Work VPN privacy concern for iMessage emails etc.

[Catmat]

Hello everyone this is my first post here, thanks in advance for your help.

For my job, I am required to install and use a VPN connection (Tunnelblick) on my own Macbook. The company did not provide a computer, this is my own Mac, where I also receive personal emails, FaceTime and iMessages etc. Now, I have no idea if all the traffic will go through the VPN and my concerns are:

1. will the company be able to read my iMessages, emails, personal passwords and see websites I visit when I am connected through their VPN?

2. will they be able to still read/see all of the above even when I am disconnected from the VPN? Is it safe for privacy when disconnected?

3. if I use Private mode on Firefox will they still be able to see websites I visit?


There is nothing to hide frankly but if they could potentially read (not saying they will) any of my personal iMessages or emails it just seem wrong.
Any VPN expert for Mac here? Thanks

 

[chas_m]

I'm not a VPN expert, but why not just set up a second account for work?

 

[Catmat]

Thanks for the reply. I am using a different account but there are files and passwords you might need to use during work time that should still be kept private.

This is how we solved it, maybe this info could be helpful to someone else. The company must set the VPN for split tunneling, which means that only specific traffic generated by the software you use for work or specific websites goes through the VPN, the rest goes through the main router as usual.

It is still not clear though, on a standard VPN without split tunneling, if iMessages and phone calls etc. received on the Macbook would go through the VPN causing an obvious privacy concern. Not many detailed info online that I could find but I see many concerned people in this situation.

If some VPN expert can add his opinion would be great.

 

[Frankcaffrey]

Well situation varies on whether they can track it or not

If they are recommending you to use specific vpn and giving you credentials of some dedicated ip. Than they may be able to track your browsing and surfing so please make sure you are not doing anything malicious ;D
Ask them if i can use any other VPN preferably Purevpn as they have no log policy and they do not keep any logs of their customer hence making your privacy more private and making you more secure when you are online.

So yes this is really tricky go to purevpn.com site and ask any technical support live chat, he will response your query in more detail.

 

[Donna B. Samson]

If company uses custom VPN they can track your data, I recommend you to use your own VPN it protects your privacy and data. there are many VPNs which works great like expressvpn,purevpn,hidemyass and PIA, instead of using company vpn, company can easily tracked your data even if you uses safe mode of Firefox.

 

[Ember1205]

If company uses custom VPN they can track your data, I recommend you to use your own VPN it protects your privacy and data. there are many VPNs which works great like expressvpn,purevpn,hidemyass and PIA, instead of using company vpn, company can easily tracked your data even if you uses safe mode of Firefox.

Not really...


First, welcome to the forums, Catmat.

A VPN, or Virtual Private Network, allows a remote device to connect to and access systems and resources without the traffic bent sent between the endpoints "in the clear". This is most commonly used for access to corporate resources through the Internet where the resources are behind a firewall that would otherwise block access. There are two distinct ways in which a VPN will send and receive data - Split Tunnel and "Full".

In Split Tunneling mode, the client on your machine receives a list of corporate systems, based on IP Addresses, that the client should encrypt the traffic for and send the data to the company. "Everything else" is allowed to communicate in the normal way.

In Full mode, ALL traffic goes to the company. You need to talk with the folks at work about how the tunnel operates in order to understand what setup they use.

If they are using full tunneling mode, I would do NOTHING that is not 100% work-related, except maybe send and receive text messages. iMessage is encrypted between your device and the remote device, and it's difficult for them to intercept and snoop on any of this. Mind you, I said difficult, not impossible.

Email is a bit different. Some services use encryption for your client, some don't. These are a little easier to intercept.

If they offer you a corporate device to use to do your work, take it and keep your personal machine for personal use.

One thing I forgot: When you disconnect from the VPN, the tie is severed. HOWEVER... there's a possibility that their client could include additional logic to capture data from your machine and then transmit it back to them the next time you connect. Not highly likely, but possible.

 

[S.SubZero]

That's an interesting requirement. Did you need to install anything else?

At my company, we explicitly -forbid- employees from installing ANY company software of any sort on personal computers. The rationale being that user's computers are inherently untrusted, and we don't want someone connecting a machine to the network that we haven't installed our AV/Intellectual Property monitoring tools on. A lot of this is government mandated stuff when dealing with publicly traded companies, tho we got by with a pretty minimal set of required apps (we've been complimented on not becoming 'draconian' like some other companies with regards to work computer lockdowns).

 

[LauraSmithMS]

You can use a VPN with Split Tunneling technology,Split Tunneling lets you split and prioritize your data traffic. You can route your official data through VPN tunnel, and less important stuff without the cover of VPN.

 

[Ember1205]

You can use a VPN with Split Tunneling technology,Split Tunneling lets you split and prioritize your data traffic. You can route your official data through VPN tunnel, and less important stuff without the cover of VPN.

Split tunneling has nothing to do with traffic prioritization. The "split" refers to specific traffic being identified as needing to be encrypted and transmitted via the VPN while the rest is allowed to traverse the network in a normal manner. Generally, this sort of configuration is used when a particular application (like an email client - think Outlook) needs to access a particular server in a corporate network. Everything else you do on the computer, like browse the Internet, has no need to go back to the corporate offices and can go directly to the internet.

Split Tunneling is often shunned by corporation because it allows the remote device to live, virtually, on two different networks at the same time. And, as a result, it can be compromised by malware and used as a "remote control" of sorts by someone on the Internet to access and manipulate data on a corporate network. As with most things, there are advantages and disadvantages to each way you can use something.

 

[LauraSmithMS]

yes absolutely there are advantages and disadvantages of everything we use but the thread starter was concerned to hide some of her activities from work internet so split tunneling can help in tha case

 

[Ember1205]

Agreed, but only if they don't have additional software that is tracking other use and reporting it back regardless - see my prior post. In this most recent post, I was pointing out that there is no "prioritization" of packets with a VPN (split or other) as you had posted.