• stevedidwhat_infosec@infosec.pub
    link
    fedilink
    arrow-up
    27
    arrow-down
    1
    ·
    1 year ago

    I work in cybersec - I’m not going to speak for all businesses or individuals but I will give you my perspective.

    Sometimes we need to see browser history to help with timeline correlation, it’s mainly to see “how did this file get here, was it downloaded etc.

    Sometimes the investigators need to check out the things they need to check out, BUT

    BUT

    It needs to be done precisely and sparingly where needed only. This means instead of going through the entire history file, or doing unrelated correlation work (spying on you without cause) you are going to only grab specific timeframes from things you suspect explicitly to prevent any overreach. It’s a tricky balance to hold but also why it’s so important for people in tech to be privacy advocates as well.

    There’s a difference between searching for answers to a problem that arose and looking for/predicting problems (thought crime detected!)

    • The Bard in Green@lemmy.starlightkel.xyz
      link
      fedilink
      arrow-up
      9
      ·
      edit-2
      1 year ago

      I also work in cybersecurity. Second everything this person said.

      This thread is a good reminder, because at many organizations HR / management can and will look at your browser history (and computer activity in general) as a method of monitoring performance and staying in control.

      But at my organization, we have never once looked at anyone’s browser history (and I know that HR hasn’t because they would have to go through us). We certainly could if we were asked to and we would if there was an incident (what we would care about is sensitive / confidential information getting leaked or suspicious activity on the network using a specific person’s credentials, suggesting those credentials may be compromised). But in almost 2 years (we’re a startup in the aerospace electronics sector) we have never once had cause to do that and we have a philosophy that happy relaxed employees who feel trusted by their employer are the kinds of employees that we want, so we wouldn’t intrude that way without cause ever.

      • edric@lemm.ee
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        I third(?) this. Security and IT teams are too busy to be monitoring your everyday habits. Sure, they can see your history if they wanted to, but they won’t unless there is an appropriate justification to do so, and it’s usually triggered by an incident or HR. There also stricit rules with doing so because employees still have the right to their own privacy. It’s not like HR can just go over to the security guy and ask them to pull someone’s browsing history.

    • sylver_dragon@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      Another Cybersec worker here, and I’ll broadly agree with all this. That said, I’d also point out that, depending on your site setup, the browser history may be nothing more than another place to correlate information we have from elsewhere.

      Several sites I have been at have used Data Loss Prevention (DLP) software which automagically records (and possibly blocks) data moving into and out of the environment. This can be very detailed, to the point of knowing when someone copy/pastes data to a web form. I’ve also been at sites which sniff web traffic at the firewall and record full pcaps and extract metadata for quick analysis. So yes, for those not aware, deleting browser history or using “in private” browsing or other steps to avoid us seeing your porn browsing, may not be as effective as you think.

      All that said, I’ve never been on a Cybersec team which has had enough time to really care about porn browsing, so long as you are not putting the network at risk. And, so long as HR/Management doesn’t tell us to care. We have better things to spend our time on.

      Lastly, if you don’t want us seeing it, don’t so it on a work computer. Look, we have lots of ways to see what you are doing. Just, do that stuff at home, on your own hardware. And leave the work computer for work. Writing up misuse reports is something I really hate doing.