Browser

How do new private browsing capabilities affect forensics?

Chrome has it. IE8 and Firefox 3.1 have it. So what does it mean to forensics investigators? I'm talking about private browsing--the ability to visit sites, conduct research, or participate in illegal/unethical activities without leaving tell-tale signs behind.

Chrome has it.  IE8 and Firefox 3.1 have it.  So what does it mean to forensics investigators?  I’m talking about private browsing--the ability to visit sites, conduct research, or participate in illegal/unethical activities without leaving tell-tale signs behind. 

Recent interest in this capability, sparked by privacy enhancements touted by Mozilla, Google, and Microsoft, prompted me to take a closer look at what this might mean to my forensics investigations.  As usual, the impact on reconstructing questionable behavior depends on the browser used and the skills of both the problem employee and the investigator.

The need for private browsing

Some common reasons given for private browsing include:

  • Researching a medical condition
  • Shopping from a home PC for a surprise gift or vacation
  • Planning a surprise birthday party

However, most family members aren’t going to know how to get around methods already provided by browsers—deleting cookies, cache content, and other session information written to disk.  So these are rather weak arguments for stronger browsing privacy.

A more appropriate reason might be deleting anything written to disk which might be used to track Internet use or other behavior.  This is already an available configuration, at some level, in all major browsers.

The problem with these reasons for eliminating all evidence of systems use is they are often a smoke screen for nefarious or illegal activities, including:

  • Cheating on a spouse
  • Theft of sensitive information
  • Visiting child porn sites
  • Participation in questionable organizations

I’m all for personal privacy, but let’s be honest about why many pine for these capabilities.  They want to be able to live secret lives via the Web.  And this is nobody’s business if the actions are not illegal or harmful to others, and they take place on home PCs.  However, when these actions move to company-owned systems, they become potential forensics problems.

Private Browsing Capabilities in IE and Firefox

Microsoft and Mozilla seem to be taking different approaches to private browsing.  Firefox 3.0 had the capability to delete session information when closing the browser.  This isn’t perfect, allowing disk recovery tools access to information, but it works for most reasons people give for privacy.  It looks like Microsoft is simply trying to play catch-up with IE8. 

Tests run against Microsoft’s InPrivateBrowsing feature, however, were successful in retrieving browsing history and other information about user activities.  (See IE8's 'privacy' mode leaks your private data, PC Advisor, 29 August 2008.)  Unless tightened up in the final release, InPrivateBrowsing will protect against ordinary user searches but not from someone committed to retrieving user activity.

According to the Mozilla Wiki, Firefox 3.1 will take a different approach based on the premise that “The purpose of private browsing is to put Firefox into a temporary state where no information about the user’s browsing session is stored locally” (Private Browsing, Mozilla Wiki).  According to Firefox 3.1 functional specifications, the following browser functions will be prohibited from writing to disk when in private mode:

  • Cache service
  • Cookies service
  • Permissions manager
  • SSL certificate exception manager
  • History service
  • Form/Search bar auto-complete history manager
  • Download manager
  • Login manager
  • Content specific preferences manager
  • Session restore service
  • Error console service

Instead of writing this information to disk, it will be stored in memory and deleted when private browsing ends.

What this means for forensics

The time of easy access to evidence of unwanted activity on company systems is drawing to a close.  Browser privacy capabilities and user awareness of what needs to be done to hide their actions are improving.  Even if the browsers don’t effectively remove all evidence of questionable activity, there are plenty of utilities that do.  The resourceful criminal or reprobate already knows about them and is probably skilled in their use. 

When conducting research for this article, I was unable to find a spot solution for by-passing browser privacy on an end-point device as part of an approved investigation.  However, private browsing only affects the end-user device.  Unencrypted traffic passing over a company’s network is still a good source of digital evidence.  This capability, coupled with device or web filter configurations preventing unauthorized SSL connections, provides still provides reasonable privacy with visibility into questionable activities on company infrastructure.

About

Tom is a security researcher for the InfoSec Institute and an IT professional with over 30 years of experience. He has written three books, Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide (to be publish...

