in name if you had to enter it to connect to WiFi
- The domain names of sites you access and when and for how long
- All details of traffic that is unencrypted.
This assumes you have not allowed your employer to install anything on your device. And, it assumes your employer has actually taken the extra steps necessary to actually gather some of this info. Finally, yes, these 5 items do suggest that they may not even know who’s phone it is that is on their network.
This amount of information does allow your employer to deduce a lot of things about the model of your phone, apps installed on your phone and your internet behavior.
With that said, the obvious disclaimer here is that you shouldn’t use your employer’s WiFi to do things that violate company policy. So, if you’re concerned just stay off the company WiFi.
answered Aug 26 at 1:44
Appleoddity
6,20021024
Thanks, Apple. That’s very helpful. So the company’s router wouldn’t “see†and therefore log anything after the domain name?
– Jim D
Aug 26 at 6:30
@JimD yes, that is correct.
– Appleoddity
Aug 26 at 13:35
Thanks. This is helpful and sets my mind at rest (somewhat). Does the analysis change if the company is using a web proxy?
– Jim D
Aug 26 at 14:25
add a comment |Â
up vote
0
down vote
up vote
0
down vote
The simple answer to this question is that your scenario 1 is correct.
The connection is HTTPS, nobody can see what is entered after the domain name portion of the URL, except you and the other party you’re connecting to. Your employer only knows the following information:
- Your device name, your MAC address and IP address
- The AP you’re connected to and approximate location of your device.
- Your sign in name if you had to enter it to connect to WiFi
- The domain names of sites you access and when and for how long
- All details of traffic that is unencrypted.
This assumes you have not allowed your employer to install anything on your device. And, it assumes your employer has actually taken the extra steps necessary to actually gather some of this info. Finally, yes, these 5 items do suggest that they may not even know who’s phone it is that is on their network.
This amount of information does allow your employer to deduce a lot of things about the model of your phone, apps installed on your phone and your internet behavior.
With that said, the obvious disclaimer here is that you shouldn’t use your employer’s WiFi to do things that violate company policy. So, if you’re concerned just stay off the company WiFi.
answered Aug 26 at 1:44
Appleoddity
6,20021024
The simple answer to this question is that your scenario 1 is correct.
The connection is HTTPS, nobody can see what is entered after the domain name portion of the URL, except you and the other party you’re connecting to. Your employer only knows the following information:
- Your device name, your MAC address and IP address
- The AP you’re connected to and approximate location of your device.
- Your sign in name if you had to enter it to connect to WiFi
- The domain names of sites you access and when and for how long
- All details of traffic that is unencrypted.
This assumes you have not allowed your employer to install anything on your device. And, it assumes your employer has actually taken the extra steps necessary to actually gather some of this info. Finally, yes, these 5 items do suggest that they may not even know who’s phone it is that is on their network.
This amount of information does allow your employer to deduce a lot of things about the model of your phone, apps installed on your phone and your internet behavior.
With that said, the obvious disclaimer here is that you shouldn’t use your employer’s WiFi to do things that violate company policy. So, if you’re concerned just stay off the company WiFi.
answered Aug 26 at 1:44
Appleoddity
6,20021024
answered Aug 26 at 1:44
Appleoddity
6,20021024
answered Aug 26 at 1:44
Appleoddity
6,20021024
answered Aug 26 at 1:44
Appleoddity
6,20021024
6,20021024
Thanks, Apple. That’s very helpful. So the company’s router wouldn’t “see†and therefore log anything after the domain name?
– Jim D
Aug 26 at 6:30
@JimD yes, that is correct.
– Appleoddity
Aug 26 at 13:35
Thanks. This is helpful and sets my mind at rest (somewhat). Does the analysis change if the company is using a web proxy?
– Jim D
Aug 26 at 14:25
add a comment |Â
Thanks, Apple. That’s very helpful. So the company’s router wouldn’t “see†and therefore log anything after the domain name?
– Jim D
Aug 26 at 6:30
@JimD yes, that is correct.
– Appleoddity
Aug 26 at 13:35
Thanks. This is helpful and sets my mind at rest (somewhat). Does the analysis change if the company is using a web proxy?
– Jim D
Aug 26 at 14:25
Thanks, Apple. That’s very helpful. So the company’s router wouldn’t “see†and therefore log anything after the domain name?
– Jim D
Aug 26 at 6:30
Thanks, Apple. That’s very helpful. So the company’s router wouldn’t “see†and therefore log anything after the domain name?
– Jim D
Aug 26 at 6:30
@JimD yes, that is correct.
– Appleoddity
Aug 26 at 13:35
@JimD yes, that is correct.
– Appleoddity
Aug 26 at 13:35
Thanks. This is helpful and sets my mind at rest (somewhat). Does the analysis change if the company is using a web proxy?
– Jim D
Aug 26 at 14:25
Thanks. This is helpful and sets my mind at rest (somewhat). Does the analysis change if the company is using a web proxy?
– Jim D
Aug 26 at 14:25
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1352296%2fcan-my-employer-see-websites-viewed-on-personal-phone-using-corporate-wifi%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
3
You must assume that the administrators of a network can monitor all the traffic on their network.
– Ron Maupin
Aug 26 at 8:35
Thanks Ron. There are conflicting views on here. Some say the specific web page is hidden (rather than the Domain, which everyone agrees is visible), some say it is not.
– Jim D
Aug 26 at 10:28
Believe me, there are ways that enterprise network administrators can monitor everything that happens on the network, and they are foolish if they do not do that. A business can be sued and have its network seized if it is found to have illegal activity. For example, an employee using it to view child pornography. The Feds will come in and shut down and seize the network. That is why so many businesses now outsource guest networks to companies that will deal with illegal activity and take the risk.
– Ron Maupin
Aug 26 at 15:45
Thanks Ron. Certainly nothing as extreme as that but I take the point!
– Jim D
Aug 26 at 15:56
Most likely, there is not some person watching everything, but there are automated ways to monitor all the activity, and flag to a live person if something seems untoward. There are software and services to which companies can subscribe that is always being updated. My company has such a service, and it (I think) is too restrictive, blocking legitimate attempts to Internet requests, and we must fill out a bunch of paperwork detailing why a site or service is legitimate if it is on the service list.
– Ron Maupin
Aug 26 at 16:07