How do employers monitor public wifi?

[GoodEnough]

How do employers monitor public wifi?

 

[paperwastage]

if you control the public wifi, you can set up logging on the router itself to determine who access what

who = based on the MAC address of your wifi card

if you don't control the public wifi, you can still capture packets and figure out who access what (if they were going to a non-https site)

also, there are ways to figure out who you are via metadata. eg, user A accesses http://www.facebook.com/myprofile a lot, probably that's his/her profile

read this: http://arstechnica.com/security/201...ine-metadata-actually-reveals-where-ive-been/

 

[GoodEnough]

Logging

 

[Fardringle]

Even with completely open wifi, it's still easy to log activity based on MAC/IP address.

 

[bearxor]

If you'd like to know what one of my major rules are, this is one of them.

Never trust any wifi network you don't directly control.

If you're even remotely worried about someone monitoring your access, stay off it.

 

[GoodEnough]

MAC

 

[paperwastage]

Yes, but assuming you have the offending device's MAC/IP, how would you link that to a particular user? Again, say the device is a personal cell phone not issues by the employer. How do you then connect it to a person (IF there is no metadata, b/c the user only goes to one site)

And no, this is not for a "friend". I have just always wondered how this works.

cookies can leak

you could also try to triangulate a user based on wifi signal

 

[BladeVenom]

Even with completely open wifi, it's still easy to log activity based on MAC/IP address.

Spoof your MAC address. There's an app for that.

 

[Tsaar]

You could also setup a personal VPN tunnel so all traffic is encrypted.

I am so paranoid I refuse to join any wifi other than my home WLAN. I just use LTE all the time. I have 10GB of shared data and so far haven't come close to using it up, so I haven't had much motivation to do this myself.

 

[GoodEnough]

Some people prefer surfing on a desktop (email, etc) than on a tiny cell phone.

I am still wondering how they can tie a MAC address to a specific privately owned device.

 

[Tsaar]

Some people prefer surfing on a desktop (email, etc) than on a tiny cell phone.

I am still wondering how they can tie a MAC address to a specific privately owned device.

I limit my non-work related browsing to news, sports, and some tech news.

When I want to browse video games sites and post to forums I generally use my phone.

You are also right about the MAC address thing. I know sometimes I stay late and I may be the only one there. It wouldn't be hard to see the one MAC address using that particular AP and then have that data (this would also mean they would have to watch security cameras of the elevators/stair wells to know it was me that stayed late while also assuming it was me using that AP because I sit in that location). I am not saying it would be easy, but they could if they really wanted to figure it out in many cases.

 

[zerogear]

You can have a landing page then use that page to log MAC/IP address as well as other information such as browser information/system specs/operating system. Which could help narrow down who is who.

 

[Chrono]

My employer has me log into a private wifi network with my LDAP credentials.

 

[paperwastage]

My employer has me log into a private wifi network with my LDAP credentials.

at least they didn't force you to install their https certificate (which means they can sniff everything you do including secure sites)

 

[GoodEnough]

Ok, so it sounds like they can manually figure out who is attached to a MAC address, but it's not automatic nor trivial. At the first step, they have a MAC address of someone's smartphone, and some metadata, but that's all. There's no direct link b/w MAC address and "John Smith in cubicle 2945C"