87 comments
TonytheTiger
TonytheTiger

You don't need physical access to the computer. Get a warrant for the ISP's records. Business? Monitor your proxy...

john3347
john3347

This private browsing capability and the effects and implications it has on businesses and private browsing is a "double-edged sword". On one hand; if I am on my home computer researching information on a new automobile (that I am really not even interested in buying), I do not want to be bombarded the next day and for weeks to come with spam from every car dealer and manufacturer in 9 states. In this case, "nothing to hide - nothing to fear" does not apply. I should have the ability to surf anonymously. On the other hand; if I am on a company computer, on company time and surfing privately, the company has a right to monitor my activities and even take corrective action based on the tracks I cannot erase from their computer. Also on the other hand; if my neighbor - or your neighbor - is making plans to bomb the neighborhood - or the World Trade Center - and using his private computer to make plans to do so, proper authorities need access to that person's browsing history. It boils down to the fact that with world conditions as they are, we must give up certain small freedoms to preserve some of our huge freedoms. Perhaps private browsing is a small freedom that we must sacrifice for the preservation of the greater freedoms - and perhaps not. Now if we could just do something about this @&^$($% spam!

rpb_
rpb_

It annoys me that whenever the desire for privacy is discussed the unimaginative "nothing to hide, nothing to fear", "if you want privacy you must be up to no good" brigade crawl out of the woodwork. - When you write a letter to your beloved, do you make a copy of it for use later as forensic evidence? - When you phone your family, do you keep a transcript of the call for the same reasons? - When you are whispering sweet nothings to your sweetheart, do you record it on tape, just in case the authorities need it? - I assume you keep a written record of all of the books and magazines you read and TV and radio shows you watch. For all of the above actions (and many, many more scenarios) you have a perfectly reasonable expectation of privacy, Because You Are Not A Criminal. Innocent until proven guilty, remember? And also remember that the *vast* majority of the population are indeed innocent and not criminals, and so shouldn't have every aspect of their lives pried into, recorded, collated, analysed, extrapolated, etc., by any of the tens (hundreds?) of thousands of individuals in the police, local and national government departments, publicly-funded bodies, etc. At the moment, web browsers tend to keep open and unsecured records of everything you do online. This is mainly for the convenience of the end user and ease of implementation by the browser writers. But anyone's reasonable expectation of privacy would dictate that this shouldn't be readable by anyone else. It is no more anybody else's business where you surf than what you watch on TV, exactly what you do in the various rooms of my own house, the thoughts that occur to you or the private conversations you hold. Private Browsing is merely a step towards restoring the privacy to web surfing that should have been there from the beginning.

shardeth-15902278
shardeth-15902278

I would suggest that a good law should add freedom, not take freedoms away. Laws which remove freedoms are not laws, but dictatorial mandates. You suggest that a corporation has a right to 'spy' on my work browsing habits. I would respond that, If I am meeting/exceeding my work goals, if I am doing my part (or more) to ensure the success of the company, my browsing habits are irrelevant. And if I am not "carrying my weight" my browsing habits are also irrelevant. A good manager, in such a case, might give me a warning - try to help me correct poor behaviors, but ultimately it falls upon me to step up or get walked out. In either case, my browsing history is inconsequential. Looking up bomb making... that is an interesting one. I looked up stuff when I was younger, I suspect most teenage boys do. The FBI would be pretty busy following up on all those pointless leads. (Getting better at preemptively catching them isn't the fix for this problem anyway. The solution to this one is getting better at preventing them in the first place- by that I mean more and better education resources, and better mental/emotional health care, particularly maintenance/preventative care...)

NickNielsen
NickNielsen

[i]It boils down to the fact that with world conditions as they are, we must give up certain small freedoms to preserve some of our huge freedoms.[/i] NO! [u]H3ll no[/u]. [u][b]No f*ckin' way![/b][/u] If I give up small freedoms now, who's to say somebody won't want to take some of my larger freedoms later? The Constitution cannot and should be not waived, regardless of the circumstances. Even if your neighbor is planning to bomb the White House, he's entitled to do so until he accesses classified information or actually starts working to make those plans reality; only then does it become a criminal act. And even then, if the authorities want to look at his browsing history, they had darn well better show up with a warrant! I spent 24 years defending those small freedoms you want to give up and gave up some large freedoms while doing so. Now, in my dotage, I don't want to give up a damn one of my freedoms! edit: close [b]bold[/b] tag...

chris
chris

crime is part of a free society. a crime free society is a dictatorship. how many people are "punished" every day because of 911? yes, ~3000 people died that day. But that is no reason for the stupid response that causes so much suffering on the part of everyone else (law abiding folks).

