3

I have a personal phone which I use at work, and connect to the WiFi at work. I also brought my personal laptop to work a couple times and connected to the WiFi.

My question is can my employer see my browsing history from when I was connected to my WiFi at home?

2
  • You want to know if your employer can see what you are doing when you are not using company devices and not connected to the company wifi? No. They cannot see what you are doing.
    – schroeder
    Jan 10, 2020 at 7:29
  • 4
    Did you install any piece of software provided by your employer onto your own device or did you have to make any specific settings on your own device in order to use your employer's wifi?
    – TorstenS
    Jan 10, 2020 at 7:46

3 Answers 3

4

If you are using the company WiFi on your own devices and the employer has no direct control over these devices (i.e. no special software installed, not company managed) then your employer can not directly access your browsing history.

But it might be possible to infer some information from what your phone or laptop currently does. For example you might still have web sites active which you've opened at home and which continue to communicate in the background. Also your employer might get indirect access to information which advertisement and tracking sites collected about you while you visited sites at home by placing ads targeted to a specific user profile and origin (i.e. the company network) and checking if the ad was served to you. This is possible even if the sites are visited by HTTPS and even more information might be available for sites visited only with plain HTTP.

Note that this kind of indirect analysis is not trivial though. So it is unlikely that your employer will do it unless they are suspicious about your behavior and want to look closer at what you do.

0
2

Your employer has the ability (although they are not necessarily implementing the ability) to log network traffic.

So, if you refresh your browser or visit a site while on your company network, the url can and often is logged. Less likely, but possible is that the data contained in those packets is being captured as well. If it’s unencrypted it can be read with any packet analyzer. (Be wary of inputting data in any site that does not start with https://)

Your browser history?

If your browser history is not syncing with any cloud service (iCloud, Chrome, Firefox etc) then it probably safe. It’s not going across the wire, so it can’t be captured.

Even if it is, many cloud services encrypt data syncs. iCloud does. Google/Chrome does. Firefox does too.

0

I will answer at different levels:

  1. Is it technically possible for my employer to see my browing history from when I was connected to my WiFi at home?

    Well, it could be. As you use WiFi at work, you employer could use a rogue wifi access point that installs a spyware on your device. From there on, everything is possible. At a less aggressive level, you employer could have asked you to install various applications related to your job, among whick some could send various reports to them. Finally, they could ask advertising related companies to give them reports concerning the activity of your device because they know how it is identified.

  2. Are any of these ways legal?

    Well, it depends on your country laws, but in many democratic countries doing that would be a serious privacy violation. That means that your employer is not allowed to use them, and if you were fired because they discovered something that way, you could use a legal action against them - of course if what they found was already illegal, it would be harded to advocate...

  3. What could be reasonably expected?

    I cannot imagine a real use case where an employer would use those methods without prior information. But if you are entitled to access sensitive information, you employer could ask you to use various security measures, even on your own device to protect the company. An example would be to ask you to install a firewall managed by the security team. From there on, it is likely that the security team will directly or indirectly use your full browser history to try to guess where your device was exposed to attacks able to compromise sensitive information from the company without you being aware of it. I am not a lawyer, but AFAIK the only rule is that the privacy violation shall be proportionated to the risk for the company. Said differently it is more likely that your employers tries to know everything from your browser history if your work it is directly related to military secrets than if you are a simple employee in a lambda trade company...

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .