Photo courtesy of HaSHe
In my daily web adventures, I stumbled across this disturbing question on Metafilter about web privacy while at work. What's disturbing to me about the question is the general lack of understanding about technology fundamentals. I thought I would take a moment to share some experiences from the IT perspective that will hopefully shed a little light on things for some.
First, it's important to understand what you are actually doing when you are surfing the web and sending out your emails. The Internet works in a request / response messaging system. You request something from somewhere and that "place" responds back with the appropriate message. When you do this, your message and the response are not communicated directly but through a series of connected nodes. Even though you are talking to a server down the block, your message could possibly travel to the other side of the country and back through any number of stops. It's like a game of "pass it on" that you played in grade school. In theory every machine that your message passes through has the capability of reading your message.
So, we've established that it's possible that your credit card information you submitted to purchase a pair of fuzzy bunny slippers could have passed through several servers before it reached it's destination. How is it that your information can be protected. My non-tech friends and family will recognize that the URL starts with "https" or that their is a lock somewhere in their web browser. What does this mean? Well, this basically means that before any information gets sent to the server, your computer and the server will work out a special code to communicate so that your message is protected from prying eyes in between the source and destination.
Putting this all Together
I think for the most part non-techies understand that lock=good and no lock=bad. Unfortunately that is where things stop. For home use that is generally all that matters provided the machine isn't riddled with spyware and virii. When you step into the workplace it's a totally different ball game for one very important reason. At work, you do not control your computer. Let me repeat that: At work, you don't control your computer. I do. Well, at least someone like me controls your computer. Those same people you annoy with your printer troubles and questions about why that video your friend sent you isn't showing up in your inbox; they control your computer.
Is that scary to you? It should be. So, while it's true that when you order something with the "lock" showing that others won't be able to see the digital message as it travels between here and the merchant's server, there's nothing stopping me from watching what you do. I won't be watching over your shoulder. Instead, I'll be recording your screen as if it were a tv show. Now, instead of seeing your digital messages, I can watch your day of typing and application switching like it were a primetime show. I'll also have key log of everything you typed and a breakdown of how much time you spent in each application and web site. I can watch you without you knowing it.
How scared are you now?
I hope you are scared enough to stop checking your bank account at work and to stop trying to shop for your secret lover. I could really be watching you. It's important to note that if I'm watching you, you're screwed anyway. Management thinks you are a screw up and want to know what you are doing during the day. They basically want to know if you are goofing off during the day or if you just suck at your job. That's when I step in and install some software that grabs all of that information that you think is private before it ever hits the Internet.
Fortunately I'm an honest guy and I would NEVER do anything with the stuff I've seen. Unfortunately, I've seen people's bank account balances with account numbers, usernames, and passwords. I've seen personal stuff about their family. I've seen their interactions on social networks. It's really good for those people that I have morals and ethics. In fact, the experience for me was rather unsettling. I just felt wrong watching people.
Wrapping this all up
While you are at work, you should be working. That computer that sits in front of you isn't your home computer and it's not for your enjoyment. It's just a tool to do your job. Think of it as your hammer to pound out your email nails. It's okay (if your employer isn't an ass) to take a breather once in a while to check out the news or weather. However, please heed my warnings above; it's not a good idea to do anything at work that is personal.