Bizzo
Bizzo

Rewriting your statements to put a bit of a slant on them: - When someone writes a letter to your beloved, do you want a copy of it for use later in the divorce courts? - When a stalker phones your family, do you want a transcript of the call for when they take things further? - When your college is whispering sweet nothings to your sweetheart, do you record it on tape, just in case they deny it? - A number of terrorists have had evidence against them in the form of books, videos and websites they've visited on how to make bombs, etc. As with most things, it's a two sided coin.

anthony.p.marsh
anthony.p.marsh

I think you are spot on with those comments. I see no reason why anyone else should need to know what I do.

jrfolan
jrfolan

I agree with rpb_ on this one. If company policy is violated at our company, we have the proxy server to fall back on, to provide any evidence of wrongdoing. This is perfectly within our rights as a corporation, to monitor our traffic. But,as for what we all do at home-- a different story!

scoopboys
scoopboys

It depends upon which computer you are using to do these things. If you do any of the above on your own PC, nobody is going to be able to look at these things unless you give them access. The bigger concern (and the one the article really addresses) is COMPANY-OWNED computers. If you use company time and resources to chat with your sweetheart, watch TV shows and listen to radio shows, etc., it's not unreasonable to think that if that company believes usage to be excessive, they should have a way to audit. And in truth, they don't audit unless it is REALLY excessive, or if they believe the employee to be committing a crime or accessing inappropriate material. Private browsing on a private PC? No problem. Private browsing on a PC owned by your employer? Problem.

techrepublic
techrepublic

Wonderful, great post! Absolutely right!

TonytheTiger
TonytheTiger

Laws either restrict freedoms or modify other laws that do. Think about it... without law, anyone could do anything they wanted... Law is necessary to prevent one person's "anything they want" from interfering with another person's government protected rights. "Good law", in my opinion, tries to do this as unobtrusively as possible. [i]You suggest that a corporation has a right to 'spy' on my work browsing habits.[/i] It's THEIR equipment you're using... Why wouldn't they?

Glastron
Glastron

So as long as you are doing your job it is alright to surf child porn?

dland51
dland51

100% correct, goes to the basic right of innocent until proven guilty. Erosion starts with small bits until it snowballs into an avalanche, we have to curtail all erosion possible and that means standing up and shouting at the people who think they have the only right answer to a problem.

apotheon
apotheon

"[i]I spent 24 years defending those small freedoms you want to give up and gave up some large freedoms while doing so. Now, in my dotage, I don't want to give up a damn one of my freedoms![/i]" Precisely so. I didn't join the army to defend the "right" of the government to screw people out of the freedoms it is the military's job to protect.

Lost Cause?
Lost Cause?

Sounds like you believe in the tooth fairy, too. It's the one person that is NOT LAW Abiding that you need a gun to protect yourself from. We live in a country with 2 basically unprotected borders. Terrorists can come in any time they want to. Law abiding folks that love their country will protect the country because we are the "Standing Militia." I live along that "Unprotected" border with Mexico. In 2005, illegal immigrants from 126 different countries were caught and deported. Looking at a map going South from New Mexico, I don't see 126 countries. Do you? This means that we are under invasion from around the world. We need to let some of our basic freedoms relax so we are not wiped off the face of the planet. (Sorry about the terrible spelling in my first post. Excited, I guess!)

Lost Cause?
Lost Cause?

