15

I'm on a school WiFi network, and it's school policy to record basic PC info(name, IP, etc), along with the student name when they add the computer to the WiFi network. My assumption is that it's to track us. However, what can they really see? (Assume all data is encrypted using SSL)

mancestr
  • 261
  • 2
  • 5
  • 2
    Why would you assume that "all data is encrypted"? A typical Windows 10 PC is quite "noisy" on the network, and not all of the traffic it sends is encrypted. – John Deters Dec 01 '16 at 14:30
  • @John Deters- for the sake of this, assume all websites are encrypted. Nothing more – mancestr Dec 01 '16 at 14:33
  • 4
    in laymans terms: they might not know what youv'e done, but they know where you've been. – dandavis Dec 01 '16 at 17:18
  • "My assumption is that it's to track us. ", or maybe they have to keep a record of that information to comply with the law... a lot of countries *do* have such clauses where who offers internet access must keep track of IPs, connection times and a bunch of other stuff. – Bakuriu Dec 02 '16 at 08:36
  • @Bakuriu- They're still tracking us, no matter what the intention. Partially, it's to "enforce" their internet policy (Our IT department is very bad in keeping with this). The other part, (I assume), is to prevent us from doing anything illegal/questionable. – mancestr Dec 02 '16 at 14:25

5 Answers5

14

This started off as a comment on Snappie's answer, but it's getting a bit long...

Assume all data is encrypted using SSL

But not all data is encrypted!

(in addition to IP address, and the amount of data being passed in either direction...)

They can also see the IP names of all the resources you access (including web) from your DNS activity (not encrypted). If you are using a proxy, then this is also exposed in the proxy logs.

They can see what type of network interface you have (from the MAC address).

They can see when your computer connects to the network (Wifi connect, DHCP).

From passive sniffing of encrypted traffic they could probably guess what family of OS you are using.

I believe Chrome can be quite chatty as it tries to work out if something is a URL or a search term and tries to diagnose what network connectivity it has. I would presume that this could be exploited to determine if you are using Chrome, although its not something I know a great deal about.

If, at any time, your browser does make a non-encrypted request, then this will reveal a lot of details about your browser and OS. Depending on the service, it may also reveal a lot about your affiliation to the site.

...and this is just from passive data collection. If they choose to start sending data at your device, it will reveal a lot more.

symcbean
  • 18,418
  • 40
  • 74
  • 3
    I'd assume using a VPN would mitigate most of these? – Délisson Junio Dec 02 '16 at 02:49
  • @wingleader A VPN will indeed stop some of this, but not all. They will still see when you are active and some data about your network card and OS. And they will see that you are using a VPN, which some people find very suspicious. – Stig Hemmer Dec 02 '16 at 08:41
  • And potentially a bunch of DNS lookups too. –  Dec 02 '16 at 09:49
6

They may see the names, IP addresses, and possibly MAC addresses of other computers on your home network that you may communicate with, often this will be wireless printers, but may include gaming consoles or smart televisions that you have connected to in the past.

The MAC addresses your computer asks to resolve are interesting. MAC addresses are assigned to manufacturers, and are baked into the chips of every network adapter. The address can reveal the chipmaker and/or the device manufacturer, and require a certain level of technical competence to change or forge. They can provide corroborating evidence that two computers that are making ARP requests for the same MAC addresses may have a shared external connection: e.g. if both your PC and another PC are requesting resolution of the same MAC addresses belonging to a wireless printer, an investigator may assume they share the same home network, therefore their owners may have a relationship.

They will see the "community names" of any SNMP devices you may manage, such as routers or switches. Because SNMP is not a secure protocol, the community name itself serves as a de facto password (although the chances are high that it's set to the default value of "public" anyway.)

If you have a mail client that isn't properly configured to use TLS, they will be able to read your email.

Every auto-updating program you have "phones home" to check for new versions (Windows, iTunes, Firefox, Adobe, Java, cloud providers like dropbox, etc.) Some have little auto-updater tasks living in the taskbar, which send requests even when you're not running the program in question. These requests reveal some of the programs you have installed.

John Deters
  • 33,897
  • 3
  • 58
  • 112
3

In addition to the information you already named:

  • They can see the IP address of the websites you are visiting. This is not encrypted. Thus they can figure out what websites you are visiting. I think this is what your school is probably most interested in.
  • The size of the requests and the size responses from and to the websites you visit. Even if it's encrypted the size of the package can give information about what you are doing.
Snappie
  • 322
  • 1
  • 2
  • 6
3

Depending on the wifi router they are using, they can triangulate where you have been and how long you have been there.

David Baucum
  • 163
  • 6
  • I don't think this is the thing OP had in mind but I think it's an even better answer because of that. I hadn't considered that at all! – Captain Man Dec 01 '16 at 22:35
1

When you can't trust the man in the middle, just assume they can see everything.

Edit: Even if they aren't looking, someone else could be - let's face it, a school Wifi system like that is a juicy hacking target for all sorts, from mischievous classmates to serious hackers.

John U
  • 367
  • 1
  • 6