13

I'm on my phone but on the work network. What could they see about my Google Drive traffic? Could they see folder and file names? Could they see documents and photos?

It's encrypted, so would they just see generic Google Drive traffic or can they see details or the actual documents and photos themselves?

unor
  • 1,769
  • 1
  • 19
  • 39
Bill Z
  • 163
  • 1
  • 1
  • 4
  • I opened a shared Drive folder that a friend added a raunchy picture to. I saw the thumbnail freaked out and closed it. I'm so worried I'm going to lose my job. – Bill Z Mar 23 '18 at 22:14
  • Unless they are actively looking for a reason to fire you, even if they could read it (your device wouldn't trust any internal CA, so they shouldn't), they are extremely unlikely to notice, because they have better things to do than review each and every picture you've loaded. – Jan Hudec Mar 23 '18 at 23:05
  • 4
    I don't believe you're going to lose your job for this. You didn't deliberately download pornography onto the work network. You were using your own phone. You opened a folder not knowing what was going to be there; and closed it quickly when you saw what you saw there. It seems to me that you're entirely blameless here. – Dawood ibn Kareem Mar 24 '18 at 01:59
  • Does the google account belong to you (personal account) or is a work related account (which is managed by your employer) – LionsDen Mar 24 '18 at 08:47
  • It was a personal account on my personal phone. The only work app on my phone is Airwatch which in theory just handles mail and a VMware browser. FWIW, Google Drive access is blocked on work computers, but allowed on phones through the app. I'm on the same Wifi network but they know which type of device is requesting Google Drive access and they don't block it on mobile. Not sure if that helps me... – Bill Z Mar 24 '18 at 12:40

3 Answers3

38

The answer is no and yes too.

Why no: It's a HTTPS traffic and firewalls these days have application identification or deep packet inspection (whatever you call it). That will identify the application you are using, but not the actual traffic.

Why yes: If the IT has implemented "SSL decryption" on their firewalls they can actually see the data inside it very clearly. That's the control they have and you won't even know your traffic is being decrypted. You can confirm this by checking the certificate you are getting once you access any site (man-in-the-middle).

Vilican
  • 2,723
  • 8
  • 22
  • 35
user140452
  • 449
  • 3
  • 3
  • Comments are not for extended discussion; this conversation has been [moved to chat](https://chat.stackexchange.com/rooms/75054/discussion-on-answer-by-user140452-can-it-see-my-google-drive-traffic). – Rory Alsop Mar 25 '18 at 12:03
  • SSL decryption will not generally work, unless the firewall owner can also install a trusted root certificate on the client device. Even then, they'd generally need to somehow convince the client application to ignore any pinned certificates. Not impossible if they got the device owner to install something on their phone, but not straightforward either... – thkala Mar 29 '18 at 07:53
4

If your traffic is HTTPS, the content of packets will not be visible.

They would see generic traffic out to google docs, but no definite data will be readable from the traffic.

They will know you are going there, they will not know what you are specifically doing.

Heigou
  • 49
  • 1
  • 1
    How could I tell on my phone if it's HTTPS? It's clear as day on a browser, but I'm not sure how to tell within an app. – Bill Z Mar 23 '18 at 16:25
  • Google by default will use https because it is more secure. If you look in the URL bar, it should say "https"://docs.google.com/*randomcode* . If it says HTTP the traffic is not encrypted thus, some data is sent cleartext (aka readable). I would not worry about traffic on your phone if it is a personal one and using google docs, your document contents are safe. If you are using a phone supplied by your company, meaning they gave you the phone and pay for it,the situation is different. – Heigou Mar 23 '18 at 16:47
  • Thanks for the reply and the information! It's my own phone but I have Airwatch for work emails and browsers. They couldn't use that to see anything additional could they? – Bill Z Mar 23 '18 at 16:52
  • 10
    This answer completely misses out on the very real issue of HTTPS MITM'ing. – user Mar 23 '18 at 17:34
  • 1
    Not really, it depends on a host of situations but for the most part no. For the host of other situations look into what Michael Kjörling said about HTTPS MITM. There are other ways of tracking and inspecting HTTPS but unless you work for a government or highly regulated field you should be ok, again there are always ways around this but I am giving advice under the assumption that you work for a normal small to medium sized business, don't work for the NSA or work in a military base. – Heigou Mar 23 '18 at 17:47
  • All in all one way to get around any possible snooping would be to use a VPN to tunnel your traffic and adding an extra lay of protection to what you are doing. Keep in mind that some companies are very strict about using a VPN, but again if you don't work for a government you should be fine. – Heigou Mar 23 '18 at 18:10
  • I opened a shared folder that a friend added a raunchy picture to. I saw the thumbnail freaked out and closed it. I'm so worried I'm going to lose my job. – Bill Z Mar 23 '18 at 22:14
  • @BillZ Even if your company's IT does have the ability to see the files you were accessing on Google Drive, and even if someone happened to notice that you viewed this thumbnail (or their attention was drawn to it), it's not certain that you would lose your job over this. You might be able to ask about that over on [workplace.SE]. – David Z Mar 24 '18 at 06:49
-5

Since any business can implement HTTPS decryption on their own network, I would assume they can see everything you transmit using their assets. It requires minimal configuration on the client end, so even your own devices can be roped into the scheme too, if, for example, you ran a setup tool from IT or a web portal. This need only be a run-once-and-forget which installs their certificate.

In practice, it is highly unlikely that anyone will look at what you are sending. At most, they will review the traffic data in bulk to see what their employees are doing. However, your activity may raise a reg flag, or your IT staff may be nosy.

If you are on a company device, they absolutely can do it, and there is not much you can do to prevent it. You can conceivably work around it on your own device (e.g., with a VPN), if that traffic is not blocked. Technically and legally, in the US it is not much of a challenge for them.

DoubleD
  • 3,882
  • 1
  • 6
  • 14
  • 10
    "can implement HTTPS decryption" is pretty vague, but if you mean that anyone can decrypt your traffic then that would defeat the purpose of encryption. – AndrolGenhald Mar 23 '18 at 18:51
  • 7
    Not the downvoter but this seems like a massive claim and needs at least some reference to back it up – Richard Tingle Mar 23 '18 at 18:51
  • 5
    You should make it clearer that this requires the company to install their own certificates on the device and therefore user's personal devices should be safe. – user31389 Mar 23 '18 at 19:54
  • 1
    @user31389: In my company, only phones that are managed by IT can even get on the WiFi. This includes personal phones; they use a different, less draconic profile than company phones, but they are still managed by IT (using Sophos). That's why I don't use the WiFi with my personal phone. – Jörg W Mittag Mar 23 '18 at 21:54
  • 1
    @DoubleD - your first paragraph is just wrong. The second will vary by company. The third is correct. You may want to edit your answer to avoid even more downvotes and possible deletion. – Rory Alsop Mar 25 '18 at 12:03
  • I assumed that context would have made the details about HTTPS decryption clear. By the comments and votes, I can see that was a poor assumption. Parent comment edited for clarity. – DoubleD Mar 26 '18 at 18:27