Sounds like you believe in the tooth fairy, too. It's the one person that is NO LAW Abing that you need a gun to protect yourself from. We live in a country with 2 basically unprotected borders. Terrorists can come in any time they want to. Law abiding folks that love their country will protect the country because we are the "Standing Militia." I live along that "Unprotected" border with Mexico. In 2005, illegal immigrants from 126 different countries were caught and deported. Looking at a map going South from New Mexico, I don't see 126 countries. Do you? This means that we are under invasion from around the world. We need to let some of our basic freedoms relax so we are not wiped off the face of the planet.

shardeth-15902278
shardeth-15902278

"He's a Nazi your honor! We have evidence that he read Mein Kampf!". "He was seen last night at a bar, obviously he's a drunkard." That they visited sites on bomb making is not evidence of anything (most teenage males probably have at one point or another). It is a tactic to engage the Jury's emotion, and cause them to draw a (unsubstantiated) conclusion regarding the character of the individual. I believe the appropriate term is FUD.

apotheon
apotheon

"[i]- A number of terrorists have had evidence against them in the form of books, videos and websites they've visited on how to make bombs, etc.[/i]" A much larger number of completely innocent people with healthy curiosities have had "evidence" against them in the form of books, videos, and Websites they've visited on how to make bombs, etc.

rpb_
rpb_

If you want to record company telephone calls, you can inform your employees that they will be monitored, and then install something to record the calls. You don't demand that *all* telephones have to be designed/built to record all calls. If you want to monitor postal mail coming into your office, then again you inform your employees that mail will be opened, and then set up a mailroom to open mail. You don't get the country-wide Postal Service to demand that *all* post has to be via postcards and ban opaque envelopes. Therefore, if *you* want to monitor web usage in *your* company, then inform your employees and then set up a software system to log their web usage. Don't expect all browsers to keep public logs of all user activity just because you happen to want to log what is happening on your network.

robthegeek
robthegeek

We often overlook the fact that the computer we use at work is not "our" computer, but in fact belongs to the company we represent. If you are using that tool to perform job searches or surfing inappropriate web-sites on company time, we, the company IT team should be able to review the sites you have been on for forensic purposes, nothing nefarious there. As an employee of an organization, you agree to abide by an Acceptable Use Policy, and the only way to confirm that you are indeed adhereing to that policy is random checks. If something comes out of the random checks, then further investigation is warranted. If you have nothing to hide, you have nothing to fear.

SObaldrick
SObaldrick

"Well, What SHOULD be true.... If you work for me, I own you while you're on the clock, and you have no rights during that period :)" Not allowed to pick your nose without getting permission the previous day. Les.

TonytheTiger
TonytheTiger

What SHOULD be true.... If you work for me, I own you while you're on the clock, and you have no rights during that period :) [Let me amend that... You do have one right... the right to leave if you don't like the conditions.]

apotheon
apotheon

It looks like, while my response was about what [b]should[/b] be true, you elected to discuss what [b]is[/b] true according to law and precedent.

TonytheTiger
TonytheTiger

[i]So it's ok for the company to listen in on your telephone conversations at work? What about the situation where the employee is given a company mobile phone? Does the company have the right to monitor all activity?[/i] To the point of determining whether a call is personal or work related, yes. If it's personal, they're supposed to stop listening. The phone number you call, however, is not protected. Nor are the addresses of the websites you visit. [i]What about other standard office equipment. Does the company have the right to search your desk at any time?[/i] Depends. Do they provide a lock, or allow you to install one? If it's your lock, then no. It it's theirs, then maybe. [i]If my car is parked on company property can it be searched?[/i] Probably not.

TonytheTiger
TonytheTiger

I would never intend on infringing on a liberty. Legislation should be limited to the bad results, not the mere possibility of such results. In the above example, the good law would be "inducing panic".

