Ask HN: Corporate monitoring?

3 points

11 years ago

It's probably not the first time this has come up. But it's the first time for me. My employer now uses a MITM attack to intercept https traffic bound for mail.google.com (and perhaps other domains as well). It strikes me as an astonishing breach of trust. I could see this coming when they pushed new "<company> internal CA" certs a few weeks ago. I understand the problems that my company is faced with, and I understand why they go to these lengths.

I've worked exclusively for Fortune 50 companies and they typically have a single-egress-via-http-proxy. These connections can be monitored but their corresponding https connections "cannot" be monitored.

I guess I'm not terribly bothered for my sake, I just won't access gmail at work anymore. It would be career suicide for me to publicize this or make noise about it. But I really think my less technical colleagues should be informed.

So is my Fortune 50 company just late to the game and this is what we have come to expect? Or are they pioneers and we should all assume that other companies will follow their lead?

[0] https://tools.ietf.org/html/rfc7258

7 comments