0

Not that you guys need the reminder, but your work sees all your browser history and you may not even be able to delete it if you wanted to(lemmy.ca)

posted
by
Avatar
t0fr@lemmy.ca
in
Avatar
privacy@lemmy.ml
23 comments
hidereport
Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments
Avatar
N-E-N@lemmy.ca
0 points

Anyone know exactly what they could see if you’re on a personal device but work-wifi?

permalink
report
reply
Avatar
freundTech@feddit.de
0 points
*

Usually the websites and apps you use, but not what specific page you visit and it’s content.

If you for example visit https://en.wikipedia.org/wiki/Labor_unions_in_the_United_States they could see that you visited https://en.wikipedia.org/ but nothing more.

This is assuming that the website is encrypted (it starts with https://, not http://), which nowadays luckily most websites are. Otherwise they can see the specific page, it’s content and most likely also all information you input on that page.

permalink
report
parent
reply
Avatar
Juja@lemmy.world
0 points

if the company had installed something that uses similar technology as a pihole, wouldn’t they technically be able to see everything even if you use https?

permalink
report
parent
reply
Avatar
freundTech@feddit.de
0 points
*

Mostly no. PiHole works by providing a DNS server.

A DNS server is responsible for turning domain names such as en.wikipedia.org into internet protocol addresses such as 185.15.58.224.

PiHole has a list of known ad serving domains and when asked to resolve one just replies with an invalid address.

Running the DNS server itself would only give them access to the above mentioned data. However, they could respond with wrong addresses to redirect all traffic over a man in the middle proxy.

For an https secured connection this would just result in a certificate error, warning the user to not proceed. Https secured websites have a certificate electronically signed by a trusted outside party, that verifies that they really are the owner of a specific domain.

Another option would be to redirect the user to a man in the middle proxy that pretends to not support https in order to trick the browser and server into opening an unencrypted connection. This works on some websites, but can be noticed by the user (as the browser now displays “Not Secure” and “http://”) in the address bar) and is protected again by newer security mechanisms like HSTS that allow websites to tell browsers to always contact them over https in the future.

Basically if the site supports HSTS and you have visited it before this also won’t work.

permalink
report
parent
reply
Show more comments

Privacy

!privacy@lemmy.ml

Create post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

Community stats

  • 4.4K

    Monthly active users

  • 1.7K

    Posts

  • 24K

    Comments

Community moderators