apotheon
apotheon

I've written articles advocating the view that [url=http://blogs.techrepublic.com.com/security/?p=293][b]privacy is security[/b][/url]. I deplore Obama's 180 degree turn-around on the matter of retroactive telco immunity. In general, I'm something of a staunch (rhetorical, at least) defender of privacy. There's a catch, though: "[i]So it's ok for the company to listen in on your telephone conversations at work?[/i]" There's a general assumption of privacy that has arisen in our culture in telephone conversations -- an assumption that, to be honest, should not have arisen to the degree it has. It extends even into the workplace, where you're using someone else's equipment to make the call. Because of that assumption -- and [b]only[/b] because of the widespread tacit approval of that assumption -- an employer should allow employees some privacy in telephone calls for the general case. There are two exceptions: 1. If the employer has an official policy that no personal calls are allowed, and makes that policy known to all employees, that assumption of privacy should be considered null and void. 2. If the employer specifically states that it may monitor telephone calls, again that assumption should be considered null and void -- regardless of whether personal calls are allowed. The fact of the matter is that the telephones, and the employer's end of the telephone network if applicable (in cases where the employer maintains a switchboard, for instance), belong to someone other than you. As such, the privacy that naturally applies is not yours -- it's your employer's privacy. You are being [b]allowed[/b] to use the employer's equipment [b]for the purpose of conducting business on its behalf[/b]. There are exceptions, of course -- very, very widespread exceptions. For instance, a public corporation may be treated as a legal entity with rights of its own, but the truth of the matter is that such a thing is [b]not[/b] an ethical being itself. As such, ethically speaking, it doesn't have any rights of its own. Only the people who make up the corporation's pool of employees, its board of directors, and its shareholders have any actual rights -- everything else is [b]privilege[/b] accorded by law. In the case of a public corporation, I don't feel so strongly that it has any right to tell employees what to do with regard to privacy, or to violate any expectations of privacy the same way an actual human owner of telephone equipment would. Yeah, it gets complicated, thanks the complexities of corporate law. Note that my opinions on the ethical nature of the situation do not equate to the specifics of the legal state of affairs. One should, of course, always take the law into account when determining one's actions. "[i]What about the situation where the employee is given a company mobile phone? Does the company have the right to monitor all activity?[/i]" It may feel more private than a land line telephone inside the company's headquarters, but the same rules of ownership apply. "[i]What about other standard office equipment. Does the company have the right to search your desk at any time?[/i]" Why not? If you bring a lockbox with you, and keep it in your desk drawer, there's no reason the owner of the desk should not be allowed to find it by searching through the desk drawers. On the other hand, unless the owner of the desk set conditions on your use of the desks that contradict this, your reasonable expectation of privacy should protect that lockbox against having its lock picked by the desk's owner.

apotheon
apotheon

1. Don't limit people's ability to express themselves -- i.e., first do no harm. 2. Prosecute people who, through malicious intent or depraved indifference, threaten or harm others -- i.e., second protect against others doing harm. Following the "first, do no harm" principle would involve prosecuting someone for shouting "fire" in a crowded theater with the intent of watching pandemonium ensue. Breaking the "first, do no harm" principle would involve requiring movie theaters to forcibly fit muzzles onto everyone who buys a ticket so that they will all be incapable of shouting "fire" while they watch the movie.

SObaldrick
SObaldrick

You suggest that a corporation has a right to 'spy' on my work browsing habits. It's THEIR equipment you're using... Why wouldn't they? -------------- So it's ok for the company to listen in on your telephone conversations at work? What about the situation where the employee is given a company mobile phone? Does the company have the right to monitor all activity? What about other standard office equipment. Does the company have the right to search your desk at any time? If my car is parked on company property can it be searched? Not saying you're wrong, but the above statement opens up a whole bag of worms. Les.

TonytheTiger
TonytheTiger

except that the law sometimes inflicts a lesser harm to guard against a greater one. The "shouting 'Fire!' in a crowded movie theater example... we harm the right to free speech slightly in order to try to prevent a greater harm.

apotheon
apotheon

"[i]Law is necessary to prevent one person's 'anything they want' from interfering with another person's government protected rights. 'Good law', in my opinion, tries to do this as unobtrusively as possible.[/i]" First, do no harm. That is the mark of a good law. Anything that isn't designed with that principle of action in mind is a bad law by definition.

apotheon
apotheon

That may be so, but "spying" is clearly what Glastron and john3347 were talking about.

TonytheTiger
TonytheTiger

A supervisor's job is to make sure that his employees are doing their work. This usually requires some form of observation, and during the course of this observation, suspicious behavior may be observed. At that point it would be negligent of the supervisor to NOT investigate.

dland51
dland51

How can you be doing your job if you have the time to surf child porn? Work places can filter this issue at the point of access to the internet, they don't need to look at each computer to see what an employee is searching for, or reading. If the systems won't go to those sites no one will be wasting time trying.

shardeth-15902278
shardeth-15902278

So long as my taxes don't have to pay the medical bills that is... But then a little infection from the rusty tin-snips doesn't seem cruel or unusual in this case anyway.

apotheon
apotheon

"[i] So as long as you are doing your job it is alright to surf child porn?[/i]" Are you saying it's okay to spy on everybody just become someone might be looking at child porn?

