October 30th, 2004, 02:54 AM
question about privacy and keylogging
I've recently discovered that my university is logging every keystrokes that are typed into bash, whether the user is on a unix machine or using X-Win32. I do see the use of this from both a security standpoint as well as from a sys. admin's perspective. However, users are NOT warned of such logging activities.
Furthermore, a duplicate of the cache and of our web history is made for 'sys admin purposes'.
I'm seriously considering contacting our system administrator to voice my concerns over the (lack of) privacy but I was wondering what you guys thought as to whether or not it was an invasion of privacy to log keystrokes without at least notifying the user of this activity.
thanks a lot for any insights,
all the best,
October 30th, 2004, 03:33 AM
I think that's bad. I login to my computer at home from bash all the time at school. All they'd have to do is see something in the log like
and they'd have a shell account :P. Unless I'm missing something and they can't get the password like that, but I'm pretty sure they can. Are you sure they are doing this. If they haven't told you how do you know?
October 30th, 2004, 03:49 AM
thanks a lot for your reply.
i know this because i found the 'hidden' log files on my share. It had a '.' before the filename to prevent normal display if done by an 'ls -l' call.
I've checked with some trusted fellow students and they all have the same type of log files on there shares (so this nulls the possibility that my account was hacked, unless every one else on campus has been hacked which could still be a possibility).
Luckily, the file did not contain any passwords (which would be very foolish of them).
October 30th, 2004, 04:46 AM
IMO, it's not your network, not your computer, therefore you do not have any privacy rights on it. If you connect to your home computer, it makes no difference. I hold this opinion for everything all the way to web surfing in the workplace... It's not yours, and the owner has the right to take any actions neccessary to protect their network and their hardware.
The only exception I see is 911 or family emergency telephone calls...
October 30th, 2004, 05:25 AM
all they have to do is state that they may monitor your network usage when you sign the acceptable use policy. if they didn't have you sign one...they're in deep ****.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
October 30th, 2004, 05:43 AM
Are you sure it's a keylogger? It looks to me like you just found bash's log file (where bash stores the command history). If that's the case and you're really paranoid, write a script that deletes the file(s) every "x" minutes.
October 30th, 2004, 08:24 PM
Soda: i do agree with you that its not my network and they certainly do have and should have administrative rights. However, I believe that its not right to not a user know that their session is monitored. If they had told me in advance, for instance in the Acceptable Use Policy that I signed in my first year at the university, I would be totaly cool about it.
Tedob1: as just stated, I did sign a AUP, and nowhere on it does it say that the CONTENT of the sessions were logged. All it pretty much stated was the 'usual', such as 'no porn', 'no hacking', 'no copyrights infringement'.
CGKanchi: yes the bash history, plus the html of every webpage, including personal emails
(no, not the 'pine' session: I primarly use the universitie's SquirelMail engine) that I have visited since what appears to be the beginning of this school year. Since I do a lot of web surfing, it was then that I realize that my disk quota was mysteriously being reduced by large amounts every time i checked. I do understand the point of storing some html pages on the hard disk for quick retrieval and yes, administrative use. But when were talking about over 20MB of saved log files over a 80MB disk quota, its becoming rediculous!
Thanks to everyone for their replies.
October 30th, 2004, 08:40 PM
You may want to reread the EULA again , because I would bet dollars to dimes that somewhere in there it says that they have the right to modify the EULA at any time, without notifying you.... just a hunch.
October 30th, 2004, 09:46 PM
Pssst.... Groove.... It's an AUP not a EULA....
banshee.... I wouldn't worry too much.... If you are using the computer for what they are supposed to be used for then what they log is pretty much irrelevant isn't it?
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
October 31st, 2004, 12:47 AM
lol..I was just reading threads where people were griping about EULA's.......must have forgot what thread I was responding too..yeah, that's it. 8O