sandwichesandapples

A couple of weeks ago I wrote a quick post about Staying Safe and Secret Online at Work in which I talked about TOR. In addition to keeping your browsing secret I pointed out a very legitimate work-related function I have for TOR:

TOR is also useful to me for my work. Because I work in the web department and our IT department has a lockdown on the web servers that we use, it’s a tremendous pain to try to get them to set-up anything out of the ordinary scope. So a few weeks ago, my bosses bought their own commercial hosting to use as our playground. The problem was that they couldn’t even login to our new hosting control panel because the corporate firewall blocked it. I told them about TOR and we got around that obstacle.

This morning my supervisor asked me if I’d gotten any emails from IT about TOR. I said I hadn’t. He said we were allowed to use it anymore. I replied ironically, “I’m shocked.”

A few things:
1) I never assumed we were “allowed” to use it. I wasn’t going to call up IT and say, “Hey, I know a way around your pain-in-the-ass corporate firewall. Is that cool?”

2) How did they discover we were using it? My guess: human intelligence. I had really debated whether to tell my superiors how to get around the firewall in order to use our third-party web server. Now I know I shouldn’t have.

2a) The real kick in the pants is that we’ve never used our own web server even after I got us access to it. Corporate bureaucracy is corporate bureaucracy. My superiors would rather go through all the legit, nonsense channels rather than upset the status quo and use a non-corporate web server to accomplish our tasks faster and easier.

3) I’m using TOR right now. Short of them uninstalling it and then locking my PC down so I can’t install my own programs, I don’t know how they can block it. There probably is a way. But they obviously haven’t found it yet.

4) Bottom line, while TOR may keep you secret, the fact that you’re running it may not be a secret. So use wisely.

UPDATE: My supervisor showed me the email from IT. They didn’t mention TOR. They only noticed that a few of us had installed Privoxy which is packaged with TOR. At least, that’s all they say they’ve noticed. As I pointed out before, you should probably assume IT knows everything you do on your computer all the time. But at least I got a little clarity on what exactly seems suspicious to them. They didn’t say, “your employees are visiting forbidden sites” only “we see you’ve installed a program that might possibly be used maliciously.”

Still, I keep learning that “dynamic” web team or not, we’re still super corporate and there’s no point in telling my superiors about anything “hacky” even when it improves our work. They won’t take advantage of it anyway.

A few weeks ago a friend asked me out of curiosity if her IT department could see everything she was doing online. Yes, they can. A friend of mine who handled IT for a law firm once told me that he and his manager had a record of every employee’s passwords to personal accounts (seriously, like bank accounts) and routinely watched their activities by opening employees’ screens on their own. They would follow IM conversations between employees and literally knew everything that was “secretly” happening in the firm. Terrifying.

If IT wants to open your screen on theirs and watch what you’re doing, there’s not much you can do about it. But here are three things I do to allow a modicum of privacy. Bear in mind, I’m not an IT guy. This is just information from an amateur who digs privacy. (continue reading…)

Every once in a while I’ll catch a few minutes of a show like TMZ where they’ll have video footage of a celebrity being followed (actually usually “preceded” since the photogs are shooting the celeb from the front) by throngs of paparazzi and I think of how annoying it has to be for a celebrity who is honestly not seeking attention to find him or herself in such a situation. Suddenly they have to be on their best behavior when just grabbing a cup of coffee. Most of the photographers would love a bad reaction from the celeb, after all.

Every so often a celeb will make a feeble attempt to turn the tables — photographing the photographers or something. But obviously this means little to the paparazzi. Recently after seeing some footage like that, I remembered a gadget called the Fulgurator that Wired and Boing Boing covered. It projects graffiti (invisible to the eye of the cameraman) onto photographs. The intention of the creator was a sort of stealth street art — he projected messages into strangers’ photos.

But could celebrities (or anyone) who didn’t want to be photographed use such a device defensively? Could the Fulgurator “brand” the photos of paprazzi so they were unsellable? People magazine isn’t going to buy a photograph of Britney Spears if it has the words “This photo was taken by a cocksucker” on it. So until that invisibility cloak becomes commercial, maybe the Fulgurator is a useful weapon to protect celebrity privacy.