techrepublic@
techrepublic@

shardeth: "And by stricter sentences (like decapitation perhaps?) of content creators." I think that the punishment should fit the crime. I'm not against decapitation but I think that a different part of the anatomy should be sliced.

shardeth-15902278
shardeth-15902278

to Job performance - the scope of employer 'spying'. Child porn on the other hand is a concern regardless of location. Again, I would suggest better addressed by prevention - that which I described previously re:bombs, and by content filtering. And by stricter sentences (like decapitation perhaps?) of content creators.

jmgarvin
jmgarvin

Ok, that was just to get you to read the post...but really, you're dead on. I defended the Constitution, not this farce that "protects" us from turr-ists. We've lost our way and I think too many people don't know what American stands for.

chris
chris

So when can I come over to make sure you're not breaking any laws? How's Friday around dinner time? And which of those people caught and deported are citizens? our constitution is not for ANYONE except US. Sheesh.

apotheon
apotheon

Maybe he's talking about allowing detainment, search, and seizure of vehicles and their occupants when crossing the border. A lot of that would involve privacy violation.

dland51
dland51

What does "relaxing" some of our basic freedoms have to do with illegal immigrants coming into the country from Mexico? This calls for interdiction and secure borders, not snooping on private computers.

apotheon
apotheon

What exactly are we protecting if, in the course of protecting it, we eliminate the rights and liberties that differentiate us from our enemies?

jmgarvin
jmgarvin

So, we need to take away freedoms and what this country is founded on because you are a xenophobe? "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." -Benjamin Franklin "I would rather be exposed to the inconveniences attending too much liberty, than those attending too small a degree of it." -Thomas Jefferson "He that would make his own liberty secure must guard even his enemy from oppression; for if he violates this duty he establishes a precedent that will reach to himself." - Thomas Paine So, you see, three men who FOUNDED the United States believe you are wrong.

apotheon
apotheon

"[i]his point was that he monitors his school system, not your home use.[/i]" The point is made in a way that is obviously intended to be more generally applied than just to his specific situation. "[i]If you're spending your work time researching for a novel (not work related) that's another reason for this guy to report you. Abusing company / school rules for internet use.[/i]" If he was really just referring to school, any reference to my working environment shouldn't have come up. Why are you contradicting your own argument, now? If you're running a school where kids aren't encouraged to do things like [b]write[/b], please let me know so I can send kids to some other school. "[i]If some K-12 kid is researching pocket nukes or toxic poisons, etc certainly reasons to investigate.[/i]" So . . . high school seniors, in your estimation, are not allowed to research novels? "[i]As the police terror reporting law goes, 'reporting you' doesn't arrest you.[/i]" If you cannot conceive of how being put on terrorist watch lists for completely innocent behavior is a bad thing, I don't think we have enough common ground on which to discuss the matter. "[i]If they find you're recently laid off from a bioweapons lab and have ordered stuff online, they might be concerned. If they find you're writing a paper or fiction then likely they wouldn't.[/i]" . . . and in the process of finding out I'm writing an academic paper or a work of fiction, my life has been turned upside down. No, thank you. "[i]Strange as it sounds, there have been instances where a person was 'writing a book' about a crime and acted out the steps, actually committing the crime. And sometimes used as cover.[/i]" Punish the crime -- not the research. Why is this so difficult to understand? "[i]As for privacy tabs affecting companies, they can deny you SSL from the browser, instead having a SSL server inside the company that accepts internet conx if they want to monitor all web traffic. This would be more effective than looking in browser caches as these do not keep all traffic. They get replaced over time and are not complete.[/i]" Amazing -- you said something reasonable.

Dr Dij
Dr Dij

his point was that he monitors his school system, not your home use. If you're spending your work time researching for a novel (not work related) that's another reason for this guy to report you. Abusing company / school rules for internet use. If some K-12 kid is researching pocket nukes or toxic poisons, etc certainly reasons to investigate. As the police terror reporting law goes, 'reporting you' doesn't arrest you. They simply may choose to investigate further the circumstances. If they find you're recently laid off from a bioweapons lab and have ordered stuff online, they might be concerned. If they find you're writing a paper or fiction then likely they wouldn't. Strange as it sounds, there have been instances where a person was 'writing a book' about a crime and acted out the steps, actually committing the crime. And sometimes used as cover. As for privacy tabs affecting companies, they can deny you SSL from the browser, instead having a SSL server inside the company that accepts internet conx if they want to monitor all web traffic. This would be more effective than looking in browser caches as these do not keep all traffic. They get replaced over time and are not complete.

jmgarvin
jmgarvin

The fact that YOU don't want your freedom, does not mean I do not want my freedom. Feel free to do whatever you want as long as you do not remove MY freedoms. If you want to build a nuclear bomb, great...but if you want to remove my right to LIFE, not so much. You need to read the Declaration of Independence. When in the Course of human events it becomes necessary for one people to dissolve the political bands which have connected them with another and to assume among the powers of the earth, the separate and equal station to which the Laws of Nature and of Nature's God entitle them, a decent respect to the opinions of mankind requires that they should declare the causes which impel them to the separation. We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. ? That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, ? That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness. Prudence, indeed, will dictate that Governments long established should not be changed for light and transient causes; and accordingly all experience hath shewn that mankind are more disposed to suffer, while evils are sufferable than to right themselves by abolishing the forms to which they are accustomed. But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security. ? Such has been the patient sufferance of these Colonies; and such is now the necessity which constrains them to alter their former Systems of Government. The history of the present King of Great Britain is a history of repeated injuries and usurpations, all having in direct object the establishment of an absolute Tyranny over these States. To prove this, let Facts be submitted to a candid world. He has refused his Assent to Laws, the most wholesome and necessary for the public good. He has forbidden his Governors to pass Laws of immediate and pressing importance, unless suspended in their operation till his Assent should be obtained; and when so suspended, he has utterly neglected to attend to them. He has refused to pass other Laws for the accommodation of large districts of people, unless those people would relinquish the right of Representation in the Legislature, a right inestimable to them and formidable to tyrants only. He has called together legislative bodies at places unusual, uncomfortable, and distant from the depository of their Public Records, for the sole purpose of fatiguing them into compliance with his measures. He has dissolved Representative Houses repeatedly, for opposing with manly firmness his invasions on the rights of the people. He has refused for a long time, after such dissolutions, to cause others to be elected, whereby the Legislative Powers, incapable of Annihilation, have returned to the People at large for their exercise; the State remaining in the mean time exposed to all the dangers of invasion from without, and convulsions within. He has endeavoured to prevent the population of these States; for that purpose obstructing the Laws for Naturalization of Foreigners; refusing to pass others to encourage their migrations hither, and raising the conditions of new Appropriations of Lands. He has obstructed the Administration of Justice by refusing his Assent to Laws for establishing Judiciary Powers. He has made Judges dependent on his Will alone for the tenure of their offices, and the amount and payment of their salaries. He has erected a multitude of New Offices, and sent hither swarms of Officers to harass our people and eat out their substance. He has kept among us, in times of peace, Standing Armies without the Consent of our legislatures. He has affected to render the Military independent of and superior to the Civil Power. He has combined with others to subject us to a jurisdiction foreign to our constitution, and unacknowledged by our laws; giving his Assent to their Acts of pretended Legislation: For quartering large bodies of armed troops among us: For protecting them, by a mock Trial from punishment for any Murders which they should commit on the Inhabitants of these States: For cutting off our Trade with all parts of the world: For imposing Taxes on us without our Consent: For depriving us in many cases, of the benefit of Trial by Jury: For transporting us beyond Seas to be tried for pretended offences: For abolishing the free System of English Laws in a neighbouring Province, establishing therein an Arbitrary government, and enlarging its Boundaries so as to render it at once an example and fit instrument for introducing the same absolute rule into these Colonies For taking away our Charters, abolishing our most valuable Laws and altering fundamentally the Forms of our Governments: For suspending our own Legislatures, and declaring themselves invested with power to legislate for us in all cases whatsoever. He has abdicated Government here, by declaring us out of his Protection and waging War against us. He has plundered our seas, ravaged our coasts, burnt our towns, and destroyed the lives of our people. He is at this time transporting large Armies of foreign Mercenaries to compleat the works of death, desolation, and tyranny, already begun with circumstances of Cruelty & Perfidy scarcely paralleled in the most barbarous ages, and totally unworthy the Head of a civilized nation. He has constrained our fellow Citizens taken Captive on the high Seas to bear Arms against their Country, to become the executioners of their friends and Brethren, or to fall themselves by their Hands. He has excited domestic insurrections amongst us, and has endeavoured to bring on the inhabitants of our frontiers, the merciless Indian Savages whose known rule of warfare, is an undistinguished destruction of all ages, sexes and conditions. In every stage of these Oppressions We have Petitioned for Redress in the most humble terms: Our repeated Petitions have been answered only by repeated injury. A Prince, whose character is thus marked by every act which may define a Tyrant, is unfit to be the ruler of a free people. Nor have We been wanting in attentions to our British brethren. We have warned them from time to time of attempts by their legislature to extend an unwarrantable jurisdiction over us. We have reminded them of the circumstances of our emigration and settlement here. We have appealed to their native justice and magnanimity, and we have conjured them by the ties of our common kindred to disavow these usurpations, which would inevitably interrupt our connections and correspondence. They too have been deaf to the voice of justice and of consanguinity. We must, therefore, acquiesce in the necessity, which denounces our Separation, and hold them, as we hold the rest of mankind, Enemies in War, in Peace Friends. We, therefore, the Representatives of the united States of America, in General Congress, Assembled, appealing to the Supreme Judge of the world for the rectitude of our intentions, do, in the Name, and by Authority of the good People of these Colonies, solemnly publish and declare, That these united Colonies are, and of Right ought to be Free and Independent States, that they are Absolved from all Allegiance to the British Crown, and that all political connection between them and the State of Great Britain, is and ought to be totally dissolved; and that as Free and Independent States, they have full Power to levy War, conclude Peace, contract Alliances, establish Commerce, and to do all other Acts and Things which Independent States may of right do. ? And for the support of this Declaration, with a firm reliance on the protection of Divine Providence, we mutually pledge to each other our Lives, our Fortunes, and our sacred Honor.

apotheon
apotheon

I write fiction, sometimes. Maybe I'll write some about someone who built a nuclear bomb. I guess maybe I should be reported to "the authorities" too.

robthegeek
robthegeek

I would not turn a simple research into Nuclear energy/matter into the authorities. However, if in the course of my daily routine, I was to come across a log entry that stated someone was accessing a known site with "how-to-make a nuclear bomb out of household materials" information, I would be required to report it to my authorities.

chris
chris

I've always been interested in nuclear bombs and how much material is needed. it facinates me how much energy is released from matter. makes me wonder how much energy was needed to create matter (Gen 1). YOU would turn me into the authorities!!!!

jmgarvin
jmgarvin

This is the problem. Sure it sounds great on paper, but do you really have the man power to deal with it? I'm a realist. Basically these logs NEVER get looked at until AFTER the fact, and even then it usually provides little useful information. Why not be proactive with security? Why not setup a proxy that filters, firewall off ports, and use simple alerts when people try to go to black/grey listed sites? I just don't understand why you would be so f'ing worried about the clients when it's easier to deal with in a more centralized way.

robthegeek
robthegeek

Is Management not a people that requires a service? Are we not there to assist them in order to do their job? If we can assist them with the forensic information to enable them to do their job, then we are performing a service. If the ability to research the information is not available to us, or them, how do they protect the company? Just because they use the information we give them to investigate an employee does not mean that we have done the deed ourselves.

robthegeek
robthegeek

In our k-12 school environment, browsing is very restricted, however, being able to forensically prove that the very user we are trying to protect has not tried to bypass our security system is important to us. What they do at home concerns me. If you want to surf at home for a method to create a pocket bomb, then I cannot hope to stop you, but, if I suspected that someone was surfing at the school for this information, and my log tells me which computer was involved and I can prove with screen shots of the history of the user involved, I can give that information to the proper authorities and hopefully avert a tragedy.

jmgarvin
jmgarvin

Isn't that how the Patriot Act was passed? I see this being useful in work settings for secure sites or for specific browsing (ala apps like SalesForce when data could be sensitive). This isn't a bad idea and it comes down to MANAGEMENT following up on their employees, it's not the job of IT to make sure people are working, it's the job of the boss. IT provides a service to help people do their jobs.

Editor's Picks